Transparency is very much part of the non-profit system. Non-Profits have to annually file an IRS Form 990 (it's like an annual report) which discloses finances and are required to have them available for public inspection during business hours.
Sounds like Hacker Dojo was not following the rules already in place to prevent this sort of abuse.
It's not that difficult to abuse power in the non-profit system. I'm not referring to blatant theft by an employee, but other shinagigans usually by the founders--like mixing personal assets with the non-profit assets.
1. Is the non-profit in Deleware? So many shady non-profits set up shop in Deleware. When you read the requirements you will see exactly why. I've gotten to the point, I will only listen to CA non-profits when it comes to donating. California has some stringent requirements.
2. Yes--they have rules, and procedures, but there's a lot of people who don't follow the rules. The rules are getting harder to get around, but so many non-profits are there for one reason. The reason--provide a job, and a good wage to the founders. The Obama administration enacted rules that make non-profits more transparent though.
3. I have watched a few non-profit founders make, usually a husband and wife, very rich. I could go on at lenght, but tired, and it seems like no one really cares.
4. When ever I get someone asking for money for their little non-profit, I go to, forget the name--Guidestar. I download the free preview. I go to the bottom of all the pages, and look at their 1040's. I then look for the one, or two people making a lot of money. There's always one, or two individuals. I get so discouraged, and wonder if anyone in these nonprofits really cares about what they proclaim.
Don't bust on Delaware. My NP is registered in Delaware, as is the Apache Foundation. Now, 5 years later, I wish I'd registered first in CA, but being in DE is not a black mark. I did it there because Apache was there, so I figured, good enough for them, good enough for us. Additionally, most US businesses are registered in DE.
The finance report wouldn't show individual transactions. So if you used the credit card to buy yourself $50 worth of groceries, it's likely to fly under the radar. Hacker Dojo does have the general breakdown of their finances publicly -- it's shown every month during their member meetings. However, one could easily hide the $50 in a general group like "janitorial supplies".
When someone embezzles $30k, they don't do it in one transaction. That would be far too obvious. If you space it out over a year, one could make it fairly invisible.
The finance report wouldn't have shown individual transactions but the financial controls required to properly put together those annual filings would have caught unusual activity (at the very least dis-incentivized prolonged mismanagement). Also keep in mind proper controls would include having accountants put together the reports and run internal audits.
The other issue is these charges (apparently) weren't invisible/low key transactions. If someone can literally thumb through recent statements and immediately identify suspicious activity like Gym memberships and Vegas trips then that's an obvious problem.
It's one thing if $30k was missing and the company was generating $30 million in cash flow but Hacker Dojo only has $300k in the bank and I have a hard time believing embezzling $30k could be as easily hidden in small transactions if proper controls were in place.
Sounds like Hacker Dojo was not following the rules already in place to prevent this sort of abuse.