Small non-profit organisations and charities usually have limited resources to spare after expending the budgets for their stated objectives. They may not engage outside professional help due to cost constraints and their teams may lack business skills in required areas.
Implementing strong financial systems and controls can be challenging, but not impossible if a few basic principles are adhered to:
Risk management - identify pressure points and action plan
The directors and management need to set the ‘tone at the top’ and foster a control environment that is committed to good governance and internal controls.
Internal controls require a risk-based approach to identify areas that could prevent the entity from achieving its objectives. Knowing the probability and likely impact of risks, it is important to know what to prioritise.
For non-profits, risk management may refer to assessing finances or insurance coverage, but it also may refer to cyber security and data privacy, screening volunteers, training employees and reducing liability, to name a few.
When putting together a risk-management plan, whether it's a comprehensive manual or a small spreadsheet focusing on main items, a few essential items should be included:
- a list of individual risks
- a rating of each risk based on likelihood and impact (e.g. rate from 1-10)
- an assessment of current controls
- a plan of action
Once the risk pressure points have been identified and prioritised based on likelihood and impact, devise risk management strategies.
Monitor the risks over time and update the plan as required.
Policies and Procedures
Sound internal controls systems require competent, reliable, and ethical staff and volunteers. Consider a strong hiring policy and ensure that the staff and volunteers are informed of company ethos, policies and procedures via an employee and volunteer handbook and orientation pack.
The Institute of Community Directors Australia has some free templates in its policy bank. They are a starting point, but you will have to adapt them. The policies should be adopted at a board level or by the executive committee, while procedures are developed/signed off by the organisation's CEO or president.
IT Controls
Maintaining proper controls over information technology and cloud based data is a constant concern for organisations as they try to use technological advances to drive efficiency and growth.
Whether using accounting software or Excel, storing data on physical computers or in cloud drives, personnel should understand basic cyber-attacks prevention, prevent unauthorised access through strong access and password policies, maintain privacy of information (discourage use of USBs) and prevent data loss through regular backups.
Segregation of duties
It is traditionally assumed that noone would steal from a non-profit but the reality is that some non-profits are vulnerable to fraud. In a weakening economy, fraud becomes even more probable. Non-profits that are diligent about internal controls and properly separate duties of members can spot irregularities before they become a serious problem.
The same person should not be authorising, processing and reviewing the organisation's financial transactions. Clear financial delegations should be established and authority to approve purchases should be limited. Directors may be need to be involved in the approval process.
Monthly financial reporting should support assurances that the organisation is protected from the potential of theft or other types of financial fraud or loss.
Cash disbursement cycle
Invoices and payroll should be reviewed by appropriate personnel prior to processing by finance. Employee reimbursements, debit and credit cards should be reviewed by a supervisor and transactions accompanied by a valid tax invoice.
The person authorising payment should review supporting documentation prior to approval. Petty cash floats and the amount paid through petty cash reimbursement should have limits imposed.
Digital solutions for bill paying and expense management can assist with staff expense payments and reimbursements, from Xero's Expenses add on to full-fledged corporate card solutions discounted for non-profits such as Divipay, for example.
Cash receipt cycle
Cash receipts and donations should be recorded in a log when received. Banking should be done on a timely basis by a person independent of receiving and general ledger functions.
Digital methods for receiving donations can be considered to limit the cash on hand.
The explosive popularity of mobile payments should make non-profits sit up and take notice. Why not make it as easy as possible to receive donations, from anyone, anywhere, on any device?
Some of the most popular:
Integrapay - https://www.integrapay.com.au/...
PayPal for Nonprofits – https://www.paypal.com/us/webapps/mpp/donations
Apple Pay for Donations – https://developer.apple.com/support/apple-pay-nonprofits/
Google Wallet for Donations – https://googlefornonprofits.blogspot.com/2012/10/grow-your-gifts-increase-online.html
Stripe – https://support.stripe.com/questions/fee-discount-for-nonprofit-organizations
Month end closing and financial reporting
Create a checklist for month-end and year-end signed off by the preparer and reviewer. The list should include the review of manual journal entries, bank and account reconciliations and financial statement preparation.
Financial information should be provided to directors and management regularly. Significant variations between actual and budget figures should be explained and followed-up.
Safeguard assets
Maintain inventory records of property and secure financial information and cash.
Policies should be designed to reduce the opportunities for fraud and theft.
Monitoring
Ongoing evaluation is necessary to ensure controls remain effective in case of changes in the entities’ strategic direction, systems and staffing. Establish an audit and risk committee and perform internal audits if possible.
Every entity is different and it’s a balancing act between having sufficient internal controls or having too many for a small team to handle. However, every entity is obliged to implement targeted internal controls to protect the organisation’s assets, funds and confidential information.
Electra Frost Advisory provides services in the non-profit and social enterprise sector. We would be pleased to provide further support and guidance.