Why Internal Controls are Important

A survey conducted by the Association of Certified Fraud Examiners estimates that all organizations lose an average of between five and six percent of their revenue to fraud every year.[i]  Applying this percentage to the nonprofit sector would suggest that the fraud loss may reach approximately $40 billion each year.[ii]

In light of this information, internal controls should represent the foundation of all nonprofit organizations’ accounting systems, no matter the size of the organization.  Having an effective internal control system ensures that board members and officers understand their fiduciary responsibilities, assets are managed properly, and the charitable purposes of the organization are carried out.

The key piece in the implementation of these controls is an appropriate level of segregation of duties.  This can be very difficult for smaller nonprofit organizations to accomplish due to the size of the staff.  Below are two examples of steps that can be taken to improve controls, even when limited by smaller staff sizes.

Written Procedure Memos

The first step to take in evaluating an internal control system is to document the current state of controls. At a minimum, procedures should exist for cash disbursements, cash receipts, payroll, and financial reporting.  Within the procedures memos, key controls should be identified and any control performed should be documented.  For example, if a board member reviews monthly bank reconciliations as part of a control, he or she should sign the reconciliation to identify that the control was performed.  It is also important to review established procedures memos from time to time to make sure that they are being followed and are still relevant.

Reconciling the Bank Statement

Timely reconciliation of the bank statement is a crucial step to ensure that embezzlement doesn’t occur.  Ideally, someone other than the person handling cash receipts and disbursements should reconcile the bank account from an unopened statement.  For example, if someone has check signing privileges he or she should not be the one responsible for the bank reconciliation.  In smaller organizations, there may only be one person that performs all the accounting functions.  In these instances, it is important to get a board member involved in the process.  The board member should receive the monthly unopened statement each month for review along with the bank reconciliation.  Five suggested steps for the bank reconciliation review are listed below:

  1. Examine canceled checks to known vendors.
  2. Examine the bank statement and outstanding check listing for checks issued out of sequence.
  3. Examine the bank statement for incoming and outgoing wire transfer activity.
  4. Compare cash deposits and disbursements to expectations (budgeted amounts).
  5. Initial and date the review so that the control procedure has been adequately documented.

Concluding Thoughts:

Small staff or a limiting budget should not stand in the way of an effective internal control system.  If your internal control system keeps you up at night, or you simply want someone to review your system, please don’t hesitate to contact TDT; we are here to help you!

Dan Montgomery, CPA and Senior Assurance Associate at TDT, explains why having an effective internal control system is important.  With more than ten years of experience, Dan specializes in audits of nonprofits, governmental entities, and employee benefit plans.  Dan is a member of the American Institute of Certified Public Accountants and the Iowa Society of CPAs, and serves nonprofit clients across all nine TDT office locations.


[i] Association of Certified Fraud Examiners. (ACFE). (2016). 2016 Report to the Nations, Occupational Fraud and Abuse.

[ii] Greenlee, J., Fischer, M., Gordon, T., & Keating, E. (2007).  An Investigation of Fraud in Nonprofit Organizations: Occurrences and Deterrents.  Nonprofit and Voluntary Sector Quarterly, Vol. 36, Issue 4, Pages 676-694.