One of the most important measures your ministry can take to protect cash and YOU is implement segregation of duties, i.e. no single person should have control of the cash process.
Ensure that the function of counting contributions and receipts is segregated from the depositing, general ledger and reconciliation functions.
Accountability means that ALL cash is accounted for, properly documented, secured and traceable. When accountability is implemented properly, the ministry is able to answer the 4 W’s at any given time:
- Who has access to cash
- Why they have access to cash
- Where is cash at all times
- What has occurred from the transaction’s beginning to the end
The monthly bank reconciliation is the single most important control that ties everything together. It allows the ministry to ensure that all cash transactions are accounted for and properly recorded. Once the reconciliation is complete, it should also be reviewed by someone other than the preparer for accuracy, i.e. the business administrator, member of finance committee, your CPA etc.
Except in the rarest of cases, personnel costs are the single largest expenditure of a church. Because churches are in the “service industry”, it should come as no surprise that forty-five to fifty percent of the typical church budget will be dedicated to employee related costs.
This highlights a basic principle in the behavior of an embezzler. For obvious reasons, people committing fraud prefer to remain anonymous. In order to enjoy the fruits of their labor they must remain hidden. It is much easier to hide fraud among the bigger numbers – like payroll.
Key: As a result, personnel costs are a favorite target of fraudsters. Usually, fraud in this area is small-time with one employee falsifying their own time card or submitting phony expense reports. However, some payroll frauds can be quite extensive and creative. The more spectacular (and costly) may involve:
- “Phantom” employees
- Fraudulent insurance claims
- Bogus tax refunds.
These scams can easily run into the tens of thousands of dollars.
Churches should not be naïve about payroll fraud. Because churches are as vulnerable to personnel fraud as businesses, they should do two things.
- First, repeating the theme of a previous section, churches must follow the IRS compliance guidelines. This means designating an independent compensation committee to set compensation amounts, based on market comparison information, and documenting all decisions made. At a minimum, this process should be followed for executive level staff but is also a good practice to follow for the entire church staff.
- Second, churches should also follow a “best practices” approach in human resources administration. In addition to contributing to a healthy workforce these best practices also contribute to eliminating the possibility of fraud. A few of these practices are:
- Establishment of formal job descriptions
- Performing background checks
- Performing regular performance evaluations and obtaining written termination letters from departing employees.
Any discussion of church tithes and offerings practices usually includes both a pat on the back and a criticism. First, in regard to the normal Sunday offerings I can say to most churches, “Way to go!” In fact, when I ask a client if they have taken any fraud prevention steps, the first thing usually mentioned is how much the church has done to protect the offering plate. Seldom do I encounter a church that does not have multi-member count teams, rotating terms of service, locking bank bags, dual-access safes and in an increasing number, the use of an armored car service. I would venture an educated guess that the majority of churches have more than adequate controls over Sunday receipts. For some, Fort Knox would be an easier target.
But in regard to the rest of the money, the funds that come in during the rest of the week, I often have to say, “What were you thinking?” While being diligent to a fault on Sunday morning, almost anything and everything goes the rest of the week. Here are two in my hall of fame:
- Offerings, fees and other receipts arriving in the mail or dropped off by members are simply dumped on the financial secretary’s desk. I have entered offices with large piles of unguarded cash on the accountant’s desk more times than I can remember.
- Special events funds sometimes are “managed” by a volunteer. The funds are kept off campus and are not turned over to the business office until the event is over. No accounting or reconciliation of goods sold is required.
Needless to say, some of our more interesting and sometimes humorous fraud stories occur in these two areas.
However, this is no laughing matter, because a significant “event” could cause irreparable damage. That being the case, definite steps should be taken.
- First, a brainstorming session could be held, the purpose of which is to determine all sources of income.
- Once identified, all sources should be included in the church’s normal collection policies and procedures. For example,
- For weekday drop-offs and mail-ins, a lock box could be kept in the church’s safe in which all of these receipts would be placed unopened.
- A separate log or register should be maintained to keep a record that the amounts were received.
- On Sunday, the box could then be opened and counted by the teller team on duty.
Until the 1960s, perhaps into the 1970s, churches were rather slow to pick up on new ideas, particularly in regard to technology. (If you have a hard time believing this, think back to the first time someone wanted to bring an electric guitar into your sanctuary!) But that is no longer the case, especially when it comes to information technology.
Churches have embraced the digital world and are becoming very proficient in the use of computers. A vast array of applications has been made available to the church including sophisticated financial accounting and reporting, childcare security, online purchasing, online tithing, phone trees and coffee bars with free wireless internet. Without a doubt, churches have become technologically savvy.
Unfortunately, there is a vast array of other things that most churches aren’t so savvy about: the numerous new portals computers provide through which fraudsters can gain entry into the church. Key: Computer and online crime is drastically changing the face of fraud prevention.
To stay abreast of the rapid change in technology and the risks this change brings churches should ask themselves the following questions on a regular basis:
- Does our church have a formal Information Technology security plan?
