1

INTERNAL FINANCIAL CONTROLS FOR PCCs AND OTHER CHARITIES

– AN UPDATED GUIDE CONTAINING:

• REVISED GUIDANCE ON SETTING UP CONTROLS AND PROCEDURES

• UPDATES PREVIOUS GUIDANCE

• BASED ON RECENT GUIDANCE

FROM CHARITY COMMISSION

Rochester treasurer guides no 2a (Summer 2013)

2

INTRODUCTION Internal financial controls are essential checks and procedures that help charity trustees (i.e. PCC members) to:

- Meet their legal duties to safeguard the charity’s assets; - Administer the charity’s finances and assets in a way that identifies and

manages risk; and - Ensure the quality of financial reporting by keeping adequate

accounting records and preparing timely and relevant financial information

If a charity/PCC is to achieve its aims then the trustees/PCC members need to ensure that assets are properly used, that its funds are spent effectively and its financial affairs are well managed. Internal financial controls reduce, but do not eliminate, the risk of losses through theft and fraud, bad decisions, human error, breaches of controls, or other unforeseen circumstances. Internal financial controls reduce the risk of those things happening and may help the PCC as trustees to find out sooner and take any necessary action. Unfortunately sometimes parish money is misappropriated or ‘lost’ and it can be a cause of criticism as well as be embarrassing and concerning to all involved. PCCs must therefore give serious consideration to the matter; it is not unusual for independent examiners or auditors to comment on the lack of appropriate procedures with some PCCs. This guidance does not give an exhaustive list of controls and not all the controls will be applicable to every PCC, but it is essential that there are adequate internal financial controls over the PCC’s assets and their use. This guidance has been produced to help PCC’s secure the protection of property under their charge, to advise them of the best practices to employ, and to assist in promoting greater professionalism in church management. This guidance updates the guidance previously issued in Autumn 2004 in the light of revised information issued by the Charity Commission. On occasions it may be necessary for PCC’s to seek further guidance or advice as this document cannot possibly cover every eventuality. If you feel that you need advice over the application of this g uide for your own particular circumstances, please refer to the Dioce san Secretary, Diocesan Treasurer or the Diocesan Accountant.

3

DISCLAIMER Whilst every care has been taken in providing this advice, it is given on the distinct understanding that the Rochester Diocesan Board of Finance cannot accept responsibility for it. This booklet is for guidance only and is not comprehensive. It is not a statement of law and has no legal force.

4

CONTENTS

Key issues 5 Internal Financial Controls in Practice – Income 9 Internal Financial Controls in Practice –

Purchases, Payments and Loans 12

Internal Financial Controls in Practice – Assets and Investments 18

Sample Checklist 21

5

KEY ISSUES Why are proper internal financial controls important for a PCC/charity? It is important that all those working for the PCC, whether as trustees, staff or volunteers, take the issue of internal financial controls seriously. Making controls work should not be seen just as the responsibility of one or two PCC or staff members, or as applying to some but not others. There should be a culture of control embedded in the operations of the organisation; this culture is created by the PCC and management, who should lead by example in adhering to the specified internal financial controls and good practice. The PCC should, at regular intervals, ideally annually, ensure a review is conducted of the effectiveness of the agreed internal financial controls. This should include an assessment of whether the controls are relevant to, and appropriate for, the PCC and not too onerous or disproportionate. A key feature is that no single individual should have sole responsibility for any single transaction from authorisation to completion and review. What is the role of monitoring activities in the system of internal financial controls? One of the most important financial monitoring activities is budgetary control, i.e. monitoring the financial performance against a budget. Proper and realistic estimates should be made each year for each area of church activity. An overall budget will be set, which should be agreed by the PCC before the start of the financial year to which it relates. Other monitoring activities should include a review of expected sources of income and the actual income received. How important is the provision and communication of financial information to trustees? PCC members need access to accurate and up-to-date financial information to enable them to make proper decisions. PCC meetings should be used to communicate information concerning the finances and financial management of the church. All decisions by PCC members concerning the church should normally be taken collectively and significant decisions and action points noted in writing.

