Carl sat at the head of the boardroom table looking somber. He had just left a meeting with the CFO of his nonprofit, Cheerful Giver, an organization that raised money to fund social service organizations. He knew he had to tell the board that giving was at an all-time low. In fact, contributions to the organization declined from $25 million in 2009 to $7.5 million in 2010. Sure, the economy was at fault, but the root cause of the decline was due to a fraud that was brought to light by one of the organization’s accountants early in the year. It had been going on for 5 years. Once the fraud was exposed in the news media, word crept like a virus across the internet, and longtime donors started calling to try to understand what happened. To make matters worse, once the new fund-raising campaign started, donors stopped returning phone calls. It was evident that they didn’t want to give money to an organization that would let a fraud go on for so long.

Who would have believed that the CEO, a person in a position of trust, could have stolen money from his own organization? Who would have believed that the board could have let this happen? The words of the external auditor came back to him. “Management and those charged with governance (the board) are responsible for implementing and maintaining internal control over financial reporting and compliance with laws and regulations and provisions of contract ...