Payroll Fraud, Phantom Employees

Our Fraud Awareness in the Church series continues as we look at Payroll Fraud and Phantom EmployeesWe asked churches to respond to these statements:

“Someone not involved in the payroll preparation process distributes paychecks or direct deposit stubs.”

“We review direct deposit account information for duplicate accounts.”

Survey Results – Very few churches do any kind of employee verification once the employee has been hired.  According to our survey only 25% of the churches engage in any form of paycheck verification (check stubs in the case of direct deposit).  A little higher percentage, particularly among NACBA members, perform periodic reviews of direct deposit data (Social Security numbers, addresses, duplicate accounts, names of relatives, etc.)

KEY: To avoid phantom employees and payroll fraud, a church must KNOW who their employees are.

The term “phantom employee” refers to situations like this:

An employee is terminated but a supervisor continues to submit hours so that the “employee” continues to receive a check for months, sometimes years, after the employee left.  The supervisor either colludes with the phantom in order to have the check endorsed and cashed or resorts to forgery.

A payroll clerk creates fictitious employees.  These often are friends and relatives and once again, the fraudster will collude or forge.

I suspect the compliance is low regarding these questions because most “church” employees are easy to identify due to the relatively small staff size of most churches (25 to 50) and turnover is relatively low.  HOWEVER, this is not the case with satellite operations such as a daycare program.  Many, if not most, daycare programs are staffed by low paid, low hour, often temporary employees.  Almost by definition, the turnover rate of a daycare program will be volatile compared to the parent organization, the church.  With so many people coming and going, it is almost impossible to know each and every employee – an ideal place to breed “phantom employees.”

Payroll Fraud

Our Fraud Awareness in the Church series continues as we look at Payroll FraudPSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent of fraud awareness in the church environment. We asked churches to respond to this statement:

“Each quarter we reconcile the total payroll amounts on the quarterly payroll reports (941s) to the total payroll amounts recorded in the payroll journal and general ledger.”

Survey Results – 75% of the churches reported performing this task.

I was surprised by the strength of these numbers.  In my experience, reconciling the quarterly 941 total wages with the salaries and wages reported in the church general ledger did not seem to be a common practice.  As a matter of fact, many times when our auditors would attempt to do this, the chore was almost impossible.

Why?  Because churches usually have a multitude of salary/wage general ledger accounts.  AND other expense items remotely connected to personnel issues are often “dumped” into the payroll line items.  I repeat, reconciling payroll is one of auditors’ most difficult tasks. Which makes my point.

KEY: Fraudsters prefer to hide in the tall weeds. (Big numbers)

Thieves try to hide their deeds in the big numbers, or accounts that have a great deal of activity.  The reason is simple: their actions will not stand out there.  The biggest of the big numbers for a church is PAYROLL.

KEY: You must know what is going on in your payroll accounts to avoid payroll fraud!

Cash Disbursements, part 4

Part 4 of our series on Cash Disbursements. In our recent Fraud Survey, we asked churches to respond to this statement:

“Our church has established a “Positive Pay” program with our bank.”

Survey Results – Less than 5% of the respondents use such a program.

While the phrase “Positive Pay” is the trade name of one commercial bank, it has become a generic term for an agreement between a bank and its customer that works like this:

  1. The church establishes a standard routine for paying bills, for most churches once each week.
  2. A list of approved bills is compiled and transmitted to the bank.
  3. The bank only clears checks or other charges presented for payment that are on the church’s list.
  4. The church is also informed of any checks or charges presented for payment that were not included on the list.

Increasingly, businesses are using arrangements like this to address a newer face of economic fraud.  Fraud experts have historically used the “fraud triangle” of pressure, rationalization, and opportunity to describe the key ingredients of a fraudulent act.  Generally, this discussion has focused on “inside jobs”.

However, with the advance of technology, a new face has arrived on the scene – the “hacker” completely outside the organization (in many cases completely outside the country!).  Using Positive Pay is one protection against this type of fraud activity.

Perhaps a new leg needs to be added to the fraud triangle.  (I guess that would make it a square…)

Credit Checks – Fraud Awareness in the Church – part 6

Part 6 of our ongoing Fraud Awareness in the Church series will examine Credit ChecksPSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent of fraud awareness in the church environment. We asked churches to respond to this statement:

Our church conducts credit checks on financial employees and volunteers.

While almost all churches perform criminal background checks on employees and volunteers serving with children, very, very few extend the background check to financial matters.

ONE TRUTH – Potential employees in financial difficulty will bring their money problems with them to your church. (This not only applies to business managers, bookkeepers and accountants, but also ministers who are given oversight responsibilities over a portion of the church budget.)

Unfortunately, many churches learn this lesson after the fact. Performing a credit check PRIOR to hiring can prevent a boat load of misery!

