Part 2 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established a formal program for managing fraud risk.
Almost 63% of our respondents reported that they have not conducted a fraud risk assessment or implemented an ongoing formal church fraud prevention program. Unfortunately, my guess is that the national average is much higher. It is hard to pinpoint what might be the cause of this rather high percentage but two reasons are prominent:
- The workload of most church business administrators (CBA) has them stretched to the limit. There is barely time to get all of the routine tasks completed on a timely basis much less take on additional projects.
- When they do try to implement a church fraud risk program, many CBAs end up as the Lone Ranger. In many, if not most churches, fraud prevention is a very difficult proposition to sell. The biggest hurdle? The mistaken belief that “it can never happen here.”
It is not enough to simply be aware of the threat of fraud or go through the motions of fraud prevention. Ministries that don’t commit themselves to a strong fraud prevention and detection program will likely end up as victims.
A few key ingredients of a formal church fraud risk program include:
- Education of church employees, volunteers and members of the risks of fraud.
- Conducting an initial “brain storming” session whose purpose is to identify potential fraud portals.
- Assigning ownership of fraud prevention processes to key church leaders and employees.
- Implementing a periodic review of transactions.
- Periodic review and assessment of the church’s systems.
- Implementation of an anonymous whistleblower hotline. (More about this in a subsequent post)
The occurrence of occupational fraud in the church community continues to rise at epidemic proportions. Evidence of this is found in the steady flow of news accounts reporting churches hit with fraud:
- The Archdiocese of New York was bilked to the tune of $1M.
- Incredibly, so was the Archdiocese of Philly.
- A pastor in Grand Rapids Michigan is on the hot seat for stealing between 50K and 100K by using church bank accounts and credit cards.
- A woman in Ohio is accused of stealing $143K from the church where she was employed. (Unbelievably in an attempt to cover up her deeds, she sent an appeal letter asking each member to send $200 to the church to cover a church debt!) (more…)
According to the Association of Certified Fraud Examiners, the second most common red flag is financial difficulties of individuals involved in financial matters of an organization. The occurrence rate of 36% consists of reported frauds at all levels of the organizations victimized. However, if we look solely at frauds committed at the employee level (disregarding frauds committed by managers) the rate soars to almost 50% of all fraud cases.
This makes sense because employees receive lower compensation compared to the management level. When unexpected financial events occur, they are less likely to have a “rainy-day fund” set aside to get them through. This can lead to poor judgment in several areas, the first of which is usually excessive use of credit cards. When these individuals find it difficult to climb out of their debt problem and they might focus on other areas of relief, one of which is their employer’s money.
Once again, I must stress that the presence of these circumstances is proof of nothing, but organizations must keep in mind that personal financial difficulties are a common denominator in a great many fraud occurrences. But, how can a church leader address this possibility? Here are three thoughts.
- In addition to performing the normal background check, a church might consider performing annual credit checks on employees involved in the financial activity of the church. It is not too much of a stretch to say that if you hire someone with a poor credit history, you have hired their problems as well. Keep in mind, that credit checks generally require the employee’s permission
- Provide financial counseling for employees. This is another way to discover if any employees are struggling with finances. But it also helps the church relieve some of the pressure an employee may be experiencing by providing a way out of their dilemma.
- Finally, and most importantly, you must close down the opportunity of fraud. In most of the church fraud cases I have read, the most common characteristic is terrible segregation of duties. Often, one person is in charge of all of the church’s financial tasks. When you combine these two ingredients: financial troubles and total control of a church’s financial activities….
Well, you can guess the rest.
I doubt that Oscar Wilde had church fraud in mind when he penned these words, but they do describe the nature of many embezzlers. Occasionally, the irresistible temptation to treat themselves to luxury items overrides a thief’s need to keep hidden. Ultimately, this inability to resist temptation brings unwanted attention to the culprits in the form of things like fancy cars and exotic travel. For example, several years ago a treasurer of a church organization was convicted and sentenced to five years in prison for embezzling more than two million dollars. Infuriated by what the judge termed a “spurious psychiatric defense”, the judge went on to describe the treasurer as a “common thief” who looted church funds “to live the life style of someone she was not”.
Employees suddenly and unexpectedly living beyond their means can be significant red flag. In fact, according to one report, this situation is the most prominent red flag, present in more than 43% of reported cases.
However, we do need to be careful with this red flag. An employee suddenly living above his means is not proof that fraud has taken place. Some people do have rich relatives who leave them money. (Just not in my family…)
Typically there are three ingredients that must be present in order for a fraud to take place. Commonly referred to as the “Fraud Triangle” these three ingredients are:
- Pressure – Forces playing upon individuals in positions of financial responsibility that would make them begin to contemplate doing something they otherwise would have never considered. Frequent types of pressures are unexpected medical costs, job termination or business reversals of a spouse, addictions and a need to “keep up with the Joneses”.
- Rationalization – The self-talk perpetrators engage in to convince themselves that what they are about to do (or are already doing) is ok. For example, the number one rationalization is “I’m not stealing; I will pay it all back.”
- Opportunity – The ability to take advantage of a church without getting caught. Sadly, the most common opportunity for fraud in the church environment is the situation where one bookkeeper has total responsibility for and access to the church’s accounting system.
Generally, a church business administrator has significant control over only one of the Triangle’s legs; Opportunity. Unfortunately, much of the influence of the other two legs, pressure and rationalization, are out of a church’s control; a church has very little influence on outside economic pressures its staff faces. And, a church has virtually no control over the thought processes of its employees and volunteers.
Key Point – But, there is one thing that can be done – A Church Business Administrator can (and should) become a keen observer of his or her staff and volunteers.
Every two years the Association of Fraud Examiners (ACFE) publishes its Report to the Nations. In this document, the ACFE summarizes data compiled from fraud incidents reported to it by member Certified Fraud Examiners. One interesting part of the 2010 report is “Behavioral Red Flags”. These red flags were compiled by victims of fraud, who on reflection recalled certain behavioral changes on the part of the fraudster. Unfortunately, if these red flags would have been noticed earlier, the frauds could have been curtailed at a much earlier stage.
In our next series of posts we will share a few of the most common red flags.
One of the most important measures your ministry can take to protect cash and YOU is implement segregation of duties, i.e. no single person should have control of the cash process.
Ensure that the function of counting contributions and receipts is segregated from the depositing, general ledger and reconciliation functions.
Accountability means that ALL cash is accounted for, properly documented, secured and traceable. When accountability is implemented properly, the ministry is able to answer the 4 W’s at any given time:
- Who has access to cash
- Why they have access to cash
- Where is cash at all times
- What has occurred from the transaction’s beginning to the end
The monthly bank reconciliation is the single most important control that ties everything together. It allows the ministry to ensure that all cash transactions are accounted for and properly recorded. Once the reconciliation is complete, it should also be reviewed by someone other than the preparer for accuracy, i.e. the business administrator, member of finance committee, your CPA etc.
As I was doing my routine search for fraud related news this morning, I stumbled upon this story:
In my search for fraud related news articles I have come across a wide range of scenarios, but majority had a common denominator; the church impacted by fraud either dissolved or struggled for survival in the aftermath.
Tithes, offerings and contributions are the bloodline of every church. The need to uphold the confidence amongst its members and general public is extremely important, not just because it is important for the continued existence of the ministry but also because it is our duty to be good stewards.
Most members and donors would curtail or completely disassociate themselves with a church if they have any reservations about the financial activities of that church. So performing annual fraud risk assessments at your church is not only vital for members’ confidence but also can be extremely effective in drawing additional members and contributions.
Remember, all it takes is one person with the motivation and opportunity to bring down your church.
Are you willing to take that risk?
To help you be proactive in protecting your church we have created FACT, which will identify any cracks in your system and help you prevent fraud.
Learn more at: http://pop.pskcpa.com/fact/ or give us a call at (817) 664-3000.
To successfully prevent becoming the victim of fraud, a church must assess its current condition, develop a fraud protection plan and implement the plan. But, it can’t stop there. Key: The church must live by the plan from that point forward. It must make a commitment to the future. The plan must be on-going. A few key elements in an on-going fraud prevention program:
- Establishment of a formal, written program for managing fraud risk.
- Assigning ownership of the task to an anti-fraud taskforce made up of key employees and officers.
- Educating staff and members of the risks of fraud.
