It’s always sad and yet predictable when small towns and nonprofits are victims of fraud. And it’s almost always the same story: an understaffed entity with no internal controls. In this case, a small town in the area had $71k stolen through fraud by the clerk-treasurer. (Actually, just read the State Board of Accounts report linked at the bottom of the article. The article itself is not particularly well written.)
My point in posting this is to say that if you are involved with a small nonprofit (which are particularly vulnerable entities), please make sure there are good controls in place. If the same person is recording deposits in the software, making the deposits to the bank, and performing the bank reconciliations, the entity is exposing itself to serious risk. Even with a small staff, there can be separation of duties.
And, of course, fraud can still happen to an entity with good internal controls. Where there’s a will, there’s a way. But some basic, sound procedures would prevent most of what I’ve seen over the years.