So often, when we think about grant management, we focus on reporting, reimbursement requests, and documenting all the work accomplished. And while those are all important aspects of that work, the often-overlooked facet is internal controls.
In fact, I’d argue that having and using good internal controls is the backbone of successful grant management. Simply put, internal controls are your agency’s accounting, auditing, and management processes used to ensure the integrity of the work you do. Good internal controls help safeguard your work – from the reporting and documentation of financial information to compliance with all policies, procedures, and regulations – both your agency’s and that of the funder.
• Unauthorized transactions;
• Destruction of critical data;
• Compliance violations;
• Waste and fraud; and
• Overpayments.
Internal controls put safeguards in place so that risk is minimized while reliability and accuracy are maximized.
(1) Control Environment
Your board of directors should create the policies and procedures that govern your organization. These include things like procurement and travel policies, procedures for ensuring checks and balances, and processes to safeguard your resources (financial, human, and more). Then leadership within your organization must follow said policies and procedures while overseeing employees who do the same.
This creates a controlled environment that does all the things internal controls are meant to do.
(2) Risk Assessment
How do bad things happen (fraud, waste, and abuse) within an organization? It’s easy – an organization does not understand where its holes in the system are. It’s important for agencies, especially those managing federal grants, to assess the potential risk within its processes.
I mean, would you rather understand where the possibility for fraud is within your systems or wait for it to happen, a funder to clock the issue, and then require your agency to pay back grant funds?
So yes, assess your risk so you find the potential for problems and fix them before they cost you money and your reputation.
(3) Control Activities
Within your policies and procedures, you should have control activities that work to ensure processes are followed. These can include things like approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets, and the segregation of duties.
Let me give you an example. When I worked in local government and we were managing a large federally funded road construction project, anytime our selected contractor would submit an invoice it went through the following approvals before our finance department was authorized to issue payment:
• The Project Manager (typically one of our Engineering and Public Works Department employees) would review the invoice to ensure that the work we were charged was actually completed by the contractor;
• One of our Budget Managers (from the Finance Department) would review the invoice and compare it to the purchase order to ensure there was still funding available to pay the invoice;
• The Grants Administrator (that was me!) would look at the invoice to ensure that everything changed to the federal grant was an approved budget item;
• The Engineering and Public Works Director would review the invoice as well, as an extra set of eyes; and finally
• The Finance Director would take a look at everything to ensure that our procedures were followed and everyone approved the expense.
Yes, that is a lot of eyes, but having these procedures in place means the risk of making an unauthorized payment was slim to none. Internal controls remain valid because of control activities like these.
And yes, there are times when it seems like a lot of work and a right pain in the rear, but in the end, it saves you a headache (and sometimes horrible consequences) of making a mistake that may be impossible to take back.
(4) Monitor
How do you know that your process are working? You monitor them. Ways to do that include:
• Every time your agency is audited, you should look at your findings and determine if any of your internal control procedures need to be updated to prevent said finding in the future.
• Consider conducting your own internal audit. If you are managing federal grants, you want to “audit” both your agency’s processes as a whole as well as your specific processes for grant management. It’s probably a good idea to select your most gnarly grant and conduct a mock audit.
Your internal controls may be working today, but as your agency grows or shrinks (in terms of staffing, funding, and IT solutions), your ability to keep everything safe will change. So regular monitoring helps you find the places where changes may be required. Also, monitoring is a great way to conduct a risk assessment.
(5) Information and Communication
Internal controls can be complicated. Procedures often have step-by-step processes that involve multiple people. So how do you ensure every employee understands the role they play? Communication.
Everyone within your organization needs to understand how your processes work. And even more importantly, everyone needs to understand their purpose in the process. It’s not enough for a person to understand they need to sign off on an invoice for a contractor to be paid. They need to know that BEFORE they sign off, they are doing something to ensure the contractor should be paid in the first place.
Internal controls are necessary for every business, nonprofit, local government, hospital, university, and agency in the United States. But it is EVEN MORE IMPORTANT if your organization is a recipient of federal grant funds – because you are being entrusted with public funding AND it is the law.
This is outlined in section 200.303 of the Uniform Guidance, found HERE. I’m going to list it verbatim here:
(a) Establish, document, and maintain effective internal control over the Federal award that provides reasonable assurance that the recipient or subrecipient is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should align with the guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control-Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
(b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal award.
(c) Evaluate and monitor the recipient’s or subrecipient’s compliance with statutes, regulations, and the terms and conditions of Federal awards.
(d) Take prompt action when instances of noncompliance are identified.
(e) Take reasonable cybersecurity and other measures to safeguard information including protected personally identifiable information (PII) and other types of information. This also includes information the Federal agency or pass-through entity designates as sensitive or other information the recipient or subrecipient considers sensitive and is consistent with applicable Federal, State, local, and tribal laws regarding privacy and responsibility over confidentiality.
You’ll notice that while these federal guidelines do not tell you what your internal controls have to be, they still require that you have appropriate controls in place.
Do you know what internal controls your organization has in place? Do you know what your role in the process is? Do you know the last time your agency conducted a risk assessment or monitored your internal controls?
If you don’t know the answers to these questions, I highly recommend you meet with someone from your finance department and start having discussions. Use the fact that you are managing federal grants for your agency as an excuse to ensure the proper processes and procedures are in place. And if they aren’t, then share that it’s better for your agency’s employees to find the issues and fix them rather than your funder.
I’ve found that researching grant fraud and sharing news articles and case studies with my fellow employees often does the trick to expedite any changes needed with an agency’s internal controls – most examples of waste, fraud, and abuse take place because the proper checks and balances (internal controls) were not in place.
Internal controls really are the backbone to successful grant management, the secret sauce if you will – make sure yours are as effective as possible.
Check out all our episodes, and don’t miss any new ones, by subscribing on Apple Podcasts or Spotify today!
The Fundraising HayDay Podcast charted on the 90 Best Fundraising Podcast list compiled by Feedspot . In fact, we landed at spot #4.
Thanks to our listeners and supporters! This is such a passion project for us, and we trust you love it as much as we do.
You can find the entire lineup of 90 podcasts by clicking here.
Times are tough. Finding trusted information shouldn’t be. Get our weekly newsletter.
