Fraud Prevention Policies and Procedures
In times of economic distress, acts of fraud are on the rise. Enacting fraud prevention policies and procedures is one way to help prevent these incidents from occurring at your parish.
What is fraud?
Fraud is theft or misappropriation of parish assets for another's gain. Examples include:
- Mishandling cash or assets
- Forgery or alteration of bank documents, checks, or financial reports
- Any other dishonest act involving funds, furniture, fixtures, equipment or supplies
Why is it necessary to have a fraud prevention policy?
In addition to the financial ramifications, acts of fraud can be damaging to an organization’s reputation. For example, if a parish employee is caught stealing from the offertory, parish leadership will need to work to regain the trust of parishioners who may be reluctant to continue their contributions. Taking proactive steps to prevent fraud is the best defense.
A policy that clearly defines the steps that management, staff and volunteers should take if fraud is suspected helps those responsible for the stewardship of these assets to fulfill their duties. A formal fraud policy also shows staff and volunteers that the organization is serious about fraud and will prosecute individuals who are caught. Finally, implementing and monitoring these internal controls will keep the parish in compliance with anti-fraud recommendations established by the Archdiocese.
Development of Fraud Prevention Policy and Procedures
The pastor, in collaboration with his business manager and finance council, should develop the relevant policies and procedures, as well as a plan to communicate them to current staff members and volunteers. These parish leaders should also ensure that employees and volunteers abide by the policy and procedures by maintaining regular supervision.
Staff members and volunteers need to know what to do in the event fraud is suspected, and should be assured that they can communicate their concerns in a confidential manner. The USCCB states, “A strong preventive and detective measure against fraud in an organization is the ability of employees and other constituents to anonymously report suspected wrongdoing without the threat of retaliation.”
Effective communication of the policy is another key element to its success. In order to ensure understanding, the parish’s fraud prevention policy should be in writing and should be reviewed with each new staff member and volunteer who assists with the stewardship of parish assets.
Implementation of Fraud Prevention Policy and Procedures
During the Hiring Process
All potential employees and volunteers should be pre-screened for:
- Identity verification
- Criminal record checks
- Reference checks
- Verification of qualifications
Each parish should have an organization chart with clearly defined roles and reporting lines. In addition, employee job descriptions should include:
- Authorization levels where necessary
- Acknowledgement of employee’s duty to report financial discrepancies or suspected fraud and the duty not to disclose any private financial information to a third party
Segregation of Duties
It is important to maintain a system of checks and balances to help prevent fraud. Embezzlement most often occurs when trusted employees have access to both assets and financial records. A fundamental tenet of internal accounting controls is to keep the financial record keeping duties separate from those individuals who have access to assets, particularly cash. For example, bank account statements should be reconciled in a timely manner by someone other than the person charged with making deposits. In addition, the parish administrator should be not be charged with entering transactions into the accounting system and conducting audits of the parish finances; someone other than the parish administrator should perform these tasks.
While only the pastor can authorize checks, limits should be established relative to the commitment of the parish to any expenditure, contract, or petty cash. Written procedures should be kept for all financial areas including money collection, money counting, banking, checks, credit cards, contractor payments, reconciliation, and audits.
Monetary collections, such as the weekly offertory, should be counted and physically secured immediately. Cash counting and banking should be signed off by at least two people and supervised by a senior parish member at all times and this money should be deposited in a bank account ideally within 48 hours. Finally, the amount of cash to be kept on-hand should be defined in advance and the actual count should be documented.
While many counting rooms or safe areas are located in the rectory, steps can be taken to minimize access to the area. The keys and/or combination to the parish safe need to be restricted to a small number of documented parish managers.
Inventory of Assets
The parish should maintain an asset register and/or inventory sheet listing all physical and financial assets owned by the parish. An inventory of physical assets should be conducted on a regular basis, at least annually.
The parish should prepare annual budget forecasts for regular operations. Budgets and actual financial performance should be compared for discrepancies.
Review of Financial Reports and Budgets
Parish Finance Council meetings should be conducted on a regular basis to discuss financial reports and budgets. Minutes of these meetings should be prepared and kept on file.
Protection of Sensitive Data
Identity theft and other forms of data breach are a serious concern for all organizations. All staff should comply with the Commonwealth's recently enacted privacy law: . This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records.
The following recommendations should help ensure the protection of data.
- Files containing financial and personnel information should be stored in lockable, fire-rated cabinets in a secure storage room.
- The key register should be properly maintained and kept up-to-date. In particular, it should be updated whenever personnel changes occur.
- Computers should be password-protected with complex passwords that are at least eight characters long and should include letters, numbers and special characters. Computers should be set to automatically lock if unused for more than 10 minutes.
- Computers should be protected with firewalls and regularly updated antivirus software.
- When disposing of paper documents that contain sensitive information, documents should be shredded first.
Data protection procedures should be regularly reviewed and amended as necessary.
Regular Review of Policy and Procedures
Compliance reviews should be conducted for the following control areas:
- Account balances and accounting records
- Parish and personnel practices
- Duty segregation practices
- Data and data protection practices
If controls are deemed ineffective or outdated, revised controls must be established and implemented.
Fraud is a serious concern. It is vital that parish leadership and staff be vigilant in adhering to internal controls to help prevent fraud. If you have any questions, please contact the Director of Finance at 617-746-5878.