Our Fraud Awareness in the Church series continues as we look at Individual Payments: Contractors and Benevolence. We asked churches to respond to these statements:
“Before paying an individual as an independent contractor, our church applies IRS compliant tests to determine if the payee qualifies as an independent contractor.”
“Our church has written a policy to direct benevolence payment activity.”
With two notable exceptions, tax-exempt organizations are not to transfer assets or make payments to individuals. The two exceptions are Contractor payments — reasonable compensation for services provided the organization, and Benevolence payments — to individuals who are the target of the organization’s exempt purpose (rent assistance, etc.). Outside of these two exceptions, all other payments are looked upon with a degree of skepticism by the IRS.
Survey Results: Surprisingly, 40% of the respondents do not go through a formal employee vs. contractor test.
Key: Embezzlers tend to shy away from reporting their theft to the Government. If ALL payments to contractors are screened and a 1099 prepared, a fraud loophole is closed.
Another area particularly vulnerable to fraud is benevolence. Again, 40% of the churches do not operate under a written benevolence policy.
Key: Benevolence funds are one of the few accounts where payments to individuals are not suspicious. (Fraudsters are very aware of this fact.)
Double Key: Part of the benevolence policy should be to NEVER give funds directly to the people being helped. Make payments directly to 3rd parties. (Utility company, landlord ,etc.)
Our Fraud Awareness in the Church series continues as we look at Information Technology Security. We asked churches to respond to these statements:
“Our church has a formal information technology security plan.”
“Our church financial secretary or accountant/bookkeeper has access to all modules of the church’s software system.”
Churches struggle to keep up with the challenges of the rapid change in information technology. Even when they want to address the issues in the two questions above, the workload crush of most churches makes it very difficult to stop the train long enough to develop a good IT plan. This is clearly (to me) reflected in the:
Survey Results: Only 50% of the participants have implemented a formal information technology security plan.
In another indicator of the impact workload pressure has on fraud protection, a whopping 80% of the churches surveyed confessed that their accountant/bookkeeper had access to ALL of their church’s software applications.
In the vast majority of churches this large degree of “trust” is placed in the hands of very good people and a problem never arises. But if, just once, a church employs an individual given to theft and gives him or her this much access…trouble is probably just around the corner.
In PSK’s Faith Based Accounting Blog I posted an article titled “Taking IT for Granted”, where I addressed this issue. The following are a few questions each church should ask itself when developing strong IT controls:
- Does our church have a formal Information Technology security plan?
- Do any individuals at our church have access to all modules of the church’s software system?
- Does our church partition its computer applications so that employees and volunteers have access only to files necessary to perform their duties?
- Does computer access require passwords that are confidential and unique?
- Are our passwords changed periodically?
- Are passwords complex including alpha, numeric and case sensitive characters?
- Do we have backup procedures that are performed regularly that include off-campus storage?
- Do we have measures in place to protect the church from malware?
- Do we train our employees to avoid accepting email from unknown locations?
- Do we have a download policy?
- Do we maintain separate public and private wireless networks?
Our Fraud Awareness in the Church series continues as we look at Payroll Fraud and Phantom Employees. We asked churches to respond to these statements:
“Someone not involved in the payroll preparation process distributes paychecks or direct deposit stubs.”
“We review direct deposit account information for duplicate accounts.”
Survey Results – Very few churches do any kind of employee verification once the employee has been hired. According to our survey only 25% of the churches engage in any form of paycheck verification (check stubs in the case of direct deposit). A little higher percentage, particularly among NACBA members, perform periodic reviews of direct deposit data (Social Security numbers, addresses, duplicate accounts, names of relatives, etc.)
KEY: To avoid phantom employees and payroll fraud, a church must KNOW who their employees are.
The term “phantom employee” refers to situations like this:
An employee is terminated but a supervisor continues to submit hours so that the “employee” continues to receive a check for months, sometimes years, after the employee left. The supervisor either colludes with the phantom in order to have the check endorsed and cashed or resorts to forgery.
A payroll clerk creates fictitious employees. These often are friends and relatives and once again, the fraudster will collude or forge.
I suspect the compliance is low regarding these questions because most “church” employees are easy to identify due to the relatively small staff size of most churches (25 to 50) and turnover is relatively low. HOWEVER, this is not the case with satellite operations such as a daycare program. Many, if not most, daycare programs are staffed by low paid, low hour, often temporary employees. Almost by definition, the turnover rate of a daycare program will be volatile compared to the parent organization, the church. With so many people coming and going, it is almost impossible to know each and every employee – an ideal place to breed “phantom employees.”
