Sarbanes-Oxley for Nonprofits: A Guide to Building Competitive Advantage [1 ed.] 0471697885, 9780471697886, 9780471731993

Citation preview

Sarbanes-Oxley for Nonprofits

SarbanesOxley for Nonprofits A Guide to Gaining Competitive Advantage

Peggy M. Jackson, dpa, cpcu Toni E. Fogarty, ph.d.,mph

John Wiley & Sons, Inc.

This book is printed on acid-free paper. Copyright © 2005 by John Wiley & Sons, Inc., Hoboken, NJ. All rights reserved. Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800-762-2974, outside the United States at 317-572-3993 or fax 317-572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. For more information about Wiley products, visit our Web site at www.wiley.com. Library of Congress Cataloging-in-Publication Data: Jackson, Peggy M. Sarbanes-Oxley for nonprofits : a guide to gaining competitive advantage / Peggy M. Jackson and Toni E. Fogarty. p. cm. Includes index. ISBN 0-471-69788-5 (cloth) 1. Nonprofit organizations—United States—Finance—Management. 2. United States. Sarbanes-Oxley Act of 2002. 3. Nonprofit organizations— Accounting--Law and legislation. 4. Nonprofit organizations—Auditing— Law and legislation. 5. Nonprofit organizations—United States— Management. I. Title: Sarbanes-Oxley for non-profits. II. Fogarty, Toni E. III. Title. HG4027.65.J33 2005 657'.98—dc22 2004029119 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1

In loving memory Bernice Stinemates Barnhardt Carlisle Stinemates The Rev. Chandler C. Jackson PMJ

In loving memory Molly Davenport Nokal Kitchens Hoss and Weasel TEF

Contents

acknowledgments about the authors preface chapter 1

chapter 2

chapter 3

xiii xv xvii

Overview of the Legislation and Its Implications for Nonprofits What Is the Sarbanes-Oxley Legislation About? Relevance of SOX to Nonprofits Current Legislative Environment for Nonprofits Conclusion Endnotes Safeguarding Your Nonprofit’s Financial Resources and Assets: Establishing Auditor Independence and Audit Committee Competence SOX Titles II and III The Value of Accurate Financial Statements The Importance of a Good Audit The Board’s Responsibility Regarding the Financial Statements Conclusion Reading and Interpreting Financial Statements Balance Sheet Statement of Operations Statement of Changes in Net Assets Statement of Cash Flows Financial Statement Analysis Conclusion

1 1 12 13 26 26

27 28 29 30 32 38 39 42 46 49 50 52 65

vii

viii

contents

chapter 4

chapter 5

chapter 6

chapter 7

chapter 8

Form 990: Unnecessary Paperwork or a Useful Tool? What Are Form 990 and Form 990-EZ? Why Is Form 990 Important? Management’s Role in Improving Form 990: Creating a Good Internal Control System The Board’s Role in Form 990 Conclusion SOX Sections VIII and XI: Document Retention and Whistleblower Protection Obligations Whistleblower Protection Creating a Confidential Reporting System Document Retention, Archiving, and Retrieval First Steps: Beginning the Process Conclusion Raising the Bar of Accountability: SOX Best Practices and the Board Legislative Environment: Best Practices and Governance New Expectations for Board Oversight and Governance Higher Expectations for Board Membership and Deliberations SOX and the Board: Higher Performance and Greater Accountability Championing SOX Best Practices: The Board’s Governance Role Conclusion SOX Best Practices and Organizational Culture: Changing the Environment The Nonprofit’s Organizational Culture and the Adaptation of SOX Best Practices Introducing Change Nonprofit Board Culture Strategies for Introducing Change in the Board Culture Conclusion Endnote A Platinum Operating Standard Starts with Good Bones SOX Best Practices: Moving to a Platinum Operating Standard What Are Platinum Operating Standards? Review of Internal Controls

67 67 68 69 72 74

75 76 77 79 79 84

85 86 89 90 96 98 102

103 103 110 112 120 121 121

123 123 125 126

contents

Conducting the Review of Internal Controls Content and Structure of the Review of Internal Controls Report Conclusion Endnote

chapter 9

Creating a Competitive Advantage: Leveraging SOX Best Practices Competitive Advantages of Being in Compliance with Sarbanes-Oxley Best Practices Conclusion Endnotes

chapter 10 SOX Best Practices for Small Nonprofits Five Myths That Hold Small Nonprofits Back Adopting SOX Best Practices Scaling the SOX Best Practices to Fit the Needs of Small Nonprofits Keys to Success in Customizing SOX Best Practices Conclusion

ix

133 134 135 135

137 138 154 154 155 155 157 157 162 163

appendices Best Practices: Checklists, Worksheets, and Sample Documents

appendix a Working Through the Four Basic Financial Statements Balance Sheet Statement of Operations Statement of Changes in Net Assets Statement of Cash Flows

165 167 167 175 181 184

appendix b Whistleblower Protection Policy

189

appendix c

Document Retention and Storage Protocols Document Retention Policy—Talking Points Writing the Policy—Talking Points Special Designations for Sensitive Documents Storing and Archiving the Documents Testing the System

191 191 191 193 194 194

appendix d Audit Committee Procedures and Protocols

195 195 195 195

Audit Committee Composition of the Committee Committee Functions and Deliverables

x

contents

appendix e Conflict of Interest Policy Talking Points Sample Conflict of Interest Letter

appendix f Code of Ethics for Board and Senior Management Talking Points Sample Code of Ethics for a Nonprofit Board Member

197 197 199 201 201 202

appendix g Board of Directors—Governance Profile and Performance Expectations Oversight and Policy Making Term Limits Summary of Board Committees’ Descriptions and Performance Objectives Process for Board Member Nomination and Election

appendix h Board Orientation Session

appendix i

appendix j

203 203 203 204 204

Outline of Curriculum Board Binder Contents

207 207 208

Review of Internal Controls Report and Recommendations Overview of the Project Systems Recommendations and Time Line

211 211 211 212

Risk Management Plan Profile Risk Management Worksheets Worksheet 1—List Areas of Concern Worksheet 2—Tier 1 and Tier 2 Risks Worksheet 3—Strategies for Dealing with Risk Worksheet 4—Time Line Worksheet 5—Risk Administration and Monitoring Worksheet 6—Risk Management Plan Template: Table of Contents Sample Risk Management Plan: Table of Contents

appendix k Business Continuity Plan Emergency Protocols Contact Information for Board Members and Staff Business Resumption Strategies for Each Department within Your Nonprofit Communication

213 213 213 214 214 215 215 216 216 217 219 219 220 220 221

contents

appendix l index

xi

Financial Services Vendors Service Providers—Utilities, Water, Governmental Agencies If Your Nonprofit Needs to Relocate

221 221 222 222

Bibliography

225 229

Acknowledgments

We would like to thank our editor, Susan McDermott, for her support and interest in this project. Her encouragement spurred us on and her support has been enormously helpful. Peg is grateful for the ongoing support and encouragement of Victoria (“Tori”) Hill of the Library of Congress. Tori was a mainstay of support for Peg since the days of her dissertation, and for this project, has once again demonstrated the tremendous cooperation and dedication that Peg has come to know from working with the staff at the Library of Congress. The Library is truly a national treasure! Peg is also very grateful for the ever-present support of her husband, Paul, who has always believed in her, and their family friend, Rick Ewing, whose support and humor puts things in perspective. Toni is grateful for the number of people who helped her with this project, either directly or indirectly. The “Ladies Who Lunch” group has been and continues to be a great source of inspiration, and provides comic relief when things get too serious. She would like to thank her students at California State University, Hayward, and the University of San Francisco, who have helped her examine issues from a variety of diverse perspectives and have enabled her to hone her analytical and communication skills. Toni has also been blessed with a number of supportive colleagues, teachers, and friends. She would like to thank Jann Adams, Teh-wei Hu, and Ray Catalano, all of whom helped her make her way through the trials and hurdles of academia. In addition, she would like to thank all of her colleagues at California State University, Hayward, for providing her with a caring and supportive work environment, something that is very rare and xiii

xiv

acknowledgments

precious in these hectic and competitive times. Finally, she would like to express her appreciation to and her affection for her friends Fox Frohlich, Katherine Collins, Doug Hogin, Raluca Cerbu, Denise Lyons, Dan Gentry, Raena Frolich, and Laurie Nobilette, all of who sustain her by their encouragement, wisdom, and humor. Lastly, we would like to acknowledge “Virginia,” whose name may be fictitious, but who is indeed a real person. Admittedly, it was her ill-advised comments at a luncheon that served as the main catalyst for this project. However, in our work, we have encountered many people like “Virginia,” “Wendell,” and “Samantha,” whose words or deeds provide a context for presenting more useful methods.

About the Authors

Peggy M. Jackson, DPA, CPCU, is a consultant and nationallyrecognized lecturer in risk management, business continuity planning, and Sarbanes-Oxley compliance for nonprofits. Dr. Jackson has coauthored five books on risk management in nonprofit organizations: Managing Risk in Nonprofit Organizations; Mission Accomplished: A Practical Guide to Risk Management for Nonprofits; Mission Accomplished: The Workbook; No Surprises: Harmonizing Risk & Reward in Volunteer Management; and Risk Management for Schools. She is a partner with Fogarty, Jackson & Associates and a Principal with Adjunct LLC in San Francisco, CA. Toni E. Fogarty, Ph.D., MPH (San Francisco, CA) is an assistant professor in the Department of Public Affairs and Administration at California State University, Hayward, and serves as the Graduate Coordinator of the Master of Science in Health Care Administration program. She teaches courses in organizational behavior and change, research methods, ethical and legal issues in health care, and health care finance and budgeting. Dr. Fogarty is a founding partner and the CFO in the Fogarty, Jackson & Associates Consulting Group, which provides consulting services in the areas of risk management, business continuity planning, organizational analysis and change, and Sarbanes-Oxley compliance. Dr. Fogarty coauthored the book Managing Risk in Nonprofit Organizations, has published articles in several professional and academic journals, and has conducted a number of presentations and workshops at international and national conferences.

xv

Preface

O

ur intent is to present the best practices that have emerged from the Public Company Accounting Reform and Investor Protection Act (Sarbanes-Oxley) in a manner that explains their source and value to your nonprofit organization. This book is intended for nonprofit practitioners, board members, funders, potential donors, and anyone else who would like to know how this important piece of legislation and how issues in today’s legislative environment affect nonprofits and can serve to strengthen the infrastructure of nonprofits. The environment in which nonprofits operate is changing—dramatically. The U.S. Senate Finance Committee conducted hearings into nonprofit accountability in June 2004. In response to testimony from the Commissioner of the Internal Revenue Service (IRS) and others, actions were proposed to raise the bar for nonprofit accountability. These proposals include: • Require nonprofits to have their IRS tax-exempt status reviewed every five years, with extra documents and a new processing fee • Increase information disclosures on IRS Form 990, including annual performance goals and measurements for meeting those goals • Require Form 990 to be signed by an organization’s chief executive officer (CEO) or equivalent under penalties of perjury • Create penalties for failure to file a complete and accurate Form 990 • Introduce requirements for nonprofit accreditation • Establish an Exempt Organization Hotline for reporting abuses by charities and complaints by donors and beneficiaries • Limit board size to 15 members xvii

xviii

preface

The tone of the preceding proposals should be unmistakable. Public pressure is mounting to have nonprofits come under a higher level of scrutiny and regulation. Although only two provisions of Sarbanes-Oxley (SOX) apply to both nonprofit and publicly traded companies (whistleblower protection and document preservation), visible compliance with SOX standards establishes a “platinum standard” and establishes a competitive advantage that can provide benefits to any nonprofit. Best practices that emerge for SOX compliance include: • A more effective board whose members understand and adhere to their fiduciary obligations and recognize their responsibility in governing the nonprofit • Higher level of management and staff accountability • Effective protocols to ensure that the nonprofit remains in compliance with SOX and nonprofit “industry standards” and addresses future standards • Better competitive positioning by making it known that the nonprofit adheres to the SOX platinum standard in its operating practices • Greater credibility and ability to recruit high-quality board members and to attract the favorable attention of major donors, foundations, and other funding sources We’ve designed this book to take the reader from wondering what SOX is all about to examining the various sample documents and procedures that can be used to introduce these best practices into your nonprofit. Chapter 1 provides an overview of the SOX legislation and the changes in the nonprofit legislative environment. The outcomes and proposals from the Senate Finance Committee hearings are reviewed, along with the new California Nonprofit Integrity Act. Chapter 2 examines the role of audit committees and audits in SOX best practices. Chapter 3 explores nonprofit accounting and financial statements. Chapter 4 discusses the IRS Form 990s and their enhanced role in nonprofit accountability.

preface

xix

Chapter 5 explores the SOX required provisions of whistleblower protection and document retention policies. These two policies apply to all organizations, not just publicly traded corporations. Chapter 6 reviews how SOX best practices affect nonprofit boards. Chapter 7 examines how a nonprofit’s organizational culture impacts its readiness to integrate SOX best practices. Chapter 8 discusses how to move the nonprofit’s operating standard from ordinary to platinum. Chapter 9 describes the ways in which the nonprofit can leverage SOX best practices to create a competitive advantage. Chapter 10 provides recommendations for scaling the SOX best practices to suit the needs of the small nonprofit. We believe that integrating SOX best practices along with the other legislative recommendations can strengthen your nonprofit’s commitment to fulfilling its mission.

Chapter

1

Overview of the Legislation and Its Implications for Nonprofits

The scene is an elegant Minneapolis restaurant. Five career women are having lunch together. Lois is the CFO of a well-known nonprofit in the Twin Cities. Shelly is an attorney with a prominent law firm. Peg is an author and consultant. Toni is a professor, author, and consultant. Virginia is a community volunteer who sits on a number of prestigious nonprofit boards. She is also the Chair of the Board of a historic Minneapolis landmark. The women met for lunch that day because they were colleagues on a pro bono project. Peg attempted, once again, to convince Virginia that the conflict of interest presented by a staff member was indeed a serious issue, and the discussion turned to Sarbanes-Oxley. Virginia emphatically stated, “Sarbanes-Oxley has nothing to do with nonprofits! You don’t know what you are talking about!” Both Peg and Toni attempted in vain to dissuade Virginia of this notion. Yes, Virginia, Sarbanes-Oxley does apply to nonprofits!

What Is the Sarbanes-Oxley Legislation About? The Public Company Accounting Reform and Investor Protection Act was passed in 2002 in the wake of the Enron corporate scandal. The act is 1

2

chapter 1

overview of the legislation

commonly referred to as the Sarbanes-Oxley Act (SOX), named after Senator Paul Sarbanes (D-MD) and Representative Michael Oxley (R-OH), who were its main sponsors. Although SOX was initially intended to raise the bar for integrity and competence for publicly traded companies, its effect has been to promote greater accountability within both the nonprofit and private sector. Along with public companies such as Enron, the nonprofit world has seen high-profile scandals such as those involving the United Way and the American Red Cross. Subsequent to these nonprofit scandals, legislatures in both New York and California have begun deliberations on SOX “clones,” targeting nonprofit accountability. In a similar vein, the U.S. Senate Finance Committee conducted hearings in June 2004 and published some proposed actions to raise the bar for nonprofit accountability. These proposals include: • Require nonprofits to have their Internal Revenue Service (IRS) tax exempt status reviewed every five years, with extra documents and a new processing fee • Increase information disclosures on IRS Form 990, including annual performance goals and measurements for meeting those goals • Require Form 990 to be signed by an organization’s chief executive officer (CEO) or equivalent under penalties or perjury • Create penalties for failure to file a complete and accurate 990 • Appropriate $10 million for various forms of nonprofit accreditation • Establish an Exempt Organization Hotline for reporting abuses by charities and complaints by donors and beneficiaries • Limit board size to 15 members The tone of the preceding proposals should be unmistakable. Public pressure is mounting to have nonprofits come under a higher level of scrutiny and regulation. Although only two provisions of SOX apply to both nonprofit and publicly traded companies (whistleblower protection and document preservation), visible compliance with SOX standards establishes a “platinum standard” and a marketing competitive advantage that can provide benefits to any nonprofit. Best practices that emerge from SOX compliance include:

what is the sarbanes-oxley legislation about?

3

• A more effective board whose members understand and adhere to their fiduciary obligations and recognize their responsibility in governing the nonprofit • Higher level of management and staff accountability • Effective protocols to ensure that the nonprofit remains in compliance with SOX and nonprofit “industry standards” and addresses future standards • Better competitive positioning by making known that the nonprofit adheres to the SOX platinum standard in its operating practices • Greater credibility and ability to recruit high-quality board members and to attract the favorable attention of major donors, foundations, and other funding sources SOX is the latest in a long progression of regulatory reform aimed at rectifying corporate misdeeds. A brief look at a segment of this country’s economic history addresses the following questions: • What events brought about legislation that addresses corporate misdeeds? • What areas of business and nonprofit operations are facing more scrutiny and why? • What are the features of SOX and what are the best practices that emerge from this law? • Why have these best practices raised the bar for nonprofits? Sox Has Its Roots in the Great Depression The Great Depression, which began in 1929 and lasted more than a decade, was one of the deepest economic slumps to affect the United States, Europe, and other industrialized countries. Although the actual causes of the Great Depression are still intensely debated, some of the factors believed to contribute to the Great Depression in the United States were the mass stock speculation that occurred during the 1920s; a general imbalance of purchasing power and wealth in that a large percentage of the population was poor while a small percentage was very wealthy; the laissez-faire economic philosophy adhered to by Presidents Warren Harding (1920–1923), Calvin Coolidge (1923–1928), and Herbert Hoover (1929–1933); and the

4

chapter 1

overview of the legislation

catastrophic crash of stock prices on the New York Stock Exchange (NYSE) in 1929. On October 29, 1929, known as “Black Tuesday,” the U.S. stock market crashed, and the value of stock steeply plummeted. Black Tuesday was one of the worst trading days in the history of the stock market. Stock prices collapsed and most of the financial gains of the previous year were wiped out within the first few hours of the market’s opening. Since most Americans viewed the stock market as the chief indicator of the health of the economy, the 1929 crash destroyed public confidence in both the stock market and in the U.S. economy. Stock value continued to fall for approximately three years, until late 1932. By that time, stocks had lost 80 percent of their value from 1929. Individual investors suffered devastating losses; overnight, large fortunes simply melted away with the decline in stock value. Many banks and other financial institutions, particularly those holding a large portion of stocks in their portfolios, also suffered severe losses in assets and by 1933, 11,000 of the 25,000 banks in the United States had failed. By 1932, the U.S. manufacturing output had declined to only 54 percent of its 1929 level, and unemployment had increased to between 12 and 15 million workers, approximately 25–30 percent of the labor force. Truth in Securities Law In part, the 1929 crash was blamed on wildly inflated stock prices, poor monetary policies imposed by the Federal Reserves Board, fraud, concealed or misleading financial information, the rampant buying of stock on margin, and inadequate controls on trading in the U.S. market. In 1932, the newly elected President Franklin D. Roosevelt and Congress sought to regulate the market by imposing controls on trading and requiring organizations that were offering securities for public sale to provide financial and other significant information about the securities being offered. Two significant pieces of legislation were passed, one in 1933 and the second in 1934. The Securities Act of 1933, which is frequently referred to as the “truth in securities” law, has two basic aims, to: • Assure that investors are fully informed about the financial aspects of securities being offered for sale • Prohibit deceit, misrepresentations, and other fraud in securities transactions

what is the sarbanes-oxley legislation about?

5

The Securities Exchange Act of 1934 created the Securities and Exchange Commission (SEC) and gave it the power to regulate many aspects of the securities industry. The act also provided the SEC with the authority to require periodic reporting of financial information by organizations that offered publicly traded securities, and gave the SEC the power to register, regulate, and oversee brokerage firms, transfer agents, and the stock exchanges. Some of the important powers these two acts gave the SEC include: • Regulate and register stock exchanges • Register all securities listed on an exchange • Regulate investment advisers and all dealers and brokers who are members of an organized exchange • Require that audited and current financial reports be filed with the SEC • Set accounting standards • Prohibit all forms of stock price manipulation, such as insider trading The availability of properly audited and current financial reports enables investors to make informed and rational choices about whether to invest in a particular company. The audited financial reports are available from the organizations selling the securities in its stockholders’ annual reports. Most are also easily accessible from the SEC, through EDGAR, the online Electronic Data Gathering, Analysis, and Retrieval system (www.sec.gov/edgar.shtml). EDGAR collects, validates, indexes, and disseminates the reports from companies that are required to file reports with the SEC. The SEC continues to protect investors today, adding stability to investors’ confidence and the markets in general. Additional controls on the market after the 1987 crash regarding program trading and the institution of market shutdown mechanisms called circuit breakers helped to smooth out some of the volatility in the market. After the 1987 crash, the U.S. stock market appeared to be well regulated and well functioning. Twenty-First Corporate and Accounting Scandals At the beginning of the twenty-first century, the U.S. market and its investors were stunned by a string of corporate and accounting scandals. For

6

chapter 1

overview of the legislation

several years, the Enron Corporation, an energy company, participated in a number of partnership transactions that lost the organization a substantial amount of money. In 2001, Enron reported that it had failed to follow generally accepted accounting practices in its financial statements for 1997 through 2001 by excluding these unprofitable transactions. In these erroneous financial statements, the organization reported large profits when, in fact, it had lost a total of $586 million during those years. Neither internal nor external controls detected the financial losses disguised as profits. The revelation of the erroneous financial reporting led to a collapse in the price of Enron stock. The price of Enron stock fell from $83 per share in December 2000 to less than $1 per share in December 2001. However, some of Enron’s managers made millions of dollars by selling their company stock before its price plummeted. Other investors experienced substantial losses, including Enron employees who had invested a large portion of their retirement portfolios in Enron stock. Role of Arthur Andersen LLP The CPA firm of Arthur Andersen LLP, which had been one of the largest accounting firms in the world, served as Enron’s auditor throughout the years of erroneous statements. The firm allegedly “overlooked” Enron’s questionable accounting practices since it was making a large amount of money for providing Enron with consulting services and did not want to lose the consulting business. The firm was indicted by the U.S. Department of Justice, and in 2002, Arthur Andersen LLP was convicted of obstructing justice for shredding Enron-related documents requested by the SEC. The WorldCom Debacle In 2002, WorldCom, Inc., a prominent telecommunications company, admitted that it had failed to report more than $7 billion in expenses over five quarterly periods. Its financial statements indicated that WorldCom had been profitable over those quarters, when the company had actually lost $1.2 billion. WorldCom’s market worth plunged from $200 billion to only $10 billion in July. In July 2002, WorldCom filed for Chapter 11 bankruptcy, causing concerns among its investors, creditors, and telecommunication customers. Enron and WorldCom were not the only companies that had questionable financial statements. Other corporate and accounting scandals included Tyco, Adelphia Communications, Xerox, and Global Crossing. These

what is the sarbanes-oxley legislation about?

7

scandals understandably shook the public’s confidence in the capital markets and in the integrity of corporate financial statements. In response to the lack of public confidence and the downward plummet in the stock market, the 107th Congress passed the Public Company Accounting Reform and Investor Protection Act, which was signed into law by President George W. Bush on July 30, 2002. Importance of SOX Many would agree that SOX is the single most important piece of legislation affecting corporate governance, financial disclosure, and public accounting since the passage of the Securities Act of 1933 and the Securities Exchange Act of 1934. SOX contains sweeping reforms for issuers of publicly traded securities, auditors, corporate board members, and lawyers. It adopts new provisions intended to deter and punish corporate and accounting fraud and corruption, and provides stiff penalties for noncompliance. In essence, SOX seeks to protect the interest of shareholders and employees by improving the overall quality of financial reporting, independent audits, corporate accountability, and accounting services for public companies. As can be seen in Exhibit 1.1, SOX consists of 11 titles, with each title having multiple sections. Title I Title I of SOX created a Public Company Accounting Oversight Board (PCAOB) that has extensive authority to regulate the auditors and audits of publicly held companies. The PCAOB is a nonprofit organization with strong ties to the SEC. Partial funding for the PCAOB comes from the SEC, the SEC has the power to appoint the PCAOB’s chairperson and members, and the SEC must approve all rules and standards established by the PCAOB. Only accounting firms that have been accepted for registration with the PCAOB will be allowed to prepare or audit reports for companies registered with the SEC. Approval for registration with the PCAOB is based on a detailed application that requires the accounting firm to provide information regarding its audit clients, internal quality control policies and procedures, accounting personnel, licensure, and financial standing. In addition, approved firms must agree to undergo periodic inspections and

8

chapter 1

Exhibit 1.1

overview of the legislation

sox listing of titles and sections

Title

Section

I.

Public Company Accounting Oversight Board

101: Establishment, administrative provision 102: Registration with the Board 103: Auditing, quality control, and independence standards and rules 104: Inspections of registered public accounting firms 105: Investigations and disciplinary proceedings 106: Foreign public accounting firms 107: Commission oversight of the Board 108: Accounting standards 109: Funding

II.

Auditor Independence

201: Services outside the scope of practice of auditors 202: Pre-approval requirements 203: Audit partner rotation 204: Auditor reports to audit committees 205: Conforming amendments 206: Conflicts of interest 207: Study of mandatory rotation of registered public accounting firms 208: Commission authority 209: Considerations by appropriate State regulatory authorities

Best Practices for nonprofits come from this section

III.

Corporate Responsibility Best Practices for nonprofits come from this section

IV.

Enhanced Financial Disclosures Best Practices for nonprofits come from this section

301: Public company audit committees 302: Corporate responsibility for financial reports 303: Improper influence on conduct of audits 304: Forfeiture of certain bonuses and profits 305: Officer and director bars and penalties 306: Insider trades during pension fund blackout periods 307: Rules of professional responsibility for attorneys 308: Fair funds for investors 401: Disclosures in periodic reports 402: Enhanced conflict of interest provisions 403: Disclosure of transactions involving management and principal stockholders

what is the sarbanes-oxley legislation about?

Title

9

Section 404: Management assessment of internal controls 405: Exemption 406: Code of ethics for senior financial officers 407: Disclosure of audit committee financial expert 408: Enhanced review of periodic disclosures by issuers 409: Real-time issuer disclosures

V.

Analyst Conflicts of Interest

501: Treatment of security analysts by registered securities associations and national security exchanges

VI.

Commission Resources and Authority

601: Authorization of appropriations 602: Appearance and practice before the Commission 603: Federal court authority to impose penny stock bars 604: Qualifications of associated persons of brokers and dealers

VII. Studies and Reports

701: GAO study and report regarding consolidation of public accounting firms 702: Commission study and report regarding credit rating agencies 703: Study and report on violators and violations 704: Study of enforcement actions 705: Study of investment banks

VIII. Corporate and Criminal Fraud Accountability Document preservation Whistleblower protection

801: Short title 802: Criminal penalties for altering documents 803: Debts nondischargeable if incurred in violation of securities fraud laws 804: Statue of limitations for securities fraud 805: Review of Federal sentencing guidelines for obstruction of justice and extensive criminal fraud 806: Protection for employees of publicly traded companies who provide evidence of fraud 807: Criminal penalties for defrauding shareholders of publicly traded companies

Best Practices for nonprofits come from this section AND Sections 802 and 806 (Document preservation and Whistleblower protection) are legal requirements for ALL organizations, including nonprofits

(continues)

10

chapter 1

Exhibit 1.1

overview of the legislation

sox listing of titles and sections (continued)

Title IX.

Section White Collar Crime Penalty Best Practices for nonprofits come from this section

901: Short title 902: Attempts and conspiracies to commit criminal fraud offenses 903: Criminal penalties for mail and wire fraud 904: Criminal penalties for violations of the Employee Retirement Income Security Act of 1974 905: Amendment to sentencing guidelines relating to certain white-collar offenses 906: Corporate responsibility for financial reports

X.

Corporate Tax Returns

1001: Sense of the Senate regarding the signing of corporate tax returns by chief executive officers

XI.

Corporate Fraud and Accountability

1101: Short title 1102: Tampering with a record or otherwise impeding an official proceeding 1103: Temporary freeze authority for the Securities and Exchange Commission 1104: Amendment to the Federal Sentencing Guidelines 1105: Authority of the Commission to prohibit persons from serving as officers or directors 1106: Increased criminal penalties under Securities Exchange Act of 1934 1107: Retaliation against informants

Best Practices for nonprofits come from this section, AND Section 1107 (Retaliation against informants) is a legal requirement for ALL organizations, including nonprofits!

provide annual reports to the PCAOB. Additional funding for the PCAOB will come from fees paid by the registered accounting firms. The PCAOB has the authority to establish standards and rules regarding the content of audits, the accounting firm’s internal quality control policies and procedures, and the length of time that documents related to an audit must be retained. While the PCAOB does not have the direct power to set accounting standards, a separate accounting standards organization will develop the standards that the PCAOB will use.

what is the sarbanes-oxley legislation about?

11

Nonprofits currently don’t have a government-sponsored watchdog like the PCAOB, and the PCAOB currently has no authority over nonprofit organizations. The word currently is an important word in the previous sentence. Public and governmental policymakers have a growing concern about the performance and integrity. As discussed earlier, some states are already discussing SOX-like legislation that would cover nonprofits. The nonprofit industry just may end up with a watchdog similar to the PCAOB. Title II Title II of SOX details the rules to establish independence of the auditor from the company being audited. It defines which additional services the auditing firm may and may not provide, defines and prohibits conflicts of interest between auditors and the audited company, requires that the audited firm rotate its auditors on a regular basis, and requires the auditing committee of the audited company to be responsible for the oversight of its auditors. We discuss how this title can be used to help a nonprofit develop a SOX-like operating standard in Chapter 2. Titles III and IV Titles III and IV of SOX detail the responsibilities and roles the audited company plays in regard to the audit and reports. For example, the principal executive and financial officers of the company are directly responsible for certifying that the information in the annual or quarterly reports required by the SEC Act of 1934 is accurate, complete, and fairly presented. In addition, there are rules regarding insider trading, and the professional responsibility for attorneys to report violations of securities law or breech of fiduciary duty. The titles also outline the disclosure requirements of relevant financial information, such as off-balance-sheet arrangements and relationships. How these titles can be used to help a nonprofit develop a SOX-like operating standard is the topic of Chapters 2, 3, and 4. Titles V, VI, and VII Titles V, VI, and VII primarily provide details regarding security analysts, appropriations, and various studies and reports performed by the GAO and others. While these titles are important in terms of establishing and

12

chapter 1

overview of the legislation

implementing SOX, they are not directly relevant to the “best practices” that can be gleaned from the legislation. These titles will thus not be discussed in any detail. Titles VIII, IX, X, and XI Titles VIII, IX, X, and XI outline the penalties for securities fraud, document destruction or alteration; create whistleblower protection for employee informants; and establish corporate responsibility for financial reports. Title IX provides that each periodic report containing financial statements filed with the SEC must be accompanied by a written statement by the issuer’s CEO and CFO certifying that the report fully complies with the 1934 Act and that information contained in the periodic report “fairly presents, in all material respects, the financial condition and results of operations of the issuer.” How these titles can be used to help a nonprofit develop a SOX-like operating standard is presented in Chapters 3, 4, and 5.

Relevance of SOX to Nonprofits Currently, only a few of the provisions in SOX directly apply to nonprofit organizations. Nonprofits are required to adhere to Title III, Section 806, and Title XI, Section 1107, which provide protection to employees who report suspected fraud or other illegal activities. In addition, Title VIII, Section 802, and Title XI, Section 1102, which address the destruction or falsification of records or documents, apply to nonprofits. The nonprofit sector has recently experienced its own recent scandals of perceived wrongdoing and fiscal mismanagement. For example, the United Way and the American Red Cross have received substantial unfavorable media coverage of their apparent failures in accountability and adherence to mission. Incidents such as these have cast the nonprofit sector in an unfavorable light, and have damaged the public’s trust in the integrity and the public benefit of nonprofits. While it is true that the majority of the SOX provisions currently only apply to publicly traded corporations and not to nonprofit organizations, nonprofits could benefit operationally from adopting some of the SOX rules as “best practices.” In addition, voluntarily adhering to the SOX “gold standards” would create greater credibility and ability to recruit high-quality board members, as well as attracting the favorable attention of major donors, foundations, and other funding sources.

current legislative environment for nonprofits

13

If the nonprofit sector wants to obtain its current level of relative selfregulation, nonprofit leaders need to make a visible effort to improve organizational governance and accountability. If this does not occur, nonprofits may come under additional unwanted regulation by the government. Some state attorneys general have already suggested that additional provisions of SOX should be applied to nonprofits. The nonprofit sector needs to show the government and the public that it can effectively regulate nonprofit governance to avoid the imposition of external regulation. In the remaining chapters of this book, we focus on the provisions of SOX that directly apply to nonprofit organizations, and those provisions that could serve as “best practices” for the nonprofit sector.

