Navigating the ins and outs of nonprofit finance is overwhelming for many professionals. There’s a lot of responsibility, confusing legalese to decipher, and major consequences if donated funds are mishandled. Fortunately, implementing robust internal controls makes risk management easier and less intimidating.

Financial controls are there to help protect your nonprofit. Understanding these controls enables leadership and staff to fulfill their fiduciary and compliance responsibilities.

In this guide, we’ll explain the basic concept of internal controls and essential policies every nonprofit should establish. We’ll cover:

• What Are Nonprofit Internal Controls?
• Importance of Financial Controls for Nonprofits
• Full Checklist of Financial Controls for Nonprofits
• 18 Essential Nonprofit Internal Financial Controls: Explained
• How to Strengthen Your Nonprofit’s Financial Controls

What Are Nonprofit Internal Controls?

Nonprofit internal controls are the financial policies and procedures an organization puts in place to ensure responsible, ethical, and compliant management of finances. These controls guide all financial activities, from donation acceptance to spending and record keeping, to ensure your organization uses funds properly in accordance with IRS laws and your mission.

Instead of thinking about financial controls as red tape, they’re actually guardrails. Internal controls are designed to help protect your organization, enabling your nonprofit with the structure and confidence to grow its finances and achieve true sustainability.

Importance of Financial Controls for Nonprofits

Setting and maintaining financial controls for your nonprofit is non-negotiable. Without them, you put your organization’s funding, reputation, and 501(c)(3) status at risk. Insufficient controls could open the door for theft or lead to significant financial losses, even with the best intentions.

Fortunately, you can easily manage these risks with the right internal controls. Basic controls help your organization:

• Maintain compliance: As a tax-exempt organization, you must follow strict fundraising, spending, and reporting laws to maintain your status. Financial controls help you build compliant practices into your day-to-day operations and minimize long-term compliance risks.

• Safeguard your finances: Since your nonprofit has recurring expenses and can’t put all donations to use immediately, consider how you can best manage and protect your assets. Whether you’re building up your cash reserves or stewarding legacy gifts, internal controls ensure that your organization’s money is secure and even growing to help fund your mission.

• Build public trust: Donors expect financial transparency, and they need to know that their dollars are in good hands. By establishing sufficient controls, you can prove to existing and potential supporters that your nonprofit knows how to steward its funds.

• Develop sustainable financial practices: You cannot grow your organization’s finances without reliable policies and procedures in place. Establishing the right controls, however, works to support your financial goals and helps you build a foundation for future success.

If you’re just getting started, don’t worry. Start small with our list of essentials, and get the support of nonprofit finance professionals when you need it. Each step will bring you closer to healthy, sustainable financial practices that serve your nonprofit for years to come.

Full Checklist of Financial Controls for Nonprofits

Whether you’re starting from scratch or revisiting your existing policies, this checklist can help to track your progress towards robust financial controls.

18 Essential Nonprofit Internal Financial Controls: Explained

Let’s break down each of the controls included in our checklist in more detail.

1. Segregation of Duties

There’s a reason why we put this at the top of the list for financial controls: no one person should have too much control over your organization’s finances. By segregating financial duties and ensuring multiple eyes on every transaction, you mitigate the risk of error, fraud, and other potential issues.

On a small scale, this might mean that one staff member records in-person donations while another person deposits the money in your organization’s bank account. On a larger scale, this means delegating financial responsibilities strategically.

For example, one nonprofit might designate the following responsibilities to different individuals:

• Board of directors: General financial oversight, regular review of financial statements and reports, nonprofit internal controls monitoring and maintenance

• Nonprofit CFO: Financial strategy, budget creation, and cash flow forecasting

• In-house or outsourced accountant: Bookkeeping, creation of monthly financial reports and statements, tax form filing

• Nonprofit investment advisor: Investing portfolio management, investment policy creation, long-term financial strategy support

Sufficient segregation of duties is especially important when it comes to your board of directors. In Funding Your Mission: The Modern Guide to Nonprofit Finance, Infinite Giving CEO Karen Houghton explains:

“And remember: the board’s role is governance, not financial management. They oversee Advisors, they don’t invest the funds themselves. With rolling board terms, volunteer status, and conflicts of interest, this can get messy fast. Board members are stewards, not CFOs. Expecting them to carry out the day-to-day strategy is not only unrealistic, it can lead to burnout or blurred boundaries.

