Your nonprofit’s internal controls are strong only if they’re current. So perform a risk assessment every time you experience major organizational changes, such as significant expansion, or when factors such as the loss of a large grant put new stresses on your not-for-profit. Two functions deserve particular scrutiny:
1. Cash inflows
Receiving funds is an important job that shouldn’t be overlooked or undersupervised. No one person should ever have sole responsibility for tasks such as opening the mail, recording incoming payments and making bank deposits. Your organizational risk only increases if that staff member also performs financial or accounting functions such as making journal entries, writing checks or performing bank reconciliations.
If your nonprofit has limited accounting staff, consider providing the necessary checks and balances with outside help. This could be from an employee in another department, a trusted board member or an external accounting service.
2. Financial outflows
You also need to maintain policies for financial outlays. This includes requiring dual signatures on checks over a certain amount. In fact, consider lowering your current threshold of expenses or payments that trigger review or a co-signature and performing more random check audits.
Many fraud perpetrators invent vendors and create fake invoices for work that’s never performed. Or they may divert payments to legitimate vendors to their personal accounts. Review and approval of journal entries and adjustments is a critical control for all organizations.
Getting outside help
If you’re tempted to eliminate outside bookkeeping, accounting or audit help and bring these tasks in-house to save money, consider the bigger picture. In many cases, outsourcing provides you with expertise you might lack and monitoring you need.
For help performing a thorough risk assessment, contact us. We can find internal control vulnerabilities before dishonest staff members do.