M+M 006: Financial Safeguards Every Growing Organization Needs

Last newsletter, we talked about the financial foundation of your organization - financial operations.

This week, we’re building on that by diving into a piece that often gets overlooked, especially on small teams.

Internal controls.

It might not sound exciting…but strong internal controls are one of the best ways to protect your organization, reduce risk, and build long-term trust with funders, your board, and your team.

Sadly, fraud can be prevalent at growing organizations and nonprofits + mission-driven businesses aren’t immune.

Let’s break it down.

What Are Internal Controls?

Internal controls are the processes you use to protect your organization’s assets, ensure accuracy in your financial data, and reduce the chance of error or fraud.

They help make sure the financial data you’re relying on is trustworthy.

This isn’t just about catching bad behavior. It’s about designing a system where things run smoothly, transparently, and with checks in place regardless of who’s handling the day-to-day.

When done well, internal controls:

• Catch mistakes before they become problems

• Reduce stress during audits or reviews

• Help you sleep better at night knowing your systems are working

Cash In: How You Handle Incoming Funds

If someone hands your organization a check or makes an online donation…what happens next?

Here are a few ways to ensure incoming funds are handled responsibly:

📬 Mail and Check/Cash Logs

If you receive physical checks or cash, it’s ideal for one person to open the mail and another to deposit it. But if that’s not possible, two people should at least open the mail together and log what’s received. This protects both the individual and the organization.

📩 Grant Letters and Donation Docs

Keep copies of grant award letters, donation confirmations, or pledge commitments. This documentation supports your revenue entries and helps reconcile expected vs. actual income.

🧾 Deposit Records

Every deposit should have a paper trail. Whether it’s a scanned check, a deposit slip, or a batch report from your CRM, save the documentation. This helps validate what’s recorded in your books.

If you have all three of these pieces of documentation, you can see how errors and fraud would be significantly reduced.

You’re tracking the money from the minute it was received to after it clears the bank. 

Cash Out: Managing Expenses and Payments

Most fraud (and many errors) happen on the expense side. Here’s how to tighten things up:

✔️ Separation of Duties

Ideally, one person approves the expense and another pays it. This isn’t always feasible for small teams though. 

At a minimum, someone other than the cardholder should review credit card purchases against statements each month. This simple habit can catch duplicate charges, unapproved spending, or coding mistakes.

📤 Invoices and Approvals

Have a clear process for invoice approval before payment. That might be via email, a shared doc, or a formal software system. The point is to ensure that someone sees and signs off on the expense before money leaves the account.

📄 Receipts and Documentation

It’s not enough to just have a charge in the bank feed. Every expense should have a receipt, invoice, or other documentation stored in a central place. Some organizations will set thresholds, like $25 or $50, under which no receipt is required but a business purpose is. 

What matters is that the policy fits with the realistic administrative burden your organization can absorb. Internal controls are always a balance between rules to follow and realistic time constraints.

Reconciliations + Reviews: The Final Check

Even if one person handles all the day-to-day entries, there should be a second set of eyes on the reports.

That could be a finance committee member, a board treasurer, or even a part-time contractor.

The key is If someone is recording transactions, a different person should review bank reconciliations and financial reports monthly.

This reduces risk and increases confidence in the numbers. If a transaction looks off, it’ll get caught early.

Don’t skip this. Reconciliations are where a lot of errors (and unfortunately, fraud) get discovered.

If you want more on reconciliations, check last week’s newsletter as we covered the five common types of reconciliations done at most growing organizations.

Start Small, Then Strengthen

You don’t need a 10-person finance team to put internal controls in place. You just need to be thoughtful and consistent.

I just installed internal controls at a fast-growing organization that’s doing ~$1.5m in annual revenue. They were headed towards their first audit as an organization.

With these controls in place before the audit, we were able to turn around nearly every audit request in 24 hours.

That made the process much smoother than trying to chase down documents or explain why we were missing things to the auditor. 

Here’s a good place to start if you don’t have anything in place:

✅ Two people reviewing incoming mail or logging checks

✅ A second set of eyes on credit card purchases

✅ Documentation for income, where applicable, and expenses

✅ Regular reviews of your reconciliations and financial reports

These are habits that build trust and transparency.

Installing these only gets harder the bigger your organization gets.

This ensures that your financial data is trustworthy and that you’re playing defense against fraud.

In most mission-driven organizations, trust is everything. If that’s lost then funds often dry up. What’s even more important is when you have a solid foundation for your financial data you can do amazing things with it.

More to come on that in a couple of weeks…

Up Next

Next week, we’ll talk about compliance (I know you can hardly wait!). This will cover required filings, audits,  business requirements, tax receipts (if you’re a nonprofit), insurance reviews and more.

These are things that need to be done to keep the doors open.

For now, take a few minutes to look at your current internal controls.

Even one small improvement could protect your organization in a big way.

-------------

If you'd like to chat, click here to schedule a 30 minute free consultation.

Not ready to chat? All good! Check out this list of 140+ nonprofit discounts!