It’s no secret that fraud, waste, and mismanagement are endemic in churches. In fact, the numbers are shocking. According to the Church Mutual Insurance Company:
- 30 percent of church employees will steal at some point in their career.
- During the first half of 2014, churches lost $39 billion due to fraud—more than was spent during the same time on outreach.
- The average loss on a per-church basis is $120,000.
- One third of all churches experience fraud every year.
- The prevalence of fraud within faith communities is rising rapidly.
So what can we do to prevent such losses? While no church can completely eliminate the risk, there’s a lot we can do to reduce its likelihood, and to reduce losses if an incident does occur.
The Fraud Triangle
First, it’s helpful to understand the factors that lead to losses. According to the Association of Certified Fraud Examiners, three factors, called the “Fraud Triangle,” lay behind almost every incident of embezzlement. The three components are:
- Pressure, in the form of perceived financial need on the part of the perpetrator.
- Opportunity in the form of weak internal controls
- Rationalization, often in the form of, “Well, I earned it,” or “I am just borrowing it.”
So, breaking any one of the three components makes it less likely that fraud will occur. While there is little to be done about perceptions of personal financial need, adequate internal controls and a commitment to ethical conduct at every level of our churches and schools make fraud less likely.
The Warning Signs
The vast majority of cases of fraud and embezzlement are detected not by auditor, but instead by persons who notice suspicious circumstances and alert authorities. It is therefor helpful to know the warning signs for fraud. These include:
- Chaotic or missing financial records.
- Employees who refuse to ever take vacation.
- Excessive overtime.
- Drops in revenue.
- Increased expenses.
- Duplicate payments to vendors.
- Recurring overages or shortages in bank deposits.
- Unexpected past-due notices.
- Employees who seem to live beyond their means.
- Employees who are abusing drugs or alcohol, or having an affair.
All too often, churches feel that fraud prevention strategies either aren’t needed, or would suggest distrust. But like Caesar’s wife, it is important that church business operations be above reproach, and that there are adequate measures in place to protect against unfounded suspicion.
Fortunately, there are a lot of ways to prevent fraud, and many can be implemented at little or no cost. These include:
- Segregating duties—meaning that separate people should approve payments, process them, and sign them.
- Requiring dual signatories on all checks.
- Implementing a two-person rule for handling donations, meaning that two unrelated people must be involved at all times, from the moment of collection to the time a deposit arrives at the bank.
- Using drop safes that require two keys or combinations to open them.
- Rotating teams of unrelated counters.
- Using disposable, tamper-resistant numbered bank bags, and recording the number on the accompanying deposit ticket.
- Placing security cameras in the counting room and/or church office. Note that, with current technology, cameras are affordable and easy to install, even for a do-it-yourself-er.
- Making deposits as soon as possible after receipt.
- Reconciling bank statements on a monthly basis and investigating discrepancies immediately.
- Using a hosted accounting application and establishing controls over specific functions, including approving payments and posting to the general ledger.
- Maintaining a current financial manual, as required by canon, and including written policies and procedures. This manual should be readily available to anyone who asked to see it, including counters, clergy, and volunteers.
- Having the bank send duplicate bank statements to non-signatories.
- Establishing a written requirement that all detail be included with credit card statements submitted for payment.
- Including sufficient detail in your financial reports that vestry members can assess whether something is wrong. This includes publishing compensation for all parish employees, versus concealing compensation in a “lump sum.” Parishes that do the latter run the risk of “phantom employees,” or bonuses to employees not authorized by the vestry.
- Maintaining an independent vestry that understands that it has ultimate authority for the temporal affairs of the parish, and is not afraid to ask questions.
- Operating with a spirit of transparency and openness, including publishing the results of your annual audit, and making detailed financial reports available to vestry members.
