• The by-laws of the organization require an annual audit of the financial statements.
• Affiliated fund raising organizations, such as United Way, may require recipient organizations to have an audit as a condition of receiving allocations.
• Lending institutions may require audited financial statements before making a loan and in each year that the loan has an outstanding balance.
• Potential donors, especially foundations, may ask for a copy of the most recent audited financial statements. Although it may not be a prerequisite to receiving funding from them, it is a tool that the foundation can use in its decision-making.
• The federal or state agency from which you are seeking funding requires an audit.
• Management and/or the Board of Directors believe that it is a “best practice” to have an annual audit.

This last reason is the one that I like the most because there is no outside interest that is forcing an audit. I have a friend who recently became a controller at a local church that had never been audited. He requested that his Board of Trustees hire a CPA firm to conduct an audit because he wanted to start his tenure with a clean slate and to have full accountability. What better way to demonstrate to your Board that you are above board, capable, and fiscally responsible than to open your books and records to professionals trained in auditing that will provide an opinion on whether the financial statements are free of material misstatements.

If you’ve never had an annual audit (or it has been a long time since your last audit), some may ask when you should start. Following are a few ideas:

• A year or two before launching a capital campaign
• If there is an expectation that you may be involved in a merger or acquisition
• Before starting a new program that may require some creative funding
• Construction of new facilities that may require interim or permanent bank financing

If you are wondering if the organization you are involved in should have an audit of your financial statements, give us a call.

Is your organization vulnerable for this scrutiny? Remember the key terms for establishing tax-exemption…organized and operated. Form 990 is the tool for reporting information annually to the IRS, substantiating the organization’s exempt purpose. Sources and uses…this will be interesting as the IRS moves forward in looking for additional revenue streams.

Is your organization vulnerable to this type of inquiry?  Call me. We can perform assessments to determine the organization’s risk.

For more information on this initiative, see this blog post by Land Trust Alliance.

If that’s really true, then why are are nonprofit organizations involved in almost 10 percent of all fraud cases reported in the study?

We often let our desire to trust other people cloud our judgment. Especially people we hired personally and have spent years building relationships with Monday through Friday. Deep down, we all believe we’re exceptional judges of character.

And that’s when it happens. 

If the most important fraud control in place in your organization is the ability to judge character in the people you hire, you may already be a victim.

If you’re concerned that you may be the victim of a fraud, or want more information on preventing fraud, we can help.

Nonprofit boards had begun to change their focus, but not enough to stop the continued reports of fraud, misuse of assets, and excessive compensation for top executives.  The result was increased public scrutiny, new legislation, and the most significant changes to Form 990 in over 25 years. Those changes effectively required the board of directors to take responsibility for the oversight and governance of their organizations.

Although the fundamental principles of governance have not changed, governance practices have been completely redefined as boards have become more proactive in protecting the mission of their organizations by ensuring compliance with legal, financial, and ethical standards, and monitoring the progress and overall performance of their organizations. Time will tell if the “new” governance paradigm will protect nonprofit organizations from even more burdensome regulation that will divert already limited resources from the mission.

UPMIFA was developed to improve the protection of donor intent with respect to expenditures from endowments and applies to charities organized as charitable trusts or as nonprofit corporations and trusts managed by charities. The Act does not apply to funds managed by trustees that are not charities or trusts managed by corporate or individual trustees. UPMIFA provides guidance and authority to charitable organizations concerning the management and investment of funds held by those organizations and imposes additional duties on those who manage and invest charitable funds to provide additional protection for charities and also protect the interests of donors who want to see their contributions used wisely. The Act updates the rules governing expenditures from endowment funds, whether donor restricted or board designated, to provide stricter guidelines on spending endowment funds and to give institutions the ability to cope more easily with fluctuations in the value of the endowment.

