CHARITIES Adobestock 356048291
Articles

Fraud audits: how to get started and practical tips for your charity

10 Dec 2025

Fraud risks causing charities significant harm to their reputation and their finances. It can even create criminal liability.

It is therefore good practice for charities to regularly carry out fraud audits to review the risks within the organisation and ensure that there are clear processes and policies in place to combat them. We share our practical tips for getting started and ensuring that charities "stay on top" of their fraud risk. 

Charities
Fraud
Emily Dyer
Emily Dyer
Solicitor
+44 (0)20 7665 0973

Charity Fraud Awareness Week - Day 3

Why else is it important to identify and review fraud risks?

Putting the factors mentioned above to one side for the moment, it is also important for charities to regularly consider their fraud risk so that they:

  • Comply with trustee duties. Trustees have a duty to ensure that the charity's finances and assets are looked after appropriately, prudently, lawfully and in accordance with promoting the charity's charitable purposes. Regular audits of fraud risks help trustees to identify any weaknesses and take effective actions to safeguard charitable property.
  • Comply with director duties. Directors of charities have a duty to exercise reasonable care, skill and diligence - this includes having sufficient oversight over the charity's finances and management.
  • Act in accordance with the Charity Commission guidance. The regulator's guidance on fraud sets out that a charity’s fraud risks should be reviewed at least once a year, or after a fraud or attempted fraud.

Considering the impact of new fraud offences

Charities also fall within the scope of the new fraud offences that were introduced by the Economic Crime and Corporate Transparency Act 2023 (ECCTA) and which require charities to be alert to fraud risks in their organisation.

  1. The failure to prevent fraud (section 199) offence will apply to charities that meet the "large organisation definition". It introduces criminal liability for failure to prevent fraud by certain associated parties (including employees and agents) if the fraud is intended to benefit the organisation.
    • Importantly, there is a defence if the organisation has reasonable prevention procedures in place. The government has issued guidance on what might constitute reasonable procedures, with a fraud prevention framework made up of six principles. Assessing fraud risks and implementing proportionate risk-based prevention procedures are an important part of this framework.
  2. The section 196 offence introduced criminal liability for charities (irrespective of size) if a senior manager (a broad definition) commits certain fraud offences while acting within the scope of their authority, or if they assist in committing an offence. 

There is no defence for having reasonable fraud prevention measures, so it is important that charities maintain good oversight and be aware to fraud risks.

What does a proper fraud audit look like?

In the light of the above, it is important for charities to regularly consider their fraud risks and to ensure that they are taking pro-active steps to mitigate the potential for a fraud event to occur.

The requirements under the Charities Act 2011 (which require some charities to have an independent audit of their finances if certain income thresholds are reached) contribute towards this but this is not, of itself, likely to be sufficient to suitably protect the charity.

That's because fraud is not just a finance issue or a matter that only the charity's finance function needs to be concerned about (and this has been reflected in the Home Office guidance on the new failure to prevent fraud offence - emphasising that financial audits are not designed to identify all fraud risks and undergoing one would not on its own provide a defence against the failure to prevent fraud offence). 

Charities therefore need to consider their fraud risk throughout the various departments of charity and across its operations. 

The following factors will usually assist with ensuring a suitably detailed fraud audit:

  • Ensuring senior "buy-in". One of the six principles in the fraud prevention framework for the failure to prevent fraud defence is top level commitment within the organisation to countering fraud. Accordingly, charities should ensure that they are involving and reporting to their senior management and trustees when reviewing fraud risks and developing plans for prevention. Senior buy-in will also help charities to obtain the resources and organisational support they need for the implementation of measures designed to mitigate the charity's fraud risk.
  • Obtaining input on fraud risks from across the charity. It's important that teams across the charity are consulted in order to fully understand and appreciate where the risk areas may be. Don’t just start and end with the finance team - include People/HR, IT, Governance, Legal and Operations teams, and any other relevant groups, in discussions. It is also important to obtain views across varying levels of seniority because there may be different views on where a fraud risk might lie depending on the nature of a person's job role.
  • Considering the risks that are specific to the charity. The s199 guidance is clear - charities have to consider their own unique circumstances if they are to understand their fraud risk and therefore implement reasonable fraud prevention procedures which address those risks. Charities should consider, for example, whether the nature of the charity's activities create particular opportunities for committing fraud. Or charities might have overseas partnerships with other organisations in jurisdictions that do not have the same level of fraud prevention as the UK and appropriate due diligence and measures designed to mitigate the risk of fraud events should be considered. Charities should also consider whether they have had fraud incidents in the past and whether there are adequate measures in place to try and prevent such incidents from reoccurring.
  • Updating and reviewing regularly. Charity operations and fraud risks evolve over time and so fraud risks should be reassessed regularly and prevention measures updated if required. It can be difficult for charities to prioritise revisiting a fraud audit when there are many different things competing for attention but the risk to charities of fraud is not going away and so it is prudent for charities (if they have not done so already) to undertake a comprehensive audit of their fraud risk now and then ensure that the risks and measures are kept up to date in the future. Charities should have a regular reminder for when the audit of fraud risk should reconsidered and, ideally, the culture of the charity should also facilitate ongoing monitoring and learning of fraud risks such that they can be addressed on an ongoing basis as well.

Where is a good place to start?

Charities should make the most of available resources. The Preventing Charity Fraud website, run by the Fraud Advisory Panel and the Charity Commission, provides help sheets, webinars and other useful materials for charities.

Charities should also consider obtaining external legal support. Our specialist fraud and charities teams have supported charities with fraud audits and compliance with the new fraud offences. We can advise on what the fraud audit process should look like or undertake the audit for you.

If you would like support with carrying out a fraud audit on your charity or advice on the new fraud offences, please contact Ben Hay, Emily Dyer or any of the other members of our specialist Fraud team

 

Get in touch today

Are you looking for legal services?

Fill out our form to find out how our specialist lawyers can help you.

See our privacy page to find out how we use and protect your data.

Contact Us