In 2009, Lawrence Recor, a former treasurer of the Erwin Library and Institute in Boonville, New York, was sentenced to three to nine years in state prison for embezzling more than $440,000.1
Bob Rice Jr., the director at Revere (Mass.) Public Library, embezzled more than $230,000 in library funds between 2005 and 2009 to purchase personal items such as a Rolex watch, an ice cream machine, and an elephant tusk sculpture.2
Margo Reed was a “trusted and well-liked” employee at Yonkers (N.Y.) Library, responsible for turning over fines collected by branch libraries to the City of Yonkers. Over a seven-year period, ending with her arrest in 2010, she removed more than $163,000 from library deposit bags and altered the accompanying receipts with correction fluid.3
An envelope stuffed with cash was found in Judith Gladysz’s desk in 1998 while she was on vacation from her administrative assistant job at Burlingame (Calif.) Public Library. The resulting investigation found that over a four-year period, she embezzled almost $130,000 as she kept all $20 bills that she collected in fines.4
Linda Duffy, a former employee at Saugus (Mass.) Public Library, was charged with embezzling more than $800,000 in library funds between 2004 and 2011. During a forensic audit, it was found that Duffy withdrew the funds from a secret library account and deposited them into her own account for personal use. The trustees and library directors who managed the library during this time never filed the necessary annual reports that are required by Massachusetts Board of Library Commissioners. The audit also found that accurate financial records were not kept. Duffy had previously served twenty-one months in federal prison on $120,000 worth of check fraud charges. The Saugus Board of Selectmen sought and received resignations from all of the library board members.5
How could all of these incidents happen? One might initially think that embezzlement of cash from libraries is infrequent and insignificant. After all, most patrons come and go without needing their wallets. However, an Internet search using the terms “library” and “embezzlement” provides a long list of cases where employees, directors, and even board members took advantage of opportunities to divert library funds for personal use. These individuals were prosecuted and held criminally responsible for their actions and faced legal, personal, and financial consequences.
But, according to Bob Carlson, an assistant district attorney in Missouri and president of the National Association of State Charity Officials, many nonprofit organizations, including many libraries, fail to report insider thefts to law enforcement, or to take meaningful action to pursue stolen funds. Offering such excuses as “She is sincerely sorry for stealing, so we’re not going to terminate her,” or “We’re too embarrassed by this to tell: (a) the police, (b) our insurance company, or (c) our donors,” these library boards, in failing to pursue action against the embezzlers, have also breached their fiduciary duty to act in the interests of the library.6 And when a library board fails to protect the funds provided to it by taxpaying constituents, it puts itself, the library, and the individual trustees at risk of also being charged by the district attorney.7 This lack of diligence endangers other library jobs, community programs, future donations, and the ongoing viability of the library itself. Shouldn’t a library’s board of trustees be held responsible for crimes committed under its watch?
This question becomes even more meaningful in light of the enactment of the Sarbanes-Oxley Act (SOX) of 2002. Passed in response to major financial and accounting scandals of companies such as Enron, WorldCom, and Tyco, the law includes provisions that require senior financial executives at publicly traded companies take individual responsibility for corporate financial statements.8 Its various provisions were enacted to tighten financial reporting rules with regard to conflicts of interest, appropriate disclosures, fraud accountability, defining audit requirements, and internal controls. This attention in the media, along with the seemingly everyday occurrences of fraud and irresponsibility within governmental organizations, has made the public more aware and indignant about getting fleeced out of taxpayer dollars by self-serving individuals. SOX legislation has made it clear that financial managers and trustees will be taking more responsibility for financial reporting of publicly traded companies.
According to the American Bar Association, most of the SOX provisions apply to publicly traded companies; however, two requirements apply to nonprofit organizations:9
- Record keeping: It is a crime to destroy or alter any record with the intent to influence any federal investigation or official proceeding. This includes digital data, such as email, and may result in fines and/or up to twenty years imprisonment.10
- Whistleblower protection: It is a crime to take retaliatory action against a person who has provided law enforcement with truthful information relating to any possible commission of a federal offense. Fines and/or up to ten years imprisonment may result.11
In light of this legislation, trustees need to be diligent in staying informed about regulatory and compliance requirements to be sure that they implement the SOX requirements. Although most of the SOX provisions apply only to publicly traded companies, the American Library Association (ALA) Draft Strategic Plan assumes that the SOX provisions will eventually be applied to nonprofits, imposing a greater level of personal responsibility upon library management.12 ALA and library education programs should also make training available for library professionals and trustees so that they can perform their duties responsibly.
