Someone has questioned your temple’s donation process. Perhaps a QR code showed an unfamiliar beneficiary, a receipt could not be verified, or cash reached the bank without a clean trail from the hundi. If you are a trustee or committee member, your first duty is not to defend personalities. It is to establish what can be proved.
A trustworthy system creates an unbroken chain of evidence from the devotee’s offering to the temple’s bank account and then to the approved dharmic purpose. It protects honest sevaks as much as it deters fraud. More importantly, it turns satya and seva from personal expectations into institutional practice.
Build one evidence chain from daan to the bank
Begin by mapping every way money can enter the temple. A modern donation system can include hundis, staffed counters, UPI and card payments, online gateways, special-seva collections, endowments and institutional philanthropy. If one channel is absent from the control register, it can become an unofficial channel without anyone noticing.
Create one row for each channel and record the following:
- The legal entity authorized to receive the money.
- The physical location, website, app, counter or event where the donation is accepted.
- The employee, sevak or system allowed to initiate the transaction.
- The record created at the moment of receipt, such as a numbered receipt, UPI transaction reference, gateway record or hundi seal log.
- Every person who can handle the money before deposit.
- The bank account into which the collection must settle.
- The person who reconciles the collection without having collected or counted it.
- The person responsible for investigating an exception.
Then test each row against the actual fraud opportunity. Physical collections face seal tampering, substitution and skimming during counting. Counters face duplicate receipt books, off-ledger seva collections and unauthorized charges for access or darshan. Digital channels face QR overlays, impersonation sites and misleading payment requests. Expenditure faces inflated invoices, conflicted vendors and purchases that do not match approved purposes. These are different risks, so one generic instruction to be vigilant will not control them.
For every donation, require three independently created records: evidence of receipt, evidence of custody or system processing, and evidence of bank settlement. No employee should be able to create or alter all three. When the same person collects, records, deposits and reconciles money, both theft and innocent error can disappear inside that person’s paperwork.
Key takeaways
- List every donation channel, including temporary festival counters and purpose-specific sevas.
- Separate collection, custody, accounting and reconciliation so no one person controls the complete trail.
- Match the receipt or seal record, the counting or payment-system record, and the bank credit.
- Treat every unexplained difference as an exception with an owner, evidence and a documented resolution.
- Publish enough information for devotees to verify official payment channels and see how collective donations are used.
Make cash custody visible at every handoff

The cash control system begins before anyone opens a hundi. A locked box inside a sacred precinct is not, by itself, an audit trail. The trust must be able to show which box was opened, which seal was broken, who was present, where the contents went and how the resulting total reached the bank.
- Give every hundi a permanent identity. Maintain an inventory containing its unique number, photograph, approved location, lock details and current seal numbers. Record movement before a box is relocated, even temporarily.
- Use physical protection that reveals interference. Suitable measures include dual-metal construction, tamper-evident seals and unique, pre-numbered locking mechanisms. A seal number has value only if it was recorded before opening and checked by someone other than the custodian.
- Cover the full custody route with CCTV. Use overlapping camera views at the hundi, removal route and counting area, with synchronized timestamps, continuous recording and redundant storage. Periodic third-party integrity checks should confirm that footage has not silently failed or been altered.
- Open hundis on a fixed, documented schedule. Use multi-person custody, rotate or randomize counting teams, and include independent observers. Record the date, time, box number, seal condition and identities of everyone present before the seal is broken.
- Keep the count inside one recorded process. Currency sorting and counting equipment with ultraviolet, infrared and magnetic detection can reduce manual discretion. Any rejected, damaged or questionable note should enter a separate exception record rather than being removed informally.
- Seal counted money in pre-numbered bags. Barcode or otherwise identify each bag, connect it to the relevant counting sheet, record its sealing on video and require acknowledgement at every custody transfer.
- Deposit collections directly and reconcile the bank credit. Daily bank-linked deposits close the cash loop. The reconciliation is not complete when a bag leaves the counting room; it is complete when the bank confirms the amount credited to the authorized account.
The core reconciliation compares three totals: the signed counting sheet, the sealed-bag or deposit record, and the bank credit confirmation. CCTV timestamps and custody signatures support that comparison. If the numbers differ, preserve the original records and open a variance case. Do not overwrite the first count, force the figures to agree or carry an unexplained difference into the next collection.
