Any organisation which has money coming in and going out will have some form of internal controls. These are basically the rules or procedures that let everyone know what should happen - who can do what, when and how. The most obvious example is the mandate for operating the Bank Accounts. You want rules or controls, which are tight, but not too tight so as to be unworkable.
The general aim is to minimise the risk of mistakes or fraud. Fortunately deliberate fraud is rare. Unintended mistakes are far more common and can lead to serious problems. Obviously if there are mistakes, money can be lost (an invoice not being sent). More concerning is when questions are raised or accusations made which cannot be explained because the records are not there. Basically, you need to ensure that all income due is received, banked and recorded; and that all expenditure is properly authorised and recorded.
Directors or Trustees have a legal duty to safeguard the assets of the Organisation and make sure that the assets are used to achieve the organisation's objectives. If things go wrong, any investigation from the Charity Commission or Companies House would focus on the internal controls operating within the organisation. Potential Funders and supporters will have more confidence if you can show that you have good controls. Obviously, if things go wrong, Funders may be wary of giving you support in the future. You will never have a system, which completely removes the need for trust. Having good clear controls is not saying you do not trust each other, it is common sense.
Many organisations never write the rules down. They rely on 'tradition'. This is fine if everyone gets on with each other all the time, nobody ever makes mistakes and everyone stays around for years. It is common sense to agree the rules at Management level and write the rules down.
Of course, writing them down is not enough. You need to make sure they are being followed. Also, sometimes rules need to be broken. If this happens, the Management should be informed and the rules reviewed to see if they are appropriate.
Key Areas for Internal Controls
The following list, while not comprehensive, covers the main areas where any organisation needs to think about Internal Controls.
* Budgets - The Budget is the cornerstone of the system of controls. It is the main way in which the responsibility for finance rests with the whole Management.
* The Bank Mandate - The rules on cheque signatories and their authority are crucial.
* Authorisation of Expenditure - Who can decide whether to spend money?
* Salaries - Serious problems can arise from the lack of policies and procedures for salaries. Who calculates them, who checks them, how are decisions on changes to salaries made and implemented?
* Petty Cash - Although the amounts are usually small, this is a major area for problems. Again who keeps the tin, who reconciles the petty cash records to the actual cash held, who files the receipts etc.?
* Cash Income - If your organisation receives a lot of income in the form of cash, there are particular problems which can arise. Who counts it, who banks it, who records it?
* Bank Reconciliations- making sure that your records agree with the Bank is essential. You need to agree the timing (usually every month) and process.
* Management Reports - What information goes back to the Committee - too much or too little.
* Audits and Independent Examination - Although probably an external issue, the choice of Examiner is yours and is vital. You need to be aware of the limitations of an audit or independent examination.
* The Filing System - A clear system will help considerably.
* Computers - A big risk is that a computerised report looks good but it could be complete rubbish! Many problems also arise because a an organisation relies too much on the one person who knows how to use the computer.
* Confidentiality - Are you clear as to what financial information should remain confidential?
* Insurances - What system do you have in place to make sure your insurance cover is adequately maintained?
* Who Does What - Any system which relies too heavily on one person is not good. Obviously, in smaller organisations there may be little choice, but wherever possible you should involve a number of people in the finances