Fraud Prevention Archives - Page 6 of 7 - PSK CPA

Awareness of ALL Sources of Revenue

Any discussion of church tithes and offerings practices usually includes both a pat on the back and a criticism.  First, in regard to the normal Sunday offerings I can say to most churches, “Way to go!”  In fact, when I ask a client if they have taken any fraud prevention steps, the first thing usually mentioned is how much the church has done to protect the offering plate.  Seldom do I encounter a church that does not have multi-member count teams, rotating terms of service, locking bank bags, dual-access safes and in an increasing number, the use of an armored car service.  I would venture an educated guess that the majority of churches have more than adequate controls over Sunday receipts.  For some, Fort Knox would be an easier target.

But in regard to the rest of the money, the funds that come in during the rest of the week, I often have to say, “What were you thinking?”  While being diligent to a fault on Sunday morning, almost anything and everything goes the rest of the week.  Here are two in my hall of fame:

  • Offerings, fees and other receipts arriving in the mail or dropped off by members are simply dumped on the financial secretary’s desk.  I have entered offices with large piles of unguarded cash on the accountant’s desk more times than I can remember.
  • Special events funds sometimes are “managed” by a volunteer.  The funds are kept off campus and are not turned over to the business office until the event is over.  No accounting or reconciliation of goods sold is required.

Needless to say, some of our more interesting and sometimes humorous fraud stories occur in these two areas.

However, this is no laughing matter, because a significant “event” could cause irreparable damage.  That being the case, definite steps should be taken.

  • First, a brainstorming session could be held, the purpose of which is to determine all sources of income. 
  • Once identified, all sources should be included in the church’s normal collection policies and procedures. For example,
    • For weekday drop-offs and mail-ins, a lock box could be kept in the church’s safe in which all of these receipts would be placed unopened. 
    • A separate log or register should be maintained to keep a record that the amounts were received. 
    • On Sunday, the box could then be opened and counted by the teller team on duty.

Compliance with the Tax Laws

Churches tend to have only one motivation for staying in compliance with the tax laws.  And that is staying out of trouble.  Churches practice compliance with the Internal Revenue Code primarily to avoid unnecessary penalties and interest, protect their tax-exempt status and stay out of the news. 

The prevailing attitude is “We do these things because we have to; the government is making us.”  Most church’s see no benefit in compliance other than staying in the government’s good graces.  The resulting tendency is many do just enough to get by.  But, by having this attitude they are missing another very good reason why compliance is helpful.  Key: Being serious about government compliance also provides another level of fraud resistance.

Knowing where many of these laws came from makes the same point.  Our governments aren’t really very proactive.  Contrary to popular opinion, they don’t dream up rules and laws just to be belligerent, they are more reactionary.  Many of the rules churches must comply with were implemented in reaction to some type of bad practices or abuse of existing regulations.  A very good example is the charitable contribution substantiation rules.  One of the reasons for their coming into existence was the tendency of some people to deduct tuition payments to the church school as contributions.  Also, “accountable reimbursement plans” are the result of abusive employee business expense deductions during the 1980s.  Although it may come off sounding harsh, the fact is both of these practices, mischaracterizing payments as contributions and inflating expense reports, are forms of fraud the government wishes to eliminate.

The purpose of strong IRS compliance is not simply to stay out of trouble. Key: Doing what the government asks will also close down some favorite targets of individuals committed to stealing from the church. 

A fraud resistant church should take steps to be in compliance with IRS regulations regarding:

  • Ministerial taxation
  • Personnel benefits
  • Business expense reimbursements
  • Credit card use
  • Benevolence
  • Contribution substantiation.

Full Disclosure Financial Statements

Another practice of many churches plays right into one of a fraudster’s strengths, the ability to withhold information.  Perhaps in an attempt to avoid interminably long finance committee meetings brought on by micro-managing members, or more likely, fearful that the messenger is going be killed, some church administrators tend to hold back on the financial facts. Key: Failure to present full-disclosure financial statements is the most common way of holding back information. 

Instead of traditional financial statements, a church may elect to present summary information in an attempt to control the facts.  Making matters worse, they may also use electronic spreadsheets to do the work.  Although spreadsheets are very powerful and useful, they have one major flaw: the preparer is in total control over what goes into the report.  There are no balancing requirements as with a normal set of financial statements based on a double-entry accounting system.  Some crooks have one word to describe this situation. Disneyland!