What exactly is the role of the library trustee? The term trustee is defined as “an individual or organization that holds or manages and invests assets for the benefit of another. The trustee is legally obliged to make all trust-related decisions with the beneficiary’s interests in mind, and may be liable for damages in the event of not doing so.”13 It is, therefore, important to review the role and responsibilities of library trustees, and to examine possible consequences of falling short of expectations. Individual trustees must educate themselves about stated expectations provided by a current board, but also be aware of the legal responsibilities and potential risks of serving as a trustee. In general, library trustee legal duties and responsibilities are consistent among states due to the necessity of compliance with federal law.
As an example, The Illinois Library Association and the Illinois State Library published Trustee Facts File to provide guidance about the responsibilities of Illinois public library trustees. The publication describes a list of board duties;14 some of those duties with financial implications include responsibility for:
- The mission statement
- Developing long-range plans
- Establishing and supporting policies
- Authorizing employee salaries and benefits
- Authorizing purchases of land or construction projects
- Developing an annual budget
- Reviewing monthly financial reports to ensure accountability to budget goals
- Providing financial information for audits under Illinois law
- Hiring and evaluating a qualified library director
- Establishing board policies to include:
Finance policies (how funds are disbursed, check signing authorization)
Code of ethics
A review of several other state guides (including New York, Wisconsin, Ohio, and Massachusetts) demonstrates differing content but substantially consistent definitions, roles, and duties expected of library trustees. Although not specifically described in the above list, by definition trustees have a fiduciary duty to the library; that is, to act in the library’s best interests, especially when there is a conflict of interest with an employee or a board member, including oneself. As library trustees are authorized to spend tax revenues, they must always view themselves in the role of public servants.
Even as the trustee fulfills his or her defined role, individual trustees must keep in mind that only the board, as a whole, may make decisions and act on behalf of the library. It is, then, the board’s responsibility to conduct its business in such a way as to manage risk and minimize the library’s exposure to liability. Taking this one step further, it is the board’s responsibility, in collaboration with the library director, to set policies that employ common business practices that make it more difficult to defraud or embezzle. Failure to act as a fiduciary can range from actively overreaching board authority, to passive failure to meet responsibilities due to negligence or ignorance. Consequences of failing to meet fiduciary responsibility put the library, the board, and the individual trustees at risk of legal consequences.15
It should be noted that a trustee is generally not held liable for his or her actions as long as he or she operates within the legal limits of the authority of and fulfills the responsibility of a trustee; however, a lawsuit can be initiated at any time by anyone who chooses to do so. In a worst-case scenario, a trustee can be held individually liable for any injury or harm experienced while on library property or damaging or illegal acts committed by library staff or other board members.
Library boards typically purchase liability insurance to protect their board members from suits filed against them as trustees, but acts of malfeasance, collusion, or passive tolerance by board members or even library staff may still result in personal liability. The board can drastically reduce the possibility of lawsuits by conducting its business under appropriate guidelines.
The following list includes some actions that should be taken with respect to preventing financial mismanagement and embezzlement:
Comply with all statutory requirements.
Hire a qualified library director and perform thorough annual evaluations.
If aware of a legal or ethical violation, seek the advice of an attorney, and contact the appropriate executive or law enforcement agency.
Review financial records regularly and submit them to annual audit, as provided for by law.
File all mandatory reports.
Ensure that all library policies and regulations conform to local, state, and federal laws.
Retain services of an attorney and a CPA to advise the board as needed on board business and decisions.
Review your liability insurance and bonding coverage each year.
In collaboration with the library director, ensure that there are sufficient and appropriate policies and procedures in place.16
A significant board responsibility is the library budget, prepared with information about the needs and available resources of the library. In addition to the initial preparation in conjunction with the library director, daily financial record keeping is guided by policies set by the board, and the procedures implemented by the director and specific staff members. Collection and disbursement of funds that have been appropriately entered into accounting records should be reported to the board on a consistent, periodic basis.
