Have you ever known any staff or board members that get excited about the prospect of developing policies?  Probably not. Policy development and updates can sometimes fall to the bottom of the priority list, but this practice can significantly increase your organization’s risk.

A comprehensive approach to risk management would be to create an enterprise risk management plan (ERM).  The ERM plan should outline a holistic approach to managing risk across an entire organization in order to fulfill its integral role in the effective management of the organization. The plan should integrate many of your business functions such as finance, strategy, internal control, procurement, continuity planning, human resources, and compliance. This article focuses on financial operations and highlights the link between financial policies and their role in mitigating risk.

If complied with and properly customized to your organization’s needs, the following financial operations policies can contribute to a stronger risk control environment and help minimize the potential risks.


Risk Control

Potential Risk

Board Fiduciary Obligations

  • Ensure board members possess an adequate level of financial literacy and familiarity with nonprofit accounting principles
  • Outline responsibilities of board to protect assets, provide proper financial oversight, approve budget, and ensure appropriate internal controls are in place
  • Board members may fail to fulfill the required fiduciary obligations and place the organization in jeopardy
  • Recruitment of qualified members may be difficult if there is significant uncertainty regarding roles

 Financial Reporting

  • Establish a policy on financial statement preparation, frequency and due dates, types of reports, and ability to determine revenues, expenses and return on investment by program
  • Ensure that the chart of accounts structure provides needed level of detail and clarity
  • Establish policies on classification of net assets to properly account for unrestricted, temporarily restricted and permanently restricted net assets
  • Lack of timely and accurate  financial reporting hinder management and board members from discharging their responsibilities
  • Financial reports that lack clarity and utility to the readers may adversely affect the organization’s ability to thrive
  • Misclassification of net assets may adversely affect the organization’s ability to fulfill donor restrictions



  • Create guidelines for budget development to include a schedule for preparation, review, approval and subsequent revisions or forecasts. Include a process by which the budget is regularly compared to actual results and variances are investigated.
  • Lack of a structured budget development process may result in hasty development of budgetary amounts that lack sufficient background, detail and analysis. Failure to compare actual results to budgeted amounts may result in program failures and unapproved expenditures


Cash/Cash Flow

  • Document a process to monitor cash balances and cyclical fluctuations to ensure an adequate supply of operating funds
  • Organization may be forced to delay important expenditures or obtain costly interim funding resources



  • Establish an investment policy to document the organization’s expected return, acceptable level of risk, planned use and time horizon, prohibited investment vehicles, asset allocation, routine monitoring, frequency of investment changes, benchmarks and responsibilities of the investment advisor (if used), management and governance
  • Lack of a comprehensive investment policy may result in poor return on investments, lack of control over investment vehicles and heightened risk of loss of funds


  • Document planned use and amount of reserves, expected timeframes for additions and withdrawals, and designation for specific purposes
  • Without a plan for the use of reserves, there is a risk that they may not be sufficient to cover the eventual use and the investment vehicle may not be appropriate for the timeframe


Fraud Risk

  • May want to address fraud in a separate risk management plan but, at a minimum, establish a base level of adoption and compliance with policies on document destruction, whistleblower protection, code of ethics and conflict of interest (for board and senior management)
  • Lack of the basic components of a risk management plan may expose the organization to risk of audit and penalties by regulatory agencies, legal actions by employees, members or other constituents and reduced interest from potential donors

Audit Process

  • Determine the need and frequency for financial statement audits; document the process for selecting an audit firm and the review and acceptance of their reports
  • Absence of a documented audit process may increase the risk of fraud and noncompliance with grant and loan covenant requirements. Significant costs could be incurred if unnecessary audits are performed


Internal Controls

  • Develop, communicate and comply with detailed internal control processes for the major processes including cash receipts, payments, and payroll
  • Without the deterrent of well-developed and communicated internal controls, the risk of fraudulent activity may increase

As part of the development of the financial policies, a periodic review schedule should also be established to ensure policies remain up to date and reflect the current practices.

In order to be successful, any risk control effort must be encouraged by the leaders of the organization, including the board of directors and senior management. A culture of control and compliance will not grow unless these leaders demonstrate, through actions and words, their support for the process.

Creation of a comprehensive financial operations policies document would most likely address many other topics in addition to those listed above, however, these policies will form the basis of a strong culture of risk control and compliance. Not all financial risk is avoidable of course, but being prepared and having appropriate policies in place to minimize and transfer risk is key to a healthy organization.

Maureen Downs, CPA, serves as a chief financial officer in the Firm’s Outsourced Services department and can be reached at [email protected].


Is Your Organization Ready for Its Year-End Audit?

Posted on , updated on

Audit & Assurance12/11/2019

Preparing for your annual audit can be a bit of a juggling act as you work to close out the year, report preliminary financial results to your board and other constituents, while preparing for the audit. As you continue to prepare for your upcoming audit, here are several common areas to consider that hopefully will help facilitate a smooth audit, reduce any internal control findings, and minimize significant audit adjustments.

Tips on Improving Your Nonprofit’s Charity Watchdog Ratings

Posted on , updated on


Nonprofit Accounting-Tax-Technology10/02/2019


In this podcast, we discuss how charity watchdog organizations such as Charity Navigator, BBB Wise Giving Alliance, and GuideStar typically monitor and rate charitable organizations and what nonprofit leaders should be thinking about with respect to their organization’s ratings.

Resources Center

The Right Size, Right Fit