Implementing Effective Internal Controls for Nonprofits

Many nonprofits rely on the trust, goodwill and financial support of the public to run their organizations. When nonprofit funds are misused, the loss can have a direct impact on the ability for certain programs and services to operate.

While cases of fraud and embezzlement are unique to each organization, most are caused by a lack of effective internal controls. When effective internal controls are implemented, followed, tested and updated on a regular basis, the risk of fraud is greatly reduced or eliminated.

While it is almost impossible to have a bulletproof set of internal controls, there are several control activities that assist in the detection and prevention of fraud. The following are extremely effective internal control activities.

Separation of Duties 

With separation of duties, responsibilities are assigned with clear boundaries for each function. Certain related tasks assigned across various levels of an organization ensure that one individual does not have too much control over the larger process as a whole. A simple example of separation of duties for the cash disbursement cycle would include separating the duties and responsibilities for requesting payment of an invoice, authorizing payment of an invoice, processing of an invoice and signing the checks for payment of an invoice.

Once checks are cut by the accounting department and signed by an authorized check signer, they should be mailed out directly by accounting. Checks should not be returned to the person requesting payment, which may allow a perpetrator of fraud to deposit them into an improper bank account. Separation of duties should be applied across all of the large accounting cycles of an organization including cash receipts, cash disbursements, payroll, and financial reporting.


Reconciliation involves the review and comparison of transactions to supporting documentation. For example, the ending balance of a general ledger account should be compared to an internally confirmed schedule or third party report, and all reconciling items identified and resolved.

It’s a good idea to reconcile all assets and liabilities on a routine basis. It is particularly important to reconcile cash on a monthly basis. Reconciling the reported cash balance to a monthly bank statement is one way to begin to identify if assets are being diverted. This can help uncover fraud schemes such as check kiting and skimming. It is important to assign reconciliation responsibilities to someone other than the person involved in the transactional processing function.


Authorization is the process in which transactions are approved by staff based on certain thresholds and range of knowledge. This can prevent invalid transactions from occurring, such as purchases over a certain dollar amount or purchases for unauthorized goods and services. This level of control should be assigned to upper management staff. It’s a good idea to have the person in charge of accounting or even the treasurer involved in some level of authorization control.

An effective combination of these important control activities can help focus an organization’s policies on both the detection and prevention of fraudulent activity. The implementation of effective internal controls is the responsibility of management and the board.

If you fear that your organization’s internal control environment is at risk, it is up to you to be proactive in assessing and improving it. It’s important to take the necessary steps to avoid becoming the next organization to become a headline news story involving fraud. To learn more, you can download our free white paper: Internal Controls – A Nonprofit’s Achilles Heel.

Please contact us for more information about internal controls.