Nonprofits need simple, effective internal controls—segregation of duties, approval limits, vendor verification, regular reconciliations, and documented policies—to reduce theft and errors. Implement a small set of repeatable controls and run random spot checks.

🎧On the go? Listen on The Deep Dive — where we dig deeper into this topic: ‘Nonprofit Fraud Protection_ Essential Lightweight Controls and the Segregation of Duties Playbook’. Listen or download.

Why this matters

Nonprofits are trusted stewards of donor funds. Weak controls increase the risk of fraud, accidental misstatements, and grant compliance issues. Even small organizations can adopt lightweight controls that drastically reduce risk without adding bureaucracy.

Real-world story

A community arts nonprofit discovered a long-running pattern of diverted vendor payments after an anonymous tip. The root cause: one staff member handled vendor setup, invoicing approval, and payments. After implementing segregation of duties, third-party vendor validation, and monthly random spot checks, the organization identified the discrepant payments, recovered funds where possible, and restored donor confidence.

Core controls to implement (practical)

Step-by-step rollout plan

  1. Map current processes: document who does purchasing, vendor setup, approvals, payments, and reconciliations.
  2. Identify single-person controls and apply segregation or compensating controls (dual approvals, supervisor review).
  3. Set approval thresholds and assign approvers in writing.
  4. Implement vendor verification steps and create a vendor master list.
  5. Update policies: expense reimbursement, corporate cards, vendor onboarding.
  6. Train staff and communicate changes, explaining why controls protect the mission.
  7. Schedule periodic spot checks and a quarterly control review with leadership.

Internal controls checklist (CSV copy)

Control,Owner,Frequency,Last Checked,Status/Notes
Segregation of duties review,CFO/Executive Director,Quarterly,,Ensure no single-person full-cycle control
Payment dual-approval,Finance Manager,Per payment over threshold,,Threshold: $1,000
Bank reconciliations,Bookkeeper,Monthly,,Reviewed by Executive Director
Vendor verification,AP Specialist,New vendor + annual review,,W-9 and bank details on file
Credit card reconciliation,Bookkeeper,Monthly,,Receipts required within 14 days
Expense reimbursement checks,Manager,Per reimbursement,,Receipts & approvals required
Random spot checks,Internal Audit/Board Chair,Quarterly,,Document findings

Here’s a ready-to-use CSV you can open in Google Sheets or Excel.

Download the CSV — NonProfit Internal Controls Checklist

Red flags & warning signs

Investigation & response — quick guide

If you detect potential fraud: preserve records, restrict access to systems/accounts, involve legal counsel as appropriate, notify the board/audit committee, and engage an accountant to quantify misstatements. Be careful with internal communications to avoid tipping off suspects before evidence is secured.

Tools & templates that help

Sample policy language (short)

Vendor onboarding: New vendors must submit a W-9 and be verified by the AP Specialist. No vendor will be added without secondary approval from the Finance Manager. All vendor bank changes require notarized documentation and a callback to the vendor’s known contact number.

Payment approvals: All payments over $1,000 require dual approval from the Finance Manager and Executive Director. The Finance Manager may set electronic payment limits and require board approval for payments over $10,000.

Next steps / CTA

1. Paste the CSV checklist into a spreadsheet and run a segregation review this quarter.
2. Update your vendor onboarding and payment policies to include verification and dual approvals.

Fraud grows in the cracks of weak processes. We helped a small arts nonprofit detect and recover diverted payments by splitting responsibilities and verifying vendors. Donors reward strong controls; auditors penalize weak ones. Want to fortify your organization? Contact Giesler-Tran Bookkeeping and we’ll help you lock fraud down.

Giesler-Tran Bookkeeping • gieslertranbookkeeping.com • 971-200-5158

Leave a Reply

Your email address will not be published. Required fields are marked *