Metsger and other internal fraud experts think so, and they believe the board and supervisory committees can be effective first lines of defense against fraud that can potentially ruin a credit union. They shared their ideas, including the classic red flags of fraud, that can help credit union boards and their supervisory committees catch a thief – even at cooperatives with limited resources.

In fact, just last year, a credit union supervisory committee uncovered fraud, according to Metsger. That case is still under investigation, however, and he could not share its details.

“Don't assume fraud can't happen to you,” Allan Bachman, education manager for the Austin, Texas-based Association of Certified Fraud Examiners, said. “A lot of organizations think that fraud doesn't happen here because they have trusted employees and none of them would ever steal. Having that mindset seriously opens the door for being defrauded.”

It's important for all boards to first establish a zero tolerance fraud policy and let employees know they will be prosecuted when they are caught.

“If people know there is a serious downside, it does serve as deterrence for some people, but of course, not all people,” he said.

Joette M. Colletts, regional manager of the CU Protection Risk Management Division for CUMIS Insurance Society, the property and casualty company for CUNA Mutual Group in Madison, Wis., said it's important for the antifraud policy to specify examples, such as not manipulating a member's account or not approving a loan for family members.

While most credit unions have an antifraud policy, Colletts also said it needs to be updated annually. Additionally, she recommended that credit unions require every employee to read and sign the policy every year to reinforce the zero tolerance fraud policy.

Although the board is responsible for the overall governance of the credit union by providing for its general direction and control, the board also holds the responsibility to make sure it has an active and engaged supervisory committee, which is essential to the credit union's operations.

Colletts said the board and the supervisory committee should focus on overseeing and understanding four key areas of internal controls that could go a long way to preventing fraud or detecting it before it becomes a major problem.

First, have a good understanding about how the credit union's cash is handled in the vault, teller drawers and ATMs. Colletts said the supervisory committee should conduct surprise cash counts on a quarterly basis without notifying the CEO. However, the person responsible for the cash should be present during the surprise cash count. To ensure the accuracy of the cash counting, Colletts said every bill in every cash bundle must be counted.

Second, every employee account and their family members' accounts should be carefully reviewed. Typically, when employees embezzle funds, they will deposit the money in family members' accounts. Accounts for inactive and deceased members also should be reviewed regularly.

Third, loan approvals, processing and disbursements must be separate duties that are handled by different employees. Additionally, an employee who has the authority to make purchases must have them reviewed and approved by a supervisor.

Read more: Board members must not be afraid to ask management questions …

Fourth, it's also important for the supervisory committee to review file maintenance transaction reports and look for changes in collateral codes, payment frequency, payment amounts, interest rates and address changes. Advancing due dates also should raise a red flag.

It's critically important for board and supervisory board members, Colletts said, to ask management questions about internal controls and to fully understand how they are performed to protect the credit union's assets.

Metsger added that board members should not be afraid or intimidated to ask questions because they have the right to. If a CEO or executive is intimidating, evades or stonewalls questions or doesn't provide information in a timely fashion, those are classic red flags, Metsger said.

But what should boards do when there are reasonable suspicions that a CEO or other executive may be involved in a fraud scheme?

The first step is to secure the data so forensic accounting can be conducted, Metsger recommended. An independent party, such as an outside auditor, should be hired to conduct a forensic accounting review and report.

The board also needs to decide whether the CEO or executive needs to be placed on administrative leave. And depending on the auditor's findings, the board needs to determine whether to involve state and federal examiners or law enforcement, Metsger said.

Although the NCUA does not require credit unions under $250 million in assets to conduct an outside audit, Metsger personally believes that all credit unions should have outside audits done from time to time.

“It is expensive and you wouldn't necessarily need to do it on an annual basis, but if you haven't had an outside audit for five or 10 years, then I would advise the board or supervisory committee to authorize one because it's a sound business practice and it can be very, very helpful,” he said. “If the CEO gets all upset and accuses the board of not trusting him, then that is a red flag. Any CEO who is doing a good job will respect that the board is making sure it is following its fiduciary duties.”

Another sound business practice is to require all employees to take a least one week of vacation every year. That reduces the opportunity for insiders to play the shell game with credit union funds.

“In some cases, we've seen fraud that requires a continuous manipulation and shell game of moving money from account to account,” Metsger explained. “So if an employee says they can never afford to take a week off, that's a red flag.”

Finally, Metsger said it's also important for board and supervisory members to get regular training and education, which is available through state leagues, national trades, local colleges and universities, accounting firms and other third-party vendors.

Although many credit unions struggle to find board members, Colletts suggested that credit unions tap into young members and look for those who recently graduated from college with a degree or background in accounting, finance, business or economics. They may want to volunteer as a way to build their resume credentials.

However, she also noted that a potential member for the board or supervisory committee doesn't necessarily require a background in accounting, finance, business or economics. If you can handle your own finances and your own checkbook, she noted, you should be able to review internal control documents and reports.

Metsger suggested looking for people who are running a business and understand how to read a balance sheet and financial statements, and for individuals who like to pay attention to details.