The following excerpt is provided, by permission, from Melanie Herman, Executive Director of the Nonprofit Risk Management Center, Leesburg, VA:

In Jeffrey Rosenthal’s fascinating book “Struck by Lightning: the Curious World of Probabilities, Rosenthal explores the science of probabilities. He compells his readers to remember that risk management is accompanied by “randomness”. Many aspects of our lives are governed by events not completely within our control and uncertainty is here to stay. Nonprofit leaders have two options regarding uncertainty: #1 – Let uncertainty get the better of us and our tax-exempt organizations or #2 – Learn to understand and perhaps appreciation randomness and act accordingly.

According to Rosenthal, “by thinking logically about the likelihood of various outcomes, we can better make decisions and understand our lives more deeply.”  So what does thinking logically have to do with governance and managing risk? Read the rest of this entry »

Anyone…at least that is how one should think when analyzing fraud risks.

Fraud is a hot topic. If you don’t think so ask someone who used to work for Enron or invested in Madoff’s investment company, they might change your mind. But, because of instances like these, people often think of fraud in large terms, and the mention of the words carries a lot of weight; when very often fraud occurs in all sizes and forms.

But, who is likely to commit fraud? Most people use what is commonly known as the fraud triangle to identify areas where one can commit fraud. The three criteria are Pressure/Incentive, Opportunity, and Rationalization.

The pressure/incentive trait is common with performance based jobs where there is motivation for employees to record false sales to meet sales/performance quotas or up their commission, or other incentive pay.

Opportunity rears its ugly head when an individual has too much control over one key process in a business. Let’s say a cashier at a bank did not have to reconcile the cash drawer at the end of the day. The “opportunity” is there for cash to be stolen without any knowledge of it being gone.

A big one in today’s economy is rationalization. This is commonly referred to as the “I deserve this,” mentality. Where an individual develops a frame of mind where they can justify their actions and commit the fraud even though it is outside their typical ethical guidelines. For example, the company is generating large revenue streams, but an employee needs money to pay for his kid’s summer baseball league; this employee could find themselves thinking “They won’t miss this money, and I can’t say no to my child.”

Now let’s not confuse fraud with honest mistakes, errors, or plain ignorance; there is a difference. Fraud is defined as “intentional” deception…intentional being the key word.

Stay tuned as we post methods to address these instances and help you to minimize fraud in your business.

Has your company received a portion of the American Recovery and Reinvestment Act of 2009 funds or do you anticipate applying to receive such funds?  If so the following are a few key points that should be discussed/considered:Consider appointing a Recovery Act “Czar” who is responsible for becoming familiar with the numerous requirements associated with the Recovery Act funds and communicate them to others in the organization.  They will also be a resource for others in the organization and be indicative of a strong “tone at the tope” for the importance of compliance with Recovery Act awards.

• Additional controls and systems may be required to ensure that Recovery Act funds are separately identified and tracked in the accounting system.  This segregation will have to carry through to the Schedule of Expenditures of Federal Awards and the Data Collection Form.
• Additional controls and systems may be required to meet the stringent reporting requirements to the federal agencies. 
• Internal control over compliance is extremely important to ensure funds are spent appropriately.  Consider the following:
  • Are control procedures over federal expenditures appropriate, working properly and designed to prevent unallowable expenditures?
  • Are additional controls and systems required to ensure that Recovery Act funds are separately identified and tracked?
  • Are new controls needed to meet the stringent reporting requirements to the federal government?
  • If Recovery Act funds are passed down to subrecipients are controls in place to ensure appropriate monitoring and reporting requirements?
• The Federal Audit Clearinghouse is required to provide public access, via the internet, to all single audit reports filed with the FAC for fiscal years ending 9/30/09 and later.  This will include the Schedule of Findings and Questioned Costs, if applicable.
• With the addition of Recovery Act funds, there will likely be more high-risk programs and additional compliance requirements that auditors will need to test.

For more information, see the Government Audit Quality Center Alert No.’s 106, 111 and 112 and the OMB Circular A-133 Compliance Supplement Appendix 7.

With limited resources and tightening budgets, establishing effective internal controls can become tricky. Controlling the cash flowing into and out of the organization is supremely important and can generally be done effectively with the personnel and board members that are already in place. The single most important tenet of a control structure, especially in cash disbursements, is to limit opportunity by segregating duties. Think about the person that performs the most duties related to cash disbursements in your organization. What happens if that person receives some added motivation such as an ill family member with medical bills or a spouse losing a job? Could they rationalize the need for additional funds and ultimately cause damage to your organization? As honest as you perceive people in your organization to be, segregation of duties helps keep these people honest. 

