internal controls – Beck & Company

Overview of Internal Controls for Nonprofits

Nonprofit organizations aren’t immune to fraud. The Washington Post found that among approximately 1,000 nonprofits, losses due to fraud, theft, and embezzlement amounted to close to half a billion dollars in total.[1]

The report, based on tax returns from over five years in which nonprofits indicated losses due to fraud, is just the tip of the iceberg. The Association of Certified Fraud Examiners report in 2005 linked 12% of the fraud cases they had studied to nonprofit organizations.[2] No organization is immune to theft.

Among nonprofits, taking funds for personal use is perhaps the most commonly reported theft. And it’s the easiest to prevent. Unlike larger for-profit companies who report intentional errors made on financial reports as their biggest problem, nonprofits face a problem with a clear solution: internal controls.

Among other benefits, internal controls are the safeguard against temptation for your employees and volunteers. While simple in concept and execution, they can prevent many instances of fraud and theft.

A publication by the Virginia Society of Certified Public Accountants explains that good internal controls are essential to:

Prevent loss through errors, misappropriation of funds, or theft
Prevent an “honest” employee from making a mistake that can ruin his or her life
Document the responsibility of the board as it safeguards the assets of the NPO
Assure that all transactions are properly authorized and recorded

While seemingly time consuming, the simple act of having two people present during the petty cash audit protects both employees and assets—a distinct advantage of using adequate internal controls.

A Clear Definition of Internal Controls

The National Council of Nonprofits defines internal controls as financial management practices systematically used to prevent misuse and misappropriation of assets, such as occurs through theft or embezzlement. Internal controls protect not just assets but reputations, as well. That nonprofit organizations maintain the highest integrity and ethical standards is critical to attract funders.

The objective of internal controls is to put “checks and balances” in place to protect the assets of the organization.

Potential Pitfalls

Once at a holiday party hosted by a University of Texas accounting professor, I found myself standing next to auditing professor Steven Kachelmeier. Using my Dale Carnegie powers of conversation, I engaged Professor Kachelmeier in a discussion of top 10 internal controls for nonprofits. He responded by saying, “Just consider what can go wrong.”

I scoured the internet to find examples of what can go wrong with weak or non-existent internal controls. The following stories are true and could happen to you.

Situation: Cash goes missing.

Suppose checks are merely kept in the bottom drawer of a file cabinet. An enterprising employee might take a few checks from the bottom of the stack, forge a signature, and cash them, stealing thousands of dollars before being caught.

Internal Control Solution: Secure the checks with keys held by two different financial managers. Ensure that bank reconciliations are performed by staff with no access to deposits or withdrawals. Bank reconciliation should be prepared monthly, at minimum.

Situation: Employees add overtime.

A clever payroll employee adds overtime hours to pay himself or herself at time and-a-half.

Internal Control Solution: Timecards should be signed by managers. A second person compares the payroll totals to signed timecards.

Situation: Fundraising for the wrong pocketbook.

During a fundraiser, a volunteer handled all aspects of the cash ticket sales, including depositing funds and reconciling the bank statement. Occasionally short on cash, she would borrow funds and then pay them back. Until she didn’t pay them back. This well-meaning volunteer “borrowed” around $10,000. The event intended to be financed by the fundraiser was cancelled.

Internal Control Solution: Anytime cash is involved, the responsibilities should be divided among several people. At least two people should be present when cash is counted. Separate people should make the deposits and reconcile bank statements.

Internal controls should be clearly documented.

Your policies need to be documented in a procedural manual and authorized by the board or governing authority of the organization. Discovery of theft or an embezzlement and the resulting investigation is hard on the organization internally, and the external damage to the organization’s reputation can cause loss of funding. Additionally, bonding insurance premiums could skyrocket in the event of utilizing the policy due to employee fraud, especially if it could have been prevented by using good internal controls.

Establishing internal controls protects both the organization and the board members, officers, and staff. For more comprehensive reading, request a copy of our whitepaper, A Guide to Internal Controls for Non-Profit Organizations.

Beck & Company

Beck & Company can help with your nonprofit financial management needs. We are a CPA and business advisory firm dedicated to the nonprofit sector. Our many years of experience can help you update your financial compliance or handle all types of accounting for nonprofits. Please contact Beck & Company today for further details.

[1] https://www.washingtonpost.com/investigations/inside-the-hidden-world-of-thefts-scams-and-phantom-purchases-at-the-nations-nonprofits/2013/10/26/825a82ca-0c26-11e3-9941-6711ed662e71_story.html?utm_term=.6bf50202dc92

[2] https://nonprofitquarterly.org/2007/12/21/how-to-steal-from-a-nonprofit-who-does-it-and-how-to-prevent-it/

Technology Enhances Internal Controls for Nonprofits

Nonprofit accounting audit service company Beck & Company Shares tips for better internal controls

Have you heard the term integrated audit technique? As a nonprofit accounting audit service, we keep our eye on the latest terms and technology available to our clients. Something new that has entered the world of nonprofit audits is the integrated audit technique. We’ll share a little about what that means and what it might mean to you.

Integrated Audit Technique

What is an “integrated audit technique?” It involves the integration of an organization’s manual internal controls with the use of technology to enhance and facilitate controls. Financial and operational areas are typically included in an integrated audit technique.

The idea is to use technology to make the auditing process easier and to help you maintain better oversight and control of your operational and financial budget. Technology cannot replace human oversight when it comes to internal controls, but it can help you flag unusual account activity and other signs that something is amiss.

