Alexandria :
Fairfax Underground
Welcome to Fairfax Underground, a project site designed to improve communication among residents of Fairfax County, VA. Feel free to post anything Northern Virginia residents would find interesting.
Welcome to Fairfax Underground, a project site designed to improve communication among residents of Fairfax County, VA. Feel free to post anything Northern Virginia residents would find interesting.
Grace Episcopal Church’s Bogus “Audit”: Why the Misinformation?
Posted by:
Eric Bonetti
()
Date: June 19, 2018 07:43PM
See the formatted version of this post at: http://www.bobmalm.com/2018/06/grace-churchs-dysfunctional-annual.html
# # #
Speaking of dysfunction and questionable cash management/church governance practices, for many years, Grace Episcopal Church failed to comply with church canons that require an annual audit. Instead, the church did an Agreed-Upon Procedures (AUP), which is two steps down from an audit.
What does that mean? In the case of an audit, the accountant provides external assurances that financial reporting is accurate. That means that lenders, donors, and vestry members can feel confident that financial reports fairly represent the church’s true financial picture.
The next step down, a review, provides limited external assurances that financial reporting is accurate. That means means that lenders, donors, and vestry members can feel some assurance that financial reports fairly represent the church’s true financial picture. In this case, more of the burden of proof, if you will, rests with management, which in this case consists of Bob Malm and other church staff.
Still another step down is the AUP, which provides no assurances as to the accuracy of financial reporting, but instead relies entirely on the representations of the client. As such, it typically is used to provide internal assurance. For example, if I own company A, and I am planning to sell it, I might ask the auditor to confirm that I really have $1 million in receivables, so that I can confirm that I am selling for the right price. But the work is done for my benefit, and it tells the buyer or the bank nothing that I can rely on as part of its due diligence.
The problem at Grace Church is that, for all that time, Bob Malm told the vestry that an audit was being performed, when it was an AUP that was being performed. That begs that question: Why the misinformation?
Before going further, let’s recognize an important fact: Bob is not stupid. Not by a long shot. Moreover, he’s not new to the rodeo. So after 40+ years as a priest, it’s a safe bet he knows the difference between an audit and an AUP. Indeed, if he doesn’t, that in itself is profoundly concerning.
When I served on the Grace vestry, the first sign of trouble was that the church had budgeted $3,000 for the audit. Say what? Having headed up several nonprofits, I know full well that an audit for a nonprofit that pulls in $1 million a year should, even with very clean books, cost about $20K. That right there tells you that something is very much amiss.
Even more disconcerting is that there is no audit committee. Nor does the vestry see the engagement letter with the auditor, as required by church canons. Nor does it see the auditor’s report. In fact, when as a member of the executive committee I asked parish administrator Jeff Aaron to see the audit report, he declined to provide it. So, in theory, the so-called audit report could say that there is $1 million missing, and no one would know.
There’s also the sticky question: Given that for years church financial records were a shambles, how could a meaningful audit even be performed? The first rule of accounting is “garbage in, garbage out.” Yet I well remember Bob Malm telling me, as a vestry member, that the auditors had had very few suggestions. That’s true, I suppose—if you don’t actually perform an audit, you don’t actual see what a mess church recordkeeping is, so you probably don’t have many recommendations.
Still more curious is Bob’s assertion, after the departure of a previous parish administrator, that there was no sign of financial malfeasance. Huh?! Your records are a shambles, going back years, there’s no audit, and yet suddenly Bob can authoritatively dismiss the possibility of wrongdoing? How does that work? All I can say is, if that’s the case, Bob has a skill set that could revolutionize corporate America’s financial reporting.
But there’s more.
Grace Episcopal School is a component of Grace Episcopal Church and has no independent legal existence. Under written church policy and as a matter of law, vestry members are fiduciaries, and have both a legal obligation and a legal right to see the school’s financial reports. In fact, if fraud occurs that would have been detected via an audit, and vestry members have not fulfilled their obligations around this issue, they may be personally liable for any loss. That’s right—they may have to pay out of their own pockets. And when I asked Bob Malm about this, he replied, “Well, I see them.” Small comfort, given past payroll errors that went for months without being discovered. And not enough to escape potential personal liability. “I trusted [fill in the blank],” does not fulfill the fiduciary obligations of vestry members.