- Periodically (annually is preferred) assessing the church’s systems in regard to fraud susceptibility.
- Implementing a periodic review of transactions (often referred to as internal audit).
Except in the rarest of cases, personnel costs are the single largest expenditure of a church. Because churches are in the “service industry”, it should come as no surprise that forty-five to fifty percent of the typical church budget will be dedicated to employee related costs.
This highlights a basic principle in the behavior of an embezzler. For obvious reasons, people committing fraud prefer to remain anonymous. In order to enjoy the fruits of their labor they must remain hidden. It is much easier to hide fraud among the bigger numbers – like payroll.
Key: As a result, personnel costs are a favorite target of fraudsters. Usually, fraud in this area is small-time with one employee falsifying their own time card or submitting phony expense reports. However, some payroll frauds can be quite extensive and creative. The more spectacular (and costly) may involve:
- “Phantom” employees
- Fraudulent insurance claims
- Bogus tax refunds.
These scams can easily run into the tens of thousands of dollars.
Churches should not be naïve about payroll fraud. Because churches are as vulnerable to personnel fraud as businesses, they should do two things.
- First, repeating the theme of a previous section, churches must follow the IRS compliance guidelines. This means designating an independent compensation committee to set compensation amounts, based on market comparison information, and documenting all decisions made. At a minimum, this process should be followed for executive level staff but is also a good practice to follow for the entire church staff.
- Second, churches should also follow a “best practices” approach in human resources administration. In addition to contributing to a healthy workforce these best practices also contribute to eliminating the possibility of fraud. A few of these practices are:
- Establishment of formal job descriptions
- Performing background checks
- Performing regular performance evaluations and obtaining written termination letters from departing employees.
There is a great difference in attitude in the church environment between receipts and disbursements. While churches exercise extreme vigilance over the “inflow” of funds into the church, many have a rather cavalier attitude towards the “outflow”.
Churches also tend to rely on a few “fraud prevention” methods which in my opinion provide little more protection than a security blanket. They may give a warm and fuzzy feeling, but are no help in a real crisis. The two I hear most often are the requirement of dual signatures for checks over a predetermined amount and the requirement that a check request form be filled out before anyone gets paid. It is not uncommon for these to be the only two “fraud prevention” controls exercised over cash disbursements. Churches that rely on methods this simple are unaware of two basic facts.
- First, dual signatures and homemade check requests are absolutely no match for an ethically challenged employee with the courage to forge.
- Second, and this may be the most surprising, many of the larger and more spectacular embezzlements involve tampering with the church’s cash outflow, not the inflow.
Key: While no system is foolproof (especially if collusion is involved) the best fraud prevention practice in regard to disbursements, is to segregate the bill paying tasks between as many people as possible. Some of the more important tasks to distribute are:
- Payment approval
- Receiving of goods
- Check preparation
- Check signing
- Bill mailing
- General ledger maintenance
Unfortunately, very few churches have enough employees to split all of these tasks up. So what can be done?
Just as with cash receipts, a good place to start is by holding another brain-storming session in which the church’s procurement processes are analyzed. Flow-charting is a very useful tool in this exercise. Then, to the best of the church’s capabilities, the tasks should be distributed among several employees and volunteers. But even after this process, most churches will have more tasks than people to give them to.
But, there are other steps that can be taken. Although they take place after-the-fact, these practices still provide strong measures of fraud prevention.
- First, someone outside the business office could be assigned the task of reconciling the bank account monthly. This could be another employee, the business administrator, or a competent volunteer. The reconciliation should not solely be a “balancing” of the checkbook but should also include a close inspection of the cancelled checks for endorsements and signatures and an analysis of outstanding items. Online banking and remote access has made this practice even more efficient and practical, as volunteers do not have to come to the church office to do the work.
- Another step is to perform an analysis of the church’s check register by exporting it to an electronic spreadsheet and sorting by vendor. It is surprising how quickly check writing “anomalies” can be detected using this procedure. This practice should also be performed periodically.
Although not foolproof or guaranteed to catch everything, these two practices serve a bigger purpose. Key: They are loud and clear advertising to any and all, that someone is looking. This will force a potential thief to at least stop and ask himself; “Do I feel lucky today?”