The Holy Grail of Nonprofit Tips ✨
Get all of the information you need to efficiently manage your nonprofit with our monthly newsletter.

5 Internal Controls Your (Very) Small Nonprofit Should Adopt


Internal controls are procedures put in place to ensure that financial controls, private donor data, account permissions, and access to cash are as protected as possible from the potential for misappropriation or misuse. In addition, they are used to define proper procedures for certain tasks, making sure there is documentation (such as a nonprofit treasurer checklist) for every process to reduce human error and facilitate time savings. 

Having a solid plan with guidelines to increase security can help keep private or sensitive information, well, private! Some controls also focus on requirements for those who can be authorized to ensure they are trustworthy and responsible enough to handle confidential information.

While it is critical for all organizations to have something similar to our sample nonprofit internal controls policy in place, this is especially true for small nonprofits.

Here’s what we’ll go over in this article:

No time to read this article now? Download it for later.


Why Do Small Nonprofits Also Require Strict Internal Controls?

Smaller nonprofits, charities, and churches are more often part of a tightly knit community, which can make security precautions difficult. The organization and its members need to remember that one of the biggest benefits to controls is actually time savings. Everyone can refer to the nonprofit policies and procedures manual template to understand what needs to happen in different areas of the organization rather than trying to "recreate the wheel" each time a situation presents itself. 

Because of the community that typically presents itself in small organizations, security measures may be omitted or overridden out of a desire to not offend through seeming distrust. The less-restrictive access, and often minimal supervision, promote situations where there is a greater level of human error. Members could end up making a mistake like counting the money twice or forgetting to enter it. While these small errors may not seem like a huge ordeal, when the numbers do not align during an audit, more work is created for everyone involved when they try to figure out the cause of the discrepancy.

Although much more uncommon, loose controls create opportunities for bad actors. Often nobody discovers that embezzlement or misuse of funds has occurred until either bill payments fail or the accumulation of theft over time results in such a staggering amount of missing funds that it draws attention. 

The consequences of inadequate internal controls can be significant, no matter the size of the organization. Theft of resources is never ideal. However, if your organization fails to safeguard your donors’ private information and it is ultimately stolen and used for fraudulent activity, important relationships may be damaged and your nonprofit may be found legally liable. 

five-internal-controls-very-small-nonprofit-control-accessEffective internal controls are giving Peter peace of mind.

Remember that when fraud happens, most of the time it happens within the organization rather than from people on the outside. Smaller nonprofits are at a higher risk for a variety of different reasons.    

Smaller organizations are often targeted for fraud more often because these associations are usually not as well-structured as a larger organization. 

Here are some ways you can improve loss prevention!


#1: Control Access To Your Nonprofit Documents

The various risks depend on whether the sensitive documentation you have is physical copies or digital versions. Many organizations have (and should have) both. 

Tangible assets such as financial documents, checks, credit cards, and cash should always be in a secure location. A few trustworthy individuals should have the ability to access these items. 

Even though digital representations of these assets are stored within your accounting or nonprofit treasurer software or on your hard drive, the concepts involved in safeguarding these items are similar.

Ensure that all data is encrypted and password protected. That includes security software that not only prevents internal probing but also keeps sensitive information from being hacked by outsiders. 

Pro Tip: If you use nonprofit or specialized accounting software, these security factors are taken into account by the software provider. For example, Springly encrypts all of our users’ data and we have a dedicated cybersecurity team to keep your data safe.

Change passwords frequently, or use a password manager, and be sure to limit access to the people that need to access the documents regularly. When there is staff or volunteer turnover, ensure that updating key security measures, like access, is part of the process. 

This is exceptionally important due to the tendency to place trust in the people around you and that is great to have such trust! Remember that these precautions are not a negative reflection of the people in your organization, they are intended to limit the risks and protect everyone involved with the nonprofit.

Providing security will not only give your donors peace of mind but will grant your organization integrity and a reputation as a safe place for donors to perform transactions!


#2: Always Apply Segregation of Duties

Even our government uses a system of checks and balances to help prevent exploitation and improper behavior. Let’s take a page out of their book and apply this best practice in your nonprofit! 

Segregating duties makes certain that no one person has complete control over a procedure. By giving multiple people in the organization different but coordinating financial responsibilities, the organization benefits. There are opportunities for collaboration and the organization benefits from having multiple viewpoints in maintaining and updating processes.

