Protection against error and fraud; its a matter of self control

Recent articles in the nonprofit press have stressed the need to reinforce the external controls or regulation of nonprofit organisations. For example, the recent calls to reduce the restrictions on what data the ACNC can collect, and what it can release are welcome improvements on the transparency of charities and nonprofits. But at the end of the day, it is the internal controls that nonprofits put in place which will best protect the organisation from failures which lead to fraud and error, and reputational damage.

Internal controls include

  1. Policies and Procedures, which are the foundation of internal controls.

  2. A strict segregation of duties, where no single person has the control of a financial process from beginning to end.

  3. Reconciliation processes which provide alerts by comparing internal financial records with an external ‘source of truth’, such as a bank statement or fundraising application report. Furthermore, where reconciliations are delayed or behind schedule, then financial reports to the board will be delayed. This should trigger an alert of some concern, because repeated and consistent delays is a sign of poor financial management performance, and may disguise other issues in financial performance, particularly around accuracy or poor systems, technology, etc

How diligently the Policies and Procedures are monitored can send a clear message that internal controls are respected and in place. However if there is irregular, random, or even absent reporting on compliance with procedures, it doesn’t take long for the procedures to be ignored. "Why should I spend my time on these time-sheets when no one checks them"

Vigilant reporting on compliance is an essential part of monitoring adherence to policies and procedures. The monthly report on leave applications submitted in a timely way, unreconciled bank statements, timesheet omissions… there are many ways to report on compliance to policies and procedures. Drucker’s maxim: ‘if its measured, it’s managed’ applies here, or rather the reporting acts as a reminder for all staff that the procedures are important and reflect the high standards of the workplace.

And one must remember the critical role of the Board of Management, who have a fiduciary duty to protect against error and fraud, must ensure internal controls are adhered to, and not just for the staff, but for the board members themselves.

Internal controls are much more likely to detect fraud and error than an external audit. It is clear from our experience that the annual audit on nonprofit organisations is a review of a selected sample of processes and transactions, and the auditors themselves are clear that the audit is not a sufficient instrument to uncover malfeasance. (Its one reason why its the Directors who sign the audit report to members, not the auditors!)

So if error and fraud is likely to be committed by internal staff, it is also most likely to be detected by staff, suppliers or service consumers. A well managed and clearly articulated ‘whistleblower’ policy should be championed by the board, and a culture which encourages stakeholders to raise their concerns needs to be part of the organisational culture.

 

It is the culture - set from the top - which lets everyone know what is important. To quote from Drucker again: “Management is doing things right; leadership is doing the right things”. It is the board which determines what is important to do, and that there are supporting controls to ensure that staff do things right.


Next article: Examples of Internal Controls.