Current Legislative Environment for Nonprofits U.S. Senate Finance Committee Hearings on Nonprofit Accountability, June 2004 Although the features of the SOX legislation may on the surface appear to have more impact on the private sector, the public sector (i.e., government) push for greater accountability includes the independent sector (i.e., the nonprofit world) as well. This section discusses the recent United States Senate Finance Committee June 22, 2004 hearings on Charitable Giving Problems and Best Practices, along with the highlights of recent California “Sarbanes-Oxley clone” legislation (SB1262) signed into law on September 29, 2004. The common theme of the testimony of witnesses, the Congressional staff papers, and the California “Nonprofit Integrity Act” (SB1262) is that nonprofit organizations have, through fiscal and governance abuses, diminished public trust. Public outrage fueled these Congressional hearings on nonprofit abuses. Further reports of financial and governance mismanagement appear on an almost daily basis—sometimes even in the “Food” section of the newspaper.1 Internal Revenue Service Commissioner’s Testimony As part of the Senate Finance Committee’s June 2004 hearings on nonprofit accountability, Mark W. Everson, the commissioner of the IRS, provided some very sobering testimony on that agency’s plans for oversight and enforcement of the nonprofit sector. The following excerpts of Mr. Everson’s

14

chapter 1

overview of the legislation

testimony should leave no doubt about the IRS’ short-term agenda for bringing about nonprofit accountability. We can be proud of the vast majority of exempt organizations that are fully and effectively carrying out their important missions. I must emphasize that my remarks, which by necessity will focus on problems we have observed, should not be interpreted as an indictment of the tax-exempt sector. The vast majority of tax-exempt entities carry out their valuable role in full compliance with the letter and spirit of the laws. As you know, the Administration strongly supports efforts to encourage and support donations to our Nation’s charities. The Administration’s FY 2005 Budget includes a number of tax relief proposals designed to stimulate charitable giving. However, I share your concern that some entities are using their status to achieve ends that Congress clearly did not intend when it conferred the privilege of tax-exemption. Before I begin, let me give you a few statistics on the population I am here to discuss. When the subject of tax-exempt organizations arises, we commonly think of charities. This is understandable, given the prominent and valuable role of charitable organizations. But the tax-exempt sector is far broader. The approximately 3,000,000 tax-exempt entities include almost 1,000,000 section 501(c)(3) charities and almost 1,000,000 employee plans . . . This sector is a vital part of our nation’s economy that employs about one in every four workers in the U.S. In addition, nearly one-fifth of the total U.S. securities market is held by employee plans alone. As I will discuss, there are abuses of charities that principally rely on the tax advantages conferred by the deductibility of contributions to those organizations. If these abuses are left unchecked, I believe there is the risk that Americans not only will lose faith in and reduce support for charitable organizations, but that the integrity of our tax system also will be compromised. I am committed to combating abuse in this area. We recently released our IRS Strategic Plan for 2005-2009. Along with improving service and modernizing our computer systems, one of our strategic goals is to enhance enforcement of the tax law . . . Historically, IRS functions regulating tax-exempt entities have not been well funded due to the lack of revenue they generated. This view is misdirected in light of the size and importance of the sector. With staffing in this area flat at best and with the number of charities increasing annually, our audit coverage has fallen to historically low levels, compromising our ability to maintain an effective enforcement presence in the exempt organizations community. One of our four specific objectives is to deter abuse within tax-exempt and governmental entities,

current legislative environment for nonprofits

15

and misuse of these entities by third parties for tax avoidance or other unintended purposes . . . The Administration’s FY 2005 Budget contains a number of legislative proposals, originally announced by the Treasury Department in March 2002 to combat abusive transactions. These proposals include statutory changes that would create better, coordinated disclosure of abusive transactions . . . although the Administration is committed to encouraging gifts to charity, it also wants to ensure that taxpayers are accurately valuing property they donate to charity . . . [Governance] In recent years there have been a number of very prominent and damaging scandals involving corporate governance of publicly traded organizations. The Sarbanes-Oxley Act has addressed major concerns about the interrelationships between a corporation, its executives, its accountants and auditors, and its legal counsel. Although Sarbanes-Oxley was not enacted to address issues in tax-exempt organizations, these entities have not been immune from leadership failures. We need go no further than our daily newspapers to learn that some charities and private foundations have their own governance problems. Specifically, we have seen business contracts with related parties, unreasonably high executive compensation, and loans to executives. We at the IRS also have seen an apparent increase in the use of tax-exempt organizations as parties to abusive transactions. All these reflect potential issues of ethics, internal oversight, and conflicts of interest . . . [Using credit counseling nonprofits as an example] We are focusing our audit resources on those organizations with the highest risk of noncompliance with tax law. We have selected 50 tax-exempt credit counseling organizations for examination; the majority of these examinations are currently underway. The balance will be assigned to agents by the end of this fiscal year. To date, we have initiated and will be pursuing the use of proposed revocations of exemption of credit counseling organizations in appropriate circumstances. We also plan to seek injunctions and penalties against both individuals and companies for promoting fraudulent tax schemes. [Regarding Excessive Executive Compensation] [We] will use all tools available to ensure that these organizations act lawfully, including revoking tax-exempt status where warranted. Compensation Issues: The issues of governance and executive compensation are closely intertwined. We are concerned that the governing boards of tax-exempt organizations are not, in all cases, exercising sufficient diligence as they set compensation for the leadership of the organizations. There have been numerous recent reports of executives of both private foundations and public charities who are receiving

16

chapter 1

overview of the legislation

unreasonably large compensation packages. Neither a public charity nor a private foundation can provide more than reasonable compensation . . . In general, reasonable compensation is measured with reference to the amount that would ordinarily be paid for comparable services by comparable enterprises under comparable circumstances . . . Section 501(c)(3) provides that the assets of an organization cannot inure to the benefit of private shareholders or individuals. If an organization pays or distributes assets to insiders in excess of the fair market value of the services rendered, the organization can lose its tax exempt status . . . This summer (2004), we are launching a comprehensive enforcement project to explore the seemingly high compensation paid to individuals associated with some exempt organizations. This is an aggressive program that will include both traditional examinations and correspondence compliance checks . . . These organizations need to know that their decisions will be reviewed by regulatory authorities . . . Organizations also will be asked for details concerning the independence of the governing body that approved the compensation and details of the duties and responsibilities of these managers with respect to the organization. Other stages will follow, and will include looking at various kinds of insider transactions, such as loans or sales to executives and officers. [Form 990] We also will be looking at organizations that failed to, or did not fully complete, compensation information on Form 990. This information will help inform the IRS about current practices of self-governance, both best practices and compliance gaps, and will help us focus our examination program to address specific problem areas. [Coordination with Other Federal Agencies] We work with other federal agencies in a number of areas. For example, we continue to engage in information sharing with the FTC to learn more about the credit counseling industry . . . We expect to continue this mutually beneficial relationship and find other ways to leverage our scarce resources. [Enhancing Governance—The Need for More Outreach] As I discussed above, stronger governance procedures are needed for exempt organizations. The sanctions for serious lapses in governance are clear. There is the possibility of revocation of exemption, along with the various excise taxes against individuals that I mentioned before. But sanctions are a last resort . . . organizations without effective governance controls are more likely to have compliance problems . . . [The IRS will] require disclosure of whether the organization has a conflict of interest policy or an independent audit committee, and whether additional disclosure should be required concerning certain financial transactions or insider relationships . . . Our Form 990 revi-

current legislative environment for nonprofits

17

sion team is working on a comprehensive overhaul of the form to provide better compliance information about these organizations to the IRS, the states, and the public . . . [Vehicle Donations] For a taxpayer, donating a car to a charity has definite appeal. One can help a charitable cause, dispose of the car, and take advantage of tax provisions that are designed to support the generosity of Americans. Deductions are limited to the fair market value of the property. In its recent study, the GAO estimated that about 4,300 charities have vehicle donation programs. In its review of returns for tax year 2000, the GAO estimated that about 733,000 taxpayers claimed deductions for donated vehicles they valued at $500 or more. Highly troubling is GAO’s analysis of 54 specific donations, where it appears that the charity actually received less than 10% of the value claimed on the donor’s return in more than half the cases, and actually lost money on some vehicles . . . we cannot ignore the clear implications of the study . . . We are educating donors and charities on what constitutes a well-run donation program . . . We will be partnering with the states to distribute the brochures to the fundraising community, as the states regulate fundraising activity.2

Staff Discussion Paper—Senate Finance Committee Subsequent to the hearings and testimony, a staff discussion paper was released with recommendations for closer regulation of nonprofits. Currently, these are simply a series of recommendations by Congressional staff, but the tone and reach of the recommendations should be taken seriously by every nonprofit regardless of size. The preface to the document instructs the reader that, “The document reflects proposals for reforms and best practices in the area of tax-exempt organizations based on staff investigations and research as well as proposals from practitioners, officers and directors of charities, academia and other interested parties. This document is a work in progress and is meant to encourage and foster additional comments and suggestions as the Finance Committee continues to consider possible legislation.” (Senate Finance Committee Staff Discussion Draft, p. 1, 2004.) Some of the proposals in this document include:

Five-year review of tax-exempt status by the IRS. The staff discussion draft recommends that: On every fifth anniversary of the IRS’ determination of the taxexempt status of an organization that is required to apply for such status,

18

chapter 1

overview of the legislation

the organization would be required to file with the IRS such information as would enable the IRS to determine whether the organization continues to be organized and operated exclusively for an exempt purposes (i.e., whether the original determination letter should remain in effect). Information to be filed would include current articles of incorporation and by-laws, conflicts of interest policies, evidence of accreditation, management policies regarding best practices, a detailed narrative about the organization’s practices, and financial statements. What would this mean for nonprofits? This recommendation would require nonprofits to submit documentation every five years that proves to the IRS that the organization continues to comply with its 501(c )(3) designation. The list of documents specified here are particularly enlightening about the intent of this proposal: • Current articles of incorporation and by-laws. The nonprofit would need to be clear about how its operations and governance continues to be in harmony with its founding documents. • Conflicts of interest policies. The nonprofit would have to provide evidence of a conflict of interest policy and, most likely, proof that board members and senior management have completed annual affidavits identifying real or potential conflicts of interest. • Evidence of accreditation. This document would be based on another recommendation, which is that nonprofits be required to obtain specific accreditation. (This recommendation is discussed later in this section.) • Management policies regarding best practices. The nonprofit would be required to develop and submit written policies that demonstrate that the organization is implementing best practices in management and governance. • A detailed narrative about the organization’s practices. This document would require the nonprofit to provide a detailed explanation about what the organization does, and why it is necessary/desirable in the community. • Financial statements. These financial statements would be supplemental to the Form 990 that is required on an annual basis.

current legislative environment for nonprofits

Form 990s—Proposals for Reform mends that:

19

The staff discussion draft recom-

Improve quality and scope of form 990 and financial statements. In a report to the Finance Committee, the General Accounting Office found significant problems in the accuracy and completeness of Form 990. Other studies, included by the General Accounting Office, have highlighted that there are no common standards for filing Form 990 and thus similarly situated charities can have very different Form 990s. Because of the significant role played by Form 990 in public and governmental oversight of tax-exempt organizations, some reforms are necessary to ensure accurate, complete, timely, consistent, and informative reporting by exempt organizations. What does this mean for nonprofits? The IRS recognizes that there are no common standards for completion of Form 990. The reform proposal seeks to identify reforms that will introduce a standardized way to submit Form 990s. Form 990s would require signature by CEO. Require that the CEO (or equivalent officer) of a tax-exempt organization sign a declaration under penalties of perjury that the CEO has put in place processes and procedures to ensure that the organization’s Federal information return and tax return (including Form 990T) complies with the Internal Revenue Code and that the CEO was provided reasonable assurance of the accuracy and completeness of all material aspects of the return. This declaration would be part of the information or tax return. What does this mean for nonprofits? This proposal would require a nonprofit CEO to sign an affidavit that under penalties of perjury . . . that the organization’s Form 990 complies with the Internal Revenue Code and that the CEO is providing assurance of the accuracy and completeness of all material aspects of the return. (The financials accurately reflect the financial position of the nonprofit.) This affidavit would be part of the information or tax return. Based on recent events in the nonprofit world, if this proposal was law, there would be some very high-profile nonprofit executives going to jail. The recommendation here is clearly that nonprofit executives and board

20

chapter 1

overview of the legislation

members should be held to the same criminal liability standards as those of their private sector counterparts. Penalties for failure to file a complete and accurate Form 990. The present law penalty for failure to file or to include required information is $20/day up to the lesser of $10,000 or 5 percent of gross receipts per return (increased to $100/day up to $50,000 per return for organizations with gross receipts over $1 million in a year). Under the proposal, the penalty for failure to file would be doubled, and for organizations with gross receipts over $2 million per year, the present law penalty would be tripled. Failure to file a required Form 990 for two consecutive years (or for three of four years) could result in loss of tax exemption, or other penalties such as loss of status as an organization to which deductible contributions may be made. What does this mean for nonprofits? There will be severe penalties for failing to file a Form 990. The proposals recommend loss of tax exemption, or loss of status as an organization to which deductible contributions may be made. For a nonprofit, this means the organization can no longer tell donors that their contributions are tax exempt. In other words, the “nonprofit” is out of business. Required disclosure of performance goals, activities, and expenses in Form 990 and in financial statements. Charitable organizations with over $250,000 in gross receipts would be required to include in Form 990 a detailed description of the organization’s annual performance goals and measurements for meeting those goals (to be established by the board of directors) for the past year and goals for the coming year. The purpose of this requirement would be to assist donors to better determine an organization’s accomplishments and goals in deciding whether to donate, and not as a point of review by the IRS. Charitable organizations would be required to disclose material changes in activities, operations, or structure. Charitable organizations would be required to accurately report the charity’s expenses, including any joint cost allocations, in its financial statements and Form 990. Exempt organizations would be required to report how often the board of directors met and how often the board met, without the CEO (or equivalent) present.

current legislative environment for nonprofits

21

What does this mean for nonprofits? Transparency is the predominant theme of these recommendations. The Congressional staff may have been spurred on by the volume of public complaints about nonprofit organizations that, for every donor dollar, contribute very little to programs. In recent years, the media has conducted many investigations of bogus charities, and certainly, some charities that are “household names” have abused donor trust by misdirecting donations to exorbitant salaries, expenses, and other abuses. Note that these disclosures are required to be presented on Form 990. The accuracy of these disclosures could carry criminal liability if the other proposal on CEO signatures is enacted into law. Nonprofits Would Be Required to Make Certain Documents Publicly Available Public oversight is critical to ensuring that an exempt organization continues to operate in accordance with its tax-exempt status. For charitable organizations, public oversight provides donors with vital information for determining which organizations have the programs and practices that will ensure that contributions will be spent as intended. Oversight is facilitated under present law by mandated public disclosure of information returns and applications for tax-exempt status, but more can be done.

Disclosure of financial statements. Exempt organizations would be required to disclose to the public the organization’s financial statements. Web site disclosure. Exempt organizations with a Web site would be required to post on such site any return that is required to be made public by present law, the organization’s application for tax exemption, the organization’s determination letter from the IRS, and the organization’s financial statements for the five most recent years. What does this mean for nonprofits? Although the text recognizes that there are current public oversight opportunities, the authors comment that the nonprofit world could be doing more to provide transparency. The recommendations are, again, aimed at ensuring that the public has access to information that would be vital to their making a decision to make a donation. Of particular note is the recommendation that the nonprofit’s Web site be employed to present those documents currently required (Form 990), and: • The organization’s application for tax exemption

22

chapter 1

overview of the legislation

• The organization’s determination letter from the IRS • The organization’s financial statements from the five most recent years Proposals Regarding Nonprofit Boards

Board Duties The duties of a board that are described in this document would also be the duties of a trustee for a charitable trust. A charitable organization shall be managed by its board of directors or trustees (in the case of a charitable trust). In performing duties, a board member has to perform his or her duties in good faith; with the care an ordinarily prudent person in a like position would exercise under similar circumstances; and in a manner the director reasonably believes to be in the best interests of the mission, goals, and purposes of the organization. An individual who has special skills or expertise has a duty to use such skills or expertise. Federal liability for breach of these duties would be established. Any compensation consultant to the charity must be hired by and report to the board, and must be independent. Compensation for all management positions must be approved annually and in advance unless there is no change in compensation other than an inflation adjustment. Compensation arrangements must be explained and justified and publicly disclosed (with such explanation) in a manner that can be understood by an individual with a basic business background. The board must establish basic organizational and management policies and procedures of organization and review any proposed deviations. The board must establish, review, and approve program objectives and performance measures, and review and approve significant transactions. The board must review and approve the auditing and accounting principles and practices used in preparing the organization’s financial statements, and must retain and replace the organization’s independent auditor. An independent auditor must be hired by the board, and each such auditor may be retained only five years. The board must review and approve the organization’s budget and financial objectives as well as significant investments, joint ventures, and business transactions. The board must oversee the conduct of the corporation’s business and evaluate whether the business is being properly managed. The board must establish a conflicts-of-interest policy (which would be required to be disclosed with Form 990), and require a summary of conflicts determinations made during the 990 reporting year. The board must

current legislative environment for nonprofits

23

establish and oversee a compliance program to address regulatory and liability concerns. The board must establish procedures to address complaints and prevent retaliation against whistleblowers. All of these requirements must be confirmed on Form 990. Relaxation of certain of these rules might be appropriate for smaller tax-exempt organizations. Board Composition The board shall be comprised of no less than 3 members and no greater than 15. What does this mean for the nonprofits? The proposals for reform indicate that the traditional legal standards of care, loyalty, and obedience could be incorporated into a law governing board member behavior. The proposal clearly indicates that the board is regarded as the final authority in the management of the nonprofit organization, and as such, will be held accountable for the implementation of such policies as a Conflict of Interest policy and a Whistleblower Protection policy. Board size appears to be capped at 15, but the authors did not present clear reasons for this limitation. The entire board could now be held directly accountable for the executive director’s (ED) compensation package. Many nonprofit boards do not have access to the compensation package of the ED, as this has come under the exclusive purview of the board’s executive committee. Proposals for Government Encouragement of Best Practices

Accreditation There would be an authorization of $10 million to the IRS to support accreditation of charities nationwide, in states, as well as accreditation of charities of particular classes (e.g., private foundations, land conservation groups, etc.). The IRS would have the authority to contract with tax-exempt organizations that would create and manage an accreditation program to establish best practices and give accreditation to members that meet best practices and review organizations on an ongoing basis for compliance. The IRS would have the authority to base charitable status or authority of a charity to accept charitable donations on whether an organization is accredited. What does this mean for nonprofits? This proposal seeks to empower the IRS with the authority to require accreditation of nonprofits as a requisite to accepting charitable donations. The authors are seeking to empower

24

chapter 1

overview of the legislation

the IRS to add another layer of compliance to the Form 990 proposals and five-year reauthorization of nonprofits. The staff discussion draft recommends the following oversight provisions: • Establish Exempt Organization Hotline for reporting abuses by charities and complaints by donors and beneficiaries. • Information sharing with State Attorneys General, the Federal Trade Commission (FTC), and the U.S. Postal Service for enforcement purposes, including referrals by the IRS and an annual report to Congress by the General Accounting Office of the results of such referrals. The staff discussion draft recommends that: This proposal would establish a hotline for anyone anywhere to file complaints about nonprofits and/or report abuses. Whether this is an anonymous hotline remains to be seen, but the authors appear to want to collect this information at a national level. How the complaints and claims would be investigated and by what agency remains to be seen. California’s “Nonprofit Integrity Act” (SB1262) Provisions That Apply to Nonprofits with Budgets in Excess of $2 Million: The state of California passed a “Nonprofit Integrity Act” that imposes many of the features of SOX on nonprofits with budgets in excess of $2 million operating in that state. Some of the key provisions of this law include:

• Nonprofits will be required to have an annual audit performed by a CPA who is “independent” as defined by U.S. Government auditing standards. • The results of the audit will need to be made available to the public and the Attorney General. • Nonprofits will be required to have an audit committee whose membership cannot include staff and must not overlap more than 50 percent with the finance committee; the audit committee can include members who are not on the organization’s board of directors. What does this mean for nonprofits in California? To ensure greater accountability in executive compensation, the law requires that the board ap-

conclusion

25

prove the compensation, including benefits, of the corporation’s president or CEO, and its treasurer or CFO, for the purposes of assuring that these executives’ compensation packages are reasonable. What does this mean for nonprofits in California? Requires disclosure of written contracts between commercial fundraisers and nonprofits and available for review on demand from the Attorney General’s office. Fundraisers must be registered with the Attorney General’s office. The following points in the law apply to all nonprofits, regardless of size, in California: • Make their audits available to the public on the same basis as their IRS Form 990 if they prepare financial statements that are audited by a CPA. • Except for emergencies, notice of a solicitation campaign by a “commercial fundraiser for charitable purposes” must be filed at least 10 days before the commencement of the solicitation campaign, events, or other services. Each contract must be signed by an official of the nonprofit, and include the contract provisions specified in the law. • Regarding fundraising activities, the law states that a nonprofit must not misrepresent or mislead anyone about its purpose, or the nature, purpose, or beneficiary of a solicitation. Further, the law specifies that there be specific disclosures in any solicitation that the funds raised will be used for the charitable purpose as expressed in articles of incorporation or other governing documents. The nonprofit is expected to ensure that fundraising activities are adequately supervised to ensure that contracts and agreements are in order and that fundraising is conducted without intimidation or undue influence. What does this mean for nonprofits in California? Nonprofits in California, regardless of their size, need to review their fundraising practices, particularly if some or all of their fundraising is outsourced to commercial fundraising firms. Nonprofits will be liable for abuses by vendors of fundraising services. As a practical matter, boards should insist that due diligence activities be conducted before contracting with any vendor, particularly those providing fundraising services. The California law, however, places strict parameters around third-party fundraising.

26

chapter 1

overview of the legislation

Conclusion The legislative environment is emphasizing greater accountability for both the private and independent (nonprofit) sectors of the economy. As was seen in the California law, the best practices that emerged from the federal legislation are now being applied to nonprofits. Although California is one of the first states to enact such a law, other states such as New York are considering similar laws. In each of the chapters in this book, we focus on the provisions of SOX that directly apply to nonprofit organizations, and those provisions that could serve as “best practices” for the nonprofit sector.

Endnotes 1. “Financial irregularities prompt shakeups at Beard Foundation,” San Francisco Chronicle (September 15, 2004). 2. Mark W. Everson, testimony before the U.S. Senate Finance Committee, Washington, DC, June 2004.

Chapter

2

Safeguarding Your Nonprofit’s Financial Resources and Assets: Establishing Auditor Independence and Audit Committee Competence

Barbara and Phil, two board members of a small nonprofit, were discussing the latest disaster to hit the organization. After filing Form 990, the tax return most nonprofits prepare for the IRS, the nonprofit was notified by the IRS that it had several serious questions about some of the items reported on the form. If the nonprofit could not satisfactorily respond to these questions, it was at risk of losing its tax exemption status. “I don’t understand how this could have happened,” exclaimed Phil. “Our ED always prepares the statements and then they are audited. We’ve always received good reports from our auditor; why weren’t these problems found in the audit?” Barbara shook her head. “I don’t understand it either. We’ve used the same auditor for the last 15 years and he works very closely with the ED on all of our financial statements. If I recall correctly, the auditor was one of our senior staff members before he left to join the accounting firm. When the ED hired him as our auditor, we all thought it was a great idea to work with someone who already had a good relationship with the ED 27

28

chapter 2

safeguarding your nonprofit’s assets

and knew the workings of our organization. We do a lot of work with this auditor; just last year, he helped us design our record keeping and accounting systems and he’s been working with the ED to help conduct the internal audit of the financial statements.” “Yes,” said Phil, “this auditor has also been a big help to the finance committee. None of us is an accountant or deals with financial statements in our work, so it was a big relief to turn all of the financial statements over to the auditor and the ED. We thought it would be better to let the professionals deal with it, instead of us trying to figure out all the financial information.” “Well, said Barbara, “I’m certainly not looking forward to this emergency board meeting tonight. I’m sure it’s not going to be pretty.” Where did this nonprofit organization go wrong? Could this disaster have been avoided?

SOX Titles II and III Both Barbara and Phil are apparently unaware of their fiduciary responsibilities and their legal liability for performing those responsibilities well. The best practices that can be derived from SOX Titles II and III would help Barbara and Phil better understand and meet their responsibilities. Title II of SOX primarily concerns the requirement that the auditor be independent from the organization being audited. As discussed in Chapter 1, one of the main alleged causes of the Enron debacle was Enron’s inappropriate relationship with its auditor, the CPA firm of Arthur Andersen LLP. Allegedly, Arthur Andersen LLP was biased toward giving Enron’s financial statements a clean bill of health due to the highly profitable consulting relationship the firm had with Enron. To preserve this lucrative relation, the firm may have overlooked errors and misleading information in Enron’s financial statements. To get a critical review of the financial statements, it should be apparent that having an independent auditor is necessary. Title II also contains the legal requirements and responsibilities for the audit committee of the organization being audited. Some of the primary duties are the selection, compensation, and oversight of the auditor. The audit committee must frequently rotate auditors and ascertain that there is no conflict of interest. In addition, the audit committee must work with the principal executive and financial officers to ensure that the organization’s internal financial control systems are in place and working well.

the value of accurate financial statements

29

Although Titles II and III don’t legally apply to nonprofits, complying with them will help a nonprofit better manage its financial status, and could ultimately save the nonprofit from going “belly up”. Before Barbara and Phil can begin to apply Titles II and III, however, they need to become financially literate. In achieving financial literacy, this chapter and Chapters 3 and 10 will be helpful to them and to you, too.

The Value of Accurate Financial Statements Financial statements present information about an organization’s financial resources and liabilities at a point in time, the results of its activities during a particular period, and its flow of cash during that period. In the for-profit world, these statements focus on information that is useful in making investment and lending decisions. In the nonprofit world, they are useful for lenders, donors, funding organizations, and other stakeholders to ascertain the financial viability of the nonprofit and to judge how well, or poorly, the nonprofit is being managed. In addition, the IRS requires nonprofits to report financial information to determine if the nonprofit is eligible to keep its tax-exempt status under section 501(c)(3) in the Internal Revenue Code. Having accurate financial statements is thus in the best interest of any nonprofit! What can a nonprofit do to assure that its financial statements are accurate and in good order? Financial statements should be prepared using a set of common ground rules, which have been developed over a period of many years, and are called generally accepted accounting principles (GAAP). GAAP includes the rules and procedures that define accepted practice in the preparation of financial statements. Since the passage of the Securities Act of 1933 and the Securities Exchange Act of 1934, the SEC has had the authority to set accounting standards for publicly held companies. However, the SEC traditionally has relied on private sector bodies such as the Financial Accounting Standards Board (FASB) to make recommendations regarding accounting standards. The FASB also sets the accounting standards for nonprofit organizations. For example, FASB Standard No. 117 established the required format and content for the general-purpose external financial statements provided by a nonprofit organization. Two objectives of the standard are to increase the comparability of nonprofit financial statements with those

30

chapter 2

safeguarding your nonprofit’s assets

issued by for-profit organizations and to increase the usefulness of the statements to external users. FASB Standard No. 116 outlines the reporting requirements for contributions made to and from the nonprofit, and established three categories of contributions—unrestricted, temporarily restricted, and permanently restricted. Adhering to GAAP is one of the first steps in effective financial reporting that a nonprofit can take.

The Importance of a Good Audit Since potential lenders, donors, funding organizations, and other stakeholders use the financial statements to make decisions about a nonprofit’s financial health, it is important that the statements present an accurate representation of the nonprofit’s financial status. Otherwise, the stakeholders of the nonprofit may make poor decisions about making loans, giving contributions, or providing funding. One way of increasing the likelihood of accuracy is to have the statements audited. An audit is the examination of the financial statements by an independent public accounting firm in order to form an opinion regarding the statements’ adherence to GAAP. This type of audit is an external audit, as the individual performing the audit should not be directly connected with the organization being audited. Once the audit is complete, the auditor prepares the auditor’s report, which contains the auditor’s opinion regarding the financial statements. The auditor’s report is also known as the “Report of Independent Accountants.” What Are the Types of Opinions and What Do They Mean? The auditor’s opinion can be one of five different opinions: unqualified, unqualified with explanatory language, qualified, adverse, or disclaimer of opinion. The unqualified opinion is regarded as a clean bill of health, where the auditor makes no exceptions and does not include qualifications in the report. An unqualified opinion should only be made when the independent auditor deems that the financial statements were made in accordance with GAAP, that GAAP were applied in a consistent basis, and that the statements include all of the information necessary to make the statements accurate. If circumstances require an auditor to add clarifying language to the standard report, the opinion is not considered qualified but

the importance of a good audit

31

rather unqualified with explanatory language. Adding the additional language is not regarded as a qualification since the inclusion of explanatory language serves to advise the readers or users of the statements. Auditors add explanatory language to an unqualified opinion for the following reasons: • To emphasize a particular matter or circumstance • To justify a departure from GAAP • To highlight an uncertainty that could have a significant effect on the financial statements For example, the auditor may want to draw attention to the fact that the organization is facing significant litigation, or has a trend of losing money from operations. The auditor may include explanatory language if there is a question about the quality of the records or supporting documentation. Qualified opinions may be broadly classified into two categories—qualifications that relate to a limitation of the examination, and qualifications with respect to the exceptions in presentation in accordance with GAAP. The limitation or exception must be significant but not so material as to overshadow an overall opinion of the financial statements. The qualified reports include a separate explanatory paragraph before the opinion paragraph disclosing the reasons for the qualification. The qualified opinion should be viewed as a warning or alert to individuals using the financial statements. An adverse opinion is the opposite of an unqualified opinion; it is an opinion that the financial statements do not present fairly the financial position, results of operations, and cash flow of the company, in conformity with GAAP. An auditor should express an adverse opinion if the statements are so lacking in fairness that a qualified opinion would not be warning enough. Whenever the auditor issues an adverse opinion, he or she should disclose in a separate paragraph of the report the reasons for the adverse opinion. The paragraph should also discuss the principal effects the circumstances triggering the adverse opinion have on the interpretation of the financial statements. A disclaimer of opinion is basically the same as no opinion. This type of report results from very significant limitations in the scope of the auditors’ examination or limitations that are imposed by the client. If the auditor

32

chapter 2

safeguarding your nonprofit’s assets

cannot evaluate the fairness of the statements, he or she should issue a disclaimer of opinion.

The Board’s Responsibility Regarding the Financial Statements Although members of the management team typically prepare the financial statements, it is the board’s responsibility to review and evaluate the statements. Most boards delegate this oversight responsibility to a committee within the board. In pubic organizations, this responsibility has increasingly fallen to the audit committee whose major task is to monitor the preparation and auditing of financial statements. In nonprofit organizations, these responsibilities typically fall to the finance committee, which has a broader charge. Since preserving the integrity of the financial statements is such an important responsibility, a nonprofit organization should consider forming a separate audit committee that can focus on the organization’s financial reporting practices, work directly with the external auditor, and develop policies to enhance the organization’s internal accounting system. Establishing an Appropriate Relationship with the Auditor Prior to the accounting scandals at organizations such as Enron and WorldCom, many nonprofit board members erroneously believed that having the accounting auditors give the financial statements an unqualified opinion was all that was necessary to oversee the financial activities and safeguard assets. Now, however, many realize that putting absolute trust in the external auditor’s report is imprudent and may put the organization at financial risk. In the best-case scenario, the auditor’s opinion regarding the financial statements is only an independent opinion regarding the degree to which the financial statements fairly present the organization’s financial position for a defined accounting period. “Fairness” in this case means that the auditor found no evidence that there was any substantial inaccuracy in the financial statements and that the statements comply with GAAP. If the statements were fair, a reasonable person reading the financial statements would not draw incorrect conclusions about the financial position of the organization. Having an unqualified audit does not mean that the organization is neces-

the board’s financial statement responsibility

33

sarily in a good financial position; it only means that the financial statements fairly present the position, whatever that position may be. In the worst-case scenario, the auditor’s opinion may be biased, not objective, and not independent of the organization being audited. The auditor may have an incentive to misrepresent the fairness of the financial statements. For example, if the auditing firm performing the audit also receives substantial compensation for providing consulting, tax work, or other services to the nonprofit, the audit may be biased to reflect a more positive financial position than exists. In recent years, several accounting firms such as Price Waterhouse, Ernst & Young, and Arthur Andersen have been involved in lawsuit cases that alleged biased auditors’ reports. Biased auditor reports can also occur when a too cozy relationship exists between the management of the nonprofit and the auditor. The loyalty of the auditor may lie with the ED instead of with the board, and the auditor’s evaluation of the statements may be biased by that loyalty. Titles II and III of SOX seek to assure the independence of the auditor and the independence and competence of the members of the audit committee. In addition, SOX requires that the audit committee have at least one member who qualifies as a financial expert. Part of establishing the independence of the auditor limits the amount of non-audit services the auditor may provide and requires the mandatory rotation of the lead audit or coordinating partner every five years. SOX also prohibits any officer or director of the organization to influence, coerce, manipulate, or mislead any auditor working on the audit of a company’s financial statements for the purpose of rendering the statements materially misleading. In addition, a registered public accounting firm is not allowed to provide audit services if the company’s CEO, CFO, chief accounting officer, or any equivalent employee was employed by the auditing firm and participated in the audit of the company in the previous year. Restriction of Auditor Services As we discussed in Chapter 1, only accounting firms that have been registered by the PCAOB and adhere to its requirements are allowed to audit companies registered with the SEC. The list of consulting services that auditors may offer their public company audit clients has been drastically reduced by the PCAOB. The limitation on the types of services that are permissible strengthens auditor independence

34

chapter 2

safeguarding your nonprofit’s assets

from corporate management and helps prevent auditors from controlling a company’s entire financial reporting process by designing the internal audit system and then theoretically offering an unbiased opinion. Although these limitations currently only apply to publicly traded companies, the practice of restricting auditors solely to auditing services is a best practice that nonprofits should adopt. The following is a list of the types of services that an auditor may not provide to publicly traded companies. Nonprofits should consider the types of services that their current auditors are providing and compare them to the services on the list. The more consulting services that an auditing firm provides to a nonprofit, the greater the potential loss of objectivity. A registered public accounting firm must receive advance approval from the company’s audit committee before it can perform any audit and non-audit service. A registered public accounting firm may not provide the following accounting services for public companies simultaneously with an audit: • Bookkeeping or other services related to the accounting records or financial statements • Design or implementation of financial information systems • Appraisal or valuation services, fairness opinions, or contribution-inkind reports • Actuarial services • Internal audit outsourcing services • Management or human resources functions • Broker, dealer, investment advisor, or investment banking services • Legal services and expert services unrelated to the audit • Any other service that the PCAOB determines, by regulation, is not allowed Imposed Requirements for the Audit Committee SOX imposes the additional requirements and responsibilities on the audit committees of public companies. Again, these are currently only requirements for the private sector, but the nonprofit world can benefit from adopting these as best practices:

the board’s financial statement responsibility

35

• The audit committee must be directly responsible for the appointment, compensation, and oversight of the work of any registered public accounting firm employed by the nonprofit in regard to the audit or related work. • The accounting firm must report directly to the audit committee, not to the ED. • The audit committee must have at least one member who qualifies as a financial expert. • An audit committee member may not accept any consulting, advisory, or other compensatory fee from the nonprofit, except in his or her capacity as a board or board committee member. A public company must meet these audit committee requirements to be listed on the securities exchanges or the NASDAQ. A nonprofit should meet these audit committee requirements to enhance its oversight and management of the nonprofit’s assets. Having a well-functioning audit committee can demonstrate the nonprofit’s commitment to exercise due diligence regarding the review and evaluation of any financial information that is to be released to the organization’s stakeholders and the general public. Creating the Audit Committee in a Nonprofit Based on these new responsibilities and requirements, what should a nonprofit audit committee do? Who should serve on the audit committee? What skills and competencies should the audit committee members have? How involved should the audit committee be with the organization’s internal accounting system? While each nonprofit must answer these questions for itself, the following information provides some direction. The nonprofit audit committee should be organized as a standing committee of the board, and should only be comprised of board members, not any members of management. Of course, members of management will work and frequently meet with the audit committee, but management should not be a part of the committee itself. An audit committee should be large enough to have members who are financially literate, but not too large as to create paralysis. In addition, the audit committee should have at

36

chapter 2

safeguarding your nonprofit’s assets

least one member who qualifies as a financial expert. To qualify as a financial expert, the individual should have: • A clear understanding of GAAP and financial statements • Experience in applying GAAP in connection with preparing or auditing financial statements • Familiarity with developing and implementing internal financial controls and procedures To be considered financially literate, the audit committee members should be able to evaluate and interpret the four basic financial statements (balance sheet, statement of revenues and expenses, statement of changes in net assets, and statement of cash flows). What should a literate audit committee member know about the financial statements? Knowing the basic components of each of the statements and knowing how to analyze the statements through horizontal, vertical, and ratio analyses will give each committee member the ability to better evaluate and interpret the financial statements. This will allow the committee member to judge the competency of analyses performed by others, including the staff and management members of the organization, the auditors, and any outside financial consultants. Even though the audit committee members should be financially literate and bear the first-line responsibility for the preparation and auditing of the financial statements, the full board still has the ultimate fiduciary responsibility for the accuracy of any financial reporting. All board members should thus learn as much as they can about the financial statements and how to evaluate them. Chapter 3 provides a good overview of the various financial statements and how they can be evaluated. Role of the Audit Committee In essence, the role of the nonprofit audit committee is to oversee, monitor, and work collaboratively with management to prepare financial statements and conduct internal audits of those statements. The committee also must oversee, monitor, and work collaboratively with external auditors in conducting audits. In light of the many corporate and nonprofit financial scandals, the audit committee must perform this role in a proactive manner. The audit committee needs to safeguard the overall objectivity of the financial statements, financial reporting, and the internal controls process. To do so, the audit committee

the board’s financial statement responsibility

37

should ensure that effective internal control processes have been developed and fully implemented by management and staff. In addition, the audit committee should ascertain that all employees and managers involved in the financial reporting and internal controls process understand their roles, and that they are fulfilling those roles. The audit committee also should work closely with external auditors to identify and analyze financial reporting problems, and then use that information to make policy recommendations to management and the rest of the board. In terms of the external auditor, the audit committee should have the authority and responsibility to: • Select the external auditor, keeping in mind that SOX best practice requires that auditors be rotated at least every five years • Approve all audit engagement fees and terms • Approve significant non-audit engagements, keeping in mind that the more services an auditor provides to the nonprofit, the greater the potential loss of objectivity • Obtain information from the auditor to ascertain that the firm has the proper qualifications, has developed and implemented quality control policies, and has the staff and resources to provide the professional services that the nonprofit needs • Develop the auditor’s loyalty to the committee, while at the same time encouraging an open and collaborative relationship between the auditor and management • Review the recruitment, hiring, and staff training policies of the auditing firm • Develop an overall audit plan with the auditor, including a timetable and the scope of the examination • Meet with the external auditor to review the financial statements and the audit results • Prepare a report to the full board on the status of the financial statements, the results of the audit, and any policy recommendations the board should consider In reviewing the audit results with the external auditor, the committee’s primary concern is the level of fairness in the financial statements. Do the

38

chapter 2

safeguarding your nonprofit’s assets

statements present fairly the nonprofit’s status in conformity with GAAP? Assuming that the statements are fair and in conformity with GAAP, the committee should next try to ascertain the auditor’s opinion about the effectiveness of the nonprofit’s internal control processes and the overall accounting system. Some questions the committee might want to ask the auditor include: • Do you have any suggestions for improvements in accounting, reporting, or operating procedures? • Was the management team cooperative and forthcoming with requested information and documentation? • How do our accounting policies and procedures compare with those of other comparable nonprofits? • Are there any items that might be disputed by the IRS? If yes, what documentation should be on hand to bolster the item? • Assuming that the auditor performed the last year’s audit, did the management team follow the auditor’s suggestions in correcting weaknesses in the internal accounting system? • Is there anything regarding the financial statements or the internal accounting system that you believe should be brought to the board’s attention?

Conclusion If the nonprofit has an effective audit committee, there should be an overall improvement in financial record keeping and reporting, and management will be more diligent in developing and refining internal accounting controls. With an increased emphasis on financial reporting and evaluation, the nonprofit may become more effective in delivering its services. And isn’t that what the nonprofit is supposed to be about?

