In 2017, authorities charged a former church employee with embezzling over $300,000. Authorities alleged the former financial secretary charged church credit cards to make personal purchases and used church funds to pay her own personal debts.
This is a reminder of why we need controls to prevent fraud and steward the money God entrusts to our churches. I don’t know the leaders of the church involved, so I don’t know what controls they had at that time. However, here are a few simple steps you can take to reduce the risk of this happening at your church:
Tip #1: The person authorized to make credit card charges should not reconcile credit card statements
This is referred to as “segregation of duties.” If I have a church credit card (or access to them) and I’m also the sole person who reconciles those statements each month, it would be easy for me to make fraudulent charges without anyone noticing. Don’t leave that temptation in front of someone or expose your church to that level of risk.
Instead, divide responsibilities. Have someone without access to church credit cards be responsible for reviewing monthly statements and monitoring charges.
Tip #2: Consider outsourcing
By hiring an outside company to reconcile the accounting records each month, you increase the chances of catching fraud. This is how the church in the story mentioned above found out about the embezzlement. The outsourcing company shouldn’t have direct access to your church’s bank or credit card accounts. They should be responsible for entering transactions into your church’s accounting software and/or handling monthly reconciliations and reports.
Tip #3: Separate Accounts Payable Functions
The person who enters vendors into the accounting software shouldn’t be able to enter invoices or print checks. Again, this goes back to “segregation of duties.”
Here’s the scenario:
- Joe creates a new vendor called “Smith’s Print Service.”
- Joe’s friend happens to own this company.
- Joe then enters a fake invoice from Smith’s Print Service for $1,000.
- Finally, Joe gets his friend to cash the check for him.
You can set up security rights within an accounting system to divide responsibilities. This enables you to keep Joe from creating a new vendor, entering an invoice, and cutting a check to pay that fake invoice.
If you don’t have enough staff members to separate responsibilities to this level, you have a couple of options:
- Consider outsourcing your church’s bookkeeping to another company.
- Require the staff member who authorized a purchase to physically sign off on the invoice. In addition, have the person who can sign checks review those approved invoices before signing the corresponding check. In this scenario, staff members with the ability to enter transactions into the accounting software should not be allowed to approve invoices. This isn’t ideal, but it at least increases your chances of catching a fraudulent invoice before signing the check.
These aren’t the only internal controls you should have at your church, but they’re a good start. When people trust you with their tithes and offerings, they trust you to use and guard that money wisely. Invest the time now to put proper internal controls into place. Otherwise, you may be forced to invest time later into gathering evidence to prove fraud and deal with the aftermath at your church. Prevention is much less expensive (both financially and from a trust perspective) in the long run.