?Hi, Robert - and Jan.
I just want to strongly echo what Laura said!
"Internal controls" are needed by every organization. They are needed to control (1) what happens and (2) what is reported about what happened.
Multiple signatures are effective only if BOTH signatures are applied AFTER the check is written. Every CPA can tell stories about finding blocks of pre-signed blank checks in the checkbook, ripe for misuse by the other signer. This is just one glaring example of misuse of an internal control over "what happens".
Bank reconciliation by someone other than the check-signer is a way to guard against misreporting how much was spent and for what. Since banks rarely show us the front and back of checks these days, we have less chance to spot incorrect recording/reporting of disbursements, whether the errors were intentional or not. But separation of the check-writing and reconciliation functions still can provide internal control when conscientiously applied.
As you said, Robert, the focus of an audit is on the financial statements, which are necessarily prepared after - maybe long after - transactions have taken place. The audit is intended to provide assurance to third-party readers of the financial statements. It seldom is designed primarily to detect or prevent fraud. So the CPA should be involved much earlier to design the accounting system, making sure that it includes a strong system of internal control. Separation of duties, multiple signatures, frequent presentation of financial reports, etc., are all components of such a system.
It should be pointed out that a good system of internal controls protects the bookkeeper, treasurer and other responsible persons as much as it protects the members. How else can you protect yourself against charges of mishandling of funds? How else can you assure the members that the information you furnish them actually reflects reality?
As I often mention here, I've been retired for a couple of decades. Some CPA concerns, like tax rules and accounting and reporting standards, change from time to time. But some fundamental principles, such as the need for adequate internal controls, remain constant.
RC