What Is An Internal Control Risk Assessment?

Nonprofits do meaningful and impactful work in our communities. The last thing anyone wants to see is a beloved charitable organization, foundation, or religious organization in the press for the wrong reasons. But unfortunately, it happens too frequently.

Recognizing fraud within your organization is crucial, but leaders can easily become blind to the clues or cues that typically accompany it. In many cases, processes intended to support a nonprofit’s financials are taken for granted or evolve without consideration of efficiency. They aren’t regularly reviewed and become the standard because “it’s always been done this way.”

This lack of digging into the details and reviewing areas of improvement can lead to pain down the road. Just because you haven’t had an issue before doesn’t mean you won’t have one later.

These are some reasons why a process review of your organization’s internal controls is essential. Process reviews uncover improvements for your current internal processes – whether by simplification, utilizing technology, or determining better ways to do things. These reviews can also provide suggestions for developing new processes to solve problems you didn’t know you had and narrow your exposure to the likelihood of fraud.

You might be thinking, why would I need a process review if my organization is audited annually?

Most people don’t understand the intention of an audit is not to find fraud. Auditors are required to understand your internal controls. They may have some general suggestions for how to improve in a management letter, but the bulk of their time is spent on determining if your financial statements are materially correct– not if your controls and processes are the best they can be.

Let’s Talk – Level Setting on Process Reviews 

A process review starts with a conversation. At Maner Costerisan, we begin by speaking to managers and employees connected with the financial process to better understand their roles and what they do on a daily, monthly, and annual basis. This doesn’t just include the finance department; we connect with everyone in the organization that could be tied or involved with funds, from the administrative assistant making an initial receipt listing to the volunteer updating the gifting database all the way to the director of finance.

While this portion of the review can feel intense, it is perhaps the most crucial and eye-opening in many ways. We are on a mission to understand your current processes and identify ways we can make you more effective, efficient and fraud-proof. Speaking to each person involved in the process allows us to provide a holistic and detailed view of what’s working and what’s not and flag areas for improvement or concern.

Reporting

Once we have spoken to everyone necessary and documented the organization’s financial processes, we create a report for the organization to review. Our report is different from a typical audit management letter. Those letters provide canned recommendations, without implementation suggestions.

We recognize there are limitations in people and time resources, and the process review report reflects that. We develop a realistic and tailored report that considers your organization’s unique circumstances, industry best practices, and our expertise. We outline specific challenges and suggestions for improvement, prioritizing them to best serve your nonprofit.

What to Expect

For example, let’s look at a simple, standard process like a timecard approval. Organization X has a policy that all timecards must be approved before payroll is initiated, but leaders are busy meeting with potential donors offsite and don’t have time to review staff timecards in a timely manner. 

In this case, an audit management letter would provide you with a comment stating that the policy needs to be followed. But clearly, the policy itself  could be much improved.

Our process review report will offer clear guidance and explanation about all the red flags in that situation. While approval of timecards before being submitted is certainly a best practice, it’s a real challenge in this organization. Leaders will continue to be unavailable and supply delayed approvals (or delegate approval to others). This situation could be resolved by exploring a payroll provider that allows review and approval via an app. Mobile approval would maintain controls and protect the organization without slowing down operations. Instead of a canned comment, the process review report provides a viable alternative, that still maintains effective controls.

Next Steps

We understand receiving a report with 20 different suggestions, but no actionable next steps in no reasonable order isn’t helpful. Entire processes can’t and shouldn’t be changed overnight.

Any successful implementation must be prioritized and phased in. What is unique about Maner’s process review is that we provide customized risk and efficiency matrices, designed to help management identify where to start the process. Items with the most significant risk or the greatest time drain and the greatest possibility of happening are prioritized, allowing for immediate, tangible results.

We know that one of the best ways to reduce fraud is to create a “perception of detection,” and having a process review is a great first step to accomplishing that goal. Combine this mindset with the effective, yet efficient internal controls that result from this process, and you’ve got an organization where the focus can be on innovation and service.

Maner is here to help your organization thrive and get the process started with our fantastic staff of nonprofit and fraud experts!

For more questions regarding process reviews and how they could help your nonprofit, you can reach out to Bethany Verble, CPA, CFE, Manager, and process review expert at bverble@manercpa.com or by calling us directly at 517-323-7500.