Our Fraud Awareness in the Church series continues as we look at Individual Payments: Contractors and Benevolence. We asked churches to respond to these statements:
“Before paying an individual as an independent contractor, our church applies IRS compliant tests to determine if the payee qualifies as an independent contractor.”
“Our church has written a policy to direct benevolence payment activity.”
With two notable exceptions, tax-exempt organizations are not to transfer assets or make payments to individuals. The two exceptions are Contractor payments — reasonable compensation for services provided the organization, and Benevolence payments — to individuals who are the target of the organization’s exempt purpose (rent assistance, etc.). Outside of these two exceptions, all other payments are looked upon with a degree of skepticism by the IRS.
Survey Results: Surprisingly, 40% of the respondents do not go through a formal employee vs. contractor test.
Key: Embezzlers tend to shy away from reporting their theft to the Government. If ALL payments to contractors are screened and a 1099 prepared, a fraud loophole is closed.
Another area particularly vulnerable to fraud is benevolence. Again, 40% of the churches do not operate under a written benevolence policy.
Key: Benevolence funds are one of the few accounts where payments to individuals are not suspicious. (Fraudsters are very aware of this fact.)
Double Key: Part of the benevolence policy should be to NEVER give funds directly to the people being helped. Make payments directly to 3rd parties. (Utility company, landlord ,etc.)
Our Fraud Awareness in the Church series continues as we look at Information Technology Security. We asked churches to respond to these statements:
“Our church has a formal information technology security plan.”
“Our church financial secretary or accountant/bookkeeper has access to all modules of the church’s software system.”
Churches struggle to keep up with the challenges of the rapid change in information technology. Even when they want to address the issues in the two questions above, the workload crush of most churches makes it very difficult to stop the train long enough to develop a good IT plan. This is clearly (to me) reflected in the:
Survey Results: Only 50% of the participants have implemented a formal information technology security plan.
In another indicator of the impact workload pressure has on fraud protection, a whopping 80% of the churches surveyed confessed that their accountant/bookkeeper had access to ALL of their church’s software applications.
In the vast majority of churches this large degree of “trust” is placed in the hands of very good people and a problem never arises. But if, just once, a church employs an individual given to theft and gives him or her this much access…trouble is probably just around the corner.
In PSK’s Faith Based Accounting Blog I posted an article titled “Taking IT for Granted”, where I addressed this issue. The following are a few questions each church should ask itself when developing strong IT controls:
- Does our church have a formal Information Technology security plan?
- Do any individuals at our church have access to all modules of the church’s software system?
- Does our church partition its computer applications so that employees and volunteers have access only to files necessary to perform their duties?
- Does computer access require passwords that are confidential and unique?
- Are our passwords changed periodically?
- Are passwords complex including alpha, numeric and case sensitive characters?
- Do we have backup procedures that are performed regularly that include off-campus storage?
- Do we have measures in place to protect the church from malware?
- Do we train our employees to avoid accepting email from unknown locations?
- Do we have a download policy?
- Do we maintain separate public and private wireless networks?
Our Fraud Awareness in the Church series continues as we look at Payroll Fraud and Phantom Employees. We asked churches to respond to these statements:
“Someone not involved in the payroll preparation process distributes paychecks or direct deposit stubs.”
“We review direct deposit account information for duplicate accounts.”
Survey Results – Very few churches do any kind of employee verification once the employee has been hired. According to our survey only 25% of the churches engage in any form of paycheck verification (check stubs in the case of direct deposit). A little higher percentage, particularly among NACBA members, perform periodic reviews of direct deposit data (Social Security numbers, addresses, duplicate accounts, names of relatives, etc.)
KEY: To avoid phantom employees and payroll fraud, a church must KNOW who their employees are.
The term “phantom employee” refers to situations like this:
An employee is terminated but a supervisor continues to submit hours so that the “employee” continues to receive a check for months, sometimes years, after the employee left. The supervisor either colludes with the phantom in order to have the check endorsed and cashed or resorts to forgery.
A payroll clerk creates fictitious employees. These often are friends and relatives and once again, the fraudster will collude or forge.
I suspect the compliance is low regarding these questions because most “church” employees are easy to identify due to the relatively small staff size of most churches (25 to 50) and turnover is relatively low. HOWEVER, this is not the case with satellite operations such as a daycare program. Many, if not most, daycare programs are staffed by low paid, low hour, often temporary employees. Almost by definition, the turnover rate of a daycare program will be volatile compared to the parent organization, the church. With so many people coming and going, it is almost impossible to know each and every employee – an ideal place to breed “phantom employees.”
Our Fraud Awareness in the Church series continues as we look at Payroll Fraud. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent of fraud awareness in the church environment. We asked churches to respond to this statement:
“Each quarter we reconcile the total payroll amounts on the quarterly payroll reports (941s) to the total payroll amounts recorded in the payroll journal and general ledger.”
Survey Results – 75% of the churches reported performing this task.
I was surprised by the strength of these numbers. In my experience, reconciling the quarterly 941 total wages with the salaries and wages reported in the church general ledger did not seem to be a common practice. As a matter of fact, many times when our auditors would attempt to do this, the chore was almost impossible.
Why? Because churches usually have a multitude of salary/wage general ledger accounts. AND other expense items remotely connected to personnel issues are often “dumped” into the payroll line items. I repeat, reconciling payroll is one of auditors’ most difficult tasks. Which makes my point.
KEY: Fraudsters prefer to hide in the tall weeds. (Big numbers)
Thieves try to hide their deeds in the big numbers, or accounts that have a great deal of activity. The reason is simple: their actions will not stand out there. The biggest of the big numbers for a church is PAYROLL.
