Making sure that the interface with the bank is properly managed and protected has always been key, and has become even more significant as e-banking offers so many different ways to access the money in your organisation’s accounts. Guidance used to consist largely of ‘make sure all cheques require at least two signatories, and never pre-sign blank cheques’ which is still very good advice, but there is a bit more to consider now.
You will need to have policies and procedures in place for:
Because this is an area that is so vulnerable to fraud, control should sit with the board of trustees to authorise any substantial changes to banking arrangements, and this is an area where you are going to want to include more detail in the trustee approved procedure.
It is worth stating the good housekeeping aspects explicitly, in particular that bank accounts should only be used for the organisation’s business, and that only duly authorised officials of the organisation can open or close bank accounts in its name.
You will need to check with your bank about the procedures for authorising online payments. The template procedure is worded for the situation where one person has ‘write only’ access and two other people then authorise payments above a certain level, but your bank may operate differently.
When you’re thinking about who can make payments, it’s often useful to pick a low-level sum that can be signed for by one person just to keep the day-to-day business ticking over. In these circumstances, you should have an additional check and balance, for example the invoice being approved by someone else, or an independent monthly check of these payments.
Processes often build up through custom and practice, rather than being designed and written down and so controls may be missing or may lapse as details are not passed on properly.
You might want to map your standard payment process and check that the right controls are in place, and are evidenced for the person making the payment. When you’re making a payment, as well as being confident you’ve got the money in the bank, you need to know:
Some organisations like having a stamp that people initial – but others find that too bureaucratic.
Then when the payment has been made - you need to evidence that so that it doesn’t get paid twice.
It is also good to do a similar mapping exercise for approving standing orders and direct debits.
You need to make sure that cardholders have a clear understanding of what types of purchases are allowed. It may seem obvious to state that cards can only be used for purchasing goods on behalf of the organisation and by the named cardholder, but experience shows that it is a message worth reinforcing.
The decisions you need to make before writing your procedures are:
You then need to set up the reporting process. You will probably use quite similar forms to your expense claims, with the same requirements for reporting monthly and submitting receipts for all transactions. People are often slow with completing their credit card reports, which delays the whole monthly reporting process so you will have to work out how to encourage them.
Your credit card company will probably get each individual to sign a contract, but it is a good idea to have your own cardholder agreements which cover your policy and reporting procedures to make sure that everyone is completely clear about their responsibilities.
This used to be a crucial area for control when all payments were received in cash or cheques. It is less significant now, and, as with any control, you should balance the risk to the organisation with the resource required to carry out the control, but if you still get a lot of donations through the post, you need a disciplined approach to post opening. The key elements are that two unrelated people open the post, and that the amounts received are recorded and verified.
Finance and fundraising will both have an interest in the information recorded, and you don’t want to be duplicating effort, so get everyone involved in thinking through a joined-up process in the best interests of the whole organisation.
The template procedure assumes a high level of cash and cheques received through the post.
Procedures on events and collections cut across the boundaries of finance and fundraising – this guidance is looking at it from a finance perspective, but any procedures you write will need to work for both functions.
The Charity Commission publications are helpful on this:
Given the range of fundraising activity, generic procedures would not be particularly helpful, but there are some principles for you to bear in mind:
Petty cash tends to absorb disproportionate time and cause trouble. Some organisations have dispensed with it altogether and use their debit/credit cards or expenses for petty expenditure. You might want to think about whether this would work for your organisation.
If you do need it, the key thing is to set up a clear system:
You should list the basic records that you need to keep to discharge the trustees’ responsibilities. These will differ from organisation to organisation, depending on your accounting system and what you call your files. If you aren’t sure, you could ask your independent examiner what paperwork they review at year-end because this will be a pretty good guide as to what’s necessary.
Your processes would not usually form part of something approved by the trustees (though you may have a treasurer who could help you with the task) but are more in the form of a working document to help you communicate how finance happens in your organisation.
You should map out your main accounting processes and procedures, starting with any that you think might be a bit risky. It can be difficult to know where to divide processes, for example what the precise cut off is between the purchasing and payment processes, but it will be different for each organisation, so just pick a cut off that makes sense for you.
It can be helpful to imagine that you are explaining the process to a new person, particularly if you are wondering whether the right controls are in place, because you then need to think how you would check to make sure this new person was getting it right.
One good way of recording processes is with sticky notes for each stage - you could write that up or simply take a picture. Otherwise bullet points, checklists or flowcharts are good. See our guidance on policies and procedures for more ideas.
You should also create a table of your regular tasks and when they are due, such as:
Last reviewed: 30 May 2019
Help us improve this contentGet regular updates on NCVO's help, support and services