Fraud: A Growing Crisis: Part 2
Article Series in pdf format

    By Rodney Smith, CPA CFE

    In the first article in this series, I wrote about some common methods of fraud detection and fraud risks that are somewhat unique to the church. Additionally, behavioral red flags were identified along with some easy anti-fraud maneuvers.

    In Part 2 of the series, I will revisit or expand upon some of these topics and also provide additional food for thought based upon my experience as fraud examiner and a church financial statement auditor.

    When I interview church leaders and ask them about their most common (administrative) frustrations, two concerns typically appear at top of the list: monthly financial statements and credit card management. I believe it is no coincidence that these two matters are common elements contributing to fraud risk.

    By far the majority of church embezzlement cases, with which I am personally familiar, are perpetrated by staff directly involved with core accounting functions of the church. These fraudsters typically had a long tenure of service to the church, but it is highly unlikely they had a prior conviction. However, it is likely that news of a church embezzlement can cause a crisis of confidence among the church members and scar the reputation of the church in its community.

    If these possibilities do not provide enough motivation to implement fraud prevention measures, just know that the majority of fraud victims recover nothing from the fraudster.

    I consider it important to emphasize that protecting church staff from unwarranted accusations of impropriety is just as important as protecting against misappropriation of assets. With this perspective in mind, let us once again consider the anatomy of a fraud case.

    How does fraud happen in the church?

    A partial list of explanations for church fraud is listed below:

    •    Internal controls are designed with monitoring and supervision as key aspects of fraud prevention, yet those functions are neglected by church management.
    •    There is complacency among senior church leadership with respect to enforcement of expense reimbursement and credit card use policies.
    •    Trust is relied upon as internal control.
    •    Certain common fraud risks present in churches are not recognized and properly mitigated.
    •    The church’s accounting and financial reporting system is prone to error, inadequate and / or incomplete – often providing a smokescreen for the fraudster’s dirty work.
    •    Advances in technology create new fraud risks that are surprising to church leaders.

    To revisit our prelude to fraud from Part 1 of the series, remember there are generally three elements that exist in an organization’s office environment that affect the risk of fraud. These elements form the three sides of what is known as the Fraud Triangle and are fundamental considerations for anyone that is interested in mitigating the risks of fraud, or preventing it from recurring:
     

    1.    Opportunity
    2.    Pressure
    3.    Rationalization

    Constant financial pressure over an extended period of time can cause an individual to rationalize their way into exploiting a vulnerability – an opportunity to steal from their employer. What we see as theft is often seen by a fraudster as borrowing, taking what they truly deserve, or in the case of a church, providing themselves with a benevolence award. Rationalizing behavior is a complex matter, but in the case of church embezzlement, it is fueled by pressure and opportunity.

    A Case Study

    The competence factor.

    Although not unique to the church business office, poorly designed and inaccurate financial reporting is a common phenomenon in faith-based organizations, and churches in particular. Some churches employ accounting professionals, but more often I encounter church bookkeepers that are intelligent, conscientious, and disciplined individuals that exhibit a tremendous work ethic and servant attitude. Sadly, they know very little, if anything, about accounting. Training for these workers is generally focused on what to do, not why it is being done or how it impacts the world around them.

    Bookkeepers lacking proper skills will often follow the same procedures for months and years, with very little supervision. When circumstances change, they likely fail to adapt, resulting in accounting errors – possibly intentional – that go unnoticed or are just tolerated. Then church decision-makers regularly rely on flawed information based upon outdated or invalid assumptions, until a financial statement user with respectable accounting knowledge starts to ask questions.

    The neglect factor.

    At the hub of any accounting and financial reporting system is the general ledger chart of accounts –
    a nerdy accounting term appreciated by so few, but incredibly important to so many. In other words, the chart of accounts is the order of listing balance sheet elements, such as assets and liabilities and the groupings of income and expense accounts into departments or other meaningful categories. When subject to the whims of those lacking appreciation for its design, or with changes in personnel, mismanagement of the chart of accounts can cause financial reports to deteriorate in usefulness as various cash and investment accounts, properties, loans, restricted funds and ministry activities come and go.

    In summary, financial reporting that was initially useful for decision makers is increasingly met with skepticism as the information becomes more convoluted, confusing or obviously full of errors.

    The alternative factor.

    What do you get when a bookkeeper lacking accounting skills regularly provides financial reports to decision makers that are not useful? An alternative reporting system.

    Frustrated finance committee members resort to giving the church business office what is essentially a list of demands, i.e., “We need to know cash in / cash out, bank balance, loan balance, budget vs actual, etc…”

    Now, data that is partly derived from the church’s accounting system can be combined with other sources of data to populate reports that are “disconnected” from the general ledger chart of accounts. The alternative soon becomes the “new normal” as the decision makers become comfortable with the reporting system they designed. Yet, it forms a smokescreen for the clever fraudster.

