Low-Cost Steps to Strengthen Internal Controls By Robert M. Barbacane, CPA, CGMA

In small organizations, internal controls are often sacrificed for the sake of delivering quality services.
This is especially true for cost-conscious nonprofit organizations. Ignoring internal controls is risky. In a
recent report, the Association of Certified Fraud Examiners (ACFE) found that organizations with less than
100 employees are more vulnerable to occupational fraud. The median annual fraud loss for nonprofit
organizations was $82,000. This number does not take into consideration the financial repercussions of
a damaged reputation. For nonprofits that depend on the public for support, the occurrence or
allegation of fraud can also severely impact fundraising capabilities.

While there are many ways to manage risk, the Committee of Sponsoring Organizations (COSO) internal
control framework is a popular method because of its ability to be widely adopted. The COSO
framework recognizes that internal controls should be designed with the entity’s unique environment
and risk tolerance in mind. Rather than identifying specific activities, the COSO framework emphasizes
that risk-based, informed decisions work best.

Applying internal controls is a best practice for all organizations, but is particularly important for
nonprofits because donors often assess an organization’s ability to use funds responsibly before
contributing. Adopting the five COSO framework steps below can help protect your organization by
strengthening governance, improving the reliability of financial reporting and deterring fraud.

Setting the tone internally

It is important for the board and leadership team to set a strong tone as internal controls are impacted
by employees and their actions. The ACFE study found that only 6.4 percent of fraud is discovered by
external auditors. A powerful tone will lay the foundation for successful internal controls.

Providing a formal system to report concerns

The ACFE study reports that 29.6 percent of fraud cases are discovered from internal tips. To encourage
employees to report concerns without fear of retaliation, create a formal reporting mechanism.
Incorporate this policy into employee handbooks and new-hire training programs.

Staying aware as to what is happening within the organization

Leaders should be aware of pressures, tensions, conflicts or incentives that could negatively affect the
entity’s financial reporting. For instance, a poorly designed incentive-based compensation structure or
unbalanced workload can put employees under pressure and tempt them to take advantage of control

Focusing on building relationships and open communication

Adopting an open-book management style can simultaneously build relationships and open communication. One way of doing this is by explaining the business rationale behind particular processes. First, identify the observed behavior; then give the employee a chance to offer their perspective. After acknowledging the employee’s point of view, explain the business reason for any changes. This type of transparency can enable employees to make better business decisions

Upholding fairness by enforcing and upholding policies

The following policies can help avoid internal conflicts:
 Have periodic one-on-one discussions with employees about policies.
 Train new employees on what is and is not acceptable use of the organization’s property.
 Check references and perform background checks on employees with access to the
organization’s financial information.
 Review IT system logs.
 Separate duties so that one person does not have complete control of a transaction.
 Separate authorization and record keeping duties.

Management cannot prevent all problems; however, setting the right tone and policies internally will
signify to employees what activities are unacceptable. Contact us today to discuss how we can help you with internal controls.