Tips for Building Effective Internal Controls at Small Non-Profit Organizations
"Working in a very small nonprofit, I’ve found creating internal controls to be very challenging. We have a contract bookkeeper who balances all of our bank statements, and our board members [are] the bank signers, including approving and signing checks, so that helps. What are some other ideas with a nonprofit that has only 1 full time and 1 part time staff? Thanks!"
Segregating incompatible duties can be difficult with a small number of staff, and it sounds like this organization has done a good job of involving volunteers who have a legal commitment to the organization (i.e. board members) in its procedures. That’s a great start. Here are a few ideas to help you institute effective internal controls at your very small organization.
Identify Risks to Build the Right Internal Controls for Your Non-ProfitWhen pondering internal controls, it’s always a good idea to identify the risk you are trying to control, then work out the best possible solution given the limits within your organization. Be aware of these three common risks.
Appropriately Segregated RolesOne of the issues presented in my April 1st post about fraud was that the accountant who accepted payments from customers also approved the write-off of overdue account balances, enabling her to divert payments from the company bank account. If accounts receivable of any kind are part of your operations, you should segregate these two duties. Someone other than the bookkeeper or the person who opens payments that are received in the mail should be the person to review the AR aging every few weeks and approve any write-offs. This could be the executive director or the treasurer.
Sensitive Data Security
Another risk is that donor or customer information, such as credit card numbers or account and bank routing numbers on checks, might be used for unauthorized purposes. Segregating duties is probably not as important in this case as having procedures in place that require securing and destroying the data that’s at risk. If you keep this information on paper, be sure it’s locked up. Better yet, don’t keep it: you can blank out the routing and account numbers on checks even if you keep copies for a while. Have good procedures in place for shredding this information as soon as you no longer need it. Make sure two people work together to destroy it so you can be confident that it was done thoroughly and completely.
Fixed Assets Growing Legs
Fixed assets that are portable – laptops, cameras, cell phones, office keys – may be used at home and not returned, so record their descriptions, including serial numbers, when they are assigned to employees or board members, and ensure that they are returned. Once a year, staff can work together to do a formal inventory of all the assets on your list of owned items.
Remember that the control environment is very important, even in very small nonprofits or businesses. If everyone involved in an organization respects
the procedures and the policies that have been put into place, if management (the ED and the board) disciplines folks who are careless or who break or
ignore the rules, the control environment is strong. People understand that the culture of the organization is one where adherence to guidelines is expected,
and they are aware that the people in charge are paying attention. On the other hand, if members of staff or management complain about the cumbersome rules
or show disrespect for them in other ways, or if board members simply don’t ever find the time to do what they’ve agreed to do, the control environment
is weak and provides opportunities for others to take what’s not theirs.
Effective Internal Control Culture
Jitasa Guest Blogger
Nancy Church, CPA, Nonprofit Accounting Consultant nfpaccountinghelp.org
Read Nancy's original blog post.