By Preston A. Jones, CPA, Business Assurance & Advisory Services Senior Associate | Not-for-Profit Team
Every company relies on internal controls to reduce the risk of errors and fraud. Most internal controls rely on segregation of duties and several levels of oversight and review. It is no secret that many not-for-profits have pressure to minimize general and administrative expenses, and as a result, often end up with a small staff and have a harder time instituting these controls. It is important that you do not let that stop you from establishing a strong internal control environment to help reduce the risk of errors and fraud in your organization. We have listed several important controls below that can be instituted without needing a large staff.
- Have clearly defined (and documented!) roles
Do not let anything slip through the cracks because everyone thinks someone else is responsible. For example, if a check comes in the mail, is the person who opens it different than the person who will deposit it? Which one is supposed to log it into the contributions ledger? Take the time to institute official procedures for the various types of transactions you incur during the year, and document them in a procedures manual so every employee will know their responsibilities and can be held responsible.
- Have strong physical and I.T. controls
You do not need a lot of employees to ensure important items are locked up. Always lock access to petty cash, check stock, and any high-value inventory. Computers and software should be password-protected. Each user should be assigned a unique username and password. Add additional controls to your passwords by requiring new passwords after a set period, and requiring passwords include various character types, including lowercase letters, uppercase letters, and numbers.
- Limit the use of cash whenever possible
If someone is going to embezzle funds from the organization, it is much easier to do it with cash than with checks or electronic payments, so make sure you use the latter two options as much as possible. Whenever it is impractical to require check payments or wire transfers, ensure there are two employees present for the receipt and counting of cash. Also remember that the sooner cash can be deposited, the better. The longer it sits around, the more opportunities there are for it to be lost or stolen.
- Ensure you have proper controls over credit cards
Many organizations have company-issued credit cards to various personnel, and it can occasionally be a gray area determining what is or isn’t a business-appropriate expense. Establish specific guidelines for credit card use, and make sure a responsible employee is reviewing the statement in detail every month. It’s important to make sure everyone knows that employee can and should ask questions regarding any unusual line items shown on the monthly statement. In addition, make sure recovering credit cards is a standard procedure for terminated employees, as you would never want someone to leave the organization and still have a credit card.
- Keep the Board informed and involved
The smaller the staff of an organization, the more important it is for the Board to stay involved. If a staff is too small to have proper segregation of duties, the Board – or at least the Treasurer – needs to be regularly reviewing bank statements and financial reports for any unusual activity. It is important to ensure the Board has a financially knowledgeable member to know what sort of red flags to look out for. There should be regular discussions between the Board and management to discuss the control environment and ways to improve it.
Questions about improving internal controls in your not-for-profit organization? Contact your Keiter representative or firstname.lastname@example.org | 804.747.0000. We can help.
Preston partners with his not-for-profit clients to identify compliance opportunities. He also develops, performs, and supervises completion of audit procedures for numerous not-for-profit entities as well as for-profit businesses. Read more of Preston's insights on our blog.