Brought to you by Wilmington Charities

Financial controls: essential checks and procedures for charities

Effective internal financial controls are essential for trustees to meet their legal duties of safeguarding their charity’s assets and managing resources effectively...

Financial controls: essential checks and procedures for charities

Internal controls will reduce, although not eliminate, “the risk of losses through theft and fraud, bad decisions, human error, breaches of controls, management override of controls and unforeseeable circumstances.” If the risk isn’t eliminated then such controls should help to identify losses or breaches sooner and enable appropriate action to be taken. 

To help trustees, the Charity Commission publishes a guidance note - ‘Internal Controls for Charities (CC8)’.

Who's responsible for implementing financial controls?

Even though the trustee board may delegate the details to an individual trustee or staff member, the board retains responsibility for the establishment, implementation and monitoring of the financial controls and should decide on what controls are needed, collectively. 
The type and level of internal control framework required will vary from charity to charity, depending on its size and nature but the principles are relevant to all.

The required culture

Trustees and senior management should lead by example and ‘set the tone from the top’ whereby internal financial controls are adhered to and the culture of control embedded in operations across the organisation.

Reviewing your systems

Trustees should regularly review the system of controls for effectiveness, at least annually. The framework should be relevant and appropriate to the charity as well as not too onerous or disproportionate. The Charity Commission produces a self-assessment checklist which can be used to assist review.

The importance of segregation

No single person should have sole responsibility for any single transaction from authorisation to completion and review. This can be particularly challenging with smaller charities where the trustees personally administer the charity, however it is important that no one individual exercises sole responsibility over transactions as far as possible. Where complete segregation isn’t possible trustees should, at least, review transactions or carry out independent checks on the controls in place.  

Monitoring activities

To ensure that the controls are effective, trustees must regularly monitor them. Monitoring activities include:

  • Monitoring financial performance against a pre-approved budget (including estimates of income and expenditure);
  • Bank and other reconciliations;
  • Checking that authorisation/approval procedures are complied with;
  • In larger charities, the use of internal or external auditors or establishing an audit committee. 

Information and accounting

Trustees need access to accurate, up to date and understandable financial information and should review this regularly, regardless of the charity’s size.
Trustees are legally required to keep sufficient accounting records and to prepare (and file as appropriate) an annual report and accounts appropriate to their size. Some will need to be externally audited.

Financial crime

All sectors of the economy are at risk to crimes such as fraud, theft, money laundering and bribery. The charitable sector can be vulnerable due to its voluntary and work nature. As well as the risk of financial loss, such crimes can cause reputational damage. More detailed guidance on managing the risks of fraud and financial crime is available from the Charity Commission. Some of the controls that can be put in place include:
  • Appropriate policies such as anti-bribery; anti-fraud; anti-money-laundering; and whistleblowing;
  • Appropriate training for staff and volunteers;
  • Identity and due diligence checks on organisations that the charity works with;
  • Secure IT systems;
  • Appropriate reporting procedures.

The CC8 Guidance note splits the financial controls required in practice, into three main areas: income; purchases, payments and loans; and assets and investments. Trustees should consider the controls required in these areas as appropriate to their charity. 

Income controls

Trustees should consider controls in the following income areas:

  • Income received by post;
  • Income from public collection and fundraising events;
  • Gift Aid Scheme;
  • Legacy Income;
  • ‘Tainted’ donations;
  • Trading income;
  • Banking and custody procedures;
  • Income records.

Purchases, payments and loans

Trustees should consider controls in the following areas:

  • Authorisation of expenditure on goods, services and grants;
  • Payments by cheque;
  • Payments by credit, debit and charge cards;
  • Payments by direct debits; standing orders; and BACS;
  • Payments in cash;
  • Wages and salaries;
  • Expenses;
  • Taking out of loans including trustee loans;
  • Expenditure records.

Assets and investments

Trustees should consider controls in the following areas:

  • Fixed assets used;
  • Investments;
  • Cash held on deposit;
  • Electronic banking;
  • Non-traditional banking methods;
  • Restricted and endowment funds.