Strict internal controls relating to expense claims, cash donations, online banking and financial transactions can go some way to preventing fraud. Mahmood Reza shares his expertise.
There should be a culture of control embedded in the strategic and operational affairs of an organisation. Senior management and trustees create this culture and should lead by example in adhering to the organisation’s internal financial controls and good practice. The trustees should make sure that an annual review is conducted into the effectiveness of internal financial controls, to include an assessment of whether the controls are relevant and appropriate and not too onerous or disproportionate.
Division of duties
An important principle of internal control is the division of duties to prevent any one individual from authorising, recording and processing a complete transaction. For example, if one person receives the cash for ticket sales, records it in the cashbook, pays it into the bank and prepares the bank reconciliation, it would be difficult for others to detect any false record-keeping.
An important principle of internal control is the division of duties to prevent any one individual from authorising, recording and processing a complete transaction
An appropriate and responsible person should give advanced authorisation or approval for all transactions. Expense claims are a common area of weakness, and reimbursements should never be made without receipts, which should be authorised separately.
There may be resource constraints that can make it difficult for smaller organisations to achieve a segregation of duties all the time. However, trustees or management can take action to compensate for these difficulties by reviewing reports of transactions or carrying out checks on internal controls independently of the person who normally undertakes the work.
To maintain security over electronic bank accounts, basic precautions include retaining the printouts of statements and keeping all computers with access to the online banking facilities secure. Computers should have up-to-date anti-virus, spyware and firewall software, and passwords should be periodically changed, especially following changes in authorised staff and trustees.
Records of all payments should be checked periodically against cheque stubs, credit card statements or bank statements as part of the bank reconciliation process.
Monitoring purchases and budgets
Where debit and credit cards are in use, a clear policy should be set including criteria for their use, spending limits and security. Consider the need to place restrictions on the types of retailers where the cards may be used, such as blocking their use in bars and restaurants or on certain websites.
Controls ensure that payments are made only for the goods and services actually received and at the agreed prices. They include establishing authority levels for placing orders and approving payments that are clear and preferably documented, ensuring that orders are within an agreed spending plan or budget, and that invoices received are checked against orders confirming the price paid and the receipt of the goods or services ordered.
Reporting on finances and reviews against budget should be a normal part of management meetings. Take all such management decisions collectively and note significant decisions and action points in writing.
Communicate such information in a way that enables people to carry out their responsibilities and take appropriate actions. However, the financial information provided should always be understandable, accurate and timely. Provide information regularly to ensure that trustees and senior management can carry out their monitoring role.
The financial information provided at board meetings should include details of the organisation’s financial position and performance. It will typically include the latest management accounts, a comparison of budget to actual figures, an explanation for variances between forecasts and what actually happened, details of cash flow and closing bank balances.
Donations and fundraising events
Risks will arise where an organisation receives donations from the public by post. Whenever practical, the post should be opened by two unrelated individuals. Where this is not practical, then an organisation should consider other controls such as comparing donations with past periods or receipts from previous appeals.
In the case of collection boxes, such activities must be undertaken in accordance with the various statutory regulations that cover public collections. For example, licensing arrangements must be made in advance with the appropriate local authority. Collection boxes should be individually numbered and sealed before use so that it is apparent if they have been opened. Record their issue and return, and bank the cash as soon as possible without deducting expenses.
Maintain records for each fundraising event in sufficient detail to identify gross receipts or takings and costs incurred. For all events where there is ticket income or gate money, pre-number the tickets, keep a record of all persons who have been issued with tickets to sell, and allocate the ticket numbers to each person. Collect all money from sold and unsold tickets and make a reconciliation of receipts against tickets sold.
An expense policy should clarify whether the organisation pays expenses for travel, hotel, conference, business, training and out-of-pocket expenses, and, if so, on what terms: whether staff travel is restricted to economy or second class or hotel costs are subject to a maximum level per night. The policy should also clarify any fixed payments and any cap on total payments.
Expense claims should contain a self-declaration that they are accurate and incurred in connection with the business of the organisation. Make any reimbursement by cheque or BACS transfer and pay any mileage rate for motor travel at the approved HMRC rates. (Payments made above the approved HMRC mileage rates trigger a tax or national insurance liability.)
These suggestions and recommendations may appear quite burdensome and onerous, but my experience is that an accounting and financial management system that is well-designed and operated online is more likely to prevent fraud – for small and large organisations alike.
Mahmood Reza is Owner and Manager of Pro Active Resolutions and Knowledge Grab.
This article, sponsored and contributed by Pro Active Resolutions, is part of a series sharing insights into accountancy issues in the arts.