Relay
    CustomersPricing
Log inRequest a DemoSign Up
Relay
Log inSign Up
September 28, 2023•7 minute read

7 Internal Controls Every Nonprofit Needs

Haley Davidson - Headshot
Haley Davidson - Headshot
Haley Davidson

SEO and Content Strategist at Sandbar SEO

Cover Image for 7 Internal Controls Every Nonprofit Needs

Written by: Haley Davidson

Haley Davidson is an SEO strategist, writer, and the founder of Sandbar SEO. Her passion is helping businesses harness the power of content to drive results. When she’s not working with clients, Haley loves learning about the newest tech trends and coaching aspiring freelancers.

Share this Article
In this article
  1. What are nonprofit internal controls?
  2. Does my nonprofit need internal controls?
  3. 7 internal controls every nonprofit organization should have
  4. Following through with nonprofit internal controls
  5. 🔐 Relay: Your money — protected
Topics on this page
    Cash Flow Management

Whether you're leading a small community organization or supporting one of the nation's largest nonprofits, effective internal controls are essential for accountability, transparency, and stability.

In the long run, these controls will ensure your nonprofit successfully fulfills its mission and makes a lasting impact. ❤️

That said, designing nonprofit internal controls from scratch can be a challenge. Nonprofit leaders already have to navigate complex regulatory requirements, from financial reporting to tax law. So where do you begin? 🤔

In this article, we'll help you get started with the strong internal controls every nonprofit needs.

What are nonprofit internal controls?

Nonprofit internal controls are systems, mechanisms, and procedures that help an organization manage risk while preventing errors and fraud. These written policies create a standard for how operations and financial activities should be conducted, ensuring that everyone is held accountable. 🔐

Internal controls are always applicable to the nonprofit's staff, but might also extend to the board of directors and outside vendors. These control policies are usually related to financial management, which means that anyone involved in handling the nonprofit's funds should have a clear understanding of them.

Example of a nonprofit internal control

For example, as a simple internal control, you might require that two people sign all checks. This helps to ensure the accuracy of payments and can help prevent embezzlement, theft, and other misappropriation of assets. 💰

Nonprofit internal controls can range from basic procedures like the above to intricate systems involving separation of duties, audits, and advanced digital security measures. The key is to strike a balance that safeguards your nonprofit's assets and integrity without stifling efficiency or productivity.

Does my nonprofit need internal controls?

The short answer is YES. Internal controls are crucial for nonprofits of any size. Even if you don't have enough staff or resources to create an extensive system, having some form of internal controls in place is better than nothing.

It's also important to bear in mind that your nonprofit might need different types of internal control depending on your unique situation. For instance, you may require more extensive measures if you have remote staff 💻 or work with high-risk partnerships and vendors. ⚠️

7 internal controls every nonprofit organization should have

Now, let's delve into the seven internal controls every nonprofit should consider implementing. These specific controls will help ensure your organization operates with transparency and accountability. 

1️⃣ Access to sensitive data

​This nonprofit internal control should limit access to sensitive information, such as financial statements, bank accounts, and accounting software. Ideally, all nonprofits should have a clearly outlined system defining who is allowed access to what kind of data. 📝

This control system might include policies like:

  • Changing passwords every 6 months

  • Limiting bank account access to specific individuals, such as your CPA and executive director

  • Requiring two-factor authentication for anyone accessing the nonprofit’s financial information

  • A regular, scheduled review of who has access to which type of data

You should also outline how access will be given—for example, via a password-sharing app or by sharing credentials over the phone.

If someone needs access to your nonprofit's bank accounts, this is particularly important. Depending on your bank, you might have only one set of login credentials to share, which is both inconvenient and extremely risky. Since you have no control over what that person can do once they're signed into your account, anything could happen. 😬

That's why Relay (hello! 👋) helps nonprofits control banking access with secure, role-based logins. 👥 Relay is an online banking and money management platform built for nonprofits like you—whether you want to give board members limited, read-only access, or need to fully delegate financial tasks to your accountant.

💡Read more: How safe is online banking?