One of the most important responsibilities of the board of trustees is to hire a qualified library director. The process begins with a director’s job description that incorporates the strategic goals of the library in order to insure a good fit. The recruiting process must be legally compliant and conform to anti-discrimination laws. All applicants should be interviewed by a committee of board members and questioned and interviewed consistently. A professionally performed background check should be mandatory as a part of the interview process. As part of the hiring process, the board should consider asking each candidate about previous experiences with internal controls, dishonest employees, and other types of criminal activity in order to determine whether the candidate has appropriately handled these incidents in the past. In addition, legal counsel should be employed to ensure that all required hiring practices are followed.
Once hired, the board must provide periodic written performance evaluations of the library director on an annual basis at minimum. The performance evaluation should incorporate objective goals and be aligned with the job description. Thus, the board of trustees is responsible for its hiring decision as well as the ongoing performance of the director.
As the only employee hired by the board, the library director is the chief executive of the library. The actual job description for the library director will vary with each facility; however, the responsibilities will often include many of the following:
- Acting as chief executive officer of the library
- Operation and management of the library
- Implementation of appropriate library policies approved by the board
- Maintaining the grounds and facility
- Providing leadership to library staff
- Hiring, training, and supervising library staff
- Providing professional development of library employees
- Communicating effectively with library trustees, community groups, and officials
- Working closely with trustees in developing budgets and providing timely financial reports
- Maintaining up-to-date financial records
- Insuring that procedures are followed consistently and are legally compliant
- Periodically reviewing policies and procedures
- Developing and overseeing program services
- Overseeing collection development
- Being aware of long-term planning needs in order to adapt to changing community needs
- Advocating for the library
- Bringing issues to the board with recommendations
Now that the responsibilities of the board and the library director have been described, there should also be clear understanding of the term “embezzlement” as this is the focus of this article. Nolo’s Plain English Law Dictionary defines embezzlement as “the crime of stealing the funds or property of an employer, company, or government or misappropriating money or assets held in trust.”17 In other words, having custody of the funds is legal in the performance of duties, but diverting them for personal use is not. Typically, the term applies to cash. Sometimes the term “fraud” is used when describing these crimes, however, it is a broader term; embezzlement is a type of fraud.
Some common examples of embezzlement in libraries are:
- Failure to deposit collected fines and fees
- Forging signatures on checks
- Writing checks to oneself
- Kickbacks from vendors
- Double-billing for expenses
- Falsified reimbursable expenses
- Endorsing payment checks made out to library to oneself
- Submission of fraudulent payment vouchers
- Diverting cash to personal accounts or pockets
As cases are reported in public media or in library professional journals, most of the blame is usually laid at the feet of the one individual who is caught with a hand in the cookie jar. Many embezzlements occur in libraries because the opportunities exist. This is due to lack of knowledge about financial internal controls, lack of supervision, inadequate training, negligence, or simply too much trust in the wrong person. Research has shown that historically, libraries have “regularly violated most basic principles of internal control. In those cases (for example, trustee approval of payments) in which there were control mechanisms, these mechanisms were routinely ignored or violated by library personnel.”18
Traditionally, the design and implementation of financial internal controls has been a component of a professional accounting programs and is not routinely included in the library graduate school curriculum or even in education programs offered by ALA. However, trustees and directors must understand that minimizing risks to library property is an important component of management, and that standard internal controls must be in place to protect the taxpayers’ investment.
Internal control is defined “as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) effectiveness and efficiency of operations; b) reliability of financial reporting; and c) compliance with laws and regulations.” It is considered by the accounting profession to be a process, affected by the people of the organization, but it is not expected to provide an absolute defense against insider crimes.19
Employees have a responsibility to act with integrity and within the letter and spirit of the law; however, there is simply no foolproof way to prevent fraud or embezzlement. Just as obtaining legal advice is a necessary part of doing business, so is consulting with professional accountants to review and provide the structure of the appropriate internal controls based on the library’s personnel, policies, physical assets, and experience.
