Internal controls keep fraud at bay

By Tammy Bunting

“What happens in accounting, stays in accounting.”

If your finance team’s motto goes something like this, you might have an internal controls problem.

Internal controls are put in place to clearly define proper procedures for finance and accounting team members, to minimize risk, and to alleviate suspicion. Even churches must mitigate risk and ensure that policies and procedures are in place and functioning as intended.

In our May / June 2015 issue article, “Church Audits: Know the 4 V’s,” we discussed the importance of keeping things organized, which in turn supports efficiency and accuracy. It can be somewhat overwhelming for pastors to focus on the eternal welfare of his or her parishioners and keep a pulse on financial affairs, specifically when it comes to defining good internal controls. Maintaining organized business operations is extremely important, but it must not intrude on mission-critical efforts.

So, where should you focus your attention?

As a pastor or church administrator, think of establishing internal controls as “staying organized” but … on steroids. The process won’t be easy, but it will be worth it. And, once policies and procedures have been defined and documented, the crucial piece is execution.

Operating successfully within your predefined internal controls is a bit like playing a board game: There are specific rules that govern how the game is played. No player can simply do whatever he or she wants; rules ensure that the game is played fairly and that no one player has a bigger advantage than another.

Similarly, financial operations require a set of rules that must be followed. Everyone must read the rules and understand them before the “game” starts; that way, no one player has the opportunity to circumvent them. This is important, because if your family is anything like mine, there’s always someone who tries to change the rules at the most opportune time so they can take advantage! Usually, a few turns go by before we say, “Wait a minute — you cheated!”

So, how do we begin to define these rules, document them, and ensure they’re followed? Start with a list of checks and balances. To that end, let’s take a look at four categories that are key to any internal controls policy.

#1: Cash
#2: Authorization
#3: Reconciliation
#4: Oversight

What follows is a short list of requirements within each category that will help you mitigate potential risks at your church. Risk refers not only to fraud, but also to errors.

It is always a good idea to meet with your CPA firm to establish this list for your organization, to understand how it should be documented, and how best to communicate the procedures to your staff.

Cash

• Separate the receiving of cash / checks from the record-keeping functions.
• When opening the mail, endorse or stamp checks “for deposit only” and list the checks on a log before turning them over to the person responsible for compiling the deposit.
• Make sure the same person isn’t authorized to write and sign checks.
• Require paychecks to be distributed by a person other than the individual authorizing or preparing payroll checks.

Authorization

• Require purchases to be authorized by a designated person.
• Separate purchasing functions from payable functions.
• Require supervisors to approve employee timesheets.
• Establish a policy that mandates credit cards are for business use only. Prohibit the use of credit cards for personal purposes with subsequent reimbursement.
• Set account limits with credit card companies and suppliers.

Reconciliation

• Reconcile bank accounts every month.
• Require the reconciliation to be completed by someone other than the person with check-signing responsibilities, or require a supervisor review of the reconciliation.
• Initial and date bank statements or reconciliation reports to document that a review was performed.
• Reconcile credit card statements monthly. Follow bank reconciliation review protocol.

Oversight

• Establish a governing body that monitors the operations and management on a regular basis.
• Require an explanation of any significant variances from the budgeted amounts.
• Document the approval of financial policies and procedures, as well as major expenditures, in board meetings.
• Require independent auditors to represent and explain annual financial statements to the governing body and to provide management letters to this group.

The list above represents a selection of key elements in establishing a minimum of internal controls and is by no means all-inclusive. A well-designed internal control structure can increase operational performance by improving your church’s overall efficiency and effectiveness, as well as reducing risk.

No church is exempt

I have been involved in the church my whole life. Starting at 3, under my father’s leadership, I participated in planting a church, along with another family. Because of that experience, being a part of a church family means something very personal to me.

As an adult, I discovered that, unfortunately, churches are not immune to fraud. The ultimate cost is not just dollars, but also a loss of trust that hurts the church and stays with it forever.

A lack of internal controls can provide someone with the opportunity to access money for his or her own use. Take the time to put the “rules of the game” in place so that trust within your church stays protected.

Trustworthy staff members who have the church’s best interests at heart will appreciate the value these protections provide.

Tammy Bunting is the Director of Not-for-Profit Services at AcctTwo, which provides cloud-based financial management software and outsourced accounting for churches. AcctTwo’s solutions help churches automate processes, increase accuracy, and provide a complete financial picture.