Chapter

3

Reading and Interpreting Financial Statements

“What am I supposed to do with all of these forms and financial statements?” complained Jeff, the newest member of the board. “I don’t know anything about accounting or finance, so how am I supposed to look at this information and make any sense about how well we are doing? I’m not on the audit committee and don’t want to be. Shouldn’t they be taking care of this; isn’t it their job? I don’t even know what half of these words mean—current accrued liabilities, unrestricted net assets, below the line items—it’s all Greek to me!” “I know,” said Mary. “It’s Greek to me too. I’ve been on the board for a couple of years and I still don’t understand why all of us even have to look at these materials. It seems to me that it should be up to the audit committee and the ED to review and approve these forms. Plus, I’ve heard that the IRS is now cracking down on the amount of compensation nonprofits give to members of the management team. How am I supposed to know what the right amount of salary and benefits should be? That’s not my area of expertise! I guess the best thing for you and me to do is what I’ve been doing ever since I joined the board. If the audit committee says the materials are OK, then I just go along with them. I don’t waste my time trying to figure out all of these numbers.” “I guess you’re right,” said Jeff. “That makes sense to me. To tell you the truth, I don’t even balance my own checkbook every month; I’m just not that good with numbers. As long as the audit committee approves them, what harm could there be in just following their lead?” 39

40

chapter 3

interpreting financial statements

Are Jeff and Mary right? What harm could there be in leaving the responsibility to the audit committee? Why should all of the members of the board be concerned about the finances and financial statements of their nonprofit? As discussed in Chapter 2, it is important that the audit committee has at least one financial expert as a member and that the other committee members are financially literate. In addition, since having an audit committee doesn’t relieve the rest of the board of its fiduciary responsibility regarding the financial statements, it is advisable that every member of the board has at least a basic level of financial literacy. Knowing the components of each of the four basic statements and knowing how to analyze the financial statements through horizontal, trend, and ratio analyses will give each board member the ability to better evaluate and interpret the financial statements. Having this skill set will allow the board members to judge the competency of analyses performed by others, including the nonprofit’s staff and management. Although horizontal, trend, and ratio analyses may sound like Greek to you now, by the end of this chapter, you will have a better understanding of these terms and how to use them. This chapter discusses the four basic financial documents and the analyses that can provide the board with an indicator of the nonprofit’s current fiscal “health.” The four basic statements include the balance sheet, the statement of operations, the statement of changes in net assets, and the statements of cash flows. There is another important financial report that most nonprofits must file annually with the IRS—Form 990 or Form 990-EZ. This report contains a significant amount of financial information about the nonprofit, and the IRS uses the report to determine if the nonprofit is still eligible for its tax-exempt status under section 501(c)(3) of the IRS Code. The report is not only viewed by the IRS. IRS regulations require that all nonprofits provide copies of the report to anyone who requests one. Individuals now do not even have to request a copy of the report directly from the nonprofit. Since 1997, most of the reports are posted on the Internet by GuideStar and the National Center for Charitable Statistics, two nonprofits based in Washington D.C. Anyone with an Internet connection can now view your nonprofit’s financial information, without the nonprofit ever knowing! Members of the media, potential donors, and policymakers

interpreting financial statements

41

all have easy access to your nonprofit’s report. Since Form 990 and Form 990-EZ provide information about a nonprofit’s financial condition, it is important that members of the board review them for completeness and correctness. We discuss Form 990 and Form 900-EZ in Chapter 4. One more thing should be noted before we begin discussing the four basic financial statements. Two types of accounting may be used for financial reporting—cash basis and accrual basis. In the cash basis of accounting, what is tracked is the flow of cash into and out of the organization. Transactions are not recognized as occurring until cash is received by the organization or paid out by the organization. For example, an organization would recognize revenues only when the payment, or cash, was received for delivering the good or service. Expenses are recognized as occurring only when the organization actually pays for the resources used in its operations. This approach to accounting is similar to how people keep their personal checkbooks and is fairly straightforward. In the accrual basis of accounting, revenues are recognized when they are earned, not when payment is received. Expenses are recognized as expenses when assets are used in the process of creating and delivering a service or good, not when the costs of the assets are paid. This is not as straightforward as the cash basis of accounting, but the accrual basis of accounting is the more generally accepted method, and provides more information about an organization’s fiscal health that does the cash basis of accounting. For example, let’s assume that a nonprofit is using the cash basis of accounting and has a very large bill due in December. Let’s also assume that what is owed is a very large amount, so large that it is doubtful that the nonprofit will be able to pay it in full. If you were a creditor trying to make a decision about whether you should extend credit to the nonprofit, you would want to know that the organization was close to defaulting on a debt. However, if you were examining the financial statements from September, October, and November, this debt would not even appear, and you might think the organization was in better financial health than it actually is. Since the cash basis of accounting only reports cash when cash flows into or out of the organization, it only reports what has happened, not what is going to happen in the future, even in the very near future. It wouldn’t notify you that the organization has debt that it is not going to be able to pay.

42

chapter 3

interpreting financial statements

As well as not reflecting what debt an organization has, the cash basis of accounting also doesn’t reflect the amount of money that is owed to the organization. For example, the organization may have extended credit to a number of its clients and is expecting to receive the payments within the 30 thirty days, in the month of December. If you were a donor trying to make a decision about whether you should make a donation to the nonprofit, you would want to know that the organization has this money due to it. However, if you were examining the financial statements from September, October, and November, you would not know that the organization expects to receive payments in December. Your opinion about the financial standing of the nonprofit would be faulty and you might make an incorrect donation decision. Since the accrual basis of accounting is the more generally accepted form of accounting and it provides more information about an organization’s fiscal health, the financial statements presented in this chapter are based on the accrual basis of accounting, not the cash basis.

Balance Sheet As shown in Exhibit 3.1, the balance sheet presents the assets, liabilities, and the net assets of the nonprofit. In other words, the balance sheet presents the resources the nonprofit owns, the debt it must pay, and the nonprofit’s net worth. The balance sheet provides a snapshot of the nonprofit, as it captures what the nonprofit looks like at a particular point of time, generally the last day of the accounting period. Typical accounting periods are monthly, quarterly, half-yearly, and yearly. The basis of the balance sheet is the basic accounting equation: Assets = Liabilities + Net assets

Since the total of what the nonprofit owns equals the combined total of the nonprofit’s debt and the nonprofit’s worth (net assets), there must be a balance between the total assets and the total liabilities plus the net assets. In the for-profit world, net assets would be the same as owners’ equity or shareholders’ equity. The balance sheet will become more understandable once we more thoroughly cover the definitions of assets, liabilities, and net assets.

balance sheet

Exhibit 3.1

sample balance sheet for the p e r i o d e n d i n g d e c e m b e r 3 1, 20X1

ASSETS

LIABILITIES

Current Assets Cash and Cash Equivalents Short-Term Investments Net Accounts Receivable Supplies Prepaid Expenses Other

4,258 9,136 15,020 1,997 670 783

Total Current Assets

31,864

Non-Current Assets Net Property and Equipment Long-Term Investments Assets Limited as to Use Other

49,358 16,979 10,470 6,375

Total Non-Current Assets

83,182

TOTAL ASSETS

43

115,046

Current Liabilities Long-Term Debt, Current Accounts Payable Wages and Salaries Payable Supplies Payable Utilities Payable

1,470 2,817 3,001 2,143 1,969

Total Current Liabilities

11,400

Non-Current Assets Long-Term Debt, Net Other

20,100 6,997

Total Non-Current Assets

27,097

TOTAL LIABILITIES

38,497

NET ASSETS Unrestricted Temporarily Restricted Permanently Restricted

67,720 3,216 5,613

TOTAL NET ASSETS

76,549

TOTAL LIABILITIES AND NET ASSETS

115,046

Assets Assets of the nonprofit are the resources it owns, both current and noncurrent. Examples of current assets include cash and cash equivalents, accounts receivables, and investments, all of which have a life of one year or less. Examples of “cash equivalents” would be a savings account or a money market account, where the funds are easily and quickly available. Accounts receivable are the amounts due to the nonprofit from sales or delivery of services. If a client does not pay what is owed at the time the client

44

chapter 3

interpreting financial statements

purchases the good or service, the client should be billed, or invoiced, for the amount owed. All of these invoices are the value of accounts receivable; the nonprofit owns the “right” to collect these amounts, and expects to be paid within a relatively short time period. An example of a current investment would include a six-month certificate of deposit owned by the nonprofit. It is current because it has a “life” of less than one year, and can be converted into cash at the end of its six-month life Non-current assets include assets with a life greater than one year, such as property and equipment. For example, the building owned by the nonprofit is a non-current asset as the nonprofit expects to be able to use the building for more than one year. Computer equipment is also a good example of a non-current asset. The IRS views most computer equipment as having a “life” of greater than one year, and most nonprofits use their computer equipment for several years. A term that is used interchangeably for non-current is long-term. Likewise, the term short-term can be used instead of current. Liabilities Liabilities are the obligations of the nonprofit to pay its creditors. As with assets, liabilities are divided into two categories: current and non-current. Examples of current liabilities include accounts payable, notes payable, and labor payable. Accounts payable contains the value of money owed for goods, services, and supplies the nonprofit has purchased, but has not yet paid for. It can also contain other obligations such as insurance or interest on a loan, both of which must be paid within one year. Notes payable contains the value of loans, notes, or other short-term obligations that are payable to a bank or other financial institutions, all of which must be paid within one year. Labor payable is the sum of all of the wages and/or salaries that a nonprofit owes its staff. If a nonprofit doesn’t pay its wages/salaries payable in a short amount of time, it isn’t going to keep its employees for very long, so it makes sense that labor payable is a current liability! As in the case of current assets, “current” for liabilities are liabilities that should be paid in one year or less; conversely, non-current liabilities are liabilities that have a payment life of more than one year. Examples of non-current liabilities are mortgages payable and bonds payable. These liabilities can have a life of 15 to 30 years, or longer.

balance sheet

45

Net Assets The net assets of a nonprofit are defined in a simple restatement of the basic accounting equation: Net assets = Assets – Liabilities

As discussed earlier, assets are the resources owned by the organization, and the liabilities are the total obligations, or debt. Once the liabilities are subtracted from the assets, what are left over are the net assets. The net assets can be thought of as the “net worth” of the nonprofit. Nonprofits are exempt from taxes, and in exchange for this exemption, the nonprofit is “owned” by the community in which the nonprofit resides and by the clientele it serves. The net assets are the community’s interest, or ownership, of the assets of the nonprofit. In a for-profit organization, this portion of the nonprofit is referred to as “owners’ equity” or “shareholders’ equity.” In a for-profit organization, the owners’ equity or shareholders’ equity can be distributed to the owners or shareholders, since they directly own the equity. In a nonprofit organization, the net assets are not distributed to the owners, but rather are used to increase services or grow the organization. Thus, the community and the clientele benefit from the net assets, even though they are not directly distributed. In the past, the term fund balance was used in nonprofit to indicate the net assets; however, that term is rarely used now. In a nonprofit, the community and the clientele “own” the nonprofit, and the net assets are the quantifiable reflection of that ownership. The net assets are generally categorized into three classifications: 1. Unrestricted net assets 2. Temporarily restricted net assets 3. Permanently restricted net assets Unrestricted net assets are the dollar value of net assets where there is no restriction on how the net asset can be used. For example, if a donor contributes $10,000 to the nonprofit and does not specify how the donation must be used, that donation would become a part of unrestricted net assets. Unrestricted net assets do not have any stipulations or restrictions for their use, other than legal or ethical considerations. Temporarily restricted net

46

chapter 3

interpreting financial statements

assets reflect the dollar value of net assets that have a restriction on their use, but that restriction has a time limit. For example, a donor may give land to the nonprofit with the stipulation, or restriction, that the land cannot be sold for five years. Since the land has a temporary restriction on its use, it is a part of temporarily restricted net assets. Once the time period for the restriction passes, the land is no longer a part of temporarily restricted net assets and becomes a part of unrestricted net assets. Permanently restricted net assets are net assets that have restrictions on their use, and that restriction does not have a time limit. An example of a permanently restricted net asset is an endowment that allows the nonprofit to spend the interest, but never any of the principal. For those of you who would like more information on the balance sheet, please refer to Appendix A. All of the items on the sample balance sheet are more thoroughly explained.

Statement of Operations As discussed, the balance sheet presents a snapshot of the nonprofit at a specific point in time. The statement of operations is different in that it is a summary of the nonprofit’s expenses and revenue, gains, and other support over a period of time. As can be seen in Exhibit 3.2, the statement of operations contains the expenses and revenues, gains, and other support over the entire accounting period, not just at the end of the accounting period. In the for-profit world, this statement is typically called the “income statement” or the “profit and loss (P & L) statement.” The basic formula for the statement of operations is: Revenues, gains, and other support – Expenses = Excess of revenues, gains and other support over expenses

In a nonprofit, a positive difference between revenues, gains, and other support and expenses is not considered profit, but rather an increase in the net assets. In the for-profit world, profits are distributed to the owners of the for-profit; in a nonprofit, the excess of revenues, gains, and other support over expenses should be used to generate more programs or services for the nonprofit’s clientele. If they are not used to generate more programs or services, they become a part of the net assets of the nonprofit, and increase the nonprofit’s overall net worth.

statement of operations

Exhibit 3.2

47

sample statement of operations for the period ending d e c e m b e r 3 1, 2 0 X 1

Unrestricted Revenues, Gains, and Other Support Net Program A Revenue Net Program B Revenue Net Program C Revenue Other Revenues Donor Contributions Net Assets Released from Restrictions for Operations

30,421 33,620 10,555 3,576 20,735 300

Total Revenues, Gains, and Other Support

99,207

Expenses Wages and Salaries Supplies Utilities Transportation Depreciation Bad Debt Other Expenses Total Expenses Total Operating Income Non-Operating Income (Investment) Excess of Revenues over Expenses Change in Net Unrealized Gains and Losses Net Assets Released from Restrictions Used for Equipment Purchase Increase in Unrestricted Net Assets

59,751 10,635 8,059 14,985 2,572 1,035 1,018 98,055 1,152 975 2,127 105 437 2,669

Revenues, Gains, and Other Support Revenues are amounts earned by the nonprofit by selling a product or providing a service. For example, if your nonprofit were a hospital, it would earn revenues whenever it delivered hospital services to its patients. Gains occur when assets are sold for more than their book value. For example, if the nonprofit owns property and sells that property for an amount greater than the property’s original purchase or donation value, the nonprofit has incurred a gain. Other support includes unrestricted donations, donations released from restriction, and appropriations from governmental nonprofits or other grant-making nonprofits.

48

chapter 3

interpreting financial statements

Expenses Expenses are the “costs of doing business.” During the accounting period, the nonprofit has been selling goods and delivering services. To create the goods that it sold and the services that it delivered, the nonprofit consumed, or used up, some of its assets. For example, if the nonprofit is providing home-delivered meals, it will “use up” gas or electricity to cook the food, the food supplies that are used in the meals, gasoline and wear and tear on the delivery vehicle, the amount of rent that the nonprofit pays for its offices and kitchens, and so forth Other examples of expenses include salaries and benefits, insurance, depreciation of equipment and other capital items, and the provision for bad debts. Salaries and benefits is the cost of the labor that the nonprofit used during the accounting period, and insurance is the cost the nonprofit paid for insurance coverage used during the accounting period. Depreciation of equipment and other capital items is the amount of usage of a longterm asset incurred during the accounting period. For example, if the nonprofit purchases computer equipment that it expects can be used for five years, the nonprofit is “using up” that computer equipment over an extended period of time. Depreciation allows the nonprofit to recognize when it has used up some of the computer equipment. If the value of the computer equipment was $10,000 and it is expected to last for five years, then every year the nonprofit used up $2,000 worth of the equipment. The $2,000 becomes the depreciation expense for the year. The provision for bad debts expense allows the nonprofit to recognize that it will not receive some of the money that is owed to it from accounts receivable. Some of the invoices will not be paid fully, and the nonprofit has to indicate the amount of bad debt that occurred during the time period. Writing off bad debt is an expense of doing business. Below the Line Items The statement of operations may also contain information on what are known as “below the line items.” For example, donations that are made specifically to acquire capital assets are not considered part of revenues, gains, and other support because their use is restricted to the purchase of capital assets. Another example of a below the line item are transfers to the parent organization (assuming there is one). The effect of these below the line items appear on the statement of operations, below the value of

statement of changes in net assets

49

excess of revenues, gains, and other support (hence the term below the line item). Below the line items directly affect the value of net assets, either positively or negatively. The effect is positive if the below the line item reflects an inflow of value to the nonprofit; conversely, the effect on the net assets is negative if the below the line item reflects an outflow of value. For those of you who would like more information on the statement of operations, please look in the Appendix A. All of the items on the sample statement of operations are more thoroughly explained.

Statement of Changes in Net Assets The purpose of the statement of changes in net assets is to account for any changes in the net assets from one accounting period to the next. A sample statement of changes in net assets is shown in Exhibit 3.3. There are two reasons why the value of net assets would change: 1. Changes in unrestricted net assets 2. Changes in restricted net assets Changes in unrestricted net assets flow directly from the statement of operations. If the excess of revenues, gains, and other support is positive, unrestricted net assets are increased. A positive change reflects that the nonprofit’s revenues, gains, and other support are greater than its expenses, and the amount of the unrestricted net assets is increased by that amount. In this case, the nonprofit is making a “profit.” Conversely, if the nonprofit’s expenses are greater than its revenues, gains, and other support, the amount of the unrestricted net assets is decreased by that amount. In this case, the nonprofit is experiencing a “loss.” As discussed previously, the statement of operations contains information in addition to the value of the excess of revenues, gains, and other support over expenses. These below the line items directly affect the value of the unrestricted net assets, by either increasing or decreasing them. Changes in restricted net assets, through either a temporarily restricted or a permanently restricted donation, directly affect the value of the net assets. However, not all changes in restricted net assets change the value of net assets. For example, temporarily restricted assets are only restricted for a specific period of time. If the restriction period for any of the temporarily restricted net assets expires, the value of that net asset “moves” to

50

chapter 3

Exhibit 3.3

interpreting financial statements

sample statement of changes in net assets for the period e n d i n g d e c e m b e r 3 1, 2 0 X 1

Unrestricted Net Assets Excess of Revenues over Expenses Change in Net Unrealized Gains and Losses Net Assets Released from Restrictions Used for Equipment Purchase

2,127 105 437

Increase (Decrease) in Unrestricted Net Assets

2,669

Temporarily Restricted Net Assets Net Assets Released from Restrictions to be Used for Equipment Purchase Net Assets Released from Restrictions for Operations Net Unrealized Gains and Losses

(437) (300) 575

Increase (Decrease) in Temporarily Restricted Net Assets

(162)

Permanently Restricted Net Assets Net Unrealized Gains and Losses Contributions for Endowment Funds

289 1,500

Increase (Decrease) in Permanently Restricted Net Assets

1,789

Total Increase (Decrease) in Net Assets Net Assets, Beginning of Month

4,296 72,253

Net Assets, End of Month

76,549

unrestricted net assets. Although the value of restricted net assets is reduced, the value of net assets is not changed since the reduction is offset by the increase in unrestricted net assets. For those of you who would like more information on the statement of changes in net assets, please refer to the Appendix A. All of the items on the sample statement of changes in net assets are more thoroughly explained.

Statement of Cash Flows The fourth basic financial statement is the statement of cash flows. This statement answers the following questions: • How much cash came into the organization and from where did the cash come? • How much cash left the organization and where did the cash go?

51

statement of cash flows

The statement of cash flows tracks cash flows from operating, investing, and financing activities. It captures the flow of cash into and out of the organization during the accounting period. A sample statement of cash flows in shown in Exhibit 3.4.

Exhibit 3.4

sample statement of cash flows for the period ending d e c e m b e r 3 1, 2 0 X 1

Cash Flows from Operating Activities Change in Net Assets Adjustments to Reconcile Changes in Net Assets to Net Cash Provided by Operating Activities: Depreciation Net Unrealized Gains and Losses Bad Debt Restricted Contributions Received Increase (Decrease) in: Net Accounts Receivable Accounts Payable Wages and Salaries Payable Supplies Payable Utilities Payable Long-term debt, current Net Cash Provided by Operating Activities

4,896 2,572 (971) 1,035 (1,500) (6,544) 2,000 13,350 1,477 2,478 500 19,293

Cash Flows from Investing Activities Purchases of Investment Capital Expenditures

(5,175) (12,996)

Net Cash Flows Used in Investing Activities

(18,171)

Cash Flows from Financing Activities Increase in Long-Term Debt Payments on Long-Term Debt

5,100 (3,512)

Net Cash Used in Financing Activities

1,588

Net Increase in Cash and Cash Equivalents

2,710

Cash and Cash Equivalent at Beginning of Year

1,548

Cash and Cash Equivalents at End of Year

4,258

52

chapter 3

interpreting financial statements

Operating activities are the normal business activities in which the nonprofit engages to generate revenues. Examples of operating activities are the selling of goods or the delivery of services. Investing activities include the purchasing and selling of investments and the purchase or sale of capital items, such as property or equipment. Financing activities include increasing or decreasing the amount of long-term debt, changes in net assets, and transfer to the parent organization (if there is one). The statement of cash flows tracks the cash inflows and outflows from these activities and reports the net increase (or decrease) in cash and cash equivalents as the result of these activities. For those of you who would like more information on the statement of cash flows, please refer to the Appendix A. All of the items on the sample statement of cash flows are more thoroughly explained.

Financial Statement Analysis Now that we’ve discussed the components of each of the financial statements, learning how to analyze the information contained in the statements is the next step. The real value of financial statements for the nonprofit is that they can be used to help predict the nonprofit’s future financial condition, and provide a view of the nonprofit’s current condition. Analyzing the financial statements can help to answer the following questions: • Has the nonprofit’s performance changed over the years? In what direction? • Is the nonprofit generating enough excess of revenues, gains, and other support over expenses? Why or why not? Compared to other similar nonprofits, how well is this nonprofit faring? • What percentage of the nonprofit’s net assets is permanently restricted, and how does that percentage compare to last year? • How effective is the nonprofit in collecting what is owed to it? How does the nonprofit compare to other similar nonprofits? • Will the nonprofit be able to meet its debts in a timely manner? Compared to other similar nonprofits, is this nonprofit doing better or worse? • How efficiently is the nonprofit using its assets? Compared to other similar nonprofits, is improvement needed? If the nonprofit is using its

financial statement analysis

53

assets inefficiently, it is using more resources than are necessary to produce and deliver its programs and services. • Are the nonprofit’s facility and equipment in need of replacement? Does the nonprofit meet the standard for facility and equipment replacement? If all of the nonprofit’s computer equipment is more than five years old, the nonprofit will soon have to replace that equipment. That could be a large expense for the nonprofit, and the board and management should be aware of this upcoming expense. • Is the nonprofit in a good position to take on additional debt, or is it overextended? Compared to other similar nonprofits, does the nonprofit have too much or too little debt? Having too much debt can cause repayment problems for a nonprofit, but having too little debt means that the nonprofit isn’t taking advantage of the leverage that debt can give. Trend Analysis A trend analysis allows you to look at changes in performance that have occurred over any number of years. You can compare the selected year to the previous year, or you can compare the selected year to five years ago. The year that you are comparing to the selected year is called the “base year.” The formula for a trend analysis is: ((Selected year – Base year) / Base year) × 100

Here is an example of how you can use trend analysis. You know that the amount of revenues your nonprofit has is currently less than previous years, and you are curious to see what the percentage change has been over previous years. For example, in reviewing the nonprofit’s statement of operations for 2001, you note that the amount of revenues for the year was $10,589,145. From the statement of operations for 2004, you note that the amount of revenues was $15,832,163. Using the following formula, we can determine the percentage change and the direction of the change: (($10,589,145 – $15,832,163) / $15,832,163) × 100 = –33.1%

From 2004 to 2001, your revenues dropped 33.1%. Looking at the percentage of change can be more helpful than simply comparing the raw

54

chapter 3

interpreting financial statements

numbers, especially if the numbers are large. This analysis provides valuable information about the revenues and can be used as evidence to argue for revenue-improvement activities. Common-Size Analysis Common-size analysis allows you to remove the dollar values from items and express the items as percentages of some whole item. For example, you may be interested in knowing the percentage allocation of current and non-current assets over total assets. Once you have determined that percentage, you can compare it to previous years’ percentages, or you can compare it to industry standards for your type of nonprofit. You can develop industry standards for your type of nonprofit by viewing the financial information provided in other nonprofits’ Form 990s or Form 990-EZs. In this case, the current and non-current assets are the items of interest, and the total assets are the base item. Another example would be to determine the percentage makeup of net assets. What percentage of net assets is unrestricted; what percentage is temporally restricted; what percentage is permanently restricted? In this case, net assets would be the base item, and the unrestricted, temporally restricted, and permanently restricted net assets would be the items of interest. The formula for common-size analysis is: (Item of interest / Base item) × 100

Let’s assume that the value of current assets in 2004 was $1,972,185, the non-current assets totaled $9,361,382, and the total assets equaled $11,333,567. For the year 2004, the common-size analysis is: ($1,972,185 / $11,333,567) × 100 = 17.4% ($9,361,382 / $11,333,567) × 100 = 82.6%

Current assets make up 17.4 percent of total assets, and non-current assets make up 82.6 percent. You can compare the percentage allocation of the items of interest to previous years or to the industry standard to ascertain if there are any significant differences. If there are, you know that working on the allocation percentage of assets should be on the “to do” list.

financial statement analysis

55

Financial Ratios Financial ratios allow a nonprofit to compare its current financial health with its own previous performance or to industry standards. Financial ratios express the relationship between two numbers and basically pull together two elements of the financial statements: one expressed as the numerator, and one as the denominator. Since Form 990 and Form 990-EZ contain a lot of financial information, it is easy to develop industry standards by viewing the reports filed by nonprofits similar to yours and pulling out the needed elements. An almost unlimited number of financial ratios can be calculated, and we will not, of course, be able to cover each possible ratio here. However, if you are able to calculate and interpret some ratios from each of the four common classifications of ratios, the job of analyzing the financial statements can more easily be accomplished. There are four general classifications of financial ratios: liquidity, profitability, asset management or activity, and capital structure. The following sections describe the components of each and explain what board members should look for in terms of red flags. • Liquidity ratios measure a nonprofit’s ability to meet short-term obligations, collect receivables, and maintain sufficient cash on hand. Liquidity ratios help to answer the question, “How able is the nonprofit to meet its short-term obligations and debt?” • Profitability ratios help to answer the question, “Is the nonprofit generating excess revenues over expenses?” • Asset management or activity ratios help to answer two questions, “How efficiently is the nonprofit using its assets to produce revenues?” and “In view of current and projected revenues, is the amount of each type of asset reasonable, too high, or too low?” • Debt management or capital structure ratios help to determine the extent to which a nonprofit uses debt to finance its assets. These ratios help to answer the questions, “How are the nonprofit’s assets financed?” and “How able is the nonprofit to take on new debt?” Since ratio analysis can best be interpreted relative to a standard, ratio analysis should thus be a comparative analysis. The standard may be the nonprofit’s past performance, a goal set by the nonprofit, or the average performance level in the industry or a group of equivalent nonprofits.

56

chapter 3

interpreting financial statements

Trade associations frequently publish the financial ratios standards, or benchmarks, for the nonprofits in the industry. Liquidity Ratios Liquidity ratios reflect the ability of the nonprofit to meet its current obligations, to pay bills that are due. If the nonprofit does not have enough cash on hand to pay its obligations when they come due, the nonprofit’s credit rating may be adversely affected, which could result in a loss of credit, loss of vendor relationships, and loss of trade discounts. Frequently used liquidity ratios include:

• • • • •

Current ratio Quick ratio Average collection period ratio Days cash on hand Average payment period

Current Ratio The current ratio reflects the short-term solvency of the nonprofit. The current ratio equals current assets divided by current liabilities. Both of these values can be found on the balance sheet. Current assets / Current liabilities = Current ratio

Red Flag If the current ratio = 1 or more, the nonprofit has sufficient current assets to meet its current liabilities. If the current ratio is less than 1, the nonprofit may experience difficulty in meeting its short-term obligations. For example, if the current ratio = .45, for every $1 owed in short-term obligations the nonprofit only has 45 cents to cover those obligations. In general, a nonprofit would like to be equal to or above the current ratio standard. If the current ratio is substantially greater than the standard, however, the nonprofit may be holding too much cash on hand and should investigate longer term investments. If the nonprofit finds itself in a nonliquid position, it should develop and implement plans to either improve the flow of cash into the nonprofit or reduce its short-term obligations.

financial statement analysis

57

Quick Ratio The quick ratio is a more stringent indicator of liquidity, as it only uses the most liquid current assets in its formula. Assets that are current but are not immediately liquid are excluded, such as product inventory. The quick ratio equals cash plus short-term investments (also known as cash equivalents) plus net accounts receivables divided by current liabilities. The values of these four accounts can be found on the balance sheet. ((Cash + Cash equivalents + Net accounts receivables) / Current liabilities) = Quick ratio

Red Flag If the quick ratio equaled .50, for every $1 in current liabilities the nonprofit only has 50 cents. If the quick ratio equaled 2.63, for every $1 in current liabilities the nonprofit has $2.63. As in the case with the current ratio, in general a nonprofit would like to be equal to or above the quick ratio standard, but not substantially above the standard. An organization does not want to be short of cash, but it also does not want to have a lot of cash that is “sitting around and not working” for the nonprofit.

Average Collection Period Ratio The average collection period ratio is a measure of how long the average client or customer takes to pay the bill for services or products sold. The quicker clients or customers pay their invoices, the quicker the nonprofit is able to convert its receivables into cash. The days receivables equals net accounts receivables divided by net revenues divided by 365. The value of net accounts receivables can be found on the balance sheet, and the value for net revenues can be found on the statement of operations. Net accounts receivables / (Net revenues / 365) = Average collection period ratio

58

chapter 3

interpreting financial statements

Red Flag The average collection period ratio should be equal to or below the standard. For example, if the standard is 57 days, you would want your average collection period ratio to be equal to or less than 57 days. If the nonprofit is not meeting the standard, it may be experiencing some liquidity problems and it is not earning any financial benefit from having unpaid invoices. Developing and implementing a plan to improve the collections of receivables may improve the nonprofit’s liquidity position by bringing cash more quickly into the nonprofit. If a nonprofit does not manage its accounts receivables well, it may not survive.

Days Cash on Hand Days cash on hand is a measure of how long the nonprofit could meet its obligations if all cash receipts were discontinued. Days cash on hand equals unrestricted cash and cash equivalents divided by expenses minus depreciation expense divided by 365. The values of unrestricted cash and cash equivalents can be found on the balance sheet. The values of expenses and depreciation expense can be found on the statement of operations. (Unrestricted cash + Cash equivalents) / (Expenses – Depreciation expense / 365) = Days cash on hand ratio

Red Flag In general, a nonprofit would like to be equal to or above the days cash on hand ratio, but not substantially above the standard. If the days cash on hand ratio is equal to 30 days, the nonprofit can survive longer than if the ratio was equal to 3 days. The days cash on hand ratio can be improved by either increasing the inflow of cash or decreasing the expenses. If the days cash on hand ratio is substantially above the standard, the nonprofit may not be using its cash effectively. Remember, excessive cash on hand is cash that is not working for you!

financial statement analysis

59

Average Payment Period The average payment period is a measure of how long it takes the nonprofit to pay its bills. Developing and keeping a good credit relationship with vendors and suppliers is critical to the financial well being of the nonprofit, and the nonprofit should thus attempt to pay its bills on time. The average payment period equals current liabilities divided by expenses minus depreciation expense divided by 365. The value of current liabilities can be found on the balance sheet, and the values of expenses and depreciation expense can be found on the statement of operations. Current liabilities / (Expenses – Depreciation expense / 365) = Average payment period

Red Flag In general, the average payment period should be equal to or less than the standard. However, if the average payment period is substantially below the standard or is substantially less than 30 days (the typical number of days allowed to pay an invoice), the nonprofit may be paying its bills too quickly and may be missing opportunities for shortterm investment. It may also be that the nonprofit is paying its bills in less than 30 days in order to earn trade discounts, a reduction in the amount paid in exchange for early payment. One has to investigate the cause of the ratio value before one can decide what action, if any, needs to be taken. The nonprofit wants to avoid the reputation of being a slow payer, but it doesn’t want to give up cash sooner than necessary!

Profitability Ratios The profitability ratios are all measures of the ability of the nonprofit to produce a profit, or to generate excess revenues, gains, and other support over expenses. A nonprofit that is only breaking even or, worse, suffering a loss, will not be able to expand its delivery of services. If the nonprofit experiences continued losses, it may not be able to survive. Frequently used profitability ratios include:

• Operating margin • Return on total assets

60

chapter 3

interpreting financial statements

Operating Margin The operating margin measures the proportion of excess revenues, gains, and other support over expenses earned for each dollar of revenues, gains, and other support. The operating margin equals excess of revenues, gains, and other support over expenses divided by revenues, gains, and other support. Both of these account values can be found on the statement of operations. Excess of revenues, gains, and other support over expenses / Revenues, gains, and other support = Operating margin

Red Flag In general, a nonprofit would like to have an operating margin at or slightly above the standard. Although the mission of the nonprofit is not to generate a profit or excess revenues, gains, and other support over expenses, having a good operating margin can give the nonprofit the financial ability to expand its delivery of services and to survive leaner times in the future. However, if the operating margin were substantially higher than the standard, the nonprofit may be charging too much for its services and products, and not meeting the needs of the community. After all, the mission of the nonprofit is to serve its community and clientele!

Return on Total Assets The return on total assets is a measure of how much “profit” is earned for each dollar invested in assets. The return on total assets equals the excess of revenues, gains, and other support over expenses divided by total assets. The value of revenues, gains, and other support can be found on the statement of operations, and the value of total assets can be found on the balance sheet. Excess of revenues, gains, and other support over expenses / Total assets = Return on total assets

financial statement analysis

61

Red Flag In general, a nonprofit would like to have a return on assets at or slightly above the standard. If the nonprofit is below the standard, it is not using its assets effectively, or it doesn’t have the right “mix” of assets to effectively deliver services and generate excess revenues, gains, and other support. It may need to invest in capital items, such as facility expansion or computer equipment, or it may need to divest itself of some of these items.

Asset Management Ratios The asset management ratios provide a measure of how much in revenues, gain, and other support is generated for each dollar invested in assets. Asset management ratios include:

• Total asset turnover ratio • Fixed assets turnover ratio • Age of facility ratio Total Asset Turnover Ratio The total asset turnover ratio measures the overall efficiency of the nonprofit’s assets to produce revenues, gains, and other support. The total asset turnover ratio equals revenues, gains, and other support divided by total assets. The value of the revenues, gains, and other support can be found on the statement of operations, and the value of total assets can be found on the balance sheet. Revenues, gains, and other support / Total assets = Total asset turnover ratio

Red Flag In general, a nonprofit would like to have a total asset turnover ratio equal to or greater than the standard. The higher the ratio, the more efficient the nonprofit is in its use of its assets. If the ratio is low, the nonprofit may have too much money invested in assets, or it could be that the nonprofit is not doing a good job in generating revenues,

62

chapter 3

interpreting financial statements

gains, and other support. As with the other ratios, the total asset turnover ratio does not provide you with the answer to what is wrong, it simply alerts you to the fact that there is a problem in this area.

Fixed Assets Ratio If the nonprofit owns a facility or equipment, these items are called “fixed” assets. They are called “fixed” because an organization would not be able to divest itself of these items quickly. The fixed assets turnover ratio is a measure of the nonprofit’s efficiency in using its fixed assets of facility and equipment to produce revenues, gains, and other support. The fixed assets turnover ratio equals revenues, gains, and other support divided by facility and equipment minus accumulated depreciation. The value of the revenues, gains, and other support can be found on the statement of operations, and the values of facility, equipment, and accumulated depreciation can be found on the balance sheet. Revenues, gains, and other support / (Facility + equipment – accumulated depreciation) = Fixed assets turnover ratio

Red Flag In general, a nonprofit would like to have a fixed assets turnover ratio equal to or higher than the standard. If the ratio is substantially higher than the standard, however, it may be an indication that the nonprofit has not invested enough in fixed assets and will need to upgrade its facility or equipment in the near future.

Age of Facility Ratio The age of facility ratio provides a measure of the average age of a nonprofit’s facility and equipment. The age of facility ratio equals accumulated depreciation divided by depreciation expense. The value of accumulated depreciation can be found on the balance

financial statement analysis

63

sheet, and the value of depreciation expense can be found on the statement of operations. Accumulated depreciation / Depreciation expense = Age of facility ratio

Red Flag In general, a nonprofit would like to be equal to or below the standard. If the ratio is substantially higher than the standard, it may indicate that the nonprofit needs to replace its equipment or facility soon. You would rather know this sooner than later, since replacement or upgrades of equipment or the facility is a long process. Your nonprofit needs to plan in advance for this.

