Strengthening internal controls of foundations and NGOs
SUITS THE C-SUITE By Carlo A. Galindo
First Published in Business World (07/21/2014)
STRENGTHENING the internal controls of foundations and not-for-profit organizations is sometimes left on the back burner because management and board trustees are more focused on handling the general operations of these entities.
They are more concerned with seeing the bigger picture and steering the entity towards accomplishing its overall objectives that sometimes, review of internal controls is at the bottom of their list.
Internal controls, however, play an integral part in ensuring the achievement of the entity’s objectives, specifically the efficient and effective conduct of business, integrity of financial information, safeguarding of assets and compliance with laws and regulations.
Foundations and not-for-profit organizations are typically small- to medium-sized entities with fewer people involved in operations. This means that segregation of duties might not be implemented effectively.
Moreover, with transactions being mostly cash-based, there is a higher risk of asset misappropriation.
Improving controls of foundations and not-for-profit organizations is similar to control implementation for other companies with different departments and divisions.
It is just a matter of customizing the controls that will best suit the size and activities of the entity. The small size of an entity can be used by management to its advantage since they will be able to exercise more supervisory controls as compared to a more complex organization. These supervisory control procedures can help address the absence of segregation of duties. Management should implement procedures that operate at the financial statement or transaction level to ensure proper safeguarding of assets. Key procedures that management may consider are the following:
• Proper delegation of authority. Formalized delegation of authority will ensure that transactions will be approved by the appropriate level of management. This will address the limited segregation of duties within the entity since it will properly map out the officers’ obligations and responsibilities and serve as the check and balance within the organization.
• Periodic analysis of key financial measures and performance. Key financial measures should be reviewed periodically to identify unusual items (i.e., income and expenses outside normal operations, irregular purchases or significant deviations from budget) and to investigate them in a timely manner. Also, financial reviews should not only focus on the entity as a whole, but should be done for every project or activity.
• Proper accreditation of suppliers and third-party service providers. One of the key controls that can be performed by the organization is to implement proper supplier accreditation processes. This practice will limit the risk that the entity’s personnel will transact with fictitious suppliers or suppliers that do not meet the entity’s requirements.
• Awareness of employees’ lifestyle and compensation. Frequent interaction by management with staff will not only build bonds within the organization, but will also help management spot red flags such as unexplained affluence of employees or employees in dire financial situation. These red flags may possibly lead to asset misappropriation by employees within the entity.
• Thorough review of documentation. One procedure that is often overlooked is the thorough review of any documentation prepared by staff or subordinates. Sometimes, the reviewer places significant trust in his or her staff and does not thoroughly check the documents — instead just signing these off as reviewed. Doing this runs the risk that unauthorized transactions will be approved, leading to asset misappropriation.
• Formal policies and procedures. As mentioned previously, management should establish procedures that operate at the financial statement or transaction level to ensure the proper safeguarding of assets. Receipt of cash and in-kind donations or dues should have an established process of acceptance and recording. Persons accepting donations or membership dues should not be allowed to record the same. This control, however, will not be effective if there are no documents to support the transaction since it will be difficult to validate the source and recipient of said donations or dues. It is, therefore, important to ensure that all transactions are properly documented. The same holds true for disbursements made either through checks or petty cash funds. The approval, custody and recording of disbursements should not be assigned to one and the same person.
One issue that may also arise would be the proper alignment of actual expenses incurred by the entity with the primary purpose of the organization. In order to address the issue, the organization should formalize what are considered as valid expenses related to meeting its primary objective, as opposed to other non-direct, administrative expenses. The disbursements will be classified and documented for proper approval by management. This way, the approver will have a better understanding of the purpose of the disbursement and be able to verify if such a transaction is within the primary purpose of the organization.
• Strong oversight of the board trustees. Within the limited resources in most foundations and not-for-profit organizations, it is important that the board of trustees exercise strong oversight role over management to strengthen further the control environment. The effectivity of controls lies on the entity’s leaders and continued monitoring of its policies and procedures. Connivance between employees can render certain controls to be ineffective. It is, therefore, important that the Board of Trustees is vigilant in the implementation of these controls to ensure that the objectives of the entity are being met.
Carlo A. Galindo is a Senior Director of SGV & Co.
This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co.