A primary responsibility of nonprofit directors and officers is to ensure that their organization is accountable for its programs and finances to contributors, its members, the general public and government regulators.
During the annual audit process, the auditor is required to issue a letter to officers and directors regarding its internal controls. The letter is known as the “management letter.” This letter includes items of concern, found by the auditors, which probably need attention by the organization’s management team.
Normally when these items are brought to management’s attention, it means there are “deficiencies” or “weaknesses” in the controls of the organization. Internal controls are systems of policies and procedures that protect the assets of an organization, create reliable financial reporting, promote compliance with laws and regulations, and achieve effective and efficient operations. These items might have an impact on the future of the organization, such as receiving or losing grants or donations, avoiding penalties, or even as severe as misappropriation of the organization’s assets.
It is very important for nonprofit executives to understand and design controls that avoid having these kinds of issues show up in a management letter. Strong controls will help preserve your organization and its purpose.
Organizations have different policies and procedures that are designed to meet their unique needs. However, the fundamental approach to maintaining and establishing policies and procedures is the same for all organizations. Common weaknesses in internal controls of nonprofits appear in many organizations, regardless of size.
Following is a list of a few common management letter comments related to internal control, and how to avoid them.
The classification of revenue is one of the most common management letter comments, perhaps because classification and recognition of revenue is one of the most challenging aspects of nonprofit accounting.
How to avoid it — Establish an understanding with the grantor or donor, and clearly communicate to all employees the requirements for properly classifying and recognizing revenue. It is very important that this communication be documented in a written format so everyone can refer to it going forward.
In many organizations, federal funds or other granting sources are a valuable source of revenue. The grants may impose very specific and stringent operational or reporting requirements, which can cause complications and misunderstanding between the organization and the grantor.
How to avoid it — Many nonprofits properly file and request reimbursements in a timely manner, but not necessarily accurately, according to the requirements of the grant.
To ensure that these reports are being filed properly, nonprofits should practice extreme care in preparing these reports, ensure all support is adequate and attached to the report, and have management review the reports before filing them. You should document in your organization’s policies and procedures a report review process that should occur before filing. This should help prevent any filing errors and ensure all filing requirements have been met.
Many nonprofit organizations maintain and operate in a small environment. This might make it challenging to segregate critical duties. Establishing proper segregation of duties is the most important factor in developing strong internal controls within an organization.
How to avoid it — One recommendation is to involve the board in monitoring and approving cash disbursements, reviewing bank reconciliations, approving revenue classifications and any other important process that is relevant to your organization. By involving the board it will give your organization strong governance over the internal controls of your organization.
From an auditor’s perspective, the number one way to establish that your controls are being properly implemented is to maintain adequate documentation of all transactions, including proper signoffs on any review or control processes.
It is also important to review your policies and procedures on an annual basis with all parties involved in the process, including the board of directors. Employees who put these policies and procedures into practice should also be involved in this annual review to reinforce their understanding of the rules. This should help prevent miscommunication and misunderstanding, and ensure that important policies and procedures are followed.
Following these fundamental recommendations and recognizing the importance of strong internal controls will help you safeguard your organization. It will also potentially eliminate any further management letter comments by your auditor.
Contact our Nonprofit Group here or call 800.899.4623.
This post was originally published in March 2014 and has been updated for accuracy and comprehensiveness.