When I meet with small nonprofit organizations, the common theme is that they lack a large staff to handle finance duties while maintaining strong internal controls. Although it can be difficult to maintain these controls with fewer people, there are some best practices you can include in your policies to help ensure you protect the organization, its mission, and the financial information within that organization. Ensuring segregation of duties can be challenging, but it is critical for preventing fraud and ensuring accurate reporting.
Here are some strategies and policies that a small nonprofit organization can adopt to strengthen its controls over financial reporting.
Role rotation
Rotate financial responsibilities among your employees monthly or quarterly. This will help identify irregularities and ensure that not just one person has control over all aspects of a financial area for an extended period.
Board involvement
Include board members or finance committee members in some oversight roles. They could perform functions like reviewing financial statements, approving large expenditures, conducting their own specific audit, or reviewing various areas within the organization. The other question that comes up when we discuss board involvement is the frequency of having them complete certain tasks or reviews. The frequency can vary depending on the size and complexity of the organization as well as the risk of the environment. Some best practices include reviewing monthly bank reconciliations and budgets and comparing them to actual reports. Every quarter, the board or finance committee could request financial statements or significant account reconciliations. Annually, the board or finance committee should be part of the annual risk assessment, external audit process, and review strategic planning. Again, these are all dependent on the organization itself, and there are no rules that say you can't look at things as needed or if things change during the year. For example, if there are significant capital transactions, the board should look into this activity to ensure it is appropriate and recorded correctly.
Use of technology
Utilize accounting software for role-based access controls. There should be restricted access to financial data based on each employee's role, ensuring that no one person has complete control over all financial processes. When one person has access to all control over the financial process, this would sometimes be referred to as the "KEYS TO THE KINGDOM," and you want to avoid that as much as possible, or there should be additional safeguards added to ensure that there is a second set of eyes on the transactions within the system.
Regular reconciliations
Reconciliations should be performed regularly, usually at month's end. They should include bank statements, credit cards, and petty cash accounts to ensure you detect any discrepancies promptly.
Access controls
To safeguard financial information, limit access to financial systems and sensitive financial data to authorized personnel only. Implement a policy for strong passwords and role-based access controls.
Training and education
Train staff and volunteers on the financial policies, procedures, and ethical standards. You should also check in regularly to ensure everyone understands their role in maintaining the organization's financial integrity.
Fundraising and donation controls
Establish robust fundraising and donation processing controls to ensure timely recording, depositing, and tracking of donor restrictions.
Document controls
With a small nonprofit, you want to have a policy that ensures no financial document is processed by a single person from start to finish. The organization can have a policy to ensure invoices, receipts, and other financial documents are reviewed and approved by different individuals.
The organization needs to assess its risks and then assign the proper financial duties to ensure regular oversight and review. Even as a small nonprofit, there are still ways to maintain strong financial controls and prevent fraud. Adding key controls like these can enhance financial management, protect the organization's assets, and maintain the confidence of donors and stakeholders.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.