EMBEZZLEMENT – IT CAN HAPPEN TO YOU!
Without making the narrow legal distinction
between embezzlement, fraud and theft, embezzlement can simply be defined as the
misappropriation of items with which a person has been entrusted. The frequency of the embezzlement, the amount
embezzled or the job position of the embezzler is not important. Embezzlement IS A CRIME.
Experts believe that embezzlement occurs in one
out of every twenty businesses, including churches and other not-for-profit organizations.
The difference between churches and other
businesses is the mistaken belief that “embezzlement can not happen in a church.”
In fact, churches may be more susceptible to
embezzlement because of this belief.
The “it can’t happen to me”
attitude was recently demonstrated during the audit of a large church in the Pacific
Northwest. When asked whether he was aware of
fraud or embezzlement in his church, the Pastor confidently stated that he was not
concerned about embezzlement because his employees were “working in a Christian
environment.” Unfortunately, working in a
Christian environment is no guarantee that employees will be free of temptation or greed. Combine temptation with opportunity and
embezzlement is likely to occur.
The risk of a significant embezzlement can be
reduced in three ways:
* Understand
the responsibilities of the church’s leadership
* Recognize
the risk factors that contribute to embezzlement
* Implement
strong internal controls
Church Leadership - The First Line of Defense
Pastors, administrators and board members are
the first line of defense in the prevention of embezzlement. They have the responsibility to set the standards
and expectations within which the church operates. Court
decisions leave little doubt that these individuals have a duty of “due care” in
the prevention and prosecution of embezzlement. That is, they have a fiduciary
responsibility to the church (congregation) to exercise due care by establishing and
monitoring procedures necessary to minimize the risk of embezzlement. When the church
leadership has failed to exercise “due care”, some courts have held the
leadership personally liable for failing to prevent embezzlement.
Most embezzlement goes unreported and is rarely
prosecuted. The reasons given for the failure to report this crime include concern over
unwanted publicity, embarrassment, the fear of falsely accusing an employee, sympathy for
the accused, or the mistaken belief that the embezzlement was a “one time event”. Embezzlement is never a “one time event”
and there is no such a thing as a “little embezzlement.” If it happens once, it will happen again. Learn to trust your intuition. If something seems
wrong, it usually is.
Adopt a zero tolerance policy regarding
embezzlement. This will send a clear message
to employees. Not only will embezzlement
result in the immediate termination of employment, if significant, it may also be reported
to the local authorities for prosecution. In
the event that an employee is discharged for embezzlement, consult with legal council
regarding what may and may not be communicated to a prospective employer.
Churches should generate a climate where
employees feel free to report suspected cases of embezzlement or any inappropriate
activity of which they become aware. Employees
should know that they will not be targeted as “whistle blowers” for reporting
what they sincerely believe to be illegal acts by others.
Many churches include such a statement in their employee manuals and
reaffirm this policy during annual employee reviews.
Recognizing the Risk Factors
Assessing
the opportunity for embezzlement begins with an awareness of potential risk factors. The greater the number of risk factors, the greater
the opportunity for embezzlement. Remember the equation (temptation + opportunity = risk
of embezzlement). Remove or limit the
opportunity and the risk will be reduced. Common
risk factors include:
* Complacency shown by leadership/management
* Low management expectations
* No pre-employment background checks
* No employee bonding
* Comparatively low employee compensation
* Unorganized work environment
* No written policies and procedures
* Weak internal controls
* No segregation of duties
* Poor documentation for a cash disbursement
* One employee handling and recording bank deposits
* No required vacations
* Missed financial reporting deadlines
* Late issuance of required donor and/or payroll reports
* Late issuance of financial statements and comparative budget reports
* Insufficient supervision of the accounting personnel
* No review of financial information by an outside CPA
Control the number of risk factors and you have reduced the opportunity portion of the
equation. Once again, if you think you may
have a problem, you probably do!
Implementation of Strong Internal Controls
No accounting system or set of internal control
procedures can guarantee the elimination of embezzlement.
If two or more people conspire to embezzle, most internal controls will be
negated. However, a few simple internal
controls can greatly reduce the “opportunity” element of the equation and reduce
the likelihood of loss.
* Create a climate of trust
– Management must create a climate of trust. Because
most employees are honest, they will alert management to suspected embezzlement. If they
believe their concerns will be taken seriously, investigated and held in confidence, they
will be willing to come forward as soon as they have reason to suspect illegal activity. Employees must know their concerns will be
vigorously investigated and if confirmed, management will prosecute the offender to the
full extent possible. The expectation of high standards is a major deterrent.
