Summer typically means time to enjoy activities like family vacations, beach trips, and backyard barbecues. However, for some people in the nonprofit accounting world, summer also means the closing out of the old fiscal year and preparing budgets for the upcoming fiscal year. Between the juggling of making year-end journal entries, getting prepared for the year-end audit, and preparing information for the tax return, we sometimes forget to take a step back and analyze how the year went and determine whether any operational changes would benefit the upcoming year. This would also be an ideal opportunity to review the organization’s written policies and procedures.
While it is well known that written policies and procedures are key to an organization’s continued success, surprisingly, some organizations have not even taken the first steps to establish such basic tools of operation. For those organizations with policies and procedures in place, failure to regularly review them could render them out of date and irrelevant for the current organizational structure. There are those who believe that for smaller organizations, the benefits of developing and maintaining policies and procedures do not justify the costs and time involved. Others have argued that nonprofit organizations are already strapped for resources and updating written policies and procedures would take up valuable resources that could be focused on fulfilling the organization’s mission and goals.
In the long run, a well-written policies and procedure manual will provide guidance for everyone at the organization. They will provide the communication link between administrative, programmatic, and fund-raising staff so that there is no confusion on how things should be done. It will also provide some continuity in operations and minimize disruptions for new employees, as it provides guidance on how things are done at the organization. Periodic updating of the policies and procedures will help management and the board establish a strong foundation for successfully fulfilling the organization’s mission and goals.
How does an organization determine exactly what policies and procedures should be documented? Every organization will need to assess its organizational structure and operations to determine the key risk areas that need to be addressed. In evaluating those risks, the organization should also make sure it understands its own operational limitations so that policies and procedures are tailored to, and understood, by all employees.
Regardless of the size of the organization, here are some key risk areas in which an organization should invest some time and effort in developing or updating policies and procedures:
Revenue and Support: Contributions are the lifeline of a nonprofit. Therefore, developing policies and procedures to safeguard those contributions is essential. The key in this area is making sure all contributions are properly deposited and recorded in the financial records. Periodic reconciliations between cash receipts, deposits, bank statements, and financial records would help mitigate losses and thefts. If possible, the ideal situation would be to have a different person handling the contributions, performing the reconciliation, and reviewing the bank statements.
Expense Disbursement: Organizations can quickly get into a financial hole if they are not watching where their cash is being spent. Authorization and approval is an essential control to help monitor overall spending. Designating key personnel with knowledge of budgets and operational constraints to review and approve expenditures would minimize any unauthorized cash outlays. Different key personnel can have different dollar threshold authority so that the approval responsibility is not restricted to one person. If credit cards are utilized, make sure employees understand the policies of what can and can not be purchased, as well as the procedures for recovery of any unauthorized purchases. Establishing policies and procedures over disbursements will help minimize fraud and loss as more of the funds are utilized towards the organization’s goals and missions.
Conflict of Interest / Whistleblower: The number one source of uncovering fraud has been with employees informing the appropriate personnel of something they did not think was right. By establishing policies and procedures in this area, you would be promoting transparency and an avenue for employees to voice their suspicions. Just because it was reported does not mean it is true, so there need to be policies and procedures on how reported incidents are investigated and handled. The policies and procedures should also prevent any retaliation on any of the employees involved with the allegations. Employees tend to be vested and loyal to an organization if they feel they have contributed to the organization’s success, and what better way to ensure the organization’s success then by protecting it from fraud and losses?
IT / Cybersecurity: Today’s society makes it almost impossible ignore the internet and social media outlets. Whether it be Facebook, Instagram, or whatever favorite social media you like to use, more and more organizations are using social media to promote themselves or their activities. Organizations are also utilizing smart phone/tablet applications to collect donations at fundraising events. All of these activities are a risk for the organization, as they create portals for fraudsters to gain unauthorized inside access to an organization. Policies and procedures in this area should focus on creating security protocols securing the organization’s information, as well as defining who has access to that information. The policies and procedures should also promote awareness on how employees can help protect the organization, which includes watching for phony emails that are phishing for information or contain viruses that can damage your computer system. The news is constantly full of stories where an organization’s computer systems are hacked and information is stolen. Whether the information is intellectual property, financial data, or private information, the loss can be devastating let alone the bad press that goes along with such incidents.
The bottom line is that no matter the size the organization, developing sensible written policies and procedures is essential for a nonprofit organization. They provide the foundation and guidance for management to execute their daily duties in fulfilling the nonprofit’s goals and missions. Periodically reviewing and updating the policies and procedures will help keep the nonprofit relevant in the constantly changing world environment.
For questions or more information, please contact Tom Huey at email@example.com or toll free at 844.4WINDES.