Close this search box.
Home / Articles / Internal controls: Make your list and check it twice

Internal controls: Make your list and check it twice

August 15, 2012


Not-for-profits that don’t exercise constant vigilance in adhering to internal controls open the door for fraud. Unfortunately, weak economic conditions have only increased the likelihood of occupational theft, making risk control measures more important than ever. You can keep such measures top of mind by regularly reviewing and updating your organization’s internal controls and concentrating your energies on the biggest risks.

Narrowing your focus

A detailed internal controls list potentially contains hundreds of items related to everything from governance to financial statements to payroll to information technology. If your not-for-profit has never drafted such a list, talk to your financial advisors about doing so.

Most not-for-profits, however, engage in far fewer risky activities and should, therefore, focus on a smaller group of controls. For example, a startup that’s putting donations to work as quickly as they come through the door probably doesn’t need to worry about investment and property management policies — at least not yet.

But such a not-for-profit would benefit from implementing policies and procedures regarding cash receipts and disbursements. These include segregating duties (so that, for example, the same staffer who accepts donations doesn’t also record or deposit them), requiring dual signatures on checks and performing monthly bank reconciliations and having those reconciliations reviewed by someone in an oversight position on a timely basis.  In addition, someone in an oversight position not involved in accounting transactions could review the bank statement monthly, or periodically online.

Foxes watching the henhouse

Even the best internal controls can’t protect your not-for-profit from fraud if managers override them. Although auditors review internal controls, audits aren’t designed to catch management overrides. So it’s a good idea to ask a fraud expert to observe how well your organization is adhering to controls and to identify any potential risks.

But your best line of defense may be your board of directors. Your board can help prevent management-perpetrated fraud by:

•    Overseeing annual audits,
•    Ensuring that material weaknesses identified by auditors are addressed,
•    Regularly reviewing financial statements,
•    Periodically reviewing bank reconciliations and/or bank statements, and
•    Signing off on completed IRS forms.

It might also stipulate additional policies, such as requiring the approval of at least one board member on the rare occasion a manager needs to override controls.

Your board also should look for signs that managers aren’t following internal control policies to the letter — for example, failing to report risks and actual management overrides in a timely manner. Sloppy accounting and reporting errors and disputes with auditors and outside advisors are possible signs that a manager may be committing fraud.

Review and reassess

You and your staffers probably have a lot on your plates — so it’s understandable if internal controls occasionally get lax. Remedy such lapses as quickly as possible by reviewing with employees and managers alike the policies designed to control fraud.

Matt Shroyer is a Manager Accountant with Clark Schaefer Hackett and can be reached at [email protected].

All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a Clark Schaefer Hackett professional. Clark Schaefer Hackett will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.


Related Articles


2 Min Read

Spotting Charity Scams: How to Give Safely


2 Min Read

The Vital Imperative: Why Businesses Must Undertake Risk Assessments 


2 Min Read

5 Ways Financial Institutions Can Minimize Risk


7 Min Read

Suspicious activity: Are you seeing the big picture?


3 Min Read

Disbursements: Internal Controls in a Remote Environment


4 Min Read

Top 5 Reasons to Use Cloud-based Data Backup

Get in Touch.

What service are you looking for? We'll match you with an experienced advisor, who will help you find an effective and sustainable solution.

  • Hidden
  • This field is for validation purposes and should be left unchanged.