In small organizations, internal controls are often sacrificed for the sake of delivering quality services. This is especially true for cost-conscious, small nonprofit organizations. However, ignoring internal controls is very risky and should never be completely abandoned regardless of how small an organization.
In a recent report, the Association of Certified Fraud Examiners (ACFE) found that organizations with less than 100 employees are more vulnerable to occupational fraud. The median annual fraud loss for nonprofit organizations was around $82,000. This number does not take into consideration the financial repercussions of a damaged reputation. For nonprofits who depend on the public for support, the occurrence or allegation of fraud can be detrimental to its fundraising capabilities.
While there are many ways to manage and mitigate risk, the Committee of Sponsoring Organization’s (COSO’s) internal control framework is a popular method because of its ability to be widely adopted by both large and small organizations. The COSO framework emphasizes that risk-based, informed decisions work best and internal controls should be designed with the organizations unique environment and risk tolerance in mind.
Applying internal controls is a best practice for all organizations. However, it is particularly important for small nonprofits as donors often assess an organization’s ability to use funds before contributing. Adopting the five COSO framework steps below can help protect your nonprofit organization by strengthening governance, improving the reliability of financial reporting and deterring fraud.
1. Set the tone internally
The ACFE report also found that only 6.4% of fraud is discovered by external auditors. Therefore, it is critical for an organization’s board and leadership team to set a strong tone due to the fact that internal controls are heavily impacted by employees and their actions. A powerful tone at the top will lay the foundation for successful internal controls.
2. Provide a formal system to report concerns
According to the same ACFE report, 29.6% of fraud cases are discovered from internal tips. To encourage employees to report concerns without fear of retaliation a formal system to report concerns, often called a “whistleblower policy”, should be created and incorporated into employee handbooks and new-hire training programs.
3. Remain vigilant and stay aware as to what is happening within the organization
Leaders should be aware of pressures, tensions, conflicts or incentives that could negatively affect the organization’s financial reporting. For example, a poorly designed incentive-based compensation structure or unbalanced workload can put employees under pressure and tempt them to take advantage of internal control weaknesses.
4. Focus on building relationships and open communication
Adopting an open-book management style can simultaneously build relationships and open communication. One way of doing this is by explaining the business rationale behind particular processes. First, identify the observed behavior then give the employee a chance to offer their perspective. After acknowledging the employee’s point of view, explain the business reason for any changes. This type of transparency can enable employees to make better business decisions.
5. Uphold fairness by enforcing and upholding policies
The following policies can help avoid internal conflicts:
• Have periodic one-on-one discussions with employees about policies.
• Train new employees on what is and is not acceptable use of the organization’s property.
• Check references and perform background checks on employees with access to the organizations financial information
• Review IT system logs
• Segregate employee duties so that one person does not have complete control of a transaction
• Wherever possible separate authorization and record keeping duties.
Management cannot prevent all problems. But setting the right tone and policies internally will signify to employees what activities are unacceptable.
The professionals in our office can help your nonprofit organization improve or implement internal controls that promote reliable financial reporting and compliance with laws, regulations and policies.