Home > For NAD Pastors > Articles >
Preventing and Detecting Fraud at Your Church
by Chris Garrity
Every day, church leaders entrust individuals with cash, checks and other assets. While the majority of these individuals are honest, under the right circumstances even the most loyal individual might steal.
So what can church congregations do to prevent theft, or detect it quickly after it happens?
The good news is, fraud incidents among not-for-profit/church related organizations are among the lowest across all industry types (about 11 percent).[1] This compares to private companies at 38 percent (the highest incident rate), public (29 percent), and government (15 percent). With some care and attention, the risk of fraud and embezzlement can be greatly reduced.
However, while it is rare, fraud still exists, and the claims filed at Adventist Risk Management indicate that it exists in our church, just like any other religious institution.
What is Fraud?
Fraud is any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. Fraud can be difficult to litigate because it can be difficult to produce evidence indicating the fraud was an intentional act, and many times the evidence is circumstantial.
Frauds are perpetrated to obtain money, property, and services, avoid payment or loss of services, or for personal or business advantage.
People caught committing fraud tend to have similar habits and behaviors. There is a triangle of elements that are present within fraud schemes:

This is important to know because you will need to design prevention and detection systems that are based on these elements.
  • Living beyond one’s means
  • Attitude of “beating the system”
  • High personal debts
  • Financial losses
  • Greed
  • Gambling (or some kind of other addiction)
  • Poor or non-existent church financial controls
  • Employees who are not aware of these controls
  • Lack of consequences for those who have committed fraud in the past
  • “I am just borrowing”
  • “No one is getting hurt”
  • “Protecting the church” (financial statement fraud)
  • It’s for a good purpose – “I am lying to the church/school board to help save the church”
  • Buy more time for the organization to quietly fix business problems
  • Keep from triggering loan covenants or to renew loan refinancing
  • Preserving their status in the organization
Recent articles and studies have found the churches that have experienced fraud had little to no accounting controls, and that most financial procedures were based on interpersonal trust. Studies indicate that the best approach to combating fraud, from a cost vs. benefit perspective, is to focus on fraud prevention.
While you might think offering collection is the main point of concern when it comes to fraud, it’s important to remember this is hardly the only time money comes into the church. Substantial amounts can come through special event fees (banquets, conferences, etc.), sales (food, books, etc.) and fundraising events. Tithes and offerings that are not turned in during church services may be given to the treasurer directly. It’s important to have a plan in place for every day of the week, not just Sabbath.
It’s also important to monitor outflow of assets. Issues like check tampering, fake venders, disbursements for personal expenses, dishonest expense reports and payroll scams (ghost employees) make up a high percentage of fraudulent acts.
Perform a Risk Assessment
Individual church leaders should make an assessment of the risk of fraud for their organization. For instance, each church should consider their vulnerability to having cash skimmed before a complete record of the income is made. Other areas of risk include inappropriate disbursements, falsified records and any other action that could defraud the church. An inappropriate disbursement could include anything done for the personal benefit of the treasurer or check writer. Taking an unauthorized loan for any reason, even if the intent is to repay, is fraudulent. After assessing the risk, it is appropriate to consider policies or procedures that can be taken to decrease vulnerability.
Internal Controls
A control is any action taken by someone (treasury staff, pastor, organizational administration) to increase the likelihood that the established goals and objectives of the (church, organization) will be achieved.
Implementing Internal Controls
Consider adding the following controls at your church. The practicality of each one will vary, depending on the size of your church, maturity of finance operations, risk assessments and other unique considerations. Internal controls include both general and specific controls.
Tone at the Top
One general control is the environment and the tone at the top, which has proven to be critical to fraud prevention. Leadership should lead by example to foster a culture of ethics and compliance with established policies and procedures.
Norms may arise within an organization that gives implicit permission for unethical misconduct. A cheating culture exists when enough people are breaking the rules that there is a perception that "everybody" is corrupt and there is no clear imperative for ethical behavior. In extreme instances, there may be the belief that one cannot be competitive by following formal rules and that cheating is the key to success.
- Journal of Forensic Accounting
So what is the tone among the leadership in your local organization? Is there an explicitly stated value placed on integrity? Are the controls, policies, and procedures carefully documented, communicated and followed by leadership consistently? Do the pastor and other church leaders have to follow the same rules, or are they exempt?
