Nonprofit financial management operates under a unique set of pressures that for-profit businesses don’t face: legally segregated fund accounting, public disclosure requirements, IRS scrutiny of compensation and related-party transactions, and federal grant compliance obligations that go well beyond standard GAAP. A single internal control failure — a bookkeeper who both receives donations and prepares deposits, or grant funds spent on non-allowable costs — can trigger IRS investigations, grant clawbacks, and catastrophic reputational damage.

This guide provides the practical framework that small and mid-size nonprofits need to build financial controls that can withstand external scrutiny.

Nonprofit Internal Audit and Financial Controls

The Fundamental Principles of Nonprofit Financial Controls

Unlike for-profit entities where shareholders primarily absorb financial risk, nonprofit boards have a fiduciary duty to multiple stakeholders simultaneously: donors, grantors, beneficiaries, the general public, and regulatory bodies. This creates a higher standard of control environment than comparably-sized for-profit businesses.

Three fundamental principles underpin all nonprofit financial controls:

1. Stewardship: Every dollar spent must advance the mission. Financial controls exist to ensure that funds are used for their intended purpose, not diverted through negligence or fraud.

2. Transparency: The organization’s finances must be understandable and consistently disclosed to donors, grantors, and regulators. Form 990 public disclosure creates accountability that for-profits don’t have.

3. Sustainability: Controls must protect the organization’s long-term financial health, including adequate reserves, proper insurance, and sustainable expense structures relative to revenue.

Segregation of Duties: The Foundation

The most critical internal control is segregation of duties — ensuring no single person can both perpetrate and conceal a financial irregularity. The key incompatible duties to separate are:

Function A Must be Separate From Function B
Receiving cash/checks Recording deposits Making bank deposits
Approving invoices Writing/signing checks Reconciling bank accounts
Entering payroll Approving payroll Distributing paychecks
Authorizing credit card Recording transactions Reviewing monthly statements

The small nonprofit problem: A nonprofit with 3–5 staff members simply cannot achieve full segregation. The solution is compensating controls that substitute board involvement for additional staff:

  • Board treasurer reviews and approves all bank reconciliations monthly
  • Board requires dual signatures on checks above $5,000 (or $1,000)
  • Board finance committee reviews credit card statements quarterly
  • Annual audit or review by independent CPA

Restricted vs. Unrestricted Funds: The Critical Distinction

Under ASC 958 (the FASB standard for nonprofit financial reporting), all net assets fall into two categories:

Net Assets Without Donor Restrictions (formerly “unrestricted”): Can be used for any organizational purpose at management’s discretion.

Net Assets With Donor Restrictions (formerly “restricted”): Must be used specifically as the donor or grantor has designated — for a particular program, geography, population, or time period.

The Tracking Imperative

Failure to track restricted funds separately is not merely a reporting issue — it is a breach of fiduciary duty. Common violations include:

  • Spending a program-restricted grant on general and administrative expenses
  • Using time-restricted funds before the specified period begins
  • “Borrowing” from one restricted fund to cover another’s shortfall

The accounting system must track restricted balances by fund at all times. Dashboard reporting that shows total cash but obscures fund-level restrictions is inadequate.

Form 990: The Public Accountability Document

Form 990 is the annual information return filed by most 501(c)(3) organizations. It is publicly available through the IRS and websites like ProPublica’s Nonprofit Explorer, GuideStar, and Charity Navigator. Board members and donors use it to evaluate organizational transparency.

Key Form 990 disclosures that create accountability:

  • Compensation: The five highest-paid employees, with total compensation broken out by component
  • Program Service Revenue vs. Contributions: The mix of earned revenue and charitable contributions
  • Functional Expense Allocation: How expenses are allocated between program services, management & general, and fundraising
  • Governance Policies: Conflict of interest, whistleblower, document retention, and joint venture policies
  • Independent Contractor Payments: Contractors receiving $100,000+ are listed by name

The fundraising efficiency ratio (fundraising expenses ÷ total contributions) and program expense ratio (program expenses ÷ total expenses) are the two metrics most scrutinized by watchdog organizations.

