Part 12 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has implemented a written credit card policy to control credit card purchases.
Ok, I know I was a little harsh in the last post… I guess it’s because I have seen too many credit card train wrecks! The million dollar event I discussed in the last post was definitely the largest, but I have seen many of its smaller brothers and sisters.
Although over 80% of the surveyed churches issue church-named credit cards, the results of the next query gives me some comfort. 70% of these churches have implemented a church credit card policy to monitor credit purchases. Unfortunately, that leaves nearly a third with no documented policies to give oversight over credit card purchases. Based on the things I have seen, these 30 percenters are living on the edge.
It is imperative that any church issuing credit cards to employees and volunteers has a credit card policy to lay down usage guidelines.
At a bare minimum a church credit card policy should:
- Limit the dollar amounts of single purchases, and
- Restrict the use of the cards to certain businesses.
What would you add to these two requirements?
Part 11 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church issues credit cards (in the church’s name) to employees and/or volunteers.
At a response rate that came as no surprise to me, 86% of the churches who took part in our survey issue credit cards to employees. It continues to amaze me how many churches follow this practice. Seldom do we see this in our work with commercial clients. Most businesses with accountable business expense reimbursement plans require employees to use their own cards. This is particularly true with smaller organizations. Some larger companies do issue corporate cards, but all of them I have seen keep the employee on the hook by including the employee on the account: The employee pays the bill AFTER being reimbursed by the company. Employees of businesses that follow this procedure tend to be more responsible credit card users because there is always the possibility that their employer may say, “NO!”
Why do we consider the issuance of credit cards (in the church’s name) a fraud risk? I have a simple answer:
The largest church credit card fraud investigation I have conducted resulted in more than one million dollars in losses.
Illicit use of just two credit cards was responsible for 75% of the theft!
Without sufficient oversight, credit cards can turn the entire purchase approval system on its head. I have seen it happen…
Part 10 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established a “Positive Pay” arrangement with our bank.
Increasingly, due to technological change and advancement, the threat of fraud is no longer limited to dishonest employees. Hackers and other “online bandits” have become quite proficient in draining the bank accounts of the unsuspecting. One defense against this is to establish a Positive Pay arrangement with your bank.
Only 5% of our respondents have this type of bank account protection in place, which is surprising because Positive Pay is a simple three-step process.
- During the check writing process, a list is compiled of bills to be paid.
- The list is sent to the bank.
- The only checks or drafts to be cleared by the bank are those on the list.
I am very curious why so few take advantage of this. Any ideas?
Part 9 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established an “approved vendor list”. All payments for goods or services are made only to vendors on the list.
A surprisingly high percentage of our respondents – 82% had not established an “approved vendor list”. A common misconception in the church environment is that, “If we are going to be hit, it will be directed towards our tithes and offerings.” While this does happen frequently, some of the largest dollar losses occur in the disbursement processes, not the receipts. Also, these types of frauds, because of their difficulty of detection, seem to go on for longer periods of time than thefts of cash receipts. From my observations, it seems that many more churches are hit after their revenues are safely in the church’s bank accounts, not on their way in.
The first line of defense against vendor disbursement fraud is the development of well-defined AND well-written bill approval and payment policies and processes.
In addition to purchase orders and check requests, such a system should include a formal vendor selection and retention process. After successfully screening potential donors, the church should develop a preferred vendor list. As part of the check signing process, payees should be compared to the approved vendor list.
Part 8 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church reconciles payroll quarterly reports with the payroll journals and general ledger.
Almost 25% of our respondents do not perform this relatively simple task. I can show you plenty of news reports of churches who wish they had! Occasionally, I need to point out the obvious; thieves do not like to get caught! To remain successful at this, they have to hide in the tall weeds. This means they are going to target the big numbers in a church’s financial statements. And the biggest of the big numbers is payroll cost.
Typically, payroll makes up 50% of a church’s operating budget.
For example, if a church has a one million dollar budget, a thief can easily find cover among $500K of tall weeds!
To avoid being the victim, churches should take care to:
- Know who their employees are
- Know how much their employees are paid
- Periodically review activity in the payroll general ledger accounts
- Compare payroll reports with budget totals.
Part 7 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church follows written guidelines in administering benevolence fund activity.
Many churches establish benevolence funds to assist needy persons. This is a normal and expected function of any church. However, if assistance programs are not monitored closely the benevolence fund can become a target of theft. Benevolence funds are favorite targets for several reasons:
- There is no business cycle, making baseline analysis almost impossible
- Checks are written to a variety of individuals and vendors not closely related to the church, making it easy to slip one more in the pile
- To protect the confidentiality of recipients, some churches operate separate bank accounts that only one person has the right to see!
35% of our respondents do not follow written guidelines in administering assistance programs.
