How to Eliminate Emotional Decisions and Implement Internal Controls in Your Nonprofit Organization
Tuesday February 21, 2023
Any accounting business or tax advice in this era podcast is not intended as a thorough in depth analysis of specific issues nor is it a substitute for a formula opinion. It is not good enough to avoid tax related penalties.
This season, I wanted to focus more on risk and explaining some of the risks that are associated with the finances at a nonprofit. Season Five, we did a whole lot of articles on fraud, ways to prevent it. But the best prevention is understanding what fraud looks like, understanding how to assess your organization's risk of fraud. And so that's what I realized, we need to do first, we're starting at the beginning, a very good place to start.
So let's think about internal controls. So how do you stop fraud from happening? Or how do you lessen the likelihood or how much you might lose if you have internal controls in place. So internal controls, they are going to be the mechanism, they're going to be your procedures, they're gonna, whatever you've implemented to make sure your accounting system is accurate to promote accountability to talk about fraud.
It's not just about, hey, there's a law in place that says people will go to jail, it's about what is the practicality? How have you broken this down for your organization? So you want to think about our timeliness reports. So not just we get reports, but how recent are they? Some organizations say, well, the board reviews the report, and that's our method of internal controls.
Well, when are you getting the reports or how late are they? Your reports are always gonna be late. So they're always going to be after the fact. So how far after the fact are you looking at them? How are you analyzing those reports? What is the board asking? So the board never asks any questions. Is this control really working? Because if they're not saying anything, they're just saying, Yes, we approve, we got it. Did they do their due diligence? Did they ask enough questions to say if something were to occur, they could have caught it?
I'll do an episode, at some point on understanding your financials that might be more of a video series. So check out me on Instagram at CNRGadvisory for that. The other thing you want to think about. Do you have documented processes and procedures? Do people know what they're supposed to do? If they don't, you can't be mad that they didn't do it, because they never knew what they were supposed to do.
Also think about that. as your organization grows, your processes and procedures will change, though. So are you looking at those frequently? Are you reviewing them to say, Okay, this is something we need to change. The other thing about the reports and your financial processes, you need to think about the actual, it's not just good about the theory, you have to think about what are we actually going to do?
So what are the mechanisms in reality? So from the very beginning, our accounting system, everyone has their own login. That way, if something were to happen, we can tell which login did it. Okay, great.
Now, people did a thing. Their work is reviewed by who? Correct? Someone reviewed the work after their work was reviewed. It went to the board treasurer, they reviewed the financials, they go over it with the bookkeeper, the executive director, what does that look like? And then also think about the other side of, hey, if it happens, what's going to be the process?
So thinking about if we're notified if someone says they think this might have happened, what are we going to do? Because it's not enough to just say, we have these controls in place, you also have to think about, if something happens, what will we do? So if someone says they think a thing happened, so someone thinks someone stole money? What's investigation look like? If the investigation uncovers that fraud did occur, are you firing the person, are you pressing charges?
You want to think this out before it happens, because you don't want emotions to be the driving factor. You don't want to assume this will never happen, because it can. So you want to say if this were to happen, what do we have in place to catch it? We have these logins we have this review process we have the board we have, but I'm gonna say we have the audit because the audit is not meant to detect fraud. It is meant to say are your reports accurate? Those two are not the same.
And so just think about that this week, as you think about your organization or what controls do we have who's to stop anything from happening? What are our individual laws, our rules within the organization that say this thing could happen. This thing would prevent fraud from occurring. So think about your prevention mechanisms, and then think about, okay, if it does happen, how would we catch it? How would we stop it? What would we do next? All right, so next time, this is Chyla Graham, and you're listening to The Nonprofit Ace Podcast.
Sign-up for Six Week Course: Impact Basics