This Florida church is accused of “mishandling” donor’s contributions– two million dollars worth! Read the article here. This is a sobering reminder that, just because an organization is a Church does not mean that it is not made up of sinful people who are prone to temptation and failure. In light of this, what can your Church do to prevent a similar situation? Certain procedures can be implemented to both lessen temptation for your Church’s employees and protect the name of Christ. As always, we’re here to help…
Sourced from CBS channel 12 Florida
How does one get away with stealing $1.5 million? This Organization’s Financial Officer stole over a period of seven years. Obviously, adequate controls were lacking at some level in this organization. Read the full story here. Is your church or non-profit in need of a check up on internal controls? Let us help you evaluate and improve your organization’s internal controls.
Sourced from Dominion-Post news
Who would ever think that an elderly Church Secretary would steal from her Church? A simple routine review of the bank statement and reconciliation by an independent party may have prevented this church in east Tennessee from losing $1.5 million. You may read more here.
An Indianapolis pastor admitted to misusing $500k loaned to local Church for a building project that was never built.
See original story here.
Story obtained from News 6 – The Indy Channel.
Any discussion of church tithes and offerings practices usually includes both a pat on the back and a criticism. First, in regard to the normal Sunday offerings I can say to most churches, “Way to go!” In fact, when I ask a client if they have taken any fraud prevention steps, the first thing usually mentioned is how much the church has done to protect the offering plate. Seldom do I encounter a church that does not have multi-member count teams, rotating terms of service, locking bank bags, dual-access safes and in an increasing number, the use of an armored car service. I would venture an educated guess that the majority of churches have more than adequate controls over Sunday receipts. For some, Fort Knox would be an easier target.
But in regard to the rest of the money, the funds that come in during the rest of the week, I often have to say, “What were you thinking?” While being diligent to a fault on Sunday morning, almost anything and everything goes the rest of the week. Here are two in my hall of fame:
- Offerings, fees and other receipts arriving in the mail or dropped off by members are simply dumped on the financial secretary’s desk. I have entered offices with large piles of unguarded cash on the accountant’s desk more times than I can remember.
- Special events funds sometimes are “managed” by a volunteer. The funds are kept off campus and are not turned over to the business office until the event is over. No accounting or reconciliation of goods sold is required.
Needless to say, some of our more interesting and sometimes humorous fraud stories occur in these two areas.
However, this is no laughing matter, because a significant “event” could cause irreparable damage. That being the case, definite steps should be taken.
- First, a brainstorming session could be held, the purpose of which is to determine all sources of income.
- Once identified, all sources should be included in the church’s normal collection policies and procedures. For example,
- For weekday drop-offs and mail-ins, a lock box could be kept in the church’s safe in which all of these receipts would be placed unopened.
- A separate log or register should be maintained to keep a record that the amounts were received.
- On Sunday, the box could then be opened and counted by the teller team on duty.
Another practice of many churches plays right into one of a fraudster’s strengths, the ability to withhold information. Perhaps in an attempt to avoid interminably long finance committee meetings brought on by micro-managing members, or more likely, fearful that the messenger is going be killed, some church administrators tend to hold back on the financial facts. Key: Failure to present full-disclosure financial statements is the most common way of holding back information.
Instead of traditional financial statements, a church may elect to present summary information in an attempt to control the facts. Making matters worse, they may also use electronic spreadsheets to do the work. Although spreadsheets are very powerful and useful, they have one major flaw: the preparer is in total control over what goes into the report. There are no balancing requirements as with a normal set of financial statements based on a double-entry accounting system. Some crooks have one word to describe this situation. Disneyland!
Financial statements are simply another form of communication used to convey the financial situation of the church. Their goal, in the church environment, is to answer a few basic questions:
- How much cash do we have on hand?
- Is any of it restricted?
- What kind of assets do we own?
- Who and how much do we owe?
- How did we do this year?
- Did we stay within budget?
Key: To answer all of these questions adequately, a church must present a full set of financial statements. This includes at a minimum, both a balance sheet and an income statement. (These are business terms; the corresponding non-profit titles are statement of financial position and statement of activities, respectively.) In addition, if a church has a high volume of restricted activity, a separate schedule of restricted gift activity should also be presented.
Not only does “summary reporting” result in an uninformed church. It can also result in a victimized church. A church with a history of being satisfied with summary reports combined with poor personnel decision-making may end up with an embezzler having the best of both worlds; being able to take what he wants from the church and covering up the evidence with his own reporting system.
Until the 1960s, perhaps into the 1970s, churches were rather slow to pick up on new ideas, particularly in regard to technology. (If you have a hard time believing this, think back to the first time someone wanted to bring an electric guitar into your sanctuary!) But that is no longer the case, especially when it comes to information technology.
Churches have embraced the digital world and are becoming very proficient in the use of computers. A vast array of applications has been made available to the church including sophisticated financial accounting and reporting, childcare security, online purchasing, online tithing, phone trees and coffee bars with free wireless internet. Without a doubt, churches have become technologically savvy.
Unfortunately, there is a vast array of other things that most churches aren’t so savvy about: the numerous new portals computers provide through which fraudsters can gain entry into the church. Key: Computer and online crime is drastically changing the face of fraud prevention.
To stay abreast of the rapid change in technology and the risks this change brings churches should ask themselves the following questions on a regular basis:
- Does our church have a formal Information Technology security plan?
