As  auditors  we are often asked for guidance on how to implement strong internal controls in small organizations. The key is to, at a minimum, segregate the four functions in the accounting process.

Sample Internal Controls by Accounting Function to Detect Fraud and Errors in a Small Organization


  • Invoices are approved by department heads prior to entry into the general ledger by the accountant.
  • Checks are approved and signed by the executive director prior to payment.
  • Payroll disbursements are approved by the executive director prior to payment.
  • Unopened bank statements are reviewed by the executive director or treasurer before passing them on to the accountant.
  • Expense reimbursements are approved by the employee’s supervisor and the executive director’s expense reimbursement is approved by a member of the board.


  • Cash is received and logged into a deposit sheet by the receptionist.
  • Deposits are made by the accountant.
  • Checks are kept in a locked location and only prepared by the accountant who is not a signer on the account.

Record Keeping

  • Only the accountant has write access to the general ledger, the executive director only has read access.
  • Deposits are entered into the general ledger by the accountant.
  • The executive director or treasurer reviews manual journal entries on a monthly basis.


Bank reconciliations, including the deposit sheet, bank statement and general ledger detail are prepared by the accountant and reviewed by either the executive director or the treasurer.

Monthly financial statements are reviewed by the executive director, department heads who approve invoices and the finance committee.

In addition to segregation of duties, an organization must also implement organization-wide policies and procedures. These policies and procedures provide additional oversight. For smaller organizations these are, at times, more easily implemented as they do not require significant staffing to accomplish.

Organization-wide Policies and Procedures


  • Require all employees to take at least 2 weeks of vacation per year.
  • Perform evaluations for all staff
  • Conduct background checks on all employees
  • Have separate passwords and usernames for all employees and require passwords to be changed at least annually.
  • Prepare an accounting policies and procedures manual
  • Implement a whistle-blower policy
  • Have an annual audit
  • Require all employees and board members to sign a code of ethics policy and provide ethics training on an annual basis.


  • Send thank-you letters for all contributions.  Ensure the letters are sent by someone outside of accounting.
  • Review monthly financial statements compared to budget and actual for the statement of activities and regularly review a statement of financial position.  Update budgets for expenses in proportion to actual decreases in revenues.
  • Establish a strong “tone at the top” so it is the rule that all employees act ethically, not the exception.
  • Be quick to prosecute fraud or unethical behavior when it occurs and let employees know about the consequences.

One might think that once the above segregation of duties, policies and procedures are implemented, the organization is surely protected from fraud and errors. It is important to remember that internal control is an ongoing process, not just segregation of duties. There are other factors the organization must consider.

A small organization can create an environment that deters and detects fraud and abuse by taking into consideration the concepts above. However, it is important to remember that there is not a one-size-fits-all approach, and the above concepts must be customized based on the facts and circumstances of the organization.

Learn more about our Audit Services