Overview of Internal Controls for Nonprofits

Nonprofit organizations aren’t immune to fraud. The Washington Post found that among approximately 1,000 nonprofits, losses due to fraud, theft, and embezzlement amounted to close to half a billion dollars in total.[1]

The report, based on tax returns from over five years in which nonprofits indicated losses due to fraud, is just the tip of the iceberg. The Association of Certified Fraud Examiners report in 2005 linked 12% of the fraud cases they had studied to nonprofit organizations.[2] No organization is immune to theft.

Among nonprofits, taking funds for personal use is perhaps the most commonly reported theft. And it’s the easiest to prevent. Unlike larger for-profit companies who report intentional errors made on financial reports as their biggest problem, nonprofits face a problem with a clear solution: internal controls.

Among other benefits, internal controls are the safeguard against temptation for your employees and volunteers. While simple in concept and execution, they can prevent many instances of fraud and theft.

publication by the Virginia Society of Certified Public Accountants explains that good internal controls are essential to:

  • Prevent loss through errors, misappropriation of funds, or theft
  • Prevent an “honest” employee from making a mistake that can ruin his or her life
  • Document the responsibility of the board as it safeguards the assets of the NPO
  • Assure that all transactions are properly authorized and recorded

While seemingly time consuming, the simple act of having two people present during the petty cash audit protects both employees and assets—a distinct advantage of using adequate internal controls.

A Clear Definition of Internal Controls

The National Council of Nonprofits defines internal controls as financial management practices systematically used to prevent misuse and misappropriation of assets, such as occurs through theft or embezzlement. Internal controls protect not just assets but reputations, as well. That nonprofit organizations maintain the highest integrity and ethical standards is critical to attract funders.

The objective of internal controls is to put “checks and balances” in place to protect the assets of the organization.

Potential Pitfalls

Once at a holiday party hosted by a University of Texas accounting professor, I found myself standing next to auditing professor Steven Kachelmeier. Using my Dale Carnegie powers of conversation, I engaged Professor Kachelmeier in a discussion of top 10 internal controls for nonprofits. He responded by saying, “Just consider what can go wrong.”

I scoured the internet to find examples of what can go wrong with weak or non-existent internal controls.   The following stories are true and could happen to you.

Situation:   Cash goes missing.

Suppose checks are merely kept in the bottom drawer of a file cabinet. An enterprising employee might take a few checks from the bottom of the stack, forge a signature, and cash them, stealing thousands of dollars before being caught.

Internal Control Solution: Secure the checks with keys held by two different financial managers. Ensure that bank reconciliations are performed by staff with no access to deposits or withdrawals. Bank reconciliation should be prepared monthly, at minimum.

Situation:   Employees add overtime.

A clever payroll employee adds overtime hours to pay himself or herself at time and-a-half.

Internal Control Solution: Timecards should be signed by managers. A second person compares the payroll totals to signed timecards.

Situation:   Fundraising for the wrong pocketbook.

During a fundraiser, a volunteer handled all aspects of the cash ticket sales, including depositing funds and reconciling the bank statement. Occasionally short on cash, she would borrow funds and then pay them back. Until she didn’t pay them back. This well-meaning volunteer “borrowed” around $10,000.   The event intended to be financed by the fundraiser was cancelled.

Internal Control Solution: Anytime cash is involved, the responsibilities should be divided among several people.  At least two people should be present when cash is counted. Separate people should make the deposits and reconcile bank statements.

Internal controls should be clearly documented.

Your policies need to be documented in a procedural manual and authorized by the board or governing authority of the organization. Discovery of theft or an embezzlement and the resulting investigation is hard on the organization internally, and the external damage to the organization’s reputation can cause loss of funding. Additionally, bonding insurance premiums could skyrocket in the event of utilizing the policy due to employee fraud, especially if it could have been prevented by using good internal controls.

Establishing internal controls protects both the organization and the board members, officers, and staff.   For more comprehensive reading, request a copy of our whitepaper, A Guide to Internal Controls for Non-Profit Organizations.

Beck & Company

Beck & Company can help with your nonprofit financial management needs. We are a CPA and business advisory firm dedicated to the nonprofit sector. Our many years of experience can help you update your financial compliance or handle all types of accounting for nonprofits. Please contact Beck & Company today for further details.