Creating a Code of Conduct Policy
Whether you call it a code of conduct, code of ethics, anti-fraud policy, or some other name, it is imperative for conducting the affairs of the church. The Seventh-day Adventist Church Manual should be consulted when drafting such a policy. It contains important guidance considering general worker behavior while conducting church business: conflicts of interest, confidentiality, fraud, and willful misrepresentation. Here is an example of an anti-fraud policy that should be part of an overall code of conduct:
The local church management is responsible for the detection and prevention of fraud, misappropriations, and other irregularities. Fraud is defined as the intentional, false representation or concealment of a material fact for the purpose of inducing another to act upon it to his or her injury. Each member of the management team will be familiar with the types of improprieties that might occur within his or her area of responsibility, and be alert for indication of irregularity. Any irregularity that is detected or suspected must be reported to the appropriate parties, both internal and external.
Establishing Regular Management Reviews
This is a process conducted by the local church governance and leadership in reviewing organizational controls, processes, accounts, or transactions. Leadership must check for adherence to local church and denominational policies and expectations.
Choosing an Oversight Committee       
A sound governance structure of a local church includes a finance and/or audit committee, which oversees ongoing financial operations. The goals and objectives of such an oversight committee vary, but should include:
  • Risk identification and remediation,
  • Review of results of the local church and school audits
  • Development and review with management of adequate internal controls
Providing Anti-Fraud Training
Key local church treasury personnel should be required to engage in anti-fraud training on a regular basis. The anti-fraud training curriculum should include:
  • A review of current fraud schemes in the local church environment
  • Anti-fraud tools and techniques to combat it
  • Methods for conducting fraud risk assessments and remediation
Carefully Screening Personnel
Do a background check before appointing or hiring an individual. This should apply for anyone in a position of responsibility, whether teaching children’s Sabbath school or handling your church’s finances.
Enforcing Job Rotation and Mandatory Vacations
Local church personnel who work in treasury-related positions should be rotated on a regular basis and required to take a vacation. No one should stay in his or her role indefinitely, and choosing multiple, unrelated people will make it more difficult to perpetrate a fraud scheme.
The use of budgets is an important general control – these allow the comparison of expected income and expenses to actual amounts. The church or school board should properly approve the budget, prior to the beginning of the fiscal period.
Financial Reporting
Another general control is detailed and transparent financial reporting (including comparisons to the budgeted amounts and prior months or years), to finance committees and/or the governing body. This provides opportunity for others to evaluate whether the amounts are appropriate from their perspective.
Align Controls With Risks
To prevent fraud, an organization should align controls with specific risks. For example, a key risk is that significant transactions are cash-based. Because cash can disappear easily and be spent without leaving a trail, physical currency can be highly tempting to those handling it. It’s important to have cash-handling controls in place to reduce this risk to an acceptable level.
Types of Specific Cash Controls:
  • Dual custody
  • Segmentation of duties
  • Authorization (finance committee investment authorizations)
  • Approval (dual signatures on checks),
  • Physical controls (locked access), independent checks
  • Robust documentation, not just supporting transactions, but also documenting policies and procedures
Watching for Red Flags
According to a recent survey, common characteristics of a fraud perpetrator include:[2]
  • Behavioral changes
  • Personality changes (often due to pressure, resulting in moodiness)
  • Lifestyle changes (lavish, luxurious living)
  • Never taking a vacation
  • Likeable and generous
  • Trusted employee
  • Deceptive habits/good liars
Performing Regular Local Church and School Audits
As an additional control, the denomination requires local conferences to appoint a competent individual to audit the church and school financial records on a biannual basis. The audits of the local church and school are exceptionally important as the local church is a significant source of denominational funds, and it is at the point of origin that reasonable measures of control and supervision must be exercised. In addition, these local church and school audits provide independent oversight of a process that may inherently involve limited segregation of duties.
Preventing Online Fraud
Of course, no article about fraud would be complete without a few words of advice regarding online protection. While you may have measures in place for your leaders and employees when it comes to handling cash and checks, the Internet is an increasing risk. It’s important to educate yourself and your employees about online information leaks, unsecured data and unsafe transactions.
Use Secure Websites
Always verify that online purchases are made through a secure online vender – you can tell whether a site is secure when the URL is “https,” not just “http.” Unsecured transactions can be accessed by anyone.
Beware Phishing and Fake Emails
Advise your employees and staff against providing sensitive information via emails or on suspicious websites. Scams can sometimes appear legitimate on the surface, and opening an infected email can give malicious individuals access to sensitive data. Most legitimate requests will never ask for passwords, logins or private data.
Shred Everything
Increasingly, identity thieves can gather enough personal information from bank statements, employment applications, student records and other mail to open new lines of credit, take out loans or obtain access to bank accounts. Make sure every piece of sensitive paper is shredded before it goes in the trash.
As you work to implement sound fraud prevention and detection entity and activity controls in your local church, may God continue to bless you as you work in His vineyard.
[1] 2014 Report to the Nations, Association of Certified Fraud Examiners
[2] 92 percent, 2014 Report to the Nations, Association of Certified Fraud Examiners