Another practice of many churches plays right into one of a fraudster’s strengths, the ability to withhold information. Perhaps in an attempt to avoid interminably long finance committee meetings brought on by micro-managing members, or more likely, fearful that the messenger is going be killed, some church administrators tend to hold back on the financial facts. Key: Failure to present full-disclosure financial statements is the most common way of holding back information.
Instead of traditional financial statements, a church may elect to present summary information in an attempt to control the facts. Making matters worse, they may also use electronic spreadsheets to do the work. Although spreadsheets are very powerful and useful, they have one major flaw: the preparer is in total control over what goes into the report. There are no balancing requirements as with a normal set of financial statements based on a double-entry accounting system. Some crooks have one word to describe this situation. Disneyland!
Financial statements are simply another form of communication used to convey the financial situation of the church. Their goal, in the church environment, is to answer a few basic questions:
- How much cash do we have on hand?
- Is any of it restricted?
- What kind of assets do we own?
- Who and how much do we owe?
- How did we do this year?
- Did we stay within budget?
Key: To answer all of these questions adequately, a church must present a full set of financial statements. This includes at a minimum, both a balance sheet and an income statement. (These are business terms; the corresponding non-profit titles are statement of financial position and statement of activities, respectively.) In addition, if a church has a high volume of restricted activity, a separate schedule of restricted gift activity should also be presented.
Not only does “summary reporting” result in an uninformed church. It can also result in a victimized church. A church with a history of being satisfied with summary reports combined with poor personnel decision-making may end up with an embezzler having the best of both worlds; being able to take what he wants from the church and covering up the evidence with his own reporting system.
Until the 1960s, perhaps into the 1970s, churches were rather slow to pick up on new ideas, particularly in regard to technology. (If you have a hard time believing this, think back to the first time someone wanted to bring an electric guitar into your sanctuary!) But that is no longer the case, especially when it comes to information technology.
Churches have embraced the digital world and are becoming very proficient in the use of computers. A vast array of applications has been made available to the church including sophisticated financial accounting and reporting, childcare security, online purchasing, online tithing, phone trees and coffee bars with free wireless internet. Without a doubt, churches have become technologically savvy.
Unfortunately, there is a vast array of other things that most churches aren’t so savvy about: the numerous new portals computers provide through which fraudsters can gain entry into the church. Key: Computer and online crime is drastically changing the face of fraud prevention.
To stay abreast of the rapid change in technology and the risks this change brings churches should ask themselves the following questions on a regular basis:
- Does our church have a formal Information Technology security plan?
- Do any individuals at our church have access to all modules of the church’s software system?
- Does our church partition its computer applications so that employees and volunteers have access only to files necessary to perform their duties?
- Does computer access require passwords that are confidential and unique?
- Are our passwords changed periodically?
- Are passwords complex including alpha, numeric and case sensitive characters?
- Do we have backup procedures that are performed regularly that include off-campus storage?
- Do we have measures in place to protect the church from malware?
- Do we train our employees to avoid accepting email from unknown locations?
- Do we have a download policy?
- Do we maintain separate public and private wireless networks?
Establishing an organizational structure is the first step in combating fraud, however it is not enough. Key: In order to stay within reasonable boundaries, churches must take the time to carefully document their management structure and practices. Churches that fail to do this do so at great risk.
A written organizational plan serves several purposes.
- First, it serves as a compass providing direction for the church as it navigates through difficult decisions.
- Similarly, the organizational documents serve as a map, helping the church chart courses of action of a more long-range nature.
- Finally and directly related to fraud prevention, documentation serves as an anchor, keeping the church from drifting into dangerous waters.
For this discussion, I have grouped documentation into three categories.
- Corporate records of the church are the first consideration. All churches should have in place a practice of insuring that their articles of incorporation, by-laws and/or constitution are up-to-date and in compliance with federal, state, and local law. This is best accomplished by engaging legal counsel familiar with church and exempt organization law to perform periodic reviews of the corporate documents.
- An accounting and management policy and procedure manual is a must in the battle against fraud. Fraudsters do not like consistency because it forms a base-line upon which to make quick and simple comparisons. Having a central document, such as an accounting and management policy manual, provides a proper back drop for church operations. Without creating a massive “code of regulation” the policy should be comprehensive. At a minimum, typical topics included should be organizational structure, budget development, cash receipts and disbursement procedures, financial reporting and personnel administration.
Documents specifically aimed to reduce fraud should also be included in a church’s policy and procedure portfolio. Written policies should be created that address conflicts of interest, business expense reimbursements to employees and volunteers, credit card use, benevolence, and building and property use.
Let me be blunt. The fact that a church has never had an incident of fraud is due to one of two things: luck or planning. Needless to say, the odds of successfully avoiding fraud are much higher with the latter approach. If a church has been relying on the first approach and has never had an incident, it should be congratulated for its good fortune. But, the church should also be reminded that its good fortune rests on the fact that either the crooks have not made it to their church yet, or they just haven’t been caught. In time, one or both of these things will probably occur.
To increase the chances of avoiding fraud, the best practice is to plan and organize. This is accomplished by implementing a strong organizational structure within the church.
Key: Evidence points to the fact that churches with little or no organizational structure are frequent targets of fraud. The reason is rather obvious; many fraudsters are much better students of management theory than the average church. They can spot an “easy mark” a mile away. Crooks can also spot a well-defended church and will avoid it. Greener pastures are very easy to find because well protected churches are significantly outnumbered by poorly managed congregations. A crook-resistant church usually develops a strong organization in three areas.