How Technology Can Enhance Financial Controls

Most new accounting and financial technology offers some level of internal control. Controls currently in place can help you detect misstatements and misdirection used to mask fraud. Some of these actions can cause financial statements to be materially mistaken. At their most basic level, many financial and accounting systems have, for instance, coding built in that alerts you when an account reconciliation is unbalanced or when receivables and bank deposits do not match.

Technology controls are often split between general and application controls. General controls are, as the name suggests, broader and more sweeping in scope. They encompass the organization’s infrastructure and elements such as IT governance, network access, disaster recovery plans, and the like.

Application controls are more specific to the technology in use. When you understand all the application controls built into your system and how they work, you can use them to your advantage.

Areas of Concern

As you review both general and application controls, what should you be aware of? As a firm that provides nonprofit accounting audit services, we’ve seen some instances where an early detection of problems could have prevented many headaches later.

Some items to watch as part of your general financial controls:

Accounts payable
Inventory
Payroll
General ledger entries
Reporting
“Slush funds” or cash boxes (manual control needed rather than technology)

Areas of concern include duplicate entries, unauthorized access, and plain old common mistakes. One or two mistakes are easy to understand, but multiple mistakes made by the same person are cause for concern. This requires investigation, follow up, and potentially re-training and/or monitoring the person to help them correct their mistake.

IT Controls

Information technology is another area where having a solid control process in place is important. The technology behind your organization can help it run efficiently and effectively. The IT department must safeguard that technology. Part of the control process over the IT department includes:

Understanding who has access (and why)
Careful monitoring of system users
Written rules, regulations, and guidelines for technology use
Change management processes
Identification and routine updates of cybersecurity technology
Training for all employees on how to counteract and prevent cyber attacks.

Like financial controls, these are a few areas that nonprofits must manage carefully.

Financial and Technology Controls Need People to Manage It

Both financial and technology controls are important and can be used to help your organization avoid many problems. But the internal control process doesn’t end there. Before a nonprofit accounting audit service works with you, go over all your controls. Make sure that you are actively managing and monitoring controls.

The controls built into financial and accounting software, as well as the overall controls and management systems you put in place over your IT department, must work together to build the security of your organization. With active management and oversight, you can make technology your partner when it comes to audits and internal controls.

Beck & Company

Beck & Company is a certified public accounting firm serving the greater Washington D.C. area and the Eastern seaboard. We offer consulting services, auditing, and software selection to help nonprofits with their accounting needs. Contact us today for more information or assistance.

Internal Control Best Practices for Nonprofits

Internal controls are the accounting and financial business processes and procedures that help to protect your organization’s assets. Regardless of the size or mission of a nonprofit, it is necessary to establish policies and procedures that prevent misuse and misappropriation of assets. These internal controls will ensure that all staff or volunteers, who have access to spending or collecting monies, understand their fiduciary responsibilities, all assets are properly managed, and the primary purposes of the nonprofit are carried out. When these criterion are not met, it results in a breach of fiduciary duty and financial liabilities.

The most effective procedures are those that have the greatest segregation of duties. This is the concept of having more than one person required to complete a task. The separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and errors. The more people involved in the process, the less likely it is that an error will occur. For example, the person who writes checks should not be the person signing them. The person who orders the service or product should approve the invoice. The person with budget responsibility should also approve the expenditure and code the invoice.

Typically, internal controls are written policies that detail agreed-upon procedures that the nonprofit will adhere to, as well as outlining who the responsible parties are. The goal of internal controls is to create business practices that serve as “checks and balances” on staff or outside vendors in order to reduce the risk of misappropriation of funds.

The following are examples of some basic internal controls:

Requiring two signatures on a check.
Establishing safety protocol ensuring all doors are locked when no one is monitoring the entrance.
Preapproving spending, as a prerequisite to guaranteed reimbursements.
Requiring multiple persons to be present when collecting and counting cash donations.
Regularly reviewing vendors who are receiving money from the nonprofit for services or supplies.
Ensuring that the same person isn’t authorized to write and sign a check.
When opening mail, endorsing or stamping checks “For Deposit Only,” listing checks on a log before turning them over to the person responsible for depositing receipts, and periodically reconciling the incoming check log against deposits.
Requiring that cash be stored in a locked drawer or safe.
Requiring background checks for employees or volunteers who handle money.

Another facet to consider is the actions of executive staff and leadership to adhere to internal controls. Leading by example is the best way to ensure compliance of rules by the rest of your staff and volunteers. Additionally, acknowledge that these controls are being implemented as a measure to protect the staff and organization and not due to mistrust. If you are wondering where to begin establishing internal controls for your nonprofit, a good place to start is with:

Any person who has access to your bank accounts or
Any person with permission to spend money on your organization’s behalf.

Without establishing these procedures, your nonprofit is vulnerable to misuse and misappropriation of assets. At Beck and Company Certified Public Accountants and Business Advisors, we are an accounting and consulting firm delivering specialized expertise, creative thinking, and unsurpassed service to ensure that our clients’ financial endeavors flourish.

Serving small and mid-sized organizations and individuals, we provide audit, tax, accounting, and consulting service that address all aspects of your business with one goal in mind – exceeding your expectations. We are able to do this by drawing on our combined business backgrounds and experience in public accounting to help you in virtually any area of your business. Contact us for more information on our accounting and consulting services that can help you.