Financial statements are simply another form of communication used to convey the financial situation of the church.  Their goal, in the church environment, is to answer a few basic questions:

  • How much cash do we have on hand?
  •  Is any of it restricted? 
  • What kind of assets do we own? 
  • Who and how much do we owe? 
  • How did we do this year?
  • Did we stay within budget?

            Key: To answer all of these questions adequately, a church must present a full set of financial statements.  This includes at a minimum, both a balance sheet and an income statement.  (These are business terms; the corresponding non-profit titles are statement of financial position and statement of activities, respectively.)  In addition, if a church has a high volume of restricted activity, a separate schedule of restricted gift activity should also be presented. 

Not only does “summary reporting” result in an uninformed church.  It can also result in a victimized church.  A church with a history of being satisfied with summary reports combined with poor personnel decision-making may end up with an embezzler having the best of both worlds; being able to take what he wants from the church and covering up the evidence with his own reporting system.

Keeping Up with the Times

Until the 1960s, perhaps into the 1970s, churches were rather slow to pick up on new ideas, particularly in regard to technology. (If you have a hard time believing this, think back to the first time someone wanted to bring an electric guitar into your sanctuary!)  But that is no longer the case, especially when it comes to information technology.

Churches have embraced the digital world and are becoming very proficient in the use of computers.  A vast array of applications has been made available to the church including sophisticated financial accounting and reporting, childcare security, online purchasing, online tithing, phone trees and coffee bars with free wireless internet.  Without a doubt, churches have become technologically savvy.

Unfortunately, there is a vast array of other things that most churches aren’t so savvy about: the numerous new portals computers provide through which fraudsters can gain entry into the church.  Key: Computer and online crime is drastically changing the face of fraud prevention. 

To stay abreast of the rapid change in technology and the risks this change brings churches should ask themselves the following questions on a regular basis:

  • Does our church have a formal Information Technology security plan?
  • Do any individuals at our church have access to all modules of the church’s software system?
  • Does our church partition its computer applications so that employees and volunteers have access only to files necessary to perform their duties?
  • Does computer access require passwords that are confidential and unique?
  • Are our passwords changed periodically?
  • Are passwords complex including alpha, numeric and case sensitive characters?
  • Do we have backup procedures that are performed regularly that include off-campus storage?
  • Do we have measures in place to protect the church from malware?
  • Do we train our employees to avoid accepting email from unknown locations?
  • Do we have a download policy?
  • Do we maintain separate public and private wireless networks?

Strong Organizational Structure

Let me be blunt.  The fact that a church has never had an incident of fraud is due to one of two things: luck or planning. Needless to say, the odds of successfully avoiding fraud are much higher with the latter approach.  If a church has been relying on the first approach and has never had an incident, it should be congratulated for its good fortune.  But, the church should also be reminded that its good fortune rests on the fact that either the crooks have not made it to their church yet, or they just haven’t been caught.  In time, one or both of these things will probably occur.   

To increase the chances of avoiding fraud, the best practice is to plan and organize.  This is accomplished by implementing a strong organizational structure within the church. 

Key: Evidence points to the fact that churches with little or no organizational structure are frequent targets of fraud.  The reason is rather obvious; many fraudsters are much better students of management theory than the average church.  They can spot an “easy mark” a mile away.  Crooks can also spot a well-defended church and will avoid it.  Greener pastures are very easy to find because well protected churches are significantly outnumbered by poorly managed congregations. A crook-resistant church usually develops a strong organization in three areas.   

