A number of years ago, a concerned church reached out to its CPA firm. It had been growing and enjoying strong giving, but it was suddenly experiencing an unexplained cash flow crunch. The CPA firm conducted a forensic examination and found that the church’s bookkeeper had embezzled more than $2.1 million over a seven-year period. Church leaders had never questioned how the bookkeeper, a longtime employee who was earning around $40,000 per year, could afford an expensive car, trips to Europe, and part ownership in a racehorse breeding operation, said Robert Faulk, CPA, partner and church and denomination services director at CapinCrouse LLP, whose firm performed the forensic accounting engagement.
Along with Kenneth Tan, CPA, CGMA, a principal at CapinCrouse, Faulk will present a session on assessing church fraud risk at the AICPA & CIMA Not-for-Profit Industry Conference, scheduled for June 7–9 online.
Unfortunately, religious organizations are often vulnerable to fraud precisely because of the trust and forgiveness that define them. The disruptions caused by the COVID-19 pandemic have further exacerbated their fraud risks. There are a few steps CPA firms can take to help churches to identify, address, and prevent fraud.
Begin by educating church leaders about possible risks. They will probably be surprised by what they hear. In fact, the amount of church financial fraud worldwide is expected to hit $80 billion by 2025, according to insurers Brotherhood Mutual. Reported numbers are likely low, since many churches will terminate but not prosecute someone who has engaged in fraud, and the real losses involved may never be found or reported, according to Tan.
Focus on controls. When a church client turned to Tan with suspicions about an administrator, he learned that this person was in charge of bookkeeping, signing checks, submitting invoices, and financial reporting. Tan discovered that the administrator had stolen hundreds of thousands of dollars. Segregation of duties is a critical internal control, and it’s one of many that may have been compromised as religious organizations adjusted to remote work and other COVID-19 accommodations. Changes allowed during the pandemic, such as mail redirected to employees’ homes and greater employee access to cash disbursements, expense reports, or credit cards, made it easier to misdirect funds. Supervision may also have been weakened in the remote environment, while cost-cutting may mean that inexperienced people have taken on unfamiliar responsibilities. Many of these issues existed before the pandemic and are likely to continue once it’s over. As a result, they should be at the center of fraud deterrence efforts.
Be aware of churches’ evolving needs. Because of COVID-19, “every church got a wakeup call that it has to adapt technology, to create an online platform for the congregation, and to open a conversation on the tools available to alleviate the burden on limited resources,” said Faulk, who has also served as an executive pastor and church CFO. There have been mergers of some congregations, especially among those that were unable to succeed at taking contributions or managing other business online. All of this transformation raises new control and cybersecurity questions as churches reconsider how to handle areas such as finance and accounting, HR, and payroll. CPA firms may find that church clients are now open to conversations about outsourcing some operations to gain efficiencies and maintain control, Faulk said.
Talk about change in ways that will resonate. If church leaders are uncomfortable implementing the kinds of scrutiny and enhanced supervision that can help deter fraud, it’s best to discuss them in ways that will mean something to them. For example, Faulk recommended talking about how fraud deterrence efforts are simply good stewardship of the church and staff. Avoiding a lax control environment may prevent someone from being tempted to commit fraud, he noted. Proper controls can also protect church leaders from inaccurate accusations and ensure that the church isn’t caught up in an unnecessary scandal that causes reputational damage. In one case he has seen, a senior pastor was accused of fraud by a parishioner, but Faulk was able to point to the church’s strong internal controls and financial reporting to establish that he couldn’t have done it.
Gain critical support for change. Church clients may also be more receptive to new procedures if they are advocated and carried out by a trusted group, Tan noted. He recommended that oversight of finances and responsibility for any outsourcing decisions should not fall exclusively on the pastor’s shoulders. Instead, he or she should be supported by appropriate committees or elders who can provide valuable insights, especially those with a business background. Proper oversight may be accepted more easily if it is supported by these committees.
Keeping the faith
Church communities are built on fellowship and understanding. CPAs can help them maintain that identity by working to educate them on their fraud vulnerabilities and offering the services and advice they need to minimize their risks.
— Anita Dennis is a freelance writer based in New Jersey. To comment on this article or to suggest an idea for another article, contact Ken Tysiac, the JofA’s editorial director, at Kenneth.Tysiac@aicpa-cima.com.