A sound system of internal controls is an important element of risk management. Every organization should have board approved internal control policies or a financial and accounting procedures manual. Two articles follow. The first describes situations that may make an organization vulnerable to embezzlement and suggests solutions. The second contains tips to improve internal controls.
With the permission of Edward McMillan, CPA, a "yes/no" checklist of
internal controls is linked below along with other resources of varying
(Adapted with permission from materials provided by Travelers Indemnity Company)
Most acts of employee dishonesty start out small and grow over time. When an organization finally discovers the problem, it is often faced with unexpected financial difficulty caused by trusted employees. Why do these losses occur? A review of numerous employee dishonesty losses reveals that financial pressure, opportunity to commit and conceal theft, and a rationalization of the behavior are three contributing factors. Employee dishonesty is a real threat to an organization when these three factors are combined. However, the loss potential can be lessened by a strict "Code of Ethics" and a sound system of internal controls.
Internal Controls Include:
1. Separation of Duties
Separation of duties is one of the most important control issues that should be addressed. Active involvement by officers is critical when staff is small and segregation of duties is not feasible. Duties such as check writing, deposit functions, inventory management and account reconciliation should be kept separate.
- Bookkeeper who issues checks, posts
transactions and reconciles the bank statement.
- Administration person who is responsible for hiring personnel and placing them in the payroll system.
- Inventory manager who has the ability to purchase merchandise at his own discretion, and submits both voucher and check stub to bookkeeper.
- Officers who review the books infrequently.
- Operation that is in a major growth mode, resulting in more staff and less attention to details by the chief executive officer.
2. Physical Safeguards
Access to checks or petty cash is limited, secured and documented when used. Written "Code of Ethics" is established and reviewed with all employees. Enforcement of the Code for employees, members and officers is critical.
- Association checkbook that is stored in a file cabinet
should be in a safe.
- Documentation of check numbers and reasons for expenditure are not consistent.
- Petty cash that is not restricted. No voucher or explanation required.
- Rules that are bent in favor of cost containment or familiarity with staff.
- Firm that does not prosecute offenders.
3. Proper Authority
Individuals having access to association books or purchasing/paying duties should be limited, monitored and documented. Countersignature of checks should be implemented
- Check-signing privileges not restricted to specified individuals
- Inventory purchasing not limited to specific individuals
- Countersignature or executive review not required
4. Detailed, Consistent Documentation
Description of transactions must be scrutinized. Transactions should correlate to the organization's scope of operation. Verify of the entities involved in each transaction.
- Missing original documents.
- Excessive voiding or crediting.
- Similarities in accounting entries.
- Transactions made to entities that are not related to the organization's scope or location of operation.
- Unexplained "past due" notices.
invoices and payments.
5. Vacation/Job Rotation
Require individuals in high-fidelity risk areas to take mandatory annual vacations of at least 10 consecutive working days.
Job rotation or independent audit of function should be implemented when two-week vacations are not practical.
- Individuals in sensitive positions who are workaholics: never take vacations or only take long weekends.
- Payroll supervisor who has held a job for several years and has not been audited by internal or external sources.
6. Heed Warning Signs
Employee dishonesty can result in financial disaster for an organization. For that reason, organizations should enforce a "Code of Ethics" and implement sound internal controls. In addition, officers and directors should be on the lookout for the following warning signs:
- Behavior of Employees:
- Alcohol, drug, gambling abuse
- Inability to relax
- Defensive/argumentative moods
- Disgruntled feeling toward management
- High/low mood swings
- Warning signs in financial statements:
- Revenue up, inventory down
- Revenue up, cash flow down
- Purchases greater than normal
- Unreasonable or unexpected increases in expenses
- Inventory up, account payables down
Check Signing and Check Processing
Be realistic. If you require two signatures on checks, but have trouble getting both signatures and consequently have blank checks signed, have the board change the policy to one signatory for checks up to a specified amount. There is increased risk when one signer signs blank checks because he/she will be unavailable to sign the checks on the date they are run. Have your auditor make the suggestion to the board that only one signature be required up to a specified amount.
Use a payroll service and encourage all employees to have direct deposit. This way you don't have to chase down that second signature nor are you as Executive Director signing your own check. Many banks have free checking accounts for people who have their paycheck deposited.