$(document).ready(function() { $('#next1').click(function() { var orgname= $('#orgname').val(); var putorgname= $('.org_name').html(orgname); $('.org_name1').val(orgname); }); }); (function($) { $(function() { $(document).ready(function(){ //Client-supplied mystery meat constants var r2eRatioMin = 8; var r2eRatioMax = 22; var wcRatioMin = 0.2; var wcRatioMax = 3.2; var crRatioMin = 2; var crRatioMax = 12; var prRatioMin = 0; var prRatioMax = 10; var currentstep = '#step1'; $('#step2,#step3,#step4').hide(); $('.calcnav .next').addClass('disabled'); function safeVal(value) { value = value.replace('$',''); value = value.replace(/,/g,''); value = value.replace(' ',''); return value; } /**********************************************/ //NAV //When we click a nav link, show the div referenced by the href, which will be something like #step2 $('.calcnav a').click(function(e){ //Don't navigate if required fields are missing or the link is disabled if($(this).hasClass('disabled')){ return false; } if($(this).hasClass('.next') && !checkReq(currentstep)) { return false; } e.preventDefault(); var selector = $(this).attr('href'); if($(selector).length) { //we have a div to show //Fade out, then fade in the new div $.when($('.calcsection').fadeOut(500)).done(function() { $(selector).fadeIn(); currentstep = selector; if(currentstep == '#step4') { step4calc(); } }); } }); //.calcnav a.click() /************************************************/ function step1calc() { var v21 = parseInt( safeVal($('input[name="orgname"]').val()) ); var v1 = parseInt( safeVal($('input[name="bankaccounts"]').val()) ); var v2 = parseInt( safeVal($('input[name="currentassets"]').val()) ); var v3 = parseInt( safeVal($('input[name="fixedassets"]').val()) ); if(isNaN(v1) || isNaN(v2) || isNaN(v3)) { $('input[name="totalassets"]').val(''); $('#step1 .calcnav a.next').addClass('disabled'); return false; } $('#step1 .calcnav a.next').removeClass('disabled'); $('input[name="totalassets"]').val(v1 + v2 + v3); } //Add listeners for step 1 $('#step1 input').change(function(){ step1calc(); }); $('#step1 input').keyup(function(){ step1calc(); }); /**********************************************/ function step2calc() { var l1 = parseInt( safeVal($('input[name="creditors"]').val()) ); var l2 = parseInt( safeVal($('input[name="staffentitlements"]').val()) ); var l3 = parseInt( safeVal($('input[name="grants"]').val()) ); var l4 = parseInt( safeVal($('input[name="currentliabilities"]').val()) ); var l5 = parseInt( safeVal($('input[name="noncurrentliabilities"]').val()) ); if(isNaN(l1) || isNaN(l2) || isNaN(l3) || isNaN(l4) || isNaN(l5)) { $('input[name="totalliabilities"]').val(''); $('#step2 .calcnav a.next').addClass('disabled'); return false; } $('#step2 .calcnav a.next').removeClass('disabled'); $('input[name="totalliabilities"]').val(l1 + l2 + l3 + l4 + l5); var reserves = parseInt( safeVal($('input[name="totalassets"]').val()) ) - parseInt( safeVal($('input[name="totalliabilities"]').val()) ); $('input[name="reserves"]').val(reserves); } //Add listeners for step 2 $('#step2 input').change(function(){ step2calc(); }); $('#step2 input').keyup(function(){ step2calc(); }); /**********************************************/ function step3calc() { var a1 = parseInt( safeVal($('input[name="annualincome"]').val()) ); var a2 = parseInt( safeVal($('input[name="annualspend"]').val()) ); var a3 = parseInt( safeVal($('input[name="staffcosts"]').val()) ); if(isNaN(a1) || isNaN(a2) || isNaN(a3) ) { $('input[name="net"]').val(''); $('#step3 .calcnav a.next').addClass('disabled'); return false; } var net = a1 - a2 ;// - parseInt(a3) //total income - total costs $('#step3 .calcnav a.next').removeClass('disabled'); $('input[name="net"]').val(net); } //Add listeners for step 3 $('#step3 input').change(function(){ step3calc(); }); $('#step3 input').keyup(function(){ step3calc(); }); /**********************************************/ function step4calc() { var currentAssets = parseInt( safeVal($('input[name="bankaccounts"]').val()) ) + parseInt( safeVal($('input[name="currentassets"]').val()) ); var totalAssets = currentAssets + parseInt( safeVal($('input[name="fixedassets"]').val()) ); var currentLiabilities = parseInt( safeVal($('input[name="creditors"]').val()) ) + parseInt( safeVal($('input[name="staffentitlements"]').val()) ) + parseInt( safeVal($('input[name="grants"]').val()) ) + parseInt( safeVal($('input[name="currentliabilities"]').val()) ); var totalLiabilities = currentLiabilities + parseInt( safeVal($('input[name="noncurrentliabilities"]').val()) ); var reserves = totalAssets - totalLiabilities; var netSurplus = parseInt( safeVal($('input[name="annualincome"]').val()) ) - parseInt( safeVal($('input[name="annualspend"]').val()) ); //1 var ratio1 = parseInt( safeVal($('input[name="reserves"]').val()) ) / parseInt( safeVal($('input[name="annualspend"]').val()) ) * 