Page 289 - Washington Nonprofit Handbook 2018 Edition
P. 289

•      Is the importance of the control activity properly communicated? It is
                              critical for leadership of the organization to set the tone and create a
                              culture of integrity.


                       •      Are  the  results  of  monitoring  activities  connected  with  the  risk
                              assessment  process  (i.e.  the  feedback  loop)?    To  be  effective,
                              evaluations must be conducted and reviewed by staff and Board.

                       •      External  auditors  cannot  be  part  of  your  internal  control  structure.
                              External auditors are a check and balance of the internal workings of
                              the  organization,  and  should  not  be  part  of  the  internal  control
                              structure.


                       5.     Control Activities: Control  activities  are  the  actions  established that
               mitigate risk.  Control activities are performed at all levels of the entity, at various
               stages  within  business  processes,  and  incorporated  through  the  organization’s
               technology.    The  activities  may  be  preventative  or  detective  in  nature  and  may
               encompass a range of manual and automated activities such as authorizations and
               approvals,  verifications,  reconciliations,  and  business  performance  reviews.
               Segregation of duties is one of the key concepts that will be included in developing
               the control activities, and is discussed below.


                       e.     What is Segregation of Duties?

                       A  key  to  the  internal  control  activities  is  the  segregation  of  duties.
               Segregation of duties is the concept of having more than  one  person involved in
               completing a task in order to prevent fraud and error.


                       When  creating  internal  controls  that  segregate  duties,  consider  who  has
               access  to  financial  systems,  where  they  are  in  the  system  and  when  they  have
               access.  Key areas of access can include:  bank account access, organizational credit
               cards, blank check stock, cash/checks received, accounting system, donor database,
               payroll  system,  and  approval  authority.    In  each  of  these  areas,  create  internal
               controls where more than one person has to be involved to have access to these
               areas or conduct financial tasks.


                       Examples of duties to segregate to the extent possible:

                       •      Inflows (Contributions, Revenue, Receipts)


                              y      Authorizing/approving bills







               WASHINGTON NONPROFIT HANDBOOK                -278-                                       2018
   284   285   286   287   288   289   290   291   292   293   294