- Do any individuals at our church have access to all modules of the church’s software system?
- Does our church partition its computer applications so that employees and volunteers have access only to files necessary to perform their duties?
- Does computer access require passwords that are confidential and unique?
- Are our passwords changed periodically?
- Are passwords complex including alpha, numeric and case sensitive characters?
- Do we have backup procedures that are performed regularly that include off-campus storage?
- Do we have measures in place to protect the church from malware?
- Do we train our employees to avoid accepting email from unknown locations?
- Do we have a download policy?
- Do we maintain separate public and private wireless networks?
Establishing an organizational structure is the first step in combating fraud, however it is not enough. Key: In order to stay within reasonable boundaries, churches must take the time to carefully document their management structure and practices. Churches that fail to do this do so at great risk.
A written organizational plan serves several purposes.
- First, it serves as a compass providing direction for the church as it navigates through difficult decisions.
- Similarly, the organizational documents serve as a map, helping the church chart courses of action of a more long-range nature.
- Finally and directly related to fraud prevention, documentation serves as an anchor, keeping the church from drifting into dangerous waters.
For this discussion, I have grouped documentation into three categories.
- Corporate records of the church are the first consideration. All churches should have in place a practice of insuring that their articles of incorporation, by-laws and/or constitution are up-to-date and in compliance with federal, state, and local law. This is best accomplished by engaging legal counsel familiar with church and exempt organization law to perform periodic reviews of the corporate documents.
- An accounting and management policy and procedure manual is a must in the battle against fraud. Fraudsters do not like consistency because it forms a base-line upon which to make quick and simple comparisons. Having a central document, such as an accounting and management policy manual, provides a proper back drop for church operations. Without creating a massive “code of regulation” the policy should be comprehensive. At a minimum, typical topics included should be organizational structure, budget development, cash receipts and disbursement procedures, financial reporting and personnel administration.
Documents specifically aimed to reduce fraud should also be included in a church’s policy and procedure portfolio. Written policies should be created that address conflicts of interest, business expense reimbursements to employees and volunteers, credit card use, benevolence, and building and property use.
Let me be blunt. The fact that a church has never had an incident of fraud is due to one of two things: luck or planning. Needless to say, the odds of successfully avoiding fraud are much higher with the latter approach. If a church has been relying on the first approach and has never had an incident, it should be congratulated for its good fortune. But, the church should also be reminded that its good fortune rests on the fact that either the crooks have not made it to their church yet, or they just haven’t been caught. In time, one or both of these things will probably occur.
To increase the chances of avoiding fraud, the best practice is to plan and organize. This is accomplished by implementing a strong organizational structure within the church.
Key: Evidence points to the fact that churches with little or no organizational structure are frequent targets of fraud. The reason is rather obvious; many fraudsters are much better students of management theory than the average church. They can spot an “easy mark” a mile away. Crooks can also spot a well-defended church and will avoid it. Greener pastures are very easy to find because well protected churches are significantly outnumbered by poorly managed congregations. A crook-resistant church usually develops a strong organization in three areas.
- Tone at the top is the key to a church’s entire fraud prevention structure. If integrity is missing at the top levels of management, all other controls will prove to be pointless. Every church needs to have senior level staff that respects and understands the need for accountability. Good leaders may not care much for expense reports and purchase orders, like most of us, but they do understand their necessity. It is crucial that leaders comply without visible complaint to those around them. Junior staff will follow their leaders and the direction they are led is of extreme importance.
- An empowered leadership team is another essential ingredient, without which transparency is not possible. When making a point about the need for openness and transparency, Supreme Court Justice William Brandeis is credited with saying “Sunlight is the greatest disinfectant”. One of the ways churches operate in the sunlight is by appointing a formally designated leadership team to guide it. (Titles vary from church to church: deacons, elders, directors, leadership team, etc.) Members of the team must be adequately trained to understand the requirements and responsibilities of their jobs and allowed to ask difficult and uncomfortable questions.
- Competent volunteers are essential to the church, the greatest volunteer organization in the history of the world. But, volunteers should be given sufficient orientation and training in order to understand their roles. Also, a church should not just let anyone be a volunteer. Volunteers need to be checked out. Unfortunately, many volunteers have ulterior motives behind their willingness to help out.
“We have rotating count teams with clear rules that account for every penny we collect in offerings…”
While this statement is not inaccurate, it is short-sighted. When churches think of fraud, Sunday offering protection is usually the first thing that comes to mind. And as a result, most churches do a very good job in protecting Sunday receipts. In fact, Fort Knox may be an easier target than some churches I have visited who have ratcheted down tightly their Sunday collection procedures!
But, if this is all a church does in protecting itself from fraud, they are at risk. There are at least two significant reasons:
First, Sunday offerings are not the only time cash comes into the church. Many churches with air-tight security over Sunday collections completely ignore what happens from Monday through Saturday. And in many churches, the amounts can be substantial, including day care fees, special event fees such as banquets and conferences, food sales, book sales, fund raising revenues, etc., etc., etc. Also, tithes and offerings that are dropped off during the week often circumvent the entire teller process and instead land directly on the bookkeeper’s desk.