  • Tone at the top is the key to a church’s entire fraud prevention structure.  If integrity is missing at the top levels of management, all other controls will prove to be pointless.  Every church needs to have senior level staff that respects and understands the need for accountability. Good leaders may not care much for expense reports and purchase orders, like most of us, but they do understand their necessity.  It is crucial that leaders comply without visible complaint to those around them.  Junior staff will follow their leaders and the direction they are led is of extreme importance.
  • An empowered leadership team is another essential ingredient, without which transparency is not possible. When making a point about the need for openness and transparency, Supreme Court Justice William Brandeis is credited with saying “Sunlight is the greatest disinfectant”.  One of the ways churches operate in the sunlight is by appointing a formally designated leadership team to guide it. (Titles vary from church to church: deacons, elders, directors, leadership team, etc.)  Members of the team must be adequately trained to understand the requirements and responsibilities of their jobs and allowed to ask difficult and uncomfortable questions.
  • Competent volunteers are essential to the church, the greatest volunteer organization in the history of the world.  But, volunteers should be given sufficient orientation and training in order to understand their roles.  Also, a church should not just let anyone be a volunteer.  Volunteers need to be checked out.  Unfortunately, many volunteers have ulterior motives behind their willingness to help out.

Ten Ingredients of Effective Fraud Prevention

Nov 22, 10 • Blog, Fraud PreventionNo Comments

Financial “bad behavior” is becoming rampant in the church.  You would have to be living in a cave to not recognize this.  There is not a week that goes by without another headline appearing that tells the sad story of a “trusted” church employee “gone bad”. 

The good part of this, if there is a good part, is that the news is getting to be so nerve-wracking that churches and church administrators are finally beginning to recognize that a problem exists.  The two most common questions suddenly being asked are, “What can we do?” and “Where do we start”?  Unfortunately, financial misbehavior in the church is very pervasive and the variety of methods of abuse seemingly unlimited, causing answers to these questions to be quite elusive to the average church administrator.

When faced with such a daunting task, one good practice is to first call a time out.  Before doing anything rash, it may be best to take a step back and gain a more comprehensive view of the situation.  Added perspective can result in an honest assessment of what the church may face.  More importantly, challenges are easier overcome when they are broken down into manageable pieces.

In our next series of posts we will present ten key factors to help gain some perspective on effective fraud prevention.  By addressing these factors deliberately, one at a time and preferably in order, churches can increase their effectiveness in protecting themselves from the danger of financial fraud.  The key factors we will be discussing:

  • Strong organizational structure
  • The essential nature of a written organization plan
  • Keeping up with the times
  • Full disclosure financial statements
  • Compliance with the tax laws
  • Awareness of ALL sources of revenue
  • A well defined purchase approval and payment system
  • Comprehensive human resources planning
  • Posting a guard over fixed assets
  • A commitment to the future

Several years ago the Auditing Standards Board of the American Institute of Certified Public Accountants issued a new auditing standard addressing the auditor’s response to fraud.  Since that time auditors have been including in their management letters, suggestions that their clients perform fraud risk assessments of their organizations.  To date, very few have done so.  The main reason given for not doing so is a result of something I mentioned at the beginning of this chapter.  Because the challenge of fraud prevention is so vast, many just don’t know where to begin.  Hopefully, our discussion of these ten characteristics will do just that; provide a starting point to achieving strong fraud resistance.

Security Blanket #5 – We Set Up Separate Bank Accounts for Special Funds

We set up a separate bank account for each special fund to make sure the money goes where it is supposed to go…”

Over the years, we have seen many churches take this approach.  Rather than using their church accounting software to take care of measuring and tracking the restricted funds, they either open separate bank accounts or worse, divide one bank account among several different general ledger accounts.  I have detected two main reasons some churches take this approach:

1 – They have been burned in the past by funds designated for a specific purpose being spent for something completely different.  When it came time to accomplish the designated purpose, funds were no longer available to accomplish the task. 

2 – They simply don’t trust themselves.  The temptation to redirect the funds is too great.  So, the thinking goes, “we will set up a separate account to keep these dollars safe”. 

Churches who choose this path seldom realize that by closing one door, they inadvertently open up a much more sinister portal:  they create an environment for a con artist to conduct a very expensive shell game.  With multiple bank accounts and limited controls, an embezzler can shuffle funds among the accounts to create a dense smokescreen, making detection extremely difficult. 

The best practice?  Have as few bank accounts as possible coupled with strong internal controls and recordkeeping.

Interested in finding out how your controls measure up?  Contact us today about our internal control assessment and other Best Practice Engagements at (817)664-3000 or email us using our contact form.

