An internal control policy is a system of clear rules, procedures, and actions that help safeguard your nonprofit organization and prevent fraud. Whether you’re managing a large organization or a very small one, it’s important to have a written manual that describes your internal control policies.
A well-written internal control policy manual will help clarify each individual’s role, responsibilities, and authority over financial transactions. Especially during times of transition, such as staffing changes or organizational growth, this policy will help guide your team and spell out specific authority levels and restrictions.
Be sure that all of your staff have easy access to your internal control manual, and keep this policy updated whenever new roles or positions are created.
An example of a simple internal control policy is shown below. You can customize this with more detail regarding roles/positions, accounts, payment methods, and data storage. For example, if you use a third-party bill payment system, discuss who has access to that system and what permissions they may have. You may also want to include other topics, such as gift acceptance policies, asset protection, payroll, or other policies that might apply to your specific organization.
No single person should have control over all parts of a transaction. Segregating these duties helps to reduce the organization’s risk of fraud and prevent errors or mistakes.
The organization’s financial accounts should be reconciled on a regular basis to ensure that all transactions are properly approved, recorded, coded, and documented. Any errors or discrepancies should be researched and addressed in a timely manner.
Proper authorization and approval must be obtained before a transaction is processed.
Documentation should be provided to provide clear evidence or support of each transaction.