Questions to Ask – Internal Controls
Internal controls are important no matter the size or your organization. To assess whether your organization has adequate controls in place, it is best to start by asking “who does what”?
The following questions will help you identify how tasks are assigned and whether there is proper segregation of duties.
Governance & Oversight
- Who reviews and approves the organization’s financial statements and budget?
- Who sets and reviews the organization’s financial policies?
- Who ensures compliance with the conflict of interest policy?
- Who attends board meetings and provides updates on financial performance?
Financial Reporting & Budgeting
- Who is responsible for preparing the financial statements?
- Who reviews the financial statements before they are provided to the board?
- Who creates the annual budget, and who approves it?
- Who monitors actual expenditures versus the budget, and how often is this done?
Cash Management & Bank Accounts
- Who is responsible for receiving and depositing cash or checks?
- Who performs bank reconciliations, and who reviews them?
- Who has access to the organization’s bank accounts, and who can authorize payments or withdrawals?
- Who counts cash from fundraisers or donations, and who ensures that the funds are properly recorded and deposited?
Revenue & Donations
- Who receives and records donations (both cash and in-kind)?
- Who prepares and sends donor receipts or acknowledgment letters?
- Who tracks and monitors restricted donations to ensure they are used for the intended purposes?
- Who ensures grants and donations are properly classified and recorded?
Expenditures & Disbursements
- Who approves expenditures before they are paid?
- Who is responsible for processing payments (checks or electronic disbursements)?
- Who reviews and matches invoices to purchase orders or approvals?
- Who authorizes and reviews employee reimbursement requests, and who processes the payment?
Payroll & Human Resources
- Who processes payroll and ensures its accuracy?
- Who reviews payroll before it is submitted for payment?
- Who approves employee timesheets and ensures time is recorded correctly?
- Who has access to payroll information, and who approves payroll changes (e.g., raises, bonuses)?
Grants Management
- Who is responsible for ensuring compliance with grant agreements?
- Who tracks grant deadlines and reporting requirements?
- Who approves grant expenditures to ensure they are allowable under the grant terms?
- Who prepares grant reports for funders?
Recordkeeping & Documentation
- Who is responsible for maintaining and securing accounting records?
- Who ensures financial documents (e.g., receipts, contracts, grant agreements) are retained and stored appropriately?
- Who backs up the organization’s financial records, and how often is this done?
Segregation of Duties
- Who authorizes transactions (e.g., payments, donations)?
- Who records transactions in the accounting system?
- Who handles or has custody of assets (e.g., cash, checks)?
- If one person performs multiple roles, who reviews their work to ensure accuracy?
Fraud Prevention & Risk Management
- Who is responsible for ensuring compliance with the fraud prevention policy?
- Who trains employees and volunteers on fraud prevention and reporting?
- Who conducts risk assessments, and how often are they reviewed?
- Who handles reports of suspected fraud or unethical behavior?
Information Technology (IT) Controls
- Who has access to financial software, and how is access granted or revoked?
- Who is responsible for maintaining passwords and system security for financial systems?
- Who ensures that financial data is backed up regularly, and where are the backups stored?
- Who monitors access to sensitive financial data to prevent unauthorized use?
Compliance
- Who ensures the organization complies with federal and state filing requirements (e.g., IRS Form 990, state requirements)?
- Who tracks donor restrictions and ensures compliance with any restrictions on the use of funds?
- Who monitors and ensures compliance with grant agreements and other regulatory requirements?
As you answer the above questions, are there areas where one individual handles multiple tasks? How can these be segregated to more than one person? What compensating controls are in place to mitigate possible risks? Are there roles that need additional training or support to ensure adequate control?
Ensuring your organization has proper controls in place leads to the reduced risk of fraud occurring, better reporting, more accurate reporting, and greater success.
Contact Us
"*" indicates required fields