The following are a list of helpful controls that limit the ability to perpetrate and conceal theft of cash. Read the rest of this entry »

I ask this quite often to new accounting graduates when they’re applying for jobs.  Most give me a “deer in the headlights” look.  Others just stare angrily at me.  For any of you who’ve been in those interviews, and are reading this, I sincerely apologize.  It’s probably too much of a philosophical question for an interview when you’re just out of school and nervous.  But I do think it is an important concept.  When the dust clears, why are we here?  To me, it’s difficult to do your job well unless you have a good sense of your role and purpose.

This may just be my own opinion, but I think the accountant’s function can, for the most part, be summarized in three areas of responsibility.

Number 1 – To provide timely and accurate financial information to management in order to support decision making.  The financial statements, and other financial information, are the basis for the majority of decisions made by management of most entities.  The accountant’s ability to provide information accurately, on a timely basis, is crucial to each entity’s ability to make decisions and succeed.  Although this looks different for each particular business, the responsibility is similar.

Number 2 – To safeguard the entity’s assets.  Again, this looks different for each particular business, but the ability to design and implement an effective internal control structure is a vital responsibility of the accountant.  Whether it’s segregation of duties, reviews and approvals, reconciliations or just a second set of eyes looking at transactions, the internal control structure must be constantly monitored in order to protect the entity’s assets from misappropriation.  And at the heart of this responsibility, is the accountant’s own integrity.  This is a discussion for another day, however.

Number 3 – To follow the law.  Although simple, there are many legal ramifications to the accountant’s responsibility.  These include, but are not limited to, payroll taxes, labor laws, income taxes, vendor payments and collection laws.  The accountant has a responsibility to his/her employer to ensure that the entity follows all applicable laws and tax codes.

Again, it may just be my opinion, and there may be some blatant omissions, but if an accountant can take care of those three responsibilities, they’re doing a pretty good job.  And if you ever interview with me, and can repeat those, you’ve got a pretty good chance of understanding the requirements and function of the job.

In today’s world, organizations must consider the strength of their internal controls more than ever.  It is important to periodically review your internal controls to ensure that they are well-designed and operating effectively.  To determine if your system is well designed, take a particular type of transaction and trace it from its origin to its ultimate conclusion, asking yourself, “What could go wrong with this system?”  To evaluate the operating effectiveness, ask the various personnel involved in processing the transaction how they perform the various tasks, and watch them actually do the work.  You will be better able to determine if they are following the appropriate procedures.

When going throught this review, it is important to take the “person” out of the control and ask yourself, “If I had an unknown person performing this taks, would I be concerned?”  Because of the very nature of the types of services that most not-for-profits provide, they tend to hire caring, trustworthy individuals to perform various tasks.  While trust is certainly a needed attribute to have in an employee, it cannot serve as your only internal control.  If you also believe that an employee would never do anything wrong, you may be under a false sense of security.  We usually suggest to our clients that the internal controls be designed in such a way that it eliminates the opportunity for an employee to commit fraud.  This design not only can protect you, but the employee as well.

A key component of a well-designed internal control system is segregation of duties.  Proper segregation also helps to eliminate the opportunity to make errors or commit fraud.  To create proper segregation, the following tasks should be performed by different personnel:

• Authority (approving purchases, writing off bad debt, authorizing salary increases, approving new vendors)
• Custody (ability to write checks, make bank deposits, process cash receipts, manage inventory, make electronic withdrawals from bank and investment accounts )
• Recordkeeping (posting transactions to the general ledger, recording receivables and payables)

Need help in segregating functions or duties. Contact me.

In today’s world, organizations must consider the strength of their internal controls more than ever. It is important to periodically review your internal controls to ensure that they are well-designed and operating effectively. To determine if your system is well designed, take a particular type of transaction and trace it from its origin to its ultimate conclusion, asking yourself, “What could go wrong with this system?” To evaluate the operating effectiveness, ask the various personnel involved in processing the transaction how they perform the various tasks, and watch them actually do the work. You will be better able to determine if they are following the appropriate procedures.

When going through this review, it is important to take the “person” out of the control and ask yourself, “If I had an unknown person performing this task, would I be concerned?” Because of the very nature of the types of services that most not-for-profits provide, they tend to hire caring, trustworthy individuals to perform various tasks. While trust is certainly a needed attribute to have in an employee, it cannot serve as your only internal control. If you also believe that an employee would never do anything wrong, you are under a false sense of security. We usually suggest to our clients that the internal controls be designed in such a way that it eliminates the opportunity for an employee to commit fraud. This design not only can protect you, but the employee as well.

A key component of a well-designed internal control system is segregation of duties. Proper segregation also helps to eliminate the opportunity to make errors or commit fraud.

To create proper segregation, the tasks of:
(1) authority (approving transactions, writing off bad debt),
(2) custody (ability to write checks, make bank deposits, process cash receipts) and
(3) recordkeeping (posting transactions to the general ledger)
should be performed by different personnel or functions.

How do you, the organization, monitor internal controls? Write a comment…