Charity Commission guidance on internal financial controls

Did your charity review its internal financial controls?

This is a question a Charity must answer Yes or No, when submitting its annual return and Accounts at the Charity commission annually.

What does this mean?

A charity must confirm whether or not it has reviewed its financial controls during the financial reporting period. Charities should ensure that they have appropriate financial controls in place which are reviewed regularly to ensure that they are up to date and effective.

As a matter of good practice, we recommend that a charity reviews the effectiveness of its internal financial controls annually. The following is guideline CC8 from the Charity Commission on how to do that.

Internal financial controls for charities



  1. Self-assessment checklist
  2. Some key issues, monitoring arrangements and risk of fraud
  3. Income
  4. Purchases and payments
  5. Assets and investments
  6. Self-assessment checklist

The questions in this checklist are designed to help charity trustees and their advisers evaluate the charity’s performance against the legal requirements and good practice recommendations set out in the commission’s guidance on internal financial controls for charities. Trustees should review their charity’s performance at least once a year.

Each of the questions on the checklist links to a paragraph of the guidance, where further details can be found. Not all the controls listed will be appropriate for all charities, for example, where a section of the checklist deals with an area of activity that the charity does not undertake then that section of the checklist will not apply.

Charities must always comply with legal requirements and these requirements are identified in the checklist. A ‘yes’ answer for good practice recommendations does not mean there is no scope for further improvement. A ‘no’ answer does not always indicate a problem. It may be that the charity has not put in place a particular control because the risk involved is small and the potential loss is acceptable, given the cost that would be involved in putting in place stronger internal controls.

Finally, the answers in the checklist should be based on the trustees’ knowledge of what actually happens in the charity and not what they expect to happen. Having an internal control in place is only part of the picture. It must operate in practice to be effective.












  1. Some key issues, monitoring arrangements and risk of fraud
2.1 Financial controls throughout the charity Yes No
Is the segregation of duties to provide ‘double check’?
Do the trustees carry out an annual review of the internal financial controls?
2.2 Monitoring activities Yes No
Are the budgets of income and expenditure prepared, and approved by the trustees?
Is performance measured against budgets at regular intervals and explanations sought for variances?
2.3 Internal audit and audit committee Yes No
Have the trustees considered the need to appoint an internal auditor or set up an audit committee?
2.4 Information and communication Yes No
Are the trustees provided with regular information about the financial performance of the charity?
Do the trustees discuss the financial performance of the charity at each of their meetings?
Are terms of reference in place for any finance sub-committee, or similar sub-groups of the trustee board?
Does any finance sub-committee report to the full board of trustees for final decision making?
2.5 Trustees’ responsibilities Yes No
Are sufficient accounting records kept of all transactions? (legal requirement)
Have the trustees considered the need for a reserves policy and put in place a reserves policy if one is needed? (legal requirement)
Do the accounts comply with legal requirements? (legal requirement)
Are the accounts formally approved by trustees at an annual meeting?
Have the trustees appointed an auditor or independent examiner? (legal requirement)
Are newly appointed trustees given a copy of the latest accounts?
Do the trustees file the annual report and accounts and annual return on time? (legal requirement)
2.6 and 2.7 Managing the risks of financial crime and abuse Yes No
Are trustees and staff made aware of why the charity is at risk from financial crime and abuse and of typical examples of potential fraudulent activities?
Does the charity have an anti-bribery policy, policies on the acceptance of hospitality, the acceptance of donations and a register of interests in place?
Does the charity have policies and controls over access to and storage of electronic information?
Does the charity have computer programmes to protect its data and systems from

external interference?

Does the charity have procedures for reporting suspicions internally, and to the commission and the police?