Our Fraud Awareness in the Church series continues as we look at Payroll Fraud. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent of fraud awareness in the church environment. We asked churches to respond to this statement:
“Each quarter we reconcile the total payroll amounts on the quarterly payroll reports (941s) to the total payroll amounts recorded in the payroll journal and general ledger.”
Survey Results – 75% of the churches reported performing this task.
I was surprised by the strength of these numbers. In my experience, reconciling the quarterly 941 total wages with the salaries and wages reported in the church general ledger did not seem to be a common practice. As a matter of fact, many times when our auditors would attempt to do this, the chore was almost impossible.
Why? Because churches usually have a multitude of salary/wage general ledger accounts. AND other expense items remotely connected to personnel issues are often “dumped” into the payroll line items. I repeat, reconciling payroll is one of auditors’ most difficult tasks. Which makes my point.
KEY: Fraudsters prefer to hide in the tall weeds. (Big numbers)
Thieves try to hide their deeds in the big numbers, or accounts that have a great deal of activity. The reason is simple: their actions will not stand out there. The biggest of the big numbers for a church is PAYROLL.
KEY: You must know what is going on in your payroll accounts to avoid payroll fraud!
Part 5 of our series on Cash Disbursements. In our recent Fraud Survey, we asked churches to respond to these statements:
“Our church issues credit cards (in the church’s name) to employees and/or volunteers.”
“Our church has implemented a written credit card policy to control credit card purchases.”
Survey Results – The first question had the largest variance between all respondents (58%) and respondents active in the NACBA (43%). My assumption is that because NACBA members, through local chapter meetings, certification training, and the national conference, have heard plenty of the horror stories about credit cards “gone wild”.
It remains a mystery to me why churches handle credit cards in this manner (i.e. giving cards to ministers in the church’s name). It is definitely not the practice in the business world. Even if a corporation does issue corporate cards, the employee’s name is on the account too. The employee pays the bill after being reimbursed under an accountable plan. But if no backup is produced, or a personal expense is incurred, the employee pays the bill.
My worry that so many churches issue credit cards is somewhat alleviated by the results of the second question: Of the churches that hand out credit cards, almost three fourths have a written credit card policy in place.
KEY: A word of warning. The worst fraud investigation of my career was in the 7 figure range. 75% of the theft was accomplished with church issued credit cards.
Part 3 of our series on Cash Disbursements. In our recent Fraud Survey, we asked churches to respond to this statement:
“Our church has established an “approved vendor” list. All payments for goods or services are made only to vendors on the list.”
Survey Results – Only 20% of the churches surveyed reported using an approved vendor list.
The low compliance rate of this question was a big surprise to me. The surprise was that so few churches have a formal process for determining who they choose to do business with.
In a previous post we discussed collusion. One of the methods of theft, resulting in some of the largest dollar losses, is vendor fraud. Vendor fraud often occurs when a purchasing agent within an organization COLLUDES with a corrupt vendor outside of the organization.
What makes this type of fraud especially effective (from the fraudster’s point of view) is that it is extremely difficult to detect, by both the church and its auditors.
KEY: Fraud prevention includes KNOWING who you are doing business with.
Having a vendor application, approval and acceptance process helps the church apply this key.
Part 2 of our series on Cash Disbursements. In our recent Fraud Survey, we asked churches to respond to this statement:
“Our church uses pre-printed, pre-numbered purchase orders or check request forms to initiate purchases.”
Survey results – The positive response to this question was extremely low, causing me to believe that the question was poorly worded. It should have included the use of electronic purchase orders generated by most church management software.
Not being able to rely on the survey results, however, does not keep me from sharing the main point.
KEY: A documented approval and bill payment process is a must!
Keep in mind one of our previous posts: Fraudsters Hate Baselines. A well documented bill paying system forms a part of the baseline.
Our Fraud Awareness in the Church series continues with a 5-part series on Cash Disbursements.
When churches finally get around to considering their exposure to fraud, they almost universally focus on the cash receipts or the inflow part of their cash processes. Without doubt, many churches have been hit by fraudsters skimming from the offering plates. But in most cases, the losses are relatively small for two reasons:
- Most churches have strong count team processes, although more of them should add some rotation to their teller mix.
- The vast majority of offerings come in the form of checks or credit cards. Very little is cash.