100; var score1 = Math.round((((ratio1 - r2eRatioMin)/(r2eRatioMax-r2eRatioMin))*9+1)*10)/10; if(score1 < 0){ score1 = 0;} if(score1 > 10) { score1 = 10;} $('#score1').text(score1); $('#score1a').val(score1); $('#ratio1').text(ratio1.toFixed(1) + '%'); $('#ratio1a').val(ratio1.toFixed(1) + '%'); var status1 = '';var status1a = ''; if(ratio1 < 15) { status1 = 'bad';status1a = 'red'; } else if(ratio1 >= 15 && ratio1 < 18) { status1 = 'average';status1a = 'yellow'; } else if(ratio1 >= 18) { status1 = 'good'; status1a = 'green'; } $('#status1').addClass(status1); $('#status1a').val(status1a); //2 var ratio2 = 0; if(currentLiabilities <= 0){ ratio2 = 0; } else { ratio2 = currentAssets / currentLiabilities; } $('#ratio2').text(ratio2.toFixed(1)); $('#ratio2a').val(ratio2.toFixed(1)); var score2 = Math.round((((ratio2-wcRatioMin)/(wcRatioMax-wcRatioMin))*9+1)*10)/10; if(score2 < 0){ score2 = 0; } if(score2 > 10) { score2 = 10; } $('#score2').text(score2); $('#score2a').val(score2); var status2 = '';var status2a = ''; if(ratio2 < 1){ status2 = 'bad'; status2a = 'red'; } else if(ratio2 >= 1 && ratio2 < 2) { status2 = 'average'; status2a = 'yellow'; } else if(ratio2 >= 2) { status2 = 'good';status2a = 'green'; } $('#status2').addClass(status2); $('#status2a').val(status2a); //3 var totalExpenditure = parseInt( safeVal($('input[name="annualspend"]').val()) ); var weeklyExpenditure = totalExpenditure / 52; var ratio3 = 0; var bankAccounts = parseInt( safeVal($('input[name="bankaccounts"]').val()) ); var grants = parseInt( safeVal($('input[name="grants"]').val()) ); if (totalExpenditure == 0) { ratio3 = 0; } else { ratio3 = (bankAccounts - grants) / weeklyExpenditure; } $('#ratio3').text(ratio3.toFixed(1)); $('#ratio3a').val(ratio3.toFixed(1)); var score3 = Math.round((((ratio3-crRatioMin)/(crRatioMax-crRatioMin))*9+1)*10)/10; if(score3 < 0) { score3 = 0; } if(score3 > 10) { score3 = 10; } $('#score3').text(score3); $('#score3a').val(score3); var status3 = ''; var status3a = ''; if(score3 < 7) { status3 = 'bad'; status3a = 'red'; } else if(score3 >= 7 && score3 < 10) { status3 = 'average';status3a = 'yellow'; } else if(score3 >= 10) { status3 = 'good';status3a = 'green'; } $('#status3').addClass(status3); $('#status3a').val(status3a); //4 var profitmargin = 0; var totalincome = parseInt( safeVal($('input[name="annualincome"]').val()) ); if(totalincome > 0){ profitmargin = (totalincome - totalExpenditure) / totalincome * 100; } var ratio4 = profitmargin; $('#ratio4').text(ratio4.toFixed(1) + '%'); $('#ratio4a').val(ratio4.toFixed(1) + '%'); var score4 = Math.round((((profitmargin-prRatioMin)/(prRatioMax-prRatioMin))*10)*10)/10; if(score4 < 0) { score4 = 0; } if(score4 > 10) { score4 = 10; } $('#score4').text(score4); $('#score4a').val(score4); var status4a = ''; if(score4 < 1) { status4 = 'bad';status4a = 'red'; } else if(score4 >= 1 && score4 < 6) { status4 = 'average'; status4a = 'yellow'; } else if(score4 >= 6 ) { status4 = 'good';status4a = 'green'; } $('#status4').addClass(status4); $('#status4a').val(status4a); //5 var ratio5 = 0; var staffcosts = parseInt( safeVal($('input[name="staffcosts"]').val()) ); if(totalincome == 0) { ratio5 = 0; } else { ratio5 = staffcosts / totalincome; } $('#ratio5').text((ratio5 * 100).toFixed(1) + '%'); $('#ratio5a').val((ratio5 * 100).toFixed(1) + '%'); var score5 = 0; score5 = Math.round(((1-ratio5)*10+3)*10)/10; if(score5 < 0) { score5 = 0; } if(score5 > 10) { score5 = 10; } $('#score5').text(score5); $('#score5a').val(score5); ratio5 = ratio5 * 100; var status5 = '';var status5a = ''; if(ratio5 < 60) { status5 = 'bad'; status5a = 'red'; } else if (ratio5 >= 60 && ratio5 < 80) { status5 = 'average';status5a = 'yellow'; } else if(ratio5 >= 80) { status5 = 'good';status5a = 'green'; } $('#status5').addClass(status5); $('#status5a').val(status5a); //total var totalscore = parseFloat($('#score1').text()) + parseFloat($('#score2').text()) + parseFloat($('#score3').text()) + parseFloat($('#score4').text()) + parseFloat($('#score5').text()); $('#totalscore').text(totalscore); selector12(); return false; } function selector12() { $("#button").trigger('click'); //$("#button").click(); return false; } /**********************************************/ function checkReq(selector) { var proceed = true; $.each($(selector + ' input.required'),function() { if( $(this).val() == '' ) { proceed = false; } }); if(proceed == true) { return true; } else { return false; } } /***********************************************/ $('.helpicon').mouseover(function(e){ $(this).siblings('.helpcontent').css('top',e.pageY - 10); $(this).siblings('.helpcontent').css('left',e.pageX + 10); $(this).siblings('.helpcontent').show(); }); $('.helpicon').mouseout(function(){ $(this).siblings('.helpcontent').hide(); }); }); }); })(jQuery);