6

The financial information provided at each PCC meeting should include details of the current financial position and performance. The financial information ideally should be sent to each PCC member before each meeting and will typically include:- • the latest management accounts; • a comparison of budget to actual figures; • an explanation for variance between forecasts and what actually

happened; and • details of cash flow and closing bank balances. NB some PCCs may have additional statements as well as the above, others may feel they can operate in a satisfactory manner with less information. What are the PCCs responsibilities regarding the accounting requirements for the organisation? PCC members as trustees have legal responsibilities to keep accounting records, and to prepare an annual report and accounts with the appropriate level of external scrutiny (Independent Examination or Audit). PCC members must also safeguard the church’s assets and take steps to ensure the organisation is protected against financial abuse. PCC members have a number of legal duties that must be met in relation to accounting and financial reporting. These include:- • to keep accounting records to explain all transactions and show the

charity’s current financial position; • to prepare an annual report and statutory accounts to meet the legal

requirements; • to consider the need for a reserves policy, managing the level of reserves

held and the disclosure in the Annual Report; • to formally approve the Annual Report and Accounts and ensuring that

they are subjected to external scrutiny by an Independent Examiner or Registered Auditor;

• to ensure that the Annual Report, accounts and annual return are filed on time with the Charity Commission (if registered) and relevant returns are made to the diocesan authorities as required;

• to meet requests for public copies of the latest Annual Report if requested; • to safeguard the assets of the church and ensuring proper application of

resources; and • to take steps for the prevention and detection of bribery, fraud, financial

abuse and other irregularities.

7

What risks do charities face in relation to financial crime and abuse? The incidence of reported financial crime affecting churches and charities is relatively small compared to the size of the voluntary sector. However, when it does happen, the impact can be great. Financial crimes such as bribery, fraud, theft, and money laundering, or the loss of electronic data can result not only in a loss of church funds but also in damage to the public trust and confidence in charities more generally. There is a significant risk to a reputation if there is an association with bribery or the making of ‘facilitation payments’ (payments where a charity receives a payment that has to be used in a particular way to the benefit of the donor, i.e. a donation with strings attached!). Criminals may exploit charities by misappropriating charitable funds through fraud, theft, money laundering or diverting charitable funds from legitimate charitable work. Charities and churches working internationally or with international links may be exposed to particular risks inherent in the environment in which they are operating. Are you aware that the overseas projects you are linked with is secure and any funding reaches the intended recipients? To guard against undue influence being exercised over the decisions being taken by PCC members, or bribery taking place, transparency is important. Has the PCC taken steps so that any contract being negotiated is impartial from any undue influence? Have any PCC members declared any interest in contracts being negotiated? The PCC should also have a policy on donations which identifies when the accepting of donations may not be in the interests of the church. This may be justifiable where the terms of the donation are unduly restrictive or are intended to exercise undue influence over the trustees or where the acceptance of the donation would be detrimental to the charity’s reputation. For example, does the PCC wish any aims or objectives to be coloured by someone’s donation? Is the gift going to alter the direction of the PCC or might it influence current objectives? For example, do you want a gift to restore the bell ropes when it might be more important to buy new pew bibles? Don’t forget, you don’t have to accept the gift! How can trustees manage the risks from criminal financial abuse? PCCs are responsible for the effective administration of the charity and have a legal duty to safeguard charity assets. Funders, donors, supporters and

8

beneficiaries are entitled to expect proper standards of management and financial control. If the church falls victim to financial crime resulting from PCCs not putting adequate financial controls in place, then the PCC will have failed to meet their legal duties to the organisation. Staff and volunteers should know how to report their concerns within the organisation, including concerns about the conduct of PCC members or employees. If PCC members know or suspect an individual is misusing the charity for their own purposes or misappropriating charitable funds, they should take immediate and appropriate action to resolve the issue.

9

INTERNAL FINANCIAL CONTROLS IN PRACTICE – INCOME

What controls should be in place to protect income received in the post? Controls should provide assurance that the income received in the post is kept secure, is accurately recorded in the accounting records and is banked as quickly as possible. Ideally a log sheet should be maintained that itemises all amounts received, the date, the purpose for the money received and this should agree to the amounts being banked. Perhaps a new sheet for every time the banking is carried out. What controls should be in place for income from public collections and fundraising events? PCCs may not always be involved in public collections, except perhaps for special appeals (e.g. Christian Aid week or the Poppy Appeal perhaps), but if so the following internal financial controls are recommended:- • at least two people are involved in handling and recording any money

received; • collection boxes are individually numbered and their issue and return is

recorded; • all collection boxes are sealed before use so that it is apparent if they have

been opened before they are returned; • all collection boxes are regularly opened and the contents counted; and • cash collected is banked by the charity as soon as possible without

deduction of expenses. For all events for which there is ticket income or gate money, we recommend:- • that all tickets are pre-numbered; • a record is kept of all persons who have been issued with tickets to sell,

and the ticket numbers that have been allocated to each person; • a record is kept of which tickets have been sold; • all money from tickets and any unsold tickets are collected; and • a reconciliation is made of receipts against tickets sold. What controls should operate under the Gift Aid scheme? Accurate records and timely returns ensure the PCC receives the tax promptly and with confidence. Full details of the records that are required are set out on the HMRC website. Other recommended controls include:-

