One saying that’s been used in our organization for years is “If it’s not documented, it’s not done.”
Documenting your processes and procedures is important for efficiency and effectiveness. From a risk-management standpoint, it is also imperative. Consider what would happen if your key financial person was suddenly out for three months—a realistic possibility that has affected many ministries in the past. Would your ministry be prepared to have someone step in and continue providing the same level of financial service without significant difficulty?
The Sarbanes-Oxley Act of 2002 is commonly thought to only impact for-profit companies. However, it contains two provisions that apply to all corporations, including nonprofits: (1) whistleblower policies and (2) document retention and destruction policies. This reflects the importance that should be placed on documentation—not only what you document, but how long you keep documentation and how you dispose of it when an appropriate amount of time has passed.
If you don’t have effective written documentation in place, start by considering the following:
Corporate and administrative matters
- Are you in compliance with your governing documents, such as the bylaws or constitution?
- Do you have a conflict of interest policy, and are questionnaires completed annually by board members as well as individuals in leadership?
- Have you adopted an accountable reimbursement plan to allow for non-taxable reimbursement of expenses?
- If anyone in the church creates intellectual property (such as books, music, or dramatic presentations), do you have a policy identifying the owner of those works?
Human resource matters
- Do you have a personnel manual? Are employees required to sign that they have read and understood its contents?
- Are you consistently enforcing personnel policies?
- Who is responsible for confirming that all employment laws are being followed?
Consider documenting the following processes:
Ensure leadership has brainstormed the various risks related to the organization, identified those of greatest concern, considered options to mitigate the risks, and created a monitoring policy to verify those practices continue to operate as planned.
Document how money comes in and how it is controlled. You certainly have contributions, but even those amounts could be received through offerings, online, or in other ways. You also have various forms of program revenue, and those amounts can sometimes be the most difficult to control because you may not be certain when and how the funds will be collected. Create written procedures for handling cash received and distribute the instructions to anyone involved in those processes.
This is one of the most common areas in which fraud is committed. Review your current practices to ensure suitable segregation of duties are in place and document those procedures so everyone understands their role. You don’t want to put the ministry—or your employees and volunteers—at risk.
Payroll processing should not only be well-documented for the sake of internal controls, but also from a procedural standpoint. Many of your employees will not be able to wait long if the person who normally processes payroll is unable to complete the task. Make sure that passwords, while still secured, are available to more than one person, and that others are cross-trained to perform these functions should the need arise.
General ledger activity
The process for recording journal entries, preparing month-end reconciliations, and generating monthly financial reports should all be thoroughly documented to include specifics related to your software. This is an area where efficiency will be most evident. Someone will eventually figure out how to perform these tasks, but having adequate information in a procedures manual will make it much easier.
After you have considered the items above, the next steps are to:
- Review corporate policies and make sure all needed documents are in place.
- Update the personnel manual as well as the accounting policies and procedures manual.
- Verify that you have a record-retention policy and that you are in compliance with it.
- The lists above are not meant to be exhaustive; rather, they should encourage you to think about the operations in your own organization and what may be necessary. You may also want to retain an expert to help you, such as an attorney, accountant, or human resources specialist. It is better to be proactive, and paying a small amount now may save you a lot of staff time or a larger bill later.
- Once you have documented the policies you understand to be important, make sure you have a routine process for updating them. Overall, it takes less effort to keep documentation up to date than it does to start over from scratch every few years. This is not an exercise in which you can check something off a list and never revisit it.
- This process is for yourself, your staff, and anyone who may follow after you. Trust me, you will be appreciated for your efforts!