Internal Control Checklist for Small Non-Profits: 5 Critical Steps

< Back to Insights
Insights  <  Internal Control Checklist for Small Non-Profits: 5 Critical Steps

Establish a strong control environment

Setting a tone at the top of the organization can go a long way in deterring fraud.  Having an effective control environment will naturally foster strong controls and facilitate employees following protocol.  Ideas:  create written procedures and assign responsibilities/authorization power, use budgets and deadlines and hold employees accountable and, most importantly, involve the Board or other governing body by providing financial reports and expect them to stay engaged and ask questions.

Create and maintain segregation of duties

This is essential.  History shows that most instances of fraud occur because the person had an opportunity, usually meaning there was no one else involved in certain functions and thus no one would notice, especially in small incremental amounts.  In a small office, this can certainly be a challenge; however there are several things you can do between two or three people that will create those checks and balances.  Ideas:  a) when dealing with cash receipts, have two people count, double check and record cash; b) for purchases, separate individuals should be approving purchases, generating checks, recording expenses in the general ledger and reviewing and signing checks (and avoid using a signature stamp); c) also be sure to consider authorization rights with your online banking and discuss available controls with your bank, such as email notifications or authorization codes for payments made online.

Physical Controls

Simple things such as keeping offices locked, check stock locked in a file cabinet (one or two people keep the key) and passwords on computers and for software will help keep your assets safe.

Review and reconcile the bank statement

Ideally, someone other than the person writing checks should receive the unopened bank statement and prepare a reconciliation of bank activity to general ledger activity, in which case discrepancies can be detected timely.  The bank statement should be reviewed by someone outside the cash function.  In a very small office, it may be necessary to have the treasurer or other board member perform this review.  Pay particular attention to cancelled checks and withdrawals, noting payee, amount and frequency for reasonableness.  A person committing fraud may record a payment to a known vendor in the system or on a check stub, while the actual check is made payable to someone else.


Look at weekly payroll reports from the payroll company to make sure employees and pay rates are within your expectations.  It is also important to review year-to-date figures by employee (summarized on one report), which will include all payments, including bonuses, corrections, direct deposits, etc.  Payroll fraud often occurs in separately processed payroll, which can be excluded from your weekly payroll reports, but would be reflected in year-to-date totals.  Try to discuss available controls with the payroll company. Many will offer emails to be sent directly to a designated individual for notification of all processed payroll, pay rate changes, added and terminated employees.  If this were the case, it would be difficult for any erroneous information to go undetected, especially in a small office environment.

Continue the Conversation with Our Team
Get in touch with us.

Contact Us