Part 3 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established a formal program for reporting fraudulent activities.
In its 2010 Report to the Nations, the Association of Certified Fraud Examiners revealed that 40% of fraud cases were initially detected by anonymous tips. Half of the tips came from employees. Approximately two-thirds of these cases were communicated through the entity’s fraud hotline. This data is not inconsistent with prior years’ findings. In fact, during one year a whopping 60% of detected fraud was discovered by the combination of tips and/or by accident! In our survey, we learned that 59% of the churches responded reported having no mechanism for employees, members, and vendors to report suspected improper behavior.
The use of anonymous hotlines, usually found on an entity’s website, has been quite successful in the corporate and government environments. However, this is a tough sell in the church environment as it seems distasteful to most people involved in church. And that includes me…
I have been (and remain) reluctant to recommend to my church clients taking such a step.
However, one solution I have seen, that may be a good middle-ground is to outsource this function. There are third parties who provide this service by making available a toll-free phone line and a web address. Because confidentiality is crucial, all reports go directly to the third party and bypass any nosy people along the way. As part of the church’s whistleblowers policy (which I hope your church has) a description of the third party providing these services and the processes to be followed should be included in the church personnel manual.
What do you think about this idea?
Part 2 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established a formal program for managing fraud risk.
Almost 63% of our respondents reported that they have not conducted a fraud risk assessment or implemented an ongoing formal church fraud prevention program. Unfortunately, my guess is that the national average is much higher. It is hard to pinpoint what might be the cause of this rather high percentage but two reasons are prominent:
- The workload of most church business administrators (CBA) has them stretched to the limit. There is barely time to get all of the routine tasks completed on a timely basis much less take on additional projects.
- When they do try to implement a church fraud risk program, many CBAs end up as the Lone Ranger. In many, if not most churches, fraud prevention is a very difficult proposition to sell. The biggest hurdle? The mistaken belief that “it can never happen here.”
It is not enough to simply be aware of the threat of fraud or go through the motions of fraud prevention. Ministries that don’t commit themselves to a strong fraud prevention and detection program will likely end up as victims.
A few key ingredients of a formal church fraud risk program include:
- Education of church employees, volunteers and members of the risks of fraud.
- Conducting an initial “brain storming” session whose purpose is to identify potential fraud portals.
- Assigning ownership of fraud prevention processes to key church leaders and employees.
- Implementing a periodic review of transactions.
- Periodic review and assessment of the church’s systems.
- Implementation of an anonymous whistleblower hotline. (More about this in a subsequent post)
According to the Association of Certified Fraud Examiners, the second most common red flag is financial difficulties of individuals involved in financial matters of an organization. The occurrence rate of 36% consists of reported frauds at all levels of the organizations victimized. However, if we look solely at frauds committed at the employee level (disregarding frauds committed by managers) the rate soars to almost 50% of all fraud cases.
This makes sense because employees receive lower compensation compared to the management level. When unexpected financial events occur, they are less likely to have a “rainy-day fund” set aside to get them through. This can lead to poor judgment in several areas, the first of which is usually excessive use of credit cards. When these individuals find it difficult to climb out of their debt problem and they might focus on other areas of relief, one of which is their employer’s money.
Once again, I must stress that the presence of these circumstances is proof of nothing, but organizations must keep in mind that personal financial difficulties are a common denominator in a great many fraud occurrences. But, how can a church leader address this possibility? Here are three thoughts.
- In addition to performing the normal background check, a church might consider performing annual credit checks on employees involved in the financial activity of the church. It is not too much of a stretch to say that if you hire someone with a poor credit history, you have hired their problems as well. Keep in mind, that credit checks generally require the employee’s permission
- Provide financial counseling for employees. This is another way to discover if any employees are struggling with finances. But it also helps the church relieve some of the pressure an employee may be experiencing by providing a way out of their dilemma.
- Finally, and most importantly, you must close down the opportunity of fraud. In most of the church fraud cases I have read, the most common characteristic is terrible segregation of duties. Often, one person is in charge of all of the church’s financial tasks. When you combine these two ingredients: financial troubles and total control of a church’s financial activities….
Well, you can guess the rest.
I doubt that Oscar Wilde had church fraud in mind when he penned these words, but they do describe the nature of many embezzlers. Occasionally, the irresistible temptation to treat themselves to luxury items overrides a thief’s need to keep hidden. Ultimately, this inability to resist temptation brings unwanted attention to the culprits in the form of things like fancy cars and exotic travel. For example, several years ago a treasurer of a church organization was convicted and sentenced to five years in prison for embezzling more than two million dollars. Infuriated by what the judge termed a “spurious psychiatric defense”, the judge went on to describe the treasurer as a “common thief” who looted church funds “to live the life style of someone she was not”.
Employees suddenly and unexpectedly living beyond their means can be significant red flag. In fact, according to one report, this situation is the most prominent red flag, present in more than 43% of reported cases.
