Fraud-Proofing Your Private Foundation: Key Internal Control Measures
Managing the financial assets of a private foundation is no small task. With significant resources often tied to investments, foundations can be prime targets for fraud and financial mismanagement. In today’s fast-paced digital world, where transactions happen in the blink of an eye, relying on hope alone is not enough. Private foundations should proactively implement strong internal controls to prevent fraud, ensure compliance, and safeguard their resources. Effective oversight of brokerage accounts, in particular, requires comprehensive policies that minimize risks and promote transparency. Below are key internal controls that every private foundation should consider to enhance its financial oversight and security.
1. Segregation of Duties
One of the most important strategies for fraud prevention is the segregation of duties. By dividing critical responsibilities among multiple individuals, a foundation can significantly reduce the risk of unauthorized activity. For foundations managing their own investments without an external financial advisor, this might look like having the investment committee authorize trades, a designated individual such as the treasurer executing those trades, and a third-party accountant handling the recording and reconciliation of transactions. Furthermore, a separate person—ideally someone not involved in the trading process—should review brokerage statements regularly to confirm that all trades were properly authorized by the investment committee. This layered approach creates a system of checks and balances that increases accountability and reduces the risk of fraud or error.
2. Transaction Authorization
Implementing a multi-person authorization system for significant transactions adds an extra layer of security. Requiring approval from two or more individuals, such as members of the investment committee, ensures that no single person can act unilaterally. Many institutional brokerage accounts, like those from Charles Schwab or Fidelity, offer customizable security features that make this process possible. Unlike retail accounts, which are designed for individual investors, institutional accounts cater to organizations and offer advanced approval workflows—one person may initiate a trade, but another must approve it before execution.
For private foundations managing large financial resources, these measures are great safeguards. Even routine actions like transferring cash from brokerage to bank accounts can benefit from dual authorization, with one user initiating the transfer and another, such as a board officer, approving it. This not only protects the foundation’s assets but also promotes transparency and ensures that major financial decisions are appropriately vetted.
3. Real-Time Alerts
Real-time alerts are another effective control for monitoring account activity, especially when full dual-approval processes are not feasible. By setting up notifications with the broker for trades, cash transfers, or balance changes, foundations can ensure that key personnel are immediately informed of account activity. Alerts create an awareness system that enables quick identification of any unusual or unauthorized actions.
4. Regular Reconciliations
Regular reconciliations are essential for identifying discrepancies and ensuring that all transactions are properly recorded. By performing monthly reconciliations of brokerage accounts, foundations can detect errors or unauthorized transactions early. Additionally, this process provides an opportunity to verify that all major financial transactions were properly authorized by the investment committee, adding another layer of oversight. This practice not only keeps financial statements accurate but also serves as a valuable tool for fraud prevention and maintaining compliance with internal policies.
5. Access Controls for Brokerage Accounts
Controlling who can access brokerage accounts is a fundamental component of internal controls. Only key personnel—such as the CFO, treasurer, or designated members of the investment committee—should have access to these accounts. Role-based access, where permissions are granted according to an individual’s responsibilities, further strengthens security. For example, one person might have the authority to execute trades, while another has read-only access to monitor account activity.
Additionally, strong cybersecurity measures, such as multi-factor authentication (MFA), are crucial. MFA requires additional verification beyond a password, such as a mobile authenticator app, making it harder for unauthorized individuals to gain access. In an age of increasing cyber threats, these measures are vital to protecting the foundation’s assets.
6. Investment Policy Statement (IPS)
A well-defined Investment Policy Statement (IPS) acts as a roadmap for a foundation’s financial strategy. This formal document outlines the foundation’s investment objectives, risk tolerance, and asset allocation guidelines. For example, the IPS might specify a 60/40 allocation between equities and fixed income. By establishing clear boundaries, the IPS helps prevent speculative or high-risk investments that could conflict with the foundation’s mission. It also ensures that all parties, from the board to the investment committee, remain aligned with the foundation’s financial goals.
7. Board and Investment Committee Oversight
Regular oversight by the foundation’s board or investment committee is a critical element of internal control. These governing bodies should conduct reviews of the foundation’s investment accounts several times a year, assessing performance against benchmarks and ensuring risks are within acceptable limits. Detailed reports on performance metrics, risk factors, and adherence to the IPS should be reviewed to determine if any course corrections are needed. This ongoing oversight ensures that the foundation’s investments continue to align with its long-term objectives.
Seeking expert guidance? We're here to help!
At CPA KPA, we're passionate about magnifying the positive impact of foundations. Feel free to reach out to us anytime at 888-402-1780 for a complimentary and obligation-free conversation. You can also conveniently submit your questions and inquiries through our contact page. Let's connect today and explore how we can help your foundation have a lasting and meaningful impact!