Nor is the usual refuge of wayward board members, the church’s director and officer liability (D&O) policy, necessarily going to protect vestry members (including Bob Malm), for all such policies contain a due diligence clause. That means board members can’t sit by and idly ignore their obligations as board members, then turn to the insurer and say, “Oh, so sorry—would you pick up the tab?”. It doesn’t work that way. If vestry members don’t demonstrate reasonable care — meaning act like a reasonable person would under the circumstances — the insurance carrier doesn’t have to pay.
In cases where I have discussed the matter with Bob Malm, he conflates the notion of reasonable care with the possibility of making a mistake. Yes, it is possible to make mistakes as a responsible vestry member—that’s what your D&O coverage is for. But the possibility of making a mistake does not mean vestry members are absolved of legal responsibility to act with due diligence.
I submit that there’s also an ethical obligation to church members, and to estates and other persons/entities that give money to the church, to be transparent. That means that all parishioners should be able to access detailed information about church finances, including:
Seeing past audit reports.
Accessing detailed information regarding compensation for the rector and other key personnel, including any bonuses, loans, or other insider transactions.
Seeing the budget.
Seeing financial reports, including budget to actual and variance information for individual line items.
Seeing school board and financial reports, and board minutes?
Seeing executive committee minutes (there aren’t any) and vestry minutes, as well as financial reports?
All of this leads back to my original question: Why has Bob Malm falsely told vestry members and others that the church is audited, when it is not? Moreover, why:
Do vestry members not see school financials, which comprises the lion’s share of church income and expenditures?
Do vestry members not see the audit engagement letter?
Do vestry members and parishioners not see the audit report?
Are the audit report and audited church financials not available via the church website?
Did even long-time church members serving on the vestry in 2014 not know that the church had lent $100,000 to Bob Malm for the down payment on his home?
Given Bob’s questionable veracity in other circumstances, including possibly misrepresenting the employment status of parish employees (“Don’t worry about it, they’ll be retiring this year,”), I can only say that parishioners, donors, and vestry members alike are placing themselves at risk (in some cases personally) and living in a fool’s paradise, if they blindly trust Bob Malm and church staff to adequately safeguard church financial resources.
Caveat emptor.
# # #
Speaking of dysfunction and questionable cash management/church governance practices, for many years, Grace Episcopal Church failed to comply with church canons that require an annual audit. Instead, the church did an Agreed-Upon Procedures (AUP), which is two steps down from an audit.
What does that mean? In the case of an audit, the accountant provides external assurances that financial reporting is accurate. That means that lenders, donors, and vestry members can feel confident that financial reports fairly represent the church’s true financial picture.
The next step down, a review, provides limited external assurances that financial reporting is accurate. That means means that lenders, donors, and vestry members can feel some assurance that financial reports fairly represent the church’s true financial picture. In this case, more of the burden of proof, if you will, rests with management, which in this case consists of Bob Malm and other church staff.
Still another step down is the AUP, which provides no assurances as to the accuracy of financial reporting, but instead relies entirely on the representations of the client. As such, it typically is used to provide internal assurance. For example, if I own company A, and I am planning to sell it, I might ask the auditor to confirm that I really have $1 million in receivables, so that I can confirm that I am selling for the right price. But the work is done for my benefit, and it tells the buyer or the bank nothing that I can rely on as part of its due diligence.
The problem at Grace Church is that, for all that time, Bob Malm told the vestry that an audit was being performed, when it was an AUP that was being performed. That begs that question: Why the misinformation?
Before going further, let’s recognize an important fact: Bob is not stupid. Not by a long shot. Moreover, he’s not new to the rodeo. So after 40+ years as a priest, it’s a safe bet he knows the difference between an audit and an AUP. Indeed, if he doesn’t, that in itself is profoundly concerning.
When I served on the Grace vestry, the first sign of trouble was that the church had budgeted $3,000 for the audit. Say what? Having headed up several nonprofits, I know full well that an audit for a nonprofit that pulls in $1 million a year should, even with very clean books, cost about $20K. That right there tells you that something is very much amiss.
