6 Internal Control Practices For Nonprofit Boards

  • Contributors:
  • Roxanne Page
Image of nonprofit board of directors meeting and discussing internal control practices

A recent study found that the average fraudulent event lasted about 18 months before it was detected. Plus, 77% of all frauds were committed by individuals working in accounting, operations, sales, executive/upper management, customer service and purchasing.

Nearly half of victim organizations never recover any losses that they suffer due to fraud. So what is your board of directors doing to protect your nonprofit organization?

The answer should be internal controls – systems and processes that reduce your exposure to risk and protect your organization’s assets.

Internal controls are the first step in combatting fraud, and a board of directors plays an important part in identifying and mitigating risk.

Here’s a list of control practices your board should consider implementing.


Identify and discuss the risk areas within your organization

Look at the strategic, financial, and operational activities of your organization. Look at any compliance and reputational concerns that exist.

What controls are in place to weaken any identified risks? Are they successful?

Look closely at your special events, fundraisers, volunteers, finances, staff, restricted grants, and reputations. These are all areas where your exposure to risk is highest.


Maintain honest and ethical behavior throughout your organization

Communicate the importance of ethical behavior from the top down – by management and the board.

You should expect and verify compliance with your organization’s code of ethics, and/or conflict of interest policy.

You should also have whistleblower policies in place. Encourage people to use them so they can comfortably report suspicious activity. When fraud is discovered, do you have a “no tolerance” attitude?


Establish independence from management

Relatives or friends of management shouldn’t serve on the board. Independence is essential in limiting management’s ability to override decisions or controls that are in place.

Check for independence and any current affiliations when you’re interviewing prospective board members.


Analyze internal controls for efficiency

If you implement internal controls and never evaluate them, how do you know that you’re effectively minimizing risk?

Test your controls. Set up criteria to rate your exposure to risk and evaluate the effectiveness of your controls.

Review reporting relationships, responsibilities, and authority in relation to effective internal controls.

Follow best practices to utilize the talents of your members, and provide them with a segregation of duties – as much as your budget allows.


Monitor the budget and review financial statements

Look for budget variances and a corresponding explanation. Are any unusual or unexpected transactions of financial results investigated in a timely manner?

Consider reviewing payroll detail, credit or debit card charges, and daily activity frequently. Increase the frequency of your bank reconciliations.


React to recommendations from the auditor

Read the internal control or management letters presented by the auditor and encourage management to implement the suggestions. Follow up to see that changes in procedures have been made and are effective at reducing risk.

Does your board meet with external auditors in an executive session? It should.


Have questions about internal control practices? Let’s talk!