What they can do is set strong policies, ask the right questions, and ensure that financial decisions align with your mission. That’s powerful stewardship.”

2. Conflict of Interest Policy

Your board members have a fiduciary responsibility to work in your organization’s best interest when making financial decisions, not their own. That’s why it’s essential to have a clear Conflict of Interest Policy that outlines and protects against potential conflicts of interest.

This document should define possible conflicts of interest, the disclosure process, and how you’ll handle any conflicts that arise. For example, you might specify that any board members who disclose a conflict of interest will be reviewed by a specific individual and excluded from financial decision-making.

3. Separation of Accounts

Avoid storing money that’s designated for different purposes in the same account. This internal control ensures you properly allocate your funding and helps you maintain maximum FDIC coverage (meaning that the government insures your funds in the event of a bank failure).

Rather than a single bank account, your organization should have separate accounts for:

• Operating funds: Short-term funding you use for daily expenses and mission fulfillment activities

• Reserve funds: Your “rainy day” savings account meant for use in emergencies, when an expected funding source falls through, or the economy fluctuates

• Capital reserves: Money set aside for a specific large-scale project, such as buying land or renovating a building

• Long-term funding: Any endowments, legacy gifts, and other large funds that are designed to be set aside and grow in value over the years for future use

Remember, no individual should have sole responsibility for or access to any of these accounts. In line with your segregation of duties policy, involve multiple trusted staff members and keep a record of every person who accesses your bank accounts.

4. Donation Records

Having a consistent system to record donations accurately is one of the most important financial controls for nonprofits. You need clear, written policies for how and where you’ll record gifts and donor information, even if much of the process is automated. If using a donor database or fundraising CRM, ensure that it adheres to privacy and security standards to protect sensitive information.

You must also provide tax receipts for all donations over $250 (though it’s best practice to send receipts for every donation, no matter the amount), so it’s best to create a policy to distribute these receipts immediately after you receive each contribution.

Fun fact: Infinite Giving automates sending receipts for both cash and non-cash gifts.

5. Cash Handling Procedures

Document policies and procedures that everyone who handles money on your organization’s behalf must follow. Your cash handling and management policies might include:

• Storing cash and checkbooks in a locked drawer or safe
• Depositing cash and checks into the appropriate bank account as soon as possible
• Keeping multiple copies of every receipt for cash transactions
• Accurately recording cash transactions in a logbook
• Ensuring that at least two people monitor cash handling, and a different person is responsible for depositing it
• Having a minimum amount of operating cash on hand at all times

Additionally, establish policies for who can use your organization’s credit or debit cards, if applicable. Limit authorized users, and have someone without access to your nonprofit’s credit cards reconcile the statements. Adopt the same receipt-keeping requirements as you do for cash.

6. Non-Cash Asset Policies

Increasingly, donors are giving nonprofits more than just cash gifts. Stock giving rose 136% in the last few years, and cryptocurrency donations continue to increase nationwide. To keep up, you need an up-to-date gift acceptance policy that details the types of in-kind donations your organization will and will not accept.

Then, make sure you have policies for how you’ll handle the following non-cash donations that are rising in popularity:

• Endowments
• Cryptocurrency
• Donor-advised fund grants
• Stocks

For stocks and cryptocurrency, an immediate liquidation policy stating you will convert non-cash assets into fiat cash right away will help you preserve their value based on volatility.

You should also outline specific procedures for non-cash donation receipts that adhere to IRS reporting requirements. Donors need different types of receipts for appreciated asset donations, and it’s your responsibility to provide them accurately.

