Most charitable organizations, trade and professional associations, taxable subsidiaries, and foundations rely on the trust and financial support of the public to run their organizations. Without that trust, mission-critical programs could lose the necessary resources to have an impact. Developing internal controls (financial management practices that ensure proper use of assets) are essential to ensuring not-for-profit funds are in place to support key programs and the overarching mission.
3 Hallmarks of Strong Internal Controls:
Even with limited resources (personnel and financial), it is possible for organizations to create the strong internal controls needed to ensure proper use and prevent fraud. As you prepare to create sound financial management practices, focus on these three principles to mitigate risk of loss across your organization:
- Ensure Security of Your Assets
Think of your not-for-profit assets in terms of a chain of custody, with the flow of assets being tracked and secured. Develop control activities that also include strong physical restrictions such as security and locks for both cash and the information needed to disseminate or transfer it (i.e., PINs, credit cards, petty cash, passwords, financial/accounting software, or account numbers). Such information should be locked and secured at all times with clearly defined authorization thresholds (more on this in the next section).
- Checks and Balances
For your internal control practices to work effectively, your procedures should ensure that access to assets is never given to a sole individual. Instead, sound financial management practices leverage checks and balances, or separation of duties. A great example would be utilizing a cloud-based disbursement system that directly syncs with your accounting system. Such systems reduce the potential for fraud by providing automated workflows with built-in approval and system controls.
- Clear Roles and Full Transparency
Sound internal control policies are always fully disclosed to all stakeholders, with all parties having clearly defined roles. The risk of misuse of funds is greater in organizations without clearly defined internal controls. Be transparent and share clear financial management policies across your organization. Clarify roles and ensure your staff and stakeholders understand who does what. Document these policies so they can outlast any single individual’s tenure in a certain role.
Creating an Internal Controls Checklist
The Committee of Sponsoring Organizations’ (COSO) Integrated Framework lists five general components of internal controls: control environment, risk assessment, control activities, information and communication, and monitoring. As you develop your internal controls, examine the specific needs of your organization while letting these factors serve as a sound foundation to your management practices. Let’s examine 3 of these factors below.
1) Control Environment
Create an organizational culture where dishonest behavior and lack of accountability are not tolerated. It is essential for those charged with financial oversight to practice responsible behavior, with management embodying the ethics outlined in internal control policies.
2) Control Activities
These are the actual procedures that provide the checks and balances. Control activities minimize the risk of fraud by making sure your assets are less likely to be jeopardized. Consider:
- Separation of Duties: Duties should be divided with clear boundaries on responsibilities. If, for example, a marketing director is charged with preparing a quarterly statement for expenses, a treasurer or board member should review these numbers for accountability and discrepancies. For smaller organizations, this principle could translate into one individual counting and logging donations received by mail, and another depositing them.
- Reconciliation: This is the process of reviewing and comparing transactions to supporting documentation. Reconcile all assets and liabilities routinely (with cash being reconciled monthly) to uncover any possible asset diversion.
- Authorization: This is the process where transactions are approved by staff based on certain thresholds (dollar amounts) and ranges of knowledge. Authorization controls help you avoid invalid transactions.
Controls must be routinely monitored and assessed for compliance and effectiveness across all levels of your organization. Develop management protocols for routine audits (internal and external via a third party) in order to ensure that any weaknesses or vulnerabilities in your internal controls are quickly communicated. Performance reviews and audits can help ensure accountability and lessen the risk of fraud across your organization.
Vault Consulting provides outsourced accounting and financial management services for nonprofits, associations, and their affiliates. We tailor our services, helping you implement industry best practices for internal controls as we work to understand the unique challenges of your organization. Contact us for more information about internal control assessment and financial management for your organization.