For many facilities, this is standard procedure because it is a great way to prevent fraud, sabotage, theft, misuse of information, other potential security compromises, and, most commonly, mistakes! The process works by simply making sure that duties related to a procedure, such as finalizing payroll checks or requiring multiple signatures for purchases above a certain threshold, for example, are divided up among different people. 

One person may be responsible for cash receipts and computing payroll, another may be responsible for dispersing checks to pay invoices from vendors, a third for deposits, and yet another whose job is reimbursing expenses via cash disbursements. All of these activities may be summarized in the monthly nonprofit treasurer report (reference our sample nonprofit treasurer annual report template for more information).

With different people fulfilling or serving as an approval step in the process, something unusual is quickly discovered and can be evaluated to determine the root cause. Regardless of why there is a discrepancy, there’s less chance that the situation will escalate out of control and simple mistakes will be caught early before they become complex errors or impact the overall budget. 

five-internal-controls-very-small-nonprofit-dutiesOliver is framing up how he'll be delegating duties at his organization.

The separation of duties is a very simple, efficient, and affordable way to prevent fraud and errors even with smaller organizations, so implement these procedures as soon as possible to develop this habit while your organization is still growing.  


#3: Create Policies and Procedures As Soon As Possible

Another great internal control to have is a statement of policies and procedures. Internal controls and financial accountability for nonprofit boards leave no doubt what the executive director and each board member’s responsibilities are. Spelling out exactly how things need to be done promotes efficiency and security for each aspect of your organization.

All team members should be aware of this document and in agreement to reduce the chance of friction and allow your organization to perform as smoothly as possible. 

It may seem superfluous to establish all of these guidelines when an organization is still small and growing, but the sooner these tenets are in place, the better. You can always amend and improve the procedures along the way, but the earlier you have these rules in place, the sooner you can use them for the onboarding of new team members or volunteers.

This also encourages smooth transition when there is turnover or someone is temporarily unavailable as everyone will know that they can consult this manual to understand how to proceed. 

Remember the famous saying: if it costs you your peace of mind, it’s too expensive.


#4: Review Your Bank Reconciliation Each Month

Every month, or more frequently if you are dealing with a substantial amount of deposits and other transactions, a member of your staff should be performing a bank reconciliation for monitoring transactions, income, and expenses. 

Bank reconciliation is just the process of taking your nonprofit’s bookkeeping and comparing it to the bank statement to make sure that everything has been accounted for and the results are accurate. 

In keeping with the segregation aspect of our sample financial policy for nonprofit organizations, this should be someone other than your bookkeeper. 

Performing this activity can help you discover if something doesn’t add up with the finances. The cause may be an internal compromise or simply an honest mistake. Regardless, you gain the opportunity to set things right before things become costly. 

Nonprofits are closely watched by the public and the IRS, so the importance of accurate records is more important than ever. Bank reconciliation is one of the best ways to keep up to date with your information and provide a double-check of financial data.

five-internal-controls-very-small-nonprofit-bank-reconciliationSalma is checking her bank activity at the end of the month!

If you haven’t started yet, this is the nudge you’ve been waiting for! Thankfully, if you are a small organization, it is not going to take a lot of time, so establish this good habit as soon as possible.


#5: Conduct a Background Check

Similar to whether bonding your nonprofit treasurer is a good idea, background checks can be a controversial topic. However, it is worth consideration. No matter the size of an organization, whenever anyone is being considered for a role that will provide them access to finances, private information, or other resources which can be misused, it may be good to run a background check.

While this may be an awkward conversation to have for small community organizations due to the trust factor, approaching this as a standard requirement for anyone in specific positions (and backed up in writing by your Statement of Policies and Procedures) can make a difference. 

It may seem odd at first, but when you think that nonprofits are all about transparency and reputation, there shouldn’t be anything unusual about requiring a background check as standard procedure. 

While this background research is not a foolproof solution to protect your organization, it does provide you with certain information that you may want to discuss prior to bringing people on board to fill particular roles. 

The process is simple and will provide added peace of mind to everyone given the high stakes involved. 

Enjoyed the article? Download it to keep or share with others!


Springly-CTA banner accounting

Member Management

Everything You Need to Know Before Buying a Membership Database Software

15 min read

A Detailed Breakdown Of Nonprofit Accounting Basics

10 min read

How to Build the Perfect Nonprofit Board of Directors

5 min read