Internal Control Considerations for Automated Systems in Nonprofit AccountingOctober 2, 2018
By: Matthew Estersohn, CPA
Automation is an evolving trend that has affected nonprofit accounting departments for many years. While large organizations have been onthe leading edge, more affordable solutions are making the automation of transaction processing increasingly more accessible for small and medium sized nonprofits. Unfortunately, accounting manuals and internal controls for these entities are often outdated and were developed with old, manual processes in mind. Many of these controls may be rendered ineffectual or redundant by automation. At the same time, automation will require new control considerations.
This article will detail some common processes that are being automated along with key controls that should be considered as the shift to automation continues.
REIMBURSABLE EXPENSES AND CREDIT CARDS
Organizations must often strike a balance when it comes to the number of employees who have credit cards or purchasing authority. Fewer cards may lead to more inefficient purchasing but will be easier to control. However, if an organization runs multiple programs or locations, they may choose to decentralize purchasing authority and give more credit cards or allow for more reimbursable expenses. This can lead to problems if employees do not reliably collect all receipts and document the business purpose of the expenses. Lack of documentation can be both a fraud risk and a compliance risk if the purchases relate to programs funded by the government.
Given the prevalence of smartphones and cloud-based systems, a number of applications have been developed to help make the purchasing process more efficient. In some instances, employees can take pictures of receipts with their phones, add a description of the expense, and upload the expense for approval in real time. Managers can often sign off on expenses online to indicate approval rather than signing physical documents.
With any purchasing function, ensuring the integrity of the approval process is critical. When setting up the application, management should make sure to consider the appropriate personnel to receive approval authority (often direct supervisors of staff). Because this approval happens electronically, physical access to their devices and password control become very important since an employee with their manager’s password may be able to sign off on their own expenses. Organizations should also make sure that if they have any compliance requirements from funding sources, including government agencies, the right software is set up to capture all required information.
The back end of the accounts payable function is also being increasingly automated, with electronic approvals for payments and either electronic checks or wire transfers becoming more common. Here too, the approval process is key and organizations should consider which employees have the ability to authorize or initiate electronic payments. Previously, when manual checks were used, signature authority was often restricted to senior management. However, electronic transfers do not always have the same level of scrutiny. Organizations should keep the payment authority consistent so that an appropriately senior employee can approve payments regardless of the transaction method.
Electronic systems can also offer additional elements of fraud prevention that are not possible or practical with manual processes. For example, an accounting system may be able to monitor transactions for duplicate payment of invoices. The system may also generate data that can be mined to provide analysis on any anomalies in vendor or employee payments. The details will depend on the type and amount of data that is collected, but these can be useful controls to detect fraud or unusual spending patterns.
Most payroll and HR systems have some level of automation these days. All organizations should ensure that any payroll information is reviewed and approved before it is transmitted to third party payroll companies. Organizations should also review which employees have access to create employees and edit details including salary information. Change reports that identify any changes to payroll or personnel data should be reviewed regularly by a supervisor who does not have the ability to edit any human resources information.
Payroll systems can also be a useful source for data analysis and fraud detection. For example, an organization with hourly employees may run analytics on which employees are receiving the most overtime and use that data to make any necessary operational adjustments.
Given the wide range of revenue sources in the nonprofit world, it is not practical to cover all possible forms of taking in revenue. Large organizations have used lockbox systems and outsourced collection for many years. Even smaller nonprofits have used third parties to process payments online for some time. Key controls that should be considered regardless of size include ensuring that:
Employees with physical or electronic access to incoming payments are not the same employees who record these payments in the accounting system;
Write offs of receivables are approved by an appropriate management
level employee (such as the CFO); and Revenue on the accounting ledger is always reconciled to separate systems when available (e.g. a development database).
Controls will need to be tailored based on an entity’s operations, size and risk. In today’s rapidly changing environment, it is important to revisit accounting manuals and procedures regularly to reconsider whether controls are still relevant in preventing and detecting fraud.