Effective systems of internal control have these guidelines in common:
- Separation of duties: The person with responsibility for record keeping should not have access to the funds.
- Adequate documentation: Financial information should be recorded as quickly and completely as possible. Incoming checks should be endorsed with the library’s stamp as soon as they are received in the mailroom.
- Bonding, job rotation, & enforced vacations: Employees whose responsibilities could allow opportunities for embezzlement should be bonded to allow the library to recoup losses that might be incurred due to criminal acts. Job rotations and enforced vacations may provide an opportunity to expose a dishonest employee’s hidden practices.
- Physical safeguarding of assets: Cash, checkbooks, signature stamps, as well as bank statements and other financial records, should all be secured with a named responsible employee.
- Choosing and hiring reliable personnel: Background checks should be routinely performed prior to hiring decisions. As part of the interviewing process, the candidate should be asked about any previous experience with fraud and embezzlement; either directly, as a coworker, or as a supervisor. If a candidate has previous supervisory experience with a dishonest employee, might this have been prevented if he or she had performed supervisory responsibilities differently?
- Independent checks: These should be done by individuals who are not routinely involved in the record-keeping process or have custody of the funds. This may include a supervisor, or an independent audit performed by a professional CPA firm.20
- Proper procedures and authorizations: These examples have been adapted from a sample internal control checklist made available online by CompassPoint Nonprofit Services. While not inclusive of all elements of internal control, they are provided here as procedures that could thwart many deceitful actions:
- Endorse checks “for deposit only” to the library’s account immediately upon receipt.The person who has actual custody of cash and checks should be different from the person recording them.
- All cash received should be counted and verified by two designated employees.
- An authorized person, who is not the same person requesting the expenditure, should approve expenses in advance.
- Numbered cash disbursement vouchers should be prepared, with receipts attached, and included with checks to be reviewed when presented for signature.
- Check signing authority should be vested in persons who do not have accounting responsibility.
- Bank statements should be reconciled to accounting records and cancelled checks reviewed by persons independent of accounting responsibility.
- Employees must submit expense reports with receipts attached.
- Access to petty cash is limited to one person.
- Monthly accounting reports comparing actual to budgeted amounts are prepared and presented to the board.
- Staff must be required to take annual vacations.
- An accounting policies and procedures manual must be reviewed and revised annually.21
In general, the library staff and trustees must:
- be aware of the possibility of embezzlement;
- be properly trained at all employee levels; and
- have policies in place and consistently follow them.
Another common excuse for lack of financial controls is “We thought our external auditor would catch everything.”22 Most states will have some threshold by which they determine whether a library should undergo an audit by a professional CPA firm. This type of audit is performed according to auditing standards generally accepted in the United States. It includes the implementation of certain procedures to determine whether the organization’s financial statements are free of material misstatement. For example, Illinois requires an audit for a library that receives $850,000 or more in revenue during the fiscal year. The accounting firm must file the audit report with the state comptroller within six months of the close of the library’s fiscal year, and the comptroller must then post the audit report on the Internet within forty-five days of receipt.23 The audit may include additional procedures that specifically evaluate internal controls, and library management should be informed of the scope of the audit in advance.24 Trustees and directors should know and diligently follow the requirements of their respective states.
Library management must understand, however, that even if the audit did not detect fraud, this does not mean that is does not exist. The language included in the final audit opinion will never state that the financial statements are “accurate,” but will use terminology such as “reasonable assurance,” “reasonable basis,” “fairly stated,” or “present fairly in all material aspects” because the auditor does not examine every transaction, and so cannot attest to complete accuracy of the financial reports, but rather to a generally fair or reasonable representation based on standard procedures.
When there is a failure to implement and maintain good management, those looking for ways to part the library from its funds have found many opportunities. Based on media reporting, and without specific additional knowledge, I am providing these thoughts about how the embezzlements mentioned at the start of this article could have been averted had proper internal controls policies and/or procedures been followed.
- Case: Lawrence Recor
Preventive internal control procedures: As treasurer, Recor apparently had sole control over the bank account with no oversight. Since Recor was already a board member, the board could have:
- had an additional trustee sign or co-sign checks;
- had a numbered purchase order system implemented at the library which would be used to validate and record the purpose of all disbursements; or
- had a different trustee open and review all bank statements to view bank activity.
