Internal Controls: What Are They and Why Is It Important for Nonprofits to Establish and Maintain Them?

Unfortunately, many nonprofit organizations fall victim to incidences involving internal financial fraud. In fact, between January 2018 and September 2019, employees at 191 nonprofits were found to be skimming money from organizations, amounting to nearly $75,000, according to the 2020 Global Study on Occupational Fraud and Abuse, from the Association of Certified Fraud Examiners (ACFE).

But why is “so much bad” happening to organizations that do so much good? Because, unlike their for-profit counterparts, many nonprofits have few internal fraud prevention resources. In fact, according to the ACFE study, more than one-third of nonprofits said they had no internal controls in place. Unfortunately, when fraud does occur, it robs an organization of much-needed financial resources and can also cause irreparable damage to its reputation with donors. The good news is that a nonprofit can better safeguard itself from this type of fraud by establishing and maintaining proper internal controls.

Internal controls defined

Internal controls are financial management practices used to prevent misuse and misappropriation of assets. They are physical written policies that outline the internal controls and procedures that the organization follows to help prevent fraud and include who is responsible for specific tasks. According to the National Council of Nonprofits, the goal of internal controls is to create business practices that serve as checks and balances on staff (and sometimes board members) and/or outside vendors, in order to reduce the risk of misappropriation of funds/assets.

When designing and implementing an internal control policy, most experts agree that it’s critical to include:

  • A separation of duties, authorizations, documentation and audits. This can include assigning different people the responsibilities of authorizing transactions, recording transactions and maintaining custody of the related asset. For example, a sound strategy includes assigning one person to prepare and make bank deposits; one person to prepare payroll and distribute paychecks; one person to be responsible for cutting checks to vendors; and yet another to perform month-end reconciliations, etc.
  • Maintaining strict documentation records. By establishing a documentation protocol, the organization provides evidence of every transaction and establishes the accountability for the execution and recording of the transaction.
  • Authorization for certain transactions. This includes implementing a specific approval process for the payment of all vendor invoices; establishing a protocol that outlines the process for approving and reimbursing employees for expenditures; and including a requirement that there must be two signatures on all organizational checks.
  • An audit process. Once a program has been established to separate duties, document records and set in motion a payment approval process, random internal audits should be scheduled and performed periodically as an additional measure to prevent fraud.

While most of your nonprofit clients may have some sort of internal controls in place to help prevent fraud, they may need help reviewing their controls and seeing what makes the best sense for them. As their insurance professional, it’s important that you understand what your nonprofit clients are up against and to offer the right insurance coverage to help mitigate the risks.

At Charity First, we’re passionate about providing innovative products, services, support and resources to meet the ongoing needs of your nonprofit clients. For more information, please contact us at 800-352-2761 or by emailing