Overview of Internal Controls for Nonprofits

Nonprofit organizations aren’t immune to fraud. The Washington Post found that among approximately 1,000 nonprofits, losses due to fraud, theft, and embezzlement amounted to close to half a billion dollars in total.[1]

The report, based on tax returns from over five years in which nonprofits indicated losses due to fraud, is just the tip of the iceberg. The Association of Certified Fraud Examiners report in 2005 linked 12% of the fraud cases they had studied to nonprofit organizations.[2] No organization is immune to theft.

Among nonprofits, taking funds for personal use is perhaps the most commonly reported theft. And it’s the easiest to prevent. Unlike larger for-profit companies who report intentional errors made on financial reports as their biggest problem, nonprofits face a problem with a clear solution: internal controls.

Among other benefits, internal controls are the safeguard against temptation for your employees and volunteers. While simple in concept and execution, they can prevent many instances of fraud and theft.

publication by the Virginia Society of Certified Public Accountants explains that good internal controls are essential to:

  • Prevent loss through errors, misappropriation of funds, or theft
  • Prevent an “honest” employee from making a mistake that can ruin his or her life
  • Document the responsibility of the board as it safeguards the assets of the NPO
  • Assure that all transactions are properly authorized and recorded

While seemingly time consuming, the simple act of having two people present during the petty cash audit protects both employees and assets—a distinct advantage of using adequate internal controls.

A Clear Definition of Internal Controls

The National Council of Nonprofits defines internal controls as financial management practices systematically used to prevent misuse and misappropriation of assets, such as occurs through theft or embezzlement. Internal controls protect not just assets but reputations, as well. That nonprofit organizations maintain the highest integrity and ethical standards is critical to attract funders.

The objective of internal controls is to put “checks and balances” in place to protect the assets of the organization.

Potential Pitfalls

Once at a holiday party hosted by a University of Texas accounting professor, I found myself standing next to auditing professor Steven Kachelmeier. Using my Dale Carnegie powers of conversation, I engaged Professor Kachelmeier in a discussion of top 10 internal controls for nonprofits. He responded by saying, “Just consider what can go wrong.”

I scoured the internet to find examples of what can go wrong with weak or non-existent internal controls.   The following stories are true and could happen to you.

Situation:   Cash goes missing.

Suppose checks are merely kept in the bottom drawer of a file cabinet. An enterprising employee might take a few checks from the bottom of the stack, forge a signature, and cash them, stealing thousands of dollars before being caught.

Internal Control Solution: Secure the checks with keys held by two different financial managers. Ensure that bank reconciliations are performed by staff with no access to deposits or withdrawals. Bank reconciliation should be prepared monthly, at minimum.

Situation:   Employees add overtime.

A clever payroll employee adds overtime hours to pay himself or herself at time and-a-half.

Internal Control Solution: Timecards should be signed by managers. A second person compares the payroll totals to signed timecards.

Situation:   Fundraising for the wrong pocketbook.

During a fundraiser, a volunteer handled all aspects of the cash ticket sales, including depositing funds and reconciling the bank statement. Occasionally short on cash, she would borrow funds and then pay them back. Until she didn’t pay them back. This well-meaning volunteer “borrowed” around $10,000.   The event intended to be financed by the fundraiser was cancelled.

Internal Control Solution: Anytime cash is involved, the responsibilities should be divided among several people.  At least two people should be present when cash is counted. Separate people should make the deposits and reconcile bank statements.

Internal controls should be clearly documented.

Your policies need to be documented in a procedural manual and authorized by the board or governing authority of the organization. Discovery of theft or an embezzlement and the resulting investigation is hard on the organization internally, and the external damage to the organization’s reputation can cause loss of funding. Additionally, bonding insurance premiums could skyrocket in the event of utilizing the policy due to employee fraud, especially if it could have been prevented by using good internal controls.

Establishing internal controls protects both the organization and the board members, officers, and staff.   For more comprehensive reading, request a copy of our whitepaper, A Guide to Internal Controls for Non-Profit Organizations.

Beck & Company

Beck & Company can help with your nonprofit financial management needs. We are a CPA and business advisory firm dedicated to the nonprofit sector. Our many years of experience can help you update your financial compliance or handle all types of accounting for nonprofits. Please contact Beck & Company today for further details.

[1] https://www.washingtonpost.com/investigations/inside-the-hidden-world-of-thefts-scams-and-phantom-purchases-at-the-nations-nonprofits/2013/10/26/825a82ca-0c26-11e3-9941-6711ed662e71_story.html?utm_term=.6bf50202dc92

[2] https://nonprofitquarterly.org/2007/12/21/how-to-steal-from-a-nonprofit-who-does-it-and-how-to-prevent-it/

Leave a Reply