Why we want separation of duties

 
The Case
 
He was the business administrator for the church for 17 years. He was an active member, respected by all, and led contemporary worship services. He was also an embezzler.
 
He was in charge of all of the church finances, including setting up the outside audits. One year he hired a particular local CPA firm. in recent years he hired a different one to do the audits. When complete, he presented the audit reports to the board. Problem was, the first company closed its doors before they were ‘hired’ for this audit. And the second firm had never heard of the church. Intriguingly, the church DID get a call from an auditor from the second firm. But as he chatted with the pastor and other staff on the phone, the voice sounded an awful lot like the admin’s voice…
 

Don’t give the fox the key to the henhouse…

The administrator was challenged, and he admitted to taking $600,000 or so. On investigation, the total actually came to 1.2 million dollars.
 
Most of the money was transferred electronically. There were also a fair number of duplicate or incorrect payroll checks. And the admin and his wife also charged over a quarter-million dollars of personal expenses to a church credit card. They bought sporting goods, concert tickets, gas, car washes, SiriusXM, meals, and groceries. They also paid for utilities, and for music lessons and baseball school for their kids. And their family enjoyed lots of trips to Disneyland and other amusement parks.
 
The ex-administrator and his wive are facing over a dozen felony charges. The church does not expect to retrieve the stolen funds. Link  Link2  Link3
 
Analysis
 
two referees[The photo here suggests you can prevent bad calls by having multiple referees.]
Separation of duties means that you don’t give the fox the key to the henhouse. No one person should have access to the assets and have the ability to hide the thefts. So the bookkeeper should not write checks, for instance (‘nother case). Or one person should not count the collection by himself. Here, the admin handled all of the church finances. This case is particularly interesting in that he fabricated audit reports, too. Not only did this fox have the keys to the henhouse – he certified that all was well on the farm, too.
 
This case also illustrates that an embezzler cannot be trusted to tell how much he stole. Did this admin misremember or did he lie? Doesn’t matter, really. But he only confessed to stealing half of the true amount.. If your church is hit (or God forbid, when), hire an outside investigator to determine the damage.
 
And – tell me how one could miss Disneyland charges on a credit card statement? Please – inspect these for personal charges.
 
How To Prevent This At Your Church
 
  • Do not let one person handle all of the church finances. One person should keep the books. Someone else should have authorization to move money around or write checks.
  • Do not distribute church credit cards indiscriminately: limit their use.
  • Use fill-as-you-go debit cards instead of credit cards. You only need to fill them with just over what is expected to be spent.
  • Have the credit card and bank statements mailed to the pastor. Or to another NON-FINANCE senior staffer. Do not let them into the hands of the bookkeeper or admin without a review. Let the pastor do a ‘smell check’ on the statements before processing.
  • READ THE STATEMENTS – yes, this is a duplicate of the last item. That’s because it is important.
  • Check on your vendors. Make sure that the folks who sell things to the church actually exist. Make sure they provide what they claim to provide. And make sure they’ve heard of you – this includes CPA firms doing audits!