Part 6 of our series on Segregation of Duties. In our recent Fraud Survey, we asked churches to respond to this statement:
“We present a list of authorized check signers to the leadership team/elders, etc. for review at least annually.”
Survey results – Approximately 55% of respondents reported reviewing their bank accounts and related signature information at least annually.
Dormant Bank Accounts
I would imagine if we had sent a question asking if they knew why this annual review was important the result would probably be close to zero! This question was lifted right out of our firm’s audit procedures. We ask this question each year and are often asked why this is important.
Here are two good reasons:
Poor management of check signing authority can result in a once-authorized check signer to continue to be one, even though they may have not been a church member/employee for years.
More importantly, poor management of signatures indicates poor management of bank accounts. Occasionally churches will even forget about a few bank accounts that are infrequently used. Unfortunately, fraudsters do not forget once they have found an untended, forgotten about account.
KEY: DORMANT BANK ACCOUNTS can be a useful tool to a thief allowing him to store stolen funds and later transferring them to personal accounts with little chance of detection.
Part 5 of our series on Segregation of Duties. In our recent Fraud Survey, we asked churches to respond to these statements:
“Our church has a formal policy describing the characteristics required for participation on the count team, including limiting related individuals and restricting the same individual from participating in more than one component of the process.”
“Church volunteers are required to “rotate off” their assignments periodically.”
Survey results – 70% of our respondents reported using some type of screening process for determining teller team members. Unfortunately, only 25% reported that they required all team members to periodically rotate off the count team on a systematic basis. My guess of why this number is so low is that, from my observations, many people serving on count teams consider the service they provide a ministry. It is very difficult for many churches to limit anyone’s ministry.
If a church does screen its volunteers (as 70% appear to do) why is teller team rotation important to fraud prevention? This question can be answered with one word – COLLUSION. Even the strongest internal control systems can be penetrated when two or more people collude (conspire) to commit economic fraud.
The longer people serve together in any role, the more comfortable with each other they become. Over time, they may become tempted. It is much easier to broach the subject of committing fraud with a close acquaintance, than a stranger.
KEY: Being a relative or long-time friend with a fellow volunteer makes collusion a little bit easier.
Part 4 of our series on Segregation of Duties. In our recent Fraud Survey, we asked churches to respond to these statements:
“Our church does not allow an individual who serves on the count team, is involved in check preparation, or is involved in general ledger and financial statement presentation to participate in the bank reconciliation process.”
“Someone other than the preparer reviews the completed bank reconciliations.”
Survey results – Around 65% of our respondents reported implementation of these controls. And that is good because…
KEY: The bank reconciliation is the Grand Central Station of your church’s financial process.
All of a church’s financial activity should flow through the bank reconciliation. If a person has complete control over the bank accounts and accounting processes, AND is given the task of bank account reconciliation, the church has created a HUGE faucet. No, it’s probably closer to a fire hydrant!
KEY: The most effective step that can be taken to alleviate poor segregation of duties is to have someone outside the day to day accounting processes reconcile the bank account.
DOUBLE KEY: This should be much more than just balancing the accounts. This review should include a close inspection of cancelled checks, deposit slips, etc., and looking closely at payees, endorsements and check signers for abnormalities.
Part 3 of our series on Segregation of Duties. In our recent Fraud Survey, we asked churches to respond to these statements:
“The individual who prepares the checks also mails the checks.”
“The person responsible for general ledger and financial reporting also mails the checks.”
Survey results – A little over 50% of the respondents answered the first question positively. However, the number plummeted to 30% for the second.
Separate Accounting Tasks
You may wonder, “What’s the big deal about who mails the check? After all, if the bill has been approved, reviewed and signed, isn’t the process over?”
KEY: Signing the checks is NOT the last step in the bill paying process.
Here are two things we have seen happen.
One person with this much responsibility was also skilled in the art of forgery. Some of the checks signed were craftily altered and redirected to pay down his credit card balance (which had ballooned due to a problem with gambling). Because this person was also in charge of all of the accounting process, there was little chance of being detected.
Another thief presented checks to be paid which were dutifully signed by the administrator. But these are not the checks that were mailed. The original checks were destroyed, and replaced with checks written to the bookkeeper’s creditors and to a brother-in-law. As this person was in charge of the general ledger, the original checks were reflected in the cash disbursement journal. The phony ones were not. Obviously, this technique is risky because at some point the vendor not being paid will squawk.
Due to this risk, fraudsters who use this method are very selective in which vendors they pick. For example, in one case a bookkeeper switched checks with their church’s contributions to its denominational national office. Because these payments were voluntary, it took many months before the theft was discovered.
KEY: How to avoid this? See our next post on the importance of bank reconciliations.
Part 2 of our series on Segregation of Duties. In our recent Fraud Survey, we asked churches to respond to this statement:
“From the time of collection to the time of the bank deposit, funds are never, even for just a few minutes, in the custody of a single individual or kept in an unsecured location.”
Survey results – More than 65% of the respondents stated that this is true for their church.
Cash Flow Systems
To avoid fraud, it is of paramount importance that a church has a clear understanding of both of its cash flow systems: inflow (cash receipts) and outflows (cash disbursements).