- Case: Bob Rice Jr.
Preventive internal control procedures: Rice used false requisitions to purchase personal items, requested reimbursements for fictitious expenses, and purchased library supplies that he immediately resold, keeping the proceeds for himself. The board is responsible for supervising the director, with the following in place:
- All requisitions and purchase orders should be numbered and presented with payment requests to an authorized employee other than the person requesting.
- Rice should not have been able to request payment and make payment to himself. His requisitions should have been approved at the board level.
- Checks should have been signed at the board level.
- Apparently he was not required to present documentation for fictitious expenses.
- Personnel who are separate from employees who record financial transactions should log all incoming packages and mail into the mailroom. This could have prevented Rice from taking inventory items to sell because the items would now be recorded on the books.
- Case: Robert Oxley kept more than two thirds of the fines he collected as bookkeeper at the Muncie (Ind.) Public Library. Using the treasurer’s rubber stamp signature, he also wrote checks to himself and sent a letter to the bank requesting that they not return cancelled checks. He was convicted in 2003 of embezzling more than $123,000. During his trial, it was learned that he had previously received six felony convictions in Florida prior to his library job.25
Preventive internal control procedures:
- All library patrons who pay fines should be given a numbered receipt with the amount of cash noted. This ensures that there is an accurate record of cash receipts.
- All cash should be immediately deposited into a secure location.
- All checks should be immediately endorsed “for deposit only” to library’s account.
- Cash should be counted and verified by two employees.
- A person who does not have access to cash should reconcile bank deposit records to cash receipt records. Accounting for all of the numbered receipts with their cash amounts and comparing to bank deposit records would have revealed the deposit shortfalls.
- The rubber stamp signature should be destroyed. It is not good business practice to sign checks or letters with a rubber stamp, as it is clearly an invitation for abuse.
- A person independent of accounting functions should reconcile bank statements. Had this been done, the forged signature on the letter to the bank would have been revealed.
- A background check should have been done to reveal Oxley’s history as a felon.
- Case: Margo Reed
Preventive internal control procedures: Her crimes were discovered when a new business director was hired and he discovered the discrepancies as he became familiar with the library’s practices. There was no explanation about any previous business director.26
- All cash should be immediately
- deposited into a secure container.
- Cash should be counted and verified by two employees.
- A person who does not have access to cash should reconcile bank deposit records to cash receipt records. Ongoing examinations of the cash receipt records would have revealed Reed’s changes made with correction fluid.
- Case: Judith Gladysz
Preventive internal control procedures:
- All cash should be immediately deposited into a secure container.
- Cash should be counted and verified by two employees.
- A person who does not have access to cash should reconcile bank deposit records to cash receipt records.
- A computerized book circulation system to track fines was installed, but the recorded amounts should have been reconciled with cash deposit records.
- Employee vacations should be mandatory.
- Case: Lindy Duffy
Preventive internal control procedures: The director and board of trustees neglected almost every type of oversight that could have prevented this.
- Background checks.
- Follow-up by the director and board to request a list of all library bank accounts.
- A person independent of accounting functions should reconcile bank statements.
- Appropriate policies and procedures.
- Mailroom log of receipts.
- Separation of duties.
- Appropriate supervision.
- Providing financial reports to the board.
- A board that was informed and diligent.
- State follow-up on missing reports.
I tried to send follow-up emails in an attempt to find out about any changes that may have been implemented as a result of these cases. Some websites had no staff or trustee information listed, others had no email addresses listed. Telephone calls resulted in no further information, and, as of the date of this article, no responses have been received from email requests.
All of these crimes had many common factors that contributed to opportunities for fraud: lack of supervision, employees (and one trustee) were able to simply write themselves checks without verified documentation, cash was not secured or reconciled, and background checks were not performed. It should be noted that many library insider crimes occur over several years, implying that the criminal employees had been trusted, and unsuspected by their colleagues. Clearly, trust is not an effective internal control; and no library, as stewards of public funds and trust, should be exempt from implementing good business practices to protect the library, its employees, and its goodwill in the community. Effective management requires awareness and implementation of appropriate policies, procedures, and legal compliance. When there is a failure to implement and maintain good management, those looking for ways to part the library from its funds will find many opportunities. Specifically, the library staff and trustees must:
- be aware of the possibility of embezzlement;
- be informed of the responsibilities implicit in their roles;
- be properly trained at all employee levels; and
- have sufficient and appropriate policies and procedures in place.