In addition to identifying factors that a charity must consider in making management and investment decisions, UPMIFA requires a charity and those who manage and invest its funds to 1) give primary consideration to donor intent as expressed in a gift instrument, 2) act in good faith, with the care an ordinarily prudent person would exercise, 3) incur only reasonable costs in investing and managing charitable funds, 4) make a reasonable effort to verify relevant facts, 5) make decisions about each asset in the context of the portfolio of investments, as part of an overall investment strategy, 6) diversify investments unless due to special circumstances, the purposes of the fund are better served without diversification, 7) dispose of unsuitable assets, and 8) in general, develop an investment strategy appropriate for the fund and the charity.

Has your organization adopted an investment policy that complies with your state’s version of UPMIFA? Review your state’s requirements and make sure your policies conform to the prudent management of funds.

For additional information see http://www.upmifa.org.

For the State of Texas version of UPMIFA see http://www.statutes.legis.state.tx.us/SOTWDocs/PR/htm/PR.163.htm

It can be a daunting task to get individuals to engage in making changes to the processes and controls already in place at their organization but when they are educated on how important the controls really are they may be more willing to with stain from their resistance to change.

The 2008 report to the Nation on Occupational Fraud and Abuse estimated that US organizations lose 7% of their annual revenues to fraud which translates to approximately $994 billion in fraud losses. Losses were noted to be significantly lower in the cases where the organization had implemented controls. Small businesses were noted to be especially vulnerable to occupational fraud. The median loss suffered by organizations with fewer than 100 employees was $200,000 which is higher than the median loss in any other category, including the largest organizations. Lack of adequate internal controls was most commonly cited as the factor that allowed fraud to occur.  To read more on this report go to http://www.acfe.com/resources/publications.asp?copy=rttn

One of the key parts of the ‘self-test’ reads as follows: “Internal control is a process designed to…achieve effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations.” What organization doesn’t want to process transactions more efficiently, have accurate financial statements to their stakeholders or ensure they are in compliance with applicable laws and regulations? Properly designed internal controls can lead an organization in the right direction.

I have found the following to be a handful of a few good controls (this is not intended to be a list of the minimum controls an organization should have; simply it is a few of the controls that I think are very important):

1. Do not underestimate the power of “Tone at the Top” – if management skirts issues under the table their subordinates will assume they can do the same. This includes maintaining an oversight body (Board of Directors, etc) that has intimate knowledge of how the company operates and understands how to read and process financial information
2. Implement “Big Brother” approaches – people are less likely to stray from doing the right thing if they know someone is out there watching over their actions

Another step I highly recommend is to gain an in depth understanding of your company’s processes and procedures and see where the weaknesses are; then develop internal controls to address the identified risks.

To take the brief test to determine your level of understanding of internal controls go here:  http://www.journalofaccountancy.com/Issues/2010/Mar/20092240.htm

In January 2010, Carl Ho, CPA posted an article on Blue Avocado (http://www.blueavocado.org) titled “Five Internal Controls for the Very Small Nonprofit” that gives some insight as to what the most important controls are for small organizations. The most important controls relate to checks and balances. Establishing a “tone at the top” so that policies are in place and all employees including management follow them. Other importants considerations include clearly defined responsibilities, locking up checks, using protected passwords on computers, having two people count cash together, reconciling bank statements timely, review of reconciliations or bank statements by someone other than the bookkeeper or preparer, requiring two signatures on checks, and not allowing the bookkeeper to be a check signer. Even with these procedures in place, fraud can occur if there is collusion or if management circumvents the policies or controls. For the full article visit, http://www.blueavocado.org/content/five-internal-controls-very-small-nonprofit.

Governance plays a significant part in the control environment. Listed below are a few links from the IRS website regarding governance practices for non-profit organizations.