10

• checks to ensure that all amounts from committed donors have been received;

• checks to ensure tax repayments have been received; • a timetable to ensure repayments are made promptly and at regular

intervals (at least once a year, ideally twice, perhaps even as frequently as monthly).

What controls are needed to identify ‘tainted charity donations’? Section 27 and schedule 3 of the Finance Act 2011 introduces new legislation to counter the abuse arising whereby a donor gets relief from tax, only for the capital sum or a particular benefit from the donation to end up back in the hands of the donor. Penalties can be quite harsh, with the ultimate sanction being the withdrawal of the tax advantages of the organisation; further details are available on the HMRC website www.hmrc.gov.uk. What controls should be in place for trading income? Trading includes all goods and services provided for a fee and can include charitable activities where fees are charged, as well as those trading activities that raise funds for the organisation. Controls should be designed to ensure that all income due to the church is received and recorded as soon as possible. Depending on the size of the trading it is recommended that banking of proceeds takes place at regular intervals. NB you should ensure that any cash held is covered by the church’s insurance and that security of any such sums is held in accordance with the policy. What controls are required over the charity’s banking and custody procedures? Controls should ensure that the cheques and cash received are kept securely, banked promptly and recording in the accounting records. All amounts received should normally be banked gross without deduction of costs or expenses. What checks should the charity undertake on income records? It is important that the PCC makes regular checks to ensure that the accounting records of income are being accurately maintained.

11

Certain basic controls, if performed regularly, may serve as an early warning of anything going wrong. We recommend that regular checks are made to ensure that:- • records of cash and cheques received agree with bank paying-in slips or

counter foils; • counter foils or paying-in slips agree with the bank statements, both in

terms of amount banked and date of credit; and • transfers or other direct payments into the bank are identified and verified

against supporting paperwork. These checks should be made by someone other than the person concerned with the original recording of the transactions.

12

INTERNAL FINANCIAL CONTROLS IN PRACTICE – PURCHASES, PAYMENTS AND LOANS

What controls should be in place for the authorisation of expenditure on goods and services? Controls help ensure that purchases have been authorised, and that the goods or services ordered have actually been received. It is recommended that procedures are in place to ensure that:- • there are authority levels for placing orders and approving payments; • orders are placed only within an agreed spending plan or budget, unless

approved otherwise by the PCC; • invoices received are checked against orders to confirm they are correct,

the good have been received or work has been carried out appropriately, and that it is at the price agreed.

What controls should be in place for the authorisation of expenditure on grants? Controls should focus on ensuring that grant payments further the purposes of the church and that funding is used by the recipients for the purposes for which it was given. Controls can help manage the risk of inappropriate payments and help ensure that grants are made in line with the objectives and policies of the organisation making the grant. We recommend that controls over grant making should include:- • procedures for the review and approval of grant applications (controls

should include checks on the integrity of organisations or individuals to be funded); and,

• establishing monitoring procedures to ensure grants have been used for the agreed purposes.

What controls should be in place for payment by cheque? Bank mandates should require two signatures, one of which being that of a PCC member. Every year the PCC should review and reappoint the signatories, ensuring there are sufficient available to cover all times payments will need to be made (such as holiday periods). The incumbent does not need to be a signatory.

13

There are a number of basic controls that should be in place, including:- • ensuring cheque books are kept in a secure place; • regular review of bank mandates and authority limits; • complete prohibition on the signing of blank cheques; • the prompt recording of payments in cash books, including details of the

cheque number, nature of the payment and the payee; and • obtaining documentation to support the validity of the payment, including

relevant invoices and confirmation that the goods or services have been received.

