I was just reviewing some recent news articles concerning crimes at churches and I had to stop and take a second look. Clearly more than half of the articles I looked at dealt with embezzlement. In addition, some of these involved Pastor's and in at least one instance the thefts had been occurring for several years. Now this isn't unusual necessarily, but it does beg the question - "Why did it go on for so long?"
The answer is simple is found where the security and accounting professions meet. Lack of Controls - or - Lack of Effective Controls. The bottom line here is that no one was paying attention or, more importantly, the right people weren't paying attention. Many times these losses can be traced back to one particular control - Separation of Duties - which, many times, is a difficult one to overcome in small organizations. Separation of duties simply requires that multiple persons be involved in transactions to ensure their legitimacy. For instance, the person approving the purchase of supplies and the person writing the check for them should be separate people. Another example would include at least two different persons for writing checks and reconciling the bank account. Again, this is not difficult or complicated, but it is often ignored, overlooked, or just overrun by the wrong person. The reasoning behind the use of multiple persons is an assumption that collusion is not always easy to accomplish, but it is, many times, and so one last step may be added as an extra safety measure - the independent auditor.
Take a look at your organization. Use process mapping (flowcharting, etc.) to determine how funds are received, verified, accounted for, and dispersed. Then step back and look at the chart, but not in a friendly way. Take a look at with eye to defeating it. Oh, and do this with multiple persons as well, and document the event clearly so that should something come up in the future you role and knowledge are clear. Now how can the process, at it is currently mapped, be defeated? Who in the process, now, has that capability? Remember that a threat requires both capability and intent. So just because someone has the capability does not mean that they have done anything wrong, but it is a good place to begin adjusting process. Never forget that we exist in a changing environment - everything changes - including the people within it. So motivations, or the person a particular role may change and then the problem begins.
Anyone interested in either process-mapping or on developing near-bullet-proof process send an email to rmetscher@apinnovations.biz
Rob
/
When using volunteers or food service firms there is some concern over the screening of persons who have access to cash. Some fo the food service firms employ disabled (mentally) persons as well as those on parole. What are some controls that can be implemented?
ReplyDelete