7. Investment Policy Statement

If your nonprofit plans to invest any of its funds in stocks, money markets, treasury bills, bonds, or other securities, you need a written policy that governs those activities. At a minimum, your investment policy statement (IPS) should outline:

• Delegated responsibilities for specific team members and advisors.
• Your nonprofit’s investment goals and risk tolerance.
• Portfolio investment and spending policies.
• Reporting procedures and standards.
• A statement about complying with all donor restrictions.

To ensure your policy covers everything it needs to, consider partnering with a nonprofit investment advisor. They can create an IPS for you based on established best practices, then work with you to update it based on your unique needs.

Also, remember that your board of directors’ role is to oversee and govern financial activities, not manage them themselves. This means that your board should be involved in the development and approval of this policy, but they should not be directly responsible for any investment activity.

Fun fact: Infinite Giving creates an investment policy statement for its nonprofit clients who invest at least $100,000 to get started.

8. Board Oversight

An important point to reiterate: your board of directors has critical fiduciary responsibilities, as they are legally required to work in your nonprofit’s best interest and ensure that funds are used appropriately.

To fulfil this role, your board must have full oversight over financial activities. Ensure they have access to financial records, reports, and bank statements, and a codified plan for reviewing them.

9. Regular Review of Financial Reports

More specifically, your board of directors should review financial statements and reports on a monthly or quarterly basis to confirm that money is being handled properly and in alignment with your nonprofit’s goals. Add financial report and statement review to your board meeting agenda as a recurring task so it doesn’t slip through the cracks. A Finance Committee with a Chair or designated leader can help here, as well.

10. Two Signatures on Checks

Many organizations require the signatures of two different authorized individuals for all checks over a certain amount. This best practice helps you review large transactions, reducing the risk of theft or embezzlement.

Just remember, this is an internal policy that banks won’t help you enforce. For example, your bank may accept a check with only one signature even if it goes against your organization’s own policy.

11. Monthly Bank Statement Reconciliation

Every month, an objective individual who is not involved in other aspects of financial management should review and reconcile your nonprofit’s bank statements. They should verify the accuracy and record of all transactions, accounting for both deposits and expenditures. Once reconciled, these bank statements should be kept securely with your other financial records.

12. Payroll Controls

Employee compensation is likely a large part of your operational expenses, so make sure everything is accurate. Issuing employee paychecks should be subject to internal controls such as:

• Regular timesheet review and approval
• Review of the payroll allocation by a trusted individual
• Verification that there are no duplicate checks
• Secondary review of the payroll by a board member, if necessary

13. Background Checks

This financial control for nonprofits is straightforward: anyone who handles money for your organization, whether staff or volunteer, needs a background check before gaining access to any funds.

14. Expense Reimbursement Policy

Create guidelines for how your nonprofit will reimburse staff and volunteers who cover small organizational expenses out of pocket. For example, if an event volunteer needs to run out and buy more streamers for the finish line of your 5K fundraiser, you should reimburse them afterwards.

Your policy might require individuals to obtain prior approval for all expenses and to submit a receipt for the expense before it’s eligible for reimbursement.

15. Vendor Due Diligence

Your nonprofit likely works with all kinds of vendors, from software providers to event caterers, and every one of them should be thoroughly vetted. Establish a policy for researching, vetting, and approving each potential vendor before your organization contractually agrees to work with them. Also, have a sound method for contract management and review.

16. Annual Risk Assessment

Conduct a financial risk assessment every year to take stock of and plan for potential challenges. These might include economic fluctuations, unexpected funding loss, or even bank failures. Do an internal risk assessment, or hire an outside expert to audit your financial practices impartially.

Then, outline ways to mitigate any risks you identified. For instance, could you institute additional nonprofit internal controls?

