Think again. Every two years the Association of Certified Fraud examiners publishes its Report to the Nations on Occupational Fraud and Abuse. It’s amazing to me to see how consistent the results are from period to period and across industries. The report also reminds me how dangerous and costly blind trust can be to organizations. Many of our nonprofit clients tell us that fraud is just not a significant risk for their organization because their employees are commited the cause.  And who could be more trustworthy than someone willing to serve an important cause?

If that’s really true, then why are are nonprofit organizations involved in almost 10 percent of all fraud cases reported in the study?

We often let our desire to trust other people cloud our judgment. Especially people we hired personally and have spent years building relationships with Monday through Friday. Deep down, we all believe we’re exceptional judges of character.

And that’s when it happens. 

If the most important fraud control in place in your organization is the ability to judge character in the people you hire, you may already be a victim.

If you’re concerned that you may be the victim of a fraud, or want more information on preventing fraud, we can help.

I recently completed a ‘self-test’ in the Journal of Accountancy, March 2010 edition, titled “Internal Control:  Test Your Knowledge” and it reminded me of several questions that I have received from my clients. Many individuals within organizations believe that internal controls are only really necessary for large companies. This is a fallacy. Internal controls are VERY important for all types of organizations. Even if a company is very small, with only a few people working in the accounting department, processes can be developed to ensure that a sound control environment is consistently maintained.

It can be a daunting task to get individuals to engage in making changes to the processes and controls already in place at their organization but when they are educated on how important the controls really are they may be more willing to with stain from their resistance to change. Read the rest of this entry »

When there are only a few staff in an organization, it is very difficult to obtain the appropriate level of segregating duties.

In January 2010, Carl Ho, CPA posted an article on Blue Avocado (http://www.blueavocado.org) titled “Five Internal Controls for the Very Small Nonprofit” that gives some insight as to what the most important controls are for small organizations. The most important controls relate to checks and balances. Establishing a “tone at the top” so that policies are in place and all employees including management follow them. Other importants considerations include clearly defined responsibilities, locking up checks, using protected passwords on computers, having two people count cash together, reconciling bank statements timely, review of reconciliations or bank statements by someone other than the bookkeeper or preparer, requiring two signatures on checks, and not allowing the bookkeeper to be a check signer. Even with these procedures in place, fraud can occur if there is collusion or if management circumvents the policies or controls. For the full article visit, http://www.blueavocado.org/content/five-internal-controls-very-small-nonprofit.

Governance plays a significant part in the control environment. Listed below are a few links from the IRS website regarding governance practices for non-profit organizations.

Governance and Tax-Exempt Organizations – Examination Materials

http://www.irs.gov/charities/article/0,,id=216068,00.html

http://www.irs.gov/pub/irs-tege/governance_check_sheet.pdf

Governance of Charitable Organizations and Related Topics

http://www.irs.gov/charities/article/0,,id=178221,00.html

Listed below are some additional controls that I believe are necessary for a sound control environment in an employee benefit plan (again this list is not intended to be all inclusive as the facts and circumstances of employee benefit plans vary):

1. Determine if employee deferrals comply with current regulations (See limitations at: http://www.irs.gov/retirement/sponsor/article/0,,id=151925,00.html)
2. Determine if employee deferrals comply with the Plan’s maximum percentage requirements, if applicable (controls should be in place to ensure that employees are not allowed to elect to contribute more than the Plan’s elected maximum percentage as indicated in the Plan Document)
3. Controls should be in place to ensure that contributions are submitted to the Plan in a timely basis (Determine the who and the when to make sure it happens as required by law). Key – Timing should not be in excess of the number of days it takes an employer to transmit payroll taxes
4. Knowledgeable personnel should review and approve all loans and distributions made from the Plan . This knowledgeable person has read and fully understands the Plan document and requirements contained therein.
5. For loan approval – Understand the plan requirements for the following: loan amount complies; interest rate in loan agreement complies; condition for loan.
6. For distributions – Understand the following:  distribution complies with plan provisions and ensure all necessary documentation is retained (specifically for hardship distributions); distribution request includes the appropriate amount and the accurate amount of withheld taxes (10% and possibly an additional 20% if early distribution); ensure the appropriate vested percentage is utilized for employer contributions; determine if distributions required by law (required minimum distributions, etc) were completed during the year.

I hope the information is helpful in establishing a sound control environment for your organization’s employee benefit plan.  If there are areas that I have missed feel free to leave a comment to help out the other readers.  The controls that I have listed are coming from an auditor’s point of view and you may have insights related to your field of expertise that could be beneficial to others!