Second, cash inflow is not the only place where embezzlement takes place. In fact, a case can be made that the larger cases do not involve the cash inflow processes, but the outflow. The Association of Certified Fraud Examiners backs this assertion with statistics showing that while skimming (taking money before it is recorded) makes up 20% of reported fraud cases; check tampering is even more prevalent, making up 25% of the cases. In addition, fraudulent expense reports and payroll scams chip in another 29% for good measure.
So, churches with tight controls over Sunday cash receipts should be commended for their efforts, but also reminded that effective fraud prevention includes extending this vigilance to the other means of inflow, and the outflow side as well.
If you’d like to hear more about our Best Practices Review or one of the many other services we provide, please contact us at (817)664-3000 or email us using our contact form.
“Our bookkeeper has been a member and served our church for many years. We trust him/her completely…”
Church’s Secretary accused of embezzling $1.5 million
Former pastor guilty of stealing from church
Church’s former secretary jailed on fraud charges
Priests get jail for stealing from church
Church secretary accused of stealing thousands
Woman accused of stealing from church
Baptist church secretary was arrested and charged with 17 counts of credit-card fraud…
Church financial secretary steals $216,000—asks for forgiveness
Church secretary admits to stealing $274,000 from congregation
These are all actual headlines from articles about church theft. I think we’d all agree…this is NOT the publicity that anyone wants, particularly a church. In most of the church embezzlement cases I have read about, the crime is not perpetrated by a thief who has sought out a soft target. More often churches are embezzled from by a long-time, dedicated and trusted employee who has been given total access to the church’s financial operations. In short, it is usually not bad people who steal from churches. Rather, church embezzlement is committed by good people who find themselves (or their close relatives) in bad situations.
Churches victimized in this way have often not taken into account the first leg of the “fraud triangle” – Pressure. (Rationalization and opportunity are the other two.) Pressure can be defined as any outside force or set of circumstances that creates a need for cash. Pressure comes in many forms, including large unexpected medical costs, business reversals, and in far too many cases, addictions. When faced with these issues, many people of otherwise unquestioned integrity are tempted to “borrow” from their employer to alleviate the pressure.
Churches have limited control over the pressures their employees and volunteers face. However, they have almost total control over one leg of the triangle – OPPORTUNITY. By establishing strong financial controls and processes churches can go a long way in removing temptation from its employees.
If you’d like to hear more about our Internal Control Assessments or one of the many other services we provide, please contact us at (817)664-3000 or email us using our contact form.
“We require all checks to be signed by two officers of the church”.
Dual controls, or separation of the accounting duties, are an important brick in the wall of fraud protection. Requiring dual signatures is often one of the ingredients in providing proper segregation of duties. But, if this practice is not combined with a few other protective measures it will be no more effective as a lion with no fangs or claws.
True, the knowledge that all checks must be signed by two people will deter most people from taking a chance. But, if this is the only control in place, it will not be enough to scare off a bold predator.
Let me set a scenario. Imagine a bookkeeper who has been given the responsibilities to write checks, prepare the general ledger and reconcile the bank account. If this individual has courage, handwriting skills, and lack of integrity the protection provided by dual signatures will be paper thin. Ask yourself, how much more difficult would it be to forge two signatures than one?
My point? Do not rely on dual signatures as your only wall of defense. Dual signature requirements, standing alone, are no match for a check forger.
In another post (See Lame Excuse #1), I use the story of Judas stealing from the disciples’ money bag to illustrate that fraud can take place in any church. This week I found another Biblical example of this truth. Luke, in Acts Chapter 5, recounts the sad story of Ananias and Sapphira.
In the story, this couple sells a piece of property and promises the church (and the Holy Spirit!) that the proceeds would be given to the congregation. As it turns out, the couple comes up with a scheme to withhold some of the funds while making it appear they had given the whole amount to the church. When confronted, both Ananias and Sapphira cover themselves by lying.
This week, in my routine “fraud news search”, I found a story with some similar characteristics.
Former Church Treasurer Charged…
Did you notice that this treasurer essentially did the same two things Ananias and Sapphira did. She stole money from the church and then lied about it by “doctoring” the books.
What can a church do to avoid such a fate? Here are two observations:
The fact that the fraud was not discovered until a new treasurer took over implies that no one, other than the treasurer, ever looked at the accounting records. The church was violating the basic accounting philosophy of adequate segregation of duties. Lack of involvement by others made it easy for the treasurer to steal, and then doctor the records to cover her tracks. Something as simple as having someone other than the treasurer reconcile the bank account monthly might have been enough to prevent the thefts.
Second, I have never been convinced that debit cards are all that useful in the church world. Sure they are efficient, but a debit card (and his close relative, the credit card) can completely circumvent the best bill approval and payment systems. If a church insists that it must have cards, by all means adopt a credit card use policy to govern their use.