  1. Income
3.1 Income received in the post Yes No
Is the incoming post opened in the presence of two unrelated people?    
Are all incoming cheques and cash recorded immediately?    
Does the charity keep unopened mail secure?    
3.2 Income from public collections and fundraising events Yes No
If the charity undertakes public collections or fundraising events:    
• are public collections undertaken within legal requirements? (legal requirement)    
• are collection boxes numbered and their allocation and return recorded?    
• are all collection boxes sealed?    
• are all collection boxes regularly opened and counted by the charity and a record kept of their locations and history of takings?    
• are collections counted in the presence of the collector and a receipt given to them?    
• are two unrelated people involved in counting and recording the income?    
• is cash banked as soon as possible and without deduction of expenses?    
• are records maintained for each fundraising event?    
For ticket incomes are:    
• tickets pre-numbered?    
• records kept of all persons issued with tickets to sell, and which ticket numbers they have been allocated?    
• records kept of which tickets sold?    
• reconciliations made of money received against tickets sold?    
Has the charity complied with Part II of the Charities Act 1992 where professional fundraisers are engaged? (legal requirement)    
3.3 Gift Aid donations Yes No
Does the charity maximise the lawful take-up by its donors of Gift Aid?    
Are regular checks made to ensure all eligible tax repayments are obtained?    
Does the charity keep the records required by HMRC for Gift Aid claims?    
3.4 Legacies Yes No
Does the charity identify and monitor the receipt of large legacies and ensure that they are correctly included in the accounts?    
3.5 Tainted charity donations and substantial donors Yes No
Has the charity kept the necessary records to identify transactions with ‘substantial donors’ for donations received up to April 2011? (legal requirement)    
From April 2011, have the trustees put in place procedures to identify ‘tainted charity donations’?    
3.6 Trading income Yes No
If the charity undertakes trading activities (either trading in furtherance of its objects or non‑charitable trading):    
• if the level of non-charitable trading is significant is it carried out in a trading subsidiary?    
• does the charity have a pricing policy for the goods and services supplied?    
• does the charity have invoicing procedures for goods and services supplied?    
• does the charity review outstanding debts and collection procedures?    
• are there procedures to reconcile amounts invoiced and cash received to outstanding invoices?    
3.7 Banking and custody procedures Yes No
Are incoming receipts banked promptly?    
Is insurance held to cover the contents of the safe or cash box and cash in transit?    
Are funds banked without deduction of expenses?    
3.8 Checks on income records Yes No
Are regular checks made to ensure income records agree with the bank paying-in books and statements?    
Are checks made by someone other than the person who made the entry in the

accounting records?



  1. Purchases and payments
4.1 Controls and authorisation of expenditure on goods and services Yes No
Is there a written policy on the authorisation of expenditure?    
Are invoices received checked against orders confirming pricing and the receipt of the goods or services ordered?    
4.2 Controls and authorisation of expenditure on grants Yes No
If the charity makes grants, does it have a grant-making policy?    
Does the charity make and monitor grants in accordance with the grant-making policy?    
4.3 Payment by cheque Yes No
Does the charity follow any stipulation in the governing document about who can sign cheques?    
Does the bank mandate require at least two signatories?    
Is there a practice of not signing of blank cheques?    
Are cheque books etc kept in a secure place with access only by nominated persons?    
Are any monetary limits placed on an individual’s signing recorded in writing?    
Is all cheque expenditure recorded in the cash book and noted with the relevant cheque number, nature of payment and payee?    
Are cheques signed only with documentary evidence of the nature of the payment,

eg invoice?

4.4 Payments by debit/credit/charge card Yes No
Does the charity have a policy for the use of payment cards, including the criteria for their issue, spending limits and security?    
Does the charity communicate the policy for the use of cards to all trustees and staff using them?    
Are cards cancelled when the holder ceases to work for the charity?    
Is all card expenditure supported by vouchers and invoices and recorded in the accounting records each time the card is used?    
Are card statements sent to the charity finance team and checked to supporting records and invoices?    
Is the cardholder’s use of the card independently reviewed periodically to confirm its use is consistent with the policy?    
4.5 Payments by direct debits, standing orders and BACS direct credit Yes No
Are only named individuals authorised to set up direct debits, standing orders and

direct credits?

