Internal Control Tips
During year-end audits, we sometimes find that organizations do not have a formal internal control policy regarding use of the organization’s credit cards. We suggest that each organization develop a policy governing the use of credit cards by management and employees. Such a policy could include the following best practices:
- A formal credit card policy that outlines the individuals authorized to use the organization’s credit cards, purchases that are allowed to be made with the card, and procedures for documenting the business purpose for the expense.
- Supporting receipts must be maintained for charges to the organization’s credit cards. Receipts substantiate the business purpose of the credit card charge. In addition, the receipt is often required to ensure proper general ledger coding of the expense.
- The Executive Director should review monthly credit card statements of the senior staff and suggest they evidence this review, as well as review of the related general ledger coding by signing off. We suggest that a Board member be given the responsibility of reviewing the Executive Director’s credit card charges each month. The monthly statements should not be passed on for review until all supporting receipts are attached and general ledger coding is applied. This will provide the reviewer with sufficient information to affirm that all charges have an appropriate business purpose and have been coded to the proper general ledger account.