Tag Archives: internal controls

Best Internal Control Practices for Schools

Schools are the perfect places to find new opportunities and challenges at every turn. Furthermore, the next challenge your institution faces may not be in the classroom. The front and back office, which includes the accounting department also require effective internal controls. Here are some best practices that should mitigate or prevent issues from happening in your educational institution.

Segregation of duties

Typically, schools have small administrative groups, making the segregation of duties quite difficult. Even so, it is important to separate the activities of authorization, payment, and recording among staff members. For example, try alternating tasks between staff members, and using them as checks for each other.

Physical controls

With so many people coming in and out of schools, the risk of theft or damage to assets increases. Using some simple, physical internal controls can prevent damage or theft. Lock everything! Making sure your school’s doors are locked at all times will protect equipment. Petty cash and checks should be away in a safe. If feasible, electronic access cards and cameras are also good ways to increase security especially for high-value assets.

IT controls

Today’s students are technologically savvy. Therefore, limiting their access to school computers is one control to implement. Furthermore, make sure school financial and administrative data are password protected with complex passwords that are changed regularly. The ability to add and remove programs should be exclusive to administrators. Access to internal information, whether it’s HR, Finance, or other administrative data, should also be limited to those who need it.

Accounting policies

Schools benefit from proper accounting policies. Proper accounting policies can ensure all transactions are authorized, properly recorded, and not omitted from the records. School policies should include keeping a chart of accounts, proper approval steps, and sequential numbering. Map out the accounting internal controls for staff to follow.

Ethical training

Ethics training for all employees is one of the most important activities in internal controls. It will facilitate an ethical control environment across the organization. This mindset helps prevent and detect financial fraud and other unethical behavior. A code of ethics section in the employee handbook can also help let staff know what the expectations are.


For more information on internal controls in schools or Aronson, please contact Dan Kelley at dkelley@aronsonllc.com.

Mitigating Risk from Your Third-Party Vendors


A third-party vendor is an ancillary process outside the control of your organization, which performs a function or provides a service that isn’t central to your operating purpose, for example, a third-party payroll company.

Although your exempt organization may rely on third-party service providers, your management team carries the ultimate responsibility for maintaining an effective internal control system that produces accurate financial reporting. Taking ownership of this third-party responsibility has become one of the biggest hurdles for exempt organizations as more and more processes move to third-party providers.

Below are some suggestions on how to implement internal controls over financial reporting (ICFR) to assist your exempt organization with meeting the organizational goal of producing accurate financial information:

  • When engaging vendors with an impact on ICFR, ensure your evaluation process and/or request for proposals (RFP) includes consideration for meeting your organization’s internal controls standards.
  • Periodically evaluate key performance indicators (KPIs) of service providers with respect to service requirements relevant to ICFR.
  • Review a Service Organization Control (SOC) 1 report and determine whether follow-up actions are necessary.
  • Implement controls to verify the reliability of data relevant to ICFR that are sent to and received from service providers.

The internal control function is an indispensable tool in promoting efficiency and effectiveness of your exempt organization. It improves employee confidence, supports external reporting needs, and assists in ensuring your exempt organization serves its mission by using sound ethical practices.


For more information, please contact Aronson’s Melissa Musser, CPA, CISA, at mmusser@aronsonllc.com or 240.364.2598.

Have an RFP you would like to submit? Click here.


Reviewing New Procurement Standards Under Uniform Guidance

Procurement guidelines had several changes that came with the codification of A-133 into the new Uniform Guidance.

  1. “Micro purchases” of less than $3,000 do not need competitive bids or price analysis.
  2. “Small” purchases are purchases that exceed the micro-purchase amount but do not exceed the simplified acquisition threshold ($150K). If small purchase procedures are used, price or rate quotations must be obtained from an adequate number of qualified sources.
  3. If an agreement of $150K or more is reached with a contractor, the actual profit point worked into that agreement has to be negotiated separately.
  4. MBE/WBE (Minority Owned Business/Woman Owned Business) language that used to say to use these businesses “whenever possible” now says “must take all necessary steps.”
  5. Important: There is a one-year grace period for non-federal entities to implement changes to their procurement policies and procedures.
  6. Refer to the Bear Claw from COFAR:


Fraud Considerations for Nonprofits: Part 5 – Fighting Fraud

nonprofit-fraud-icon-01Earlier articles in our nonprofit fraud series focused on the underlying causes and signs of fraud. Now that you are armed with that information, what can you do about it? Fighting fraud requires elements of prevention, deterrence and detection.

  • Prevention is controls designed to reduce the risk of fraud from the beginning such as hiring the right people.
  • Deterrence involves policies and procedures to deter someone from wanting to commit fraud.
  • Detection relates to finding something if it has occurred.

Examples of effective anti-fraud controls include:

  • Employee background checks in hiring decisions
  • A code of conduct for employees and Board members
  • A review of computer security
  • Segregation of duties
  • Job rotation, mandatory vacations, cross-training of workforce, and fraud training
  • Proper employee dishonesty insurance
  • Monthly financial statement preparation and review by different people
  • Budget to actual comparisons
  • Monthly reconciliation of accounts
  • A fraud hotline or some way to receive tips on fraud (important since tips are number one source of discovery of fraud)
  • Surprise internal audits
  • External audits

Conducting even an informal risk assessment periodically can be helpful in assessing what controls are in place and whether some should be added. It is not practical to have controls that would prevent all fraud as it would be too expensive, so it’s important to find a happy medium.

Small nonprofits are limited in the extent of internal controls they can have but there are some basic controls and segregation of duties they can implement. To learn more about how to implement anti-fraud controls in your organization, contact your Aronson advisor or Craig Stevens at 301.231.6200.


Related Articles:

Fraud Considerations for Nonprofits: Part 4 – Fraud Detection and Prevention

nonprofit-fraud-icon-01Any discussion of prevention and detection of fraud begins with the concept of good internal controls. Internal control is broadly defined as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  1. Effectiveness and efficiency of operations
  2. Reliability of financial reporting
  3. Compliance with applicable laws and regulations

According to a COSO report, “Internal Control – Integrated Framework,” the 5 components of internal control are:

  • Control Environment – Effectively the tone at the top. Does the Board and top management display good ethics and their commitment to internal controls.
  • Risk assessment – The on-going identification of risks and forming a basis to manage them
  • Control Activities – Actions established by policies and procedures to mitigate risk. These are the nuts and bolts of internal control such as segregation of duties, separate reviews etc.
  • Information & Communication –Methods to ensure reliable and accurate information is utilized and responsibilities are communicated.
  • Monitoring – Ongoing evaluation to determine if controls are functioning and policies are followed.

If you want to know more about the COSO report referenced without buying the full volume, a Google search will yield a variety of results analyzing the report in detail.

For more information about occupational fraud in nonprofit organizations and associations, please contact your Aronson advisor or Craig Stevens at 301.231.6200.


Related Articles:

View Archives

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 12 other subscribers

Latest Webinar Videos