[1] https://www.washingtonpost.com/investigations/inside-the-hidden-world-of-thefts-scams-and-phantom-purchases-at-the-nations-nonprofits/2013/10/26/825a82ca-0c26-11e3-9941-6711ed662e71_story.html?utm_term=.6bf50202dc92

[2] https://nonprofitquarterly.org/2007/12/21/how-to-steal-from-a-nonprofit-who-does-it-and-how-to-prevent-it/

Technology Enhances Internal Controls for Nonprofits

Nonprofit accounting audit service company Beck & Company Shares tips for better internal controls

Have you heard the term integrated audit technique? As a nonprofit accounting audit service, we keep our eye on the latest terms and technology available to our clients. Something new that has entered the world of nonprofit audits is the integrated audit technique. We’ll share a little about what that means and what it might mean to you.

Integrated Audit Technique

What is an “integrated audit technique?” It involves the integration of an organization’s manual internal controls with the use of technology to enhance and facilitate controls. Financial and operational areas are typically included in an integrated audit technique.

The idea is to use technology to make the auditing process easier and to help you maintain better oversight and control of your operational and financial budget. Technology cannot replace human oversight when it comes to internal controls, but it can help you flag unusual account activity and other signs that something is amiss.

How Technology Can Enhance Financial Controls

Most new accounting and financial technology offers some level of internal control. Controls currently in place can help you detect misstatements and misdirection used to mask fraud. Some of these actions can cause financial statements to be materially mistaken. At their most basic level, many financial and accounting systems have, for instance, coding built in that alerts you when an account reconciliation is unbalanced or when receivables and bank deposits do not match.

Technology controls are often split between general and application controls. General controls are, as the name suggests, broader and more sweeping in scope. They encompass the organization’s infrastructure and elements such as IT governance, network access, disaster recovery plans, and the like.

Application controls are more specific to the technology in use. When you understand all the application controls built into your system and how they work, you can use them to your advantage.

Areas of Concern

As you review both general and application controls, what should you be aware of? As a firm that provides nonprofit accounting audit services, we’ve seen some instances where an early detection of problems could have prevented many headaches later.

Some items to watch as part of your general financial controls:

  • Accounts payable
  • Inventory
  • Payroll
  • General ledger entries
  • Reporting
  • “Slush funds” or cash boxes (manual control needed rather than technology)

Areas of concern include duplicate entries, unauthorized access, and plain old common mistakes. One or two mistakes are easy to understand, but multiple mistakes made by the same person are cause for concern. This requires investigation, follow up, and potentially re-training and/or monitoring the person to help them correct their mistake.

IT Controls

Information technology is another area where having a solid control process in place is important. The technology behind your organization can help it run efficiently and effectively. The IT department must safeguard that technology. Part of the control process over the IT department includes:

  • Understanding who has access (and why)
  • Careful monitoring of system users
  • Written rules, regulations, and guidelines for technology use
  • Change management processes
  • Identification and routine updates of cybersecurity technology
  • Training for all employees on how to counteract and prevent cyber attacks.

Like financial controls, these are a few areas that nonprofits must manage carefully.

Financial and Technology Controls Need People to Manage It

Both financial and technology controls are important and can be used to help your organization avoid many problems. But the internal control process doesn’t end there. Before a nonprofit accounting audit service works with you, go over all your controls. Make sure that you are actively managing and monitoring controls.

The controls built into financial and accounting software, as well as the overall controls and management systems you put in place over your IT department, must work together to build the security of your organization. With active management and oversight, you can make technology your partner when it comes to audits and internal controls.

Beck & Company

Beck & Company is a certified public accounting firm serving the greater Washington D.C. area and the Eastern seaboard. We offer consulting services, auditing, and software selection to help nonprofits with their accounting needs. Contact us today for more information or assistance.

Internal Control Best Practices for Nonprofits

Internal controls are the accounting and financial business processes and procedures that help to protect your organization’s assets. Regardless of the size or mission of a nonprofit, it is necessary to establish policies and procedures that prevent misuse and misappropriation of assets. These internal controls will ensure that all staff or volunteers, who have access to spending or collecting monies, understand their fiduciary responsibilities, all assets are properly managed, and the primary purposes of the nonprofit are carried out. When these criterion are not met, it results in a breach of fiduciary duty and financial liabilities.

