Understanding key internal controls
Posted on 02 May, 2023 at 12:27
Non-governmental organizations (NGOs) often
operate in complex and challenging environments, where they need to manage
multiple sources of funding, comply with various donor regulations, and ensure
accountability and transparency. In such contexts, having effective internal
controls is essential to safeguard the NGO's assets, prevent fraud and errors,
and enhance the quality and reliability of financial reporting.
Internal controls are the policies,
procedures, and practices that an NGO implements to achieve its objectives,
mitigate risks, and ensure compliance. They cover various aspects of the NGO's
operations, such as governance, planning, budgeting, accounting, auditing,
reporting, procurement, human resources, and asset management. Internal
controls are not only about financial matters, but also about the culture and
values of the organization.
However, internal controls can be
challenging to understand and implement for many NGO finance staff, especially
if they lack adequate training, guidance, or support. Therefore, this blog post
aims to provide some tips and resources for NGO finance staff to better
understand key internal controls and how to apply them in their daily work.
Learning the basics of internal
control frameworks
One of the first steps to understand
internal controls is to familiarize yourself with the main concepts and
principles of internal control frameworks. These are sets of standards or
guidelines that provide a common language and structure for designing,
implementing, evaluating, and improving internal controls. Some of the most
widely used internal control frameworks for NGOs are:
The
COSO Framework:
This is a comprehensive framework developed
by the Committee of Sponsoring Organizations of the Treadway Commission (COSO),
which defines internal control as a process that consists of five components:
control environment, risk assessment, control activities, information and
communication, and monitoring.
The
IIA Standards:
These are professional standards issued by
the Institute of Internal Auditors (IIA), which provide guidance on the role
and responsibilities of internal auditors in assessing and enhancing internal
controls. The IIA Standards also include a code of ethics and a definition of
internal auditing as an independent, objective assurance and consulting
activity.
The
SPHERE Standards:
These are humanitarian standards developed
by the SPHERE Project, which aim to improve the quality and accountability of
humanitarian assistance. The SPHERE Standards include a humanitarian charter, a
set of minimum standards for four key sectors (water supply, sanitation and
hygiene promotion; food security and nutrition; shelter, settlement and
non-food items; health action), and a set of cross-cutting themes (protection
principles; core humanitarian standard; gender; environment; children).
- The HAP Standards: These are
accountability standards developed by the Humanitarian Accountability
Partnership (HAP), which focus on ensuring that humanitarian actors are
accountable to the people they assist. The HAP Standards include a set of
principles (respect; competence; honesty; transparency; participation;
learning), a set of benchmarks (policy; management system; information sharing;
participation; complaints handling; learning), and a certification scheme.
You can find more information about these
frameworks on their respective websites or publications. You can also use
online courses or webinars to learn more about them. For example:
- COSO Framework:
https://www.coso.org/Pages/default.aspx
- IIA Standards:
https://global.theiia.org/standards-guidance/Pages/Standards-and-Guidance-IPPF.aspx
- SPHERE Standards:
https://spherestandards.org/
- HAP Standards:
https://www.chsalliance.org/
Assessing the risks and gaps in your
current internal control system
Another important step to understand
internal controls is to conduct a risk assessment and a gap analysis of your
current internal control system. This will help you identify the areas where
your organization is exposed to potential threats or weaknesses that could
affect its objectives or performance. It will also help you prioritize the
actions that need to be taken to improve your internal control system.
A risk assessment is a process that
involves identifying the sources of risk (internal or external), assessing
their likelihood and impact, and determining the level of risk (high, medium,
or low). A gap analysis is a process that involves comparing your current
internal control system with the best practices or standards that you want to
achieve, and identifying the gaps or discrepancies that need to be addressed.