NonProfit Risk Management: Establish a Controlled Environment!

Tim Gaffney, Georgia NonProfit Insurance Problem Solver

As Georgia nonprofit insurance problem solvers, our goal is to make it easy for local nonprofits to secure the right insurance for less, and minimize risk of future loss in the process!

Because the holidays are a peak-season for nonprofit campaigning, donations and gift-giving, risks for employee theft and/or mishandling are on the rise.

A proven method to manage employee risks and reduce a nonprofit’s risk of potential loss, according to Kathryn Berk’s article, “Preventing Employee Theft,” is establishing a controlled environment within your organization. This environment should be supported with a good internal control policy with four general objectives: authorization, recording, safeguarding and accountability.

What are the Four Components of a Controlled Environment?

1. Authorizations and Approvals.

First and foremost, you want to be sure that the all your transactions align with the organization’s intentions by maximizing use of your authorizing and approving practices.

Authorizations are typically done in advance. If you don’t authorize transactions on an individual basis, have a clear policy stating what is or is not authorized before it moves forward in your financial process. Approvals, on the other hand, come after the fact. Once a transaction has occurred, make sure a superior is reviewing the transaction to make sure it meets the organization’s specified requirements. (Important note: These requirements can only be specified if you take the time to clearly convey, share and communicate them first!)

Please avoid letting your authorization or approval processes revert to an automatic rubber stamp!

2. Recording

Once a transaction is authorized, it’s imperative that it is recorded properly. This means that it must be recorded in the proper accounting periods, for the correct amount and applied to the appropriate accounts.

The controls that you set for your recording process should focus on documents including shipping records, purchase orders and sales invoices, in addition to books of accounts such as the general ledger, subsidiary ledgers and journals.

3. Safeguarding

This stage of a controlled environment is means to ensure that access is limited to only authorized persons under proper controls. Do you currently control access to storage facilities, asset inventories and financial records?

Without controlled access, you give up a degree of your own control and increase your organization’s risk exposure.

4. Accountability

Implementing accountability processes allows you to detect when your controlled environment has been breached and/or fraud has occured before permanent damage is done. These process ensure that your preventative controls are functioning as intended. Generally, this involves some type of comparison–whether it’s asset records verses assets themselves, accounting records verses supporting documents, or general ledger accounts verses subsidiary ledgers and journals.


Part of leading your nonprofit toward a future of success and expansion requires managing risks that come with the territory. Thus, it’s important to create a “control environment,” or an infrastructure and ethos that reinforces the idea that everyone is a part of reducing your organization’s risk and loss.

It’s a great idea to revisit your internal processes to make sure you’re promoting and supporting the idea of a controlled environment. We suggest taking a look at this Internal Controls Checklist for Nonprofits to better evaluate your current situation.

Protecting your nonprofit is the mission of our metro Atlanta nonprofit insurance problem solvers! Please contact us if you’d like to discuss your current coverage or Request a FREE proposal of cost and coverage!

Visit us online at or call us at 678.297.7977! 


Source: Kathryn M. Vanden Berk, ” Preventing Employee Theft, Tips to minimize your risk of Loss.” Published In: Issue 3 – 2009 via 

December 11th, 2012 by Georgia Non-Profit Insurance