Credit checks require a little more work than criminal background checks. The individual must give their permission and there must be a financial reason for conducting the credit check.

KEY: Credit checks on employees and volunteers who oversee financial matters can help flag and prevent potential fraud in the church.

Bank Account Theft – Fraud in the Church – Survey Results part 10

Part 10 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:

Our church has established a “Positive Pay” arrangement with our bank.

Increasingly, due to technological change and advancement, the threat of fraud is no longer limited to dishonest employees. Hackers and other “online bandits” have become quite proficient in draining the bank accounts of the unsuspecting. One defense against this is to establish a Positive Pay arrangement with your bank.

Only 5% of our respondents have this type of bank account protection in place, which is surprising because Positive Pay is a simple three-step process.

  1. During the check writing process, a list is compiled of bills to be paid.
  2. The list is sent to the bank.
  3. The only checks or drafts to be cleared by the bank are those on the list.

I am very curious why so few take advantage of this. Any ideas?

Purchase Orders and Check Requests – Fraud in the Church – Survey Results part 5

Part 5 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:

Our church uses pre-numbered purchase orders or check requests.

Theft of cash receipts, particularly offerings, garners the most attention by churches in their fraud prevention practices.  However, the largest dollar-loss incidents tend to occur in the bill paying arena.  In most of the check writing fraud cases I read about I see the same four ingredients which allowed the theft to take place:

  • Poor segregation of duties
  • Failure to pay attention to the bank reconciliation process
  • Poor security over the church’s check stock
  • Absence of a formal bill approval and payment system

The starting point of a formal bill payment system is the utilization of preprinted (or computer generated) sequential purchase orders or check requests.  The absence of such a system can be the beginning of sorrows for a church.

Approximately 54% of the survey respondents reported not using proper documentation to begin the bill approval process.

Reviewing Authorized Check Signers – Fraud in the Church – Survey Results part 4

Part 4 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:

We present a list of authorized check signers to the Leadership Team. (Elders, Finance Committee, etc.)

This is one of the routine questions we ask financial staff when we conduct an audit of a church. While monitoring check signatures has some merit, it is in my opinion, rather overrated due to the fact that commercial banks no longer review signatures to the same extent they did in the past. Also, if you are unfortunate enough to hire a thief with courage and great handwriting skills, no amount of signature verification will be sufficient. A person with sufficient bravery and forgery skills can wreak havoc on even the most secure systems.

But, a byproduct of this process can be extremely beneficial.  An annual review of authorized check signers, forces the church to also assess how many and the nature of the bank accounts it has on hand. If no review is ever performed, it can be easy for a bank account (or two or three…) to unofficially “go inactive”.  These “dormant” accounts can sit under the radar for years until a dishonest employee discovers them.

One of the hurdles a thief has to jump is once funds have been diverted, how to get stolen dollars out of the church.  Dormant accounts are very handy in meeting this challenge.  To illustrate, small amounts can be siphoned out of a church by the payment of phony invoices. The thief allocates these illicit transactions throughout various budget line item accounts being careful to keep the total for the year within budget limits.  Once the funds are safely in the dormant account the thief simply transfers the funds to a personal account…

Our survey results indicated that 41% of the respondents reported they did not conduct an annual evaluation of its bank accounts and signatures.  That is a wide margin of opportunity for would-be thieves.

A Well Defined Purchase Approval and Payment System

There is a great difference in attitude in the church environment between receipts and disbursements.  While churches exercise extreme vigilance over the “inflow” of funds into the church, many have a rather cavalier attitude towards the “outflow”.

Churches also tend to rely on a few “fraud prevention” methods which in my opinion provide little more protection than a security blanket.  They may give a warm and fuzzy feeling, but are no help in a real crisis.  The two I hear most often are the requirement of dual signatures for checks over a predetermined amount and the requirement that a check request form be filled out before anyone gets paid.  It is not uncommon for these to be the only two “fraud prevention” controls exercised over cash disbursements.  Churches that rely on methods this simple are unaware of two basic facts.

  • First, dual signatures and homemade check requests are absolutely no match for an ethically challenged employee with the courage to forge. 
  • Second, and this may be the most surprising, many of the larger and more spectacular embezzlements involve tampering with the church’s cash outflow, not the inflow.

 

Key: While no system is foolproof (especially if collusion is involved) the best fraud prevention practice in regard to disbursements, is to segregate the bill paying tasks between as many people as possible.  Some of the more important tasks to distribute are:

  • Payment approval
  • Receiving of goods
  • Check preparation
  • Check signing
  • Bill mailing
  • General ledger maintenance

Unfortunately, very few churches have enough employees to split all of these tasks up.  So what can be done?

Just as with cash receipts, a good place to start is by holding another brain-storming session in which the church’s procurement processes are analyzed.  Flow-charting is a very useful tool in this exercise.  Then, to the best of the church’s capabilities, the tasks should be distributed among several employees and volunteers.  But even after this process, most churches will have more tasks than people to give them to. 