The most effective procedures are those that have the greatest segregation of duties. This is the concept of having more than one person required to complete a task. The separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and errors. The more people involved in the process, the less likely it is that an error will occur. For example, the person who writes checks should not be the person signing them. The person who orders the service or product should approve the invoice. The person with budget responsibility should also approve the expenditure and code the invoice.

Typically, internal controls are written policies that detail agreed-upon procedures that the nonprofit will adhere to, as well as outlining who the responsible parties are. The goal of internal controls is to create business practices that serve as “checks and balances” on staff or outside vendors in order to reduce the risk of misappropriation of funds.

The following are examples of some basic internal controls:

  • Requiring two signatures on a check.
  • Establishing safety protocol ensuring all doors are locked when no one is monitoring the entrance.
  • Preapproving spending, as a prerequisite to guaranteed reimbursements.
  • Requiring multiple persons to be present when collecting and counting cash donations.
  • Regularly reviewing vendors who are receiving money from the nonprofit for services or supplies.
  • Ensuring that the same person isn’t authorized to write and sign a check.
  • When opening mail, endorsing or stamping checks “For Deposit Only,” listing checks on a log before turning them over to the person responsible for depositing receipts, and periodically reconciling the incoming check log against deposits.
  • Requiring that cash be stored in a locked drawer or safe.
  • Requiring background checks for employees or volunteers who handle money.

Another facet to consider is the actions of executive staff and leadership to adhere to internal controls. Leading by example is the best way to ensure compliance of rules by the rest of your staff and volunteers. Additionally, acknowledge that these controls are being implemented as a measure to protect the staff and organization and not due to mistrust. If you are wondering where to begin establishing internal controls for your nonprofit, a good place to start is with:

  • Any person who has access to your bank accounts or
  • Any person with permission to spend money on your organization’s behalf.

Without establishing these procedures, your nonprofit is vulnerable to misuse and misappropriation of assets. At Beck and Company Certified Public Accountants and Business Advisors, we are an accounting and consulting firm delivering specialized expertise, creative thinking, and unsurpassed service to ensure that our clients’ financial endeavors flourish.

Serving small and mid-sized organizations and individuals, we provide audit, tax, accounting, and consulting service that address all aspects of your business with one goal in mind – exceeding your expectations. We are able to do this by drawing on our combined business backgrounds and experience in public accounting to help you in virtually any area of your business. Contact us for more information on our accounting and consulting services that can help you.

Effective Financial Reporting and other Keys to Preventing Fraud

It seems to be a common occurrence to hear about fraudulent activities occurring throughout the business world in the news. Unfortunately, even nonprofit organizations fall victim to fraudulent activity and commit fraud in a variety of ways. Within nonprofits, much of this activity stems from dishonest or improper financial reporting. It can take the form of payroll or billing schemes, undocumented funds, fabricated or invented expenses, and more. When it comes down to it, fraud is a violation of trust. It is essential to be vigilant in preventing fraud within your organization to maintain the trust the public has in nonprofits and to keep the trust throughout the organization. Your organization’s financial transparency can help prevent fraud.

Here are three tips for preventing fraud in your organization:

1. Use internal controls and financial audits to detect fraud. It is easy for nonprofits to rely on external audits to provide recommendations and evaluate internal controls while also identifying fraud risk. Beck & Company’s Certified Public Accountants and Business Advisors offer auditing services that can provide you with an extensive examination of financial statements to give you a closer look at possible areas of fraud. These nonprofit financial audits are truly essential to maintaining the organization’s health, but they are not the sole means through which fraudulent activity can be discovered. There is no substitute for strong internal controls to both reduce the opportunity for fraud and to detect fraud more quickly if it occurs.

2. Educate your staff about fraud through training. Staff members should be trained and educated on what actions constitute fraud, how fraud can harm the organization and its mission, and how to report questionable activity. This training has minimal cost and is highly effective.

