Controls on financial assets and record keeping

Making sure that the interface with the bank is properly managed and protected has always been key, and has become even more significant as e-banking offers so many different ways to access the money in your organisation’s accounts.  Guidance used to consist largely of ‘make sure all cheques require at least two signatories, and never pre-sign blank cheques’ which is still very good advice, but there is a bit more to consider now.

You will need to have policies and procedures in place for:

• use of bank accounts
• who can authorise:
  • opening and closing accounts
  • change of signatories on the account
  • numbers of signatories required to make payments
  • who has responsibility for maintaining the records of all of this.

Because this is an area that is so vulnerable to fraud, control should sit with the board of trustees to authorise any substantial changes to banking arrangements, and this is an area where you are going to want to include more detail in the trustee approved procedure. 

It is worth stating the good housekeeping aspects explicitly, in particular that bank accounts should only be used for the organisation’s business, and that only duly authorised officials of the organisation can open or close bank accounts in its name.

Making payments

You will need to check with your bank about the procedures for authorising online payments. The template procedure is worded for the situation where one person has ‘write only’ access and two other people then authorise payments above a certain level, but your bank may operate differently. 

When you’re thinking about who can make payments, it’s often useful to pick a low-level sum that can be signed for by one person just to keep the day-to-day business ticking over.  In these circumstances, you should have an additional check and balance, for example the invoice being approved by someone else, or an independent monthly check of these payments. 

Processes often build up through custom and practice, rather than being designed and written down and so controls may be missing or may lapse as details are not passed on properly.

You might want to map your standard payment process and check that the right controls are in place, and are evidenced for the person making the payment.  When you’re making a payment, as well as being confident you’ve got the money in the bank, you need to know:

• that the purchase is in line with budget
• that the goods/services on the invoice were actually ordered
• that what was received matches what’s being invoiced (and the quality was satisfactory).

Some organisations like having a stamp that people initial – but others find that too bureaucratic.

Then when the payment has been made - you need to evidence that so that it doesn’t get paid twice. 

It is also good to do a similar mapping exercise for approving standing orders and direct debits.

Credit and debit cards

You need to make sure that cardholders have a clear understanding of what types of purchases are allowed.  It may seem obvious to state that cards can only be used for purchasing goods on behalf of the organisation and by the named cardholder, but experience shows that it is a message worth reinforcing.

The decisions you need to make before writing your procedures are:

• Do we want to define which roles should have a debit/credit card or decide it case-by-case?
• Who should authorise the card issue? 
• What limits should we set for single transaction/monthly spend?
• Should we set any limits on the types of expenditure or types of retailer? 
• Who should be responsible for checking that expenditure is consistent with your policy – the manager who authorises the form, or the member of finance staff who records the payments?  And what will happen if it is not?

You then need to set up the reporting process.  You will probably use quite similar forms to your expense claims, with the same requirements for reporting monthly and submitting receipts for all transactions.  People are often slow with completing their credit card reports, which delays the whole monthly reporting process so you will have to work out how to encourage them.

Your credit card company will probably get each individual to sign a contract, but it is a good idea to have your own cardholder agreements which cover your policy and reporting procedures to make sure that everyone is completely clear about their responsibilities.

Income through the post

This used to be a crucial area for control when all payments were received in cash or cheques.  It is less significant now, and, as with any control, you should balance the risk to the organisation with the resource required to carry out the control, but if you still get a lot of donations through the post, you need a disciplined approach to post opening.  The key elements are that two unrelated people open the post, and that the amounts received are recorded and verified.

Finance and fundraising will both have an interest in the information recorded, and you don’t want to be duplicating effort, so get everyone involved in thinking through a joined-up process in the best interests of the whole organisation.

The template procedure assumes a high level of cash and cheques received through the post.

Fundraising events/ticketed events/public collections

Procedures on events and collections cut across the boundaries of finance and fundraising – this guidance is looking at it from a finance perspective, but any procedures you write will need to work for both functions. 

The Charity Commission publications are helpful on this:

• CC8 Internal financial controls for charities section 3. Income
• CC20 Charity fundraising: a guide to trustee duties
• You should also be aware of the voluntary Fundraising Code of Practice and Fundraising Regulator.

Given the range of fundraising activity, generic procedures would not be particularly helpful, but there are some principles for you to bear in mind:

Events such as fetes

• Keep a record of all stalls and float amounts
• Create a standard form for the stallholder to record:
  • float
  • total takings
  • expenses claimed (ensure receipts are supplied)
  • net takings.
  • The Resource Centre have good forms for:
    • Single activity cash record sheet (pdf, 41KB) - to be completed by the volunteers running the activity/event
    • Cash record sheet for event with more than one activity (pdf, 39KB) - to be completed by each activity/stallholder
    • Cash summary sheet for event with more than one activity (pdf, 42KB) - to be completed by the organiser/treasurer
• At least two people counting takings for each stall
• Arrange insurance for takings
• Sort out arrangements for banking (coins are heavy – there may be health and safety considerations)

Public collections

• There are legal requirements from the Charity Commission when collecting from the public.
• Collection boxes should be numbered, allocation and return recorded
• Collection boxes should be sealed and if static secured in place
• Static collection boxes should be checked and emptied regularly
• Two unrelated people should count the contents of collection boxes

Ticketed events

• Tickets should be pre-numbered
• Keep a record of all people issued with tickets to sell, and the ticket numbers that have been allocated to each person
• Keep a record of which tickets have been sold
• Collect both money from tickets and any unsold tickets 
• Reconcile receipts against tickets sold

Petty cash

Petty cash tends to absorb disproportionate time and cause trouble.  Some organisations have dispensed with it altogether and use their debit/credit cards or expenses for petty expenditure.  You might want to think about whether this would work for your organisation.

If you do need it, the key thing is to set up a clear system:

• Identify who is in charge, and limit the number of people who have keys to the petty cash.
• Never let cash be taken out without a receipt or voucher to explain it.
• Be disciplined and ensure that the person in charge knows they have support at a senior level if people challenge the system or ask to bend the rules.
• Two people are to verify the cash balance monthly.

Accounting records policy

You should list the basic records that you need to keep to discharge the trustees’ responsibilities.  These will differ from organisation to organisation, depending on your accounting system and what you call your files.  If you aren’t sure, you could ask your independent examiner what paperwork they review at year-end because this will be a pretty good guide as to what’s necessary.

Accounting processes

Your processes would not usually form part of something approved by the trustees (though you may have a treasurer who could help you with the task) but are more in the form of a working document to help you communicate how finance happens in your organisation. 

You should map out your main accounting processes and procedures, starting with any that you think might be a bit risky. It can be difficult to know where to divide processes, for example what the precise cut off is between the purchasing and payment processes, but it will be different for each organisation, so just pick a cut off that makes sense for you.

It can be helpful to imagine that you are explaining the process to a new person, particularly if you are wondering whether the right controls are in place, because you then need to think how you would check to make sure this new person was getting it right.

One good way of recording processes is with sticky notes for each stage - you could write that up or simply take a picture.  Otherwise bullet points, checklists or flowcharts are good.  See our guidance on policies and procedures for more ideas.

You should also create a table of your regular tasks and when they are due, such as:

• bank reconciliation
• petty cash reconciliation
• payment run
• payroll (and payments to HMRC and pension)
• management accounts.