Governance and Tax-Exempt Organizations – Examination Materials

http://www.irs.gov/charities/article/0,,id=216068,00.html

http://www.irs.gov/pub/irs-tege/governance_check_sheet.pdf

Governance of Charitable Organizations and Related Topics

http://www.irs.gov/charities/article/0,,id=178221,00.html

Topic: Exploring the New Governance Realities

Nonprofit governance is more in the spotlight than ever with the rewrite of the Texas Business Organizations Code and the Form 990. While the principles of good governance have not changed, laws, regulations, compliance and scrutiny certainly have. The following Panelists will discuss their experiences in the past couple of years and how Boards and regulators are dealing with the major issues:
• Carol Klocek, Executive Director, YWCA of Fort Worth & Tarrant County
• Sandy Kautz, retired nonprofit CEO and Realignment Consultant with Girl Scouts of the USA; Current Community Volunteer
• Becky DaVee, CPA – Rylander, Clay and Opitz, LLP 

Date: Wednesday, March 3, 2010
Time: 11:30 – 1:30
Location: Funding Information Center, 329 S. Henderson, Fort Worth – 817-334-0228
Cost: $20 (lunch is provided)
Registration: http://www.fic-ftw.org/signup/EE%203.3.10.htm

To begin the audit, the accountant (or equivalent) will present the auditor with a listing of all accounts and the related balances that are used to compile the financial statements. Basically, the accountant is saying this is what I believe to be the balances of these accounts. Then the auditor goes through various steps, such as confirming information with third parties, reviewing invoices, contracts, receipts, bank statements, and analytical procedures to prove that the balances are not “materially misstated” and that the statements conform to generally accepted accounting principles.

An audit does not look at every transaction that occurred during the year. Normally this would be cost prohibitive. So the auditor will look at various accounts and take a sample of transactions from those accounts. Because we “test” the account balances and not review 100%, our report is not saying that the financial statements are necessarily 100% accurate, but our report tells the users of the financial statements that we believe there is not a material misstatement that would cause you to alter a decision.

For example, your organization may report to us that they have a balance of accounts receivable of $2 million. Through various means of testing this balance, we have reviewed $1.9 million of this balance and believe it to be accurate. But we have not audited the remaining $100,000. We believe that the users of the financial statements would make the same decision if the actual balance were $2 million or $1.9 million. When errors are found during the audit, the auditors will discuss the issues with management and propose adjustments to the financial statements.

Understanding what an audit of financial statements entails helps management, Board of Directors and others to know what they are paying for and that the statements fairly represent the financial status of the organization. If the accountant uses the same generally accepted accounting principles to compile the monthly financial statements, this will help management and the Board of Directors make consistent, well-informed decisions.

1. Determine if employee deferrals comply with current regulations (See limitations at: http://www.irs.gov/retirement/sponsor/article/0,,id=151925,00.html)
2. Determine if employee deferrals comply with the Plan’s maximum percentage requirements, if applicable (controls should be in place to ensure that employees are not allowed to elect to contribute more than the Plan’s elected maximum percentage as indicated in the Plan Document)
3. Controls should be in place to ensure that contributions are submitted to the Plan in a timely basis (Determine the who and the when to make sure it happens as required by law). Key – Timing should not be in excess of the number of days it takes an employer to transmit payroll taxes
4. Knowledgeable personnel should review and approve all loans and distributions made from the Plan . This knowledgeable person has read and fully understands the Plan document and requirements contained therein.
5. For loan approval – Understand the plan requirements for the following: loan amount complies; interest rate in loan agreement complies; condition for loan.
6. For distributions – Understand the following:  distribution complies with plan provisions and ensure all necessary documentation is retained (specifically for hardship distributions); distribution request includes the appropriate amount and the accurate amount of withheld taxes (10% and possibly an additional 20% if early distribution); ensure the appropriate vested percentage is utilized for employer contributions; determine if distributions required by law (required minimum distributions, etc) were completed during the year.

I hope the information is helpful in establishing a sound control environment for your organization’s employee benefit plan.  If there are areas that I have missed feel free to leave a comment to help out the other readers.  The controls that I have listed are coming from an auditor’s point of view and you may have insights related to your field of expertise that could be beneficial to others!