To ensure a Plan Sponsor is fulfilling their fiduciary obligations related to the oversight of an employee benefit plan I have listed some of the internal control matters that should be addressed (please note this is not an all inclusive list as facts and circumstances of each Plan vary):

1. Ensure all user control considerations included in the third party administrator’s (record-keeper, trustee, custodian, etc) Type II SAS 70 are in place at the Plan Sponsor
2. Analyze compliance testing results provided by the third party administrator and if the Plan failed any tests ensure that corrective action is taken in a timely manner (distributions or additional contributions to the Plan as necessary)
3. Determine if established internal controls are designed appropriately to catch errors or fraud that may occur during the processing of transactions related to the Plan. Consider conducting a brainstorming session with individuals involved in the Plan in determining what could go wrong and then determine if controls currently in place are adequate to address such risks.
4. If the census is prepared by the Plan Sponsor ensure that the total wages included in the census reconciles with the organizations payroll records (remember census must include all employees that received a paycheck during the year whether employed by the organization or not during the year); the census should also be reconciled with the record-keeper statements (employee contributions, employer contributions and loan repayments). Key point – A reconciled census that agrees with the Plan Sponsors audited financial statements and the record-keeper statements will save time and money during a benefit plan audit
5. Controls should be in place to ensure all information included on the participant statements (social security #, name, compensation, date of birth, date of hire and date of termination) is complete and accurate.  Inaccurate information could lead to:

• Allowing individuals to enter the plan when they were not eligible to do so or not allowing an employee into the plan that is in fact eligible.
• Inaccurate amounts being withheld for employee contributions and/or employer matching contributions.
• Inaccurate amounts being withheld or forfeited when an employee receives a distribution (early distribution tax penalties or issues related to utilizing the appropriate vesting percentage for employer contributions)

     6. Determine if the annual Form 5500 reconciles to the Plan’s financial statement’s

 Interested in refining your internal controls for benefit plan recordkeeping. More will come in a later blog post…

Has your company received a portion of the American Recovery and Reinvestment Act of 2009 funds or do you anticipate applying to receive such funds?  If so the following are a few key points that should be discussed/considered:Consider appointing a Recovery Act “Czar” who is responsible for becoming familiar with the numerous requirements associated with the Recovery Act funds and communicate them to others in the organization.  They will also be a resource for others in the organization and be indicative of a strong “tone at the tope” for the importance of compliance with Recovery Act awards.

• Additional controls and systems may be required to ensure that Recovery Act funds are separately identified and tracked in the accounting system.  This segregation will have to carry through to the Schedule of Expenditures of Federal Awards and the Data Collection Form.
• Additional controls and systems may be required to meet the stringent reporting requirements to the federal agencies. 
• Internal control over compliance is extremely important to ensure funds are spent appropriately.  Consider the following:
  • Are control procedures over federal expenditures appropriate, working properly and designed to prevent unallowable expenditures?
  • Are additional controls and systems required to ensure that Recovery Act funds are separately identified and tracked?
  • Are new controls needed to meet the stringent reporting requirements to the federal government?
  • If Recovery Act funds are passed down to subrecipients are controls in place to ensure appropriate monitoring and reporting requirements?
• The Federal Audit Clearinghouse is required to provide public access, via the internet, to all single audit reports filed with the FAC for fiscal years ending 9/30/09 and later.  This will include the Schedule of Findings and Questioned Costs, if applicable.
• With the addition of Recovery Act funds, there will likely be more high-risk programs and additional compliance requirements that auditors will need to test.

For more information, see the Government Audit Quality Center Alert No.’s 106, 111 and 112 and the OMB Circular A-133 Compliance Supplement Appendix 7.

With limited resources and tightening budgets, establishing effective internal controls can become tricky. Controlling the cash flowing into and out of the organization is supremely important and can generally be done effectively with the personnel and board members that are already in place. The single most important tenet of a control structure, especially in cash disbursements, is to limit opportunity by segregating duties. Think about the person that performs the most duties related to cash disbursements in your organization. What happens if that person receives some added motivation such as an ill family member with medical bills or a spouse losing a job? Could they rationalize the need for additional funds and ultimately cause damage to your organization? As honest as you perceive people in your organization to be, segregation of duties helps keep these people honest. 

The following are a list of helpful controls that limit the ability to perpetrate and conceal theft of cash. Read the rest of this entry »

Would you like your audit to go smoother?  Would you like to know the difference between a financial statement audit and a compliance audit?  Would you like to shorten the time the auditors are at your office?  If you answered “yes” to any of these questions, then you should attend the “Executive Exchange” hosted by the Funding Information Center on Wednesday, March 4th (11:30 – 1:00). 

Compliance=Accountability: Preparing for an Audit will be presented by Linda Low, Audit Partner and Donna Mayes, Audit Manager, both with Rylander, Clay and Opitz, LLP.  During this informative workshop, you will learn what can make your life easier, how to make the auditors’ happy, how to reduce/eliminate internal control deficiencies, and how to easily remedy common compliance issues associated with your single audit. 

For more information and registration, contact the Funding Information Center .

Man charged with 2 counts of battery, theft and disruption – Police in Florida have reported that a 33 year old man tried to steal communion wafers during a church service. The man was held by several offended parishioners when deputies arrived.

How do you maintain “order” and protect your wafers? Make sure you monitor and protect the Church’s assets, including congregants and other resources. For more information on safeguarding assets, see Donna Mayes’ 10/7/08 post on Internal Controls.