Many small organizations overlook certain internal controls out of optimism (“We all know each other so well - fraud can’t possibly happen to us!”) or sheer impracticality (“With such a limited staff, how can we possibly do everything we’re supposed to?”). But fraud can happen anywhere, and by implementing strong internal controls now, you will be poised for safe growth in the future.
Divide and Conquer
When your organization is very small, staff members tend to share responsibilities in many areas - but finance should not be one of them. By dividing responsibilities, you are preventing any one person from having the opportunity to engage in fraudulent activity. Some important duties to keep separate include signing checks, reconciling the bank statement, and handling the books. Define these areas clearly, and stick to them.
Clear Approval
Retain a clear, written record of approval on every single payment, and decide who is authorized to approve what. Some organizations allow one person to approve small items under a certain amount, but require the director’s approval for any larger expenses. Determine what works best for your nonprofit, and make sure that the expense has full approval and includes all associated documents (such as receipts, contracts, and invoices) before payment is processed.
Count It Twice
Fundraising events like auctions can be problematic from a fraud perspective, especially when there’s cash involved. Always designate two people to count the cash at these types of events, both to prevent any possibility of fraud and to ensure your calculations are accurate.
Embrace Technology
Advances in technology have taken some of the heavy lifting off your organization’s shoulders. Read-only access to bank accounts can allow an outside party to safely review bank transactions online, and password-protected document portals can keep your files stored safely in the cloud. A bill payment service like Bill.com provides a clear digital record of approvals, and allows payments to be processed even when the authorized check-signer is not physically present at the office.
Old-School Security
Even with high-tech controls and clear divisions of responsibilities, there’s just no substitute for some simple, old-fashioned security measures. Checks should be pre-numbered and kept in a locked cabinet or closet. When possible, an administrator or someone outside the accounting department should open the mail and make deposits. Make sure all staff members are familiar with the internal controls, and everyone should know who is responsible for which duties.
By enacting these internal controls, even very small nonprofits can protect their organization from fraud and set themselves up for a strong financial future.