From time to time, we share earlier posts that have enduring significance for nonprofit organizations. The following blog post was originally published in May 2020 and has been lightly refreshed.
When the COVID-19 pandemic began, many nonprofit organizations were thrown into a full or partial remote work environment with little preparation. Now that working from home is more commonplace and well on its way to becoming a long-term reality, it’s more important than ever for your organization to review your internal controls and make any necessary adjustments to reduce your risk of fraud, errors, and delays. Here are three ways to ensure your internal controls are still effective in a work-from-home world.
Use Digital Authorization Tools
Whether your employees are working entirely from home or reducing their in-person office days, digital authorization tools can help prevent prevent delays and mistakes. If a bill arrives on Friday, the mail gets sorted on Wednesday, your bookkeeper is in on Tuesdays, and the only person authorized to sign checks is quarantined at home…is that bill going to get paid on time?
A digital authorization system can significantly streamline your accounting procedures while still retaining full control. Even before COVID-19 turned our world upside-down, many organizations with remote workers or staff who travelled frequently understood the benefits of digital authorization systems. Whether you’re paying bills through Bill.com, running payroll in Gusto, or digitally signing paperwork via DocuSign, you can maintain a clear chain of approval and keep your accounting processes moving in a timely manner.
Assess New Risks
Nonprofit organizations should regularly perform risk assessments to detect any weak spots in your internal control procedures. As our definition of “normal” continues to change, it’s more important than ever to review your current policies and identify any new risks that may have cropped up.
Think carefully about your team’s actual day-today workflow right now. Then ask yourself what could potentially go wrong in this situation? Updating your risk assessments to reflect your new environment is the best way to get ahead of any potential problems and to develop a plan of action.
Maintain Communication
Whether you’re talking on the phone, video conferencing on Zoom, or chatting on Slack, it’s important to keep the channels of communication open with your remote team. When you can’t simply pop your head into someone’s office anymore, it may begin to feel like no one is watching or paying attention. This can lead to a sense of alienation and neglect among remote staff members.
From an internal controls perspective, even the perception of detection can reduce the risk of fraud. This means that when someone knows there is a good chance they’ll be caught, they are less likely to cut corners or be tempted into fraudulent activities. Risk assessments, financial statement audits, and fraud hotlines are all effective ways of creating a “perception of detection,” but even simple things like consistent oversight, regular check-ins, and a strong culture of workplace ethics can reduce your organization’s risk of fraud and make your employees feel like they’re still part of the team.