Running a nonprofit is about more than carrying out a mission. It is also about protecting the public’s trust and ensuring that every donation, grant, or contract dollar is used exactly as promised. Whether you manage a small neighborhood program or a national foundation, the proper controls protect your resources, people, and reputation.

Below are the five essential internal controls every nonprofit, regardless of size, should have in place to build confidence and safeguard its mission.

1. Segregation of Duties and Dual Authorization

Why it matters:

No single person should be able to initiate, approve, and record a transaction from start to finish. This principle, often called “separation of duties,” is the cornerstone of fraud prevention. When one person both cuts checks and reconciles the bank account, the organization is exposed.

Legal & accounting context:

• The COSO Internal Control Framework lists “control activities” (approvals, verifications, and reconciliations) as essential safeguards.
• Boards have a fiduciary duty of care to establish oversight systems that reduce these risks.

Practical tips:

• Require two signatures or approvals for disbursements over a set dollar threshold.
• Assign different individuals (or roles) for authorization, custody, and record-keeping.
• For small organizations, use “compensating controls” such as monthly board review of bank reconciliations or dual verification of deposits and payments.
• Document all paper or digital approvals to create a clear audit trail.

2. Written Financial Policies and Procedures

Why it matters:

Policies turn good intentions into enforceable standards.

A written manual clarifies who can approve expenses, how receipts are stored, and what happens if records are missing. In an audit or investigation, having (and following) written policies demonstrates integrity and compliance.

Practical tips:

• Create a concise financial policy manual approved by the board.
• Define approval thresholds, allowable reimbursements, and documentation requirements.
• Include a record retention schedule (typically 7 years for financial records).
• Update policies annually and train all staff and volunteers on them.

3. Contract and Grant Management Controls

Why it matters:

Nonprofits handle vendor contracts, service agreements, and grant awards. Without structured oversight, organizations risk non-compliance, cost disallowances, or legal disputes. Strong contract controls ensure obligations are met and funds are spent appropriately.

Regulatory foundation:

• The OMB Uniform Guidance (2 CFR 200) requires clear procurement, documentation, and sub-recipient monitoring for federal funds.
• Grantors expect written agreements that define deliverables, budgets, and audit access.

Practical tips:

• Use standardized templates that include scope, deliverables, payment terms, and compliance clauses.
• Establish a contract approval matrix specifying who can sign which types of agreements.
• Maintain a central repository with version control and renewal reminders.
• Reconcile grant budgets monthly and track deliverables vs. payments.
• Review all major contracts with counsel or your finance committee before signature.

4. Regular Reconciliations, Independent Reviews, and Board Oversight

Why it matters:

Reconciliations are the pulse check of financial health. They confirm that what’s recorded in your books matches what’s in the bank and expose discrepancies early. Pair this with active board oversight, and your organization gains both accuracy and accountability.

Legal expectations:

• Many states require independent audits once a nonprofit’s annual revenue exceeds a certain threshold.
• Federal grant recipients with federal expenditures over certain limits (currently $1M) must undergo a Single Audit, combining financial and compliance reviews.
• Board fiduciary duties—care, loyalty, and obedience—demand regular financial review.

Practical tips:

• Perform monthly reconciliations for bank, credit card, and petty cash accounts.
• Assign reconciliation to someone independent of check writing or deposit handling.
• Present quarterly financial statements to the board’s finance committee, highlighting variances and trends.
• Conduct annual independent audits or reviews when required or voluntarily for transparency.
• Document every review and corrective action in board minutes.

5. Information Technology & Access Controls

Why it matters:

Most nonprofits now rely on cloud-based accounting, donor management, and payroll systems. Without proper access controls, one compromised password can lead to data theft or financial manipulation.

Professional guidance:

• COSO and auditing standards both treat IT controls as integral to reliable financial reporting.
• Data breaches can trigger financial loss and violation of privacy laws.

Practical tips:

• Require unique user logins—no shared credentials.
• Implement role-based permissions and multi-factor authentication (MFA).
• Enable audit logs that record edits and deletions in accounting systems.
• Schedule quarterly access reviews to remove inactive users.
• Back up data daily and test restoration procedures.

Conclusion

Internal controls aren’t bureaucracy—they’re confidence builders. They safeguard your mission, reassure donors their money is used wisely, and provide a solid defense during audits or investigations. Whether you serve one community or a national cause, these five controls—segregation of duties, clear policies, contract oversight, reconciliations, and IT safeguards—are the backbone of financial integrity. Start small, stay consistent, and remember strong controls protect you in your weakest moments.