3 Internal Controls to Protect Your Nonprofit Finances
One of the best ways to utilize a finite amount of money is to protect it. Perhaps nowhere is this more true than in the nonprofit world, where budgets can be limited and fraud rampant, despite good intentions and perceived safeguards. Often, nonprofit fraud isn’t the result of ill will (although sometimes it is), but people down on their luck, simple mistakes, or pure opportunity born of a lack of internal controls.
For most nonprofits, preventing fraud and protecting your nonprofit finances doesn’t have to be a gargantuan task or complicated endeavor. Instead, a series of intentional internal controls can help guide your organization and organizational finances into success.
The role trust plays
Nonprofit organizations are often comprised of dedicated individuals who strive to accomplish the same types of goals. They’re service-minded, compassionate, and hard working. And yet, fraud and loss still happen with alarming (and unnecessary) regularity, even in the nonprofit world. You may trust your employees and volunteers and they may show you the same trust, but things can happen, which is why, as we discuss later, visibility is so important.
People can make mistakes or intentionally defraud a nonprofit in much the same way as a for profit business, which is to say, quickly and quietly, before you even know what hit you. By following a few simple guidelines, you ensure that your leadership, employees and volunteers aren’t able, willing, or otherwise inclined to defraud you--even if you think they’d never even consider it.
Nonprofit risks you want to avoid
Nonprofits are arguably more vulnerable to fraud than their for profit counterparts, which emphasizes the need for good internal controls. Nonprofits make themselves vulnerable based on the very nature of the job. Although the risks are varied, they often fall into these categories:
We’ll discuss this again later, but nonprofits often get into trouble with technology that is not secure. This can be because of unsecured networks, poor software and tool choices, and easy-to-access records.
Because people within nonprofits are often busy and more “corporate” procedures may not be in place, it can be easier for employees to skim cash, alter records, inappropriately reimburse themselves, etc. Later, we’ll discuss the need for transparency of process that can help prevent this type of fraud.
Because nonprofits often have a lower base pay and higher workload, it helps if you are dedicated to the causes nonprofits work toward. Sometimes, nonprofit organizations hire the wrong kind of employee, and turnover happens more often than they’d like. Similarly, nonprofit employees may burn out more quickly than their for profit counterparts. Nonprofits also often use contractors to help fulfil roles they cannot fill on their own.
While this, especially the use of contractors, isn’t a significant problem, introducing more people into a place with lax policies can invite trouble. This leads to, among other things, nonprofits investing less in employee training, which makes it easier for bad apples to defraud the organization.
Start with company culture
One of the best things your nonprofit can do to prevent wrongdoing before it has a chance to develop into something more sinister is to develop a company culture of leadership, transparency, and accountability. Nonprofit leaders should model the sort of behavior they hope to get from their employees and volunteers, holding themselves to the same financial procedures of the rest of the company. If employees are expected to submit receipts, then so must leadership.
A sound financial culture also involves exercising financial discipline and monitoring everything that happens with your organizational finances. This means that employees and volunteers should be trained regularly on financial policies and procedures, as well as tools and expectations. All nonprofit budgets should be reviewed and eventually approved by the nonprofit board. They should also be regularly monitored by leadership as well as by the nonprofit board.
You may consider implementing a formal code of conduct here, which will help govern exactly what your employees, including leadership, are and aren’t allowed to do. Codes of conduct are immensely helpful in protecting everyone, eliminating confusion over behavior and policy, and preventing loss.
Overall, company culture should focus on total (where appropriate) transparency. This begins with members of leadership modeling this behavior and holding themselves accountable. It can be reinforced with policies that support transparency, such as whistleblower policies, conflict of interest policies, etc.
Develop good policy
Speaking of policies, this is a great place to help protect your nonprofit with sound internal controls. Your nonprofit board can help you identify and implement financial policies that will help keep your organization safe, but they’ll need to be monitored by members of leadership in your organization. If you’ve implemented the right company culture, this should be easy!
Such policies often fall into five basic categories:
Even nonprofits have money coming into and leaving an organization, and it is important to have policies in place to oversee and protect it. Creating a system of checks and balances for money makes sure that it doesn’t disappear, whether by accident or theft. The party responsible for your finances should frequently reconcile your accounts, which will of course be overseen by leadership.
Your nonprofit should make sure every person with access to a credit or debit card through your organization knows how they’re allowed to use it and how reimbursement works for purchases on a personal card. This stops problems before they happen, and allows leadership to review purchases, set a threshold, and oversee the correct use of cards.
Payroll is an easy place to reduce risk by ensuring there’s a bit of oversight. No single person should control all of payroll, so make sure you have people rotate through, work in tandem, etc. If you don’t have the capacity for that sort of thing, work with an outside company or contractor to ensure correct and worry-free payroll operations.
Policies to Promote Transparency
We’ve discussed this a bit, but having formal policies that protect workers can also protect your nonprofit organization. Conflict of interest disclosures and whistleblower policies/hotlines protect employees, board members, and volunteers, as well as the organization.
Because so much of what we do relies upon technology, it is also a source of weakness for organizations. By training your employees about potential scams and threats to the technology your organization uses, you can prevent loss.
Carefully consider the tools you use and who gets access to them. Make sure you’re interacting with reputable software and have excellent internet security. Ensure that you’ve got a plan of action in instances where you suspect security may have been violated, and teach and regularly update your employees and volunteers about potential threats.
If you have the resources, you may also consider an internal audit department, which can help navigate your finances throughout the year, even if things are going well. It may be that things are going well precisely because of such a committee or department.
Utilize effective tools
Although technology can open up an organization to potential risk, it is also part of the solution. When resources are scarce, the right tools can make a huge difference in a nonprofit’s ability to offer the kinds of services that make them unique in a community. Organizations should not be afraid to utilize technology, but they should approach it from a place of knowledge.
The key to making technology work for you is technology controls, which can be external or internal. Your bank, for example, may limit purchase cards or electronic funds transfers, which can protect your organization. Things like automatic bill pay can help control who takes money from accounts, and blocks and filters offered by banks can protect you.
Ultimately, reputable software companies have plans in place for privacy and loss prevention. They’ve got resources in place to show you how secure things are, train you on proper use of said tools ,and support you if anything comes up. By choosing your tools and technology carefully, you can prevent many problems that may arise. Evaluate the vendors you work with, learn how to utilize your tools, and make sure you’re overseeing technology too–a human touch can go a long way.
Finally, regularly keep your employees and volunteers updated on current phishing or phone scams local to your area, policy changes, etc.
The bottom line
If we are to summarize what it takes to protect your nonprofit finances, it would be that there should be a lot of eyes on things at all times. Even when you’re sure you can trust a person or process, know that things can happen. Desperate situations often force unpredictable behavior, even from people who have your best interests in mind. By developing a transparent company culture, strengthening your internal controls, and evaluating the technology you use, you can build a nonprofit with a secure financial base, equipped to serve your community for years to come. And, when in doubt, always remember that you can (and should!) run it by the board.