The Role of Audits
An annual audit of church financials is required by church canon. In some cases, and where authorized by diocesan canons, knowledgable parishioners can perform an audit, but using a CPA is preferred. Unfortunately, many churches don’t understand what an audit is, and opt for other, often unapproved, accounting work.
- An audit involves testing accounts payable and receivable, and conducting verification of key financial metrics. As a result, it offers the highest level of assurance, but is not intended to detect fraud. The CPA does, however, assess financial controls.
- A review offers limited assurances, and is essentially a “does it make sense,” test of financials.
- A compilation simply drops existing financial records into an appropriate format and offers no assurance as to accuracy.
- An agreed-upon procedures, or AUP, is client-directed and is intended to help with business decisions. For example, if company A plans to buy company B, it may conduct an AUP to verify company B’s revenues. Any assurance comes from the client, so an AUP offers no independent assurances.
- A forensic audit is useful when there is the possibility of fraud, waste or mismanagement, and typically is done by a CPA who is a certified fraud examiner. Forensic audits also can be useful if parish records are in disarray or destroyed in a mishap, as they establish a clean baseline for future financial reporting.
When preparing for an audit, the vestry should review both the audit agreement and the resulting management letter. In addition, our canons require that all church accounts, including ECW and discretionary funds, be included. Auditors also should receive a copy of the Manual of Business Methods in Church Affairs prior to the audit. You may also want to review the Manual’s excellent internal controls checklist.
It’s also vitally important that vestry members be involved in the entire audit process, including being afforded the opportunity to ask questions of the auditors. Churches that rely on assertions by the rector or parish administrator that “the audit went fine,” or “there were very few suggestions,” set themselves up for disaster. And if you are a vestry member, and you are told that the audit went fine, but that your church is still cleaning up its financial records, you need to ask some tough questions. There is no such thing as an audit that goes well when your financial records are a shambles.
The Importance of Ethics
Hand-in-hand with setting up adequate internal controls is another key issue, which is creating an environment in which there’s a church-wide commitment to ethical and effective governance. Parish employees, clergy, vestry members and volunteers all need to appreciate the importance of these issues, and take pride in having a well-run parish. In such situations, members are comfortable giving generously of their resources, and it is simply a given that potential misconduct will be brought to light.
It’s also important for whistle-blowers to know that they and their concerns will be treated with respect, and that there will be no retribution. Far too many problems in churches, including sexual misconduct and fraud, fail to see the light of day because people are afraid to speak up, or believe it “can’t happen here.” But the reality is that fraud and other unethical conduct can and does happen in churches, every day.
Responding to Fraud
So what do you do if the worst happens, and you suspect fraud? Here are some simple steps:
- Know that you are not alone. Many churches have been in this situation and have gone on to a full recovery.
- Call your attorney immediately. But make sure you understand whom she represents. Does she represent the parish? The diocese? Your parish administrator? It’s important to have clarity on this issue.
- Do not confront the subject. Tempting though it may be, you risk the destruction of evidence, and may place yourself in harm’s way.
- Do not say anything publicly. The last thing you need is to face a defamation lawsuit.
- Via your attorney, notify the diocese and your insurance carrier.
- Ask your insurance carrier about the possibility of retaining a fraud examiner.
- Consider prosecuting whenever possible. While this often is controversial, working a back-room deal with the culprit can blow up in your face if it later comes to light, and parishioners feel like they were left in the dark. Much like a vampire, misconduct often fizzles when exposed to the light of day.
In short, there’s no foolproof way to prevent fraud. But there is a great deal that our churches can do to safeguard the resources entrusted to them.
image: Flanked by her attorneys, Ellen Cooke (center), former treasurer of the Episcopal Church, enters United States District Court in Newark, January 24, 1996 to plead guilty to charges of transferring stolen money across state lines and tax evasion. Cooke admitted embezzling more than $1.5 million from the church. With her are her lawyers Diane Weeks of New Jersey and Plato Cacheris of Washington D.C. (Photo from New Jersey Newsphotos)