online banking

Online Banking
Definitely Faster, But is it Better?
Organizations move to Electronic Funds Transfer (EFT) payments to take advantage of reduced per item costs, to streamline in-house processing and to meet the demands of suppliers. Online Banking Agreements (OBA) are typically required to enable EFT, and these agreements also give organizations the ability to transfer funds between accounts, to download transaction information for import to accounting software and to monitor cash position. Unfortunately, for a certain size of non-profit entity, EFT and OBA strike down traditional internal controls on access to funds. Board Members and Treasurers of smaller non-profits that have a requirement for two signatures on cheques, may want to review internal control systems when contemplating OBA or EFT. The following two situations are interesting; the first is based on the private foundation where I work, and the second occurred at a social service organization where I volunteer.
Two-signature control

Although The Muttart Foundation is the largest private foundation in our funding area, we have a small administrative staff and a requirement for two signatures on all cheques. The internal staff member that signs cheques does not prepare the cheque run or reconcile the bank. The second signature and review of our paper cheques by an external board member (usually the Treasurer) is an important control step that provides protection for both the Foundation and for staff. With high hopes for increased efficiency of grant delivery, we examined the feasibility of EFT for our grant payments and general payables.

At least our business bank and one other (my personal bank) issue a single master password for OBA, with full authority for all banking transactions. Although subordinate levels of access and control may be delegated to users, one individual must hold the master password. Neither bank that I spoke with had contemplated, or would entertain the thought of, a dual password level of control. The omnipotent master password system may be OK for an organization that is large enough for true separation of duties in file transfer, file preparation and bank reconciliation, where other staff members act as the internal reviewers, but in a small agency, it wholly sidesteps the intent of the two-signature control step.

Internal control is not just about fraud prevention; a good control system should also catch errors. The error of sending the wrong amount by EFT can be reasonably controlled through the usual cheque run control procedures and does not require additional steps. Controlling the error of incorrect transit numbers requires detailed paperwork from our grantees and attentive re-keying on our part. The most reliable control here would be a separate automated control master file comparing agency names to transit numbers; such a step requires extra attention and staff time to maintain an additional database.

The error of sending the right amount to the wrong recipient is not so easily managed. We have many grantees with very similar names, if they happen to use the same bank, the transit numbers can look the same to a human scanner, with few clues to pick up the error before the funds are deposited. A paper cheque issued to the wrong recipient should be caught by our signers, the receptionist sending the correspondence that normally accompanies the cheque, or by the recipient before deposit. We concluded that EFT would increase the potential for error and any new internal controls would require more effort yet be inevitably less reliable than our current system of paper cheques.