- Do any individuals at our church have access to all modules of the church’s software system?
- Does our church partition its computer applications so that employees and volunteers have access only to files necessary to perform their duties?
- Does computer access require passwords that are confidential and unique?
- Are our passwords changed periodically?
- Are passwords complex including alpha, numeric and case sensitive characters?
- Do we have backup procedures that are performed regularly that include off-campus storage?
- Do we have measures in place to protect the church from malware?
- Do we train our employees to avoid accepting email from unknown locations?
- Do we have a download policy?
- Do we maintain separate public and private wireless networks?
Establishing an organizational structure is the first step in combating fraud, however it is not enough. Key: In order to stay within reasonable boundaries, churches must take the time to carefully document their management structure and practices. Churches that fail to do this do so at great risk.
A written organizational plan serves several purposes.
- First, it serves as a compass providing direction for the church as it navigates through difficult decisions.
- Similarly, the organizational documents serve as a map, helping the church chart courses of action of a more long-range nature.
- Finally and directly related to fraud prevention, documentation serves as an anchor, keeping the church from drifting into dangerous waters.
For this discussion, I have grouped documentation into three categories.
- Corporate records of the church are the first consideration. All churches should have in place a practice of insuring that their articles of incorporation, by-laws and/or constitution are up-to-date and in compliance with federal, state, and local law. This is best accomplished by engaging legal counsel familiar with church and exempt organization law to perform periodic reviews of the corporate documents.
- An accounting and management policy and procedure manual is a must in the battle against fraud. Fraudsters do not like consistency because it forms a base-line upon which to make quick and simple comparisons. Having a central document, such as an accounting and management policy manual, provides a proper back drop for church operations. Without creating a massive “code of regulation” the policy should be comprehensive. At a minimum, typical topics included should be organizational structure, budget development, cash receipts and disbursement procedures, financial reporting and personnel administration.
Documents specifically aimed to reduce fraud should also be included in a church’s policy and procedure portfolio. Written policies should be created that address conflicts of interest, business expense reimbursements to employees and volunteers, credit card use, benevolence, and building and property use.
Let me be blunt. The fact that a church has never had an incident of fraud is due to one of two things: luck or planning. Needless to say, the odds of successfully avoiding fraud are much higher with the latter approach. If a church has been relying on the first approach and has never had an incident, it should be congratulated for its good fortune. But, the church should also be reminded that its good fortune rests on the fact that either the crooks have not made it to their church yet, or they just haven’t been caught. In time, one or both of these things will probably occur.
To increase the chances of avoiding fraud, the best practice is to plan and organize. This is accomplished by implementing a strong organizational structure within the church.
Key: Evidence points to the fact that churches with little or no organizational structure are frequent targets of fraud. The reason is rather obvious; many fraudsters are much better students of management theory than the average church. They can spot an “easy mark” a mile away. Crooks can also spot a well-defended church and will avoid it. Greener pastures are very easy to find because well protected churches are significantly outnumbered by poorly managed congregations. A crook-resistant church usually develops a strong organization in three areas.
- Tone at the top is the key to a church’s entire fraud prevention structure. If integrity is missing at the top levels of management, all other controls will prove to be pointless. Every church needs to have senior level staff that respects and understands the need for accountability. Good leaders may not care much for expense reports and purchase orders, like most of us, but they do understand their necessity. It is crucial that leaders comply without visible complaint to those around them. Junior staff will follow their leaders and the direction they are led is of extreme importance.
- An empowered leadership team is another essential ingredient, without which transparency is not possible. When making a point about the need for openness and transparency, Supreme Court Justice William Brandeis is credited with saying “Sunlight is the greatest disinfectant”. One of the ways churches operate in the sunlight is by appointing a formally designated leadership team to guide it. (Titles vary from church to church: deacons, elders, directors, leadership team, etc.) Members of the team must be adequately trained to understand the requirements and responsibilities of their jobs and allowed to ask difficult and uncomfortable questions.
- Competent volunteers are essential to the church, the greatest volunteer organization in the history of the world. But, volunteers should be given sufficient orientation and training in order to understand their roles. Also, a church should not just let anyone be a volunteer. Volunteers need to be checked out. Unfortunately, many volunteers have ulterior motives behind their willingness to help out.
“We’re ok. We performed a fraud risk assessment two years ago…”
First, this church should be commended because very few churches ever get around to assessing its susceptibility to fraud. But, determining exposure to fraud at one period in time is not sufficient. Fraud protection is not a one-time event. It is an ongoing process.
There are a few disturbing facts hidden within this statement:
First, fraud protection is not really a priority of this church’s management. This church was able to put off any effective fraud prevention for two years; obviously other things seem to be more important.
Second, even though this church conducted an assessment they are not using it. The purpose of a fraud risk assessment is not simply to gain information about how the church stands. It is to take the knowledge gained and apply it on a daily basis to the operations of the church. Kind of similar to Bible study isn’t it?
Third, things change. What worked two years ago may be completely obsolete now. The crooks are hard at work trying to figure out ways to take your money.
You should be at work too!
Interested in an objective Fraud Risk Assessment to complement your independent audit? Contact us today about scheduling one of our many Best Practice Engagements at at (817)664-3000 or email us using our contact form.
