Blog Details

Strengthen Trust: Ten Simple Actions Non-Profit Organizations Can Take to Improve Internal Controls

June 25, 2024

By Robert Seestadt


Strong internal controls are critical for non-profit organizations to prevent fraud and ensure stakeholder trust. Most internal controls are reliant on good “segregation of duties”, separating the authorization, access, and recording functions to different individuals in the organization.

For example, the tasks of recording information (such as posting journal entries or entering invoices), and authorizing payments should be separated. Also, different individuals should be responsible for requesting, versus approving expenses and for maintaining accounting records.

Additionally, limiting access to bank accounts, accounting software and key assets is fundamental for optimal internal controls.

With new ways of working and rapid digital transformation across organizations and their approach to risk management, we are recommending 10 ways non-profits can improve internal controls to mitigate the risk of fraud:

1. Authorization and Tasks Matrix: Implementing a segregation of duties matrix for authorizations and tasks goes a long way in clearly delineating accounting functions, reducing the risk of misappropriation and financial records falsification. This matrix visually represents the assigned duties within the organization, making it easier to identify potential risk areas. The primary objective is to ensure transparency, integrity, and accountability by preventing any single individual from having unchecked control over critical organizational processes or systems.

TASK Person A  Person B Person C  Person D
Verify and prepare invoices No SOD conflict 
Approve payment  No SOD Conflict 
Issue payment  No SOD Conflict 
Record entry in books No SOD Conflict 
Image: A simple matrix template 

In the matrix above, black boxes indicate tasks are being performed as assigned. For instance, Person A correctly verifies and prepares invoices in the accounting system, adhering strictly to their designated role. For instance, if Person C is authorized to issue payments, they should not be approving payments or overseeing others’ tasks.

For effective internal controls, non-profits should maintain dynamic authorization and task matrices, regularly updating them to align with evolving structures, processes, resources, and regulatory requirements.

2. Periodic Spot Checks: Periodic spot checks on banking activities by someone outside the accounting function are another way to keep financial statements error-free and detailed. The leadership must regularly probe expenses, disbursements, fundraising income, and other monetary transactions. To ensure the integrity of journal and ledger entries, internal audits can also be conducted by inviting third parties to assess the records.

3. Controlled Data Access: Non-profit organizations need stringent controls to manage employees and third-party access to data, ensuring compliance with security and privacy regulations. Only authorized individuals should be allowed to retrieve information from the organization’s data repositories with data access rights clearly defined in a centralized system. In addition, organizations can implement data-centric access controls, ensuring third-parties cannot retrieve sensitive information without using specific, secure applications.

4. Vendor Reviews: Non-profits should generate and review an annual report of all vendors paid to identify any unusual patterns or names. This report should be generated directly from the banking platform to ensure accuracy and avoid manipulation. Reviewing vendor payments can help uncover duplicate disbursements, payments to unapproved vendors, and unusually high payments that may require further investigation. Additionally, having a formalized process to add vendors to payment platforms, including a “new vendor packet” of required information such as W-9, insurance, and conflict of interest disclosures can help greatly.

5. Whistleblower Hotline: Establishing and promoting a whistleblower hotline encourages employees to report fraud, suspicious activities, and other concerns without fear of retaliation. Such measures help detect unethical behavior that goes unchecked through standard internal controls, providing an additional layer of protection to prevent fund misuse. All employees should be informed about the hotline and understand how to use it responsibly for the organization’s benefit.

6. Budget Variance Analysis: Regular analysis of actual versus budgeted financial results helps identify outliers that may indicate issues or errors. Although a budget variance may also occur due to macroeconomic factors and vendor price changes, unusual changes should be scrutinized to determine their exact cause. This practice allows non-profits to uncover human error and stay on top of potential employee fraud while improving budgeting and financial planning practices.

7. Encouraging Open Discussions: To foster a culture of accountability and transparency, directors and board members should actively engage with the accounting team on information contained in any financial documents. Governing bodies should feel free to question any anomalies to understand the organization’s financial health. Open dialogues between directors and employees help ensure that organizations follow sound financial practices and address concerns before they snowball into a financial crisis.

8. Setting the Right Tone at the Top: The leadership of any organization plays a vital role in setting a tone of ethics and transparency across the organization. They should demonstrate their commitment, through word and deed, to integrity and prioritize financial responsibility, setting high standards for themselves and others. Supervisors build a culture that discourages fraudulent activities when they lead by example. Additionally, ensuring the Organization is in compliance with financial policies and procedures, laws and regulations, grant agreements and donor wishes will strengthen this ethical framework across the organization.

9. Conflict of Interest Disclosure: Board members and key persons should sign a conflict-of-interest disclosure annually to prevent situations from compromising an organization’s integrity. A conflict of interest arises when an individual stands to personally gain or lose financially from a decision made by them. The disclosure should clearly explain its purpose and describe actual and perceived conflicts. The practice keeps board members aware of potential conflicts that could lead to fraud, and provide guidance on measures to avoid them.

10. Auditor Due Diligence:Conducting an annual review of external auditors’ performance and periodically rotating audit firms l can enhance the objectivity and quality of financial audits. The rotation of auditors every few years brings fresh perspectives to audits, increasing the likelihood of accuracy in examining financial records, identifying the issues that need attention, and reducing the risk of complacency.

Maintaining Consistent Internal Controls for Non-Profits

Regardless of the size of their operations and funding, non-profit organizations, like businesses, face risks in their financial transactions. They utilize government funds and private donations to fulfill their mission, which makes them accountable to multiple stakeholders. To manage their risks, it is imperative that non-profits implement and consistently review internal controls, some of which are outlined in this article. While no internal control system can prevent all risk, the is intended to be a step in the right direction for non-profit organizations.

We understand that some of the suggestions outlined above, like establishing strong segregation of duties can be difficult, especially for smaller non-profit organizations. This is where outside firms that specialize in accounting and financial management (such as Quatrro Business Support Services) can be helpful. As a holistic back-office solutions firm, we help non-profit groups focus on their mission by giving them simplified process controls for their back-office functions to optimize user access, data security, administrative risk prevention, and compliance adherence.

To learn how Quatrro BSS can empower your non-profit organization with simplified process controls and enhanced internal controls, reach out to us at

Robert Seestadt
Written by

Robert (Bob) Seestadt is Vice President in the NFP Accounting vertical at Quatrro Business Support Services. Specializing in budgeting, strategy, accounting, and financial analysis, Bob provides strategic leadership and financial oversight to his non-profit clients. He ensures compliance and client satisfaction while personally serving in the role of CFO for several clients.

Average rating 0 / 5. Votes: 0

No votes so far! Be the first to rate this post.

Contact Us