Not-for-profits and internal controls often have an uneasy relationship. On the one hand, many not-for-profits, especially the smaller ones, lack the resources to implement robust internal controls. Yet internal controls are as critical in not-for-profits as in for-profit entities. In some respects, internal control failures can be more catastrophic for not-for-profits because the public, regulators, and others often hold them to a higher standard. Half the battle for not-for-profits is acknowledging the importance of internal controls and taking steps to implement effective controls given available resources.
Internal controls are the processes that management implements to provide reasonable assurances that the organization will achieve its objectives. Although, reducing internal controls to just “processes” can be deceptive and mask the fact that these “processes” involve a wide range of policies, procedures, culture, values, and other components that constitute internal controls. Internal controls are more than just the individual policy or practice that exists at a given point in time. Instead, internal controls must be pervasive and embedded in the culture that permeates the organization and operates continually at all levels of the organization.
As in for-profit entities, not-for-profit boards have a governance and oversight role. Boards provide the broad strategic directions and frameworks into which management’s internal controls will operate. Boards are accountable for ensuring that management implements internal controls.
Not-for-profits and internal controls can begin to enjoy a much easier relationship with these two internal controls that improve control environments and reduce the risk of fraud and error:
- Segregation of duties: Segregation of duties divides responsibilities across as many persons as practicable for internal control purposes so that no one person can complete all or too many steps in a process. Divide duties in a way that does not result in the allocation of incompatible functions or functions that increase the risk of fraud or error if combined and assigned to a sole individual. For instance, do not allow one employee to set up electronic funds transfer (EFT) facilities with the bank, approve EFT transactions, create EFT files, transmit EFT files to the bank, and post general ledger entries. It is easy to see how this is a recipe for disaster.
- Reconciliations: Reconciliations involve comparing two numbers to explain their differences. The comparison may be between a general ledger account and an independent third-party document. For instance, compare the general ledger bank account to the bank statement. Identify the reasons for any differences. Ensure that supporting documents, including bona fide and properly approved cheques that suppliers have not yet cashed, can support and explain the differences. Bank reconciliations are fundamental and essential controls. Other reconciliations involve a comparison of general ledger accounts and sub-ledger accounts. Reconciliations provide assurances that the amounts in the accounting records are accurate and reliable.
Meeting your duty of care
Not-for-profits and internal controls can co-exist more seamlessly than they sometimes do. Acknowledge the importance of internal controls in not-for-profits and improve existing controls. Foster the appropriate culture and ethical tones; recruit and train qualified staff; and utilize reconciliations, supervision, and reviews to confirm the effectiveness of internal controls. Segregation of duties is essential. Create written policies and procedures that effect reconciliations, segregation of duties, and other internal controls.
Read more on internal controls in Not-for-Profit PolicyPro in SPP NP 1.17 – Internal Controls or in Volume II of Finance and Accounting PolicyPro at Chapter 6 – Internal Controls.
Policies and procedures are essential, but the work required to create and maintain them can seem daunting. Finance and Accounting PolicyPro, Operations and Marketing PolicyPro, Not-for-Profit PolicyPro, and Information Technology PolicyPro, co-marketd by First Reference and Chartered Professional Accountants Canada (CPA Canada), contain sample policies, procedures, checklists and other tools, plus authoritative commentary to save you time and effort in establishing and updating your internal controls and policies. Not a subscriber? Request free 30–day trials of Finance and Accounting PolicyPro, Operations and Marketing PolicyPro, Not-for-Profit PolicyPro, and Information Technology PolicyPro, here.
- Overdue accounts finance your customers’ businesses - March 6, 2024
- Gift acceptance: Sometimes a gift costs more than it is worth - February 7, 2024
- Maximize warranty data and programs to improve quality - January 3, 2024