Check signing is not the only way to get the treasurer or another board member involved. Have the bank statements and cancelled checks sent directly to the treasurer. The treasurer can review the checks and the endorsements.
Use two separate bank accounts for your organization. One should be the main account into which are funds are deposited. The second should be a subsidiary account that all checks are written against. When checks are written, make a transfer from the main account to the subsidiary for the necessary amount. As a result, the subsidiary account will have a balance only large enough to cover the checks that are written. Only a board member or specifically appointed person should be allowed to authorize transfers from one account to another. Using this system, an embezzlement or other problem will create an overdraft. Instruct your bank to notify you immediately when an overdraft occurs. Problems are easier to solve a few days after they occur rather than weeks or months later.
Use a separate bank account for payroll. Transfer in only enough funds to cover the current paychecks. Fraud or errors on the part of the bank or payroll service will show up sooner.
Never write a check out to Cash for any reason.
Petty Cash checks should be made out to a person using either “Mary Smith, Agent for the Nonprofit Organization” or “John Jones, Petty Cashier.”
Check signer(s) should double check that the amount and the vendor name and address on the invoice match the amount and vendor name and address on the check. In this age of computerization, “autofill” often will insert the wrong amount or payee.
Using current technology, anyone can create a professional looking invoice. Avoid paying dummy invoices by requiring the staff person who received the goods or services to sign the invoice and state the purpose of the expense right on the invoice. The signature should be on the document, not scribbled on a Post-it. Post-its can be moved too easily.
Limit advances and reimbursements to staff for supplies. Set up accounts with the stores the organization uses most often and limit purchasing to where there are accounts. Remove employees from the list of authorized purchasers at the time they leave the organization. Verify the list of authorized purchasers at each store on a regular basis.
If you have a finance department of one, train program staff to make deposits and go to the bank. There is generally someone on staff that is restless and doesn't mind leaving the office for a few minutes.
Don't hold a check because you don't know what it is for. Go ahead and deposit it. You can always code it later.
Use duplicate deposit tickets. You can order them from the bank for only a few dollars. The franked (embossed by bank) copy should have a list of the checks in the deposit.
Reconcile accounts within 10 days of receiving the bank statement. Once again, problems are easier to fix the sooner you become aware of them. Banks staffs make mistakes as well as your own staff.
Reconcile to the General Ledger, not just the amount in the checkbook.
The person doing the bookkeeping should not reconcile the bank accounts too. Separate these responsibilities. If you have a small staff, ask a board member to reconcile the bank statements.
The executive director should review the reconciliation and bank statement periodically.
Review the receivables monthly. Send out second/third notices. An easy way to do this is to maintain a manual file with a copy of each invoice sent. Monthly, sort out the ones paid. Type SECOND REQUEST on the remaining ones and re-mail.
Unless they do it every day, the executive director or treasurer should periodically open a day’s mail. Make this a random event. If the executive director does this every day, he or she should probably delegate this task.
Use a bank lock box. It may cost less than you think. It should be used for all deposits and should be reconciled on a timely basis.
Make mail opening a group activity with two or more people involved. Make one person responsible for opening the mail and another for recording incoming checks.
A financial report should be prepared that compares actual performance against an approved budget. Variances should be explained. Sometimes the variance is caused by an accounting error that should be corrected before the report is distributed.
Distribute financial reports to staff members. A fresh set of eyes may pick up an error or a potential problem.
Periodically, someone other than the Finance Director should look at the reports generated by the financial system. Again, a fresh set of eyes may identify a problem.
Reconcile your physical inventory of furniture and equipment to your accounting records. This can be done as part of an annual office clean-up day.
Do the same reconciliation with software licenses. Also, remove from your accounting property list obsolete and no longer used software. And dispose of the old software disks and programs.
Periodically test the back up system for your accounting data to make sure it is working properly. Otherwise, you may not find out there is a problem until the day you need the back up.
Adapted from information provided by the Maryland Association of Nonprofit Organizations
Copyright © 1999
Reprinted with permission
NAVREF | Professional
Development | Library | Advocacy
| Legal Resources |
Clinical Research Sponsors
©2010, National Association of
Veterans' Research and Education Foundation. All rights reserved.