We all know that whenever corporate officers or signers change, we need to update our account agreements with our financial institution. For many churches, this often becomes an annual exercise when board members change.
However, as a banker, I can tell you that it is not uncommon to come across organizations that don’t really know who’s been given authorization over accounts and services. And many of these accounts have significant balances or transaction capabilities. While organizations typically remember to update account agreements with new signers, they often overlook accounts or services established in the past. They believe they’ve given authority to trustworthy individuals, but the potential for fraud increases when they don’t pay close attention to managing these accounts and services.
My suggestion is to review—at least annually—all authority granted by your organization to individuals. I’ve found that using a tool called “authority granted” is especially helpful. It lists every relationship the organization maintains with the potential of financial transactions. It then also identifies who in the organization has authority and to what extent. By reviewing this each year with your board, you will ensure that everyone understands who has authority, as well as the level of authority. Plus, by reviewing this in relationship to all your accounts and services, you can also begin to see if there are areas where there aren’t adequate internal controls (separation of duties or dual custody). Once reviewed, verify the information with your financial institution. Ask them to make sure their records match what yours. You can also ask them if there are any other agreements in place that you are not aware of. It is not uncommon to discover services or accounts that were opened years ago, not currently in use, but still with users eligible to execute transactions.
When I first became treasurer at my church, I went to my financial institution and asked them to conduct a full review of our accounts and their records. To my surprise, I found that there was a gentleman still authorized on our accounts for a service we hadn’t used in over ten years. While there had never been a problem or issue, it exposed an area of inadequate controls.
So now, every year I review, update, and have our board approve a new authority granted document. Then I go to our financial institution and have them compare it to our accounts and services.
How do you make sure who has authority on your accounts?