Over a quarter of fraud occurs in businesses with under 100 employees. A business that fits this description well is churches. When fraud occurs in smaller businesses such as a church, the stolen amount has a greater effect on the mission in comparison to larger companies.
Having consistent internal controls set in place is a fundamental practice in stewarding church funds for the mission. Internal controls also provide protection to the employees. Although employees might push back against unsupported accusations of fraud that could arise, small consistent policies and procedures can help protect employees and the church. In this blog we will outline common reasons for fraud, how to prevent fraud through internal controls, and the increased risk that can come from credit cards and a board of directors.
The Fraud Triangle; What Motivates Fraud?
The fraud triangle consists of three elements that are typically seen when a person commits fraud within the workplace. Individuals may be motivated by one or all three of the elements.
- The first is rationalization, which occurs when the offender believes that stealing money is justified, or that they will pay it back in the future. For example, if an employee feels as if they are being underpaid, they may believe it to be permissible to steal what they think they deserve.
- The second is incentive or pressure. This occurs when the offender has personal finance issues such as being late on bills, large medical bills, gambling, or expensive hobbies that drive the commitment of fraud.
- The third is opportunity, which occurs when there is a lack of internal controls or review process. For example, if one person is responsible for opening all mail, depositing checks, and tracking customer accounts, the opportunity to commit fraud by diverting funds towards themselves is great since the responsibility is not segregated amongst multiple employees. Opportunity is what an organization can control through internal controls and processes.
Common Red Flags and Opportunities for Fraud
When considering what internal controls the organization will want to set up, it is important to note common opportunities and reasons behind fraud. Having a business that is understaffed can be an opportunity for fraud due to one person having too many roles (i.e. no segregation of duties). In churches, it is important to recognize the inherent trust that is often present which can lead to oversight or lack of investigation into anomalies.
Keep an eye out for employees living beyond their means, personnel with financial difficulties, those with control issues, and those who refuse to utilize vacation time. These are red flags that may lead to fraud. Unfortunately, there is no shortage of ways or reasons for people to commit fraud. That is why strong internal controls are necessary!
Internal Controls to Prevent Fraud
While initiating internal controls may be hard, they are necessary to protect your mission, finances, employees, and community reputation. Lack of internal controls make up 32% of risk to prevent fraud*. Below is a list of internal controls that we recommend every church consider setting in place.
- Background checks. One of the first internal controls to have in place is a background check for all new hires. Appropriate screening should be done for everyone within the business. You never know if somebody has committed fraud prior to joining your business. So, a zero-tolerance policy for fraud is going to be critical!
- Dual custody of cash. When a church’s offering is collected, there should always be two people who count the money. These two people should not be related nor have any other relation to each other. Funds should remain in the custody of both people until put in a safe and/or deposited in the bank. Both individuals should sign the count sheet and put it in a secured location. Some churches have the counters take it to the bank overnight deposit box.
- Rotate offering counters. Counters should be rotated on a timely basis to catch possible fraud, irregularities, or collusion that would not have been noticed otherwise.
- Monitor online giving applications. Ensure that your church has the proper policies and procedures for the software in use. It is critical that there are controls around what bank account the funds will be deposited into. Additionally, set appropriate and controlled parameters around who can change the bank accounts, who checks where the money is being deposited, and who will review all the deposits.
- Review, review, review. Invoices, checks, bank reconciliations, payroll and all other receipts, disbursements, and reconciliations should be reviewed by a supervisor to ensure accuracy and completeness. Any irregularities should be investigated. If the church lacks a supervisor, consider having the board of director president or treasurer act in this role. Lack of review makes up 18% of risk for fraud*.
- Segregate duties. No one individual should have sole custody over cash, record entries, and reconcile and review entries. These should be segregated between two or more people. Fewer church personnel will require outside individuals to assist with oversight.
- There should always be a check signor available. Avoid pre-signed checks or signature stamps. Checks should be reviewed with all the supporting evidence (invoices, store receipts, etc.) and signed by an appropriate supervisor or staff member. If the check is over a certain dollar threshold best practice is to have a second review requirement by an executive. Thresholds are dependent on the church and set based on their comfortability and risk tolerance. Bank reconciliations should be prepared monthly for all accounts. Therefore, voided checks should be followed up on to confirm that they were voided, outstanding checks should be followed up on, and all outstanding deposits should clear the bank in a timely manner.
Risks to Monitor with Credit Cards
As auditors, we have seen and are able to recognize areas of risk that may make your organization more susceptible to fraud. We want to make sure you understand them, along with policies and procedures to lessen the risk if you choose to utilize them.
The first area of higher risk is credit cards. Credit cards are always something to be mindful of whether to avoid debt or fraud! When a credit card is used, overspending or purchasing something that cannot be afforded (i.e. snowballing debt) can occur. Additionally, it is hard to track purchasers and support if needed.
- One important policy to set in place is to limit the number of people who have a church credit card. Only key personnel who are buying on a regular basis should be given a credit card. Those who spend company money on occasion should fill out an expense report with a copy of each receipt for timely reimbursement.
- A second policy to have in place is for employees to always provide an invoice or receipt with every purchase that is reviewed in a timely manner by either a supervisor for employees or the board for the senior pastor and other executive positions.
- Another policy to implement based on the role of an employee, is to put in place either a single transaction limit or overall credit limit. Typically, a limit is the monthly salary of the person having the credit card.
- A final policy to have in place is for credit cards to only be used for items relating to the church, no personal expenses! Have employees sign an agreement that acknowledges this and lays out penalties for not following these rules. Should personal expenses occur on the credit card, deduct this from the next employee’s payroll.
Risks to Monitor with Board of Directors
The second area of potential risk to fraud is the board of directors or board of elders. There are three big issues that may arise with a board. Overall, you will want to be selective about who sits on your board as it directly effects your financials and ministry.
- First, it is important to note that a board member should not be there ceremoniously, meaning they are a passive member that relies heavily on others. Each board member should actively engage.
- Second, there can be conflict and risk that arises when a board member is not independent from church operations. A good policy to enforce is that board members are not part of operations, nor related to any staff or have any related business dealings with the church. Being a member of the church is allowed.
- Finally, risk may arise if there is an overbearing pastor or overriding controls. These actions make up 10% of risk to fraud and overriding internal controls make up 18% of risk to fraud*. Pastors have an important role in leading the church vision and mission. At times pastors need to follow policies and procedures of the church as well as other churches in their denomination. This demonstrates financial stewardship with parishioners and the community.
Friendly Auditors, Here to Serve!
If you have any questions about fraud, internal controls within a church, or anything else please contact us. We are always happy to serve and offer any assistance that would make your audit experience truly enjoyable!