KEY: The fact is, the biggest scams usually occur on the “outflow stream” not the inflow…
In the next series of posts we will see how well protected our church survey participants are on this side of the ledger.
Part 7 of our series on Segregation of Duties. In our recent Fraud Survey, we asked churches to respond to this statement:
“Our church requires volunteers to collect, administer and account for special event receipts using a written report developed to properly account for such events.”
Survey Results – Once again, a little over one-half of our respondents are in compliance with this fraud prevention measure.
KEY: Many churches farm out the reporting of special event accounting and require little or no accountability from their volunteers.
A significant example of this took place in our region a few years ago. It took place within our local school district, but the same thing can and has happened at churches. A sports booster club held two annual fundraisers. Some agitated parents (whose children evidently didn’t make the team…) discovered or were tipped off to the fact that checks received during the event were deposited in the club bank account. However, cash received was deposited in the coach’s personal account. The parents didn’t report it to the school district first – they turned him into the newspapers!
Follow these fundraising financial safeguards to ensure that donations are collected securely and properly during charity fundraisers.
Churches and ministries often host fundraisers to support various projects like mission trips, community outreach, facility improvement and staff support. As non-profits, churches rely a great deal on the funds they raise and therefore they have to maintain financial security and trust from the donors which includes creating a secure fundraising atmosphere. Regardless of the size of the church or the number of staff members they use, it is important to maintain a professional approach to donation management and follow safeguards to ensure that church financial fraud is avoided and donors’ contributions are received where expected.
1. Ensure that equipment and food service conforms to safety standards.
Since many events involve food service or use of various equipment, it is a smart move to inspect these features for health and safety violations. If possible, use a certified inspector for conducting these inspections, so that there can be legal support if something goes wrong. If using a vendor, ask for references and qualifications before engaging them for an event. While these activities aren’t directly involved with fundraising finances, it is important to maintain safety in these areas for safekeeping of attendees and protection against lawsuits.
2. Require those responsible for fundraising events to submit financial reports.
According to a survey conducted by our church finance experts, a full third of the respondents have no reporting mechanism for special event fundraisers. While no one likes to assume that a volunteer working at a fundraiser will skim a little of the top, there is nothing wrong with requiring accountability, even as small as having them write and submit a financial report. Safeguards like written reports are a step in the right direction and, when coupled with other measures like multiple persons involved with managing funds and detailed records of tickets and/or products sold, the fundraising event has a better chance of avoiding theft and gathering funds successfully.
3. Secure funds as soon as they are gathered.
Regardless of whether funds are received at one time or continuously, it still should be a priority to secure cash and checks as they accumulate. Keep in mind that it is safer to entrust multiple people with the collection of donations, rather than just one with less accountability, so have at least two people in charge of transporting money from the collection to a safe room where the donations can be kept locked up and safe until counting and banking deposits. With volunteers providing sales reports and volunteers collecting the money, it should be a matter of routine to analyze the reports and totals to make sure they are in agreement.
4. Provide donors with receipts for their tax records.
Donors who wish to claim charitable donations for their federal income tax returns have to provide proof, either in the form of a bank transaction or a receipt from the charitable organization that received the donation. According to the IRS:
“An organization that does not acknowledge a contribution incurs no penalty; but, without a written acknowledgment, the donor cannot claim the tax deduction. Although it is a donor’s responsibility to obtain a written acknowledgment, an organization can assist a donor by providing a timely, written statement containing the following information:
1. Name of organization
2. Amount of cash contribution
3. Description (but not the value) of non-cash contribution
4. Statement that no goods or services were provided by the organization in return for the contribution, if that was the case
5. Description and good faith estimate of the value of goods or services, if any, that an organization provided in return for the contribution
6. Statement that goods or services, if any, that an organization provided in return for the contribution consisted entirely of intangible religious benefits (described later in this publication), if that was the case”
Even though the responsibility lies with the donor to acquire proof of their donation, a charitable organization that offers the receipts to assist their donors with the task exhibits courtesy and gratitude. By making the proof of donation process simpler, fundraising organizers can encourage even more donations and facilitate the process of raising funds.
Weeds in the Garden provides financial consulting for churches and ministries
If you’re wanting to plan a ministry fundraising event and would like assistance with keeping donations secure and volunteers accountable, contact Weeds in the Garden. Experts at detecting fraud and preventing church theft, Weeds in the Garden has years of experience in church and ministry accounting and financial development consulting.