To prevent fraud, know the warning signs and make sure those involved in handling parish assets are aware of diocesan fraud prevention policies.
What is fraud?
Fraud is the theft or misappropriation of parish assets for another’s gain. Examples include:
- Mishandling cash or assets;
- Forgery or alteration of bank documents, checks, or financial reports;
- Any other dishonest act involving funds, furniture, fixtures and equipment, supplies or any other parish asset.
Fraud is a CRIME, and offenders will be prosecuted.
Why Have a Policy?
Parishes and organizations that understand the risks and take proactive steps to reduce its occurrence are the most successful in preventing fraud, thereby reducing potential monetary and reputational damages. A policy that clearly defines the steps that management, staff and volunteers should take if fraud is suspected helps those responsible for the stewardship of these assets to fulfill their duties. A formal fraud policy also shows staff and volunteers that the organization is serious about fraud and will prosecute individuals who are caught.
Implementing and monitoring internal controls as established by the Diocese of Trenton will help the parish/school maintain compliance with anti-fraud recommendations and requirements. These requirements set up specific standards for internal controls, segregation of duties, bank reconciliations, and other practices that help to fight fraud.
Developing a Fraud Policy
The pastor, in collaboration with his business manager and finance council, should implement the relevant internal controls, policies and procedures. Staff members and volunteers need to know what to do in the event fraud is suspected, and should be assured that they can communicate their concerns in a confidential manner. The USCCB states, “A strong preventive and detective measure against fraud in an organization is the ability of employees and other constituents to anonymously report suspected wrongdoing without the threat of retaliation.”
Implementing a Policy
During the Hiring Process
Be sure to do the regular due diligence – verify identity and perform appropriate background checks, including references. Each parish and school should have an organization chart with clearly defined roles and reporting lines. In addition, employee job descriptions should include:
- Authorization levels, where necessary.
- Acknowledgement of employee’s duty to report financial discrepancies or suspected fraud and the duty not to disclose any private financial information to a third party.
Segregation of Duties
To help prevent fraud, it is critical that you maintain a system of checks and balances. Embezzlements most often occur when trusted employees have access to both assets and financial records. A fundamental tenet of internal accounting controls is to keep the financial recordkeeping duties separate from those individuals who have access to assets, particularly cash. For example, bank account statements should be reconciled in a timely manner by someone other than the person charged with making deposits.
The Diocesan Financial Policy requires two signatures on all checks greater than $5,000.
The weekly offertory and proceeds from raffles or fundraising events should be physically secured immediately as described in the internal control policy manual.
Access to the counting room and areas containing the parish/school safe and financial documents should be clearly labeled as restricted areas and should be effectively secured. The keys and/or combination to the parish/school safe need to be restricted to a small number of documented managers.
Inventory of Assets
The parish/school should maintain an asset register or inventory sheet listing all physical and financial assets owned by the parish/school. An inventory of physical assets should be conducted on a regular basis - at least annually.
Protection of Sensitive Data
Identity theft and other forms of data breach are a serious concern for all organizations and individuals. The following recommendations should help ensure the protection of data:
- Files containing financial and personnel information should be stored in lockable, fire-rated cabinets in a secure room.
- The key register/security card register should be properly maintained and up-to-date. In particular, it should be updated whenever personnel changes occur.
- Computers should be password-protected with complex passwords that are at least eight characters long and should include letters, numbers and special characters. Computers should be set to automatically lock if unused for more than 10 minutes.
- Computers should be protected with firewalls and regularly updated anti-virus software. The use of portable storage devices should be limited to authorized personnel.
- When disposing of paper documents that contain sensitive information, documents should be shredded first.
- Data protection procedures should be regularly reviewed and amended as necessary.
- Internal Control Checklist for Parishes, Schools and Cemeteries
- Parish office address should be on all checks.
- All bank statements should be mailed directly to the parish office and reviewed and initialed by the pastor.
- Original copies of parish organization bank statements are kept at the parish office and copies distributed to church organizations.
- All banks statements must include copies of canceled checks.
- All bank accounts are parish assets and must carry the parish FEIN number.
- Bank resolution forms and signature cards must be executed by pastor as a signer.
- All parish bank accounts must show the pastor as the corporate officer and as the secretary/treasurer of the parish.
- All checks over $5,000.00 require two signers. One signature must be a priest, trustee or finance council member authorized to sign checks for the parish.
- All checks must contain the following statement: “Payments over $5,000 require two (2) signatures.”
- All back-up signers of checks must be approved by the pastor.
- Rubber signature stamps are prohibited.
- Signing blank checks is prohibited.
- All bank statements must be reconciled each month.
- No bank account may be opened without the approval of the pastor.
- The mailing address for all vendor invoices is the parish business office.
- Vendor original invoices should be marked to indicate date paid and check number and initialed for payment approval.
- All payments must have documentation.
- No check may be written to CASH.
- Deposits should be made as quickly as possible.
- The use of Debit Cards is prohibited.
- All organizations must submit financial statements to the pastor each year for the period ending June 30th.
- No financial statements or parish information is to be released without the pastor’s approval.
- All payments to individuals totaling $600.00 or more in a year require a 1099.
- Donations to organizations outside of the parish, by parish organizations, must be approved by the pastor.
- Reimbursement checks must be signed by someone other than the payee.
Fraud is a serious concern. An incident of fraud is damaging to the reputation of your organization. It is vital that parish and school leadership and staff are vigilant in adhering to our established internal controls to help prevent fraud. If you have any questions, please contact:
Joe Cahill, Risk Management