KEY: You must know what is going on in your payroll accounts to avoid payroll fraud!
Part 8 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church reconciles payroll quarterly reports with the payroll journals and general ledger.
Almost 25% of our respondents do not perform this relatively simple task. I can show you plenty of news reports of churches who wish they had! Occasionally, I need to point out the obvious; thieves do not like to get caught! To remain successful at this, they have to hide in the tall weeds. This means they are going to target the big numbers in a church’s financial statements. And the biggest of the big numbers is payroll cost.
Typically, payroll makes up 50% of a church’s operating budget.
For example, if a church has a one million dollar budget, a thief can easily find cover among $500K of tall weeds!
To avoid being the victim, churches should take care to:
- Know who their employees are
- Know how much their employees are paid
- Periodically review activity in the payroll general ledger accounts
- Compare payroll reports with budget totals.
Except in the rarest of cases, personnel costs are the single largest expenditure of a church. Because churches are in the “service industry”, it should come as no surprise that forty-five to fifty percent of the typical church budget will be dedicated to employee related costs.
This highlights a basic principle in the behavior of an embezzler. For obvious reasons, people committing fraud prefer to remain anonymous. In order to enjoy the fruits of their labor they must remain hidden. It is much easier to hide fraud among the bigger numbers – like payroll.
Key: As a result, personnel costs are a favorite target of fraudsters. Usually, fraud in this area is small-time with one employee falsifying their own time card or submitting phony expense reports. However, some payroll frauds can be quite extensive and creative. The more spectacular (and costly) may involve:
- “Phantom” employees
- Fraudulent insurance claims
- Bogus tax refunds.
These scams can easily run into the tens of thousands of dollars.
Churches should not be naïve about payroll fraud. Because churches are as vulnerable to personnel fraud as businesses, they should do two things.
- First, repeating the theme of a previous section, churches must follow the IRS compliance guidelines. This means designating an independent compensation committee to set compensation amounts, based on market comparison information, and documenting all decisions made. At a minimum, this process should be followed for executive level staff but is also a good practice to follow for the entire church staff.
- Second, churches should also follow a “best practices” approach in human resources administration. In addition to contributing to a healthy workforce these best practices also contribute to eliminating the possibility of fraud. A few of these practices are:
- Establishment of formal job descriptions
- Performing background checks
- Performing regular performance evaluations and obtaining written termination letters from departing employees.
“We have rotating count teams with clear rules that account for every penny we collect in offerings…”
While this statement is not inaccurate, it is short-sighted. When churches think of fraud, Sunday offering protection is usually the first thing that comes to mind. And as a result, most churches do a very good job in protecting Sunday receipts. In fact, Fort Knox may be an easier target than some churches I have visited who have ratcheted down tightly their Sunday collection procedures!
But, if this is all a church does in protecting itself from fraud, they are at risk. There are at least two significant reasons:
First, Sunday offerings are not the only time cash comes into the church. Many churches with air-tight security over Sunday collections completely ignore what happens from Monday through Saturday. And in many churches, the amounts can be substantial, including day care fees, special event fees such as banquets and conferences, food sales, book sales, fund raising revenues, etc., etc., etc. Also, tithes and offerings that are dropped off during the week often circumvent the entire teller process and instead land directly on the bookkeeper’s desk.
Second, cash inflow is not the only place where embezzlement takes place. In fact, a case can be made that the larger cases do not involve the cash inflow processes, but the outflow. The Association of Certified Fraud Examiners backs this assertion with statistics showing that while skimming (taking money before it is recorded) makes up 20% of reported fraud cases; check tampering is even more prevalent, making up 25% of the cases. In addition, fraudulent expense reports and payroll scams chip in another 29% for good measure.
So, churches with tight controls over Sunday cash receipts should be commended for their efforts, but also reminded that effective fraud prevention includes extending this vigilance to the other means of inflow, and the outflow side as well.
If you’d like to hear more about our Best Practices Review or one of the many other services we provide, please contact us at (817)664-3000 or email us using our contact form.
“Our bookkeeper has been a member and served our church for many years. We trust him/her completely…”
Church’s Secretary accused of embezzling $1.5 million
Former pastor guilty of stealing from church
Church’s former secretary jailed on fraud charges
Priests get jail for stealing from church
Church secretary accused of stealing thousands
Woman accused of stealing from church
Baptist church secretary was arrested and charged with 17 counts of credit-card fraud…
Church financial secretary steals $216,000—asks for forgiveness
Church secretary admits to stealing $274,000 from congregation
These are all actual headlines from articles about church theft. I think we’d all agree…this is NOT the publicity that anyone wants, particularly a church. In most of the church embezzlement cases I have read about, the crime is not perpetrated by a thief who has sought out a soft target. More often churches are embezzled from by a long-time, dedicated and trusted employee who has been given total access to the church’s financial operations. In short, it is usually not bad people who steal from churches. Rather, church embezzlement is committed by good people who find themselves (or their close relatives) in bad situations.
Churches victimized in this way have often not taken into account the first leg of the “fraud triangle” – Pressure. (Rationalization and opportunity are the other two.) Pressure can be defined as any outside force or set of circumstances that creates a need for cash. Pressure comes in many forms, including large unexpected medical costs, business reversals, and in far too many cases, addictions. When faced with these issues, many people of otherwise unquestioned integrity are tempted to “borrow” from their employer to alleviate the pressure.
Churches have limited control over the pressures their employees and volunteers face. However, they have almost total control over one leg of the triangle – OPPORTUNITY. By establishing strong financial controls and processes churches can go a long way in removing temptation from its employees.
If you’d like to hear more about our Internal Control Assessments or one of the many other services we provide, please contact us at (817)664-3000 or email us using our contact form.