However, we do need to be careful with this red flag. An employee suddenly living above his means is not proof that fraud has taken place. Some people do have rich relatives who leave them money. (Just not in my family…)
Typically there are three ingredients that must be present in order for a fraud to take place. Commonly referred to as the “Fraud Triangle” these three ingredients are:
- Pressure – Forces playing upon individuals in positions of financial responsibility that would make them begin to contemplate doing something they otherwise would have never considered. Frequent types of pressures are unexpected medical costs, job termination or business reversals of a spouse, addictions and a need to “keep up with the Joneses”.
- Rationalization – The self-talk perpetrators engage in to convince themselves that what they are about to do (or are already doing) is ok. For example, the number one rationalization is “I’m not stealing; I will pay it all back.”
- Opportunity – The ability to take advantage of a church without getting caught. Sadly, the most common opportunity for fraud in the church environment is the situation where one bookkeeper has total responsibility for and access to the church’s accounting system.
Generally, a church business administrator has significant control over only one of the Triangle’s legs; Opportunity. Unfortunately, much of the influence of the other two legs, pressure and rationalization, are out of a church’s control; a church has very little influence on outside economic pressures its staff faces. And, a church has virtually no control over the thought processes of its employees and volunteers.
Key Point – But, there is one thing that can be done – A Church Business Administrator can (and should) become a keen observer of his or her staff and volunteers.
Every two years the Association of Fraud Examiners (ACFE) publishes its Report to the Nations. In this document, the ACFE summarizes data compiled from fraud incidents reported to it by member Certified Fraud Examiners. One interesting part of the 2010 report is “Behavioral Red Flags”. These red flags were compiled by victims of fraud, who on reflection recalled certain behavioral changes on the part of the fraudster. Unfortunately, if these red flags would have been noticed earlier, the frauds could have been curtailed at a much earlier stage.
In our next series of posts we will share a few of the most common red flags.
One of the most important measures your ministry can take to protect cash and YOU is implement segregation of duties, i.e. no single person should have control of the cash process.
Ensure that the function of counting contributions and receipts is segregated from the depositing, general ledger and reconciliation functions.
Accountability means that ALL cash is accounted for, properly documented, secured and traceable. When accountability is implemented properly, the ministry is able to answer the 4 W’s at any given time:
- Who has access to cash
- Why they have access to cash
- Where is cash at all times
- What has occurred from the transaction’s beginning to the end
The monthly bank reconciliation is the single most important control that ties everything together. It allows the ministry to ensure that all cash transactions are accounted for and properly recorded. Once the reconciliation is complete, it should also be reviewed by someone other than the preparer for accuracy, i.e. the business administrator, member of finance committee, your CPA etc.
Except in the rarest of cases, personnel costs are the single largest expenditure of a church. Because churches are in the “service industry”, it should come as no surprise that forty-five to fifty percent of the typical church budget will be dedicated to employee related costs.
This highlights a basic principle in the behavior of an embezzler. For obvious reasons, people committing fraud prefer to remain anonymous. In order to enjoy the fruits of their labor they must remain hidden. It is much easier to hide fraud among the bigger numbers – like payroll.
Key: As a result, personnel costs are a favorite target of fraudsters. Usually, fraud in this area is small-time with one employee falsifying their own time card or submitting phony expense reports. However, some payroll frauds can be quite extensive and creative. The more spectacular (and costly) may involve:
- “Phantom” employees
- Fraudulent insurance claims
- Bogus tax refunds.
These scams can easily run into the tens of thousands of dollars.
Churches should not be naïve about payroll fraud. Because churches are as vulnerable to personnel fraud as businesses, they should do two things.
- First, repeating the theme of a previous section, churches must follow the IRS compliance guidelines. This means designating an independent compensation committee to set compensation amounts, based on market comparison information, and documenting all decisions made. At a minimum, this process should be followed for executive level staff but is also a good practice to follow for the entire church staff.
- Second, churches should also follow a “best practices” approach in human resources administration. In addition to contributing to a healthy workforce these best practices also contribute to eliminating the possibility of fraud. A few of these practices are:
- Establishment of formal job descriptions
- Performing background checks
- Performing regular performance evaluations and obtaining written termination letters from departing employees.
There is a great difference in attitude in the church environment between receipts and disbursements. While churches exercise extreme vigilance over the “inflow” of funds into the church, many have a rather cavalier attitude towards the “outflow”.
Churches also tend to rely on a few “fraud prevention” methods which in my opinion provide little more protection than a security blanket. They may give a warm and fuzzy feeling, but are no help in a real crisis. The two I hear most often are the requirement of dual signatures for checks over a predetermined amount and the requirement that a check request form be filled out before anyone gets paid. It is not uncommon for these to be the only two “fraud prevention” controls exercised over cash disbursements. Churches that rely on methods this simple are unaware of two basic facts.
- First, dual signatures and homemade check requests are absolutely no match for an ethically challenged employee with the courage to forge.
- Second, and this may be the most surprising, many of the larger and more spectacular embezzlements involve tampering with the church’s cash outflow, not the inflow.