NB cheques should be recorded in the cashbook as soon as they have been written, not when they are presented to the bank, as the writing of the cheque is a legal document agreeing to make a payment as fulfilment of a contract. What controls should be in place for payments by debit card, credit card and charge cards? Organisations are increasingly making payments using corporate debit cards, credit cards and charge cards. These payment cards can provide convenience, especially for the supply of good via internet suppliers, but it is important that controls are in place to ensure their correct use. Used properly these methods of payment are generally considered to be safe, but we recommend that certain controls are put in place, including:- • setting a clear policy for the use of payment cards, the criteria for their

issue, spending limits and their security; • considering the need to place restrictions on, the types of retailers or

places where the cards may be used; • communicating the policy for the use of payment cards clearly, in writing,

to all personnel using them; • ensuring payment cards are cancelled and destroyed, if the individual

ceases to be engaged by the church; • ensuring that debit card expenditure is supported by a voucher and/or

invoice and recorded and analysed in accounting records; and • copies of all credit or charge card statements should be sent directly to the

church’s finance team or administrator and not the individual card holder. What controls should be in place for payments by direct debit, standing order and BACS direct credit? Controls should provide assurance that direct payments are only made for expenditure properly authorised and incurred by the church.

14

Banks have developed software that allows charities to provide for more than one person to authorise payments. Such dual-authority options (for example a facility for Unity Trust Bank’s customers via Unity e-Payment or with CAF Bank) require two users to complete a BACS transaction. Churches should ask their own banking provider for details of their own similar dual-authority options. PCCs should ensure that only specifically authorised individuals are able to set up arrangements to make payments by direct debit, standing order or BACS and that these are in accordance with the mandate. When a direct debit has run its course, it should be cancelled so that no further payments can be collected in error. Perhaps the PCC should be provided with a list annually setting out what standing orders and direct debits are in place. If, however, internet banking is used that only requires one signature (as is often the case) the PCC is expected to ensure it has a rigorous policy to handle this, to protect the individuals involved and to protect the church’s assets. The following method could be used, assuming internet payments are required instead of payment by cheque:- • the treasurer produces a list of all payments that need to be made, with all

duly authorised invoices/expense forms attached to the payment list (in same way as cheques would normally be signed with authorised invoices/expense forms attached);

• the list (and accompanying documents) is presented to one of the other PCC signatories;

• the PCC signatory signs off the list to agree to the payments being made; • the treasurer goes on-line and makes the payments in accordance with

what has been authorised, signs and notes on the payment list the date of the payment;

• the payment listing is then retained with the banking documents to be marked off against the bank statement when received.

Please note, to protect the treasurer, on-line payments should only be carried out AFTER being authorised. It is not good practice to make the payments and then get retrospective authorisation. What controls are in place over payments in cash? Payments in cash should be kept to a minimum.

15

Where payments are made in cash, we recommend that:- • cash payments are for small amounts only; • cash should be paid out of a petty cash float specifically kept for such

payments, and not from incoming cash or by way of direct withdrawal from the bank account;

• details of payments should be entered in a petty cash book; • supporting documentation for the cash payment should be authorised by

someone other than the person who maintains the petty cash or the person making the payment;

• the balance of petty cash in hand, and the records, should be kept securely; and

• regular spot checks of the petty cash float should be made by an authorised person independent of the person who maintains the petty cash.

Similar considerations apply to the use of cards which are preloaded with cash where cash withdrawals are made using a PIN at a cash point or similar facility. No payments should be made as ‘cash in advance’ unless there is a formal assurance given that a receipt/invoice will be provided and any unspent funds are returned as soon as possible. If cash is provided ‘in advance’ and funds/receipts are not returned promptly, it could be deemed to be a misuse of church funds, or even theft. What controls should be put in place for wages and salaries? The main purpose of the internal financial controls is to provide assurance that the PCC only makes payments at the correct rate to genuine employees of the PCC. The controls should also ensure that the PCC is not exposed to additional liabilities from a breach of statutory regulations, for example through failing to deduct and account for tax and national insurance contributions through the PAYE system or failing to submit returns required under RTI. Trustees must ensure that:- • the records required by HMRC of PAYE deducted from the wages and

salaries of employees are maintained; • statutory deductions are paid to HMRC as required; • returns are made to RTI as payments to employees are made; • deadlines for year-end returns to HMRC are met;