* Background
checks – Background checks are mandatory for most employees who work with
children. Expand this requirement to include
employees and volunteers who handle cash. Dishonest
individuals may be deterred from applying for employment if they know a pre-employment
background check is required.
* Employee bonding - Employees
who handle cash should be individually bonded. An employee who is unable to be bonded
increases your risk and raises a "red flag".
* Double custody of cash -
Cash, collected from offerings, should be in the custody of at least two people while it
is being counted and prepared for deposit. The total amount of the collection should be
recorded on a two part control document indicating the amount of checks and the amount of
cash by denomination. The control document should be reviewed and signed by all members of
the counting team.
Once counted, the offering should be
placed in a safe until a formal bank deposit is prepared. One copy of the control document
should remain with the cash. The second copy of the control report should go to an
individual having no other responsibility for cash other than reconciling the bank
statement. Each offering should be recorded using a separate deposit slip.
* Segregation of duties –
A key element in reducing the risk of embezzlement is the segregation of duties. While two or more people may conspire to embezzle,
the risk is dramatically reduced when cash duties are divided among several individuals. In general, separate individuals should be
responsible for counting cash, preparing the bank deposit and reconciling the bank
statement to the books. Individuals having
check signing authority, authority of transfer funds between accounts or who prepare bank
deposits, should not be responsible for reconciling the bank statement.
* Mandatory vacations –
Employees who have access to cash or who are responsible for preparing bank deposits and
reconciling bank statements, should be required to take periodic vacations. During vacation periods, assign cash
responsibilities to an employee not usually assigned these responsibilities. This will
reduce the possibility of collusion between the regular employee and another person.
Rotating the responsibility for the "fill in" position further reduces the risk
of collusion. Beware of the employee who is "to busy" to take a vacation or who
believes he or she "is the only person capable of doing their job". This is a
"red flag".
* Control of bank accounts
– The creation of "dummy" or hidden bank accounts is a frequent element in
embezzlement. A trusted employee, usually the bookkeeper, opens another bank account in
the name of the church. The new account is located at the same bank and therefore draws
little attention. The account requires only one signature, that of the person planning the
embezzlement. Funds are deposited into this
account when double custody procedures are not followed. Checks are then drawn on the
account and deposited in the perpetrator’s personal account. Bank statements are sent
to an address not associated with the organization and accordingly do not cause suspicion.
The use of "dummy" bank accounts might
be detected if management would contact local banks and request a list of all bank
accounts held in the organization’s name. Management should then verify each bank
account number as an active account. Each
should be compared to the monthly bank statements and all statements should be accounted
for.
Finally, a senior member of management, not
having check signing authority, should be the first person to open and review all monthly
bank statements. The bank statements should be reviewed for unusual transactions and the
cancelled checks should be reviewed for valid signatures.
* Scan bank statements for wire or
telephone transfers – Wire, automatic or telephone cash transfers should be
closely reviewed. Transfers from one account to another should be traced and both
transactions reconciled on the organization books and the bank statements. All transfers should require the approval of an
individual not responsible for reconciling the
bank statements.
* Dual signature checks –
All checks should require two signatures. Documentation, verifying and authorizing the
expenditure, should accompany the checks during the signing process and should be reviewed
by all check signors. Checks should never be signed in advance! Requests for checks to be
signed in advance should be treated as a "red flag"!
*
Reporting requirements – A monthly schedule of due dates, for the generation of
management reports, should be contained in the policies and procedures manual. If financial statements, donor acknowledgements and
payroll reports are not prepared on a timely basis, management should be placed on notice
regarding a possible problem.
*
Professional assistance – Churches are beginning to regularly use the skills of
an independent Certified Public Accountant (CPA). On
an annual basis, CPA’s should be asked to prepare Reviewed or Audited financial
statements. These statements provide the
church with varying levels of assurance that the financial information is accurate.
While many churches have their financial
statements prepared at a reduced cost by a CPA who is a member of the congregation,
professional guidelines suggest a lack of professional independence and objectivity. An independent CPA is in the best interest of the
church.
The cliché “the best offense is a strong
defense” applies to risk reduction. While
no set of controls can guarantee that embezzlement will not occur, the risk of a
significant embezzlement can be reduced by understanding the responsibilities of the
church’s leadership, recognizing the risk factors that contribute to embezzlement and
the implementation of strong internal controls.