Even more disconcerting is that there is no audit committee. Nor does the vestry see the engagement letter with the auditor, as required by church canons. Nor does it see the auditor’s report. In fact, when as a member of the executive committee I asked parish administrator Jeff Aaron to see the audit report, he declined to provide it. So, in theory, the so-called audit report could say that there is $1 million missing, and no one would know.
There’s also the sticky question: Given that for years church financial records were a shambles, how could a meaningful audit even be performed? The first rule of accounting is “garbage in, garbage out.” Yet I well remember Bob Malm telling me, as a vestry member, that the auditors had had very few suggestions. That’s true, I suppose—if you don’t actually perform an audit, you don’t actual see what a mess church recordkeeping is, so you probably don’t have many recommendations.
Still more curious is Bob’s assertion, after the departure of a previous parish administrator, that there was no sign of financial malfeasance. Huh?! Your records are a shambles, going back years, there’s no audit, and yet suddenly Bob can authoritatively dismiss the possibility of wrongdoing? How does that work? All I can say is, if that’s the case, Bob has a skill set that could revolutionize corporate America’s financial reporting.
But there’s more.
Grace Episcopal School is a component of Grace Episcopal Church and has no independent legal existence. Under written church policy and as a matter of law, vestry members are fiduciaries, and have both a legal obligation and a legal right to see the school’s financial reports. In fact, if fraud occurs that would have been detected via an audit, and vestry members have not fulfilled their obligations around this issue, they may be personally liable for any loss. That’s right—they may have to pay out of their own pockets. And when I asked Bob Malm about this, he replied, “Well, I see them.” Small comfort, given past payroll errors that went for months without being discovered. And not enough to escape potential personal liability. “I trusted [fill in the blank],” does not fulfill the fiduciary obligations of vestry members.
Nor is the usual refuge of wayward board members, the church’s director and officer liability (D&O) policy, necessarily going to protect vestry members (including Bob Malm), for all such policies contain a due diligence clause. That means board members can’t sit by and idly ignore their obligations as board members, then turn to the insurer and say, “Oh, so sorry—would you pick up the tab?”. It doesn’t work that way. If vestry members don’t demonstrate reasonable care — meaning act like a reasonable person would under the circumstances — the insurance carrier doesn’t have to pay.
In cases where I have discussed the matter with Bob Malm, he conflates the notion of reasonable care with the possibility of making a mistake. Yes, it is possible to make mistakes as a responsible vestry member—that’s what your D&O coverage is for. But the possibility of making a mistake does not mean vestry members are absolved of legal responsibility to act with due diligence.
I submit that there’s also an ethical obligation to church members, and to estates and other persons/entities that give money to the church, to be transparent. That means that all parishioners should be able to access detailed information about church finances, including:
Seeing past audit reports.
Accessing detailed information regarding compensation for the rector and other key personnel, including any bonuses, loans, or other insider transactions.
Seeing the budget.
Seeing financial reports, including budget to actual and variance information for individual line items.
Seeing school board and financial reports, and board minutes?
Seeing executive committee minutes (there aren’t any) and vestry minutes, as well as financial reports?
All of this leads back to my original question: Why has Bob Malm falsely told vestry members and others that the church is audited, when it is not? Moreover, why:
Do vestry members not see school financials, which comprises the lion’s share of church income and expenditures?
Do vestry members not see the audit engagement letter?
Do vestry members and parishioners not see the audit report?
Are the audit report and audited church financials not available via the church website?
Did even long-time church members serving on the vestry in 2014 not know that the church had lent $100,000 to Bob Malm for the down payment on his home?
Given Bob’s questionable veracity in other circumstances, including possibly misrepresenting the employment status of parish employees (“Don’t worry about it, they’ll be retiring this year,”), I can only say that parishioners, donors, and vestry members alike are placing themselves at risk (in some cases personally) and living in a fool’s paradise, if they blindly trust Bob Malm and church staff to adequately safeguard church financial resources.
Caveat emptor.