The financial operations of small not-for-profits (NFPs) and charities are usually lean so that the entity can apply the maximum resources to its stated objectives. Implementing strong financial systems and controls with small staff numbers can be a challenge but not impossible by following a few basic principles:
- Identifying risk pressure points
The directors and management need to set the ‘tone at the top’ and foster a control environment that is committed to good governance and internal controls.
Internal controls require a risk-based approach to identify areas that could prevent the entity from achieving its objectives. Knowing the probability and likely impact of risks, it is important to know what to prioritise.
- Policies and Procedures
Sound internal controls systems require competent, reliable, and ethical staff and volunteers. Consider a strong hiring policy and ensure that the staff and volunteers are informed of company ethos, policies and procedures via an employee and volunteer handbook and orientation pack.
- IT Controls
Whether using accounting software or Excel, personnel should understand basic cyber-attacks prevention, prevent unauthorised access through strong access and password policies, maintain privacy of information (discourage use of USBs) and prevent data loss through regular backups.
- Segregation of duties
One person should not be authorising, processing and reviewing the entities’ financial transactions. Establish clear financial delegations and limiting authority to approve purchases. Directors may be required to be involved in the approval process.
- Cash disbursement cycle
Invoices and payroll should be reviewed by appropriate personnel prior to processing by finance. Employee reimbursements, debit and credit cards should be reviewed by a supervisor and transactions accompanied by a valid tax invoice.
The payment authoriser should review supporting documentation prior to approval. Limit petty cash held, and the amount paid through petty cash reimbursement.
- Cash receipt cycle
Cash receipts and donations should be recorded in a log when received. Banking should be done on a timely basis by a person independent of receiving and general ledger functions.
- Month end closing and financial reporting
Create a checklist for month-end and year-end signed off by the preparer and reviewer. The list should include the review of manual journal entries, bank and account reconciliations and financial statement preparation.
Financial information should be provided to directors and management regularly. Significant variations between actual and budget figures should be explained and followed-up.
- Safeguard assets
Maintain inventory records of property and secure financial information and cash.
Policies should be designed to reduce the opportunities for fraud and theft.
Ongoing evaluation is necessary to ensure controls remain effective in case of changes in the entities’ strategic direction, systems and staffing. Establish an audit and risk committee and perform internal audits if possible.
Every entity is different and it’s a balancing act between having sufficient internal controls or having too many for a small team to handle. However, every entity is obliged to implement targeted internal controls to protect the organisation’s assets, funds and confidential information. PKF is highly involved in the NFP sector and would be pleased to provide further support and guidance.
About the Author
Frederick (Erick) is a Manager in our Audit team, located in PKF’s Brisbane office.
Erick’s client experience includes the audit of listed public entities to proprietary companies, not-for-profit entities including schools and religious institutions and special purpose & compliance audits of financial services companies and trust accounts.