The Center For Audit Quality, a non-profit group based out of Washington D.C., has published a great guide on Internal Controls. While the term “Internal Control” can seem imposing to a church, the concepts in the guide are essential for all churches as they oversee their finances and financial reporting. Entitled, “Guide to Internal Control Over Financial Reporting,” the free PDF examines the big picture of what financial controls are and what they are supposed to do.
Here is the purpose of the guide:
The Center for Audit Quality prepared this Guide to provide an overview for the general public of internal control over financial reporting (“ICFR”). The Guide explains what public company ICFR is and describes management’s responsibility for implementing effective ICFR. The Guide also discusses the responsibilities of the audit committee to oversee ICFR and of the independent auditor to audit the effectiveness of the company’s ICFR.
Though churches are not “public companies,” many of the same principles and practices can be applied to the church setting. The CEO’s, CFO’s, accountants and auditors in your church will be familiar with internal controls and know the value of them for your church.
The guide gives a great definition of internal controls: “Internal control includes all of the processes and procedures that management puts in place to help make sure that its assets are protected and that company activities are conducted in accordance with the organization’s policies and procedures.” Every church needs ICFR to ensure that their finances are being handled well. It is the responsibility of management to ensure that financial controls are in place. That means that the Executive Pastor, Governing Board, and Finance Committee are the ones who need to implement the internal controls.
The guide outlines five areas of internal controls:
- Control Environment—The control environment sets the tone of an organization, influencing the control consciousness of its people.
- Risk Assessment—Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed.
- Control Activities—They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.
- Information and Communication—Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities.
- Monitoring Activities—Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties.
Their caveat about controls is on the mark:
No system of ICFR can provide absolute assurance. Internal control systems are operated by individuals, and individuals inevitably make mistakes … it is impossible to create a practical control system that will detect or prevent all potential errors. In addition, intentional misconduct, such as fraud, collusion, or management override, may prevent controls from operating as intended, regardless of how well they are designed.
Mistakes in your financial reporting are going to happen. Fraud may happen as well. However, with good internal controls, you will greatly limit the possibility and the extent of both mistakes and fraud. It’s too late to close the proverbial barn door after the animals have escaped. Good internal controls can close loopholes, prevent fraud and find errors before it is too late.
Read the guide to learn more. Then, discuss your internal controls with your Finance Team and your auditor.