Simple Internal Controls, Part I
A scary term that gets thrown around a lot in accounting is “internal controls.”
Internal controls are policies designed to protect your assets. Good internal controls will help your organization avoid fraud and may detect errors in your bookkeeping system.
Implementing internal controls doesn’t have to be expensive or time consuming. Think of your organization’s assets like a fire. What? I thought assets were good. THEY ARE! And so is fire. It’s powerful, necessary, and potentially dangerous (see the correlation to cash, your most liquid asset).
If you want to start a fire in your home, you need a fireplace (you wouldn’t light the couch on fire to keep the family warm). The same is true for a nonprofit organization. You want to have the proper measures in place to protect your nonprofit from burning down. Think of internal controls as your fireplace.
Fire Rule #1
Don’t give any one employee or volunteer too much exposure (because someone or the organization will get burned). All organizations should employ segregation of duties.
This is another frequently used term in accounting. Segregation of duties is basically having a system of checks and balances in place. For example, you don’t want the same person entering the payables, writing and signing the checks and then reconciling the bank statement. Your office should have different people in charge of the following:
- Custody of assets (physically in control of checks and mail)
- Record keeping (entering transactions in accounting program)
- Authorizing (check signing, purchasing, authorizing journal entries, limiting access)
- Reconciliation (reconciling bank statement, writing off accounts overdue, creating depreciation schedule)
However, for a small organization, sometimes it’s necessary to combine these functions.
An example of internal controls:
Our Bank Reconciliation report can be printed and should be signed off by someone other than the preparer. The report should be accompanied with:
- Prior month’s Check Reconciliation report
- Original bank statement
- Printed list of transactions posted to the checking account’s General Ledger for the current month being reconciled (Aplos’s Transactional Report in “View Reports”).
These reports should be viewed together. Beginning and ending balances should be compared to ensure they are the same from one report to the next. Transactions that may warrant further investigation by the person signing off on the bank reconciliation are:
- Duplicated transactions
- Payments for the same amount
- Missing check numbers or check numbers out of order
Most nonprofit accounting software programs (including ours) can be set up to grant different users different permission and views. For an overview of our permission set ups, check out this blog. It’s easy to let an employee or volunteer sign in with your information, but it’s best to set them up with their own sign-in. This way you can limit their access to sensitive information and turn off access without any affect to your account.
Prevention works! No church accounting software or nonprofit accounting software programs can protect your organization from fraud on their own. Good internal controls, proper oversight, and good management work to preventing fraud. Check out our series of blogs on internal controls (we are updating it weekly).
Good luck and remember this blog is not meant to be a substitute for professional services, just a helpful resource. Always consult a CPA or trusted professional if you seek tax or accounting advice.
Stay tuned for our blog series on Internal Controls … and Fire Rule #2