- Tone at the top is the key to a church’s entire fraud prevention structure. If integrity is missing at the top levels of management, all other controls will prove to be pointless. Every church needs to have senior level staff that respects and understands the need for accountability. Good leaders may not care much for expense reports and purchase orders, like most of us, but they do understand their necessity. It is crucial that leaders comply without visible complaint to those around them. Junior staff will follow their leaders and the direction they are led is of extreme importance.
- An empowered leadership team is another essential ingredient, without which transparency is not possible. When making a point about the need for openness and transparency, Supreme Court Justice William Brandeis is credited with saying “Sunlight is the greatest disinfectant”. One of the ways churches operate in the sunlight is by appointing a formally designated leadership team to guide it. (Titles vary from church to church: deacons, elders, directors, leadership team, etc.) Members of the team must be adequately trained to understand the requirements and responsibilities of their jobs and allowed to ask difficult and uncomfortable questions.
- Competent volunteers are essential to the church, the greatest volunteer organization in the history of the world. But, volunteers should be given sufficient orientation and training in order to understand their roles. Also, a church should not just let anyone be a volunteer. Volunteers need to be checked out. Unfortunately, many volunteers have ulterior motives behind their willingness to help out.
“We set up a separate bank account for each special fund to make sure the money goes where it is supposed to go…”
Over the years, we have seen many churches take this approach. Rather than using their church accounting software to take care of measuring and tracking the restricted funds, they either open separate bank accounts or worse, divide one bank account among several different general ledger accounts. I have detected two main reasons some churches take this approach:
1 – They have been burned in the past by funds designated for a specific purpose being spent for something completely different. When it came time to accomplish the designated purpose, funds were no longer available to accomplish the task.
2 – They simply don’t trust themselves. The temptation to redirect the funds is too great. So, the thinking goes, “we will set up a separate account to keep these dollars safe”.
Churches who choose this path seldom realize that by closing one door, they inadvertently open up a much more sinister portal: they create an environment for a con artist to conduct a very expensive shell game. With multiple bank accounts and limited controls, an embezzler can shuffle funds among the accounts to create a dense smokescreen, making detection extremely difficult.
The best practice? Have as few bank accounts as possible coupled with strong internal controls and recordkeeping.
Interested in finding out how your controls measure up? Contact us today about our internal control assessment and other Best Practice Engagements at (817)664-3000 or email us using our contact form.
“Our bookkeeper has been a member and served our church for many years. We trust him/her completely…”
Church’s Secretary accused of embezzling $1.5 million
Former pastor guilty of stealing from church
Church’s former secretary jailed on fraud charges
Priests get jail for stealing from church
Church secretary accused of stealing thousands
Woman accused of stealing from church
Baptist church secretary was arrested and charged with 17 counts of credit-card fraud…
Church financial secretary steals $216,000—asks for forgiveness
Church secretary admits to stealing $274,000 from congregation
These are all actual headlines from articles about church theft. I think we’d all agree…this is NOT the publicity that anyone wants, particularly a church. In most of the church embezzlement cases I have read about, the crime is not perpetrated by a thief who has sought out a soft target. More often churches are embezzled from by a long-time, dedicated and trusted employee who has been given total access to the church’s financial operations. In short, it is usually not bad people who steal from churches. Rather, church embezzlement is committed by good people who find themselves (or their close relatives) in bad situations.
Churches victimized in this way have often not taken into account the first leg of the “fraud triangle” – Pressure. (Rationalization and opportunity are the other two.) Pressure can be defined as any outside force or set of circumstances that creates a need for cash. Pressure comes in many forms, including large unexpected medical costs, business reversals, and in far too many cases, addictions. When faced with these issues, many people of otherwise unquestioned integrity are tempted to “borrow” from their employer to alleviate the pressure.
Churches have limited control over the pressures their employees and volunteers face. However, they have almost total control over one leg of the triangle – OPPORTUNITY. By establishing strong financial controls and processes churches can go a long way in removing temptation from its employees.
If you’d like to hear more about our Internal Control Assessments or one of the many other services we provide, please contact us at (817)664-3000 or email us using our contact form.
This article (http://www.msnbc.msn.com/id/30088148/) reminded me of a fraud prevention principle – Most church embezzlements are probably not committed by crooks. Sinister looking guys usually don’t hang around churches with cigarettes hanging out of their mouths looking for the right opportunity to jump. Instead, I think more financial attacks on churches are committed by people who are basically good but, for one reason or another, find themselves in bad circumstances such as addictions (gambling being the most frequent), business reversals, and health issues.
Unfortunately, many churches operate under the belief that you have to be a crook to be a church embezzler, and convince themselves that since “We have no crooks here we have nothing to worry about.” What they forget is this: they do have hurting people. Probably more than they realize. In fact, every church has plenty of wounded members and employees with all sorts of “issues”. And unfortunately, many of their wounds can be eliminated, or at least, soothed with money.
I don’t know if the need for plastic surgery and Botox constitutes an “issue”. But it did for this particular priest. And his church is $85,000 the poorer for it…
PSK LLP has provided this article as a resource to help churches prevent fraud.
We can help you with your specific needs by calling us at 817.664-3000 (Toll Free: 800.424.5790)
or email Verne at verne@pskcpa.com