Internal Controls for Small Nonprofits: Separation of DutiesSep 07, 2023
Internal Controls for Small Nonprofits: Separation of Duties
As a nonprofit organization, you are committed to protecting and stewarding your financial resources well. However, what do you do when you only have one finance staff member? Well, the answer lies in implementing the checks and balances or the internal controls that will help you minimize risk and ensure your financial sustainability. This is the first of a five part series where I'll give you actionable steps that you can implement in your nonprofit.
The separation of duties refers to the practice of dividing the responsibility among different individuals to minimize the risk of mistakes and misconduct. So even when you just have one staff member in finance, you actually can separate the duties. Today, I’ll share some examples that you can consider.
1. Separate the approval and recording processes
The first step is to separate the processes for approval and recording of finances. For example, the staff member that is recording the finances in the accounting software should not sign the checks or approve the ACH payments from the organization. Yes, I know that it's inconvenient to have to wait for someone to sign a check or go online to approve a payment batch, but it’s critical for the safeguarding of your finances. In fact, it’s probably one of the most important things you can do. So who else can share this duties besides your finance person? Options could include a board member or an Executive Director, (as long as they're not initiating their own payments), the treasurer, or another trusted volunteer, such as a former board member. This same process should apply when you make payments online. These online payments are typically called ACH payments through your bank. Every bank I've ever worked with offers the option for a two step process, in which the first person So enters the payment similar to writing a check or uploading a batch for payment. Then the second person “signs” or approves that check (or batch of payments).
2. Separate payment approvals
To illustrate, let's just say you have a staff member who is handling finances. They should not be the one approving payments. For example, a program manager or department head should first review the expenses from within their own department. They should first review their department’s invoices and expense reports before handing them over to the finance member. Or, if the expense is initiated directly by the department head or program manager, then maybe the Executive Director approves their expenses before handing them over for payment from the finance person. This arrangement really helps you to ensure that one person isn't controlling all aspects of the financial process, which is how you reduce the risk of fraud.
3. Separate data entry from reconciliation
The next step is to separate the processes for data entry and reconciliation. Again, if you only have one finance staff person, they should not be doing both of these financial tasks. You’ll want to separate these duties in such a way that if the finance person is entering and recording the transactions in the software, another member, such as a board member or a trusted volunteer, is actually reconciling the bank account. This extra layer of protection is so important for ensuring that the transactions are accurate and complete.
4. Strengthen your revenue receipt and recording process
This next step can vary greatly from one nonprofit to another. With that in mind, I'll give you a couple of examples, but It ultimately depends on your primary funding source. Let's just say that you have a system where you receive a lot of cash. Well, my strongest recommendation would be that it's definitely worth the processing fees to ensure all transactions make it to the bank. So I'd say, first, try to move away from cash if you possibly can. But, if you can't, then you need to put a receiving system in place that reconciles all receipts included in a deposit. Additionally, if you are a donation driven nonprofit, you’ll want to make sure that all gifts are secured when they come in. If donations regularly come in the mail, then you’ll want two people opening the mail and immediately dropping those checks into a secure place, keeping in mind that they will also require the presence of two people to count those checks. I would recommend using a count sheet. And then after that count sheet is completed, it's signed off on by the counters, and then when the bank verification deposit slip comes back, it's reviewed by a third party to ensure all the money made it to the bank., Again, each situation is unique, depending on the kind of revenue your nonprofit receives.
5. Consider outsourcing
When you have limited staff, sometimes you can outsource the accounting or bookkeeping services to a firm that will be able to serve as the system of checks and balances. Now, the limitation of outsourcing is always that they don't know your nonprofit as intimately. They don't know everything you're doing. So they might not see something that feels unusual, but at least if you have processes in place about things that have to be reviewed and approved, they can help carry those functions out.
In conclusion, you know that protecting your nonprofit from fraud and the misuse of finances is critical, and it's so challenging when you're a small nonprofit. So I hope this lesson helped you to remove some of the mystery and give you some actionable steps that you can take in your own nonprofit. Once again, this is part one of a five part series on internal controls for small nonprofits. My goal is to help you put some policies in place even if you have a small staff. Click here to subscribe for more weekly content just like this.
If you’d like to assess the fraud risk in your own organization, I've designed a 12 question test that I call the Fraud Factor Assessment. You can find that free resource here. It's an interactive quiz that will give you some videos and extra help from me at the very end.
Sign Up to Receive Financial Tips in Your In Box
We hate SPAM. We will never sell your information, for any reason.