Key: While no system is foolproof (especially if collusion is involved) the best fraud prevention practice in regard to disbursements, is to segregate the bill paying tasks between as many people as possible. Some of the more important tasks to distribute are:
- Payment approval
- Receiving of goods
- Check preparation
- Check signing
- Bill mailing
- General ledger maintenance
Unfortunately, very few churches have enough employees to split all of these tasks up. So what can be done?
Just as with cash receipts, a good place to start is by holding another brain-storming session in which the church’s procurement processes are analyzed. Flow-charting is a very useful tool in this exercise. Then, to the best of the church’s capabilities, the tasks should be distributed among several employees and volunteers. But even after this process, most churches will have more tasks than people to give them to.
But, there are other steps that can be taken. Although they take place after-the-fact, these practices still provide strong measures of fraud prevention.
- First, someone outside the business office could be assigned the task of reconciling the bank account monthly. This could be another employee, the business administrator, or a competent volunteer. The reconciliation should not solely be a “balancing” of the checkbook but should also include a close inspection of the cancelled checks for endorsements and signatures and an analysis of outstanding items. Online banking and remote access has made this practice even more efficient and practical, as volunteers do not have to come to the church office to do the work.
- Another step is to perform an analysis of the church’s check register by exporting it to an electronic spreadsheet and sorting by vendor. It is surprising how quickly check writing “anomalies” can be detected using this procedure. This practice should also be performed periodically.
Although not foolproof or guaranteed to catch everything, these two practices serve a bigger purpose. Key: They are loud and clear advertising to any and all, that someone is looking. This will force a potential thief to at least stop and ask himself; “Do I feel lucky today?”
Any discussion of church tithes and offerings practices usually includes both a pat on the back and a criticism. First, in regard to the normal Sunday offerings I can say to most churches, “Way to go!” In fact, when I ask a client if they have taken any fraud prevention steps, the first thing usually mentioned is how much the church has done to protect the offering plate. Seldom do I encounter a church that does not have multi-member count teams, rotating terms of service, locking bank bags, dual-access safes and in an increasing number, the use of an armored car service. I would venture an educated guess that the majority of churches have more than adequate controls over Sunday receipts. For some, Fort Knox would be an easier target.
But in regard to the rest of the money, the funds that come in during the rest of the week, I often have to say, “What were you thinking?” While being diligent to a fault on Sunday morning, almost anything and everything goes the rest of the week. Here are two in my hall of fame:
- Offerings, fees and other receipts arriving in the mail or dropped off by members are simply dumped on the financial secretary’s desk. I have entered offices with large piles of unguarded cash on the accountant’s desk more times than I can remember.
- Special events funds sometimes are “managed” by a volunteer. The funds are kept off campus and are not turned over to the business office until the event is over. No accounting or reconciliation of goods sold is required.
Needless to say, some of our more interesting and sometimes humorous fraud stories occur in these two areas.
However, this is no laughing matter, because a significant “event” could cause irreparable damage. That being the case, definite steps should be taken.
- First, a brainstorming session could be held, the purpose of which is to determine all sources of income.
- Once identified, all sources should be included in the church’s normal collection policies and procedures. For example,
- For weekday drop-offs and mail-ins, a lock box could be kept in the church’s safe in which all of these receipts would be placed unopened.
- A separate log or register should be maintained to keep a record that the amounts were received.
- On Sunday, the box could then be opened and counted by the teller team on duty.
Churches tend to have only one motivation for staying in compliance with the tax laws. And that is staying out of trouble. Churches practice compliance with the Internal Revenue Code primarily to avoid unnecessary penalties and interest, protect their tax-exempt status and stay out of the news.
The prevailing attitude is “We do these things because we have to; the government is making us.” Most church’s see no benefit in compliance other than staying in the government’s good graces. The resulting tendency is many do just enough to get by. But, by having this attitude they are missing another very good reason why compliance is helpful. Key: Being serious about government compliance also provides another level of fraud resistance.
Knowing where many of these laws came from makes the same point. Our governments aren’t really very proactive. Contrary to popular opinion, they don’t dream up rules and laws just to be belligerent, they are more reactionary. Many of the rules churches must comply with were implemented in reaction to some type of bad practices or abuse of existing regulations. A very good example is the charitable contribution substantiation rules. One of the reasons for their coming into existence was the tendency of some people to deduct tuition payments to the church school as contributions. Also, “accountable reimbursement plans” are the result of abusive employee business expense deductions during the 1980s. Although it may come off sounding harsh, the fact is both of these practices, mischaracterizing payments as contributions and inflating expense reports, are forms of fraud the government wishes to eliminate.
The purpose of strong IRS compliance is not simply to stay out of trouble. Key: Doing what the government asks will also close down some favorite targets of individuals committed to stealing from the church.
A fraud resistant church should take steps to be in compliance with IRS regulations regarding:
- Ministerial taxation
- Personnel benefits
- Business expense reimbursements
- Credit card use
- Contribution substantiation.