16

• minimum wage legislation is adhered to; • only authorised or required deductions are made from pay; • each employee has a proper contract of employment and that individuals

are not incorrectly classified as self-employed; and • legal obligations in relation to pension scheme arrangements are met. NB it may be necessary to carry out a review of those individuals who are treated as being self-employed, but in fact, may be employees. The new arrangements with RTI have made it necessary to get the arrangements correct. Further details on employment and employment status for church employees can be found on www.parishresources.org.uk. How should the charity control the payment and reimbursement of expenses? It is important that controls over expense payments are applied without exception to all those involved with the PCC: PCC members, employees and volunteers. We recommend that:- • a formal expenses policy should exist applying to all PCC members,

employees, clergy and volunteers; • the policy should be clearly communicated within the PCC and included

within induction training for any new staff or PCC members; • expense claims should be authorised by someone other than the claimant

and checked for accuracy before payment; • expense claims should include all relevant vouchers and receipts; • expense claims should contain a self-declaration that the claim is accurate

and incurred in connection with the church’s activities; • reimbursement should be made by cheque or BACS transfer (not by cash);

and • any mileage rate paid for motor travel should be at HMRC rates that do not

result in a tax or national insurance liability either for the PCC or the claimant.

What controls should be put in place for the taking out of loans including trustee loans? Loans may be used by a charity to purchase new assets or to enable a charity to continue to operate until new income becomes available. It is important that PCC trustees ensure that, when taking out a loan, they are fully aware of all its terms and that the loan is in the interests of the church. PCC members should also ensure that the church is able to meet the repayments of both principal and interest as they fall due before taking out the loan.

17

We recommend that:- • all loans are documented and that the amount of the loan and any charges

and interest due are clearly set out; • agreement to the taking of the loan is minuted by the PCC, including any

particular conditions (such as repayment dates, extra undertakings required as a condition of the loan etc.);

• a record of all outstanding loans is kept, noting the history of repayments of principal and interest for each loan and the outstanding balance;

• where a loan is advanced by a PCC member, any conflict of interest is noted and properly managed, that the terms of the loan are in the charity’s interests and, should a rate of interest be charged that exceeds the prevailing Bank of England Bank Rate, that the rate is justifiable; and

• the charity has in place a plan to meet the repayment of principal and interest on the loan as they fall due.

NB if a loan has been made by a PCC member, that PCC member MUST avoid taking part in any PCC debate that might relate to the financing of that loan, for example, the repayment of the loan as a priority over other PCC expenditure. In addition, the PCC member MUST NOT steer PCC policy. What checks should the charity carry out on expenditure records? We recommend that:- • records of payments are checked periodically to cheque stubs, credit card

statements or bank statements; • periodic checks are made to ensure payments are supported by invoices

which have been properly authorised; • regular reviews of standing orders and direct debit payments are made to

ensure payments remain in accordance with valid instructions given to the bank or building society; and

• expenditure from restricted funds is in line with the restriction placed on how funds are to be used.

Ideally these checks should be made by someone other than the person concerned with the original recording of the transactions.

18

INTERNAL FINANCIAL CONTROLS IN PRACTICE – ASSETS AND INVESTMENTS

What controls should be in place over fixed assets used by the charity (functional assets)? The PCC has a duty to safeguard the assets of the church from loss or damage and to ensure their proper use within the organisation. We recommend that:- • a financial threshold should be set for the capitalisation of expenditure on

fixed assets; • a list or register should be maintained of all assets, whether purchased by,

or donated to, the charity for its continuing use (and the asset’s location should be identified); and

• fixed assets should be inspected at regular intervals to ensure that they exist, remain in good repair and are being put to appropriate use.

The church wardens have a specific duty to carry out this task and the records of any assets should be noted in the Terrier and updated each year. What controls are needed over investments? PCC members have a duty to apply the charity’s income for the benefit of its beneficiaries. There are a number of important financial controls, including:- • setting an investment policy; • taking professional advice, where the PCC members do not have the

necessary expertise, before selecting or disposing of investments; • carrying out a regular review of investment performance; and • maintaining records of all investments held. What controls are needed over cash held on deposit? We recommend that:- • bank reconciliations are prepared at least monthly for all accounts,

reviewed by a second person and any discrepancies resolved; • direct debits, standing orders and other transfers are checked each month

for correctness;

19

• the bank account(s) are operated in accordance with the agreement with the issuing Bank and are not used for any money transfers fro the private benefit of individuals or third parties under any circumstances;

• if acting as an intermediary to transfer funds on behalf of another charity, the PCC is satisfied that the transaction is to further a relevant charitable activity that the PCC would wish to support and does not constitute money laundering;