Debt Management Ratios Debt management ratios reflect the nonprofit’s long-term liquidity by quantifying the relationship between the nonprofit’s assets and its long-term debt. Did the nonprofit acquire most of its assets through debt or through excess revenues, gains, and other support over expenses? Debt management ratios also give an indication of a nonprofit’s ability to cover its long-term debt and its ability to take on more long-term debt. Debt management ratios include:

• Long-term debt to net assets ratio • Times interest earned ratio • Debt service coverage ratio Long-Term Debt to Net Assets The long-term debt to net assets ratio is a measure of the relationship between long-term debt and the assets owned by the nonprofit. It is a reflection of the proportion of net assets that were financed through long-term debt. The long-term debt to net assets ratio equals the long-term debt divided by the net assets. The value of both long-term debt and net assets can be found on the balance sheet. Long-term debt / Net assets = Long-term debt to net assets ratio

64

chapter 3

interpreting financial statements

Red Flag In general, a nonprofit would like to have a long-term debt to net assets ratio equal to or lower than the standard. Taking on too much debt may place the nonprofit in the risky position of not being able to easily repay the debt. In addition, having too much debt may put the nonprofit in the position of not being able to take on additional debt when necessary. If the nonprofit has a very low long-term debt to net assets ratio, it may not be taking advantage of the leveraging power that long-term debt can give. If the nonprofit has been taking advantage of debt leveraging and still has a low ratio, it could also be an indication that the nonprofit has too many net assets and has not expanded services as much as it could.

Times Interest Earned The times interest earned ratio is a measure of the nonprofit’s ability to meet its interest payments for long-term debt. The times interest earned ratio equals the excess of revenues, gains, and other support over expenses plus interest expense divided by the interest expense. The value of both excess of revenues, gains, and other support over expenses and the interest expense can be found on the statement of operations. (Excess of revenues, gains, and other support over expenses + Interest expense) / Interest expense = Times interest earned ratio

Red Flag In general, a nonprofit would like to have a times interest earned ratio equal to or greater than the standard. The value of the times interest earned ratio is especially important if the nonprofit wants to take on more long-term debt in the near future. Creditors and lenders use the times interest earned ratio to evaluate a nonprofit’s ability to repay debt. If the ratio is too small, they may be reluctant to extend additional funds.

conclusion

65

Debt Service Coverage Ratio The debt service coverage ratio is a more stringent measure of a nonprofit’s ability to repay its long-term debt. Unlike the times interest earned ratio, the debt service coverage ratio does not just measure the nonprofit’s ability to cover its interest expense. Instead, this ratio measures a nonprofit’s ability to meet its entire loan requirements, principal plus interest. The debt service coverage ratio equals the excess of revenues, gains, and other support over expenses plus interest expense plus depreciation expense divided by the interest expense plus the principal payment. The value of the interest expense, depreciation expense, and the excess of revenues, gains, and other support over expenses can be found on the statement of operations. (Excess of revenues, gains, and other support over expenses + Interest expense + Depreciation expense) / (Interest expense + Principal payment) = Debt service coverage ratio

Red Flag In general, a nonprofit would like to have a debt service coverage ratio equal to or greater than the standard. The greater the debt service coverage ratio, the better able the nonprofit is to handle additional longterm debt. As with the times interest earned ratio, a too low debt service coverage ratio does not look very favorable to creditors and lenders.

Conclusion If you use the information in this chapter when it is time to look at your organization’s financial statements, you should be able to make a more informed decision about the nonprofit’s financial standing. You will be able to meet your fiduciary responsibilities and will no longer simply be “rubberstamping” whatever the ED gives to you.

Chapter

4

Form 990: Unnecessary Paperwork or a Useful Tool?

Maria and Jose work in the finance department of a mid-sized nonprofit. They are standing at the water fountain commiserating about all the work they have. “Well, I guess I better get busy working on that stupid Form 990,” said Maria to Jose. “I hate working on this report and it is really a waste of my time. It’s not even important that the information on the report is correct, since I bet no one really ever looks it. I’m sure the IRS is too busy monitoring tax returns to even review the Form 990s that are sent to them. It’s just more unnecessary paperwork for us to handle.” “I didn’t know that no one really ever reviews the report,” said Jose. “If you’re right, then why do you have to spend so much time on it? It seems like you could just use rough estimates.” “That may be a good idea,” said Maria. “I have plenty of more important work to do.” Are Jose and Maria right? Should Maria focus more on the “important work” and put working on Form 990 at the bottom of her to-do list? Is Form 990 not worth the effort?

What Are Form 990 and Form 990-EZ? As discussed in Chapter 3, nonprofits that are exempt from taxation under IRS Code 501(c)(3) are required to file either Form 990 or Form 990-EZ with the IRS. Form 990 is filed by nonprofits whose “normal” annual 67

68

chapter 4

form 990

receipts total more than $25,000. A nonprofit is categorized as having normal annual receipts greater than $25,000 if its receipts for the previous three years average $25,000 per year or more. Form 990-EZ is filed by nonprofits whose normal annual receipts are smaller and whose assets total less than $25,000. Since Form 990-EZ is simply a short-form Form 990, we use the term “Form 990” for the rest of this chapter. Private foundations are also required to file a report with the IRS—Form 990-PF—but this form is not covered in this chapter.

Why Is Form 990 Important? Form 990, “Return of Organization Exempt From Income Tax,” is filed by nonprofits that are tax-exempt under IRS Code 501(c)(3). The nonprofit’s tax-exempt status is not a permanent status. If a nonprofit’s operations no longer meet the requirements of IRS Code 501(c)(3), its tax-exempt status can be revoked by the IRS. Losing its tax-exempt status would be a deadly blow to most nonprofits! In addition to its IRS use, Form 990 is a primary piece of the annual reports that many nonprofits are required to submit to the state offices that regulate charitable solicitation. Form 990 is available to entities other than the IRS and state regulators. Virtually anyone has the right to view your nonprofit’s Form 990. IRS regulations now require nonprofits to provide a copy of the report for the last three previous years to anyone who requests one. However, Form 990 is even more public than this. GuideStar and the National Center for Charitable Statistics, two nonprofits based in Washington D.C., have posted nonprofits’ Form 990s on the Internet since 1997. All it takes for any individual to view your nonprofit’s Form 990 is the desire to do so and an Internet connection. Literally, an unlimited number of people could view your nonprofit’s Form 990 at any time and without the nonprofit ever knowing! The easy availability of Form 990 could result in a public relations disaster for your nonprofit if the Form 990 is sloppily prepared, contains misleading information, or gives the impression that the nonprofit is misusing funds. However, the easy availability of Form 990 could be advantageous for the nonprofit if correctly presents the nonprofit and its program in an accurate and positive way. For example, potential donors and grant makers might make a positive decision about funding based on the information contained in Form 990. As another example, if members of the media are focusing on

management’s role in improving form 990

69

your nonprofit, the nonprofit may be presented in a favorable light if its Form 990 is complete and transparent.

Management’s Role in Improving Form 990: Creating a Good Internal Control System In the area of financial reporting, the SOX legislation requires public companies to have a good internal control system, perform periodic assessment of the internal control system, have members of upper management certify the accuracy of reports, and develop and use a code of ethics for senior financial officers. All of these requirements can be viewed as pieces and results of the internal control system. All of these requirements have application in nonprofits and will help an organization use its Form 990 as an advantage. In addition to improving Form 990, having a good internal control system will improve the integrity of all of the organization’s financial statements discussed in Chapter 3. It is management’s role to create and implement a good internal control system. Most internal control systems have a set of features that shape the system. What are the features of a good internal control system? A good system should have a code of ethics, a solid accounting system, control activities, and monitoring activities. Code of Ethics The first feature of a good internal control system is the organization’s view of integrity and a sense of ethics. Members of senior management, such as the ED and the financial officers, ultimately have the responsibility of the internal control system. The ED can have a significant impact on the organization’s overall view of what constitutes acceptable practices. If the ED conveys to the rest of the nonprofit management and staff that integrity and a sense of ethics are valued qualities in the organization, adherence to any internal control system will be stronger than it would if the ED did not demonstrate a commitment to these qualities. In some of the scandals discussed in Chapter 1, management set an organizational tone of deceit and greed, which may have fueled inappropriate behavior at all levels of the organization. The SOX requirement of a code of ethics definitely applies here!

70

chapter 4

form 990

Accounting System The accounting system used by the nonprofit exerts a lot of influence over the integrity of financial reporting. Therefore, the accounting system can be considered an important piece of the internal control system. The IRS provides clear directions regarding specific categories and classes into which revenues and expenses must be allocated. Lines 1 to 11 of Part I on Form 990 require revenues to be allocated across 10 specified categories: 1. Contributions, gifts, grants, and similar amounts 2. Program service 3. Membership dues and assessments 4. Interest on savings and temporary cash investments 5. Dividends and interest from securities 6. Rental 7. Sale of assets other than inventory 8. Special events and activities 9. Sale of inventory 10. Other Lines 13 to 17 of Part A on Form 990 require that expenses be presented as program expenses, management expenses, and fundraising expenses. In addition to following Form 990’s categories of revenues and expenses, other information must be reported in a specific way. For example, in Part III of Form 990, the filer is required to report all of the programs and services that it provides, along with the expenses for each individual item. In Part IV of the form, the filer must report net assets as unrestricted, temporarily restricted, or permanently restricted. Lines 45 to 58 in Part IV are the required categories for assets and are reported in order of their availably of use. It is unnecessary to cover all of the reporting requirements for Form 990. The rest of the requirements can be easily found by looking at Form 990 and reading the instructions provided by the IRS. The point is that a smart nonprofit will build its accounting system around the categories and classifications that the IRS requires. If an organization knows what financial information is required, it makes sense to have an accounting system

management’s role in improving form 990

71

that tracks and reports this information. As a bonus, all of the IRS-required categories and classifications can be used for the financial statements discussed in Chapter 3. Control Activities Another critical feature of a good internal control system is its control activities. Control activities help ensure that all members of the management team and staff are following the nonprofit’s accounting, finance, and recordkeeping polices and procedures. Each functional level throughout the nonprofit should have its own set of control activities that are relevant to the function and the level. Examples of control activities include segregation of duties (the person who writes checks should not be the same person who handles the invoices), authorizations, reviews of operating performance, and verifications. Monitoring Activities An essential feature of a good internal control system is its monitoring activities. Monitoring should be an essential part of general management and supervisory activities and of the internal audit function of the organization. When a problem is detected in the system, the problem should be addressed, and the problem and its solution should then be sent up the chain of command. Hiding problems isn’t an effective way of resolving them. If a problem is detected and resolved in one department, sending the information up the chain of command might benefit other functions or departments of the nonprofit. Another department may have the same problem, but hasn’t detected it yet. Having this information moving freely though the organization can benefit the entire organization. Learning about another’s department problems or mistakes might help other departments detect the same problem. Certification by Upper Management Under SOX, the CEO and the CFO in a public company are required to certify that the financial statements are accurate and adhere to GAAP. A nonprofit can adapt this requirement by requiring that the senior management team certify the financial statements and Form 990 as a part of their

72

chapter 4

form 990

job descriptions. If the management team has designed and implemented a good internal control system, including an internal audit, certifying the statements should not be cause for alarm.

The Board’s Role in Form 990 The role of the board in improving Form 990 is basically the same as its role with the financial statements discussed in Chapter 3. In the board, the primary responsibility for Form 990 would lie with the audit committee, but all board members should understand the purpose of Form 990, its requirements, and its importance to the well-being of the nonprofit. Reviewing the form and reading the IRS instruction for it would alert the board to Form 990’s requirements. In addition to verifying that Form 990 has been completed accurately and in a timely manner by the management and staff, there is some information in the form to which the board should pay particular attention. The board can use some of the financial analysis techniques discussed in Chapter 3 on some of the information in Form 990 and evaluate the nonprofit’s performance in several areas. Examples would include the information regarding fundraising, salaries for key managers and staff members, and lobbying activities. Fundraising One of the specific categories of expenses on Form 990 is fundraising. Is the nonprofit spending too much on fundraising? Is the nonprofit earning a good return for its fundraising efforts? Board members could answer these questions by comparing the nonprofit’s fundraising expenses with its fundraising revenues. If the nonprofit is spending a significant percentage of its fundraising revenues on its fundraising expenses, the nonprofit may not be conducting fundraising as efficiently as it could. A fundraising efficiency ratio could be used to compare the nonprofits with the industry standard. As in the case of the financial ratios discussed in Chapter 3, all of the information that is needed to determine the industry standard can be found in the Form 990s of similar nonprofits. As discussed, these forms are readily available. The formula for the fundraising efficiency ratio would be: Fundraising revenues / Fundraising expenses = Fundraising efficiency ratio

the board’s role in form 990

73

If the fundraising efficiency ratio is equal to 2.67, then for every dollar spent for fundraising, the nonprofit gained $2.67. If the ratio is equal to 1, the nonprofit is making a dollar for every dollar spent for fundraising. If the ratio is less than 1, say .25, the nonprofit is losing money in its fundraising efforts. Using .25 as the ratio, for every dollar spent for fundraising, the nonprofit is only making 25 cents. In other words, the nonprofit is losing 75 cents of every dollar spent. The value of the ratio, especially in comparison with a standard from the industry or with a nonprofit’s fundraising efficiency goal, would give the board some useful information regarding what the fundraising policies should be. As discussed in Chapter 3, ratios can be created from any two numbers. There are other areas the board might want to evaluate in relation to the nonprofit’s fundraising, and it can create a ratio to achieve that evaluation. Salaries for Key Managers and Staff Members In August 2004, the IRS announced an initiative to identify and halt abuses by nonprofits that pay excessive salaries and benefits to their key managers and staff members. The initiative also focuses on loans made and the sale, leasing, or exchange of property to key managers and staff members. The project, named the “Tax Exempt Compensation Enforcement Project,” will contact roughly 2,000 nonprofits to obtain additional information about their compensation policies and procedures for their key managers and staff members. Needless to say, the IRS is apparently starting to crack down on inappropriate compensation packages and transactions! The board can use Form 990 to assist in its evaluation of the nonprofit’s compensation levels. Form 990 requires the nonprofit to provide compensation amounts of its key managers, such as the CFO and the officer in charge of administration of program operations. In addition, the nonprofit must report the compensation of its five highest employees who are paid more than $50,000 and who are not on the list of key managers. The board can compare its compensation levels with industry standards to ensure that the levels are not out of line. Lobbying Activities Form 990 requires the nonprofit to report any lobbying activities and the expenses connected with these activities. “Lobbying” in this case is defined

74

chapter 4

form 990

as any attempt made by the nonprofit to influence a legislator or members of the legislator’s staff regarding the enactment of some piece of legislation. Under the IRS Code, it is permissible for nonprofits to engage in lobbying, but if the nonprofit has too many lobbying activities or has very high lobbying expenses, the nonprofit’s tax-exempt status may be jeopardized. One way the board can evaluate the nonprofit’s lobbying activities and help develop lobbying policies is to compare the amount of lobbying expenses with the Form 990s of other similar nonprofits.

Conclusion It should now be clear that Form 990 is not just unnecessary paperwork. It is a tool that can be used to develop best practices and gain competitive advantage. If Maria and Jose work for your nonprofit, you should correct their incorrect notions about Form 990!

Chapter

5

SOX Sections VIII and XI: Document Retention and Whistleblower Protection Obligations

Mary, the ED of a mid-size nonprofit, and Joe, the organization’s financial officer, were talking during lunch. “Well,” said Mary, “you won’t believe what nerve my idiotic secretary had today! She said that if we didn’t start maintaining more accurate records about our donations and expenses, we would be in violation of SOX. I don’t know how she even knows anything about SOX, but it’s obvious that she doesn’t know that none of the act applies to nonprofits. I tried to explain to her that SOX only applied to public companies that were registered with the SEC, but she insisted that she was right. She even said that keeping poor records was tantamount to perpetrating a fraud and that she felt an obligation to report us. Can you imagine? I was furious that she had the nerve to question my knowledge of SOX and, even worse, her implications that our recordkeeping procedures were somehow inadequate. And when she mentioned reporting us, that was just the last straw! Can you imagine what a can of worms it would be for us to be investigated, especially for something that doesn’t even apply to us? All of the time that would be wasted? The publicity? I told her that she should start minding her own business and not 75

76

chapter 5

sox sections viii and xi

worry about areas outside of her expertise, and that if she couldn’t do that, she should start looking for another job!” Joe gave Mary a startled look and exclaimed, “You didn’t actually threaten to fire her, did you?” “Yes,” said Mary. “She’s my secretary; I should be able to fire her if I want to, especially if she keeps up this fraud talk. What’s the problem?” Joe said, “I think this lunch is going to take a little longer than we planned. I have some bad news for you.” Is Mary right? Is she correct that none of SOX applies to nonprofits? Contrary to Mary’s beliefs, two sections of SOX, Sections VIII and XI, do apply to Mary. Section XI requires nonprofits to develop and maintain appropriate procedures for document creation and retention. And even worse—at least for Mary—Section VIII extends whistleblower protection to any employee who reports fraudulent or illegal organizational practices. Mary may have just created a lawsuit for herself and the nonprofit by threatening her secretary with job termination. The information in this chapter should help you to not repeat Mary’s blunder.

Whistleblower Protection The first obligation from SOX that applies to all organizations is the requirement for a documented “whistleblower protection” policy. SOX requires all organizations, including nonprofits, to establish a means to collect, retain, and resolve claims regarding accounting, internal accounting controls, and auditing matters. The system must allow such concerns to be submitted anonymously. SOX provides significant protections to whistleblowers, and severe penalties to those who retaliate against them. The following comes directly from SOX, Section 806: . . . any officer, employee, contractor, subcontractor, or agent of such company, may not discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee (1) to provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct that the employee reasonably believes constitutes a violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders, when the information or assistance is provided to or the investigation is conducted by

creating a confidential reporting system

77

(A) a Federal regulatory or law enforcement agency; (B) any Member of Congress or any committee of Congress; or (C) a person with supervisory authority over the employee (or such other person working for the employer who has the authority to investigate, discover, or terminate misconduct)

Does your Human Resources division have systems in place that will satisfy the SOX requirement for all organizations to have a whistleblower policy? If not, policies and procedures should be developed that contain at least the following aspects: • There is a confidential avenue for reporting suspected waste, fraud, and abuse. • There is a process to thoroughly investigate any reports. • There is a process for disseminating the findings from the investigation. • The employee filing the complaint will not be subjected to termination, firing, harassment, or miss out on promotion. • Even if the findings do not support the nature of the complaint, the employee or volunteer who made the complaint will not face any repercussions. All employees and volunteers should have a copy of the whistleblower policy, and it should be posted in clear view. This policy should also be covered in any orientation or training programs the organization offers for its employees and volunteers.

Creating a Confidential Reporting System Confidentiality is the key in developing a process whereby employees and volunteers feel safe in reporting waste, fraud, and abuse. Appendix B contains documents on this policy. One way a confidential reporting system can be established is to use an ombudsman. Another way would be to use a third-party reporting system that is not connected to the organization. Ombudsman For many years, organizations in Europe and long-term care facilities in the United States have used ombudsmen as a way to provide a safe avenue for

78

chapter 5

sox sections viii and xi

employees and clients to report fraud and abuse. In the United States, a long-term care ombudsman is an advocate for residents of nursing homes, board and care homes, and assisted living facilities. Ombudsmen are trained to resolve problems and can address complaints brought to him or her. A long-term care ombudsman can be a confidential ear for complaints and concerns, can help resolve complaints and concerns, educate residents about their rights, and help long-term care facilities develop more effective practices. Nonprofit organizations can use the role of the long-term care ombudsman as a guideline for creating their own confidential reporting system. To be effective, an ombudsman is independent of the organization and cannot be terminated for reasons other than failure to perform. Having this type of program in place can go a long way to correct problems as they arise and to meet the SOX requirements. Third-Party Reporting Systems SOX has created a market for third-party anonymous hotlines as a risk-free way to report unethical or illegal activity. With a third-party anonymous hotline, an employee or volunteer can report questionable activities any time of day or night. The hotlines can handle a variety of reporting issues, such as: • Accounting irregularities • Violations of governmental regulations • Fraud • Falsification or destruction of organizational records • Workplace violence • Substance abuse • Discrimination • Sexual harassment • Conflicts of interest • Release of proprietary information Employees and volunteers who might feel uncomfortable coming forward via internal reporting processes may feel more comfortable reporting issues via a third-party hotline.

first steps: beginning the process

79

Document Retention, Archiving, and Retrieval Document storage and retention is another area within SOX that applies to all organizations. The language in Section 802 describes the consequences for failing to implement a document retention system: Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 10 years, or both.

Appendix C provides a sample of a document retention policy and recommendations for its implementation. Key areas for consideration in document retention include: • What documents and records should be preserved and why? • Are the documents paper-only or are electronic files included? Which ones? • What about e-mail and instant messaging? • What are the expectations about the way in which documents are stored or archived and the ability to retrieve documents? • How long are you supposed to keep these documents? • Is there a protocol for disposing of documents once their storage time has elapsed? • When should you not destroy materials? • How can you make sure that everyone in the nonprofit—staff and volunteers—understands and adheres to these requirements? • What happens if your nonprofit is in violation?

First Steps: Beginning the Process Policies on document preservation should be developed by the board and senior management. Appendix C contains a walk-through of the process.

80

chapter 5

sox sections viii and xi

There needs to be a statement developed by senior management that contains the following talking points: • What the document retention policy is and why it is required by law. It is important that the staff and volunteers understand that document preservation is a component of SOX that applies to all organizations. • What are the new procedures that emerge from the policy? What are the deliverables that the board expects? • What does this legal requirement mean for your nonprofit? • What are the obligations of individual employees to ensure that your nonprofit is in compliance? • What is expected in terms of new behaviors and procedures, and what are the consequences (for individual employees and volunteers) for failing to adhere to the new procedures. Middle and senior management must be prepared to carry out the consequences swiftly to send a strong message throughout the organization. The system you design for document storage, archives, and retrieval must be logical and user-friendly. If staff can’t understand what it’s about, what’s expected of them, and why they are being asked to do this, the probability of success is low. Step 1 Consider what types of documents your nonprofit would need to store/ archive and be able to retrieve. Some examples of documents that need to be stored include: • Contracts with vendors for services, including insurance policies, auditor contracts (particularly to demonstrate that the auditing firm is not providing any other services to your nonprofit) • Contracts with external clients (such as public sector agencies) to provide services to the external clients • Contracts with your nonprofit’s programmatic clients • Contracts with your nonprofit’s management, staff, and volunteers (if applicable)

first steps: beginning the process

81

• Documents that a regulatory agency requires you to retain, such as tax returns, business license documents, vehicle registration forms, and professional licensure documents • Correspondence with regulators about your nonprofit’s operations • Documents containing information that a regulator would need to review • Documents required by local, state, and federal law, and correspondence regarding these documents • Documents that have historical, legal, or programmatic significance for your nonprofit • Instant message or e-mail that contains negotiations for a contract or other legal agreement • Any document that would provide proof that your nonprofit took action in a business, contractual, or legal matter • Financial documents, reports, analysis, and forecasts • Donor records, history, and correspondence • HR records including volunteer and board files • Documents that reflect the sale of property, merchandise, or any tangible or intangible assets Be sure to build in the requirements of any third-party reviewers such as auditors or regulatory agencies, so that your system will satisfy the expectations of these reviewers. Step 2 Inventory the nonprofit’s current record system to determine what records are in use, what records are in storage, and what records are archived. This step should also include a review of the types of e-mail messages and instant messages that are routinely transmitted along with attachments. Step 3 Develop retention rules (based on legal requirements and the operational needs of your nonprofit) and ensure that these rules are clearly disseminated to all staff and volunteers. There needs to be a classification system (develop

82

chapter 5

sox sections viii and xi

a simple one) that allows for documents to be classified as “confidential,” “private,” or other designation that precludes them from general access. As part of this step, it is essential that a training program be developed for staff to ensure that they understand what is expected of them, what the procedures are, and what records they are expected to retain. Step 4 Develop a process for finding and preserving documents that either will be or are part of an investigation or legal action. There must also be a mechanism for announcing that no documents are to be destroyed until an “all clear” notice is given—and stiff consequences for failing to adhere to this directive. Step 5 Develop rules for managing, storing, preserving, and archiving electronic messages or other electronic data. The rules should address the important issues, including listing the types of documents that are to be retained and how these documents are to be stored. The process need not be complicated, but the rules need to be standardized—there is no room for “doing your own thing.” Staff and volunteers need to understand that they are obligated to adhere to the rules—or face the consequences. The rules should also include steps to be taken to ensure that the documents cannot be tampered with, such as using “pdf” files or passwords. It is particularly important to store financial records in such a way as to ensure that they represent a true and honest picture of the nonprofit’s financial profile and/or other financial description. Regulators will expect to be able to rely on the accuracy of all of your electronic records—no exceptions. An important component of this step is the design of a technology policy or the revision of your current technology policy to include these topics: • Clearly state that all aspects of the nonprofit’s technology belongs to the nonprofit. There are no expectations of personal privacy when using the nonprofit’s technology. • Identify all of the nonprofit’s technology. Hardware and software including laptop computers, desktop computers, hand-held devices such as

first steps: beginning the process

83

PDAs and Blackberry, cell phones, Internet access, e-mail and all software programs purchased through the nonprofit. Be aware that when electronic devices such as laptops or PDAs are “recycled” to another staff member, the “hard drive” of the device may still contain data, documents, or transactions from the previous employee. It is important to institute a procedure to erase the hard drive once all of the documents have been extracted and stored according to your nonprofit’s Document Retention Policy. • Develop a policy on the storage and transportation of sensitive information out of your nonprofit’s facilities. Published reports describe multiple scenarios of laptops of bank employees being stolen that contained client financial data. The same thing could happen to your nonprofit if you store sensitive information about donors, clients, or staff on laptops that leave your premises. Does your nonprofit have a privacy policy that relates to donor information? Information about clients, staff, volunteers? If not, you need to institute one immediately and disseminate the policy(ies) to the various constituencies. For example, if your nonprofit has a Web site, do you list the names of donors? If you list these names, have each of the donors signed a consent document? In today’s world of identity theft and Internet hacking, it is particularly important to protect donors, staff, and board members. State that when an employee leaves his or her job at the nonprofit, he or she will be expected to surrender all technology to the HR department prior to departure—and obtain a signed receipt from HR for all of the equipment that was turned over to HR. Specific employees within each division of your nonprofit should be assigned the responsibility and the requisite power and resources for Document Retention within their division. It is essential that these individuals all have the same training and knowledge of organizational systems and any technology such as scanners, software, and the like, to ensure that documents are selected, preserved, archived, and able to be retrieved in a consistent, standardized manner. Establish rules for appropriate and secure electronic transmission of sensitive materials. Work with IT and legal professionals to ensure that these rules are comprehensive and appropriate to your nonprofit.

84

chapter 5

sox sections viii and xi

Step 6 Develop a means by which the Document Retention system will be audited on a regular basis to ensure that all staff are in compliance with the provisions. Board and staff should understand that the audits will be random and unannounced. Consequences for noncompliance should be meted out quickly to send a message to the entire organization. Please understand that your nonprofit is a business, and you need to conduct operations in a business-like fashion. The days of the “Mom and Pop” nonprofit are over—you have an obligation to your donors, your clients, your board, and your staff to ensure that your organization is in compliance with this component of SOX legislation. It’s not just a “best practice”—it’s the law, and it applies to all organizations in this country, including your nonprofit.

Conclusion Both the Whistleblower Protection Policy and the Document Retention Policy are legal requirements for nonprofits of any size. The implementation of these two policies and the document retention procedures will put your nonprofit in compliance with federal law, provide the additional benefits of orderly file keeping, and provide staff with a safe way to alert management of operational problems.

Chapter

6

Raising the Bar of Accountability: SOX Best Practices and the Board

Wendell Smith is the treasurer of the Gulf Coast Spinnaker Society. He is a self-assured businessman who feels he has his finger on the pulse of the organization. His finance committee is made up of male and female professionals from various fields. Additionally, several of the Spinnaker Society managers are assigned to staff this committee. One of the staff members, Fred, is also a silent partner in his family’s copier distributing company. Fred’s family’s company is the vendor for Spinnaker’s copiers. At this month’s finance committee meeting, the topic of vendor contracts was on the agenda. One of the Spinnaker Board members, Ann, also sits on the finance committee, as does the Spinnaker board chair, Samantha. Ann questioned whether Fred should be present during this discussion because one of the contracts being discussed was for the copier contract. Wendell became irate because Ann brought up this topic at the meeting without clearing it with him first. He lectured Ann that Fred is very valuable to Spinnaker and should be allowed to sit in on the discussion. When the discussion turned to renewing the contracts, the copier contract is passed without further question by anyone on the committee. If the copier contract had been put out for competitive bid, the Spinnaker Society would have discovered that competing firms could have provided better 85

86

chapter 6

raising the bar of accountability

value for the money. Of course, after Ann’s reprimand, no one dared suggest that the copier contract be put out for competitive bid. Wendell was satisfied that the well-oiled finance committee machine continued to run smoothly.

Legislative Environment: Best Practices and Governance Chapter 1 presented the emerging standards that are currently being considered at the federal level and the features of the new California law on nonprofit integrity. This chapter emphasizes what SOX expectations are for boards, the three legal standards to which all boards and board members must adhere, and the deliverables that emerge from SOX best practices. These deliverables are the policies and procedures that will facilitate the platinum operational paradigm for your nonprofit and the specific techniques for changing the board culture and for instituting a new working paradigm based on SOX best practices. The important issues and recommendations that are part of today’s nonprofit legislative environment include: • SOX legislation requires all nonprofits to have a whistleblower protection policy, along with a document retention policy and a policy prohibiting the destruction of documents associated with an investigation or litigation. • The U.S. Senate Finance Committee published a staff paper that included the following matters for consideration in raising nonprofit accountability: • Require nonprofits to have their IRS tax-exempt status reviewed every five years, with extra documents and a new processing fee. • Increase information disclosures on IRS Form 990, including annual performance goals and measurements for meeting those goals. • Require Form 990 to be signed by an organization’s CEO or equivalent under penalties for perjury. • Create penalties for failure to file a complete and accurate Form 990. • Appropriate $10 million for various forms of nonprofit accreditation.

legislative environment: best practices and governance

87

• Establish an Exempt Organization Hotline for reporting abuses by charities and complaints by donors and beneficiaries. • Limit the board size to 15 members. • For those nonprofits in California, the recently signed Nonprofit Integrity Act (SB1262) requires the following of nonprofits with budgets in excess of $2 million: • Have an annual audit performed by a CPA who is “independent” as defined by U.S. Government auditing standards, and make that audit available to the public and the Attorney General. • Accounting committee membership stipulations: Have an audit committee whose membership cannot include staff and must not overlap more than 50% with the finance committee; the audit committee can include members who are not on the organization’s board of directors. • Board accountability for executive compensation: The law requires that the board approves of the compensation, including benefits, of the corporation’s president or CEO, and its treasurer or CFO “to assure that it is just and reasonable” (i.e., not excessive). • Fundraising practices: The law requires disclosure of written contracts between commercial fundraisers and nonprofits. The Attorney General’s office has the right to demand a copy of the contract. Fundraisers must be registered with the Attorney General’s office. Additionally, all nonprofits in California regardless of size must meet the following requirements: • Make their audits available to the public on the same basis as their IRS Form 990 if they prepare financial statements that are audited by a CPA. • Fundraising requirements: [Nonprofits must provide] notice of a solicitation campaign by a “commercial fundraiser for charitable purposes,” which must be filed at least 10 days before the commencement of the solicitation campaign, events, or other services. Fundraisers must not misrepresent or mislead anyone about its purpose, or the nature, purpose, or beneficiary of a solicitation. A nonprofit must “establish and exercise control over its fundraising

88

chapter 6

raising the bar of accountability

activities conducted for its benefit, including approval of all contracts and agreements, and shall assure that fundraising activities are conducted without coercion.” The preceding list of expectations and stipulations represent the ways in which the business environment that nonprofits operate within has changed in the past three years. Yes, business environment. For decades, nonprofits have believed that because they are tax-exempt organizations, they are also exempt from the same ethical and accountability standards that have been imposed on the private sector. The Senate Finance Committee’s recommendations along with the language contained in California’s Nonprofit Integrity Act should dispel all of these antiquated notions. This chapter discusses the new and the traditional expectations of directors/trustees of nonprofit boards and the ways in which SOX best practices have raised the level of governance accountability. These traditional expectations are contrasted with the newer, more rigorous expectations that emerge from SOX best practices. The board and its governance role are important aspects of SOX legislation, the California legislation, and the impending “clone” legislation dealing with nonprofit accountability being considered in several other states. “Accountability” is an important watchword in today’s nonprofit governance environment. The media is filled with examples of financial mismanagement, violation of federal employment law, and failure to conduct due diligence in outsourcing functions. Published reports provide these examples of nonprofit governance crises: • The San Francisco Bay Area United Way and its nonprofit subsidiary, Pipevine. Pipevine was under contract to collect and allocate corporate donations to the United Way of the San Francisco/Bay Area. Pipevine allegedly skimmed millions from the donations because it had inaccurately forecasted its operating expenses and wasn’t receiving sufficient revenue from the United Way to maintain solvency. • Haight-Ashbury Free Clinic. The CFO of the Haight-Ashbury Free Clinic allegedly embezzled almost $1 million. Federal funds that were to be returned if not spent were collected by the CFO and then sent off to a bank account in his name located elsewhere in California.

new expectations for board oversight and governance

89

When a nonprofit encounters these dramatic crises, the board is often the first place to look for the source of the dysfunction. The first question that comes to mind in each of these sad stories is, “Where was the board?” Did the board understand what was going on? Did the board ignore or condone clearly inappropriate and often criminal behavior? Did the board even know what to look for? Today’s boards and board members need to recognize that the level of scrutiny and accountability aimed at nonprofits has increased. Nonprofit boards can no longer afford to deal at arm’s length with the organization—or meet on a quarterly basis as was once touted in a well-known governance model. The days of the fully accountable, fully present “hands-on” board are here to stay. The actions of the board and the products of governance have become central issues in SOX legislation, California legislation, and any potential clone legislation because nonprofit boards hold the ultimate accountability for what transpires within the confines of a nonprofit organization. There are no excuses for nonprofit board members not to understand what is going on in the organization, nor are there any excuses for board members not holding the ED accountable for the actions of his or her staff.

New Expectations for Board Oversight and Governance With the passage of SOX, the bar was raised on all organizations, not just publicly traded corporations, and not just nonprofits. All organizations that conduct business within the United States are subject to greater scrutiny. Public trust is an important issue that all organizations—public, private, and independent (nonprofit)—need to address. Some nonprofit boards have been collections of friends, business acquaintances, and even family members. Prior public scrutiny and expectations regarding nonprofit boards was low. They were expected to provide a rubber stamp of approval for the ED and raise money if necessary. Often, the members’ personal checkbooks were the main source in the nonprofit’s fundraising strategy. Within the past decade, the number of prominent nonprofits embroiled in financial scandal has increased dramatically. With the enactment of SOX in relation to corporate scandal, the public is demanding that the nonprofit world be held to the same level of accountability to protect the billions of voluntary donations that pour into this sector each year.

90

chapter 6

raising the bar of accountability

Higher Expectations for Board Membership and Deliberations The best practices that have emerged from SOX have ushered in a new model of governance, one in which the board members are expected to be competent, questioning, and assertive about the important issues facing the nonprofit. Board members are expected to come to the meetings prepared to discuss and deliberate. Exhibit 6.1 provides examples of how SOX best practices can serve to facilitate change in nonprofit board culture.

Exhibit 6.1

board practices comparison

Yesterday’s Board Practices

SOX Best Practices for Today’s Board

Board members selected without screening process.

Nominating committee rigorously screens prospective members and submits nominations to full board for vote.

Either board members do not receive orientation or the orientation is a social gathering.

Board members receive extensive orientation, including job description, performance expectations, bylaws, complete financial documents, strategic plan, and other relevant documents.

Board members are expected to be passive at board meetings; agenda is primarily staff-driven.

Board members are expected to review all materials in advance of the board meeting and come fully prepared to analyze, deliberate, and debate, if necessary, the issues at hand. Board members know how to read and analyze financial reports and spot important trends.

Board culture reflects belief that the nonprofit is a “Mom and Pop” operation governed by well-meaning volunteers.

Board culture reflects the reality that the nonprofit is a financially viable business enterprise governed by competent directors and their leaders whose primary allegiance is to the mission of the organization.