Does the charity use a dual authorisation system for BACS payments?    
Does the charity monitor the arrangements to ensure that automatic payment arrangements are cancelled when the goods and services are no longer being supplied to the charity?    
4.6 Payment in cash Yes No
Is every effort made to minimise cash payments?    
Are all payments by cash made from a cash float and not from incoming cash?    
Is supporting documentation authorised by someone other than the person maintaining the petty cash or the person making the claim?    
Are details of all payments entered in a petty cash book?    
Are regular independent checks made of the petty cash float and records?    
4.7 Wages and salaries Yes No
Are statutory deductions (tax and NIC) made from employees’ wages and salaries

and regularly forwarded to HMRC? (legal requirement)

Does the charity comply with minimum wage legislation? (legal requirement)    
Are any other deductions from salaries made only where they are required or authorised? (legal requirement)    
Are the end-of-year returns (P60 and P11Ds) completed and filed with HMRC by

the deadline? (legal requirement)

If the charity employs staff are the required pension arrangements in place?

(legal requirement)

Do all employees have contracts of employment?    
Are personnel records kept and held separately from wages records?    
Are salary levels properly authorised and recorded?    
Is there a system of authorisation for recording and notifying starters and leavers, changes of hours and other payroll changes?    
Are payments made by BACS?    
4.8 The payment of expenses and reimbursements Yes No
Does the charity have a written policy to cover the payment and reimbursement of expenses?    
Is the policy communicated to all trustees, staff and volunteers?    
Are expenses reimbursed only where the individual incurred the expense in the course of carrying out the charity’s business?    
Does the expense claim include a self-declaration that the claim is accurate and incurred on the business of the charity?    
Are reimbursements made by BACS transfer or cheque?    
If the charity pays mileage rates for travel are the rates in accordance with HMRC

approved rates?

4.9 Loans Yes No
Are the terms of the loan documented?    
Does the charity have a repayment plan in place to repay the principal and any interest due?    
4.10 Checks on expenditure records Yes No
Are regular checks made to ensure expenditure records are accurate and agree with the bank statements?    
Are regular checks made to ensure no discrepancies between the payments made and the original invoice or payment records?    
Are checks made by someone other than the person who made the entry in the

accounting records?



  1. Assets and investments
5.1 Controls over fixed assets Yes No
Is a comprehensive fixed asset list held and updated regularly?    
Are assets checked regularly to ensure they are still in good repair and are of use to the charity?    
Has insurance cover been considered?    
Is the use of fixed assets reviewed annually (to ensure put to best use and serving the charity’s interests)?    
5.2 Investments Yes No
Does the charity have an investment policy?    
Does this policy include the need to consider diversification of investments, including bank accounts?    
Is the performance of investments regularly reviewed?    
Is professional advice taken, where appropriate, on the selection or disposal of investments?    
Does the charity inspect investment properties to ensure tenant covenants are adhered to?    
Are there controls to ensure that all investment income due is received?    
5.3 Money held as a current asset Yes No
Are secure records held of all bank and building society accounts?    
Are bank statements regularly received and regular bank reconciliations carried out?    
Are instructions to open or close accounts properly authorised and reported to trustees?    
Are checks made to ensure that there are no dormant accounts?    
Are the accounts monitored to ensure there is no third party use?    
Do the trustees regularly review the costs, benefits and risks of their current and

deposit accounts?

5.4 Electronic banking Yes No
If the charity uses electronic banking to make payments does the system used require authorisation of transactions by two individuals?    
Are PCs kept secure with up-to-date anti-virus and spyware software and a personal firewall?    
Are trustees and staff made aware of the need to ensure that the charity’s security details (including the password and PIN) are not compromised?    
Is the PIN and password regularly changed, for example to mitigate the risks of

compromising security when individuals leave the charity?

Does the charity maintain a list of persons (trustees and staff) who are approved to have access to the PIN and password?    
Does the charity keep an audit trail of electronic banking transactions?    
Have those using online banking facilities been trained in their use?    
5.5 Non-traditional banking Yes No
If the charity uses non-traditional banking methods:    
• are policies set and approved by trustees defining the circumstances when non-traditional banking methods may be used?    
• is the use of such methods limited to essential transfers where traditional banking

methods cannot be used?

• does the charity keep an audit trail of non-traditional banking transactions?    
• does the charity ensure that the controls that are in place for its traditional bank

transactions also operate with non-traditional banking transactions?

5.6 Restricted funds and endowment funds Yes No
Are procedures in place to ensure that any restrictions put on the use of funds, by the donor or through an appeal, are observed?    
Does the charity ensure that the conditions attached to permanent endowments

are observed?