2️⃣ Segregation of duties

This nonprofit internal control is all about separating specific duties within the organization to make things more secure. It requires more than one person to complete certain key tasks, such as approving payment and making the actual transfer. 💸

For example, instead of one person handling all the payroll duties, you can divide the responsibilities between three people: 

  • One individual enters payroll data

  • The second approves the data entry

  • The third person is responsible for distributing the paychecks

This breakdown ensures that no single individual has control over the entire process, greatly reducing the risk of fraud and human error. Segregation of duties is also an affordable security measure since it doesn't require specialized staff or new software. Just be sure all processes and duties are formally defined in a written policy. 📝

3️⃣ Monthly bank reconciliation

This internal financial control is one of the most important and effective ways to stay on top of your cash flow as a nonprofit. Bank reconciliation ensures that your nonprofit's financial statements are accurate by comparing the cash account balances with the bank statement. 📊

This task is usually done by the organization's bookkeeper. However, it's good practice to have an additional, internal staff member reconcile your accounts each month—that way, two different people are closely reviewing your financial records, ensuring a high level of accuracy. 🧐

While this can time-consuming, Relay helps nonprofits speed up bookkeeping and reconciliations with detailed transaction data—you'll see clean, standardized vendor names and categories for every transaction.

Plus, Relay's integrations with QuickBooks Online and Xero mean you (and your bookkeeper) will see the most up-to-date and accurate banking data every time you log into your accounting system.

4️⃣ "Surprise" internal audits

To both prevent and prepare for potential audits, it's critical to track expenditures, disbursements, fundraising income, and other financial transactions. But how do you know that your accounting records are accurate? 👀

A surprise internal audit could be the answer. This type of audit is exactly what it sounds like—it's when you have an independent auditor come and review your nonprofit's records without any prior warning. This can help your organization identify any areas that need to be tightened up before a real IRS audit.

You might already be required to do an independent audit each year, depending on your state's laws. Even if these rules don't apply to your organization, however, an annual internal audit can be a great way to make sure your processes are air-tight. 🙌

5️⃣ Physical security

For some nonprofits, this internal control is an obvious one. Depending on your organization's size and resources, physical security might mean a combination of locks on doors 🔒during the day (for staff safety), locked filing cabinets (to store confidential documents like blank checks), or even CCTV systems (for extra protection).

Even something as simple as implementing a check-out policy for credit cards and blank checks can add an extra layer of security. The most important thing is to have a clear, written policy covering physical security and make sure that all staff members are aware of it. 

6️⃣ Staff spending and expense reimbursement

Whether your team needs to pay for travel or make a last-minute supply purchase, it's important for nonprofits to properly manage employee expenses. 💸

Here are a few examples of nonprofit internal controls related to staff spending:

  • When possible, all purchases should be made with a company debit card (to limit the number of expense reimbursement requests)

  • Receipts must be submitted for all expenses over $5

  • For purchases over $200, explicit approval is required from your manager or the finance department

  • Expense reimbursement requests must be submitted within 30 days of the expense

For most nonprofits, it's unrealistic to think that the executive director will be able to pay all expenses with a single company credit card. 💳  But it can also be overwhelming to manage dozens of expense reimbursement requests each month (or distribute petty cash).

Issuing multiple debit cards for specific employees, programs, or projects can help—for example, if a certain staff member is leading a short-term project with lots of expenses, you could instantly issue them a virtual debit card with a set spending limit. 🙌

With Relay, you can issue 50 virtual or physical debit cards for specific purposes, whether it's for the marketing department or your newest education program. You can also set spending limits, and if you notice any suspicious activity, instantly freeze cards from your computer or phone. 📲

7️⃣ Background checks

According to one survey, 96% of businesses conduct background screenings before hiring, and not-for-profit organizations should be no different. Whether you're interviewing full-time staff or volunteers, a clear process for screening applicants is critical to your nonprofit's safety and security. 🔒

At a minimum, this should include verifying references and criminal background checks. Depending on your organization's operations and the roles you're hiring for, other types of screening might also be necessary. For example, if the role has anything to do with financial management or handling sensitive data, a credit check might be a good idea. ☑️

In this internal controls policy, be sure to outline how background checks will be stored and who has access to the results. You'll also want to double-check that your policy aligns with federal and state laws.