But, there are other steps that can be taken.  Although they take place after-the-fact, these practices still provide strong measures of fraud prevention. 

  • First, someone outside the business office could be assigned the task of reconciling the bank account monthly.  This could be another employee, the business administrator, or a competent volunteer.  The reconciliation should not solely be a “balancing” of the checkbook but should also include a close inspection of the cancelled checks for endorsements and signatures and an analysis of outstanding items.  Online banking and remote access has made this practice even more efficient and practical, as volunteers do not have to come to the church office to do the work. 
  • Another step is to perform an analysis of the church’s check register by exporting it to an electronic spreadsheet and sorting by vendor.  It is surprising how quickly check writing “anomalies” can be detected using this procedure.  This practice should also be performed periodically.

Although not foolproof or guaranteed to catch everything, these two practices serve a bigger purpose.  Key: They are loud and clear advertising to any and all, that someone is looking.  This will force a potential thief to at least stop and ask himself; “Do I feel lucky today?”

Security Blanket #4 – Rotating Count Teams Are Not Enough!

We have rotating count teams with clear rules that account for every penny we collect in offerings…”

While this statement is not inaccurate, it is short-sighted.  When churches think of fraud, Sunday offering protection is usually the first thing that comes to mind.  And as a result, most churches do a very good job in protecting Sunday receipts.  In fact, Fort Knox may be an easier target than some churches I have visited who have ratcheted down tightly their Sunday collection procedures!

But, if this is all a church does in protecting itself from fraud, they are at risk.  There are at least two significant reasons:

First, Sunday offerings are not the only time cash comes into the church.  Many churches with air-tight security over Sunday collections completely ignore what happens from Monday through Saturday.  And in many churches, the amounts can be substantial, including day care fees, special event fees such as banquets and conferences, food sales, book sales, fund raising revenues, etc., etc., etc.  Also, tithes and offerings that are dropped off during the week often circumvent the entire teller process and instead land directly on the bookkeeper’s desk.

Second, cash inflow is not the only place where embezzlement takes place.  In fact, a case can be made that the larger cases do not involve the cash inflow processes, but the outflow.  The Association of Certified Fraud Examiners backs this assertion with statistics showing that while skimming (taking money before it is recorded) makes up 20% of reported fraud cases; check tampering is even more prevalent, making up 25% of the cases.  In addition, fraudulent expense reports and payroll scams chip in another 29% for good measure.

So, churches with tight controls over Sunday cash receipts should be commended for their efforts, but also reminded that effective fraud prevention includes extending this vigilance to the other means of inflow, and the outflow side as well.

If you’d like to hear more about our Best Practices Review or one of the many other services we provide, please contact us at (817)664-3000 or email us using our contact form.

Put Faith in a System, Not a Person

News stories about church funds being embezzled by an employee or clergy are common, but embezzlement by someone charged with oversight is rarely reported in the media. A Michigan based news site, www.mlive.com reported the following story on September 16, 2010:

Former Birch Run church leader charged with embezzling more than $100k from congregation

The former church president in Birch Run, Michigan, remains in jail on a $250,000 cash-only bond for allegedly embezzling over one hundred thousand from the ministry.

According to the perpetrator, he “got in deep” and “was trying to get his son out of trouble.” The former church president was able to withdraw funds from the various church bank accounts by writing checks and affidavits of loss and cashing them using his and the signature of the congregation treasurer, without her knowledge.

The church could have easily prevented this from happening.

First, the church president remained in that position for 12 years, allowing him to commit and conceal the fraud for an extended period of time. Positions of oversight i.e. president, treasurer, finance committee membership etc. should be rotated periodically. The term and rotation of the officers should also be documented within the church’s bylaws and constitution.

Second, it appears that the perpetrator had joint custody of the bank account along with the church treasurer but was also responsible for paying bills. Just because an individual serves as the president does not mean that his duties are exempt from oversight and the principle of segregation of duties. He was assigned to approve and sign checks, so the actual function of writing checks, recording disbursements in the general ledger and reconciling bank accounts should have been assigned to someone else. Every organization should put faith in a system, not a person.

And lastly, he had pressure to commit the fraud. In his own words, he was trying to get his son out of trouble. Given the circumstances, anyone in his position would have been tempted to commit the crime.

Obviously, he alone is responsible for the act; however, it was the responsibility of the church’s leaders to implement a system of checks and balances and ensure that authority is not concentrated in one individual’s hands, regardless of his status and reputation within the church and the local community.

To avoid this from happening at your church we have created FACT, a web-based test which will identify the cracks in your current system and help you prevent fraud in the future.

Give us a call at (817) 664-3000.

What Can We Do For You?

Get In Touch →

What Can We Do For You?