Staffed counters need the same discipline. Every receipt should be system-generated and pre-numbered. If manual books are unavoidable, control their issue and return, use security features such as watermarked paper, microprint or holographic strips, and log each receipt through an authorized device as it is issued. Cancelled receipts must remain in the sequence with a reason and approval; otherwise, a missing number can conceal an unrecorded collection.
Publish the authorized sevas, charges and payment points on permanent signage and authenticated online channels. A volunteer or guide should never be able to invent a payment category at the moment a devotee asks for help. At high-footfall shrines and during festivals, approve extra counters, receipt ranges and counting teams before the surge begins, then retire those temporary assets formally when the event ends.
Treat QR codes and receipts as controlled assets

A QR code can look official while sending money somewhere else. Loose stands, stickers placed over genuine codes and images circulated through unofficial messaging groups allow a fraudster to change the beneficiary without changing the surrounding temple branding. The control objective is therefore not merely to display a code. It is to let a devotee confirm who controls it.
Maintain a QR register containing the code’s location, UPI handle, displayed beneficiary name, linked bank account, responsible owner and deployment status. Inspect every physical code before collections begin and after the collection point closes. Remove obsolete codes immediately rather than leaving them beside replacements.
Dynamic UPI codes tied to session tokens and device information are safer than freely reusable static images where the temple’s counter, website or app can support them. Where a permanent static display remains necessary, protect it against overlays, identify it with the temple’s official domain and legal beneficiary name, and inspect it routinely. Convenience is not a reason to leave an unverified code in circulation.
Every payment screen should show the trust’s precise legal beneficiary name before the devotee authorizes payment. If the name is different, abbreviated beyond recognition or belongs to an individual, the safe action is not to pay. Temple staff should be trained to support that pause rather than telling the devotee that any visible name is acceptable.
The receipt must complete the verification loop. It should carry a unique number or transaction reference, amount, date, payment channel and stated purpose. A digitally signed receipt or a verifiable QR hash can allow the donor to check authenticity through the official website or app without disclosing unnecessary personal information. The public verification page should return a simple valid, cancelled or not-found result rather than exposing the donor register.
The trust also has to defend its online identity. Publish one canonical website, the official UPI handles and verified social accounts on authenticated signage. Strong TLS protects the website connection; DNSSEC helps protect domain resolution; and SPF, DKIM and DMARC help prevent unauthorized use of the temple’s email domain. Registering likely domain-name imitations, monitoring search advertisements and social listings, and pursuing impersonation takedowns reduce the chance that a devotee reaches a convincing copy of the payment page.
Do not ask for an OTP, card PIN or full card details outside the authorized payment gateway. Distribute temple apps only through official stores with valid signing. If a devotee reports a suspicious request or a payment to the wrong beneficiary, preserve the transaction reference, screenshot, time and location; direct the person to the relevant bank or payment provider; and send the evidence to the temple’s posted security or fraud-reporting channel. A vague instruction to contact the office later is not an incident process.
Separate operations, assurance and public accountability
Controls fail when everyone is responsible in theory and nobody owns a decision in practice. The three-lines-of-defense model associated with COSO gives a temple committee a workable division of responsibility.
| Line | Primary responsibility | Evidence the audit committee should receive |
|---|---|---|
| Operations | Run counters, hundi custody, payment systems, deposits and first-level reconciliations | Seal logs, receipt registers, QR inventories, counting sheets, bank confirmations and exception records |
| Independent internal audit | Test whether controls actually operated and report outside the operational chain | Sample-test results, unresolved exceptions, access reviews, surprise-check findings and corrective-action status |
| External assurance | Examine financial statements and the agreed control scope independently | Audit opinion, control observations and management’s documented responses |
The legal and tax layer must sit inside this structure, not in a separate file reviewed only at year-end. Temple bodies may operate as public charitable trusts, registered societies or Section 8 companies. Where applicable, 12AB registration and 80G approval require disciplined accounts, permitted use of funds and appropriate reporting. Cash donations above the applicable statutory limit do not qualify for the relevant 80G benefit, so the receipt system must distinguish payment mode correctly.
