Having an effective system of internal control is a key way in which charities can protect themselves against risks that may arise and safeguard their resources.
With the passage of time, new risks will emerge and those systems will need to respond and adapt.
To help charities with this process, CCEW has updated its guidance in CC8 internal controls for charities. The updated guidance is more concise and clearer than before, and covers issues that were not covered in the previous version, such as those arising from newer technology. For example, the use of cryptoassets and mobile payment systems such as Google Pay and Apple Pay. Specific risks arising from the use of cryptoassets referenced in the guidance includes vulnerability to theft by hackers, volatility in the value of crypto currency, difficulty in tracing donors and a lack of regulatory protection. This update is particularly timely given that earlier this year the Department for Science, Innovation and Technology published research that showed that 24% of charities had experienced a cyber attack in the previous 12 months.
It’s not just risks resulting from technology that have been updated in the guidance, with more traditional areas such as holding public collections, making payments to related parties and operating overseas also being revised, and a new section on accepting hospitality has been added to the guidance.
Accompanying the guidance is an updated checklist for charities to use when checking whether their internal controls align with CCEW’s guidance, something charities should be checking at least annually.