Following through with nonprofit internal controls

The key to successfully implementing nonprofit internal controls is to do it sooner rather than later. Your policies might not be perfect at first, but they can always be adjusted—just be sure to document any changes and communicate them clearly to everyone involved. 🗣️ 

Once you've created your nonprofit internal controls, it's important to stay consistent. That means setting clear expectations for employees and volunteers and enforcing your policies without exception. 📝 It might be tempting to overlook small discrepancies, but doing so can lead to bigger problems down the road.

Ultimately, whether you're managing a small nonprofit or an international organization, remember the purpose of these internal controls: risk management, accountability, transparency, and the long-term success of your nonprofit.

🔐 Relay: Your money — protected

Nonprofit organizations use internal controls to keep their finances safe and secure, but it’s not always easy. That’s why Relay’s online banking and money management platform is designed to help nonprofits stay on top of cash flow. 

At Relay, we help nonprofits keep their money safe with a combination of advanced security features like encryption technology, two-factor authentication, and more. Plus, our real-time transaction data means you can always stay on top of your finances—and quickly address any errors or discrepancies. 🔒 

Relay also allows nonprofits to speed up bookkeeping and securely collaborate with their financial advisors, like nonprofit accountant Ufuoma Ogaga. Ufuoma uses Relay to help her clients stay audit-ready, prevent fraud, and gain greater visibility into cash flow. 

With Relay, nonprofits also get: 

  • ✅ 20 individual, no-fee business checking accounts: Organize income, expenses, and cash reserves with multiple checking accounts—with no overdraft fees, maintenance fees, or minimum balance requirements. 

  • ✅ Automated savings: Relay helps you build your nonprofit reserves with automated savings. Plus, you’ll earn 1-3% APY1  on every dollar. 

  • ✅ Entirely online banking: Open checking and savings accounts, issue debit cards, and send and receive payments completely online—no in-person branch visits required.

  • ✅ 50 virtual or physical debit cards: Create new debit cards for specific projects and expenses, and get instant access to virtual debit cards for online and mobile payments. 

Ready to get started? Sign up for Relay today. 

More about the author
Haley Davidson - Headshot
Haley DavidsonSEO and Content Strategist at Sandbar SEO
Haley Davidson is an SEO strategist, writer, and the founder of Sandbar SEO. Her passion is helping businesses harness the power of content to drive results. When she’s not working with clients, Haley loves learning about the newest tech trends and coaching aspiring freelancers.View more articles by Haley Davidson

Related Articles

Cover Image for You Bought a Business—Now Here’s Wow to Modernize It
Guides & How-tos
You Bought a Business—Now Here’s Wow to Modernize It
By: Lisa Tanh
Cover Image for Scale Your Accounting Firm Without Burnout: 9 Systems
Insights & Trends
Scale Your Accounting Firm Without Burnout: 9 Systems
By: David White
logo
What is Relay
  • Business checking
  • Business savings
  • Profit First banking
  • Accounts payable
  • Expense management
  • Invoices
  • Payment Requests
  • Pricing
  • Integrations
  • Xero
  • QuickBooks Online
  • Gusto
  • Plaid & Yodlee
Accountants & Bookkeepers
  • Client banking
  • Partner program
  • Get certified
  • Guides
  • Accounts payable
  • Data security
  • Growth playbook
  • Becoming a cash flow advisor
Resources
  • Everyday business blog
  • Advisor directory
  • Advisor hub
  • FAQs
  • Bi-weekly webinar
  • Support center
  • Banking for real estate investors
  • Banking for e-commerce
  • Banking for home services
  • Banking for agencies
  • Switch to Relay
  • Cash Flow Compass
Company
  • About us
  • Customer stories
  • Careers
  • Affiliate program
  • Contact us
  • Why Relay
  • Trust Center
  • Safety & Security
Legal
  • Terms of Service
  • Privacy Policy
  • Deposit Agreement
  • Savings Account Agreement
  • Cardholder Agreement
  • Electronic Communications Agreement
  • Relay Visa® Credit Card Cardholder Agreement
  • Visa® Signature Card Rewards Program Terms & Conditions

