Part 3 of our series on Segregation of Duties. In our recent Fraud Survey, we asked churches to respond to these statements:
“The individual who prepares the checks also mails the checks.”
“The person responsible for general ledger and financial reporting also mails the checks.”
Survey results – A little over 50% of the respondents answered the first question positively. However, the number plummeted to 30% for the second.
Separate Accounting Tasks
You may wonder, “What’s the big deal about who mails the check? After all, if the bill has been approved, reviewed and signed, isn’t the process over?”
KEY: Signing the checks is NOT the last step in the bill paying process.
Here are two things we have seen happen.
One person with this much responsibility was also skilled in the art of forgery. Some of the checks signed were craftily altered and redirected to pay down his credit card balance (which had ballooned due to a problem with gambling). Because this person was also in charge of all of the accounting process, there was little chance of being detected.
Another thief presented checks to be paid which were dutifully signed by the administrator. But these are not the checks that were mailed. The original checks were destroyed, and replaced with checks written to the bookkeeper’s creditors and to a brother-in-law. As this person was in charge of the general ledger, the original checks were reflected in the cash disbursement journal. The phony ones were not. Obviously, this technique is risky because at some point the vendor not being paid will squawk.
Due to this risk, fraudsters who use this method are very selective in which vendors they pick. For example, in one case a bookkeeper switched checks with their church’s contributions to its denominational national office. Because these payments were voluntary, it took many months before the theft was discovered.
KEY: How to avoid this? See our next post on the importance of bank reconciliations.
Part 2 of our series on Segregation of Duties. In our recent Fraud Survey, we asked churches to respond to this statement:
“From the time of collection to the time of the bank deposit, funds are never, even for just a few minutes, in the custody of a single individual or kept in an unsecured location.”
Survey results – More than 65% of the respondents stated that this is true for their church.
Cash Flow Systems
To avoid fraud, it is of paramount importance that a church has a clear understanding of both of its cash flow systems: inflow (cash receipts) and outflows (cash disbursements).
We recommend that churches, at least once a year, flow chart these two cash flow systems. To help in this process, we suggest they compare their cash flows to the flow of water through the church’s plumbing system. What they should be looking for are any points along the way where one person, by themselves, can turn on a cash flow “faucet”. One of the overlooked phrases in this question is “even for just a few minutes.”
KEY: We are talking minutes, not hours – that’s all it takes for fraud to occur!
To illustrate this point consider what happened at one church. At this particular church one usher serving the balcony, removed all of the cash from the offering plate and stuffed it in his shirt as he made his way down two short flights of stairs. In this case we are talking seconds, not minutes!
Part 6 of our ongoing Fraud Awareness in the Church series will examine Credit Checks. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent of fraud awareness in the church environment. We asked churches to respond to this statement:
Our church conducts credit checks on financial employees and volunteers.
While almost all churches perform criminal background checks on employees and volunteers serving with children, very, very few extend the background check to financial matters.
ONE TRUTH – Potential employees in financial difficulty will bring their money problems with them to your church. (This not only applies to business managers, bookkeepers and accountants, but also ministers who are given oversight responsibilities over a portion of the church budget.)
Unfortunately, many churches learn this lesson after the fact. Performing a credit check PRIOR to hiring can prevent a boat load of misery!
Credit checks require a little more work than criminal background checks. The individual must give their permission and there must be a financial reason for conducting the credit check.
KEY: Credit checks on employees and volunteers who oversee financial matters can help flag and prevent potential fraud in the church.
Part 5 of our ongoing Fraud Awareness in the Church series will address Policies and Procedures Manuals. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent of fraud awareness in the church environment. We asked churches to respond to this statement:
Our church has compiled written financial, accounting, management and personnel policies in a central document such as an accounting and management policy manual.
Given the multitude of church management resources available and the myriad of church conferences that church managers can attend, it surprised me that only 50% of the respondents answered “yes” to this question. The reasons for this low compliance rate puzzles me, but if I had to make a guess as to the culprit, I would say that it is because of the “tyranny of the urgent” environment that many church managers live in. Because of their overloaded schedules many simply adopt the “Wac-a-Mole” management theory in which the administrators simply handle what pops up next. As long as they are getting the job done, they see no need to document procedures.
Unfortunately, by doing this, they are ignoring the fact that not having written policies and procedures is not only a bad way to do business, it also exposes the church to fraud. The reason? Fraudsters HATE BASELINES!
Baselines help the church define “normal”. Without normal or standard operating metrics it is difficult to determine if this year’s numbers are consistent with last year’s. These blurred lines are a happy hunting ground for crooks.
KEY: Implementing a Policies and Procedures Manual will establish baselines and definitely help prevent fraud in your church!
Part 4 of our ongoing Fraud Awareness in the Church series will address Volunteer Training. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent of fraud awareness in the church environment. We asked churches to respond to this statement:
Our church conducts formal volunteer orientation or training.
Over 60% of the respondents reported having formal volunteer orientation and training. The Church (universal) is arguably the greatest volunteer organization in world history. Without volunteers, there would be no church, or at least not an effective one.
But unfortunately, many churches take their volunteers for granted. One way I’ve seen this played out is the lack of volunteer TRAINING. Many churches send their financial volunteers into action with little, if any, formal preparation. Often, these individuals are pressed into service and simply try to do the best they can with little knowledge of the church’s policies and procedures.
There is a negative byproduct of not training volunteers: While the church’s policies may not change (after all, they should be in writing), procedures certainly will change. With the normal flux of volunteers coming and going procedures will be constantly changing as well.
