The National Council of Nonprofits, neatly defines "internal controls" as:
"Financial management practices that are systematically used to prevent misuse and misappropriation of assets, such as occur through theft or embezzlement." -
Further, it offers that:
"Internal controls are generally described in written policies that describe the procedures that the nonprofit will follow, as well as who is responsible. The goal of internal controls is to create business practices that serve as 'checks and balances'....in order to reduce [risk]."
Several additional sources offer useful and timely information on internal controls:
- Nonprofit Accounting Basics provides an excellent review of numerous examples of implementing internal controls within common accounting functions.
- Blue Avocado makes internal controls easy for the very small nonprofit.
Even with all these resources available on good internal financial management practices, development and implementation can still be challenging. Caught up in the business of the nonprofit, managers may struggle to carve out the time necessary to determine appropriate internal controls for their organization. Or, staff may resist the extra time sometimes necessary to follow a new procedure.
Yet, internal controls are critical. 501 Consultants has helped more than one nonprofit close its doors, after decades of operation, because unethical executive directors took advantage of the lack of internal controls and set the organizations on a path to ruin.
Consistency is key. Managers should make it a habit to annually review internal controls, and ensure they exist as written procedures. Boards should insist on annual internal control check-ins. Once a procedure is identified as a control, it must be regularly practiced to reduce risk. If everyone impacted understands the need for the procedure, consistency is easier. Ultimately, it is useful to remind employees that controls aren't only in place to protect the organization, but also to protect the individual.