• a list of all its bank accounts is kept; • the opening or closing of accounts should either be authorised by the PCC

or, if delegated, the PCC should be informed of changes; • third parties should not be allowed to open bank accounts in the church’s

name, or use the church’s bank account to receive or transfer money; and • the costs and benefits of the current and deposit accounts held are

regularly reviewed. Can charities use electronic banking? Where electronic banking is used, the same level of internal financial controls should be in place as for more traditional forms of banking, for example:- • there should continue to be clear segregation of duties to prevent any

single person from being able to control substantial resources or obtaining unauthorised access to account information; and

• there should be proper approval for movements between, and payments from, bank accounts.

The level of risk involved in using electronic banking will vary considerably depending on how the facility is used. For example, possible uses may include a system that requires authorisation of transactions by more than one individual. This type of system can work well provided the individuals do not divulge their security details to each other. It provides a similar control as dual signatures on a cheque. Dual authorisation systems are available but there may be a transaction cost. In order to maintain the security over electronic bank accounts there are a number of basic precautions that can be put in place, including:- • after each electronic banking transaction, a print out should be taken,

showing details of the transaction, and stored as part of the accounting records;

• retaining print outs of statements as part of the accounting records; • keeping all PCs with access to the online banking facilities secure; • ensuring all PCs are up to date with anti-virus, spyware and firewall

software;

20

• keeping all the password(s) and PIN(s) secret; • changing passwords periodically and following changes in authorised staff

and trustees; and • treating emails received relating to bank accounts with caution. Can charities use non-traditional banking methods? With these banking methods it is generally the case that the transaction is complete as soon as the money is paid out or picked up at the other end and that, after it has been paid out, it cannot be recovered. The charity should:- • carry out adequate due diligence checks to ensure the person or entity to

which it is sending money is known and trustworthy; • ensure funds transferred by such methods are strictly limited to meeting

essential needs where conventional banking systems cannot be used; and • avoid, where practical, making subsequent transfers until receipt of a

previous transfer can be confirmed by the intended recipient. We recommend that:- • the policy and the circumstances when such methods may be used should

be documents and agreed by the trustees; • expenditure should be subject to the same authorisation procedures as for

traditional bank payments; and • an audit trail should be kept for each transaction, including payment

vouchers, and post transaction documentation.

21

SAMPLE CHECKLIST

The questions in this checklist are designed to help PCC members and their advisors evaluate the organisation’s performance against the legal requirements and good practice recommendations set out in our guidance on internal financial controls for charities. PCC members should review their organisation’s performance at least once a year. Each of the questions on the checklist links to a section of the guidance, where further details can be found. Not all the controls listed will be appropriate for all churches, for example, where a section of the checklist deals with an area of activity that the church does not undertake then that section of the checklist will not apply. Churches and charities must always comply with legal requirements and these requirements are identified in the checklist. A ‘yes’ answer for good practice recommendations does not mean there is no scope for further improvement. A ‘no’ answer does not always indicate a problem. It may be that certain controls are not in place because the risk involved is small and the potential loss is acceptable, given the cost that would be involved in putting in place stronger internal controls. Finally, the answers in the checklist should be based on the PCC’s knowledge of what actually happens and not what they expect to happen. Having an internal control in place is only part of the picture. It must operate in practice to be effective.

22

KEY ISSUES

Financial controls throughout the charity Yes No

Is there segregation of duties to provide automatic ‘double check’?

Is there an annual review of the internal financial controls?

Monitoring activities Yes No

Are annual budgets of income and expenditure prepared, and approved by the PCC?

Is performance measured against budgets at regular intervals and explanations sought for variances?

Information and communication Yes No

Is the PCC provided with regular information about the financial performance of the church?

Does the PCC discuss the financial performance of the church at each of their meetings?

Are terms of reference in place for any finance sub-committee, or similar sub-group of the PCC?

Does any finance sub-committee report to the PCC for final decision making?

PCC Trustee responsibilities Yes No

Are sufficient accounting records kept of all transactions? Legal requirement

Have the PCC considered the need for a reserves policy and put in place a reserves policy if one is needed? Legal requirement

Do the accounts comply with legal requirements? Legal requirement

Are the accounts formally approved by the PCC at a meeting prior to submission to the APCM?

