Many church leaders may not want to admit—and certainly not under their watchful eyes—there could be weaknesses or vulnerabilities in their ministries. As a career auditor and consultant, I hear many stories that begin with “Hypothetically speaking . . .” or “I know someone who . . .”
Many ministries have questions about internal controls and how to effectively address or prevent vulnerabilities. Being willing to consider these issues is an important first step in addressing any weaknesses. Some churches operate with a vulnerability without realizing what the consequences could be. They are surprised when something goes wrong, but they probably should have known the risk the entire time.
Let’s take a look at some of the specific internal control weaknesses that can exist in a church and why they are a concern:
Weakness: Individuals can access uncounted funds in the safe by themselves.
Risk: Even if it is not standard procedure for one person to access the safe by themselves, if someone can do it, a problem exists. Consider all the people with keys or combinations to your safe. For example, one church discovered the janitor had an extra key to the safe and the spare key to the room it was in.
Weakness: Signed checks are given back to the individual who prepared them.
Risk: That individual could change the payee. Since he or she has the documentation, the individual could create another check to pay the vendor later.
Weakness: The same person has access to both the deposit and donor systems.
Risk: That person could take contributions and post a fictitious entry to the donor system to credit the donor.