For starters, educate employees on the three common forms of fraud:

  • Asset misappropriation an employee steals or misuses the organization’s resources. Examples include, but are not limited to, theft of cash or checks, false billing, vendor fraud, and inflated expense reports.
  • Corruption schemes– an employee, for their personal benefit, misuses their influence in a business transaction in a way that violates their duty to the employer such as through bribery and conflict of interest transactions.
  • Financial statement fraudan employee intentionally causes a misstatement or omission of material information in the organization’s financial reports. Recording fictitious revenue, understating expenses, and reporting artificially inflated asset values are all part of this. Effective financial reporting is essential to your organization’s reputation. Visit here to find out more about how to ensure proper reporting and internal controls are in place at your nonprofit.  

3. Remember that the board plays a role as well. Don’t overlook the board. The board of directors is still responsible to help monitor and supervise finances and operation even if they are not present on a daily basis. They have an important say in financial control procedures and policies. They also have a responsibility to act if fraud is detected by investigating, creating action steps, and reporting the incident. Board members are responsible for acting with due care and putting the best interests of the organization first. In some cases, board members have been held liable when it was determined they were negligent in fulfilling their fiduciary duties of care, loyalty, and obedience.

Understanding More about the Threat of Fraud:

Both damaged trust and damaged finances can result from fraud and therefore cause a substantial issue for nonprofits. What is even more striking is that, generally speaking, most organizations that fall victim to fraud do not recover any of their losses. Where does this fraud come from in the first place? Employees of varying ages that receive varying salaries are all susceptible. However, fraud committed by managers or executives takes twice as long to detect as compared to non-management employees. It is important to be on the lookout for fraud at all levels and assume no one is exempt.

Beck and Company CPAs are passionate about helping nonprofits get their financial reporting in order so they reduce the risk of fraud. Please contact us by calling 703-834-0776 x8001 to learn more about all of the nonprofit services we offer.

Internal Controls for Businesses and Non-profits, Part 2

As we discussed last week, establishing and maintaining strong internal controls is important for any business or non-profit organization. In order to effectively reduce the risk of fraud and internal theft, you need to implement internal controls in every area of your organization, including management and your accounting system. In this article, we’ll be discussing key internal controls your business and non-profit organization should consider implementing on each level, as well as highlight some important methods of strengthening security throughout your entire organization.

Internal Controls on a Management Level
While accounting and financial management may not be your area of expertise, you still need to play an active role in the process. Having a clear understanding of the accounting process and what is occurring with your finances is always a smart idea. Too often we hear of business managers and non-profit leaders putting too much trust in their employees and taking a hands-off approach to bookkeeping. While it’s good to trust your staff, you can never be too trusting (as recent fraud statistics have shown). By taking the following simple steps, you can reduce the risk of fraud and create a culture of responsibility among your management team:

  • Take an interest in the books. Make it a point to review financial reports periodically and ask questions about any discrepancies you may see. If you don’t understand financial reports or need help identifying key figures, seek the help of a certified public accountant. They can train you on everything you need to know about creating and reading these reports, as well as help you understand how this information impacts the everyday operations of your business or organization.
  • Create an ethics policy. If you want to set your employees up for success, make sure they have a clear understanding of what you will and will not tolerate as an organization. Create a written policy that outlines your policy for ethics and business integrity and ensure that all of your employees sign it. Perform an annual review of this policy to adjust for changes in the work environment.
  • Check in on your employees regularly. The most successful business managers and non-profit leaders have established a clear presence among their teams. Employees who know they are being constantly checked in on are less likely to engage in fraud and theft. By establishing a culture of oversight and review, you are protecting your business or organization from substantial losses.
  • Perform random reviews of important reports and financial documents. While it’s always a good idea to review financial reports on a monthly basis, management should also choose other reports to spot check. Since your employees won’t be able to predict what you’re looking at, you will have a more honest assessment and be able to identify fraud quickly and easily.

Internal Controls in Your Accounting System

Limiting who has access to your accounting system is the first step you should take when implementing internal controls in the accounting process. Many software systems will even allow you to limit users’ access to certain areas of the system so you can more effectively manage who has full access to your financial information. Assign software rights according to each employee’s responsibilities. For example, if a particular employee is in charge of Accounts Payable, they should not have access to Accounts Receivable or be able to balance the bank statement. Clearly defined roles protects your assets and encourages accountability among your staff.

