Ensuring Internal Controls and Financial Accountability for Not For Profit Boards
In order to keep the spotlight on all the good work your organization is doing, focus on maintaining a financially sound organization. Internal controls help with the budgeting process, identifying and optimizing successful processes, and deterring fraudulent activity. Any form of criminal or nefarious activity involving your nonprofit is a dreadful thought. Luckily, this sort of thing doesn’t happen often. In addition, internal controls are an easy and low-cost method to protect from many financial risks.
If you are working to mark items off your nonprofit treasurer checklist, consider this article an opportunity to begin or strengthen your internal control policies. We’ll discuss how to begin designing your policies and give you our top 5 tips.
Here’s what we’ll cover:
- What are Internal Controls and Why do they Matter?
- How to Design Internal Control Policies
- 5 Tips to Improve Financial Security
What are Internal Controls and Why do they Matter?
Internal controls are simply written policies written in the foundational documents of your organization (see our sample nonprofit internal controls policy to get started on drafting yours). If the policy is followed, all staff are aligned on processes resulting in smooth operations, time savings and better financial management. As an added bonus, and similar to bonding your nonprofit treasurer, the organization is more likely to prevent fraud, theft, embezzlement, and misappropriation of funds.
Typically, these policies are adopted by the board of directors when the organization is first formed. As your organization grows, and additional situations come to pass, the policies often require updates. Although it may seem a bit formal, any changes must be amended by official action.
Unlike a nonprofit treasurer report template, which can be updated by the Treasurer on the fly, alterations to financial policies are typically presented by the board and then approved through a formal motion and a board vote. All of this is reflected in the minutes to ensure all are aware of these important changes.
There are three major principles regarding strong internal controls: restricting access, separation of duties, and transparency. Let’s go into a bit more detail on each.
Restricting Access to Funds
First, the physical control of funds should be restricted to the people who need it. This is called the "custody of assets" and pertains to cash, account numbers, credit cards, and passwords. Just as you tightly control your personal information and assets, limiting access to your organizational assets to a select few individuals adds a level of security.
Salma knows how to restrict her funds to the strict minimum!
In addition to limiting access to important financial information and instruments, focus on the physical safety of assets as well. Just like you wouldn’t leave thousands of dollars of your personal money in a cookie jar on the counter, proper storage of organizational assets is just as important.
Separation of Duties
Second, once you have the controls you need on assets, consider a formal separation of duties. For example, multiple people can have access to control funds; however consider defining each person's specific role in the process. Perhaps prior to the treasurer depositing funds gathered from a fundraising event, they document what was raised by various sources. Another board member can review the information and confirm its accuracy prior to deposit.
Similarly, internal controls can mandate that multiple people be involved in writing checks to pay for goods and services. Having at least two people involved in key finances helps lead us to the third main principle of financial controls: transparency.
The final principle is transparency. When donors, board members, and others can see exactly how money is being spent, everyone can feel safe and secure that all transactions are legitimate.
Donors feel comfortable giving because they know their precious financial gifts will be used only for furthering your mission. From the standpoint of the IRS and other governmental agencies, you can rest assured they’ll be able to see you are following all applicable regulations.
How to Design Internal Control Policies
By using the above three principles you can, with your board of trustees, outline a set of internal control policies. The first step is to take stock of where you could improve organization or processing and see where you will need controls.
Focus on how money can be transferred out of the organization and envision scenarios to help you craft sound policies. The board can review all of these procedures (e.g., requiring a monthly nonprofit treasurer report) and potential weaknesses, then make recommendations.
You’ll want to break every procedure down into detailed steps (see our sample financial policy for nonprofit organizations for assistance), and make sure to define the following:
Who is Responsible?
For example, paying bills. Who has this task? You certainly don’t want too many people responsible, but ideally, multiple people could accomplish it if need be. For example, if your bookkeeper is sick for an extended time, the executive director could handle paying bills. The important thing is that the roles are defined in writing for all to see.
Who Has Access Rights?
The person paying bills, whether a full-time employee or volunteer, needs some level of access to checking, debit, or credit cards to accomplish this task.
Matthew appreciates all he's learning about financial accountability!
Who Has The Authority And/Or Final Say?
Every transaction should be reviewed and approved by a responsible person. In a large organization, there may be a hierarchy of staff and supervisors, but for smaller organizations, you may need to have one of the board members act as a reviewer and approve a transaction. The key is that one person can’t transfer funds without someone else having a look to make sure everything looks legitimate. Payroll, check writing, payments, deposits, and more need to be subject to approval, monitoring, and expense authorization.
Pro Tip: Speaking of small organizations, it is important to realize that the needs of organizations can vary depending on size. We have a related article focused on the five internal controls for a small nonprofit that is a perfect starting point for our partners on the smaller end of the spectrum.
What Information is Recorded?
Documentation is key to transparency. If there is ever a question, you can then verify what steps were taken and that everything was done correctly. For instance, a payment was made to a service provider. The service provider later says they never received it. By keeping good records on your end, you can see that the accountant wrote the check, the executive director and a board member provided their signatures, and it was put in the mail.
Pro Tip: For each financial process, create a visual aid like a flow chart. This will help the board and other decision-makers see who is responsible for each task.
5 Tips to Improve Financial Security
Improving the financial security of your organization can often be accomplished through some easy-to-follow and low-cost measures that won’t break the budget.
1. Ensure good password security for your nonprofit treasurer software and all financial accounts. Recently, many passwords have ended up on the "dark web" for hackers to use at will to hack into websites. Never use the same password for more than one site, and periodically change your passwords. A good password manager that has team features to share securely.
Pro Tip: If you struggle with developing unique passwords, updating passwords regularly, and/or remembering what they are (who doesn’t?!), consider a password manager system. For example, LastPass, and other password manager sites, remembers your passwords so you don’t need to. After you log in, save each of your passwords to the tool once and let it take over. LastPass has a password generator for creating lengthy, randomized passwords on your behalf for each site you visit and then logs you in each time you visit.
2. One of the important recommendations in our nonprofit policies and procedures manual template is to ensure good physical security. In addition to focusing on the custody of assets (credit cards, checks, and account numbers), make sure to have a secure cabinet or safe to store these items. Don’t forget to regularly update the combination just like you would do for a password!
3. Assign multiple people duties for each process. This is a great way to ensure someone is always checking on someone else’s work. For instance, one person can prepare the books, another can sign off on it, and the third can do the bank reconciliation. The same goes for invoices: have one person prepare them and another person review them.
4. Hire an external accountant to help identify weaknesses in financial management. Many organizations know that accountants can help with all sorts of financial tasks like tax filings and report preparation. They’ll also be able to spot areas that you may not have thought of where your financial security could be at risk.
5. Keep a clear written history of all transactions. This financial reporting protects everyone along the chain and if there is a discrepancy, the source can be found quickly.