Creating and maintaining a strong internal control system is one of the most important steps that nonprofit organizations (“NPO”) and charitable organizations can take to mitigate risk, safeguard assets, and improve financial reporting.
This is especially important in the nonprofit sector because:
- there is a greater atmosphere of trust,
- revenues from donations are often cash-based,
- they are tax-exempt entities,
- there is a heavy reliance on volunteers who may not have business or financial expertise.
If you are the executive director or manage the operations of an NPO, you should regularly conduct risk assessments and evaluate the systems of internal controls that are in place in your organization.
What are Internal Controls?
Internal controls are the processes that have been put in place by an organization to ensure the integrity of the financial information and to prevent fraud. A good internal control system should have two different types of control activities: preventative and detective.
Preventative controls aim to deter errors or fraud from happening in the first place. Detective controls aim to identify and correct errors or fraud after they have already occurred.
This can be illustrated with an example of controls to prevent the theft of cash.
A preventative control would be to lock that cash in a safe, change the password regularly, and have only a few select people know the password to the safe. This prevents the theft of cash from occurring.
A detective control would be to perform daily cash counts and reconciliations to check that the cash on hand agrees to the expected amount. This catches if cash has been previously stolen so that it can be followed up on.
Importance of Internal Controls in NPOs
Internal controls are important for all organizations. They reduce the risk of fraud and ensure that accounting information and financial reporting is accurate. Internal controls also ensure compliance with laws and regulations.
Most responsible NPOs will use the Sarbanes Oxley act as a standard for their own financial practices to improve their internal controls and provide greater transparency to their financial activities.
Most NPOs have a higher risk of theft or fraud because they receive a lot of cash contributions and donated equipment and materials. The receipts of these contributions are often decentralized and solicited by volunteers. This increases the risk that they may be lost or stolen.
NPOs can also have complex reporting requirements. Often large contributions come with restrictions and reporting requirements. Without proper internal controls in place, there is a potential risk of the money being spent on the wrong activity or the reporting not being done correctly or on time. If any of these occur, the NPO runs the risk of losing the contribution.
Internal Controls in relation to Governance
The Board of Directors of an NPO have fiduciary duties and responsibilities, and with these responsibilities comes potential liability.
What does fiduciary duty mean? It means that the directors have a duty to safeguard and pursue the interest of the NPO and set aside their personal interest while doing so. Directors who do not follow the basic standard of care in exercising their fiduciary duties can be found liable for damages.
In addition, as part of their role, directors of an NPO are responsible for the appointment and evaluation of the management of the NPO. Management has direct responsibility for the establishment and maintenance of an effective system of internal controls.
Therefore, as part of these responsibilities, directors are accountable for ensuring that the NPO has established internal controls required to mitigate risk in the organization. It is important that directors understand and regularly evaluate the risks in the organization and ensure that the proper internal controls have been established and are working properly.
A board that actively discusses internal controls and checks up to ensure they are working properly sets a strong tone at the top that internal controls are important to the NPO.
Improving Internal Control using Technology
Even the best designed internal controls can breakdown. One of the primary reasons that internal controls stop working is because they were not designed for real-world use and are too difficult for people to work with. By using technology to make internal controls easy to follow it helps ensure they are used successfully. Here are two examples of how technology can improve internal controls.
Two signatures are required on all signing checks
This can often be difficult when the signing officers either work remotely or are travelling often. A breakdown we have seen is that people will pre-sign the cheques. This defeats the purpose of the internal control and inappropriate payments can be made.
A solution to this common problem is using a cloud-based payment system that allows signing officers to electronically authorize payments. Payments can then be authorized from anywhere in the world.
Review of financial statements and other reports
NPOs often rely on part-time employees for bookkeeping. The bookkeeper may not always be stationed in the office, and using and accessing a desktop software system can be difficult if you are not at the designated computer. This means that the accounting records may not always be up to date and regular reviews may fall behind. Moving the bookkeeping system to the cloud is a way to improve this internal control.
Cloud accounting systems are secure and can be accessed easily from any computer with an internet connection. You can log in to the system to record entries or view the financial reports regardless of time and location. This makes it easier to keep the books up to date and to review the reports so that problems can be caught earlier on before they become bigger issues.
Implementing Internal Controls
Setting up a system of internal controls is a time-consuming process. Each NPO is unique and has a unique set of risks which are based on its operations and the resources it has available.
For example, an NPO with lots of small cash-based donations from a large pool of donors may need to place an emphasis on controls over ensuring that cash is not stolen.
Meanwhile, another NPO with only a few but largely restricted grants would be more concerned with setting up controls that ensure the money is spent on the appropriate activities and reporting is done correctly and on time.
Some organizations might establish an internal audit department and hire internal auditors to evaluate the effectiveness of their internal controls and address their internal and external risks.
However, if your organization doesn't have the resources for an internal auditor, the best place to start is by asking questions about the risks and internal controls. What are the financial risks of the NPO, what internal controls have been put in place, and are those internal controls working as designed?
At Enkel, we've helped many nonprofit organizations manage their books through secure cloud-based technology. Learn more about how we work with nonprofit organizations today.