In short, operational baselines will become blurred. And remember, fraudsters HATE baselines!
KEY: Volunteer training helps ensure a thorough knowledge of church policies and procedures, and thwarts potential fraud.
Last week I conducted two break-out sessions at the NACBA National Conference in Houston. During these sessions I reported the final results of the PSK/NACBA fraud survey conducted earlier this year. In the coming posts I will be sharing some of the information we gleaned from our survey.
Goal of the Fraud Survey
Before launching into this discussion however, it must be pointed out that this was not a scientific poll. Rather, it is simply a questionnaire answered by a little over 100 participants who were invited to participate. The goal was not to obtain specific answers to specific questions, but simply to gain a general understanding of the extent of fraud awareness in the church environment.
In fact, because the sample size was small and most of the participants (I assume) were NACBA members or churches with a high degree of management sophistication, I expected the results to be skewed to the high side. *My opinion – If a scientific poll had been conducted, compliance indicators would have been MUCH lower.
As we go through the results of our fraud survey, you will notice that we (PSK) have grouped the questions asked of participants according to several “key” areas in church operations that are fundamental to fraud prevention. The first of these key areas – Church Governance.
The full list of topics are below. Stay tuned in the coming weeks for more of the same great fraud prevention tips you have learned to trust from Weeds in the Garden!
Results of the PSK/NACBA Fraud Survey – Upcoming Blog Topics:
- Church Governance
- Conflicts of Interest
- Volunteer Training
- Policies & Procedures Manual
- Credit Checks
- Segregation of Duties
- Cash Disbursements
- Payroll Fraud
- Information Technology
- Payments to Individuals
- Fraud Prevention Programs
Part 11 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church issues credit cards (in the church’s name) to employees and/or volunteers.
At a response rate that came as no surprise to me, 86% of the churches who took part in our survey issue credit cards to employees. It continues to amaze me how many churches follow this practice. Seldom do we see this in our work with commercial clients. Most businesses with accountable business expense reimbursement plans require employees to use their own cards. This is particularly true with smaller organizations. Some larger companies do issue corporate cards, but all of them I have seen keep the employee on the hook by including the employee on the account: The employee pays the bill AFTER being reimbursed by the company. Employees of businesses that follow this procedure tend to be more responsible credit card users because there is always the possibility that their employer may say, “NO!”
Why do we consider the issuance of credit cards (in the church’s name) a fraud risk? I have a simple answer:
The largest church credit card fraud investigation I have conducted resulted in more than one million dollars in losses.
Illicit use of just two credit cards was responsible for 75% of the theft!
Without sufficient oversight, credit cards can turn the entire purchase approval system on its head. I have seen it happen…
Part 9 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established an “approved vendor list”. All payments for goods or services are made only to vendors on the list.
A surprisingly high percentage of our respondents – 82% had not established an “approved vendor list”. A common misconception in the church environment is that, “If we are going to be hit, it will be directed towards our tithes and offerings.” While this does happen frequently, some of the largest dollar losses occur in the disbursement processes, not the receipts. Also, these types of frauds, because of their difficulty of detection, seem to go on for longer periods of time than thefts of cash receipts. From my observations, it seems that many more churches are hit after their revenues are safely in the church’s bank accounts, not on their way in.
The first line of defense against vendor disbursement fraud is the development of well-defined AND well-written bill approval and payment policies and processes.
In addition to purchase orders and check requests, such a system should include a formal vendor selection and retention process. After successfully screening potential donors, the church should develop a preferred vendor list. As part of the check signing process, payees should be compared to the approved vendor list.
Part 8 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church reconciles payroll quarterly reports with the payroll journals and general ledger.
Almost 25% of our respondents do not perform this relatively simple task. I can show you plenty of news reports of churches who wish they had! Occasionally, I need to point out the obvious; thieves do not like to get caught! To remain successful at this, they have to hide in the tall weeds. This means they are going to target the big numbers in a church’s financial statements. And the biggest of the big numbers is payroll cost.
Typically, payroll makes up 50% of a church’s operating budget.
For example, if a church has a one million dollar budget, a thief can easily find cover among $500K of tall weeds!
To avoid being the victim, churches should take care to:
- Know who their employees are
- Know how much their employees are paid
- Periodically review activity in the payroll general ledger accounts
- Compare payroll reports with budget totals.
Part 2 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established a formal program for managing fraud risk.
Almost 63% of our respondents reported that they have not conducted a fraud risk assessment or implemented an ongoing formal church fraud prevention program. Unfortunately, my guess is that the national average is much higher. It is hard to pinpoint what might be the cause of this rather high percentage but two reasons are prominent:
- The workload of most church business administrators (CBA) has them stretched to the limit. There is barely time to get all of the routine tasks completed on a timely basis much less take on additional projects.
- When they do try to implement a church fraud risk program, many CBAs end up as the Lone Ranger. In many, if not most churches, fraud prevention is a very difficult proposition to sell. The biggest hurdle? The mistaken belief that “it can never happen here.”
It is not enough to simply be aware of the threat of fraud or go through the motions of fraud prevention. Ministries that don’t commit themselves to a strong fraud prevention and detection program will likely end up as victims.
A few key ingredients of a formal church fraud risk program include:
- Education of church employees, volunteers and members of the risks of fraud.
- Conducting an initial “brain storming” session whose purpose is to identify potential fraud portals.
- Assigning ownership of fraud prevention processes to key church leaders and employees.
- Implementing a periodic review of transactions.
- Periodic review and assessment of the church’s systems.
- Implementation of an anonymous whistleblower hotline. (More about this in a subsequent post)