Here are a few more internal controls to consider implementing:

  • Perform regular backups of your financial accounting database
  • Hire an outside CPA to review your books on a periodic basis
  • Set up an audit trail in your accounting software system
  • Password protect all financially-sensitive documents
  • Create a separate sign-on for each user of the system

Internal Controls for Financial Management

Protecting your finances should be your number one priority as a business or non-profit. Keep these methods of strengthening your financial security in mind as you reevaluate your current internal controls:

  • Create a deposit slip for any cash or checks that come through the door. This could include creating a separate log for all cash and check receipts that is then passed on to the bookkeeper and business owner. Once deposits have been made, the owner can then compare the receipts log to the bank deposits.
  • Create an approved vendor list and a vendor approval policy. Each vendor must be approved prior to any business being done with that vendor.
  • Check preparers should be different than the people signing the checks.
  • Consider having two people sign all checks over a certain threshold.
  • Avoid issuing emergency checks whenever possible.
  • Create a policy for submitting employee reimbursements and make sure all employees follow the same policy.
  • Require receipts for all credit and debit transactions.
  • Maintain separate cards for different users for accountability.
  • Reconcile bank accounts and credit card statements monthly.
  • Monitor online banking activity on a monthly basis.
  • Require documentation for any payroll changes.
  • Implement a timesheet approval process before payroll can be completed.

If your business managers or non-profit leaders are not committed to following through on established internal controls, your employees won’t be either. Your management team should be setting an example for the whole organization to follow. For additional methods of strengthening your business and non-profit security, give us a call today. Our certified public accountants would be more than happy to perform a financial management review and help you create more effective accounting processes and stronger internal controls.

Internal Controls for Businesses and Non-profits, Part 1

Businesses and non-profit organizations face challenges every day that threaten their business longevity and effectiveness. These threats can take a variety of forms, including competition in the industry, rising costs of goods, changes in economic conditions, and human resource challenges. While all of these challenges pose a significant threat to businesses and non-profits, the greatest challenge for many of today’s businesses takes the form of fraud.

Fraud occurs more than you think, and it often goes unnoticed until it’s too late. Fraud can come in a variety of forms, including check fraud, credit card fraud, and employee theft (the most common types including check tampering and billing schemes). Stealing inventory, claiming undue overtime, setting up payments to fictitious vendors, skimming cash, and embellishing an expense account are all fraudulent activities that can occur within a company or organization. These activities threaten the stability of the business and can result in significant financial loss. In fact, according to the Association of Fraud Examiners (ACFE), the typical business loses an average of 7% of revenues due to employee theft alone. For smaller businesses and organizations, the percentage rises to 38% with a median loss of $200,000.

In order to protect your assets, you need to have strong internal controls in place, and your employees need to be aware of your organization’s policies and procedures. Failure to communicate your security procedures and policies with your employees only serves to put your business or organization at risk. It does no good to have strong internal controls if your employees aren’t using them.

Consider the reasons you may want to create strong internal controls:

  • Internal controls can solve current business problems and help prevent fraud from occurring.
  • Businesses with strong internal controls in place have the potential to go public.
  • If you are working with a Sarbanes-Oxley (SOX) compliant customer, you may be required to show proof of strong internal controls.
  • Strong internal controls improve financial reporting accuracy and ensure assurance that your financial statements are correct.
  • Future investors, bankers, and accountants will want to see how you are protecting your financial assets.

Strong internal controls are essential no matter how small or large your company or organization. Just as you wouldn’t leave money lying out in the open for anyone to take, you shouldn’t leave your financial information open for all to see. Creating procedures and policies detailing employee responsibilities and tasks is a step in the right direction when it comes to safeguarding your assets. If you could use some help establishing internal controls in your business or non-profit organization, give us a call today. We offer a variety of client accounting services to help you with all of your financial reporting and management needs.

Stay tuned to our blog for Part 2 of our internal controls article series to learn how you can start implementing internal controls and discover top methods for strengthening your overall business and non-profit security.