Board members are known to have profited from their position on the board through the nonprofit’s contracts with their businesses.

Board members are required to sign a conflict of interest statement on an annual basis for the purpose of identifying any existing, or possible, conflicts of interest. Board members are prohibited from having contracts of any kind with the nonprofit, or other types of self-dealing.

higher expectations for board membership

91

Yesterday’s Board Practices

SOX Best Practices for Today’s Board

Board members are the nonprofit’s “aristocracy” and are permitted to order the staff about and/or demand favors.

The board orientation clearly articulates that the board’s only employee is the executive director (ED), and stipulates that all board members will conduct themselves in a professional manner at all times.

The size of the board emphasizes quantity over quality.

The size of the board reflects the number of directors who are necessary to staff the committees and carry out the work necessary for quality governance deliverables.

Directors’ and officers’ insurance is only for large nonprofits.

All boards are indemnified through the purchase of D&O insurance.

Audits are only for large nonprofits.

An audit or financial review is required on an annual basis. An audit may be stipulated depending on the organization’s budget and relevant state legislation. However, smaller nonprofits should arrange for a review of its financial records.

Traditional Standards of Board Member Behavior In addition to these new expectations, boards (nonprofit and private sector alike) have always had standards of behavior associated with membership. The quality of board decisions and actions are evaluated based on how board members understood their obligations to the nonprofit institution, and how carefully they deliberated before making a particular decision/action. Board members are expected to conduct themselves and make decisions consistent with three (3) legal standards—care, loyalty, and obedience. The three standards describe the types of consideration that should go into behavior and decisions. The basic legal standard of the “reasonably prudent person” is particularly significant as the courts look to determine if the board took reasonable steps in decision-making or action. Exhibit 6.2 summarizes these standards and the expected impact on board member behavior. The United Way of the Bay Area and the Haight-Ashbury Free Clinic are examples of boards that failed to live up to these standards. In all of the examples, the boards clearly did not understand their obligation to oversee internal controls and to abstain from self-dealing.

92

chapter 6

Exhibit 6.2

raising the bar of accountability

Board Standards

Legal Standard

Expected Behavior

Care

The director shall discharge his or her duties as a director, including his or her duties as a member of a committee in good faith and with a care that an ordinarily prudent person in a like position would exercise under similar circumstances, and in a manner the director reasonably believes to be in the best interest of the organization.

Loyalty

In his or her capacity as a member of a nonprofit board, the individual is to give first priority to the institution in making financial decisions. This means that board members may not engage in activities with the nonprofit that will result in personal gain, nor are board members to use their board status as means to any personal gain—financial or otherwise.

Obedience

Directors are required to act within the bounds of the law generally, and with the intent of achieving the organization’s mission as expressed in its charter and bylaws.

In addition to the fundamental legal standards of care, loyalty, and obedience, board members have always been expected to: • Attend board meetings on a regular basis. Board members who do not attend meetings regularly have only a marginal understanding of the nonprofit’s operational, financial, and governance issues. These board members make poor representatives of the nonprofit, and in their lack of knowledge can make unwise decisions. • Understand their governance role. Board members, by the legal standards of care, loyalty, and obedience, are expected to put the welfare of the nonprofit ahead of any personal consideration, and certainly ahead of any personal gain. Board members are not there to micromanage the nonprofit, nor are they simply “window dressing” for senior management’s agenda. • Read and understand (or ask questions until they obtain clarity) all materials sent in advance of a board meeting. The operative expectation is that board members come to board meetings prepared to ask questions or obtain clarity because they have carefully reviewed all of the materials in advance.

higher expectations for board membership

93

• Review financial documents carefully and provide appropriate oversight. Board members are expected to either understand the financial documents or seek assistance in learning how to read and interpret financial statements. In the area of financial operations, board members need to ask the difficult questions and insist on appropriate financial materials. • Disclose any real or potential conflicts of interest. Board members, in order to adhere to the standard of loyalty, must disclose any real or potential conflicts of interest to the board. The rest of the board needs to know about these real or potential conflicts of interest so that steps can be taken to eliminate the impact of these conflicts on board deliberations and decisions. • Adhere to a code of ethics. Board members need to adhere to a Code of Ethics that spells out the nonprofit’s values and principles. Adherence to a Code of Ethics is another way in which board members put the interest and well-being of the nonprofit ahead of their own. Upgraded Standards: Putting SOX Best Practices in Motion The SOX legislation ushered in a new accountability based on a set of expected outcomes. The discussion in this section outlines the types of best practices that emerged from the SOX legislation and how these would work for your nonprofit board. (See the appendices listed for samples of documents related to these best practices.) • Board recruitment and retention (Appendix G). Today’s nonprofit boards cannot afford to be populated with individuals who are passive and/or lack the requisite skills—and assertiveness—to provide appropriate governance and oversight to the nonprofit. • Audit committee (Appendix D). Nonprofit boards need to have a separate audit committee that includes at least one board member who is a financial expert. The audit committee must ensure that auditors are not also engaging in additional services, such as consulting, for the nonprofit. The committee is also responsible for ensuring either that the auditing firm is rotated every three to five years, or that the lead auditor is rotated off the nonprofit’s audit every three to five years. The members of the audit committee need to be independent board members (i.e., not also members of senior management).

94

chapter 6

raising the bar of accountability

• Financial literacy (Appendix A). More rigorous review of financial statements and transactions—financial literacy—for all board members means that the nonprofit may need to establish a training program to ensure that all members of the board understand how to read and interpret financial reports. The ED and CFO need to be able to certify the accuracy of financial documents and other submissions such as Form 990s. All members of the board are fully aware of the financial condition of the organization, and senior executives such as the ED and the CFO are able to sign without hesitation • Code of ethics for board and senior management—prohibition of inside dealings (Appendix F). The board needs to adopt a policy strictly prohibiting personal loans to any director or officer, and an HR policy that prohibits lending money to the CEO, ED, CFO, or other staff. This policy describes the types of behavioral expectations that relate to the roles of board member and member of senior management. One particularly significant provision is the prohibition against any type of loan or financial gift by the nonprofit to a board member or member of the staff at any level. No exceptions should ever be made to these policies. • Conflict of interest policy (Appendix E). Why is not disclosing a conflict of interest a violation of this legal standard? Contrary to what many nonprofit board members believe, disclosing that you may have a potential conflict of interest is not a crime against humanity! A conflict of interest is simply that—the situation can, if ignored, establish conflicting interests between the board member and the nonprofit. The individual board member is not guilty of anything by disclosing that she has a potential conflict of interest. Actually, this type of disclosure is something to be applauded! The important next step is to have the potential conflict of interest documented via a conflict of interest statement that all board members—and senior staff—should submit on an annual basis or in the event that the board member learns of a potential conflict of interest. A sample of a conflict of interest policy and letter is in Appendix E. Once the conflict of interest is documented, the individual should be excused from the conversation/vote whenever his or her participation would be inappropriate. The minutes should reflect that

higher expectations for board membership

95

Ms./Mr. X was excused from the discussion on the nonprofit’s insurance coverage because he or she is a member of the insurance company’s board. • Whistleblower protection (Appendix B). This policy was discussed in detail in Chapter 5. It is important that the nonprofit have a whistleblower protection policy for all staff and volunteers, and enforce it without exception. Board members are willing to blow the whistle on inappropriate behavior and will be supported by other board members and board leadership. • Document preservation policy (Appendix C). This policy was also discussed in detail in Chapter 5. Establish a system that documents the policies that are in place and the methods for enforcement, and enforce it. • Adequate insurance. The nonprofit and the board need to be adequately protected. It is essential that the nonprofit purchase directors’ and officers’ liability insurance, general liability, business interruption, automobile, property and casualty, and other important insurance coverage. The nonprofit’s insurance professional is a key player on this team. She can provide advice on the types of policies that are right for your organization. • Keep informed about current regulatory practices. As mentioned in Chapter 1, the IRS is seeking to update Form 990 in direct response to recent events concerning the integrity of financial disclosures of nonprofits. The reason why it is considering whether Form 990 or other requirements should be modified to provide similar measures is to increase public confidence in the integrity of disclosures by exempt organizations. Among the possible requirements that the IRS is considering are disclosures regarding whether conflict of interest policies have been adopted, whether there are independent audit committees, and whether certain exempt organizations should be required to disclose information about transactions with substantial contributors, officers, directors, trustees, and key employees, plus any other changes to Form 990 that would increase public confidence in the integrity of exempt organization disclosures. The consideration of these possible upgrades in requirements comes on the heels of recent Congressional inquiries into accountability of the nonprofit sector in general.

96

chapter 6

raising the bar of accountability

SOX and the Board: Higher Performance and Greater Accountability SOX best practices relating to governance emphasize the importance of recruiting a board that is the right size for the nonprofit, has the right competencies, skill sets, and understanding of SOX best practices, and has the right attitude/perspective about its governance role. Incorporating Best Practices within Board Activities and Administration Board Member Screening and Orientation The current members of your nonprofit board were possibly recruited from many sources—friends, relatives, donor database, or nonprofit clearinghouses. Some of the members of the board are appropriate to the organization, and some may be in over their heads in terms of understanding their roles and what is expected of them. SOX best practices presumes that all members of the board are qualified to serve; that is, competent to serve in a governance role, and possess an understanding of what is expected of them and a skill set that serves to accomplish expected performance. Screening and Selecting Board Members Board members should be recruited based on those specific areas of expertise, diversity, or background that the board’s leadership and nominating committee have identified as significant to the nonprofit. Under no circumstances should more than one member of a family be seated on the board, nor should a family member of any staff be seated on the board. Similarly, vendors and consultants to the nonprofit should be disqualified for board membership. Those individuals who are seated on the board should also agree to sign a conflict of interest statement on an annual basis and should understand that they are required to disclose immediately any circumstances that could be considered a conflict of interest. In today’s environment, even the appearance of a conflict of interest is unacceptable. Size of the Board and Board Composition Depending on the size of the nonprofit, the ideal board size is somewhere between 7 and 16 members. Boards smaller than 7 can become deadlocked, and those larger than 16 can become unwieldy or experience a chilling effect on discussion, dis-

higher performance and greater accountability

97

sention, and possibly the emergence of a ruling elite, which generally takes the form of the executive committee. The board should establish procedures to ensure that new members are recruited, trained, and understand their roles and obligations, including term limits. Boards should ensure that the size of the board is appropriate to the size and needs of the organization Boards should also endeavor to evaluate their own performance as a governance entity, and the performance of their individual members. These performance standards should include attendance at meetings, committee work, fundraising, preparation for discussion, participation in strategic planning, and other activities. Board Orientation How do board members learn about what is expected of them? One of the best ways to offer a complete introduction to board service is through a comprehensive orientation and subsequent in-service training sessions. The orientation for new members should be crafted to address the important issues and expectations. The orientation should also be held at a time of day that would accommodate most members—and should be approximately 90 minutes to 2 hours long. The topics that are not addressed in the initial orientation can be covered in subsequent in-service sessions. The primary learning objectives of any board orientation include that: • New board members understand the nonprofit’s mission, vision, and strategic plan. • New board members have an understanding of the nonprofit’s history so that they can appreciate where the organization has been and where it is headed. • New board members understand their obligations and performance objectives. • New board members understand the board policies on meetings, attendance, conflict of interest, and other policies that emerge from SOX best practices. • New board members have received their job descriptions and understand their performance expectations and fiduciary obligations as board members.

98

chapter 6

raising the bar of accountability

Although a board orientation is an important event, be respectful of board members’ time. Do not design a board orientation that resembles the one that a board chair insisted that new members attend. The orientation lasted from 12 P.M. to 6 P.M. on a business day! Despite the fact that this board chair was a retired businessman, he was impervious to the reality that board members with demanding jobs could not possibly justify taking six hours out of a workday to attend a board orientation! Incredibly, the same board chair scheduled a daylong board retreat (10 hours counting travel time to and from the remote location) within two weeks of the six-hour board orientation. In total, the new members of this board were expected to be away from their professional obligations for 16 hours within the timeframe of two weeks.

Championing SOX Best Practices: The Board’s Governance Role The SOX best practices presume that boards are actively engaged in the operations of the nonprofit. This does not mean that boards are expected to micro-manage, but it does require that the board and senior management are highly interactive. Those twentieth-century board governance models that presume the board fulfills its obligations at arm’s length while pondering their universal theory of governance have always been bogus and today are absolutely dangerous. Accountability is the key and will be a major component within future state laws and regulatory requirements relative to nonprofit accountability. • Decision-making models. Board members need to understand that they are expected to fully participate in decision-making. To facilitate productive discussion and efficient use of time, board leadership can institute ground rules to control the length of time that any one person has the floor, issues related to civility of discussion, and the use of a “timed” agenda and Robert’s Rules to ensure an orderly meeting. Pre-meeting preparedness is an essential element to any successful meeting. Board members need to receive materials at least one week prior to the meeting. Today’s technology can streamline the process by sending the material as e-mail attachments or by fax. Regardless of the means of conveying the materials, the board members must come to the meeting prepared to deliberate/make decisions. A functional decision-making model also presumes a board culture that supports asking difficult questions and making business-like decisions. Non-

the board’s governance role

99

profits can no longer afford to have a “Mom and Pop” mindset, nor can they afford to have competent professionals on their boards who abdicate their governance obligations. One of the challenges in board deliberations is the tendency to engage in endless analytic exercises. Reports from standing committees or ad-hoc groups should include recommendations based on solid analysis. The board should request the level of information that is necessary and sufficient for reasonable decision-making. The meeting agenda should outline the decisions that are to be made at the meeting, allocate sufficient time for discussion, and then call a vote. Board members who want to commandeer the agenda tend to use lengthy discussion as a strategic weapon. In this way, the important issues never come up for a vote. The board leadership needs to be assertive in ensuring that the agenda is balanced and that the necessary votes are taken. • Board leadership and role clarity. Board members, particularly board officers, have an obligation to the organization, its staff, clients, volunteers, donors, and the community at large to conduct themselves in a professional manner while acting in their role as board members. The good name of the organization can be enhanced or compromised depending on how they conduct themselves—in person, in print (letters or documents), and online via e-mail. In our story about the Gulf Coast Spinnaker Society, Wendell berated board member Ann for raising the issue of a staff member’s conflict of interest. The Society’s board chair, Samantha, was also present at the finance committee meeting. When Ann later checked her email, she was shocked to discover that Samantha sent her a vicious email condemning Ann’s questioning of a potential conflict of interest, and furiously admonishing her for failing to give higher deference to Wendell in his role as treasurer. Happily, Ann is a responsible board member, so she deleted the e-mail. However, Ann might very well be tempted to forward this delicious piece of hubris to a friend or family member—and who knows where it might be forwarded from there. Board chairs like Samantha may think their position gives them the right to keep other board members in line by verbal abuse and intimidation, but anything in writing may appear some day on the front page of The Washington Post—or The New York Times.

100

chapter 6

raising the bar of accountability

• Staff and board interaction. The board has only one employee, the ED or CEO of the nonprofit. The ED or CEO is the link between the board and the rest of the staff who report to the ED or CEO. Although this appears to be a neatly arranged division between board and staff, the reality is that the board routinely interacts with staff via board meetings and committee meetings. Board members are not the staff members’ supervisors. If an employee files a hostile-workplace complaint based on the behavior of a board member, pay attention to that red flag and deal with it decisively. Board members should also be admonished to redirect any staff “tattling” back to the ED. All Nonprofit Boards Should Work Toward These Ethical and Operational Principles At the center of good governance are ethical and operational principles that guide board members in discussion, activities, and decisions that put the welfare of the nonprofit before personal or professional gain. • Governance and oversight. The Senate Finance Committee’s staff proposals and California’s Nonprofit Integrity Act are based on the presumption that nonprofit boards have established policies to set goals and objectives for the organization, and protocols to oversee the nonprofit’s operations, particularly financial operations. The Senate Finance Committee staff proposals emphasize imposing criminal liability for failing to ensure that the CEO was provided reasonable assurance of the accuracy and completeness of all material aspects of the return. • The board is the final authority in the nonprofit, and is obligated to closely supervise its only employee, the CEO. • The Nonprofit Integrity Act further requires of nonprofits whose budgets are in excess of $2 million that the board approve the compensation packages of senior management. The Board’s Overall Responsibility for the Management of the Nonprofit In addition to the principles that have emerged from the current legislative environment, boards need to consider adopting traditional tenets that address board authority and overall responsibility for the management of the

the board’s governance role

101

nonprofit. Boards are responsible for crafting the procedures, policies, and protocols that ensure the nonprofit complies with federal, state, and local laws, and is a going concern. The board’s fiduciary obligations require careful oversight of financial operations to ensure that a budget is crafted on an annual basis, to ensure that an annual audit or financial review is conducted, and that IRS Form 990s are submitted in a timely fashion. Additionally, the board is responsible for ensuring that all other financial reports are generated in a timely fashion. The board should ensure that it complies with relevant federal law and regulations, state law and regulations, and any local ordinances. The board should also ensure that documentation of its actions, and board minutes, are prepared in the appropriate manner, and stored per the Document Retention policy. The board should ensure that human resource policies are in place to safeguard the rights of employees and volunteers, and that every employee and volunteer has a job description and a method by which his or her performance is appropriately and fairly evaluated. The board should also ensure that the nonprofit publishes an employee manual and a volunteer manual that identifies and outlines policies that apply to employees and volunteers. The board, as the ultimate authority in the nonprofit, is responsible for ensuring that the nonprofit is adequately insured, including the variety of insurance policies that are required for the nonprofit’s operations, professional liability coverage (if applicable) and directors’ and officers’ insurance, including Employment Practices Liability Insurance for the board. The board is also responsible for ensuring that this coverage is secured at a competitive price, and that the nonprofit’s insurance professional is responsive to the nonprofit’s needs and requirements. Fundraising The California Nonprofit Integrity Act (SB1262) is the first SarbanesOxley “clone” law dealing with nonprofits. As other states adopt these types of “clone” laws, the topic of fundraising will surely be a common theme. As was codified in the new California law on nonprofit integrity, the board has an obligation to ensure that fundraising activities are conducted with integrity, with attention to donor privacy. Further, the board

102

chapter 6

raising the bar of accountability

has an obligation to perform due diligence before signing contracts with third-party fundraising vendors. The California law also placed the burden of closer supervision of all fundraising activities on the shoulders of the nonprofit (i.e., the board). The activities targeted by the California law were fundraising practices that involved coercion or undue influence. Under this new law, nonprofits would be held accountable for the fundraising abuses of their vendors. This provision presents similar themes to the testimony of two confidential witnesses at the Senate Finance Committee hearings in June who revealed abuses in car donation fundraising (“Mr. Car”) and the exploitation of charitable assets for private gain (“Mr. House”).

Conclusion One of the common themes in the legislative environment is the authority and accountability of the board as the ultimate authority of the nonprofit. This type of attention and focus is unprecedented, and hence, can come as a shock to those nonprofit boards and board members who believe that they are fulfilling their duty simply by attending a board meeting. The cultures of nonprofit boards and nonprofit organizations need to be open to change before SOX best practices can be adopted. Chapter 7 discusses what organizational culture is, and the role this intangible but essential organizational element plays in SOX best practices. Today’s more rigorous environment calls for nonprofit boards to revisit traditional expectations, and to incorporate new ways in which their governance skills can be sharpened, and their commitment to accountability be reinforced. Although California may be the first state to enact what is called a SOX “clone” law for nonprofits, it is just a matter of time before this type of legislation is replicated throughout the country. Twenty-first century governance expectations apply to all organizations regardless of the sector in which they operate.

Chapter

7

SOX Best Practices and Organizational Culture: Changing the Environment

The strains of Debussy’s Afternoon of a Fawn wafted through the wellappointed conference room. The Wine County Dance Company’s board was about to meet in the conference room of its treasurer, a successful attorney. The Dance Company’s ubiquitous volunteer administrator was greeting board members as they arrived. One board member, curious about the dance company’s Web site’s numerous links to the volunteer administrator’s personal pages, did an investigation of the site via the www.whois.com Web site. The dance company’s Web site was not owned by the nonprofit, it was owned by the volunteer administrator! The board member raised this issue during the meeting and was shocked to find that no one on the board seemed to care! It was the same level of disinterest that was presented as the treasurer announced that the Dance Company had not filed its Form 990 for the last three years.

The Nonprofit’s Organizational Culture and the Adaptation of SOX Best Practices What Is Organizational Culture? Sometimes when you walk into a nonprofit, or a business, you can just feel what it must be like to work there. Something about the way people talk, 103

104

chapter 7

best practices and organizational culture

dress, or act sends out signals. Other clues come from the way the offices look—are they cluttered and disheveled, or neat, but cold? Some offices exude “high class” pretension, while others have a distinctly antiestablishment feel. Learning to understand a nonprofit is much like peeling an onion; there are layers upon layers to peel back. Nonprofits aren’t just the people who populate them, although the people can be the face of a nonprofit. From deep within nonprofits come the rules—written and unwritten—about how things are done, how problems are solved, and what’s valuable. In any new job, there is generally a person or group of people tasked with “showing the ropes” to the new hire. Often, the unwritten rules come under the rubrics of “how to get along around here.” The unwritten rules exist because either everyone agrees with them, or everyone feels compelled to comply with them. The idea that the “way things are done around here” as a shared notion is key to understanding nonprofit culture. Edgar Schein defined organizational culture as a system of shared basic assumptions that helps people within the organization to cope with external forces, solve problems, and pass along the learned methods for dealing with operational issues. Organizational culture is reflected in the way newcomers are selected to become a part of the institution, whether the newcomers are new staff, administrators, volunteers, or board members. Once the newcomers have accepted the invitation to join the nonprofit in whatever capacity, what they are told about the nonprofit and how they are shown the ropes of routine institutional life is a reflection of organizational culture. Some nonprofits are very open about how decisions are made, how ideas can bubble up, and how grievances are settled. Other nonprofits have a very hierarchical structure, and sending messages upward requires elaborate protocols. The presence of one or more bargaining units (unions) also affects the nonprofit’s organizational culture. Probably the most powerful illustration of how an organization’s culture works is in the types of behaviors that either are rewarded or have no consequences imposed. Even more importantly, what types of behaviors are either punished or extinguished? The terms reward and punishment here are not to be taken as entirely positive or negative. Consider the two words in terms of whether negative consequences are imposed by the institution for engaging in particular behaviors. Staff who do not show up for work and

the nonprofit’s organizational culture

105

have not called in sick will probably have some type of consequence imposed for this behavior—reduction of pay for that week, assessing multiple sick days/vacation days, or a letter of reprimand. However, other destructive/negative behaviors such as failing to meet deadlines, failing to comply with new directives, or foot-dragging in terms of SOX best practices might have no consequences imposed. Conversely, some behaviors are discontinued (i.e., extinguished) because insufficient positive reinforcement has been extended. Consider the case of a staff member who worked long into the night to complete a report for the next day. If his or her supervisor does not show the requisite level of appreciation, it is unlikely that the staff member will go to those lengths in the future. Whether a behavior is repeated is often contingent upon the degree of positive or negative reinforcement applied in immediate response to the behavior. Behavior can be either reinforced or extinguished based on an organization’s cultural environment, values, beliefs, and applicable resources. Every organization has a unique and irreplaceable culture that reflects its human dimension. In other words, the unique interaction of people within an organizational environment helps to perpetuate the behavioral and cognitive norms that are part of the organization’s culture, while punishing or extinguishing behaviors and (articulated) values that are perceived as contrary to the established norms. Working to improve your nonprofit’s organizational culture is an integral part of keeping your nonprofit as a viable entity. That means that the organizational culture needs to be changed to adopt new and better methods of management. Rewards and incentives can be valuable tools in terms of recruiting key organizational players to support the implementation and continued maintenance of the SOX best practices program. The nonprofit’s overarching values found in the mission statement are a good place to start. The adaptation of SOX best practices should begin with board members and senior management. Clues to Interpreting a Nonprofit’s Culture Organizational culture isn’t something that you can put in a container or under a microscope. However, within any nonprofit there are important clues to help the observer make sense of the current organizational culture.

106

chapter 7

best practices and organizational culture

• Language. How do people within the nonprofit speak to each other and to the clients, volunteers, donors, and the public? Although in our multicultural society, there is a wide array of ethnic languages that are spoken in nonprofits, this element of a nonprofit’s culture centers on the manner and content of what’s spoken. Does the staff speak in bureaucratese, alphabet soup, or by some other linguistically relevant clues to the nonprofit’s operations? • Traditions and ceremonies. Is the annual picnic a “you-are-invited-andwill-attend” event? What holidays are celebrated? Birthday parties? Why are these or other events or gatherings significant within the nonprofit? Other traditions and ceremonies can include a volunteer awards ceremony, or an award presentation named after a major donor. The nonprofit’s culture can be observed in how these events are run, what the expectations are of the event, and of the participants. What is the frequency of these events? If these events occur on a regular basis, how much anticipation can be felt? • Behavioral norms. Every nonprofit has behavioral norms (i.e., how the staff and volunteers are expected to behave, to dress, to present themselves in terms of personal grooming, and how to treat others). Does the nonprofit require staff to come to work in business attire? If not, does the staff attire resemble the attire of the clients? Behavioral norms also focus on the way in which management and staff behave toward each other. When a board member enters the nonprofit’s offices, how is that person received? Are staff permitted to take long lunches, call in a vacation day without prior notice, or decide to work at home without consulting a supervisor? • Rules of the game. These are implicit rules for getting along in the nonprofit. Sometimes the rules directly relate to navigating the dangerous shoals of office politics. These rules are unwritten but very powerful in the types of consequences that are imposed for those who either ignore or unwittingly break the rules. • Beliefs and values. The nonprofit’s values are often embodied in the mission statement. However, there are other values and beliefs that are entrenched within the organization, but do not appear in the mission statement. Sometimes these beliefs and values parallel or support the mission, such as generosity and concern for the community at

the nonprofit’s organizational culture

•

•

•

•

•

•

107

large. Other beliefs and values can come into play within a nonprofit, such as not having to play by the rules because we are a nonprofit, or because we serve poor people, or because we serve rich people, or just because! Policies and protocols that guide how a nonprofit conducts operations. The way in which a nonprofit presents itself to major donors, funders, and the community can present clues as to what is or is not happening within the organization. Although some nonprofits take great pains to cover illegal behavior, those organizations are by far the exception. Most nonprofits are transparent about who they are and what they do. It’s how this is presented that holds the clue to the nonprofit’s culture. Environment. The notion of environment takes on many layers, whether it is the ambiance of the office, the way the nonprofit facilities are decorated, the ways people behave, or even the nonprofit’s logo. For example, a long-time provider of services to individuals living with AIDS changed their somewhat dour logo to a more upbeat symbol as the medical world made strides to alter AIDS to a disease that people live with rather than the death sentence the diagnosis provided two decades ago. Even the art objects in the nonprofit’s facilities can provide clues to the organizational culture. Does the nonprofit have valuable sculpture and art in its offices, or artwork and crafts created by disabled children? Problem solving. How does the nonprofit go about solving problems? Are there committees, ad hoc groups, or just the ED and his or her management team? What does the nonprofit consider a problem? Strategic planning. How does the nonprofit integrate mission and strategy, including goal setting? How does the nonprofit go about obtaining a consensus on the vision and direction of the organization? Do strategic goals emerge from the mission and its core values? Goals. The way in which a strategic plan is developed is one clue about the nonprofit’s culture, but a far more revealing element is the way in which an evaluation strategy is implemented that measures the accountability, rewards, labor, and resources to achieve the goals in the strategic plan. Intervention strategies. How does the nonprofit come to the conclusion that it must take steps to change direction? If goals are not being met,

108

chapter 7

best practices and organizational culture

or the external environment has changed, or its internal processes are not meeting organizational needs? How long does it take the nonprofit to realize that something dramatic must happen? For some nonprofits, their reluctance to admit that there is a problem is an enormous barrier to progress. The organization’s culture is the synergy of these elements, although deciphering organizational culture can become a very complex process. Being open to hearing and seeing the clues is important, as these are the conduits to introducing change. Now more than ever, it’s important to look closely at your nonprofit and its organizational culture. SOX best practices can only be adopted if the nonprofit is ready to implement these practices and incorporate them into a new culture of compliance. How Organizational Culture Can Act as a Barrier to SOX Best Practices This section describes how organizational dysfunction manifests itself within the nonprofit, particularly in relation to those areas addressed in SOX best practices, and those areas targeted by the IRS, the Senate Finance Committee, and the California Nonprofit Integrity Act (see Exhibit 7.1). In Chapter 1, we examined the current legislative environment for nonprofits in terms of testimony at the Senate Finance Committee’s hearings on nonprofit accountability, staff recommendations, and the provisions of the new California law on Nonprofit Accountability. • Some of the themes that emerged from the IRS Commissioner’s testimony and the Finance Committee staff proposals were, “If these abuses [by nonprofit organizations] are left unchecked, I believe there is the risk that Americans not only will lose faith in and reduce support for charitable organizations, but that the integrity of our tax system also will be compromised.”1 • Nonprofits will be held accountable for demonstrating that their mission, vision, and practices are consistent with their 501(c )(3) designation. • Accreditation and reauthorization may be imposed on all nonprofit organizations.

the nonprofit’s organizational culture

Exhibit 7.1

109

organizational behavior and dysfunction

Behavior

Organizational Dysfunction

Senior management ignores directive of executive director (ED).

Chain of command is compromised. Job descriptions and roles not clear. Failure to impose significant consequences for ignoring a superior.

Financial statements not produced on time or in a professional format.

Internal controls lacking. Staff not held accountable for failing to meet deadlines.

Staff refuse to comply with directives such as document retention policy.

Organizational culture does not support individual accountability. Management does not reinforce accountability with consequences.

Form 990s are never submitted on time—sometimes more than one year passes before they are submitted.

Board lax in holding management accountable for compliance with IRS regulations.

No policy in place to track credit card expenditures by staff and management.

Organizational culture supports naïve belief that staff and management would not misappropriate funds. Lax tracking of financials due to inattention.

Executive compensation packages are never questioned by the board.

Board does not understand its governance role. Management may have endeavored to “stack” the board with friends.

• The IRS will scrutinize Form 990s with greater vigilance. Commissioner Everson testified that the Bush Administration authorized funding for more aggressive enforcement of nonprofit compliance. Commissioner Everson added that in the past, the IRS was reluctant to pursue nonprofits, but given the recent high-profile scandals, the IRS, with the blessing of the Administration, has toughened its stance. • Nonprofit boards, as the ultimate authority in a nonprofit organization, will be held accountable for the actions of the senior management and staff. Failure to provide assertive oversight will no longer be tolerated.

110

chapter 7

best practices and organizational culture

The changing regulatory atmosphere indicates that it isn’t a question of if or when nonprofits will be under greater scrutiny—the time has already come. Understanding your nonprofit’s organizational culture will be crucial in designing the strategies that you will need to employ to implement these best practices and move your nonprofit to a platinum operating standard. Although we may be excited to begin a SOX best practices program within our nonprofit, often we need to work hard to bring others on board. We might find it particularly difficult if we work in an organization where senior management or the board often pursue the latest management craze only to drop it in a short time. SOX best practices is not a fad, but a way of working, thinking, and conducting business to actively reduce the potential for loss, damage, injury, or harm to the nonprofit’s good name. What can we do to adequately prepare the nonprofit’s staff, volunteers, and other stakeholders to learn about SOX best practices? More importantly, what can we do to adopt SOX best practices in their daily work and interaction at the nonprofit? The first thing we must do is intervene to modify the nonprofit’s organizational culture.

Introducing Change How can change be introduced? Real and lasting change begins with providing these stakeholders with information that illustrates that SOX best practices need to be implemented immediately and permanently. In other words, people need to be given information that makes a compelling case for changing their behavioral norms—immediately. The information provided should be of such compelling nature that people understand that the only acceptable option is to change current normative behavior to behavior that is consistent with new expectations. Factors in Modifying Current Organizational Culture Now that we understand a little about how organizational culture works, we can see that change emerges from information that plainly illustrates that the current way of doing things isn’t working, and requires changes in reward structure, modeling desired behavior—from the top down—and enforcing new standards

introducing change

111

It isn’t enough for a board chair to announce that the nonprofit is embarking on a SOX best practices program, all of the stakeholders need to understand that this is not a passing fad, but a real and lasting change in the way things are done around the nonprofit, and what behaviors are and are not tolerated. Modeling the New Behavior: SOX Best Practices How can this be accomplished? First, the board and senior management need to take steps to illustrate, perhaps repeatedly, that their behavior has changed because of their commitment to adopt SOX best practices within the nonprofit. The board and senior management need to determine how to convey the basic principles of SOX best practices to the rest of the organizational community, and how to influence a change in their on-thejob behaviors. The board and senior management need to examine the ways in which the various stakeholder groups within the organization learn, and how the change to adopt a SOX best practices program can connect with their values as staff or volunteers within the organization. Providing organizational stakeholders with meaningful SOX best practices orientation and training, and having the new behaviors reinforced with appropriate incentives is a solid beginning to change the nonprofit’s organizational culture. The nonprofit’s senior management has the opportunity to present the ways in which the nonprofit will address SOX best practices, and the opportunity to show his or her commitment to the process of SOX best practices and to its outcomes. One of the most effective ways of “modeling new behavior” is for the nonprofit’s senior management to discuss some of the ways in which they have adopted SOX best practices techniques and practices. This is particularly instructive, as it illustrates how SOX best practices techniques and practices apply within nonprofit operations, and demonstrates a commitment to SOX best practices. The nonprofit’s management might also consider the technique known as social marketing as a means by which informal leaders within the staff, volunteers, and other stakeholders promote SOX best practices techniques and practices. Social marketing has a side benefit of providing practical illustration of how SOX best practices works within a distinct function within the nonprofit, or how it works in a cross-disciplinary manner.

112

chapter 7

best practices and organizational culture

Change is a scary thing for many people. Generally, the way in which organizational culture is reinforced is through the application of rewards for desired behavior and the application of consequences for behavior that needs to be modified or extinguished. The use of rewards and/or consequences in reinforcing the significance of SOX best practices centers on the inclusion of a SOX best practices performance standard in every staff member’s performance standards for the upcoming year, or marking period. Staff and volunteers will need to meet or exceed expectations on this performance standard to qualify for salary increases or other rewards. However, the most visible means by which the importance of SOX best practices can be demonstrated is by the change of behavior and/or focus by senior management and governance within the nonprofit. Change Takes Time Change in any organization takes time, but change does not mean waiting forever. Once the nonprofit’s staff, volunteers, and other stakeholders see that SOX best practices is not a fad, not a glitzy trend, that it’s part of a better way of doing business—and that there are rewards for practicing SOX best practices—they will begin to adapt it into their routine. The important thing is to keep presenting material to educate about SOX best practices. Reinforcement of the message and illustration of how SOX best practices works in real life and the real-life benefits that it brings will bring about lasting change.

Nonprofit Board Culture As we illustrated in other chapters, there’s no substitute for a bad example in terms of clarifying a point. All boards have some level of dysfunction (i.e., nobody’s perfect), but profoundly dysfunctional boards will present the greatest obstacle to any change—and will certainly deter the implementation of SOX best practices. The heightened accountability that is characteristic of public expectations in the wake of the SOX legislation and scandals involving nonprofits should serve as a catalyst for change in any nonprofit board culture. A prime example of a highly dysfunctional board was the former board of the United Way of the National Capital Area (UWNCA). In March

nonprofit board culture

113

2004, the former chief executive of the UWNCA, Oral Suer, pleaded guilty to two felony charges that he stole nearly $500,000 from the nonprofit and its pension fund. In May 2004, Mr. Suer was sentenced to 27 months in jail, ordered to pay $497,000 in restitution, and because he is not a U.S. citizen, he will probably be deported to his native Turkey upon completion of his sentence. Mr. Suer embezzled close to $1.2 million. The result on the organization’s fundraising has been devastating. In 2001, the UWNCA collected nearly $45 million in pledges. Published reports indicate that the UWNCA is about to enter a third year of record-low pledges with totals consisting of less than $21 million. Published reports indicate that a forensic audit was conducted on the UWNCA books. Some of the key findings include: • Inappropriate financial dealings had been going on since 1974. This points to an organizational culture that permits self-dealing and discourages internal controls. Management over several decades have permitted, and gotten away with, inappropriate financial dealings. • Excessive executive compensation and lack of transparency had been chronic problems. The board ignored, or was ignorant of, excessive executive compensation. The lack of transparency could also have been the result of reluctance on the part of regulatory agencies, such as the IRS, to actively monitor the Form 990s from this agency. • Conflicts of interest existed within the board and senior staff. The leadership of the former board appears to have been actively involved with senior management in permitting financial irregularities based on a shared set of conflicts of interest. Lessons Learned from the United Way of the National Capital Area Scandal Although the former board of the UWNCA took dysfunctional behavior to spectacular heights, perhaps the most important lesson is that certain twentieth-century governance models are lethal in today’s nonprofit environment. At least one of these governance models advocated a hands-off approach to governance, exhorting boards to stick to visioning and let the staff handle the nonprofit operations. Boards were only to meet on a quarterly basis, and were expected to deal with the nonprofit at an arm’s length.