Have the PCC appointed an auditor or independent examiner? Legal requirement

Are newly appointed PCC members given a copy of the latest accounts, or is there an induction process so new members can be made familiar with the accounts?

23

Do the trustees file the annual report and accounts and annual return on time both to the diocese and to the Charity Commission (if required)? Legal requirement

Managing the risks of financial crime and abuse Yes No

Are PCC members and staff made aware of why the church is at risk from financial crime and abuse and of typical examples of potential fraudulent activities?

INCOME

Income received in the post Yes No

Are all cheques and cash recorded immediately?

Does the organisation keep unopened mail secure?

Income from public collections and fundraising events

Yes No

If the church undertakes public collections or fundraising events:

Are public collections undertaken within legal requirements? Legal requirement

Are collection boxes numbered and their allocation and return recorded?

Are all collection boxes sealed?

Are all collection boxes regularly opened and counted by the church and a record kept of their locations and history of takings?

Are two unrelated people involved in counting and recording the income?

Is cash banked as soon as possible and without deduction of expenses?

Are records maintained for each fundraising event?

For ticket incomes are: • Tickets pre-numbered? • Records kept of all persons issued with tickets to

sell, and which ticket numbers they have been allocated?

• Records kept of which tickets sold?

24

• Reconciliations made of money received against tickets sold?

Has the charity complied with Part II of the Charities Act 1992 if professional fund-raisers are engaged? Legal requirement

Gift Aid donations Yes No

Does the church maximise the lawful take-up by its donors of Gift Aid?

Are regular checks made to ensure all eligible tax repayments are obtained?

Does the church keep the records required by HMRC for Gift Aid claims?

Tainted charity donations and substantial donors Yes No

Has the church kept the necessary records to identify transactions with ‘substantial donors’ for donations received up to April 2011? Legal requirement

From April 2011, have the PCC put in place procedures to identify ‘tainted charity donations’?

Trading income Yes No

If the church undertakes trading activities (either trading in furtherance of its objects or non-charitable trading):

Does the church have invoicing procedures for goods and services supplied to others?

Does the church review outstanding debts and collection procedures for unpaid bills?

Are there procedures to reconcile amounts invoiced and cash received to outstanding invoices?

Banking and custody procedures Yes No

Are incoming receipts banked promptly?

Is insurance held to cover the contents of the safe or cash box and cash in transit?

Are funds banked without deduction of expenses?

Checks on income records Yes No

25

Are regular checks made to ensure income records agree with the bank paying-in books and statements?

Are checks made by someone other than the person who made the entry in the accounting records?

PURCHASES AND PAYMENTS

Controls and authorisation of expenditure on goods and services

Yes No

Is there a written policy on the authorisation of expenditure?

Are invoices received checked against orders confirming pricing and the receipt of the goods or services ordered?

Controls and authorisation of expenditure on grants Yes No

If the church makes grants, does it have a grant-making policy?

Does the church make and monitor grants in accordance with the grant-making policy?

Payment by cheque Yes No

Does the church have any procedures about who can sign cheques?

Does the bank mandate require at least two signatories?

Is there a practice of not signing of blank cheques?

Are cheque books etc., kept in a secure place with access only by nominated persons?

Are any monetary limits placed on an individual's signing recorded in writing?

Is all cheque expenditure recorded in the cash book and noted with the relevant cheque number, nature of payment and payee at the time of writing the cheque?

Are cheques signed only with documentary evidence of the nature of the payment, eg invoice?

Payments by debit/credit/charge card Yes No

Does the PCC have a policy for the use of payment cards, including the criteria for their issue, spending limits and security?

26

Does the PCC communicate the policy for the use of cards to all using them?

Are cards cancelled when the holder ceases to work for the church?

Is all card expenditure supported by vouchers and invoices and recorded in the accounting records each time the card is used?

Are card statements sent to the finance team and checked to supporting records and invoices?

Is the cardholder’s use of the card independently reviewed periodically to confirm its use is consistent with the policy?

Payments by direct debits, standing orders and BACS direct credit

Yes No

Are only named individuals authorised to set up direct debits, standing orders and direct credits?

Does the organisation use a dual authorisation system for BACS payments or have a formal system in place to cover direct payments?

Does the organisation monitor the arrangements to ensure that automatic payment arrangements are cancelled when the goods and services are no longer being supplied?

Payment in cash Yes No

Is every effort made to minimise cash payments?

Are all payments by cash made from a cash float and not from incoming cash?