One basic way to help manage your financial risks is to maximize your FDIC coverage. The government only insures accounts up to $250,000, so if your nonprofit has more than that in a single account, it is not covered. Instead of using multiple standard bank accounts that insure $250,000 each, consider opening a brokerage account with a sweep program. These programs can provide up to $5 million in FDIC coverage on a single account.

17. Public Disclosure

Determine how you’ll disclose your nonprofit’s finances to donors and the public. Beyond submitting publicly accessible tax forms to the IRS, how and where will you share financial information? How often?

To emphasize transparency and instill trust in your nonprofit, you might:

• Create comprehensive annual reports with overviews of your organization’s financial activity for that year.
• Send copies of your annual reports to all donors and make them available to anyone on your website.
• Publish certain financial statements and tax forms on your nonprofit’s website.
• Establish a policy for providing public financial records in a timely manner when requested.

18. Reserve and Endowment Spending Policies

Specify guidelines and restrictions for spending money from your longer-term accounts. For your reserve fund, the spending policy can be more flexible and up to the discretion of your board of directors. However, you should aim to keep at least 6-12 months’ worth of your operating costs in reserve.

If you have an endowment, its spending policy will be much more concrete and restrictive. Since this money is meant to grow over many years, most policies only allow for a small annual disbursement of 4-5%. Everything else should remain in the account to maximize its growth potential.

How to Strengthen Your Nonprofit’s Financial Controls

We’ve covered a lot of information in this article, but what can you do today to move toward better internal financial controls? Your board of directors can follow these steps:

• Review your current policies and processes. Conduct a comprehensive audit of your organization’s existing financial practices to discover what controls are missing or could be improved.

• Identify gaps using our checklist. Cross-reference our checklist above and compile a list of controls to develop. Prioritize the list based on your most immediate needs, and start defining next steps.

• Seek professional support. For complex financial policies, such as an investment policy statement or an endowment spending policy, work with nonprofit financial advisors to ensure they’re comprehensive.

• Ask questions and continue to expand your team’s knowledge. Don’t be afraid to discuss any questions or points of confusion with your advisors. Strengthening your financial foundation is an ongoing journey, so keep learning.

Maintaining Internal Controls for Nonprofits Long-Term

Establishing financial controls for nonprofits is not a one-time activity. Your team should review its controls often to ensure they still address your organization’s needs. Over time, you can develop stronger, more effective policies that help to safeguard your finances while focusing on your mission.

Want more insight before you start analyzing your nonprofit’s controls? Check out these additional guides from our expert team:

• The Basics of Nonprofit Financial Management: Start Here. Brush up on the essentials of financial management and your nonprofit’s core responsibilities.

• How to Develop a Nonprofit Investment Policy & Manage Risk. Stuck on your investment policy? Learn more about this important document and how it helps you manage potential investment risk.

• 14 Revenue Streams for Nonprofits & How to Diversify Yours. We mentioned several types of income you need to account for with internal controls, but there are plenty more. Explore other common nonprofit revenue streams in this guide.

*DISCLOSURE

Infinite Giving Advisory Services, Inc. is an SEC registered investment adviser. Advisory services are only offered to clients or prospective clients where Infinite Giving Advisory Services, Inc. and its representatives are properly licensed or exempt from licensure. This content is solely for informational purposes.  Past performance is no guarantee of future returns.

Investors’ experiences may vary from the content. Nothing in this presentation constitutes investment advice, performance data, or any recommendation that any particular security, portfolio of securities, transaction, or investment strategy is suitable for any specific person. Any mention of a particular security and related performance data is not a recommendation to buy or sell that security. Infinite Giving manages its clients’ accounts using a variety of investment techniques and strategies, which are not necessarily discussed in the commentary.

Individualized responses to persons that involve either the effecting of transactions in securities, or the rendering of personalized investment advice for compensation, will not be made without registration or exemption. Investing involves risk and possible loss of principal capital. No advice may be rendered by Infinite Giving Advisory Services, Inc. unless a client service agreement is in place. Donation services provided by Infinite Giving Technologies, Inc.

‍