114

chapter 7

best practices and organizational culture

• The board of the UWNCA was enormous, and met infrequently. When the board did meet, the agenda consisted of superficial topics, and the effect was a feel-good session designed to promote cheerleading rather than governance. • The UWNCA’s board culture significantly contributed to the overall mismanagement of the agency primarily because they were too big and the majority too disinterested in holding management accountable. The board’s decision-making appeared to be consolidated among the board leadership. Certain board members had knowledge of senior staff wrongdoing but consistently failed to advise the rest of the board. • Interaction among board members outside of the carefully controlled meetings was virtually prohibited. Board members who requested a copy of the board roster were refused. • As a means of diverting attention from the board members who questioned financials, the board leadership subjected the questioners to harassment and public humiliation, including charges of racism. One board member who persistently raised questions and resisted board intimidation was unceremoniously removed from the board. Board members were vehemently chastised for talking to the media. • Board culture actively suppressed meaningful dialogue between membership and board officers/senior management. Board leadership abdicated their fiduciary obligations and accountability to the UWNCA’s senior management. Board agendas were staff-driven, and board meetings contained little substantive discussion. In the wake of the scandal, the agency has drastically reduced its staff, replaced its entire board and senior management, and closed most of its branch locations. Sources of Board Dysfunction For some boards, one need only enter the room to feel the tension or see the tension portrayed in body language. Other boards happily display the culture of the clueless cheerleader. Their board members, whose role is to cheer on the senior staff, blissfully arrive at the appointed time, and are entertained with cheerful, but empty, reports. Questions, if any, are shallow—and there’s always lots of time afterward for wine, cheese, and

nonprofit board culture

115

schmoozing. The executive committee handles all of the substantive business—whatever the senior staff wants to allow them to know. Some boards pride themselves on claiming to never having any conflict, and support this assertion by actively suppressing any questions or objections. Exhibit 7.2 provides examples of the dysfunctional characteristics found in boards, and the corresponding description of the board’s culture.

Exhibit 7.2

characteristics of dysfunctional boards

Board Dysfunction

Description of Board Culture

Dominated by leadership who bully and dominate members

Board is a collection of primarily passive individuals who choose, for whatever reasons, to tolerate being forced into accepting the current leadership.

The board consists of passive board members who have no term limits or obligations, and who deal with the organization at an arm’s length.

Board members do not understand their responsibilities and legal obligations. Board attitudes are consistent Yogi Berra’s definition of ignorance, “Ignorance isn’t what you don’t know; it’s what you know wrong.”

The executive director (ED) of the nonprofit fields at least six phone calls a day from board members who want to be updated on operational matters.

The board is micromanaging. The culture of this board is distrust of the senior management. Board members and their leadership do not understand the governance role.

Board president, who has been the president for 20 years, is the nonprofit’s biggest donor.

Board culture is one of inertia. Some board members have long-term social ties with each other and see their positions of power on the board as appropriate “payback” for their level of financial contribution.

Board has two tiers of membership. The upper tier consists of socially prominent individuals with money and connections, and the lower tier consists of members who are expected to be “worker bees.”

This board’s culture emerges from an organization that is socially prominent, but has a constituency that demands to be represented despite the fact that there are few socially prominent individuals within that constituency. The lower tier is expected to “pay their way” for being allowed on the board by contributing or raising a stipulated sum each year, sitting on multiple committees, and being assigned to projects that are time and labor intensive. (continues)

116

chapter 7

Exhibit 7.2

best practices and organizational culture

characteristics of dysfunctional boards (continued)

Board Dysfunction

Description of Board Culture The upper tier of the board is recruited from that city’s “high society,” and these board members generally have no committee or project obligations. They are simply expected to lend their name to the organization and make significant financial contributions.

The board’s committee system produces no results. The board leadership is visibly passive and allows the senior staff to run the board.

This is the classic “rubber stamp” board. The culture in this board is one that defers all power to the senior management. Board members view their role on the board as “feel good.”

Artistic director is the board chair, and his volunteer assistant is the second most powerful person in the organization. The board chair routinely kept information that he refused to share with the other board members. Board is window-dressing.

This board is a variation on the classic “rubber stamp” board. In this example, the board is a “checkbook” and “rubber stamp” board. The difference here is that not only were board members expected to be passive, they were also expected to make significant financial contributions.

Symptoms of Board Dysfunction Levels of board dysfunction vary depending on the board, but with any dysfunctional board, the following symptoms are common. • Attendance at board meetings is uneven. Most meetings barely have a quorum. Having attendance issues suggests that board members either don’t understand or don’t care about their governance obligations to the nonprofit. • Senior management runs the board meetings, and discussion is dominated by a few board members. The rest of the board does not take active part in discussion and does not review materials. Effective boards are highly collaborative groups. When it is clear that one or more board members are “opting out” of the action, this should be a red flag.

nonprofit board culture

117

• The board meetings are highly choreographed, but the content of the agenda is superficial, including endless reports by senior management. The meeting is a dog-and-pony show meant to convey the consistent message that “all is well—just let those of us in power handle it.” This scenario is particularly dangerous because those in power are working to manipulate the agenda and the level of participation of the rest of the board. Even more troubling is that the rest of the board either does not understand that, in their governance role, they are required to know what is going on, or that they are expected to demand to be fully informed. • Data is being suppressed or withheld by the executive committee. Does your board know how much the executive director makes? Does the board know what perquisites the executive director enjoys, or the details of his or her benefits package (e.g., pension, vacation time, and professional development time)? Board members should not tolerate the right-to-privacy claim—the executive director is the board’s only employee. Board members have the right to know everything an employer would know about his or her employee. • Conflict is suppressed, or endless conflict is used to block business from being conducted. Behind this symptom is a small group of people who are working hard to forward their own agenda by bullying, intimidating, or publicly humiliating those whose opinions differ. These individuals will create gridlock until their agenda is fulfilled. • The board does not have a vision or strategic plan for moving the nonprofit ahead. Senior staff actively blocks strategic planning. If your board and nonprofit does not know where it is headed, consider this a huge red flag. • Board members have been in place for over five years. Does your board have term limits? Are the term limits enforced? It’s useless to have term limits if board members are permitted to remain on or have limitless reappointments to the board. How many board members have been on the board for more than five years? If the number is greater than two, you need to do some serious housecleaning and board recruitment. • The board does not have directors’ and officers’ insurance and/or employment practices liability insurance. Boards that resist purchasing adequate insurance fail to take their responsibilities of care and loyalty seriously. No one should ever join a board that is not adequately insured.

118

chapter 7

best practices and organizational culture

• Financial statements and documents are not presented in a professional format. Haphazard financial statements should signal the need for serious review of internal controls. Run to the phone and contact your auditor to request the name of a reputable bookkeeper/financial services consultant. Do not have your auditor assist you in this project. • The auditor has provided the board with a written opinion and recommendations following the annual audits. These management opinions indicate those areas in your nonprofit’s financial workings that require immediate attention. Management and staff have ignored these stipulations over the years. Management’s failure to take necessary action to mitigate those deficiencies indicated by an auditor signal serious indifference to their fiduciary obligation to the nonprofit. In today’s environment of higher accountability, this omission could be directed back to the board. • The board micromanages the senior staff. If the ED’s daily routine includes an excessive number of phone calls from board members, the nonprofit has a problem. The board needs to understand what its legitimate role is in terms of governance and oversight. • The board has difficulty recruiting members. Who are the members of the nominating committee? Does the board have a nominating committee? Those individuals who were recruited but turned down board membership should be contacted on a confidential basis to provide feedback on the recruitment and interview process. If it appears that a serious problem exists in the process for recruiting board members, the board leadership might use a secret-shopper technique. The board leadership might enlist the cooperation of a disinterested third party to pose as a prospect for the board. This individual could, on a confidential basis, provide an objective perspective and useful recommendations for making membership on your board more attractive. Factors That Contribute to Board Dysfunction Board dysfunction is not simply the result of one issue or even one person. Generally, dysfunction reflects the confluence of a number of dysfunctional factors. • The board does not understand its governance and fiduciary role in the nonprofit. Board members have not been briefed regarding the legal stan-

nonprofit board culture

119

dards of care, loyalty, and obedience. Their fiduciary obligations are not clear, nor do they understand what “governance” means in terms of role and deliverables. • Board members come to meetings unprepared to engage in meaningful discussion or decision-making. The board’s working paradigm could be one of passive acceptance of staff reports, or, like the United Way in Washington DC, a cheerleading squad. • The nonprofit’s organizational culture suppresses board participation because the board tolerates this behavior. Conversely, a board can attempt to micromanage a nonprofit for many reasons, the most damaging being due to a past organizational crisis. The board feels obligated to direct operations because it still does not have confidence in the management team. • Board members are recruited for their social status and financial resources. This type of means testing as a prerequisite for board membership gives board members a sense of entitlement. Consequently, these board members feel that making significant financial contributions is sufficient to meet board requirements. • Board members have leveraged their donor status to secure a leadership role on the board. In some, but not all, situations this can prove to be damaging to the board. Conversely, some board members become interested in serving on the board because they have donated generously to a nonprofit. These individuals can prove to be good additions to the board. • Nonprofit management intentionally recruit passive individuals to establish a window-dressing board, but do not orient the board on issues that might establish an assertive board. The level of dysfunction comes from management expectations that the board members will do as they are instructed. The board never fully understands its governance role, nor does it understand that in today’s environment it can be held criminally liable for the nonprofit’s actions. Transforming Board Culture: Ushering in a New Governance Paradigm Board culture describes a microcosm of the nonprofit’s organizational culture. The board culture has a shared set of values, decision-making models,

120

chapter 7

best practices and organizational culture

myths, legends, and beliefs that encompass the way in which a nonprofit board conducts business. These values, beliefs, legends, and myths are the substance of the informal board orientation when board members coach newcomers on “how things work around here.” Board culture is also transmitted through the type of behavior that is expected, or discouraged, within the board. These behavioral norms, such as attendance requirements or minimum giving levels, further specify board values and beliefs. Determine if the current board culture can sustain the movement toward SOX best practices. If not, then begin the process of transforming the board culture—see the next section for recommendations. The first step is to objectively review the effectiveness of your board. Review the credentials and skill sets that each board member presents. Are these individuals the right mix for your nonprofit and its mission? Are their interest levels flagging? What progress has your board made in the past year toward your nonprofit’s strategic plan? Does your nonprofit have a strategic plan?

Strategies for Introducing Change in the Board Culture Any type of organizational change can benefit from a jump-start. Here are some recommendations to move your board toward a higher level of productivity. • Talk with your auditor and your insurance professional. These advisors can provide you with information on new laws, regulations, and industry standards that can serve as a catalyst for change. • Recruit at least three to five top-notch board members in the next six months. These individuals should present the types of skill sets that are currently missing from the board. These individuals should be fully aware that they have been recruited to assist you in the transformation of the board. • Introduce term limits or a plan to enforce current term limits. Establish an advisory council and board emeritus group without voting power. Eliminate dead wood or dysfunctional board members. • Develop an agenda of deliverables based on traditional expectations and SOX best practices.

endnote

121

• Establish priority areas for immediate action. • Establish a core group within the board to develop a strategy to achieve the deliverables. • Institute performance expectations (e.g., attendance, financial support, funding, voting, and other behavioral norms). • Begin the process to ensure that term limits are adopted or enforced. Transition those members whose time and welcome have run out to the advisory council and/or board emeritus group • Institute a conflict of interest policy that includes an educational component. The educational component defines conflicts of interest, how to disclose a conflict of interest, and how to address conflicts of interest in an appropriate manner—policy, protocols, and annual conflict of interest statements • Take steps to ensure that board meetings are conducted in a business-like fashion. Establish a timed agenda, rules for discussion, and, if necessary, limited discussion time prior to taking a vote. Conversation is not permitted to run on and thus obstruct the business that is slated for that meeting. • Board leadership and/or senior management should consider assertiveness training to actively deal with dysfunctional board members and/or situations that arise.

Conclusion As your nonprofit begins to make plans to incorporate the SOX best practices, it is wise to consider the current cultural climate of the board and the nonprofit. If changes need to be made in the culture of either the board or the nonprofit or both, now is the time to begin. Chapter 8 discusses ways in which your nonprofit’s internal controls can be evaluated and strengthened. The current status of these internal controls can provide important clues into your nonprofit’s organizational culture.

Endnote 1. Mark W. Everson, testimony before the U.S. Senate Finance Committee, Washington, DC, June 2004.

Chapter

8

A Platinum Operating Standard Starts with Good Bones

It was a rainy Sunday evening. The dance studio of the Urban Ballet Company had long since closed for the day. Somehow, somewhere, the thieves gained entry. Were they strangers, or insiders? They scaled the wall of the dance studio and gained access to the ballet office in the loft above the studio. On the floor were boxes of recently donated new computer equipment. The server, located in a corner of the office, contained the financial data that was the lifeblood of the organization—including the credit card numbers of its many donors. The thieves left with all of the computer equipment, including the server. The next morning the stunned staff could not believe their eyes. All of the computers and the server were gone! Then, even more devastating, was the realization that they had no backup for their files and their donor records. They also realized that the donors’ credit card numbers were compromised. They knew that these donors needed to be contacted, but how? The dance company went to the media, and the theft of the credit card information and computer equipment was the lead story on the 10 P.M. news. The dance company never recovered from this burglary; it closed two years later.

SOX Best Practices: Moving to a Platinum Operating Standard Moving to a “platinum” operating standard represents a synergy of the nonprofit’s values (i.e., mission), operational efficiency, and regulatory 123

124

chapter 8

a platinum operating standard

compliance. Nonprofits pride themselves on their commitment to fulfilling their mission—and some see that as the end of the story. That’s a shortsighted approach in today’s business environment. Yes, nonprofits do operate within a business environment—they compete for revenue in the form of funding and customers (i.e., clients and donors). Moreover, the metaphor of the “invisible hand of competition” made famous by eighteenth-century economist Adam Smith affects nonprofits as well as private sector corporations. The difference between nonprofits and their private sector counterparts primarily appears to be in the organizational mindset. Corporations understand and accept that they operate within a highly competitive environment and that they are expected to conduct operations in a business-like fashion. Some nonprofits have not realized this. Many nonprofits often fail to understand that in order to compete, they must enter the competitive arena as fully established organizations. Restrictive mindsets such as the “Mom and Pop,” “poverty,” or “we’re small” do a disservice to a nonprofit’s clients, donors, staff, and the community. The time has come for many in the nonprofit world to compete for resources as fully mature, fully competent organizations—regardless of organizational size! To that end, this chapter discusses the steps that an organization must take to move from an ordinary standard to a “platinum standard.” Often, mission-driven and grassroots organizations tend to de-emphasize organizational infrastructure while focusing on programs or fundraising. Some have even reached the point where fundraising is the most important venture, as the organization is living hand to mouth. Frequently, the boards of these organizations are donors or members of the community who have been associated for decades with the organization. One nonprofit, whose affiliation with a world-renowned charity should have resulted in sustained growth, stalled in its development because its board was populated with its founder’s friends and board appointees handpicked by the founder. The board president, who was the nonprofit’s largest donor, felt entitled to keep the job for over 20 years. The chair of the finance committee was an employee of the nonprofit’s financial institution, which created a conflict of interest, or at least the appearance of one. A new executive director, who had twenty-first-century ideas and stellar nonprofit management experience, was stymied at every turn by this board, which initially claimed to never have conflicts.

what are platinum operating standards?

125

An even more spectacular example of a grassroots organization’s quandary comes in the form of a financial scandal at a local watchdog group. Published reports indicated that independent auditors determined that a half million dollars was unaccounted for primarily through “poor bookkeeping, administrative failure or theft . . . .” At the heart of the financial irregularities was the practice of making questionable loans to employees and board members, including the board treasurer. Virtually none of these loans was repaid. The newspaper account1 indicated that making loans of this type was a longtime practice. In defense of this loan practice, the ousted ED claimed, “In organizations that work with poverty, there is often the need to take these types of emergency measures.” Clearly, there is no justification for loans to employees or board members under any circumstances. Using the spurious claim that his organization was “working with poverty,” the former ED insinuated that a “poverty mentality” is justification for subverting donor funds. No, it’s not! There is never any justification for betraying the trust of the community to satisfy the monetary desires of board or staff. If your nonprofit is operating in a “poverty mentality,” the time has come to summon the courage to make a dramatic change before your organization’s slipshod operations make the front page of your city’s newspaper or becomes the lead story on the 10 P.M. news.

What Are Platinum Operating Standards? Nonprofits that adopt a platinum operating standard recognize that regulatory legislation is not necessarily just an attempt by the public sector to intrude on its operation. Legislation such as SOX is intended to introduce, admittedly by requirement, those practices that should have been in place all along. The employees, shareholders, and creditors of Enron, Arthur Andersen, WorldCom, and the UWNCA would be much happier, and more solvent, today if those organizations had embraced what we call the SOX best practices. Nonprofits committed to moving their operations to a platinum standard recognize that to grow and thrive, they have to be the best that they can be. This means that all of their systems and internal controls have to be functional, seamless, and in compliance with regulations and industry best practices. Yes, there is a nonprofit industry—just look at

126

chapter 8

a platinum operating standard

all of the conferences, books, journals, and other products targeting the nonprofit world. Nonprofits make up a substantial portion of the U.S. economy, and the number of nonprofits is growing. Nonprofits with platinum operating standards have the following characteristics: • A more effective board whose members understand and adhere to their fiduciary obligations and recognize their responsibility in governing the nonprofit • Higher level of management and staff accountability • Effective protocols to ensure that the nonprofit remains in compliance with SOX and nonprofit “industry standards” and addresses future standards • Better competitive positioning by making known that the nonprofit adheres to the SOX platinum standard in its operating practices • Greater credibility and ability to recruit high-quality board members and to attract the favorable attention of major donors, foundations, and other funding sources

Review of Internal Controls The initial steps in moving toward a platinum operating standard begin with incorporating SOX best practices into the nonprofit’s day-to-day operations and conducting a review of the nonprofit’s internal controls. A review of internal controls is designed to take a current reading of your nonprofit’s infrastructure to determine those areas that need attention and upgrade. The extent to which the internal controls in your organization need upgrading and the importance of the individual functions to your nonprofit’s operations will determine the sequencing schedule for these activities. The important issue in this process is the recognition that your organization will not be able to fully adopt the SOX best practices unless your infrastructure is positioned to make it happen. The best software in the world will not enhance your computer’s ability to perform unless the hardware has been properly configured. The same logic applies for adopting SOX best practices.

review of internal controls

127

SOX Best Practices SOX best practices are designed to enhance the completeness and reliability of your nonprofit’s internal operations, and ensure that the organization is in regulatory compliance. To review, SOX best practices include: • Whistleblower protection policy • Document retention and storage policy, which includes a prohibition intended to bar destruction of documents during an investigation • Audit committee whose role is to oversee the annual audit or financial review (for small nonprofits) and to upgrade the financial literacy of the board • Enhanced detail and accuracy in the preparation of IRS Form 990 • Conflict of interest policy and code of ethics that facilitates greater focus on decision-making for the good of the nonprofit • Internal controls, particularly as these relate to financial operations, and compliance with all laws and regulations at the federal, state, and local levels In many nonprofits, two of the most prominent areas of operations are finance and document retention. These areas garner significant attention because the way in which reports are developed and documents retained can indicate how honest the nonprofit is in conducting its operations, and how committed it is to transparency and full disclosure. Documents such as Form 990 are among the new ways of fully disclosing financial operations and position to the public. Form 990 is not just for tax reporting anymore. The public has easy access to Form 990s online through organizations such as GuideStar. Using an organization’s Form 990, interested parties can track the sources and uses of funds. A Form 990 can also indicate that all major transactions comply with other SOX expectations, such as avoidance of even the appearance of a conflict of interest. The nonprofit’s commitment to adopting and maintaining SOX best practices can be demonstrated in a review of internal controls. The process and outcomes can be used to measure the progress that your nonprofit has made in the development of the platinum standard. Compliance cannot simply be a rote operation; it must be demonstrated that the commitment to excellence transcends all levels of the organization and is evident in all

128

chapter 8

a platinum operating standard

of the operational systems and in the symbiotic relationship that exists among the various systems within the organization. How to Conduct a Review of Internal Controls The internal controls of your organization should work in the same fashion as the organs, pulmonary, nerve, and endocrine systems work in the human body. The synergy and interdependence of these systems are what keep a person alive and healthy. The dysfunction of one ripples out to affect all of the others. In the same way, it is imperative to take a reading of your organization’s internal health by means of a review of internal controls. This is not solely a financial audit, although financial systems are included, but an examination of all of the systems within your organization—from human resources to vendor selection, to document preservation to operations, to landscaping and facilities maintenance. The review of internal controls should center on the following functional areas: Financial Operations The examination of the systems and procedures associated with finance and financial operations is a primary element of the review of internal controls. The review of internal controls is different from the organization’s annual financial audit, as the review of internal controls examines how financial operations are conducted, how transparent these operations are, and the relationship among the various other operational systems within the nonprofit. The review of internal controls should determine if the following procedures are in place:

• • • •

Processing incoming checks Preparing bank deposits Reconciling of bank statements Disbursing cash and checks. A procedure should be in place to document these disbursements and have corresponding invoices or receipts for each transaction. • Recording transactions • Actively monitoring credit cards and vendor accounts to ensure accuracy • A system for the confidential reporting of waste, fraud, and abuse

review of internal controls

129

There should be more than one person handling the financial transactions. This can be achieved by having the nonprofit’s controller work directly with the board treasurer to ensure adequate oversight. Audits and the Audit Committee Internal controls can also be strengthened by having an audit committee in place to ensure that the annual audit is conducted and reviewed in a thorough manner. The procedures listed previously are simply a start. The audit committee can serve an additional purpose in providing guidance and direction in terms of moving the financial function to a platinum standard. As mentioned in Chapter 2, external auditors can no longer provide additional services such as bookkeeping or consulting. If your nonprofit has had the same auditor for over four years, you need to begin looking for a new auditor, or have a new partner in the auditing firm take over your nonprofit’s audit. If a partner from the same auditing firm is used, this needs to be disclosed in writing along with the reason for continuing with the same auditing firm. The auditing committee should consist of board members and external financial experts. Everyone on the committee needs to be fully independent—in other words, not on your nonprofit’s payroll. The audit committee is obligated to review the auditor’s management letter and develop directives to address all of the issues that were raised in this important letter. Rectifying those problems identified in the auditor’s management letter should be the first priority for the nonprofit’s board and senior management. Development and Fundraising In Chapter 1 we reviewed the provisions of California’s new Nonprofit Integrity Act along with a number of recommendations that the Senate Finance Committee staff proposed in terms of nonprofits and fundraising. Because of widespread abuses in this area, fundraising activities have come to the attention of federal and state lawmakers. An effective review of internal controls takes a hard look at the way in which fundraising is conducted in your nonprofit.

• Documents related to donor files and donor history. Document retention, storage, and security are important SOX best practices. Access to donor records should be carefully considered. All employees and

130

chapter 8

a platinum operating standard

volunteers who have access to donor records need to be briefed on security and confidentiality issues. Strict guidelines need to be enforced to ensure donor privacy and that sensitive information is not compromised. • Privacy issues. Donor privacy is one of the most important elements of the development and fundraising function. Documents related to donor privacy include correspondence to and from donors, and documents such as those providing or declining authorization to use the donor’s name. Mailing lists are also confidential and should have limited access. • Vendor contracts. Does your nonprofit have contracts with vendors such as telemarketing vendors, or vendors who process donated vehicles? If so, review the contract and other materials to ensure that your nonprofit has conducted a due diligence review of the vendor. If your nonprofit is in California, you will need to ensure that the vendor is properly registered with the state. The review of internal controls should determine if the following procedures are in place: • Donor files are secured at all times. Electronic databases need to be password protected. Only authorized individuals should have access to donor files. • Donor files and databases should be backed up on a daily basis. The backup should ideally be uploaded to a secure Web site; however, any tapes or CDs should be taken off site for safekeeping. • Donors should be asked for permission to print their names on the nonprofit’s materials. • Donors should be offered the option to opt out of mailings, telephone solicitations, and mails. • All staff associated with development or fundraising should be screened and trained to ensure that donor privacy is maintained. • Fundraising vendors should be carefully investigated to ensure that your nonprofit’s interests are preserved, and that your nonprofit receives appropriate compensation per the terms of the contract.

review of internal controls

131

Document Retention, Archiving, and Retrieval Document storage and retention within Sarbanes-Oxley that applies to all organizations. Chapter 5 discussed document retention, and Appendix C provides a sample of a document retention policy and recommendations for its implementation. Key areas for consideration in document retention include:

• What documents and records should be preserved and why? • Are the documents paper-only, or are electronic files included? Which ones? • What about e-mail and instant messaging? • What are the expectations about the way in which documents are stored or archived and the ability to retrieve documents? • How long are various categories of documents to be kept in storage? • Is there a protocol for disposing of documents once their storage time has elapsed? • When should documents not be destroyed? • How can you make sure that everyone in the nonprofit understands and adheres to these requirements? Human Resources The essential systems in your nonprofit’s Human Resource division includes files related to hiring, retention, and work history of both employees and volunteers. These files need to be preserved in compliance with your document retention system. Other aspects of HR include procedures and protocols for hiring, supervision, termination, compliance with Family and Medical Leave Act, anti-discrimination legislation, Workers Compensation claims and legislation, HIPPA, and GLIB privacy legislation. If necessary, include a policy that prohibits staff and volunteers from engaging in activities that would jeopardize your nonprofit’s 501(c )(3) status. The HR policies should additionally include conflict of interest protocols for board, senior management, staff, and volunteers. All employees and volunteers, regardless of position, should be required to sign a conflict of interest statement on an annual basis, if for no other reason than to affirm that they have no associations or business interests that would create a conflict of interest.

132

chapter 8

a platinum operating standard

Whistleblower Protection The second obligation from Sarbanes-Oxley that applies to all organizations is the requirement for a documented whistleblower protection policy. The policy was discussed in Chapter 5, and a sample whistleblower policy is in Appendix B. Programs and Operations Within the heading “Programs and Operations,” the nonprofit can have a variety of systems—from client eligibility to office operations to donor management and fundraising. Ensuring the safety and privacy of clients is central to preserving the nonprofit’s mission. Client Files and Privacy Issues Examine the intake process for new clients. Is the data collected only that which is necessary and sufficient? Similarly, client privacy is often contingent upon how easy it is to access client records. The following questions help to ensure appropriate access to client records either in hard copy or electronically:

• How are staff cleared for access to client files? Procedures should be in place to authorize staff for access to client files and for removing the authorization. • Are protocols in place for handling the materials? Staff/volunteers should not be permitted to leave a client’s file open on a computer screen. Staff must log out if leaving the desk/cubicle. All client files should be password-protected. • Does the nonprofit work with vulnerable clients? If so, procedures need to be in place that describe how the clients are evaluated to determine the appropriate services or medical treatment. Are the client’s caregivers involved in the intake process and service delivery? If so, the client’s caregiver(s) should complete a form stating preferences for service delivery, medical information (if appropriate), and contact information. • Do caregivers have information on the process for filing a complaint or grievance about the service or about a staff member behaving inappropriately? The caregiver should also understand the steps that will need to be taken in the investigation and the types of information that he or she will be asked to provide.

conducting the review of internal controls

133

Conducting the Review of Internal Controls Step 1 The first step in conducting a review of internal controls is to review the current practices in each of the nonprofit’s functional areas. The discussion in the previous section outlined some commonly found operational areas within nonprofits. Identify the procedures that are currently in place. In Appendix I, you will find sample documents for a review of internal controls. Step 2 It is important to document the SOX best practices that you have in place. You should collect proof that your organization complies with the best practices. Examples of proof of SOX best practices compliance include, but are not limited to, reports, written policies and procedures, enforcement procedures, documentation from third parties such as an accrediting entity or an insurance company that your nonprofit has implemented these practices, annual reports, Form 990, and audits or annual financial reviews signed by a CPA or other financial expert. Step 3 Assemble the examples of proof of SOX best practices compliance and/or appropriate internal controls, which include but are not limited to: • Financial reports • Written policies and procedures • Proof that these have been enforced—enforcement procedures • Documentation from third parties (e.g., accrediting entities or insurance company) that your nonprofit has implemented these policies • Annual reports • Form 990s (completed correctly) • Audits and/or annual financial reviews signed by a CPA or other financial expert

134

chapter 8

a platinum operating standard

Step 4 If you are unable to identify a system that corresponds to a SOX best practice, or identify a means that provides proof, take these steps: 1. Identify the types of proof needed. Could it be a report, a set of policies and procedures, a written review, or action in the board minutes? 2.

Identify the steps needed to develop the proof or set of procedures.

3. Develop time lines for obtaining the materials and names of individuals responsible for meeting deadlines.

Content and Structure of the Review of Internal Controls Report Introduction The introduction is a statement from the board and senior management and explains why the audit is taking place and the expected deliverables from the audit systems. For each department, provide a brief description of each of the protocols, procedures, and/or systems in comparison with recommended internal controls and SOX best practices and expectations. The following areas are examples of departments: • Finance • Document retention • HR • Operations • Governance • Other areas of the nonprofit Next Steps The discussion in this section addresses remedial action to upgrade current operational systems to be consistent with SOX best practices. It is important to clearly identify deliverables.

endnote

135

Time Line Establish a reasonable time line to address the deliverables identified in the previous section. Decide what you would be able to accomplish in: • One month • Three months • Six months Set a deadline for completing all of the systems/proof 10 months from the start of the project. Remember, the longer timeframe you give yourself, the more chance that the project will be become lost in the everyday shuffle of operations. Book a “look back” date (at the end of 10 months) to determine if further work is needed.

Conclusion Moving toward a platinum operating standard necessitates that the nonprofit’s internal controls are first rate. SOX best practices can serve as a catalyst to examine the rest of the nonprofit’s controls and make the necessary upgrades to operational policies and procedures.

Endnote 1. Chip Johnson, “Watching the Police’s Watchdogs,” San Francisco Cronicle (August 13, 2004).

Chapter

9

Creating a Competitive Advantage: Leveraging SOX Best Practices

“The time is not ripe to make any public statements. Given the many options [for reorganization], I am extremely confident that the services the nonprofit sector has been relying on for [27] years will continue,” said the ED of an almost three decades’ old West Coast nonprofit clearinghouse. The local newspaper had just broken the story of fiscal mismanagement at a nonprofit organization that, ironically, was in business to help nonprofits manage their organizations more efficiently.1 Despite his lengthy career in working with nonprofits, the ED’s reaction highlighted a glaring deficiency in his ability to deal effectively with the media. Five months after his haughty pronouncement, the ED was forced to again deal with the media—this time to announce the closure of the clearinghouse. Community observers attributed the clearinghouse’s problems to more than just a sluggish economy and increased competition. They suggested that the crisis scenario was probably hastened by management errors of judgment. “I think the blame must lie somewhere in the building,” said one observer, “They are not doing what they teach.”2 What a condemnation! Would your nonprofit be able to rebound from this type of public denunciation? 137

138

chapter 9

creating a competitive advantage

Competitive Advantages of Being in Compliance with Sarbanes-Oxley Best Practices Here are some ways in which SOX best practices can save your nonprofit money, time, and, most importantly, preserve your nonprofit’s good name: • Incorporating the best practices reduces the potential that your nonprofit will experience a financial or other type of scandal. The ensuing adverse publicity that follows a scandal can have either an immediately devastating effect—as was the case with the west coast clearinghouse—or a ripple effect that can last for years. For example, the crisis in the United Way of the National Capital Area was responsible for a significant drop in agency donations, and was the grounds for being dropped as the fiscal agent for the Combined Federal Campaign in the Washington DC Metro area. • By implementing SOX best practices right now your nonprofit can save time and money. Although your nonprofit may not be affected by state law, the two provisions of SOX apply to all nonprofits. If the Senate Finance Committee accepts the recommendations in the staff paper, your nonprofit may be required to adopt these best practices within a very short timeframe. • Similarly, it is easy to leverage the adaptation of SOX best practices into documents such as a risk management plan and a business continuity plan. The instructions for these documents are presented later in the chapter. Your nonprofit’s insurance professional will want to also leverage these documents and your adaptation of SOX best practices to obtain insurance coverage at competitive pricing. • Implementing SOX beust practices can help your organization survive crises. Policies such as document preservation can be vital in helping your nonprofit get through potential crisis scenarios such as having the IRS ask for a document, or having to produce documents in the event of litigation. • Your nonprofit will be better positioned in a crisis to conduct itself in a manner that inspires public trust. The nonprofit “clearinghouse” in the story at the beginning of the chapter might very well have negotiated a

competitive advantages of being in compliance

139

merger with another similar organization, but was clearly at a disadvantage due to many factors, including its clumsy media handling. • Two components of SOX are already in place and required of all organizations. Your nonprofit has no excuse for not having a whistleblower policy and a document preservation policy in place. • If your nonprofit is in California, state law now applies (see Chapter 1). Having SOX best practices in place is helpful to ensure compliance with this new law. • SOX best practices build strong organizational bones. Having internal controls and solid organizational infrastructure is essential for growth and maintaining stature within the nonprofit sector. Like strong bones in human beings, organizations can better sustain the challenges of doing business if their infrastructure is solid. • Time is of the essence. Your nonprofit is putting these best practices in place while the rest of the nonprofit world is either in denial, clueless, whining, or—in the case of the nonprofit clearinghouse in the story at the beginning of the chapter—out of business! • These best practices result in the following organizational deliverables: • A strong and active board that is focused on its governance and fiduciary obligations • Board members who have the requisite skill sets for their role, including financial literacy • Best practices facilitate effective board recruitment and orientation practices. • Best practices support accountability of senior management and the board. The board and the senior management understand their roles and obligations. • Best practices result in financials that are accurate and honestly reflect the nonprofit’s financial position. • Best practices result in correctly prepared IRS Form 990s, which are submitted on time and in compliance with other regulatory conditions. • Developing a document retention system results in an organized

140

chapter 9

creating a competitive advantage

filing system that preserves files and has a storage/archive system that supports easy access and retrieval. • Best practices point toward the development of robust policies on issues such as conflict of interest, whistleblower protection, and self-dealing. • The best practices support the design of and adherence to a code of ethics that is signed off on by board and senior management. The primary issues in SOX best practices are accountability and transparency. Identify the steps that your board and senior management have taken to address the SOX best practices, and connect these steps to your nonprofit’s mission. Keeping your nonprofit strong and accountable means that your nonprofit’s board and operational transactions need to be transparent. Leveraging Best Practices: Marketing Strategies A number of stakeholders would be interested to know that your nonprofit has adopted SOX best practices. These constituencies include: • The IRS. In Chapter 4, we discussed how your next Form 990 can be completed to indicate that your nonprofit took steps to come in compliance with the two compulsory areas within SOX (whistleblower protection and document preservation), and took steps to adopt governance and management best practices that emerged from the other components of the legislation. • Nonprofit information sources such as Philanthropic Research, Inc. (i.e., GuideStar, www.guidestar.org) is one of a number of sources of information about nonprofit organizations. Many donors and grant makers search GuideStar before making their funding decisions. IRS Form 990s are published on the GuideStar Web page. It is important for your nonprofit to use the opportunity that the GuideStar profile and the profiles used in other databases to get the message out that your board and senior management have taken steps to ensure your nonprofit’s credibility and accountability.

competitive advantages of being in compliance

141

Caution! Be aware that your nonprofit’s Form 990 will be posted to the www.guidestar.org Web site. Although Form 990s contain information on major donors, this information is exempt from being posted on the Internet for obvious security reasons. However, it is important for you to check your nonprofit’s listing and 990 posting. Don’t just ignore it as one unsuspecting nonprofit executive director did. This nonprofit was a very high-profile organization with equally high-profile, “high society” major donors. The ED did not bother to check his nonprofit’s Form 990 posting. Due to a clerical error, the major donor page was posted on the Web—along with the names, home addresses, and donation levels of the nonprofit’s high-society major donors. This was brought to the horrified ED’s attention by his auditor.