Put Faith in a System, Not a Person

News stories about church funds being embezzled by an employee or clergy are common, but embezzlement by someone charged with oversight is rarely reported in the media. A Michigan based news site, www.mlive.com reported the following story on September 16, 2010:

Former Birch Run church leader charged with embezzling more than $100k from congregation

The former church president in Birch Run, Michigan, remains in jail on a $250,000 cash-only bond for allegedly embezzling over one hundred thousand from the ministry.

According to the perpetrator, he “got in deep” and “was trying to get his son out of trouble.” The former church president was able to withdraw funds from the various church bank accounts by writing checks and affidavits of loss and cashing them using his and the signature of the congregation treasurer, without her knowledge.

The church could have easily prevented this from happening.

First, the church president remained in that position for 12 years, allowing him to commit and conceal the fraud for an extended period of time. Positions of oversight i.e. president, treasurer, finance committee membership etc. should be rotated periodically. The term and rotation of the officers should also be documented within the church’s bylaws and constitution.

Second, it appears that the perpetrator had joint custody of the bank account along with the church treasurer but was also responsible for paying bills. Just because an individual serves as the president does not mean that his duties are exempt from oversight and the principle of segregation of duties. He was assigned to approve and sign checks, so the actual function of writing checks, recording disbursements in the general ledger and reconciling bank accounts should have been assigned to someone else. Every organization should put faith in a system, not a person.

And lastly, he had pressure to commit the fraud. In his own words, he was trying to get his son out of trouble. Given the circumstances, anyone in his position would have been tempted to commit the crime.

Obviously, he alone is responsible for the act; however, it was the responsibility of the church’s leaders to implement a system of checks and balances and ensure that authority is not concentrated in one individual’s hands, regardless of his status and reputation within the church and the local community.

To avoid this from happening at your church we have created FACT, a web-based test which will identify the cracks in your current system and help you prevent fraud in the future.

Give us a call at (817) 664-3000.

Security Blanket #3- The Loyal Bookkeeper

“Our bookkeeper has been a member and served our church for many years.  We trust him/her completely…”

Church’s Secretary accused of embezzling $1.5 million

Former pastor guilty of stealing from church

Church’s former secretary jailed on fraud charges

Priests get jail for stealing from church

Church secretary accused of stealing thousands

Woman accused of stealing from church

Baptist church secretary was arrested and charged with 17 counts of credit-card fraud…

Church financial secretary steals $216,000—asks for forgiveness

Church secretary admits to stealing $274,000 from congregation

These are all actual headlines from articles about church theft.  I think we’d all agree…this is NOT the publicity that anyone wants, particularly a church.  In most of the church embezzlement cases I have read about, the crime is not perpetrated by a thief who has sought out a soft target.  More often churches are embezzled from by a long-time, dedicated and trusted employee who has been given total access to the church’s financial operations.  In short, it is usually not bad people who steal from churches.  Rather, church embezzlement is committed by good people who find themselves (or their close relatives) in bad situations.

Churches victimized in this way have often not taken into account the first leg of the “fraud triangle” – Pressure. (Rationalization and opportunity are the other two.)  Pressure can be defined as any outside force or set of circumstances that creates a need for cash.  Pressure comes in many forms, including large unexpected medical costs, business reversals, and in far too many cases, addictions.  When faced with these issues, many people of otherwise unquestioned integrity are tempted to “borrow” from their employer to alleviate the pressure.

Churches have limited control over the pressures their employees and volunteers face.  However, they have almost total control over one leg of the triangle – OPPORTUNITY.  By establishing strong financial controls and processes churches can go a long way in removing temptation from its employees. 

If you’d like to hear more about our Internal Control Assessments or one of the many other services we provide, please contact us at (817)664-3000 or email us using our contact form.

Security Blankets

Mar 17, 10 • Blog, Fraud PreventionNo Comments

In recent years there has been an alarming upward spike in the number of church fraud and embezzlement incidents.  But surprisingly, given this epidemic, few churches are taking proactive steps to ward off predators.  The reasons given are many and varied but most offer no more protection than the Peanuts character Linus’ security blanket. 

Each week, this blog will be updated with a description of another “security blanket” churches wrap themselves in thinking they are protected from fraud.  Be looking for Security Blanket #1 – “It could never happen here…”

What Can We Do For You?

Get In Touch →