Like many other not-for-profits, you might have cut staff during the recent recession — and that means fewer people to “mind the store.” As the economy continues to mend, now is a good time to inspect the condition of the internal controls that safeguard your organization’s finances.
“Reality-check” your risks
Review your risk assessment to identify any new risks in light of organizational changes. Many of your employees (and volunteers) may be under greater pressure in their personal lives to make ends meet. This can result in greater temptation and fraud risk. Maintaining strict controls is essential to minimizing those risks.
Handle inflows wisely
Receiving funds is an important job that shouldn’t be overlooked or undersupervised. This pertains to cash donations from a fundraiser, routine receivables or investment interest.
Your internal control policies should specify that no one person has sole responsibility for tasks such as opening the mail, recording incoming payments and making bank deposits. The risk increases if a person is involved in these functions and also performs financial or accounting functions such as making journal entries, writing checks, or performing bank reconciliations.
If you’re a small organization or have limited accounting staff, consider providing the necessary checks and balances by enlisting help. This could be from an employee in another department, a trusted board member or an outside accounting service.
Monitor outflows closely
You also need to maintain policies for financial outlays, such as requiring dual signatures on checks over a certain amount. In fact, you may want to lower your current threshold of expenses or payments that trigger review or a co-signature, and perform more random check audits.
But keep in mind: Many fraud perpetrators write unauthorized checks that are just under the review limit. And first-time offenders are likely to start small before they move on to bigger schemes.
Many fraudsters set up an illegitimate vendor and draft invoices for services or work that’s never done. Of course, the money comes back to the fraudster. Or the vendor is legitimate, but payments are diverted to personal use. Review and approval of journal entries and adjustments is a key control for all organizations.
Consider outside help
With budgets tight, you may have eliminated outside bookkeeping, accounting or audit help and brought these tasks in-house. But consider the bigger picture. In many cases, outsourcing provides you with expertise you might lack and a level of monitoring you need. So to reduce risks, you may want to reinstate this function.
Additionally, asking outside professionals to look into your books and interact with your staff is one of the best ways to prevent fraud. A third-party assessment of your transactions can identify potential irregularities. And like an alarm-system sign in the window of your home, a third party’s presence may deter those tempted to exploit vulnerabilities.
Too important to overlook
Remember, good governance is a critical, nonnegotiable responsibility. A key fiduciary duty of every board is the oversight and monitoring of internal controls sufficient to protect and safeguard the organization and its people. Despite staff and budget cuts, consistently make sure that your internal controls are up to par.•
Don’t rely on your audit
Many nonprofit managers mistakenly think their annual audits will detect fraud. Although auditors do review internal controls, an audit isn’t designed for fraud detection.
That’s why you need to stay on top of your organization’s risk assessment and internal controls, revisiting and updating them regularly. Your financial advisor can help you customize internal controls based on your specific needs and compliance requirements.