Foreign contributions require a separate decision path. If the organization is legally eligible to receive them, FCRA controls include the designated account at the specified SBI New Delhi branch, separate bookkeeping and timely returns. Do not let a foreign-origin payment enter an ordinary domestic donation channel merely because the payment gateway accepted it. Statutory duties vary by entity, jurisdiction and current registration, so a qualified chartered accountant or lawyer should validate the trust’s compliance matrix before the committee relies on it.
Follow the money after it reaches the bank as well. High-value purchases for prasad ingredients, flowers, security and other services should use transparent procurement with tender summaries, documented bidder evaluation and contract disclosure. Benchmark rates periodically, rotate suppliers where appropriate, and require trustees and staff to declare conflicts of interest. Donation transparency is incomplete if collection is controlled but spending can be steered toward a related vendor.
A monthly dashboard should show collections by channel, reconciliation delays, unresolved variances, unusual rises or falls, and differences between festival footfall and recorded receipts. Geographic patterns in UPI inflows can also reveal anomalies. The audit committee should record the questions it asked, the evidence received, the person assigned to each correction and whether the correction was verified.
Devotees do not need access to personal donor data or operational security details, but they should be able to see the financial shape of the institution. A monthly donation-and-utilization bulletin can disclose receipts by channel, allocations to annadanam, vidyadan, arogya seva and heritage conservation, administrative overheads, and progress on capital projects. Annual publication of audit observations and management responses follows the spirit of proactive disclosure under RTI Section 4 even where the temple is not legally subject to it.
Finally, create an anonymous reporting route managed outside the accused person’s chain of command. State who receives a report, how it is triaged, when the audit committee is notified and how retaliation is prohibited. Anonymous allegations are not proof, but they are signals that must be preserved and assessed. A documented disciplinary matrix should distinguish procedural mistakes from deliberate misconduct and require police reporting when the facts indicate suspected criminal conduct.
When suspicion arises, preserve evidence before explaining

A rushed public denial can damage trust almost as quickly as an unproven accusation. It commits the institution to a story before the bank records, video, access logs and receipt sequence have been examined. The correct first response is controlled preservation.
- Freeze the affected process. Restrict access to the relevant hundi, counter, QR code, receipt series, user account or vendor payment. Do not destroy, overwrite or casually reorganize anything.
- Preserve original evidence. Secure CCTV footage, seal registers, counting sheets, receipt books, payment logs, access records, bank confirmations and related communications. Record who collected each item and who accessed it afterward.
- Protect the payment channel. Notify the bank, gateway or UPI partner when a digital account, settlement or beneficiary may be involved. Remove a suspect code only after its location and condition have been documented.
- Appoint an independent fact-finder. The person must have no operational responsibility for the transaction and no conflict involving the people or vendors under examination. The report should go to the audit committee or another independent governing body.
- Assess reporting duties. Obtain appropriate legal and accounting advice, preserve due process, and report suspected criminal conduct to the police when the evidence warrants it.
- Publish an investigation roadmap. Tell devotees what process is being examined, what evidence is being preserved, who is conducting the review and when an update will be given. Interim updates can state what has been examined and what remains without prejudging an individual.
Do not name an employee, sevak or vendor publicly merely because a discrepancy exists. A variance can result from error, system failure or misconduct, and the evidence must distinguish among them. Equally, do not use due process as a reason to keep devotees indefinitely uninformed. A credible roadmap protects both fairness and institutional accountability.
If your temple is beginning from weak controls, start before the next collection cycle. Publish the exact legal beneficiary names and official payment handles. Inventory every hundi, QR code and active receipt series. Assign separate people to custody, counting and reconciliation. Then observe one full collection-to-bank cycle and document every handoff. At the next monthly audit-committee meeting, review every difference and delayed reconciliation, assign corrective owners, and approve a public donation-and-utilization bulletin.
Your immediate test is simple: choose one recent collection and try to prove its path from the devotee’s hand to the bank credit and approved use without relying on anyone’s memory. Wherever the proof stops, place the next control. That is how a temple replaces reassurance with evidence and gives every offering the trusteeship it deserves.