Is supporting documentation authorised by someone other than the person maintaining the petty cash or the person making the claim?

Are details of all payments entered in a petty cash book?

Are regular independent checks made of the petty cash float and records?

Wages and salaries Yes No

Are statutory deductions (tax and NIC) made from employees’ wages and salaries and regularly forwarded

27

to HMRC? Legal requirement

Does the church comply with minimum wage legislation? Legal requirement

Are any other deductions from salaries made only where they are required or authorised? Legal requirement

Are the end-of-year returns (P60 and P11Ds) completed and filed with HMRC by the deadline? Legal requirement

If the charity employs staff are the required pension arrangements in place? Legal requirement

Do all employees have contracts of employment?

Are personnel records kept and held separately from wages records?

Are salary levels properly authorised and recorded?

Is there a system of authorisation for recording and notifying starters and leavers, changes of hours and other payroll changes?

Are payments made by BACS?

The payment of expenses and reimbursements Yes No

Is there a written policy to cover the payment and reimbursement of expenses?

Is the policy communicated to all claimants?

Are expenses reimbursed only where the individual incurred the expense in the course of carrying out the charity’s business?

Does the expense claim include a self-declaration that the claim is accurate and incurred on the business of the charity?

Are reimbursements made by BACS transfer or cheque?

Are the mileage rates for travel in accordance with HMRC approved rates?

Loans

Are the terms of the loan documented?

If the loan is from a PCC member, is it noted that there could be a conflict of interest with the loaner?

28

Is there a repayment plan in place to repay the principal and any interest due?

Checks on expenditure records Yes No

Are regular checks made to ensure expenditure records are accurate and agree with the bank statements?

Are regular checks made to ensure no discrepancies between the payments made and the original invoice or payment records?

Are checks made by someone other than the person who made the entry in the accounting records?

Assets and investments

Controls over fixed assets Yes No

Is a comprehensive fixed asset list held and updated annually (the Terrier)?

Are assets checked annually to ensure they are still in good repair and are of use to the organisation?

Is insurance cover adequate?

Is the use of fixed assets reviewed annually (to ensure put to best use and serving the church's interests)?

Investments Yes No

Does the PCC have an investment policy?

Does this policy include the need to consider diversification of investments, including bank accounts?

Is the performance of investments regularly reviewed?

Is professional advice taken, where appropriate, on the selection or disposal of investments?

If there are properties held to generate income, are these inspected regularly to ensure tenant covenants are adhered to?

Are there controls to ensure that all investment income due is received?

Money held as a current asset Yes No

Are secure records held of all bank and building society accounts?

29

Are bank statements regularly received and regular bank reconciliations carried out?

Are instructions to open or close accounts properly authorised and reported to the PCC?

Are checks made to ensure that there are no dormant accounts?

Are the accounts monitored to ensure there is no third party use?

Is there a regular review of the costs, benefits and risks of their current and deposit accounts?

Electronic banking Yes No

If electronic banking is used to make payments, does the system used require authorisation of transactions by two individuals? Is it documented?

If a system is used that allows authorisation of transactions by only one individual, is the PCC happy with this? Has a system been developed that allows for payments to be made that protect the individuals involved and protects the assets of the PCC? Is it documented and adhered to?

Are PCs that hold PCC financial data kept secure with up-to-date anti-virus and spyware software and a personal firewall?

Are the PCC and individuals involved made aware of the need to ensure that security details (including the password and PIN) are not compromised?

Is the PIN and password regularly changed, for example to mitigate the risks of compromising security when individuals cease to be involved or leave?

Is a list of persons (both authorised signatories and staff) maintained setting out who are approved to have access to the PIN and password?

Is there an audit trail of electronic banking transactions?

Have those using online banking facilities been trained in their use?

Non-traditional banking Yes No

If the charity uses non-traditional banking methods:

30

Are policies set and approved by the PCC defining the circumstances when non-traditional banking methods may be used?

Is the use of such methods limited to essential transfers where traditional banking methods cannot be used?

Does the PCC keep an audit trail of non-traditional banking transactions?

Does the PCC ensure that the controls that are in place for its traditional bank transactions also operate with non-traditional banking transactions?

Restricted funds and endowment funds Yes No

Are procedures in place to ensure that any restrictions put on the use of funds, by the donor or through an appeal, are observed?

Does the PCC ensure that the conditions attached to permanent endowments are observed?