We recommend that churches, at least once a year, flow chart these two cash flow systems. To help in this process, we suggest they compare their cash flows to the flow of water through the church’s plumbing system. What they should be looking for are any points along the way where one person, by themselves, can turn on a cash flow “faucet”. One of the overlooked phrases in this question is “even for just a few minutes.”
KEY: We are talking minutes, not hours – that’s all it takes for fraud to occur!
To illustrate this point consider what happened at one church. At this particular church one usher serving the balcony, removed all of the cash from the offering plate and stuffed it in his shirt as he made his way down two short flights of stairs. In this case we are talking seconds, not minutes!
Part 6 of our ongoing Fraud Awareness in the Church series will examine Credit Checks. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent of fraud awareness in the church environment. We asked churches to respond to this statement:
Our church conducts credit checks on financial employees and volunteers.
While almost all churches perform criminal background checks on employees and volunteers serving with children, very, very few extend the background check to financial matters.
ONE TRUTH – Potential employees in financial difficulty will bring their money problems with them to your church. (This not only applies to business managers, bookkeepers and accountants, but also ministers who are given oversight responsibilities over a portion of the church budget.)
Unfortunately, many churches learn this lesson after the fact. Performing a credit check PRIOR to hiring can prevent a boat load of misery!
Credit checks require a little more work than criminal background checks. The individual must give their permission and there must be a financial reason for conducting the credit check.
KEY: Credit checks on employees and volunteers who oversee financial matters can help flag and prevent potential fraud in the church.
Part 4 of our ongoing Fraud Awareness in the Church series will address Volunteer Training. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent of fraud awareness in the church environment. We asked churches to respond to this statement:
Our church conducts formal volunteer orientation or training.
Over 60% of the respondents reported having formal volunteer orientation and training. The Church (universal) is arguably the greatest volunteer organization in world history. Without volunteers, there would be no church, or at least not an effective one.
But unfortunately, many churches take their volunteers for granted. One way I’ve seen this played out is the lack of volunteer TRAINING. Many churches send their financial volunteers into action with little, if any, formal preparation. Often, these individuals are pressed into service and simply try to do the best they can with little knowledge of the church’s policies and procedures.
There is a negative byproduct of not training volunteers: While the church’s policies may not change (after all, they should be in writing), procedures certainly will change. With the normal flux of volunteers coming and going procedures will be constantly changing as well.
In short, operational baselines will become blurred. And remember, fraudsters HATE baselines!
KEY: Volunteer training helps ensure a thorough knowledge of church policies and procedures, and thwarts potential fraud.
Part 12 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has implemented a written credit card policy to control credit card purchases.
Ok, I know I was a little harsh in the last post… I guess it’s because I have seen too many credit card train wrecks! The million dollar event I discussed in the last post was definitely the largest, but I have seen many of its smaller brothers and sisters.
Although over 80% of the surveyed churches issue church-named credit cards, the results of the next query gives me some comfort. 70% of these churches have implemented a church credit card policy to monitor credit purchases. Unfortunately, that leaves nearly a third with no documented policies to give oversight over credit card purchases. Based on the things I have seen, these 30 percenters are living on the edge.
It is imperative that any church issuing credit cards to employees and volunteers has a credit card policy to lay down usage guidelines.
At a bare minimum a church credit card policy should:
- Limit the dollar amounts of single purchases, and
- Restrict the use of the cards to certain businesses.
What would you add to these two requirements?
Part 11 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church issues credit cards (in the church’s name) to employees and/or volunteers.
At a response rate that came as no surprise to me, 86% of the churches who took part in our survey issue credit cards to employees. It continues to amaze me how many churches follow this practice. Seldom do we see this in our work with commercial clients. Most businesses with accountable business expense reimbursement plans require employees to use their own cards. This is particularly true with smaller organizations. Some larger companies do issue corporate cards, but all of them I have seen keep the employee on the hook by including the employee on the account: The employee pays the bill AFTER being reimbursed by the company. Employees of businesses that follow this procedure tend to be more responsible credit card users because there is always the possibility that their employer may say, “NO!”
Why do we consider the issuance of credit cards (in the church’s name) a fraud risk? I have a simple answer:
The largest church credit card fraud investigation I have conducted resulted in more than one million dollars in losses.
Illicit use of just two credit cards was responsible for 75% of the theft!
Without sufficient oversight, credit cards can turn the entire purchase approval system on its head. I have seen it happen…
Part 9 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established an “approved vendor list”. All payments for goods or services are made only to vendors on the list.
A surprisingly high percentage of our respondents – 82% had not established an “approved vendor list”. A common misconception in the church environment is that, “If we are going to be hit, it will be directed towards our tithes and offerings.” While this does happen frequently, some of the largest dollar losses occur in the disbursement processes, not the receipts. Also, these types of frauds, because of their difficulty of detection, seem to go on for longer periods of time than thefts of cash receipts. From my observations, it seems that many more churches are hit after their revenues are safely in the church’s bank accounts, not on their way in.
The first line of defense against vendor disbursement fraud is the development of well-defined AND well-written bill approval and payment policies and processes.
In addition to purchase orders and check requests, such a system should include a formal vendor selection and retention process. After successfully screening potential donors, the church should develop a preferred vendor list. As part of the check signing process, payees should be compared to the approved vendor list.