• Your insurance professional. Your insurance professional will be pleased to hear that your nonprofit is an early adapter of SOX best practices. He or she can use any of the marketing materials and the risk management and business continuity plans (see how to do that in the next section) that you have generated around this topic as a means of demonstrating to the underwriter(s) handling your coverage that your nonprofit is committed to responsible governance and management. • Your auditor. Your nonprofit’s auditor should be briefed on the adaptation of SOX best practices. The auditor will be interested in all of the best practices, particularly those practices related to adopting a conflict of interest policy. The issue of conflict of interest is particularly troublesome to many nonprofit boards. • Major donors and other funding sources such as foundations or public sector partners would be interested in hearing that your nonprofit is an early adopter of the SOX best practices. Many nonprofits have special events that serve as a means of briefing major donors on new developments within the nonprofit. These events offer an opportunity for you to brief donors about how the SOX legislation has raised the bar of accountability for all organizations, not just those that are publicly traded. If your state has recently passed SOX clone legislation

142

chapter 9

creating a competitive advantage

targeting nonprofits (or is considering such legislation), you will be able to tell your donor constituency that your nonprofit took a proactive stance in implementing accountability standards. This type of briefing is an excellent means of educating this audience about how SOX best practices serve to safeguard the nonprofit, and hence, their investment (i.e., donation) in the organization. Proposals that you craft in response to a foundation or other funder’s request for proposal (RFP) present additional opportunities to point out (and offer specifics) that your nonprofit has taken steps to adopt the SOX best practices. Providing a level of detail that addresses what is necessary and sufficient can serve to illustrate to the potential funder that your nonprofit is a good steward of its mission and assets—and is likely to take the same vigilant approach in using the funder’s resources. • Current and potential board members should be made aware of the steps that the nonprofit has taken to adopt SOX best practices. Include information on SOX best practices in all of your board meetings and provide the board with regular progress reports and recommendations for keeping up the momentum. Recruiting high-quality board members is a task that nonprofits are finding increasingly difficult. Potential board members will be interested in learning that the nonprofit has taken steps to solidify its internal controls and boost its commitment to remaining accountable to its mission, clients, donors, and the community at large. Board orientations should also include a detailed description of the SOX best practices adopted by your nonprofit’s board. Although the board orientation addresses a wide range of topics, it is important to ensure that all board members understand what the SOX best practices are and why they are essential to remaining faithful to the board’s three legal standards: care, loyalty, and obedience. Each best practice should be described in detail that explains its role and function in keeping the nonprofit’s operations transparent. The conflict of interest policy and the code of ethics should be examined in greater detail to explain these policies to new and current board members. Board members should understand what is expected of them and why it is essential for the board and senior management

competitive advantages of being in compliance

143

to adhere to the conflict of interest policy and the code of ethics. Providing board members with sample conflict of interest statements and reviewing policy documents will serve to reinforce the message. Another way of clarifying expectations would be to have a member of the board provide an example of his or her “conflict of interest letter,” which may or may not have any “disclosures.” Examples of how a board member may use the code of ethics as a resource for decision-making are particularly important. Both the conflict of interest policy and the code of ethics are intended to be tools for effective decision-making. The board orientation is one of the occasions in which the best practices can be illustrated as rubrics for responsible governance. Board meetings, board retreats, and other working meetings present opportunities to remind members about the nonprofit’s commitment to transparency. • Current and potential staff and volunteers SOX best practices will help to ensure that all staff and volunteers are trained in a standardized manner and will be held accountable for compliance with these best practices. Keep employees and volunteers informed about your nonprofit’s commitment to adopting SOX best practices. Offer incentives for staff and volunteers to suggest ways in which best practices can be maintained or streamlined. • Your nonprofit’s Web site. Let the world know! Your nonprofit’s documents and reports—including financial reports, Form 990s (but not the major donor page), by-laws, conflict of interest policy, and code of ethics—can be available for review by linking them to the organization’s Web site. Make it known through your nonprofit’s marketing materials, Web site, and advertising that your nonprofit adheres to a platinum standard in its operating practices. Your nonprofit is required by law to provide a copy of its IRS Form 990 to whomever requests this information. Posting the Form 990 on your nonprofit’s Web site is a means of ensuring transparency and saving the time and materials involved in sending out the information. However, be careful not to make the mistake that the ED with the high-society donors did. Once materials are posted, go back into the Web site immediately to check on what viewers would see.

144

chapter 9

creating a competitive advantage

Leveraging Best Practices to Create Risk Management and Business Continuity Plans SOX best practices establishes a benchmark for a rational and productive organizational response to crisis events—whether that comes in the form of a hurricane, earthquake, flood, fire, loss of a key member of the staff, an accident involving staff, clients, or volunteers, or other crisis scenarios. Investigations will be more productive and authentic because the relevant documents and files will be retrieved as requested, and a no-destroy policy will be in place until the investigation is completed. The plans will ensure that protocols are in place to make certain that the nonprofit remains in compliance with SOX and nonprofit “industry standards” and addresses future standards. The next sections discuss how to use the best practices to streamline the creation of a risk management program and a business continuity plan. What Is Risk Management and What Does It Have to Do with SOX Best Practices? Risk management is the means by which nonprofit organizations can identify, assess, and control risks that may be present within their nonprofit’s infrastructure or within its operations. SOX best practices have a value added as the means by which risks associated with fiduciary obligations, legal compliance, board governance, and other areas are mitigated. Some examples of the ways in which SOX best practices can mitigate risk are listed in Exhibit 9.1.

Profile of Your Nonprofit Before you begin working on the risk management program, develop a very brief profile of your nonprofit, with emphasis on the SOX best practices that have been adopted. You will see that these practices will serve to frame the areas in the risk assessment that might need additional attention, and will be helpful in identifying those operational areas that do not require additional attention. Sharing the profile of your nonprofit with your insurance professional can be a practical method for putting the plan into perspective. Risk Management Activities Three primary risk management activities are risk assessment, risk management implementation, and risk administration and monitoring.

competitive advantages of being in compliance

Exhibit 9.1

Nonprofit Functional Division Board-Governance Policies and procedures that guide how the organization operates Staffing (paid and volunteer)

145

ways to mitigate risk

Sample Risk Areas

SOX Best Practice

Fiduciary risk—failing to recognize mismanagement

Financial literacy—board responsible for reading and understanding financials

Claim of retaliatory termination

Whistleblower protection policy

Documents shredded as part of a cover-up of wrongdoing

Policy in place for document preservation and archiving. Policy to prohibit destruction of documents during an investigation. Closer supervision.

Allegations of financial mismanagement

Form 990 prepared correctly. Financial documents certified to be accurate.

Those activities related to staffing Operations Programs and services offered

Relations with the public Public image and reputation in the nonprofit community

1. Risk assessment. Risk assessment is the step that determines what risks are present in the nonprofit and the potential severity these risks might bring. Important! As you examine each of these organizational areas for potential risks, do not attempt to make an exhaustive list. Concentrate on those risks that appear to be particularly troublesome, or risk areas that have already caused accidents, injuries, or other adverse effects. Because risk management is an ongoing process, those risks that are not addressed this year (or in this round) will be addressed in subsequent rounds. Here are the steps to develop a risk assessment report: 1. List the risks that you have identified to this point. Your list should contain 10 to 12 risks—three or four from each of the four organizational components: governance, staffing, operations, and relations with the public.

146

chapter 9

creating a competitive advantage

2. Identify which of the techniques for treating risk would apply to each risk. Sometimes, more than one technique will apply. It’s OK to blend approaches as long as these approaches do not contradict, or create confusion on how the risk is to be treated. Because three of the four risk management techniques are not necessarily mutually exclusive, you can choose to use more than one technique. Obviously, if you choose “avoidance” as a technique, that’s the end of the activity. For any given risk, you can choose to modify the conditions that relate to the risk, you can transfer the risk to some extent by purchasing insurance, and you can retain part of the risk by having a relatively high insurance deductible. Remember, however, that when you choose a higher deductible, you need to ensure that sufficient funds are always available to cover the deductible in the event of an insured loss. If you choose to transfer the risk and purchase insurance, you must also be aware of the conditions of coverage, and the exclusions. There are some standard exclusions for property insurance, such as flood, war, and civil unrest. Other types of financial losses are not covered because they are uninsurable. 3. Assign individuals or groups to carry out the action items that will complete this year’s risk management program. Remember, risk management should be part of everyone’s performance expectations. The action items should also include risk management activities for every division within the nonprofit. 4. Begin to develop a list of risks for the second round (next year) of the risk management process. The risks in the next round are usually risks identified initially, but not selected for the first round. These tiers of risks and the identified techniques for dealing with each risk will serve as the foundation for developing your risk management program. 2. Risk management implementation. Start by listing all of the SOX best practices and compliance activities that your nonprofit has done. This is an important method of demonstrating that your nonprofit has implemented sound risk management strategies in each of these areas.

competitive advantages of being in compliance

147

For those areas that don’t seem to be included in the SOX best practices, consider how one of these four options might be useful in dealing with the risk: 1. Avoidance. This option means discontinuing the activity or practice (not usually a practical option). For a nonprofit, this option would mean discontinuing a program or activity that appears to be presenting an unacceptably high level of risk. Usually, this option isn’t necessary or desirable. 2. Retention. This option means that a nonprofit can either establish a restricted fund that would be used to address losses from the risk or significantly raise the deductible on an insurance policy that addresses the risk (such as automobile policies). 3. Modification. This method considers how the features of a risk can be changed to reduce the risk’s potential for frequency or severity. This option is the way most risks are generally treated. The nonprofit considers ways in which the potential for damage from a risk can be reduced by implementing new procedures, protocols, or better training. 4. Transfer. This option is the means by which the financial aspects of the risk are transferred. There are a number of ways in which this is done, the most common method being the purchase of insurance. Although this option is generally combined with modification, it is by no means an end in itself. Insurance premiums can be raised significantly by claims, and sometimes, if the number of claims is high, coverage will be cancelled, or no longer available. Insurance does not cover other significant expenses such as the court awarding punitive damages for egregious behavior. If a nonprofit receives this type of judgment, it is not covered by insurance. 3. Risk administration and monitoring. This step begins as soon as decisions are made on how to treat the current list of risk areas. Sometimes, the treatment applied to a risk area doesn’t work, or doesn’t work as well as was planned. That’s to be expected. What’s important is that the risk management decisions are being reviewed and, if necessary, modified to determine a better outcome. This step is

148

chapter 9

creating a competitive advantage

also a very important part in keeping the process alive. New practices and protocols need to be monitored, and new risk areas that emerge need to be presented in the next round of risk assessment. Designing a Risk Management Program The first step in designing a risk management program is prioritizing the risks. Consider which of the risks that you have identified are the most important—or hazardous—to your nonprofit. How many of these risk areas would you be able to realistically address in the next three months? Six months? One year? That’s how you should begin to prioritize the risks. The ones that need immediate attention go into the three months’ category, and so on. The risk management program is an interactive document that is consulted regularly, modified, and reviewed at specific time intervals. The program should be stored electronically or housed in a loose-leaf binder that does not gather dust. Everyone on the board and on the nonprofit’s staff, including volunteers, should have a copy of the program, and everyone should understand what they are responsible for monitoring in the program. Developing the Risk Management Plan The following is a table of contents for the risk management plan. The items listed in the table of contents are contained in an electronic file or large loose-leaf binder. (See Appendix J for additional information on each item.) It is important that the plan is reviewed at least twice a year, and that the nonprofit take steps to ensure that risk assessment, risk management implementation, and risk administration and monitoring take place on a regular basis. Risk Management Plan Table of Contents Risk Assessment Report for the FY or Calendar year 20XX Nonprofit Profile Plan of action to address the risk assessment report First-priority risks Resources needed to address these risks Techniques for each risk Responsibilities and timelines Desired outcomes/ measurements of success

competitive advantages of being in compliance

149

Documentation of prior claims, occurrences Second-priority risks Resources needed to address these risks Techniques for each risk Responsibilities and timelines Desired outcomes/measurements of success Documentation of prior claims, occurrences

Other sections of a risk management program include • Important documents (e.g., insurance policies—declaration sheet only) • Phone numbers of insurance professional, attorney, board of directors, other key staff, and volunteers • Risks to be considered for next fiscal year or calendar year Using SOX Best Practices to Facilitate the Design of a Business Continuity Plan When the topic of business continuity or contingency planning is raised, many people think of scenarios such as hurricanes, floods, earthquakes, and the like. The reality is that the operations at your nonprofit can be interrupted by a key person leaving, becoming ill, or dying. A fire in an adjoining office could be the reason why your building is red tagged (i.e., declared off limits by local authorities). The smoke and water damage from that fire could destroy your offices. Even a sudden loss of electricity or the introduction of a virus transmitted through the Internet could destroy your nonprofit’s databases and electronic files. What Are the Sources of Business Interruptions? Events that create interruptions in the normal flow of operations at your nonprofit can come from any number of sources. Events related to nature, such as earthquakes, are very difficult to predict. Other natural phenomena such as hurricanes, tornadoes, and even floods may be able to be predicted, albeit in a short timeframe. Interruption of operations can also come from civil sources, such as riots, police action, or large-scale demonstrations. Nonprofits located in urban areas can be affected if there is a severe traffic jam or street closure

150

chapter 9

creating a competitive advantage

due to an accident, or infrastructure event such as the rupture of a sewer or gas main. Some of the most disruptive and long-lasting interruptions come under the heading of “person-made,” such as hackers, or computer virus or worm infestation. Virus and worm infestation has the potential for doing irreparable damage to databases and hard drives. Sadly, workplace violence, including bomb threats, has become a more common source of interruption. The source of this violence could be a spillover of domestic violence, or from a disgruntled worker or client. The result of this type of interruption can be devastating for the nonprofit. The nonprofit can experience a need to redirect its resources in the wake of a loss of a major client(s) or a contract. Many nonprofits do not necessarily recognize that this type of an event is a business interruption, but it is. The loss of a significant income stream and/or the potential to secure the renewal of a major contract can signal the need to curtail important programs and/or a loss of reputation in the community. An interruption in operations can also be the result of the loss of essential members of staff or the executive team. The interruption would become particularly acute if the individual(s) possessed knowledge, networking connections, or institutional history that was either not documented or shared with individuals in the nonprofit. What Is a Business Continuity Plan? Business continuity planning (BCP) is the means by which a nonprofit can design strategies to resume essential business operations immediately following a business interruption, and take steps in advance of any interruption to establish backup systems to preserve the nonprofit’s assets, files, records, and other essential components of its operations. The implementation of SOX requirements and best practices and any state laws that would apply to your nonprofit can be easily leveraged to facilitate the design of an effective BCP. By virtue of your having taken these steps, your nonprofit can easily incorporate them into the elements of a BCP. Appendix K presents a sample business continuity plan. Having an effective plan allows your nonprofit to share the plan, and your best practices, with your insurance professional. The insurance industry is calling for proof of contingency planning from commercial clients, which includes nonprofit organizations. Having a BCP illustrates that the

competitive advantages of being in compliance

151

nonprofit intends to remain a viable entity, ready to serve regardless of what happens. The plan could also serve to position your nonprofit more favorably to negotiate rates for business interruption and extra expense coverage. Your insurance professional can advise you on these matters. A BCP is a means by which a nonprofit has a strategy that it can implement immediately following an interruption. The rollout of the plan is essential to maintaining the confidence and trust of donors, suppliers, staff, and other stakeholders. The provisions of the plan will help your nonprofit remain in compliance with federal and state regulations regarding document preservation, submission of required materials such as an IRS Form 990, and other requirements. Developing a BCP that is available for immediate implementation is another demonstration of your nonprofit’s commitment to accountability. This planning, as well as your risk management planning, can be listed in the section of the IRS Form 990 that reports on organizational progress. The BCP will facilitate the resumption of services to clients, will enable staff to keep their jobs, and will facilitate the intake of emergency donations. We live in a very generous society. In the event of an interruption, the sooner your nonprofit can communicate what happened, and that emergency donations would be helpful, you will also need to have the infrastructure in place to accept and acknowledge these donations. The plan will also enable your nonprofit to provide support to clients, staff, and volunteers who may be experiencing the impact of the disaster. Designing the Plan Like any important operational planning, business continuity planning must have visible commitment by the board and senior management. These individuals need to clearly endorse the need for the plan and articulate the expectation that the plan will be completed in a specified time frame. Those individuals assigned to lead the project then need to introduce BCP concepts to staff and managers. The process will be streamlined by the creation of a cross-functional team. The team needs to be privy to all of the SOX best practices that have been put in place at your nonprofit. The BCP planning team’s agenda needs to include the following:

• Identify possible business interruptions. This exercise should briefly consider both likely and unlikely interruptions. However, the “deliverable” from this brief exercise should be an overview of the reasonably

152

chapter 9

creating a competitive advantage

possible interruptions in terms of severity. Don’t spend a lot of time on this discussion. There are a myriad of sources of interruptions. • Determine crucial functions. In order to establish strategies for business resumption, it is important to determine what operational activities and functions are essential for your nonprofit. Who performs these activities and functions? Are there written protocols and procedures for these activities and functions? What would happen if the person who usually does an essential function were not available? Who would take that person’s place? Some examples of essential functions include: • Administration, human resources, and payroll. These three areas address important organizational infrastructure. In the event of a natural disaster, many people find that they no longer have jobs. Your nonprofit needs to establish strategies to ensure that your employees know that they will have jobs, and that they have obligations to the nonprofit such as working shifts or working in a different functional area. • Finance. The function of finance includes procedures related to the nonprofit’s general operating funds, the nonprofit’s insurance coverage, claims procedures, and loss documentation. Additionally, your nonprofit will need to consider how to use credit sources for business resumption. Check writing and monitoring, and fund transfers and wiring are means by which expenses related to mitigation steps can be financed. Security procedures related to confidential transactions and other codes need to be in place. • Client services. The BCP needs to include a clear description of the menu of services provided to your nonprofit’s clients. In the event of an interruption, the list of services might have to be revised to include only the priority services. • IT. Information technology is essential to resuming operations following an interruption. The sooner your nonprofit can access its e-mail, electronic files, and electronic databases, the faster you will be back in full operation. • Development and fundraising. This department or function is tasked with identifying the resources that the nonprofit needs for its operation. In the event of a business interruption, this department would be

competitive advantages of being in compliance

153

tasked with accepting and acknowledging emergency donations. As these emergency donations are received, there would need to be recognition that the gift is either unrestricted or restricted. A system would need to be in place to ensure that in the event of an interruption, emergency donations would be handled correctly and in keeping with any new state legislation. • Typical plan protocols. The next step would be setting up procedures to deal with the immediate emergency, and then the procedures for resuming operations. For example, a procedure to deal with an immediate emergency would include the evacuation of staff, clients, and visitors. The BCP should have a section that describes evacuation procedures, emergency exits, and the like. • Communication with stakeholders such as board, staff, volunteers, clients, and donors will be important to provide necessary information and to appeal for assistance. • Public relations and media contact will be important in providing information about the emergency to the community, and how the public can help. • Alternative work and service delivery sites, including staff status, availability, and notification, are all-important aspects of the plan. • Things to consider. Because your nonprofit has incorporated SOX best practices, the composition of the BCP is easier and faster. Here are some sample elements of the BCP that are facilitated by incorporating SOX best practices: • Financial procedures and methods for storing and archiving financial documents. Because your nonprofit has adopted SOX best practices, there are procedures already in place for document storage and backup. Financial procedures are in place and internal controls have been strengthened. • Board procedures and expectations. By adopting SOX best practices, your board has a better understanding of its role in the nonprofit’s operation and what its role would be to ensure that operations were resumed in the event of an emergency. • Staff and senior management roles and expectations. These roles and expectations are clarified through SOX best practices.

154

chapter 9

creating a competitive advantage

• Fundraising protocols and procedures. A combination of SOX best practices, particularly in auditing and preparation of IRS Form 990, sets the stage for strengthening fundraising protocols and procedures. In the event of an interruption in operations, the development function would need to ensure that emergency donations were received, recorded, and acknowledged properly. • Document retention system includes remote access to data files. The SOX legislation requires that your nonprofit establish document retention policies and procedures. • Identification of resource needs for business resumption and where these resources can be obtained quickly. As your nonprofit adopts the SOX best practices, particularly as these relate to the annual audit, the organization will need to review its current vendor and service provider list to ensure that all contracts and arrangements are in order. • Keeping the plan alive. Like the risk management plan, the BCP needs to be reviewed and revised to keep it viable. With any contingency plan, it is advisable to stage a crisis “simulation” to determine how fast the staff can exit the building, or how well a phone tree works. As with any new plan, it is essential to offer training to the board, staff, and volunteers.

Conclusion The recommendations in this chapter are but a few of the ways in which your nonprofit can benefit from the adaptation of SOX best practices. The most important gain that your nonprofit can experience is the movement to a new level of performance and accountability. Regardless of the size of your nonprofit, your team can hold its head high!

Endnotes 1. “Nonprofit advisory group in crisis,” San Francisco Chronicle (January 22, 2004). 2. “SF Nonprofit to shut down,” San Francisco Chronicle (May 19, 2004).

Chapter

10

SOX Best Practices for Small Nonprofits

Susan is a member of a tiny nonprofit board. Her nonprofit provides dance education to people of all ages—very young to middle age and beyond. It’s a grassroots organization committed to introducing the joys of dance to young and old alike. She worries that the expectations of the public sector and the nonprofit world will serve to wipe out the dance center. In her community, no other nonprofits provide this type of service to such a wide-ranging clientele. At a recent seminar, the speaker informed Susan that an audit would cost her nonprofit approximately five thousand dollars. He might just as well have said a million dollars. Although Bob is 3000 miles away, he finds himself in a situation similar to Susan’s. His nonprofit is only a few years old. Already, the young people whom his nonprofit serves have won awards for excellence in their artistry. Yet the nascent infrastructure of his nonprofit needs to quickly catch up with the needs of its clients, and the growth potential that their talent offers. Both Bob and Susan need a way to incorporate the SOX best practices on a scale that fits their nonprofits.

Five Myths That Hold Small Nonprofits Back 1. We’re poor, grassroots, small, not part of the establishment, out in the boonies [or other reasons, just fill in the blank]. The litany of woes goes 155

156

chapter 10

sox best practices for small nonprofits

on forever. The reality is that in the eyes of the law, your nonprofit is accountable for its operations and outcomes. 2. No one would investigate us, sue us, or [fill in the action]. The truth of the matter is that the United States Senate Finance Committee is considering scores of regulations that would require nonprofits to comply with new laws and regulations. For example, one proposal was for all nonprofits to have their 501(c )(3) designations reviewed every five years by the IRS. 3. We’re not Enron. We don’t have time to worry about laws. Our staff and board suffer so much and are so underappreciated that we barely can get through another year. The truth is that we have now entered the twenty-first century. You do have to comply with federal and state laws—all of them. If you and your staff/board really feel that way, you need to consider closing your nonprofit, or find a fresh and energetic staff or board. 4. SOX best practices are expensive and time consuming. There are many ways in which a small nonprofit can incorporate SOX best practices into its operations. Most of these best practices take the form of policies and procedures. The Appendices contain samples for a range of policies and documents. The most important and powerful change that a small nonprofit would have to make is in its collective mindset. Establishing a schedule or sequence of deliverables is essential in helping a nonprofit stay on track. 5. If we insist on board member productivity, no one will join the board. If your nonprofit is having difficulty recruiting board members because you demand performance, you are recruiting the wrong type of people. Effective board members are not afraid of work, nor are they looking for the path of least resistance. By the way, they’ll ask you if your nonprofit has Directors and Officers insurance, and they won’t join your board unless you secure this insurance. Actively embracing a mindset that recognizes the nonprofit as a legitimate business entity is healthy for all concerned. The nonprofit may be small in size, but can be as large in spirit as any large nonprofit. The time has come for all nonprofits to understand that the public sector and the public at large expect accountability and responsible management. The days of the “Mom and Pop” nonprofit are over!

scaling the sox best practices to fit small nonprofits

157

The level of cranky discourse that is heard from nonprofit associations whenever legislation is recommended or passed that requires greater nonprofit accountability is indicative of how much the nonprofit world needs to mature. These associations would better serve their constituents if they encouraged a productive response and provided tools for facilitating compliance.

Adopting SOX Best Practices Your nonprofit won’t always be small—and it’s easier to build strong bones in the early days of the organization. The adaptation of SOX best practices serves to illustrate the nonprofit’s commitment to maintaining public trust and serving its mission. Further, having these policies and procedures in place illustrates to current and potential donors that the nonprofit’s board and management are committed to the organization as a going concern. SOX best practices will help your board and senior management to grow your nonprofit into a larger organization. Demonstrating that your nonprofit is willing to be accountable will facilitate attracting the resources that your organization needs. The providers of these resources need to be confident that your nonprofit is a good investment of their funds, or time, or in-kind donation. All nonprofits, even small ones, have an obligation to their donors, clients, and their community at large to safeguard the nonprofit’s assets and make decisions that will support the organization’s mission. Board development and training in financial literacy are wise investments of time and energy—and money if necessary.

Scaling the SOX Best Practices to Fit the Needs of Small Nonprofits Consider the ways in which each recommendation can be scaled to suit the needs of the small nonprofit. • Whistleblower protection policy. A whistleblower protection policy is one of two SOX requirements that apply to all organizations—right now. Chapter 5 discussed this policy, and Appendix B has a sample of the “talking points” that need to be in a whistleblower protection policy. This policy is not size sensitive. Once the policy is in place and

158

chapter 10

sox best practices for small nonprofits

approved by the board, everyone in the organization must be advised that it exists and what the procedure is for filing a report or grievance related to waste, fraud, and abuse. • Document retention and storage protocols that include a prohibition of destroying documents to be used in an investigation. A document retention program is the second Sarbanes-Oxley requirement that applies to all organizations. This policy is, again, not necessarily size sensitive. The process for the implementation of this policy was discussed in Chapter 5, and Appendix C contains a sample policy plan and instructions for creating a document retention program. The key for document retention in a small nonprofit is to keep the process simple. The plan can be enlarged as the nonprofit grows. The process should be initially streamlined to focus on financial documents, legal documents, and HR documents. Training for staff and volunteers needs to be very simple and user-friendly. People will ignore complicated processes, and you can hardly blame them for doing that. People simply have too much to do. Smaller organizations might consider establishing a streamlined sequence for activities that relate to document retention, such as: 1. Draft a brief policy with simple language that is easily understood that prohibits the destruction of documents while the nonprofit is part of an investigation or other crisis scenarios. The policy need not be lengthy, just a statement that in the event of an investigation or crisis, there will be a general order circulated that prohibits the destruction of any documents. Failure to comply can result in termination. Important! It is essential that your nonprofit be prepared to execute the consequences that it states in a policy like this. If your nonprofit is not prepared to terminate someone for violation of this policy, don’t include language to that effect. 2. Compile a list of all of the types of documents that need to be stored and archived. It is particularly important to store those documents that provide proof that something was done, negotiated, a contract was written for [X], or other documents that support actions. Legal documents, personnel files, board files, and volunteer files are important to store and archive.

scaling the sox best practices to fit small nonprofits

159

3. Develop an equally user-friendly process for retrieving documents. That means the storage protocols need to be very simple. The reason why documents need to be easily retrieved is that if a regulatory agency like the IRS does an audit of your nonprofit and asks for Document X —they want it now. 4. Do a test-run of the protocols. Do they work? Can they be simpler and easier to understand? If steps 1 through 4 mean that you have to clean up your nonprofit’s files, consider this a gift. Your nonprofit will function better when it is easy to store and retrieve documents. • Audit committee. For many nonprofits, the cost of an audit is prohibitive. For example, if the nonprofit’s budget is below $2 million, an audit may be too expensive. However, it is essential that the nonprofit’s financial statements and procedures are evaluated to determine that the nonprofit is in good financial health. Your nonprofit’s finance committee can become a “finance/audit committee” to make certain that the nonprofit’s financial statements and processes are evaluated. If possible, recruit one or two individuals who are not on the board— and not going to join the board—to do a short financial evaluation project. How can this be done? Here are some suggestions: • Find an intern from a local university. The members of the financial evaluation team can work with the intern to generate a review of the nonprofit’s books and internal controls. Many graduate tax or finance programs offer internship opportunities for students who would like to become auditors. This is a potential win-win. Your nonprofit receives cutting-edge services (the intern is usually supervised by a professor who is a CPA), and the graduate student can list this internship on his or her résumé. Your nonprofit, as the provider of a professional opportunity for a graduate student, can afford to be choosy. When inquiring about an intern, insist that the intern be an excellent student (with a GPA of at least 3.5) and insist on proof of the student’s academic excellence, whether that is in the form of a transcript or a recommendation from the student’s dean. Before the student is placed, review the internship contract with the university. Insist that you be provided with contact

160

chapter 10

sox best practices for small nonprofits

information for the professor who is supervising the internship. The financial evaluation team from the finance/audit committee, the professor, and the student can tailor this internship to meet your nonprofit’s needs. • Contact the local chapter of the CPA society. Professionals such as CPAs and attorneys often are required to provide pro bono services to the community. • Request assistance from a local nonprofit clearinghouse. Nonprofit clearinghouses can often put smaller nonprofits in contact with service providers. • Financial literacy training for board and senior management. Graduate students can also provide this type of training. The training can be done independently, or can be part of an internship, particularly if the graduate student is interested in a teaching career. A phone call to the placement office or internship office at your local college or university can connect you with individuals who could provide these services. Another method of obtaining services for this type of training is to ask your banker to do a presentation or contact a nonprofit clearinghouse. Again, keeping the training simple and user-friendly is essential. The handouts should not be complex, and board members should be able to use these materials as resources. • Conflict of interest policy. A conflict of interest policy is not sizesensitive. Having a conflict of interest policy serves the dual purpose of educating the board on its legal obligation of loyalty and on what constitutes a conflict of interest. Some board members are very reluctant to be forthcoming about real or potential conflicts of interest for fear that they will be dismissed from the board. That doesn’t have to happen. A board member can disclose a conflict of interest and continue to be a productive and useful member of the board. Educating the board is essential, and having a plan to judiciously deal with any disclosed conflicts of interest will help to encourage more transparency. This policy and set of procedures are easily drafted for nonprofits of any size. There is a sample conflict of interest policy and letter in Appendix E. Consider preparing a policy and set of procedures that

scaling the sox best practices to fit small nonprofits

161

deal with the major areas of concern. For example, it is essential that all board and senior management sign a letter disclosing any real or potential conflicts of interest. If the board members or staff members have no conflicts of interest, then it is also important to signify this on the letter. The letters need to be kept on file and archived (see Chapter 5). The conflict of interest policy itself needs to be distributed, and each board member and senior staff member needs to initial or sign a form (which could be one form that captures all of the initials or signatures) stating that they have received a copy of the policy. More importantly, everyone on the board and senior staff need to understand that disclosure is the expected norm, and failing to disclose a real or potential conflict of interest is grounds for dismissal. The board can institute simple procedures for excusing a board member or senior staff member when the discussion addresses an area in which the individual indicated that he or she has a conflict of interest. The procedures need not be onerous or complicated, just standardized so everyone is treated alike. • Code of ethics for board and senior management. This policy describes the types of behavioral expectations that relate to the roles of board members and members of senior management. One provision that is particularly significant is the prohibition against any type of loan or financial gift by the nonprofit to a board member or member of the staff at any level. Nonprofits of all sizes should have a code of ethics. It need not be lengthy or complex. A sample code of ethics is in Appendix F. • Board policies and procedures. This document outlines the size of the board, and the various roles and duties of the board, including the distinction between governance roles and management roles within the nonprofit. The document also includes a summary of board committees’ descriptions and performance objectives and the board’s selfevaluation process. An important part of the discussion needs to include an outline of the sequence of the director nomination and election process, a discussion explaining director independence, and an outline of director orientation curriculum and a continuing education agenda. Samples of all of these documents can be found in Appendices G and H.

162

chapter 10

sox best practices for small nonprofits

Keys to Success in Customizing SOX Best Practices There’s no reason why small nonprofits should not be able to adopt all of the SOX best practices. Perhaps the most important aspect of embarking on this endeavor is to understand that any best practice can be customized to address the nonprofit’s size, scope, and operations. It can be done, and there are people in your community who are willing to help—universities, professional organizations, and nonprofit clearinghouses. You simply have to ask for assistance. • Develop an organizational resolve to strengthen your nonprofit’s infrastructure. Consider the ways in which best practices can be tailored to fit your nonprofit . . . Your nonprofit is only small in size (at the present moment), but can have a spirit, drive, and commitment equal to any large nonprofit. • Bring on at least one new board member this year. Target your recruitment to members who bring a needed skill set, such as finance, to the board. It is important, however, to have your legal counsel and insurance professional be independent of the board. • Use board meetings, board retreats, and staff meetings to present information on SOX best practices, the legislative environment, and, if applicable, any state laws on nonprofit accountability. The more the board, management, and staff understand about accountability expectations, the more they will understand how important it is to invest in adopting SOX best practices. • Review the suggestions in this book and consider how each best practice would look in your nonprofit. The samples in the Appendices are designed to help you walk through the policies and documents to determine how these can fit your nonprofit’s needs. Some of the best practices are not size-sensitive. For example, the conflict of interest policy and the code of ethics are necessary in nonprofits of all sizes. Have your nonprofit’s legal counsel assist you with the language. If your nonprofit doesn’t currently have legal counsel, now is the time to obtain assistance. If your nonprofit requires pro bono assistance, contact your state or local bar association.

conclusion

163

Attorneys are expected to do a certain amount of pro bono work. You might also want to contact your local or regional nonprofit clearinghouse for assistance.

Conclusion Small nonprofits are in many ways the future of the entire nonprofit sector. Grassroots organizations have been a part of American society since colonial days, and are a unique aspect of American life. In today’s increasingly regulatory environment, nonprofits can also lead the way in promoting accountability and transparency.

Appendices

Best Practices: Checklists, Worksheets, and Sample Documents

These appendices are intended to show you how to get started in developing the policies, procedures, and documents that your nonprofit will need to implement SOX best practices. These sections have been designed in a walk-through format: talking points, design pointers, and other components.

Disclaimer Important! The language is not intended as legal advice and the talking points are not legal recommendations. You need to consult with your legal advisor to ensure that the language and design are appropriate to the needs of your nonprofit.

The walk-through can be facilitated by the use of checklists and worksheets provided in the appendices as well as sample documents. These materials correspond to one or more chapters in the book. As you use the materials in these appendices, remember that in the initial adaptation of SOX best practices, less is more and simplicity is very important. The policies and procedures need to be user-friendly. The intent 165

166

appendices

best practices

of the appendices is to help you design materials whose content is necessary and sufficient. Too many rules and too many procedures will block implementation. It is important to actively manage the adaptation of these best practices. Failing to have serious consequences for failure to comply will dilute effectiveness as well. Remember that the SOX best practices will serve to change your nonprofit’s organizational culture. Culture doesn’t change without a visible, palpable change in what behaviors are reinforced and what behaviors are extinguished.

Appendix

A

Working Through the Four Basic Financial Statements

Before working with the materials in this section of the Appendix, you should be sure to have a fairly good understanding of the materials presented in Chapter 3, which discusses the financial statements. This section of the Appendix contains samples of the balance sheet, the statement of operations, the statement of changes in net assets, and the statement of cash flows. Each of the four statements is explained in detailed.

