Now more than ever, all organizations are exposed to risk, including cyber security breaches and internal fraud. Religious institutions — which strive on building a trusting relationship with their members and employees on the foundation of religious beliefs, coupled with tight budgets and limited financial oversight — are even more vulnerable to fraud and abuse.
By Judy Murphy, CPA
The negative repercussions of fraud are numerous, from negative publicity for the church to exposure of sensitive member and organizational information to actual theft of assets. In fact, according to the Association of Certified Fraud Examiners’ 2014 Report to the Nations, the median loss for not-for-profits caused by fraud was $108,000.
More than 80 percent of internal fraud reported involves asset misappropriations such as cash receipts, cash disbursements and payroll schemes, as well as property theft. In 2014, the three most common and costly misappropriation schemes for a religious organization were check tampering (35 percent) and billing and expense reimbursements (32.5 percent each).
Being aware of your church’s key internal controls related to its cash receipts, cash disbursements and payroll is an excellent start to strengthening the organization’s financial internal control environment and in turn, decreasing the likelihood of someone committing and concealing fraud. As religious organizations often have few individuals wearing many hats, internal controls — particularly those related to segregation of duties — require careful planning and consideration.
Internal controls over cash disbursements
The area of purchasing and cash disbursements tends to be the area most commonly associated with fraud and abuse. The following duties should be segregated as much as possible:
- Purchase requests or authorizations
- Receiving purchased items
- Recording accounts payable
- Approval of invoices
- Check writing and/or initialization of electronic transfers
- Mailing of checks and monthly reconciliations of bank accounts.
Additionally, general internal controls surrounding cash disbursements that should be in place include:
- Use of pre-numbered checks in sequential order and monitoring over check stock
- Limiting the use of signature stamps and prohibiting the signing of blank checks
- Always updating check signers when a change occurs
- Receipt and review of unopened bank statements by someone not involved in the recording or authorization of cash transactions
- Reconciliation of all bank accounts monthly by someone not involved in the cash disbursements process and review by another independent party
- Regular monitoring of expense account balances against budget and review of such expenditures by management or board members
- Use of positive pay, a fraud prevention service offered by banks
- Requiring two signatures on all checks over an established threshold and providing signers with supporting documentation when checks are presented for signature
- Mailing checks immediately, preferably by someone not involved in the cash disbursements process
- Reviewing vendor payment history and establishing controls over new vendor setup
- Having a call-back feature in place for all wire transfers and requiring approval on all transfers.
Internal controls over cash receipts
When considering misappropriation of cash receipts and segregation of duties, at a minimum, those tasks surrounding collection and handling of funds, recording collections and maintenance of church member donation records should be segregated.
Additionally, general internal controls surrounding revenue and cash receipts should include:
- Discouraging cash collections, if possible
- Immediate restrictive endorsement of checks received
- Timely deposits of funds received — including cash and checks — particularly after heavy holiday collections
- If daily deposits are not possible, using an overnight safe with limited access
- Maintaining a cash receipts log of amounts received, including payor name and amount, form of payment and description of the purpose of the payment
- Periodic reconciliation of cash receipts log with deposits made to bank
- Periodic reconciliation of cash receipts log with revenue recorded in accounting records
- Periodic distribution of member statements, including identifying a person responsible for receiving notification of concerns should statements not contain all donations made (this person should not be involved in the accounting function)
Internal controls over payroll
While there are many ideal payroll-related internal controls, the most critical involve the separation of duties associated with the personnel function (i.e., new employee setup, rates of pay — including pay increases, employee withholding and removal of terminated employees) from the roles associated with the actual accounting function (i.e., timesheets, recording payroll, distributing payroll checks and reconciling the payroll bank account).
The following include recommended internal controls surrounding the payroll process:
- Maintaining detailed payroll registers which include each payroll check, gross amount, withholdings and net pay amount
- Regular review of payroll registers and annual W-2s, payroll tax reporting and 1099s by an individual not involved in the cash disbursement process
- Approval of all salary and wage rates by a financial officer or appropriate management
Segregation of duties and practical consideration of internal controls can set the tone at the top and go a long way towards protecting the assets of your religious organization.
Judy Murphy, CPA, CGMA, is Partner-In-Charge of national accounting firm RubinBrown’s Not-for-Profit Services Group. With more than 35 years of experience, she primarily serves not-for-profit clients and provides audit, tax, and consulting services. She is a member of the American Institute of Certified Public Accountants and serves as vice-chair for the not-for-profit committee of the North America Region of Baker Tilly International.