Charity Internal Financial Controls Policy

An internal financial controls policy sets out the checks a charity uses to safeguard its money, keep accurate records and reduce the risk of fraud and error. It covers how income is received, how payments are authorised and how accounts are reconciled.

The Charity Commission regulates charities in England and Wales, and trustees are responsible for their charity's governance and for compliance with charity law. Sound financial controls are a core part of that responsibility.

Charity money belongs to the charity's beneficiaries, not to any individual. Putting controls in writing means the whole trustee board, and any staff or volunteers handling money, knows what good practice looks like and follows it consistently.

The headline point is simple. No one person should be able to control a financial transaction from start to finish, and trustees should always be able to see how income and expenditure are managed.

The Charity Commission's guidance on internal financial controls for charities (CC8) sets out the controls trustees are expected to have in place, and this guide explains how to turn them into a workable policy.

Why Trustees Need This Policy

The Charity Commission's annual return asks trustees questions about the charity, including whether key policies are in place. Holding and following an internal financial controls policy is part of good governance and supports the standard set by the Charity Governance Code, which is a sector standard rather than law.

Weak controls are one of the most common ways charities lose money, whether through theft, mistakes or misdirected payments. A clear policy protects the charity's funds and protects trustees, who carry ultimate responsibility for how money is handled.

The policy should be proportionate to the size and activities of the charity. A small charity with one bank account needs something simpler than a larger organisation with multiple income streams, but the underlying principles are the same.

1. Segregation of Duties

Segregation of duties means splitting financial tasks between different people so that no single individual both controls and records a transaction. For example, the person who approves a payment should not also be the person who enters the bank details and releases the money.

In a small charity this can be difficult, but it is rarely impossible. Even where one person handles day to day bookkeeping, a trustee can review bank statements independently and sign off significant transactions.

The policy should set out who does what across income handling, payments, payroll and record keeping, and how duties are separated when staffing is tight.

2. Authorisation and Dual Authorisation of Payments

Authorisation limits define who can approve spending and up to what value. Larger payments should require sign off by a more senior person or by trustees, and the policy should state these limits clearly.

Dual authorisation means two named people must approve a payment before it leaves the charity's account. This is particularly important for online banking, where a single login can otherwise move large sums.

Trustees should agree which payment types always need dual authorisation, who the authorised signatories are, and how the list is kept up to date when people join or leave.

3. Bank Reconciliations

A bank reconciliation checks the charity's own records against its bank statements to confirm every transaction is accounted for. Done regularly, it catches errors, missing income and unexplained payments quickly.

The policy should state how often reconciliations are carried out, who performs them and who reviews them. The reviewer should be someone other than the person who prepared the reconciliation.

Keeping reconciliations and supporting documents on file gives trustees and any independent examiner or auditor a clear trail to follow.

4. Oversight of Income and Expenditure

Trustees need regular, reliable information about money coming in and going out. The policy should describe what financial reports the board receives, how often, and in what format, so trustees can spot problems early.

Income controls matter as much as payment controls. Cash collections, donations, grants and trading income should all be recorded promptly and banked intact, with restricted funds tracked separately from unrestricted funds.

This oversight links closely to other governance documents. A clear view of income and reserves supports the charity's reserves policy, while financial risks should feed into the charity's wider risk register.

5. Fraud Prevention and Conflicts

Good controls are the charity's first line of defence against fraud. Segregation of duties, dual authorisation and independent reconciliations together make it far harder for any one person to divert funds without being noticed.

Conflicts of interest can undermine financial decisions, so financial controls work alongside the charity's approach to declaring and managing interests. Trustees should manage these in line with the charity's conflicts of interest policy and keep a record of how each conflict was handled.

If something does go wrong, trustees may need to consider whether the event meets the threshold for serious incident reporting and act promptly. The Charity Commission's guidance on how to report a serious incident explains what to report and when.

Quick Reference: Internal Financial Controls

Control	What it does	Practical point
Segregation of duties	Stops one person controlling a whole transaction	Split approving, paying and recording between people
Authorisation limits	Sets who can approve spending and up to what value	Higher value spend needs more senior or trustee sign off
Dual authorisation	Requires two people to approve a payment	Apply to online banking and larger payments
Bank reconciliations	Matches records to bank statements	Reviewer should differ from the preparer
Income controls	Ensures income is recorded and banked intact	Track restricted and unrestricted funds separately
Oversight reporting	Keeps trustees informed	Agree regular financial reports to the board

What Trustees Must Do

• Adopt a written internal financial controls policy proportionate to the charity's size and activities.
• Separate financial duties so no one person controls a transaction end to end.
• Set clear authorisation limits and require dual authorisation for larger payments.
• Reconcile bank accounts regularly and have someone independent review the work.
• Receive regular financial reports covering income, expenditure and reserves.
• Review the policy periodically and update it when people, systems or banking arrangements change.

Common Mistakes

• Letting one person handle bookkeeping, payments and bank access with no independent check.
• Setting up online banking with a single approver and no dual authorisation.
• Skipping bank reconciliations or never having them reviewed by a second person.
• Failing to record restricted funds separately, so money is spent on the wrong purpose.
• Treating the policy as a one off document and never updating it after staff or trustees change.
• Giving trustees too little financial information to spot problems early.

How Policy Pros Can Help

We write bespoke charity policies that reflect how your charity actually handles money, not generic templates. Our team can draft or review your internal financial controls policy so it is proportionate, practical and ready for trustee approval.

You can see the full range on our charity policies and procedures service, which covers the documents trustees are expected to hold. For the wider picture, our charity policies and annual return guide explains how these policies fit together.

You may also want to read our guides to the charity reserves policy and the trustee conflicts of interest policy, both of which work hand in hand with strong financial controls. For a list of official guidance, see the Charity Commission's guidance publications collection.