Key insights
- Trust is essential to your mission, but it is strongest when supported by clear oversight and accountability.
- A handful of practical internal controls can meaningfully reduce fraud risk and strengthen day-to-day financial stewardship.
- Well-designed controls help protect your people, your resources, and the trust your donors and community place in your organization.
- Even with limited staff, your organization can put meaningful safeguards in place that fit how it actually operates.
Safeguard your organization with practical controls.
More than half of all fraud cases involve failures in internal controls.
Organizations with fewer than 100 employees experience some of the highest median fraud losses — second only to organizations with more than 10,000 employees. About 32% of cases are attributed to a lack of internal controls, with an additional 19% caused by management override.
These findings from Occupational Fraud 2024: A Report to the Nations (copyright 2024 by the Association of Certified Fraud Examiners, Inc.) are particularly relevant for religious organizations.
Churches, faith-based schools, and ministries often operate with limited administrative staff and rely heavily on trust, long-tenured employees, and volunteers.
While this trust is foundational to your mission, it can also create vulnerabilities and increased fraud risk when basic oversight mechanisms are absent.
What can happen when trust replaces oversight for religious organizations
These examples of real-world publicly reported cases underscore a consistent lesson: Trust alone is not a control.
Undetected fraud
In one mid-sized church, a long serving administrative employee was discovered to have embezzled hundreds of thousands of dollars over several years. The individual issued unauthorized checks and manipulated expense reimbursements with little scrutiny.
The fraud went undetected largely because of complete trust in a long-tenured employee, combined with a lack of segregation of duties and no independent review of bank reconciliations.
The issue ultimately surfaced only when an outside party performed a routine financial review and identified discrepancies.
Misuse of funds
In another case, a large congregation with significant weekly cash donations allowed a single finance employee to receive donations, record deposits, and reconcile bank activity. This concentration of responsibility enabled skimming and misuse of funds, particularly within discretionary and capital improvement accounts.
No segregation of duties and minimal board oversight contributed to the length of time the activity went unnoticed.
Leadership corruption
Even organizations with strong leadership and substantial resources aren’t immune. In a third example, a church-affiliated program director and treasurer misused restricted funds for personal travel and lifestyle expenses.
Limited review of credit card activity and reliance on informal approvals delayed detection until a suspicious transaction triggered an internal audit.
Why internal controls matter so much in faith-based settings
Religious organizations are built on generosity and stewardship. Donors give because they believe in the mission and expect resources will be managed responsibly. This usually brings heightened reputational risk: Even a small control failure can quickly erode confidence among congregants, families, donors, and the broader community.
At the same time, many organizations operate with one or two individuals handling most financial activities — collecting donations, recording transactions, issuing payments, and reconciling bank accounts.
In recent years, common fraud schemes such as wire fraud, check fraud, and fake vendor schemes have remained important occupational risks. In trust-based environments, it’s easy to assume, “This would never happen here.”
Unfortunately, those environments are often the most susceptible. But meaningful controls are achievable, even with limited personnel, when they’re thoughtfully designed and aligned with how the organization actually operates.
Strong internal controls aren’t about suspicion; they’re about protection. Effective controls help safeguard financial resources, protect staff and volunteers from undue risk or scrutiny, and reinforce accountability to congregants and governing bodies such as councils, boards, trustees, elders, and finance committees.
Segregation of duties: Ideal vs. reality
Ideally, different individuals would authorize transactions, handle cash or checks, record transactions in the general ledger, and reconcile or review financial activity. For many religious organizations, that level of separation isn’t feasible. Limited staffing doesn’t eliminate the need for internal controls — it changes how those controls are achieved.
The objective becomes risk reduction through compensating controls, not perfection.
Practical ways to strengthen internal controls with limited staff
Start with a second set of eyes
Even when one person performs multiple tasks, oversight can still exist. In many organizations, this takes the form of a treasurer or board member reviewing monthly bank reconciliations, or a clergy or council member reviewing disbursement reports.
Periodic review of journal entries or adjusting entries by someone independent of daily processing can also be effective. Just as important as the review itself is documenting it occurred — through initials, dates, or meeting minutes.
Use lay leadership and volunteers strategically
Trusted lay leaders are often an underused control resource. Appropriate roles may include participating in donation counts, preparing deposits while staff record contributions, or reviewing monthly financial reports as part of a finance committee.
Clarity is essential: Volunteers should observe and review, not override staff or clergy responsibilities.
Focus on donation handling
Donations are central to religious organizations and represent one of the highest risk areas. Sound practices include two person counts for cash and checks, immediate preparation of deposit documentation, timely deposits, and independent reconciliation of contribution records to bank deposits.
Encouraging electronic giving can also reduce cash handling risks. When gifts are designated, documented approval should be required before funds are repurposed, and periodic reports should be provided to governance leadership.
Leverage technology
Accounting systems can serve as powerful compensating controls when configured correctly. Role-based access, automated approval workflows, system generated audit trails, and read-only access for reviewers all support oversight.
Some organizations further strengthen payables controls by using workflow-based payment platforms integrated with their accounting system, which can be especially helpful when staffing is limited. Costs should be evaluated in light of transaction volume and risk exposure.
Formalize reviews and reconciliations
Timely bank reconciliations accompanied by independent review are among the most effective controls available.
Regular review of budget to actual reports, unusual or non-recurring transactions, and vendor or payroll listings can help identify issues early.
Document what you do — even if it’s simple
Written procedures don’t need to be complex. A brief outline of who handles collections, who approves payments, who reviews reconciliations, and how often reviews occur can provide clarity during staff transitions and comfort to leadership, donors, and external reviewers.
Internal controls protect people, not just finances
An often-overlooked benefit of internal controls is the protection they provide to staff, clergy, and volunteers.
Clear processes help reduce the risk that any one individual is placed in a position of unchecked authority or personal exposure. Strong controls also help protect individuals from allegations simply because they “handle the money.”
In this sense, internal controls are as much about safeguarding people as they are about safeguarding assets.
Periodically reviewing and refreshing controls helps keep them practical, effective, and aligned with how your organization actually operates.
How CLA can help with financial risk management
Strong internal controls are one of the most effective protections against fraud, but in religious organizations they are often informal, trust-based, and slow to evolve as staff roles and activities change.
CLA works with churches and faith-based organizations to assess financial risk in environments with limited staff and heavy reliance on volunteers. We help leadership design and implement right-sized internal controls — including compensating controls and governance oversight — strengthening accountability without adding unnecessary complexity.
When internal controls have already broken down, CLA’s forensic accounting professionals can assist with analyzing suspicious transactions, identifying control gaps, and helping leadership determine appropriate next steps with discretion and clarity.
Contact us
Safeguard your organization, and your reputation, with practical controls. Complete the form below to connect with CLA.