Charities – Annual Review of Internal Financial Controls

All charities are required by the Charity Commission to review their internal financial controls at least annually. In this article we explore why this is important and how charities can carry this out in practice.

Why are good internal financial controls needed? 

Charities of every size require suitable internal financial controls, as part of good governance. The nature of the financial controls will depend on the size and operations of your charity, and they should be bespoke to you. Robust financial controls can:

  • Ensure effective financial management, for example by keeping expenditure within budget and reviewing management accounts;
  • Protect the charity’s assets, for example by maintaining a fixed asset register and having appropriate insurance cover;
  • Protect the charity’s income, for example by having two people count cash and monitoring fundraising;
  • Safeguard against fraud, for example through bank reconciliations and dual authorisations;
  • Help the charity comply with legal duties to keep appropriate accounting records.

It is worth noting that the Charity Commission also considers that internal controls should cover “how you store personal data in line with UK GDPR”. This could be employee data, lists of donors, or information around beneficiaries.

All trustees are equally responsible for the overall financial management of the charity, although specific tasks can be delegated to the senior management team. As such it is important that the board take time to consider financial controls. All trustees, staff and volunteers should be suitably trained in the policies for financial controls.

The charity sector remains vulnerable to fraud, with 43% of charities reporting fraud or attempted fraud during 2023. In 67% of cases the fraud or attempted fraud was uncovered through internal controls, highlighting how important they are in protecting the charity.

A review of internal financial controls must be undertaken at least annually, However, if there are changes to the way your charity operates, a review should also be undertaken at this point. This could be significant, such as opening a new branch, or smaller developments such as implementing a new digital way of accepting donations.

How to carry out a review of internal financial controls

The key to producing a good review of internal financial controls is to understand how your charity operates. Consider the ways in which your charity receives income, for example donations through cash fundraising, ticket sales, legacies, or trading receipts, and ensure that controls are in place for each method. Consider the ways in which expenditure is made and paid for, and ensure controls are in place. Identify and record all resources and assets held and controlled by the charity (money, tangible fixed assets, personal data), and then consider the controls around those assets. 

With all controls, you should ensure they cannot be overridden by any one person. Ideally there would be segregation of duties, such as a separate preparer and reviewer or authoriser. If this is not possible, due to the small size of the charity, then the trustees could review reports periodically.

You will need good record keeping throughout all areas, and policies in place which are shared internally.

Key areas to consider: 


  • Ensure bank reconciliations are carried out at least monthly. These should be prepared and reviewed by separate people;
  • Ensure payment limits and dual authorisation are in place for online transfers and payments;
  • Keep online banking secure and regularly review those with access;
  • Keep cheques and cash secure, and bank these promptly.


  • Perform checks on donors, including anti-money laundering;
  • Raise invoices promptly and review outstanding debtors;
  • Keep good accounting records.


  • This is a wide-ranging area covering purchases, credit cards, grants and wages & salaries;
  • Ensure written policy of authority limits for expenditure;
  • Track expenditure against budget;
  • Maintain records as required by HMRC and employment law.

Assets, including funds

  • Maintain a fixed asset register;
  • Ensure insurance cover is adequate;
  • Authorise disposals of fixed assets and update records;
  • Keep records of restricted and endowment funds.

There may be other areas your charity needs to review depending on the nature of its operations.

The Charity Commission has extensive guidance detailing examples of internal financial controls in each significant area of your charity. The Charity Commission also provides a checklist which you may find useful to follow. These are both available here and the trustees may wish to read these:

Strong internal financial controls provide a robust working environment for your charity, allowing you to continue to provide the most value for your charitable purpose. 

Need help with charity accounting requirements?

We have a team of charity experts within West & Berry who can advise on internal financial controls and all other aspects of charity accounting. Please get in touch to discuss how we can help you.



Info from CC8:

BDO Charity Fraud Report 2023:


Are you ready for the wider roll out of IR35 changes?

IR35 changes were introduced in the public sector from 2017. A similar process is being rolled out for private sector organisations. Does it impact on your organisation and do you have processes in place? The Reason for IR35 changes Historically, an individual may have worked as a contractor or interim for an extended period and invoiced the organisation for their time each month rather than being on the payroll. As a result, their payment for services was not subject to PAYE rules and no income tax or national insurance was deducted. The new rules seek to overcome that loophole in those situations where the bulk of the income of the person providing the service comes from one organisation. The technical term is that they are “deemed employees” What’s Different? Companies acquiring the services of a contractor or interim will have to determine whether individuals are “deemed employees” rather than the service provider as was the case historically. If they are of the view that contractors or interims are “deemed employees” they will have to comply with PAYE regulations and make deductions in the same way as if they were employed. Exceptions The new regulations only apply to companies that are not SMEs. However, companies that meet at least two of the following criteria would not be able to use the SME opt-out:
  • an annual turnover of £10.2m
  • a group balance sheet of £5.1m
  • over 50 group employees on an average, full-time equivalent basis.
Getting Ready Like all change in regulation, there are going to be “grey areas”.  However, as a minimum:
  1. Review your employee population
  2. Determine if there are contractors or interims working in the organisation who are currently invoicing for their services
  3. Engage with those contractors or interims (especially if they are business-critical)
  4. Start to put in place arrangements to deal with contractors or interims in the future.

Need Help in Addressing This Issue?

We have a team of experts within West & Berry who can advise on the potential implications for your business.  Please get in touch to set up a no obligation consultation with us.