Keep Honest People Honest. Internal Control Practices for Nonprofit Boards.

A recent study found that the average fraudulent event lasted about 18 months before it was detected, and 77% of all frauds were committed by individuals working in accounting, operations, sales, executive/upper management, customer service and purchasing. Nearly half of victim organizations never recover any losses that they suffer due to fraud.

So what is your board of directors doing to protect your nonprofit organization?

The answer should be internal controls – systems and processes that reduce exposure to risk and protect your organization’s assets. Internal controls are the first step in combatting fraud, and a board of directors plays an important part in identifying and mitigating risk. Here is a list of internal controls your board should consider and potentially execute.

Identify and discuss the risk areas within your organization. Look at the strategic, financial and operational activities of your organization. Look at any compliance and reputational concerns that exist. What controls are in place to weaken any identified risks? Are they successful? Look closely at your special events, fundraisers, volunteers, finances, staff, restricted grants and reputations. These are all areas where your exposure to risk is highest.

Maintain honest and ethical behavior throughout your organization. The importance of ethical behavior should be communicated from the top down, by management and the board. Compliance with your organization’s code of ethics, and/or conflict of interest policy should be expected and verified. Whistleblower policies should be in place and encouraged so suspicious activity can be comfortably reported. When fraud is discovered, do you have a “no tolerance” attitude?

Establish independence from management. Relatives or friends of management should not be serving on the board. Independence is essential in limiting management’s ability to override decisions or controls that are in place. Check for independence and any current affiliations when you are interviewing prospective board members.

Analyze internal controls for efficiency. If you implement internal controls and never evaluate them, how do you know that you are effectively minimizing risk? Test your controls. Set up criteria to rate your exposure to risk and evaluate the effectiveness of your controls. Review reporting relationships, responsibilities and authority in relation to effective internal controls. Follow best practices to utilize talents of your members, and provide them with a segregation of duties – as much as your budget allows.

Monitor the budget and review financial statements. Look for budget variances and a corresponding explanation. Are any unusual or unexpected transactions of financial results investigated in a timely manner? Consider reviewing payroll detail, credit or debit card charges, and daily activity frequently. Increase the frequency of your bank reconciliations.

React to recommendations from the auditor. Read the internal control or management letters presented by the auditor and encourage management to implement the suggestions. Follow up to see that changes in procedures have been made and are effective at reducing risk. Does your board meet with external auditors in an executive session? It should.