Part 10 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established a “Positive Pay” arrangement with our bank.
Increasingly, due to technological change and advancement, the threat of fraud is no longer limited to dishonest employees. Hackers and other “online bandits” have become quite proficient in draining the bank accounts of the unsuspecting. One defense against this is to establish a Positive Pay arrangement with your bank.
Only 5% of our respondents have this type of bank account protection in place, which is surprising because Positive Pay is a simple three-step process.
- During the check writing process, a list is compiled of bills to be paid.
- The list is sent to the bank.
- The only checks or drafts to be cleared by the bank are those on the list.
I am very curious why so few take advantage of this. Any ideas?
There is a great difference in attitude in the church environment between receipts and disbursements. While churches exercise extreme vigilance over the “inflow” of funds into the church, many have a rather cavalier attitude towards the “outflow”.
Churches also tend to rely on a few “fraud prevention” methods which in my opinion provide little more protection than a security blanket. They may give a warm and fuzzy feeling, but are no help in a real crisis. The two I hear most often are the requirement of dual signatures for checks over a predetermined amount and the requirement that a check request form be filled out before anyone gets paid. It is not uncommon for these to be the only two “fraud prevention” controls exercised over cash disbursements. Churches that rely on methods this simple are unaware of two basic facts.
- First, dual signatures and homemade check requests are absolutely no match for an ethically challenged employee with the courage to forge.
- Second, and this may be the most surprising, many of the larger and more spectacular embezzlements involve tampering with the church’s cash outflow, not the inflow.
Key: While no system is foolproof (especially if collusion is involved) the best fraud prevention practice in regard to disbursements, is to segregate the bill paying tasks between as many people as possible. Some of the more important tasks to distribute are:
- Payment approval
- Receiving of goods
- Check preparation
- Check signing
- Bill mailing
- General ledger maintenance
Unfortunately, very few churches have enough employees to split all of these tasks up. So what can be done?
Just as with cash receipts, a good place to start is by holding another brain-storming session in which the church’s procurement processes are analyzed. Flow-charting is a very useful tool in this exercise. Then, to the best of the church’s capabilities, the tasks should be distributed among several employees and volunteers. But even after this process, most churches will have more tasks than people to give them to.
But, there are other steps that can be taken. Although they take place after-the-fact, these practices still provide strong measures of fraud prevention.
- First, someone outside the business office could be assigned the task of reconciling the bank account monthly. This could be another employee, the business administrator, or a competent volunteer. The reconciliation should not solely be a “balancing” of the checkbook but should also include a close inspection of the cancelled checks for endorsements and signatures and an analysis of outstanding items. Online banking and remote access has made this practice even more efficient and practical, as volunteers do not have to come to the church office to do the work.
- Another step is to perform an analysis of the church’s check register by exporting it to an electronic spreadsheet and sorting by vendor. It is surprising how quickly check writing “anomalies” can be detected using this procedure. This practice should also be performed periodically.
Although not foolproof or guaranteed to catch everything, these two practices serve a bigger purpose. Key: They are loud and clear advertising to any and all, that someone is looking. This will force a potential thief to at least stop and ask himself; “Do I feel lucky today?”
Churches tend to have only one motivation for staying in compliance with the tax laws. And that is staying out of trouble. Churches practice compliance with the Internal Revenue Code primarily to avoid unnecessary penalties and interest, protect their tax-exempt status and stay out of the news.
The prevailing attitude is “We do these things because we have to; the government is making us.” Most church’s see no benefit in compliance other than staying in the government’s good graces. The resulting tendency is many do just enough to get by. But, by having this attitude they are missing another very good reason why compliance is helpful. Key: Being serious about government compliance also provides another level of fraud resistance.
Knowing where many of these laws came from makes the same point. Our governments aren’t really very proactive. Contrary to popular opinion, they don’t dream up rules and laws just to be belligerent, they are more reactionary. Many of the rules churches must comply with were implemented in reaction to some type of bad practices or abuse of existing regulations. A very good example is the charitable contribution substantiation rules. One of the reasons for their coming into existence was the tendency of some people to deduct tuition payments to the church school as contributions. Also, “accountable reimbursement plans” are the result of abusive employee business expense deductions during the 1980s. Although it may come off sounding harsh, the fact is both of these practices, mischaracterizing payments as contributions and inflating expense reports, are forms of fraud the government wishes to eliminate.
The purpose of strong IRS compliance is not simply to stay out of trouble. Key: Doing what the government asks will also close down some favorite targets of individuals committed to stealing from the church.
A fraud resistant church should take steps to be in compliance with IRS regulations regarding:
- Ministerial taxation
- Personnel benefits
- Business expense reimbursements
- Credit card use
- Contribution substantiation.