Relay Financial Technologies, Inc. © 2026

Download mobile app from Apple app storeDownload mobile app from Google Play store

Relay is a financial technology company and is not an FDIC-insured bank. Banking services provided by Thread Bank2, Member FDIC. FDIC deposit insurance covers the failure of an insured bank. Certain conditions must be satisfied for pass-through deposit insurance coverage to apply. The Relay Visa® Debit Card is issued by Thread Bank, member FDIC, pursuant to a license from Visa U.S.A. Inc. and may be used anywhere Visa debit cards are accepted. The Relay Visa Credit® Card is issued by Thread Bank, Member FDIC, pursuant to a license from Visa U.S.A. Inc and may be used anywhere Visa credit cards are accepted.

1For Relay Subscription Plans with an interest-bearing deposit account, the interest rate and Annual Percentage Yield on your account are accurate as of 12/11/2025 and are variable and subject to change based on the target range of the Federal Funds rate. Fees may reduce earnings:

  • When you are subscribed to the Starter Plan, the interest rate on your savings accounts is 0.91% with an APY of 0.91%.
  • When you are subscribed to the Grow Plan, the interest rate on your savings accounts is 1.53% with an APY of 1.55%.
  • When you are subscribed to the Scale Plan, the interest rate on your savings accounts is 2.65% with an APY of 2.68%.

2 Your deposits qualify for up to $3,000,000 in FDIC insurance coverage when Thread Bank places them at program banks in its deposit sweep program. Your deposits at each program bank become eligible for FDIC insurance up to $250,000, inclusive of any other deposits you may already hold at the bank in the same ownership capacity. You can access the terms and conditions of the sweep program at https://thread.bank/sweep-disclosure/ and a list of program banks at https://thread.bank/program-banks/. Please contact customerservice@thread.bank with questions on the sweep program. Certain conditions must be satisfied for pass-through deposit insurance coverage to apply.

*Terms and conditions apply to the cash back rewards program. Monthly cash back rewards will be automatically deposited into your Relay checking account within 30 days of the end of the credit card billing cycle. ATM transactions, the purchase of money orders or cash equivalents made with your Relay Visa® Credit Card are not eligible for cash back. Please refer to the Visa® Signature Rewards Program Terms & Conditions for more details.

**Relay is not affiliated with SoFi, or OnDeck, and Relay’s privacy and security policies may differ from SoFi’s, and OnDeck's, privacy and security policies. Relay will be paid a fee from SoFi, and OnDeck if you obtain a product through either of these links. All rates, terms, and conditions vary by provider. Approval for a loan is not guaranteed.

Payment services (non banking/checking accounts or services) are provided by The Currency Cloud Limited. Registered in England No. 06323311. Registered Office: The Steward Building 1st Floor, 12 Steward Street London E1 6FQ. The Currency Cloud Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 for the issuing of electronic money (FRN: 900199).

Payment services in the United States are provided by Visa Global Services Inc. (VGSI), a licensed money transmitter (NMLS ID 181032) in the states listed here. VGSI is licensed as a money transmitter by the New York Department of Financial Services. Mailing address: 900 Metro Center Blvd, Mailstop 1Z, Foster City, CA 94404. VGSI is also a registered Money Services Business (“MSB”) with FinCEN and a registered Foreign MSB with FINTRAC. For live customer support contact VGSI at (888) 733-0041.

3 Please note that funds relating to Currencycloud's services are not FDIC insured or protected by the Visa Zero liability protection policy. In regards to Currencycloud's services when funds are posted to your account, e-money is issued in exchange for these funds, by an Electronic Money Institution who we work with, called Currencycloud. In line with regulatory requirements, Currencycloud safeguards your funds. This means that the money behind the balance you see in your account is held at a reputable bank, and most importantly, is protected for you in the event of Currencycloud’s, or our, insolvency. Currencycloud stops safeguarding your funds when the money has been paid out of your account to your beneficiary’s account.

All testimonials, reviews, opinions or case studies presented on our website may not be indicative of all customers. Results may vary and customers agree to proceed at their own risk.