Trust Is Not an Internal Control

April 14, 2017
• Posted in ,

Almost every time we tell a board of directors that an employee or volunteer has embezzled from a nonprofit, we hear some variation of, “How could this have happened? We trusted her!”

Well, it happened because you trusted her. Embezzlers don’t get away with it by acting suspiciously; they get away with it by building—and then exploiting—trust. If board members didn’t trust the embezzler, he wouldn’t have had an opportunity to steal in the first place.

Trust, but Verify

You can’t expect to prevent all thefts and embezzlements, but you can take steps to reduce their likelihood. Most financial losses could have been easily avoided or quickly identified if organizations have implemented basic financial controls, often referred to as “internal controls.” An internal control is a policy, practice or procedure that minimizes the risk of financial loss to your organization.

The internal controls that are appropriate for your organization will vary with its circumstances and operations, but there are certain internal controls every organization should adopt. You can find a list of our recommended internal controls for all organizations and additional resources on financial management for nonprofits (PDF) ».

Having internal controls is the most important part of building a culture of accountability where everyone is watching and being watched. That doesn’t mean you can’t trust your colleagues; it just means that you should also be routinely confirming that your trust is warranted. As the Russian proverb adopted by President Ronald Reagan advises, “Trust, but verify.” If you have a robust system of internal controls, you are on your way to verifying that your trust is warranted.