Each employee and trustee is certainly responsible for his or her own actions. However, removing the temptation to commit fraud is something that organizations must invest time and money to do. Boards of trustees should recognize that it is implicit in their roles that they are ultimately responsible for insuring that good business practices are implemented, and that, indeed, the “book” stops here.
- Emerson Clarridge, “Ex-Boonville Library Treasurer Apologizes, Is Sent to State Prison,” The Observer-Dispatch (Utica, N.Y.), Mar. 17, 2010, accessed Sept. 17, 2013.
- Seth Daniel, “Rice Gets 6 Months Jail Time: Former Library Director Pleads Guilty and Hands over Check for $230,000,” Revere Journal, Dec. 28, 2011, accessed Sept. 17, 2013.
- Peter Applebome, “Jail for Library Employee Who Embezzled Fines,” The New York Times, June 20, 2012, accessed Sept. 17, 2013.
- Chuck Squatriglia and Julie N. Lynem, “Burlingame Library Worker Charged in $129,000 Theft /$20 Bills Missing from Overdue Book Fines,” SFGate, Dec. 9, 1999, accessed Sept. 17, 2013.
- Kathy McCabe, “Fraud Case Is Latest Twist in Library Revival Story,” The Boston Globe, Feb. 23, 2012, accessed Sept. 17, 2013.
- Bob Carlson, “Embezzlement Happens. It’s What Charities Do Next That Matters,” The Watchdog: The Chronicle of Philanthropy, Jan. 12, 2011, accessed Sept. 17, 2013.
- Robert P. Doyle and Robert N. Knight, eds., Trustee Facts File, third edition (Chicago: Illinois Library Association and Illinois State Library, 2004), accessed Sept. 17, 2013.
- “Sarbanes–Oxley Act,” Wikipedia, accessed Sept. 17, 2013.
- American Bar Association, “Nonprofits and Sarbanes-Oxley,” updated Apr. 8, 2013, accessed Sept. 17, 2013.
- An example of a record-keeping policy: Thomas Silk, “Model Document Retention Policy for Nonprofits,” Blue Avocado, Jan. 14, 2009, accessed Sept. 17, 2013.
- An example of a whistleblower policy: Thomas Silk, “Model Whistleblower Policy for Nonprofits,” Blue Avocado, Dec. 23, 2008, accessed Sept. 17, 2013.
- American Library Association, “Draft Strategic Plan—Appendix: Assumptions”, accessed Sept. 17, 2013.
- “What is Trustee?” InvestorWords.com, accessed Sept. 17, 2013.
- Doyle and Knight, Trustee Facts File.
- Embezzlement,” Nolo’s Free Dictionary of Law Terms and Legal Definitions, accessed Oct. 3, 2013.
- Herbert Snyder and Julia A. Hersberger, “Public Libraries and Embezzlement: An Examination of Internal Control and Financial Misconduct,” Library Quarterly 67, no. 1, Jan. 1997, accessed Sept. 17, 2013.
- “Internal Control—Integrated Framework,” n.d., accessed Sept. 17, 2013.
- Snyder and Hersberger, “Public Libraries and Embezzlement.”
- “Internal Controls Checklist,” n.d., accessed Sept. 17, 2013.
- Carlson, “Embezzlement Happens.”
- Illinois General Assembly, “50 ILCS 310/ Governmental Account Audit Act,” n.d., accessed Sept. 17, 2013.
- AICPA Professional Liability Insurance Program, Supplement to Preparing and Using Engagement Letters (Chicago: CNA Insurance Company, 2006), accessed Oct. 3, 2013.
- “Muncie PL Officials Berated at Bookkeeper’s Sentencing,” American Libraries 34, no. 11 (Dec. 2003).
- Applebome, “Jail for Library Employee Who Embezzled Fines.”