Establishing sound internal controls is important for every nonprofit. These controls help ensure funds are not misappropriated and help keep fraud from occurring. However, establishing internal controls can sometimes prove difficult. Larger organizations may be able to more easily develop processes that allow for the proper segregation of duties, while smaller organizations may be more challenged in doing this. Nevertheless, below are some of the common internal controls that should exist in nonprofits, regardless of size, because these controls are often reviewed by auditors as part of the annual financial audit.
- Individuals responsible for reviewing and approving transactions should not have the ability to post transactions or edit information in the accounting system and should not have similar access to the payroll system.
- Individuals responsible for posting and editing transactions in the accounting system should not be the individuals tasked with completing reconciliations. If this is not possible, then the reconciliations should be reviewed and signed by an individual who does not have access to post and edit such transactions. Bank and credit card statements should be attached and reviewed along with the bank and credit card reconciliations.
- Payments should not be made without obtaining proper approvals. A clear approval policy should be established which documents thresholds, and payments over a determined threshold should require dual approvals.
- The payroll register should be reviewed and approved by an individual other than the individual responsible for entering and processing the payroll.
- Journal entries should be reviewed and approved by an individual other than the one who prepares and records the entries in the accounting system.
- A member of the board should review and approve the executive director’s expense report prior to reimbursement.
- Blank checks should be stored in a secure location and access should be restricted to authorized personnel only.
Each nonprofit’s situation will be unique in terms of the controls that are established. In some cases, a board member may even need to take on the role of review and oversight, especially in smaller organizations with smaller headcounts. Nevertheless, once controls are in place, they should still be reviewed, at least annually, to ensure they are working effectively and are being properly followed. More information on establishing and measuring internal controls can be found here.