New Internal Control Requirements under Uniform Guidance

Stacey Nelson

By: Stacey Nelson

Under Uniform Guidance, non-federal entities are required to implement the new administrative requirements and Cost Principles for all new federal awards. The updated federal regulations can be found here. A primary emphasis under Uniform Guidance is the increased focus on internal controls, and one of the biggest challenges facing many organizations is the change in the requirement to document the organization’s internal controls.

2 CFR 200.303 states the entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the entity is managing the Federal award in compliance with Federal statutes, regulations and terms and conditions of the Federal award. While not seemingly a significant departure from the previous requirement, the regulations specifically require written procedures to ensure compliance with cash management requirements and allowable costs and also written standards of conduct addressing conflicts of interest and individuals engaged in procurement decisions.

Though the guidance specifies only these areas to be documented in writing, best practices are to maintain written documentation of the internal controls over all compliance requirements applicable to the organizations Federal awards. Section 200.303 of the Uniform Guidance suggests using the Standards for Internal Control in the Federal Government (Green Book) or the Internal Control Integrated Framework (COSO) as guidance to be followed when designing and implementing your internal control procedures.

Documenting your controls may seem like a tedious task, however, due to the increased emphasis under the new Uniform Guidance rules, it is one that you can’t afford to ignore. Please contact your Eide Bailly service provider with any questions you may have.

Addressing Fraud Risks

hand-in-cookie-jarWhile performing audits of nonprofits, we work with management of organizations to identify risks that may cause the financial statements to be materially misstated due to fraud. Sometimes these conversations start with the executive director or other member of the management team claiming they have no risks of fraud, because their employees are all committed to the mission of the organization and would never steal from them. Maybe their bookkeeper has been there for years, and they have complete trust in him/her.

Unfortunately, that is an environment that can be conducive to fraud. When management is unable to look at the situation dispassionately, without putting personalities and personal feelings into it, a fraud can occur. All too often an embezzlement of thousands or hundreds of thousands of dollars is uncovered and it is the trusted bookkeeper or long-time employee who hatched the scheme.

Strong organizations identify the risks of fraud and put controls in place to mitigate those risks. Board members and management evaluate the controls to be certain they are being followed. They ask questions and investigate things that don’t look right. They understand the controls protect their employees as well as the organization. Many nonprofits use outside consultants to perform an internal control examination to address process weaknesses – before the shock of a fraud is uncovered.