    [The paragraph below can go in a box or have some kind of distinguishing border around it.]
    Regarding the aforementioned Fraud Triangle, my observation is that churches, as compared to the secular world, are much more overexposed to opportunity due to flawed internal controls. Church employees are generally considered more trustworthy than the general public, so church leaders themselves rationalize their reliance on trust. Churches can be exposed to major vulnerabilities without adverse consequences for decades, but the moment the financial pressure becomes unbearable, even the most loyal and tenured worker can succumb to the temptation and rationalize their decision to crack the safe.

    The smokescreen.

    The bookkeeper that lacks accounting skills, but is otherwise intelligent and resourceful, is now the beneficiary of an alternative financial reporting system that serves as a smokescreen for the newly disconnected general ledger. What can happen behind this smokescreen? Some real-world examples for your consumption:


    •    Budget vs actual reports are exported from the general ledger to a spreadsheet. Amounts are edited to compensate for fraudulent transactions in the general ledger, or those fraudulent transactions are never even recorded in the general ledger.

    •    The Finance Committee only expresses an interest in budget vs actual activity (translated as cash in / cash out), and they are not interested in the balance sheet or statement of financial position – a snapshot in time. The bookkeeper stops sending balance sheet reports, and then begins recording fraudulent transactions in balance sheet accounts. (But…the bank reconciliations still balance….maybe…)

    •    Since fraudulent transactions could cause cash balances to be understated, the clever bookkeeper creates a designated fund (another balance sheet account), and records fake transfers to cash.

    The sideshow.

    Let us not forget about the other major frustration of church business administrators: Church-issued credit cards. (As you might imagine, an entire article could be devoted to the pitfalls and drawbacks of managing the users of church-issued credit cards.) Obtaining supporting documentation for credit card purchases is enough of a struggle. Preventing credit card abuse or detecting credit card fraud can be more challenging when there is inadequate checks and balances over credit card purchases. The typical credit card sideshow develops when the sneaky bookkeeper has access to a church-issued credit card, but also has management responsibilities over the church’s credit card accounts. The script for the sideshow:

    •    Act 1 – Develop the alternative financial reporting system to serve as a smokescreen.

    •    Act 2 – Bookkeeper obtains a church-issued credit card. (Undetected by other church staff because the bookkeeper is the only person with access to the master account statement / online portal.)

    •    Act 3 – Personal credit card purchases are recorded…

    o    Scene 1 – To balance sheet accounts (Not detected because oversight body does not receive a balance sheet report.)
    o    Scene 2 – To budget accounts that would otherwise have a favorable variance or unfavorable variances that are tolerable and will not be questioned. (Over time, the oversight body might even begin budgeting for fraudulent transactions.)
    o    Scene 3 – Does not matter where; maybe not at all, because the reports are not connected to the general ledger and are falsified.

    We do not want to automatically assume that sloppy accounting or alternative reporting systems are an indication of fraud – just an increased risk of such. Weak accounting practices are sometimes used to play a “shell game”, but just as often they are just evidence of neglect or incompetence.

    [This could be a sidebar or even deleted depending on your space / layout needs]
    Pro Tip

    With changes in technology and banking customs, churches can suffer a false sense of security by requiring two signatures on a check. It is best to be more thorough on the expenditure approval process – no less than two approvals, so that the signature on the check is anticlimactic. There are many instances where requiring two signatures is an ineffective control because of potential circumvention:

    • When one of the authorized check signers will be unavailable, they will sign several blank checks as a matter of convenience.
    • Automated and electronic transactions, which require different types of approvals than manual signatures, are becoming increasingly more cost efficient, and therefore, more popular.
    • Payees often use remote capture to deposit checks, so the checks clear the bank before the bank could even consider whether two signatures were present.
    • Many banks will not honor the request for two signatures because monitoring the control is too cost prohibitive.

    Fraud Prevention

    I recommend that churches recognize and acknowledge those fraud risks that are common in the church, and explain to their staff that any changes in internal control are intended to protect them as well as the church.

    It is best practice to develop a comprehensive anti-fraud program based upon a church’s unique control environment, but some anti-fraud maneuvers would be common to most any church:

    [Best to be in a table or a graphic?]
    4 Easy Anti-fraud Maneuvers

    1. Send activity reports (budget vs actual; restricted funds) AND a balance sheet to your financial oversight body as a matter of routine.
    2. Require two signatures for expenditure approval as opposed to two signatures on a check.
    3. Financial reports should be generated directly from the general ledger, and/or reconciled back to the general ledger by someone other than the preparer.
    4. A person other than those involved in the core accounting processes should have supervisory responsibilities for church-issued credit cards.

     

    This article is the second in a series of articles about fraud in the church. (The first article was published in the Fall 2018 issue of this magazine.)  Statistics cited in this article are derived from the 2018 Global Study on Occupational Fraud and Abuse published by the Association of Certified Fraud Examiners.