When it comes to maintaining a proper accounting environment and having effective internal controls, not-for-profits (NFP) have essentially the same requirement as commercial organizations do. Having both are critical to capturing accounting data to provide for proper financial reporting, decision making, third party requirements, etc. However, in the increasingly competitive landscape of charitable organizations, smaller NFPs face some unique constraints that can significantly impact the internal control environment.
These can include:
While larger NFPs may have an increased level of sophistication that reduces these constraints, smaller NFPs tend to encounter significant internal control problems which create additional risks for their accounting and financial reporting. This article focuses on those smaller NFP organizations.
The need for proper accounting and financial reporting
A significant reason that NFPs are unique is that their financial statements and Form 990s are often reviewed by third parties such as funding sources, potential donors, and Federal/State Agencies. It is common for NFPs seeking grants to submit audited financial statements to funding sources. These funding sources want to have a level of confidence that their grants are going to be properly used and administered, so it is crucial to have effective accounting systems and internal controls in place to allow for a successful audit.
Similarly, many potential donors review the Form 990 as part of their decision making process. The Form 990 tells the story of the NFP in both quantitative and qualitative terms. These donors look at key metrics and amounts such as total revenues, functional expenses, officer/director salaries, etc. As with an audit, having the proper systems and controls in place helps ensure that the NFP is reporting the Form 990 correctly.
NFPs may also receive Federal/State awards that are subject to additional compliance requirements and potentially a Single Audit in accordance with Uniform Guidance rules. It is also not uncommon for the Federal/State agencies to perform regular reviews of the NFP’s administration of the awards. If the NFP is unable to administer the award requirements properly, they risk consequences such as lost funding or having to repay past award proceeds.
Entity level and activity level controls
Internal controls are generally grouped into two categories – entity level and activity level.
Entity level controls can be thought of as higher level and include board or management involvement. Examples include:
Activity level controls are more specific in nature and are usually found at the detail level and involve individuals directly responsible for various types of transactions. Examples include:
The constant challenge that smaller NFPs face is how to design and implement internal controls with the limited staffing and budget constraints that are often present. One of the key elements of any internal control environment is segregation of duties. Any time you can have more than one person involved in processing transactions, the risk of errors or fraud is reduced. However, it isn’t uncommon for smaller NFPs to have only 1 or 2 people involved in all of the accounting functions.
In light of the constraints mentioned above, smaller NFPs often make sacrifices to the internal control environment that can have a negative impact on the accounting and financial reporting. These choices may be unavoidable – if the accounting functions are performed by only one person, how can there be a segregation of duties over cash receipts and disbursements? Likewise, if the board doesn’t have any members that have experience in NFP accounting and reporting, how can there be an effective review of monthly financial statements?
Finding the right internal control balance
The most effective internal control environments include both entity and activity level controls. To determine the best balance and type of internal controls to implement, NFPs need to assess several factors such as:
Larger NFPs often have the ability to implement more activity level controls because of larger accounting staffs, greater expertise, etc. However, smaller NFPs are often faced with limited resources and/or a lack of expertise, so they need to rely on greater entity level controls to mitigate risks.
In practice there is no single best solution to finding the right balance of internal controls to implement, so performing this assessment will help ensure that the NFP has the best available information to design and implement the most efficient and cost effective internal controls.
Examples of common control deficiencies in smaller NFPs
Through our experience with NFPs of varying sizes and types we have identified some areas where internal control deficiencies are common and made recommendations on how to strengthen the internal controls. For example, if you are limited with segregation of duties for the following areas, adding entity level controls will help mitigate risks.
While these issues may be common to smaller NFPs, this is not a comprehensive list. Each NFP should assess their risks and options for activity level and entity level controls. Establishing and maintaining effective internal controls will always be a challenge for smaller NFPs and require constant monitoring to ensure they are operating effectively. UHY’s team of NFP professionals has the experience to work with you and help you assess your internal controls and identify areas for improvement.
Wednesday, April 24, 2019 | 7:30 AM – 9:30 AM EDT | The Hartford Club