It is extremely important that the Church establish clear policies on its benevolence activities. Such policies should include but not be limited to:
- what funds will be accepted
- who will administer the funds
- who will receive the funds, and
- for what purposes the funds will be spent.
Best practices also dictate that a documented beneficiary application and approval process be followed when awarding assistance.
Part 6 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church requires volunteers responsible for special events to submit written financial reports.
The vast majority of churches have implemented adequate control procedures over the Sunday offerings. However, funds that arrive in the church office from Monday through Saturday are a completely different story. These types of revenues typically consist of offerings dropped off by members, fees for various events and food service revenues and special event revenues under the direct supervision of volunteers, such as fundraisers, banquets, and short-term mission trips.
According to our survey, a full third of the respondents have no reporting mechanism for these types of special events. Theft of special events funds by trusted volunteers frequently pop up in the news media. For example, in the city where I live, a prominent public school coach was relieved of his duties when it was learned that he was in the regular habit of skimming from the receipts his team’s annual fund raiser.
To avoid the headlines, at a minimum, churches should require volunteers to account for tickets and/or products sold and fees collected at fundraisers and special events. As a matter of routine the sales report should be reconciled with the total cash generated and deposited into the church bank account.
Part 5 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church uses pre-numbered purchase orders or check requests.
Theft of cash receipts, particularly offerings, garners the most attention by churches in their fraud prevention practices. However, the largest dollar-loss incidents tend to occur in the bill paying arena. In most of the check writing fraud cases I read about I see the same four ingredients which allowed the theft to take place:
- Poor segregation of duties
- Failure to pay attention to the bank reconciliation process
- Poor security over the church’s check stock
- Absence of a formal bill approval and payment system
The starting point of a formal bill payment system is the utilization of preprinted (or computer generated) sequential purchase orders or check requests. The absence of such a system can be the beginning of sorrows for a church.
Approximately 54% of the survey respondents reported not using proper documentation to begin the bill approval process.
Part 4 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
We present a list of authorized check signers to the Leadership Team. (Elders, Finance Committee, etc.)
This is one of the routine questions we ask financial staff when we conduct an audit of a church. While monitoring check signatures has some merit, it is in my opinion, rather overrated due to the fact that commercial banks no longer review signatures to the same extent they did in the past. Also, if you are unfortunate enough to hire a thief with courage and great handwriting skills, no amount of signature verification will be sufficient. A person with sufficient bravery and forgery skills can wreak havoc on even the most secure systems.
But, a byproduct of this process can be extremely beneficial. An annual review of authorized check signers, forces the church to also assess how many and the nature of the bank accounts it has on hand. If no review is ever performed, it can be easy for a bank account (or two or three…) to unofficially “go inactive”. These “dormant” accounts can sit under the radar for years until a dishonest employee discovers them.
One of the hurdles a thief has to jump is once funds have been diverted, how to get stolen dollars out of the church. Dormant accounts are very handy in meeting this challenge. To illustrate, small amounts can be siphoned out of a church by the payment of phony invoices. The thief allocates these illicit transactions throughout various budget line item accounts being careful to keep the total for the year within budget limits. Once the funds are safely in the dormant account the thief simply transfers the funds to a personal account…
Our survey results indicated that 41% of the respondents reported they did not conduct an annual evaluation of its bank accounts and signatures. That is a wide margin of opportunity for would-be thieves.
Part 3 of our ongoing Fraud in the Church series. PSK in cooperation with the National Association of Church Business Administration (NACBA) conducted a survey to determine the extent to which churches are attempting to address the problem of church fraud. We asked them to respond to this statement:
Our church has established a formal program for reporting fraudulent activities.
In its 2010 Report to the Nations, the Association of Certified Fraud Examiners revealed that 40% of fraud cases were initially detected by anonymous tips. Half of the tips came from employees. Approximately two-thirds of these cases were communicated through the entity’s fraud hotline. This data is not inconsistent with prior years’ findings. In fact, during one year a whopping 60% of detected fraud was discovered by the combination of tips and/or by accident! In our survey, we learned that 59% of the churches responded reported having no mechanism for employees, members, and vendors to report suspected improper behavior.
The use of anonymous hotlines, usually found on an entity’s website, has been quite successful in the corporate and government environments. However, this is a tough sell in the church environment as it seems distasteful to most people involved in church. And that includes me…
I have been (and remain) reluctant to recommend to my church clients taking such a step.
However, one solution I have seen, that may be a good middle-ground is to outsource this function. There are third parties who provide this service by making available a toll-free phone line and a web address. Because confidentiality is crucial, all reports go directly to the third party and bypass any nosy people along the way. As part of the church’s whistleblowers policy (which I hope your church has) a description of the third party providing these services and the processes to be followed should be included in the church personnel manual.
What do you think about this idea?