In addition to overseeing the annual audit, a key role of the Audit Committee is to provide oversight of the organization’s internal controls to ensure they are designed properly and operating effectively. Although the annual audit may provide insight about the internal control structure, the audit itself cannot solely be relied upon to serve this oversight function. The Audit Committee should perform its own monitoring of internal controls. One way to accomplish this is for Audit Committee members (or those tasked with that function) to perform internal control spot checks periodically.
Designing Internal Control Spot Checks
Many times we are asked for guidance to help the Audit Committee understand its role in this area. Here are some simple steps you might consider:
Step 1: Read and understand the controls that are in place now
Management may already have some written policies and procedures to review. Update your understanding by asking staff to walk through some of the procedures.
Step 2: Identify the highest risk areas to test
This is an opportunity to look at the organization holistically. After you’ve got a good idea of how the internal controls work, think about where fraud or errors could occur. Maybe it’s in the credit card statement controls or in the grants management controls. It’s up to you to identify which areas you want to focus on. Some other examples of key areas are receipts coming into the organization, disbursements going out of the organization, payroll, and bank reconciliations.
Step 3: Design a procedure to test the areas where risk is higher
It can be simple, such as, “We will select 2 credit card statements over the past 6 months and review each for complete documentation, accuracy and authorization.”
Step 4: Perform the procedure
Be sure to write down the steps you’ve taken, which samples you selected and your findings.
Step 5: Report your procedures and findings to the board
Basically the board will want to know what you did. That you read and understood the current internal controls, identified the riskiest areas, designed and performed procedures to test the controls, and found no concerns or identified certain issues.
Step 6: Monitor and re-check the area
If you find issues, be sure to monitor and re-check the area in the future and report back to the board.
The Audit Committee can also delegate this responsibility to others, including staff and volunteers, as long as there is no conflict of interest. For example, you would not want a staff member evaluating and testing controls in an area in which they work or are responsible for.
Spot checks do not have to be elaborate, and you can set a schedule to do checks on various areas throughout the year. Best practices suggest rotating through different control areas for better coverage.
Example Monitoring Checklist
Here are some things to consider when performing a spot check. You should tailor the checklist to your organization’s specific procedures and identified risks.
Interested in working with JJCo for your not-for-profit accounting and tax needs? Contact Jacobson Jarvis today!
About the author: