A core role of the board is to assess, monitor and mitigate risk. For the purposes of this section, we are considering financial risk – but it does not stop there. You should also consider the guidance of the Risk Management toolkit.
Risk mitigation can be likened to warming up before a race. It may not stop injury, but it is certainly a great preventative measure. Financial risk management is no different. What mechanisms, or controls, do you have in place to ensure there are no considerable holes in your financial function?
Controls can often be difficult to implement in operations with limited opportunity to segregate duties. However, by asking a series of questions around where risk exists in a process, it becomes clearer that steps can be taken to reduce any exposure.
Every State Sporting Organisation is faced with a multitude of risks - loss of information, insurance, cyber security, loss of members, loss of funding or loss of a major sponsor as examples.
A critical assessment to be performed by your State Sporting Organisation is to document all possible risks, as well as how you are currently aiming to mitigate those risks.
In looking at financial risk, loss of assets is often considered, but equally important is to consider longevity of revenue sources and how expenditure is appropriately approved as examples.
Internal controls are measures taken within an organisation to:
- Reduce the risk of loss;
- Reduce the risk or error; and
- Provide some level of assurance over the validity of the books and records.
Where there exists an opportunity for loss or error – you should be looking to controls to minimise the exposure.
Sound internal controls start with the culture within a State Sporting Organisation. Does your board strictly enforce operating policy and procedures? Do you have policies and procedures? Without policies and procedures, particularly those associated with higher risk items such as physical assets and cash, there exist an opportunity for error, or worse still, theft.
Internal controls can be in many forms, shapes and sizes. As an example, when you start asking questions, it highlights a State Sporting Organisations tolerance to risk.
- Do your information systems have controls around access? Passwords and dual factor authentication for example.
- Do your information systems have features inbuilt that ensure accuracy of transactions?
- Where do you physically store assets that could be misappropriated?
- How do you handle cash?
- How often do you reconcile your bank statements?
- Are you able to segregate duties?
- How are expenses approved?
- How do you ensure grants are being spent in accordance with grant requirements?
- Are variances to budget investigated and reviewed?
- Do you have dual signatories on transactions?
Smaller State Sporting Organisations often have fewer employees which may limit the extent to which segregation of duties is practicable. In a smaller team, the manager may be able to exercise more effective oversight than in a larger group, which may compensate for more limited opportunities for segregation of duties. On the other hand, the manager may be more able to override controls because the system of internal control is less structured.
Segregation of duties is recommended where possible - it is the act of separating ones duties to reduce the opportunities for a person to be in a position to not identify an error or to worst case perpetrate and conceal errors or fraud. Put simply, it is the sharing of one task between two or more people - in essence creating a preparer and a reviewer.
There are many questions that can be asked about revenue, receivables, expenses, payables, and employee benefits ‐ which can then open the discussion around controls. Once again, if the Board is unsure about the responses to any of these questions, they should investigate further and consider building a control to address the risk. These questions are a starting base, and by no means exhaustive.
Revenue and receivables control questions:
- Are all sales/memberships/fees etc. recorded, and at the right rate?
- Is unearned grant revenue correctly recorded?
- Is grant income recognised in accordance with grant terms?
- Are credit notes appropriately approved?
- Do invoices reflect the correct pricing, discounts, GST etc?
- What steps are in place to ensure any unpaid membership monies are recoverable?
- Are debtors raised when a sale is made on credit terms?
- What steps are in place to ensure collections allocated against the correct debtor?
Expenditure and payables control questions:
- Do you have dual authorisation for all payments, regardless of if it is EFT or cheque?
- Are the banking approvers appropriate for your State Sporting Organisation?
- How are purchases appropriately approved?
- What steps are in place to ensure purchases are recorded in the right period?
- Are payables representative of all amounts owing to suppliers?
- What steps are in place to ensure accrued liabilities are calculated and recorded correctly?
Employee benefits control questions:
- What steps are in place to ensure that salary and wages are only paid to eligible employees?
- Are payroll and related expenses (superannuation, payroll tax etc.) recorded in the correct period?
- What checks are there to verify employees are paid for the time they have actually worked?
- Are pay rates applied to employee’s payments in line with the award or hourly rate documented in contracts?
- Are all provisions that all necessary (e.g. long service leave) being recognised?
- What steps are in place to verify that items such as annual leave, long service leave, and sick leave have been recognised and appropriately approved if taken?
Internal controls and financial risk management will not safeguard entirely your State Sporting Organisation. What they do is create an environment of process and procedure, and ideally minimise any exposure. Many State Sporting Organisations will have limited resources to have all the check and balances in place. Start by asking the following questions:
- What can we least afford to lose?
- Who can approve transactions?
- How do we protect access into our systems?
Whilst these in no way cover all exposure – it does give you a sense of what can go wrong. In many instances, it will be physical cash that is the item that can least afford to be lost – and unfortunately, this is a prime target for misappropriation. It is often reported that cash is taken through a poor control environment, or through no oversight.
Note: as with any legal and financial documents, this does not replace obtaining legal and financial advice on each sports specific requirements and it is recommended you do so.
The information provided in the framework and tool kit is for your information only. The authors and the NSW Office of Sport accept no responsibility for the accuracy of the information or your reliance upon it.