Small to medium nonprofits often struggle to balance the fine line between having sufficient internal controls to protect the organization and having too many internal controls that become burdensome to their small accounting department. The following article covers ten easy-to-adopt internal controls that any small to medium sized nonprofit can begin implementing today.
The suggested internal control procedures over transactions, which this article focuses on, assume the organization has an adequate foundation of entity-level and information technology controls. Here is a quick refresher on these controls:
- Entity-level Controls
These include the organization’s control environment, risk assessment process, control activities, information and communication, and internal control monitoring. Examples of entity-level controls include the enforcement of ethical standards, hiring of competent financial staff, and the appropriate assignment of authority and responsibilities.
- Information Technology Controls
These are safeguards that protect the accounting systems from unauthorized access or data manipulation. Examples of information technology controls include password protection and automated data entry accuracy checks.
We have broken down our recommendations on transaction controls into three key areas: the cash disbursement cycle, the cash receipt cycle, and month end closing and financial reporting.
Cash Disbursement Cycle
1. Review Invoices
Invoices should be reviewed by department heads or someone with knowledge of related charges prior to being entered into the general ledger by the accountant. The check signer should review the related invoices for approval when reviewing and signing checks.
2. Review Employee Reimbursements
Employee reimbursements and credit cards should be reviewed by an employee’s superior. The executive director’s reimbursement or credit card should be reviewed by someone on the finance committee monthly. This review can be performed after payment to speed up processing if it is already being reviewed by the accountant upon entering the expense into the general ledger.
3. Review Payroll Reports
Payroll reports should be reviewed by the executive director prior to cash being transferred to the payroll processing company. During the payroll report review, the executive director should review for gross pay compared to approved wage rates and reasonableness of deductions.
4. Limit Accountant Authority
Prohibit the accountant from being the authorized signer on:
- Checking account
- Investment accounts
- Line of credit
Cash Receipt Cycle
5. Review Significant Contributions for Donor Restrictions
Significant contributions should be reviewed by the accountant and a development department employee or the executive director to identify donor restrictions.
6. Analyze Donor Restricted Contributions
On an annual basis, donor restricted contributions should be analyzed to determine if purpose restrictions have been met by the organization. This can include reviewing expense reports by fund from the general ledger to validate that the costs were incurred to meet purpose restrictions.
7. Reconcile Donor Database to the General Ledger
A reconciliation of the donor database to the general ledger should be performed at least annually.
Month End Closing and Financial Reporting
8. Review Monthly Statements Outside of Accounting Department
The review of monthly bank reconciliations and statements should be performed by someone outside of the bookkeeper/accountant position or outside of accounting (for an organization that only has one employee in the accounting department). This review could be performed by the authorized check signer as that person would have visibility into what significant checks were written during the month. Other possible reviewers might include the executive director or a member of the finance committee.
9. Create a Month-End Close Checklist
Create a month-end close checklist that lists all month-end controls such as account reconciliations, financial statement preparation, review of manual journal entries, the check register, and payroll reports. The list should contain two columns for preparer and reviewer signoff. Each task would be initialed and dated by the reviewer and preparer. This review process can be performed by another person in accounting, the executive director, or a member of the finance committee.
10. Review Monthly Financial Sheets to Statements
Review monthly financial reports, including the balance sheet and budget, to actual statement of activities by the Executive Director and the finance committee. Additional review can be performed by department budget managers who are responsible for approving expenses.
In addition to establishing the above controls, an organization should analyze the control structure on an annual basis to determine if changes have occurred within the organization which may require a change in the design of the controls. These significant changes could include the need to change the employees that are performing the controls or adding additional employees if the organization were to expand.
We realize that every organization is unique and requires a custom-tailored system of internal controls; therefore, management must use judgment in determining which internal control procedures are necessary for mitigating risk at their organizations.
© Clark Nuber PS, 2018. All Rights Reserved