Federal Grant Compliance: The Uniform Guidance

Nonprofits receiving $750,000 or more in federal award expenditures in a fiscal year must undergo a Single Audit under 2 CFR 200 (the Uniform Guidance). This is significantly more burdensome than a standard financial audit:

  1. Financial Statement Audit: Standard GAAP audit opinion on the financial statements
  2. Internal Control Over Compliance: Assessment of controls over compliance with federal program requirements
  3. Compliance Testing: Direct testing of whether the organization complied with all applicable federal award requirements (allowable costs, procurement, reporting, etc.)
  4. Schedule of Expenditures of Federal Awards (SEFA): A supplemental schedule listing every federal award expended during the year

Common audit findings in Single Audits:

  • Unallowable costs charged to federal grants
  • Missing time-and-effort documentation for grant-funded employees
  • Procurement violations (not getting comparable quotes for purchases above federal thresholds)
  • Failure to document equipment funded by federal awards

Each finding requires a formal corrective action plan and may affect future grant eligibility.

Building a Minimal Viable Control Environment

For small nonprofits (under $1M revenue) that cannot afford extensive internal controls infrastructure, here is a practical minimum:

Cash Controls:

  • ☑ All incoming checks endorsed immediately upon receipt: “For Deposit Only [Organization Name]”
  • ☑ Two-person mail opening and log for all incoming donations
  • ☑ Bank statements received directly by the board treasurer (not staff)
  • ☑ Bank reconciliations prepared by one person, reviewed by another (board member if needed)

Disbursement Controls:

  • ☑ Dual signatures required for checks above $2,500
  • ☑ No blank checks pre-signed
  • ☑ Original invoices required for all disbursements (no personal credit cards without receipt)
  • ☑ Expense reimbursements require receipts and business purpose documentation

Payroll Controls:

  • ☑ Payroll changes (new hires, terminations, salary changes) require written HR authorization
  • ☑ Payroll is processed by someone who doesn’t have access to physical paychecks or bank transfers
  • ☑ Board reviews a payroll register quarterly

Conclusion

Strong nonprofit financial controls are not compliance overhead — they are what protect the executive director’s personal reputation, the board members’ fiduciary standing, and the organization’s ability to serve its mission for the next decade. The cost of one fraud incident at a small nonprofit (in legal fees, lost donor confidence, and program disruption) vastly exceeds the cost of implementing the controls described here. Start with the compensating controls that involve the board in financial oversight, and build toward a complete internal control environment as the organization grows.

Frequently Asked Questions (FAQ)

Why are financial controls especially important for nonprofits?
Nonprofits are stewards of public trust and donor funds. Weak controls expose them to asset misappropriation, tax-exempt status loss, grant termination, and board member personal liability.

What is segregation of duties in a nonprofit?
No single person controls authorization, recording, AND custody of assets. Small nonprofits use board compensating controls (treasurer reviewing reconciliations, dual check signatures) as substitutes for additional staff.

What is the difference between restricted and unrestricted funds?
Restricted (net assets with donor restrictions) must be used for donor-specified purposes. Unrestricted can be used for any mission purpose. Commingling or misusing restricted funds is a serious compliance violation.

When is a nonprofit required to have an audit?
Federally, when expending $750k+ in federal awards (Single Audit requirement). State requirements vary ($500k–$2M thresholds). Many grantors require audits regardless of size.

What is Form 990 and what does it disclose?
The annual IRS information return for nonprofits, publicly available. Discloses revenues, expenses, executive compensation, governance policies, and related-party transactions.

What is a fiscal sponsorship arrangement?
An unincorporated project operates under an established 501(c)(3)’s tax-exempt status. The sponsor retains discretion and control over funds, takes legal responsibility, and typically charges 5–15% for the service.

What are the board treasurer’s financial responsibilities?
Oversight of financial management, presenting financial statements at board meetings, overseeing auditor selection, signing Form 990, and monitoring reserves — not delegating these entirely to staff.

What reserve policy should a nonprofit maintain?
3 to 6 months of operating expenses in unrestricted liquid reserves, per a formal board-approved policy that defines target levels and drawdown conditions.

What internal control weaknesses are most common at nonprofits?
One-person cash handling, no written expense policies, sole executive director check-signing authority, poor restricted fund tracking, and lack of board credit card review.

How does the Uniform Guidance Single Audit differ from a regular audit?
Adds compliance testing and internal control over compliance assessment to the standard financial statement audit. Findings require corrective action plans and may affect future federal grant eligibility.