Balance Sheet Exhibit A.1 is a sample balance sheet for a nonprofit agency. As discussed in Chapter 3, the balance sheet is a snapshot of the organization at a given point in time. As you can see in Exhibit A.1, the balance sheet contains a listing of the current and non-current assets, the current and non-current liabilities, and the net assets. The statement is called the “balance” sheet because it shows the balance between the total assets and the liabilities plus the net assets. According to the basic accounting equation Assets = Liabilities + Net assets

The balance sheet reflects that equation and is typically presented in two columns, with the assets displayed on the left-hand side and the liabilities and net assets displayed on the right-hand side. 167

168

appendix a

Exhibit A.1

the four basic financial statements

sample balance sheet for the p e r i o d e n d i n g d e c e m b e r 3 1, 20X1

ASSETS

LIABILITIES

Current Assets Cash and Cash Equivalents Short-Term Investments Net Accounts Receivable Supplies Prepaid Expenses Other

4,258 9,136 15,020 1,997 670 783

Total Current Assets

31,864

Non-Current Assets Net Property and Equipment Long-Term Investments Assets Limited as to Use Other

49,358 16,979 10,470 6,375

Long-Term Debt, Net Other

20,100 6,997

Total Non-Current Assets

83,182

Total Non-Current Assets

27,097

TOTAL LIABILITIES

38,497

TOTAL ASSETS

Current Liabilities Long-Term Debt, Current Accounts Payable Wages and Salaries Payable Supplies Payable Utilities Payable Total Current Liabilities

1,470 2,817 3,001 2,143 1,969 11,400

Non-Current Assets

115,046

NET ASSETS Unrestricted Temporarily Restricted Permanently Restricted

67,720 3,216 5,613

TOTAL NET ASSETS TOTAL LIABILITIES AND NET ASSETS

76,549 115,046

It should be noted that not all balance sheets contain the same accounts as the provided sample. Some nonprofits may subdivide their accounts into very specific accounts, which would increase the number of accounts presented in the balance sheet. For example, in the sample balance sheet, one of the current assets is “short-term investments.” This account contains all of the investments that have a “life” between 3 and 12 months. Some organizations may choose to subdivide the short-term investments account into several accounts, such as certificates of deposit, notes, and treasury bills. How an organization chooses to set up its accounts is dependent upon the amount of specificity the organization desires. Conversely, some

balance sheet

169

nonprofits may choose to collapse many of the accounts into single accounts. There is a fine line between having too many subdivisions and not having enough. The rule of thumb is to have enough subdivisions to give meaning to the balance sheet and that complies with how the stakeholders of the nonprofit want to see the financial information presented. Assets In Exhibit A.1, the total assets (current assets plus non-current assets) equal $115,046. The current assets, which total $31,864, consist of items that are very liquid and could be converted within one year’s time into cash. Of these current assets, cash and cash equivalents are, of course, the most liquid, as they either are already in a cash form or can be converted to cash in three months or less. The non-current assets, which total $83,182, consist of assets that have a life longer than one year. This type of asset cannot be quickly converted into cash. Each of the current and non-current assets is defined here. Current Assets include:

The current assets shown in the sample balance sheet

• Cash and cash equivalents • Short-term investments • Net accounts receivable • Supplies • Prepaid expenses • Other The cash and cash equivalents account, which totals $4,258, contains all of the cash owned by the organization and any assets that can be converted to cash within three months. Examples of the items in this account would include bank accounts, treasury bills with a maturity of 13 weeks, money market mutual funds, banker acceptances, negotiable certificates of deposits (CDs) with maturities less than three months, and other very shortterm marketable securities. The short-term investments account, which totals $9,136, contains the assets owned by the organization that could be converted to cash in a

170

appendix a

best practices

relatively short time period, between 3 and 12 months. Examples of shortterm investments include negotiable CDs and bonds with maturities between three months and one year, commercial paper, and other marketable securities the organization plans to hold for a relatively short time period. Net accounts receivable, which totals $15,020, reflects the money that is owed to the nonprofit by its clients. Many nonprofits have arrangements with their clients that allow them to purchase the product or service on credit. After the product or service is delivered, the organization issues an invoice, or bill, for any clients who have been extended credit. Net accounts receivable consists of the value of all of the invoices for goods and services that the organization has issued, subtracting out any amounts that the organization believes will never be paid. Once the bad debt has been subtracted from accounts receivable, what remains is referred to as the “net accounts receivable.” Accounts receivable is considered a current asset because the organization expects that it will “turn over” its accounts receivable within a short period of time, typically 90 days or less. Turning over accounts receivable quickly is an important aspect of cash management, as the quicker the invoices are converted to cash, the quicker the organization collects its receivables. The sooner the invoices are paid, the sooner an organization can put the cash to work. In addition, if the receivables are turned quickly, there is a smaller risk of having delinquent or nonpaying clients. The supplies account, which totals $1,997, is the value of all the supplies the organization has on hand. Examples of supplies would include office supplies and supplies used in the production of goods or services, such as any raw materials. The prepaid expenses account, which totals $670, reflects the value of expenses that have been paid in advance. For example, an organization may choose to pay in advance for three months of rent. By paying the rent expense in advance, the organization “owns” the right to the use of the office space for three months. This ownership is an asset to the organization. Other expenses that are frequently paid in advance are insurance, interest, taxes, salaries, utility bills, or the interest on debt. The Other account, which totals $783, reflects the value of the rest of the current assets owned by the organization. This is a “catch all” account where miscellaneous current assets can be placed. If a significant amount of the current assets is in the Other account, the organization may not be sub-

balance sheet

171

dividing the current assets as much as it should. Having most of the current assets considered “miscellaneous” does not accurately reflect the organization’s assets. Non-current Assets The non-current assets shown in the balance sheet are:

• Net property and equipment • Long-term investments • Assets limited as to use • Other The net property and equipment account, which totals $49,358, reflects the value of property and equipment owned by the organization, minus any accumulated depreciation. Accumulated depreciation is the total amount of depreciation that has been taken on a tangible asset since it was put into use. Depreciation is a measure of how much of a tangible asset has been “used up” or consumed during an accounting period. When an organization acquires an asset that has a long life, a depreciation schedule for that asset is established. Moving forward, the depreciation on each asset is accumulated, and the accumulated depreciation is subtracted from the original value of the asset. The word net in this account signifies that the accumulated depreciation has been subtracted. The long-term investments account, which totals $156,979, reflects the value of investments owned by the organization with a life greater than one year. Examples of long-term investments include real estate, stocks of publicly held companies, and bonds issued by private or nonprofit organizations. The assets limited to use account, which totals $10,470, reflects the value of non-current assets whose use has been limited by the organization. For example, the nonprofit may have issued a bond and the bond’s contract terms state that the nonprofit must set aside funds that can only be used to fulfill the bond obligation. This also occurs if the organization has segmented some of its assets for specific uses, and does not include the value of those assets in the general assets. The Other account, which totals $6,375, reflects the value of the rest of the non-current assets owned by the organization. This is a “catch all” account where miscellaneous non-current assets can be placed. If a significant amount of the non-current assets is in the other account, the organization

172

appendix a

best practices

may not be subdividing the non-current assets as much as it should. Having many of the non-current assets considered “miscellaneous” does not accurately reflect the organization’s assets. Liabilities and Net Assets As they should, the total of the liabilities and the net assets equals the total of the assets, $115,046. If they did not, the balance sheet is not in balance and someone has made some type of error. The liabilities, which total $38,497, consist of current liabilities and non-current liabilities. The net assets, which total $76,549, consist of the unrestricted net assets, the temporarily restricted net assets, and the permanently restricted assets. Each of the current and non-current liabilities and the net assets is defined here. Current Liabilities

The current liabilities shown in the balance sheet are:

• Long-term debt, current • Accounts payable • Wages and salaries payable • Supplies payable • Utilities payable The long-term debt, current account, which totals $1,470, is a little confusing. Why is an item that is called “long-term” included in the current liabilities? This account reflects the amount of long-term debt that must be paid within a year. Any amount of debt or loan principal that the organization is going to pay off within the next 12 months is shown as a current liability. The portion of long-term debt that will be paid off beyond the next 12 months will be recorded as a non-current liability. The accounts payable account, which totals $2,817, is the amount owed by the nonprofit to vendors for purchases on credit. Typically, the vendors expect to receive payment within 90 days, which makes the account a current liability. Accounts payable can be viewed as the opposite of net accounts receivable, in that it is the amount the organization owes, and net accounts receivable is the amount that is owed to the organization. The wages and salaries payable account, which totals $3,001, is the amount that the nonprofit owes to its employees for the labor they pro-

balance sheet

173

vided. As with the accounts payable account, the wages and salaries payable account is the opposite of net accounts receivable, in that it is the amount that the organization must pay, and net accounts receivable is the amount the organization expects to be paid. The rest of the payable accounts, supplies payable ($2,143) and utilities payable ($1,969), are analogous to accounts payable, and wages and salaries payable, in that these accounts contain the amount that the nonprofit owes to different entities. Supplies payable is the amount owed to supply vendors, and utilities payable is the amount owed to utility companies. As with the case of accounts payable, and wages and salaries payable, the organization is expected to pay what it owes within a relatively short period of time, typically within 90 days. You may wonder why current liabilities do not have an “other” account similar to the “other” accounts for the current and non-current assets. In general, it is not necessary to have a current liabilities account since accounts payable can be used for that purpose. Non-current Liabilities ance sheet are:

The non-current liabilities shown in the bal-

• Long-term debt, net • Other As mentioned in the definition of the “long-term debt, current” account, the portion of long-term debt that will be paid off beyond the next 12 months is recorded as a non-current liability. Long-term debt, net is the amount of debt that will not be paid off within the next 12 months and from which the long-term debt, current portion has been subtracted. In addition, any payments that have been made toward the long-term debt have also been subtracted. The word net is the portion that remains to be paid on a long-term basis. The value of this account in the sample balance sheet is $20,100. The Other account, which totals $6,997, reflects the value of the rest of the non-current liabilities owed by the organization. This is a “catch all” account where miscellaneous non-current liabilities can be placed. If a significant amount of the non-current assets is in the Other account, the organization may not be subdividing its non-current liabilities as much as it should.

174

appendix a

best practices

Net Assets The net assets, which total $76,549, consist of the unrestricted net assets, temporarily restricted net assets, and permanently restricted net assets. Restating the basic accounting equation illustrates the relationship among the net assets, the liabilities, and the assets: Net assets = Assets – Liabilities

The net assets can thus be considered the “net worth” of the nonprofit. It is what is left over after all of the organization’s debt and other obligations to pay have been removed. If the value of the assets is equal to the value of the liabilities, the net worth of the organization is zero. Each component of the net assets is defined here. Unrestricted Net Assets Unrestricted net assets, which total $67.720, are the dollar value of net assets where there is no restriction on how the net asset can be used. For example, if a donor contributes $10,000 to the nonprofit and does not specify how the donation must be used, that donation would become a part of unrestricted net assets. Unrestricted net assets do not have any stipulations or restrictions for their use, other than legal or ethical considerations. Temporarily Restricted Net Assets Temporarily restricted net assets reflect the dollar value of net assets that have a restriction on their use, but that restriction has a time limit. For example, a donor may give land to the nonprofit with the stipulation, or restriction, that the land cannot be sold for five years. Since the land has a temporary restriction on its use, it is a part of temporarily restricted net assets. Once the time period for the restriction passes, the land is no longer a part of temporarily restricted net assets and becomes a part of unrestricted net assets. Permanently Restricted Net Assets Permanently restricted net assets are net assets that have restrictions on their use, and that restriction does not have a time limit. An example of a permanently restricted net asset is an endowment that allows the nonprofit to spend the interest, but never any of the principal.

statement of operations

175

Statement of Operations The statement of operations is a summary of the nonprofit’s expenses and revenue, gains, and other support over the entire accounting period, not just at the end of the period. In the for-profit world, this statement is typically called the “income statement” or the “profit and loss (P & L) statement.” As can be seen in Exhibit A.2, the accounting period for the sample statement of operations is the entire month of December, 20X1, and the statement tracks all of the movement of expenses and revenue, gains, and

Exhibit A.2

sample statement of operations for the period e n d i n g d e c e m b e r 3 1, 2 0 X 1

Unrestricted Revenues, Gains, and Other Support Net Program A Revenue Net Program B Revenue Net Program C Revenue Other Revenues Donor Contributions Net Assets Released from Restrictions for Operations

30,421 33,620 10,555 3,576 20,735 300

Total Revenues, Gains, and Other Support

99,207

Expenses Wages and Salaries Supplies Utilities Transportation Depreciation Bad Debt Other Expenses

59,751 10,635 8,059 14,985 2,572 1,035 1,018

Total Expenses

98,055

Total Operating Income Non-Operating Income (Investment)

1,152 975

Excess of Revenues over Expenses

2,127

Change in Net Unrealized Gains and Losses Net Assets Released from Restrictions Used for Equipment Purchase Increase in Unrestricted Net Assets

105 437 2,669

176

appendix a

best practices

other support for the month of December. The basic formula for the statement of operations is: Revenues, gains, and other support – Expenses = Excess of revenues, gains and other support over expenses

As can be seen in Exhibit A.2, the statement of operations can also have “below the line” items. They are called that because they appear below the excess of revenues over expenses. They affect the value of the unrestricted net assets, but they are not considered either revenues or expenses. All of the items on the sample statement of operations are defined here. Unrestricted Revenues, Gains, and Other Support In the sample statement of operations, the nonprofit has unrestricted revenues, gains, and other support coming from three programs (Programs A, B, and C), from donors, from net assets released from restrictions for operations, and from other revenues. The total value of these amounts is $99,207. Each of these terms is explained here. Program Revenues This nonprofit apparently has three programs through which it delivers a set of services or goods. These services or goods are not provided for free, and each of the three programs generates a revenue stream. The total revenues of the three programs are $74,596, which is a significant portion of the overall revenues. These revenues are termed unrestricted because there is no limitation as to how the nonprofit may use these revenues, except legal and ethical considerations. The program revenues do not mean that the nonprofit has received any money for its services or goods. Remember, revenues are recognized when they are earned, not when they are paid. Once the service or good was sold, its price became a part of revenues. If the nonprofit extends credit to its clients, it may not have received much, or any, of the money it was owed. Gains A nonprofit earns gains when it sells an asset for a price higher than the value of the asset on the balance sheet. In the sample statement, there are no gains. Other Revenues The nonprofit has generated $3,576 from activities other than its main function or business. For example, the other revenues

statement of operations

177

could have come from parking fees. The function of this nonprofit is not to provide parking, so the fees are considered other revenues. In the case of a hospital, one source of other revenues could be from the gift shop. Selling gifts and flowers is not the main function of the hospital, so any revenues generated by the gift shop are considered other revenues. These other revenues are termed unrestricted because there is no limitation as to how the nonprofit may use these revenues, except legal and ethical considerations. Income that is generated from investments is not included in the other revenues account. As you can see in Exhibit A.2, they are located in another section of the statement. Donor Contributions During the month of December 20X1, the nonprofit received unrestricted donor contributions totaling $$20,735. These contributions are considered unrestricted other support. They are so termed because the donors apparently did not place any restrictions on how the contributions could be used. Net Assets Released from Restrictions for Operations In the discussion of the balance sheet, the definitions of temporarily and permanently restricted net assets were covered. As the names imply, permanently restricted net assets do not have an expiration date for the restriction. However, for the temporarily restricted net assets, the restriction can expire. Once the temporary restriction on temporarily restricted net assets expires, these net assets can be used for operations and become a part of the total revenues, gains, and other support. If the time restriction on the temporarily restricted net assets is removed but the net assets have been designated for equipment purchases, they do not become a part of total revenues, gains, and other support. They instead become a below the line item. Both of these situations are reflected on this sample statement. The value of net assets released from restrictions for operations is $300. In the below the line section of the statement, there are net assets released from restrictions to be used for equipment purchase; this amount totals $437.

Expenses In the sample statement of operations, during the month of December 20X1, the nonprofit had expenses from wages and salaries, supplies, utilities, transportation, depreciation, bad debt, and other. The total value of

178

appendix a

best practices

these amounts is $98,055. This does not mean that the nonprofit paid out $98,055. Expenses are not recognized when they are paid; they are recognized once the underlying asset connected with the expense is used up or consumed. For example, on the sample statement is a utilities expense of $8,059. This does not mean that the nonprofit has paid out $8,059. It only means that during the month of December 20X1, the nonprofit consumed $8,059 worth of utilities. Each of the expense items is explained here. Wages and Salaries During the accounting period, the nonprofit accrued $59,751 in wages and salaries expense. This means that the nonprofit used up the labor provided by its employees during the accounting period and thus generated an expense equal to what the employees earned. Supplies During the accounting period, the nonprofit used up $10,635 worth of supplies. This does not mean that the nonprofit purchased this amount of supplies or that the organization has paid for this amount of supplies; it means that it consumed this amount of supplies. Transportation During the accounting period, the nonprofit experienced a transportation expense totaling $14,985. This is a high amount, so it may be that the nonprofit agency provides some kind of transportation services for its clients. Depreciation As discussed in Chapter 3, depreciation reflects how much of a tangible asset was used up in the accounting period. Depreciation only applies to items such as the nonprofit’s building (if it owns the building) and equipment. Depreciation is a way of recognizing that assets have a limited life, even if it is a long one, and that assets lose value over time. This nonprofit is recognizing that it used up $2,572 worth of its long-life assets. Bad Debt If an organization does not collect its fees and charges at the time it sells its good or service, it will have to bill its clients. As discussed previously, net accounts receivable is the amount of outstanding invoices and is money that is owned to the organization. However, not all invoices are paid completely. Some invoices are partially paid and others are not paid at all. If the invoice is a very old one and the nonprofit has not been able to collect, it is doubtful that the organization will receive the money

statement of operations

179

it is owed. Once bad debt is recognized, its value is removed from net accounts receivable. Since part of the asset of net accounts receivable no longer exists, the bad debt becomes an expense of doing business. This nonprofit is recognizing that it is not going to receive $1,035 that is owed to it. Other Expenses This expense account is a catch-all account where miscellaneous expenses can be placed. If a significant amount of the expenses is in the other expenses account, the organization may not be subdividing the expense accounts as much as it should. During the accounting period, this nonprofit had $1,018 in miscellaneous expenses.

Total Operating Income The total operating income is $1,152. This is the difference between the expenses ($98,056) and the unrestricted revenues, gains, and other support (99,207). Since this is a positive number, the organization is generating more unrestricted revenues, gains, and other support than expenses. Nonoperating Income Income generated from investments is not considered a part of the operating income. Instead, it is placed on the statement below the total operating income. This nonprofit earned $975 in investment income. Excess of Revenues over Expenses This item on the statement of operations is equal to the total operating income plus the excess of revenues over expenses. In this case, $1,152 plus $975 equals $$2,127. The $2,127 can be thought of as the “profit” made during the accounting period by the nonprofit. This nonprofit has more revenues than it has expenses, which is a better situation than the reverse! If expenses are consistently greater than revenues, the nonprofit will have a difficult time of surviving. Below the Line Items The sample statement of operations has two below the line items—change in net unrealized gains and losses ($105), and net assets released from

180

appendix a

best practices

restrictions used for equipment purchase ($437). The change in net unrealized gains and losses recognizes that one or some of the unrestricted assets owned by the nonprofit have increased in value and are now valued higher than they were on the balance sheet of the previous accounting period. However, we don’t want to count this increase in value as a part of revenues because the organization has not yet “realized” the extra value. The nonprofit still owns the asset, so the increase in value is considered unrealized. If the asset is sold, any gains made will then be realized. The net assets released from restrictions used for equipment purchase ($437) indicates that some temporarily restricted net assets were released from restriction, but the net assets were designated for equipment purchase use. The $437 should not thus be considered part of the total operating income, since it will be used to purchase equipment. These items are called “below the line” because they appear on the statement below the excess revenues over expenses. They are placed below the line because they do not affect the value of the excess of revenues over expenses. Why then are they on the statement of operations? They are there because the statement of operations is used to create another of the basic financial statements—the statement of changes in net assets. The below the line items do not affect the value of excess revenues over expenses, but they do affect the value of the unrestricted net assets. Since we need to know the value of the change in unrestricted net assets to create the statement of changes in net assets, we thus include the below the line items on the statement of operations. Increase in Unrestricted Net Assets The increase in unrestricted net assets is equal to the excess of revenues over expenses ($2,127) plus any below the line items ($105 plus $437). In the sample statement of operations, the increase in unrestricted net assets is $2,669. If the total of the excess revenues over expenses and the below the line items had been a negative number, there would have been a decrease in unrestricted net assets. This figure will be used in the statement of changes in net assets.

statement of changes in net assets

181

Statement of Changes in Net Assets The purpose of the statement of changes in net assets is to account for any changes in the net assets from one accounting period to the next. A sample statement of changes in net assets is shown in Exhibit A.3. The statement of changes in net assets includes any changes in all three categories of net assets—unrestricted, temporarily restricted, and permanently restricted. The statement contains information from the balance sheet and from the statement of operations. Each section of the sample statement is explained here.

Exhibit A.3

sample statement of changes in net assets for the period e n d i n g d e c e m b e r 3 1, 2 0 X 1

Unrestricted Net Assets Excess of Revenues over Expenses Change in Net Unrealized Gains and Losses Net Assets Released from Restrictions Used for Equipment Purchase

2,127 105 437

Increase (Decrease) in Unrestricted Net Assets

2,669

Temporarily Restricted Net Assets Net Assets Released from Restrictions to Be Used for Equipment Purchase Net Assets Released from Restrictions for Operations Net Unrealized Gains and Losses

(437) (300) 575

Increase (Decrease) in Temporarily Restricted Net Assets

(162)

Permanently Restricted Net Assets Net Unrealized Gains and Losses Contributions for Endowment Funds

289 1,500

Increase (Decrease) in Permanently Restricted Net Assets

1,789

Total Increase (Decrease) in Net Assets Net Assets, Beginning of Month

4,296 72,253

Net Assets, End of Month

76,549

182

appendix a

best practices

Unrestricted Net Assets This section of the statement simply contains the information from the last four items in the statement of operations. We already know from the statement of operations that the unrestricted net assets were increased by $2,669. We also know the source of the increase—excess of revenues over expenses ($2,127), change in net unrealized gains and losses ($105), and net assets released from restrictions used for equipment purchase ($437). On the sample balance sheet for December 20X1 (see Exhibit A.1), the value of unrestricted net assets is $67,720. If we had the balance sheet for November 20X1, the value of unrestricted assets would be $65,051, which is $2,669 less than the value for unrestricted net assets on the December 20X1 balance sheet. The statement of changes in net assets shows why there is a difference in the unrestricted net assets from November to December, and shows the exact amount of the change. Temporarily Restricted Net Assets This section of the statement shows the changes in the temporarily restricted net assets. If you refer to the sample balance sheet (Exhibit A.1), you will see that the value for temporarily restricted net assets is $3,216. If we had the balance sheet for November 20X1, it would show a value of $3,378. Temporarily restricted net assets decreased by $162. How did this happen? Two of the items in this section came from the statement of operations—the net assets released from restrictions to be used for equipment purchase ($437), and net assets released from restrictions for operations ($300). We don’t see the actual value of this particular net unrealized gains and losses ($575) on either the balance sheet or the statement of operations, but the transaction did occur and was recorded in the books. We thus include it in this section. The temporarily restricted net assets released from restrictions to be used for equipment purchase is a negative number since these net assets were released from their temporary restriction and moved into unrestricted net assets. When these net assets were released from restriction, they were designated for equipment purchase. If you refer back to the sample statement of operations (Exhibit A.2), you will find this transaction recorded as one of the below the line items and see how these temporarily restricted net assets moved into unrestricted net assets.

statement of changes in net assets

183

The temporarily restricted net assets released from restrictions for operations is also a negative number since these net assets were released from their temporary restriction and moved into unrestricted net assets. If you refer back to the sample statement of operations (Exhibit A.2), you will find this transaction reported in the unrestricted revenues, gains, and other support section of the statement. You will also be able to see how these temporarily restricted net assets moved into the unrestricted net assets. The net unrealized gains and losses ($575) reflect the increase in value in one or more of the temporarily restricted net assets. This is a positive number since the value of the restricted net asset increased. Permanently Restricted Net Assets This section of the statement shows any changes in permanently restricted net assets. If you refer to the sample balance sheet (Exhibit A.1), you will see that the value of permanently restricted net assets is $5,613. If we could see the balance sheet for November 20X1, the amount would be $3,824. There was an increase of $1,789. How did this happen? The increase came from two sources—net unrealized gains and losses ($289) and contributions for endowment funds ($1,500). Permanently restricted net assets cannot ever be considered revenues since they cannot be used for operations. The net unrealized gains and losses ($289) reflect the increase in value in one or more of the temporarily restricted net assets. This is a positive number since the value of the permanently restricted net asset increased. By the same token, the contributions for endowment funds cannot be used for anything other than the endowment funds, so they increased the value of permanently restricted net assets by $1,500. Total Increase (Decrease) in Net Assets The total increase in net assets is the sum of all of the changes in the three components of net assets. The amount of the increase ($4,296) is equal to $2,669 minus $162 plus $1,789. Net Assets, Beginning of Month This amount ($72,253) could be found on the balance sheet for the end of November 20X1.

184

appendix a

best practices

Net Assets, End of Month The amount ($76,549) of the net assets at the end of the month is equal to the net assets at the beginning of the month ($72,253) plus the amount of the increase in net assets ($4296). If you refer to the sample balance sheet (Exhibit A.1), you will see that the total net assets are equal to $76,549.

Statement of Cash Flows The statement of cash flows tracks the flow of cash into and out of the nonprofit. Since we are using the accrual basis of accounting, none of the other three financial statements tracks the movement of cash. Most organizations want to know where their cash came from and where it went during the accounting period, and the statement of cash flows achieves that purpose. As shown in Exhibit A.4, the sample statement of cash flows tracks the cash flows from operating, investing, and financing activities. Cash Flows from Operating Activities This section of the statement uses the change in net assets to create the cash flows for operating. Since we are using the accrual basis of accounting, however, some of the transactions that changed the amount of the net assets did not actually cause cash to flow into or out of the organization. This makes it somewhat difficult to determine the cash flows from operating activities. For example, from the sample statement of operations (Exhibit A.2), there is a $2,572 expense for depreciation. This expense reduced the net assets by reducing the amount of excess of revenues over expenses, which reduced the amount of increase in the unrestricted net assets. However, no cash actually moved into or out of the organization. We add the $2,572 back to the change in net assets to reflect that no cash flowed out of the nonprofit. The same thing is true for the $1,035 bad debt expense, so that amount is also added back. The total of the expenses that are added back equals $3,607. Other items are subtracted since the items did not actually increase the amount of cash, but did increase the amount of net assets. For example, according to the sample statement of changes in net assets (Exhibit A.3), we received a permanently restricted contribution of $1,500. However, that cash is a non-current asset limited as to use; it is not cash that is avail-

185

statement of cash flows

Exhibit A.4

sample statement of cash flows for the period ending december 31, 20X1

Cash Flows from Operating Activities Change in Net Assets Adjustments to Reconcile Changes in Net Assets to Net Cash Provided by Operating Activities: Depreciation Net Unrealized Gains and Losses Bad Debt Restricted Contributions Received Increase (Decrease) in: Net Accounts Receivable Accounts Payable Wages and Salaries Payable Supplies Payable Utilities Payable Long-Term Debt, Current Net Cash Provided by Operating Activities

4,896 2,572 (971) 1,035 (1,500) (6,544) 2,000 13,350 1,477 2,478 500 19,293

Cash Flows from Investing Activities Purchases of Investment Capital Expenditures

(5,175) (12,996)

Net Cash Flows Used in Investing Activities

(18,171)

Cash Flows from Financing Activities Increase in Long-Term Debt Payments on Long-Term Debt

5,100 (3,512)

Net Cash Used in Financing Activities

1,588

Net Increase in Cash and Cash Equivalents

2,710

Cash and Cash Equivalent at Beginning of Year

1,548

Cash and Cash Equivalents at End of Year

4,258

able for operations. The $1,500 is thus subtracted. Similarly, we had net unrealized gains and losses of $971. Since these gains are unrealized, no cash flowed into the nonprofit, but the value of the net assets increased. The $971 is also subtracted. From these two items, a total of $2,471 is subtracted.

186

appendix a

best practices

Any increase in the current liabilities decreases the value of the net assets. However, having an increase in current liabilities doesn’t decrease the amount of cash in the organizations. Until those liabilities are paid, they have no effect on cash. Thus, all of the increases in current liabilities that occurred from the end of November to the end of December 20X1 are added back in. In our sample statement of cash flows, that includes accounts payable, wages and salaries payable, supplies payable, utilities payable, and long-term debt, current. The total of the increases in current liabilities that is added equals $19,805. Any increase in net accounts receivable increases the change in the net assets. However, this increase in net accounts receivable does not cause cash to flow into the nonprofit. The $6,544 increase in net accounts receivable is subtracted. The net cash provided by operating activities totals the change in net assets and the adjustments. The net cash provided by operating activities ($19,293) equals $4,896 plus $3,607 minus $$2,471 plus $19,805 minus $6,544. Cash Flows from Investing Activities The cash flows from investing activities are easier to determine. In our example, the nonprofit purchased equipment that cost $5,175. When the purchase was made, cash did flow out of the nonprofit. Similarly, the nonprofit had capital expenditures of $12,996, and these expenditures resulted in an outflow of cash. The total net cash flows used in investing activities totals equals a negative $18,171, which is $5,175 plus $12,996. Cash Flows from Investing Activities The cash flows from investing activities in our sample come from increases in long-term debt and payments on long-term debt. Increases in long-term debt would cause an inflow of cash ($5,100), but payments on long-term debt would decrease the amount of cash ($3,512). The net cash used in financing activities ($1,588) equals $5,100 minus $3,512. Net Increase in Cash and Cash Equivalents The net increase in cash and cash equivalents ($2,710) is equal to the net cash flows from the operating, investing, and financing activities. The net increase of $2,710 equals $19,293 minus $18,171 plus $1,548.

statement of cash flows

187

Cash and Cash Equivalents at the Beginning of the Month This amount is on the balance sheet for the end of November 20X1. The amount of this current asset was $1,548. Cash and Cash Equivalents at the End of the Month The cash and cash equivalents at the end of the month ($4,258) are equal to the cash and cash equivalents at the beginning of the month ($1,548), plus the net increase in cash and cash equivalents ($2,710).

Appendix

B

Whistleblower Protection Policy [Agency name Street address City, State, Zip code] Whistleblower Protection Policy The whistleblower protection policy is being implemented at the [agency name] to comply with the Public Company Accounting Reform and Investor Protection Act of 2002 (Sarbanes-Oxley). This provision in the legislation applies to all organizations, not just publicly traded ones. At the [agency name], any staff member or volunteer who reports waste, fraud, or abuse will not be fired or otherwise retaliated against for making the report. The report will be investigated and even if determined not to be waste, fraud, or abuse, the individual making the report will not be retaliated against. There will be no punishment for reporting problems—including firing, demotion, suspension, harassment, failure to consider the employee for promotion, or any other kind of discrimination. There are several ways to make a report of suspected waste, fraud, or abuse: • Call the anonymous hotline at [phone number]. • Send an e-mail to [e-mail address]. • Submit a report in writing. Here is what we will do to investigate the report: [The agency would list the steps it would take to investigate the allegation.] Here is how we will follow up to report on our findings: • Provide the person filing a report with a summary of our findings. • Take steps to deal with the issue addressed, including making operational or personnel changes. • If warranted, contact law enforcement to deal with any criminal activities.

189

Appendix

C

Document Retention and Storage Protocols

Document Retention Policy— Talking Points Key areas for explanation in a document retention policy include: • Why does the agency need a document retention and storage policy? It’s required by the Public Company Accounting Reform and Investor Protection Act of 2002 (Sarbanes-Oxley). • What documents and records should be preserved and why? See list of documents under “Writing the Policy—Talking Points.” • Why is there a rule against document destruction? When should you not destroy materials? If an official investigation is underway or even suspected, nonprofit management must stop any document purging to avoid criminal obstruction charges.

Writing the Policy—Talking Points • What is document retention and storage policy—and why is it required by law? 191

192

appendix c

document retention and storage protocols

It’s not just a best practice—it’s the law and it applies to all organizations in this country. Your nonprofit has an obligation to your donors, your clients, your board, and your staff to ensure that your organization complies with this component of Sarbanes-Oxley legislation. • How does it work? In this section of the policy, provide your staff and volunteers with some clear guidelines. (Just emphasize the important issues—the guidelines should not be voluminous. If your guidelines are over 10 pages, consider if all of the information is necessary and sufficient.) • The guidelines should answer the questions: • How do I start? • What should my files look like when I’m finished? • How long do I have to do this? • What files should I ensure are retained and stored (this is discussed in the next section)? • When should I not destroy files? When an instruction is sent to everyone at the agency to stop document destruction. You are expected to stop destroying documents until you receive an instruction stating that document destruction can resume. • How do we maintain files and determine which are sent to storage? Also discuss when files can be destroyed (after X number of years—depending on the type of file—and not when a moratorium is in place). • Documents. Not all of these document categories are applicable to your nonprofit, so only include the ones that are and add those special document categories that your nonprofit needs (but might not have been on the list). Be sure to include a brief description of these documents that would be meaningful to the staff and volunteers at your nonprofit. Here is a list of the types of documents your nonprofit would need to store/archive and be able to retrieve: • Financial documents, reports, analysis, and forecasts

special designations for sensitive documents

193

• Donor records, history, and correspondence • HR records, including volunteer and board files and contracts with your nonprofit’s management, staff, and volunteers (if applicable) • Documents that reflect the sale of property, merchandise, or any tangible or intangible assets • Documents that a regulatory agency or the law requires you to retain, such as tax returns, business license document, professional licenses, vehicle registration forms, and correspondence regarding these documents or about your nonprofit’s operations • Documents containing information that an auditor or regulator would need to review • Contracts with vendors for services, including insurance policies, auditor contracts (particularly to demonstrate that the auditing firm is not providing any other services to your nonprofit) • Contracts with external clients (such as public sector agencies) to provide services to these external clients • Client files and correspondence • Donor files and correspondence with donors • Proposals in response to requests for proposals (RFPs) • Documents related to your nonprofit’s operations • Instant message or e-mail that contains negotiations for a contract or other legal agreement • Business transactions—any document that would provide proof that your nonprofit took action in a business, contractual, or legal matter

Special Designations for Sensitive Documents Design a simple classification system that allows for some of the documents to be classified as confidential, private, or other designation that precludes them from general access. Again, the fewer documents that need a special classification, the better. You don’t want to have to invoke the “Freedom of Information Act” protocol to access your own files.

194

appendix c

document retention and storage protocols

Storing and Archiving the Documents Develop rules for managing, storing, preserving, and archiving electronic messages or other electronic data. The rules should address the important issues, including the types of documents that are to be retained and how they are to be stored. The process need not be complicated, but the rules need to be standardized—there is no room for doing your own thing. Staff and volunteers need to understand that they are obligated to adhere to the rules—or face the consequences. The rules should also include steps to be taken to ensure that the documents cannot be tampered with—such as using PDF files or passwords. It is particularly important to store financial records in such a way as to ensure that they represent a true and honest picture of the nonprofit’s financial profile and/or other financial description. Regulators will expect to be able to rely on the accuracy of all of your electronic records—no exceptions.

Testing the System Develop a means by which the document retention system will be tested on a regular basis to ensure that documents are stored properly, and more importantly, can be retrieved quickly. Staff and volunteers should understand that the audits will be random and unannounced. There should be consequences for non-cooperation that should be meted out quickly to send a message to the entire organization.

Appendix

D

Audit Committee Procedures and Protocols

Audit Committee This committee should be in place, no matter how small the nonprofit or its board. The purpose of the committee is to provide oversight to the annual audit, or for small nonprofits, the annual review of financials.

Composition of the Committee The committee needs to include: • One financial professional • Two to four members of the board who are not also members of the finance committee

Committee Functions and Deliverables [The agency would present these functions and deliverables in a manner that meets the agency’s needs.] • The committee is to serve as a liaison between the auditor and the board and to ensure that the auditing firm is appropriate for a nonprofit audit (skill set and experience), and to review the performance of the auditing firm. 195

196

appendix d

audit committee procedures and protocols

• The committee is to ensure that the auditor is not also providing consulting services to the nonprofit, such as bookkeeping, financial information systems, HR outsource services, legal services, or other professional services that do not relate to the audit. In the past, this practice was permitted, but SOX best practices strongly recommend that the nonprofit’s auditor provide only auditing services. Other consulting services should be provided by another firm. Additionally, the nonprofit should use the same auditing firm for between three to five years. If the auditing firm is large enough, other partners or associates can rotate to provide auditing services to the nonprofit. In any event, members of the auditing firm should not be recruited to serve on the nonprofit’s board or on the auditing committee. • The committee needs to ensure that the auditor has no financial or business connections to individual board members. • The audit committee should meet with the auditor to review the audit and make recommendations regarding board approval, or provide recommendations for modifications. The committee makes these recommendations to the full board, which ideally, meets with the auditor to discuss the audit. • One of the audit committee’s most important deliverables is to ensure that if the audit produces a management letter, the issues outlined in the letter are remedied immediately. • The audit committee should be in operation for two months at most every year.

Appendix

E

Conflict of Interest Policy

A conflict of interest policy and set of procedures, including a disclosure statement, need to be in place for the purposes of educating the board on its legal obligation of loyalty and on what constitutes a conflict of interest. Procedures need to be in place to disclose real and potential conflicts of interest, and appropriately deal with these disclosed conflicts in subsequent board discussion and voting. All board and senior management need to complete a conflict of interest statement on an annual basis. Board minutes need to reflect a member’s abstention from discussion and voting on a topic that presents a conflict of interest.

Talking Points What Is a Conflict of Interest and Why Is It a Serious Issue? Here are some reasons why real or potential conflicts of interest need to be disclosed: • Legal standard of loyalty requires board members to put the financial interests of the nonprofit ahead of any personal gain. One way to achieve this is to identify those relationships and/or business dealings that either present a conflict of interest or have the potential for being a conflict of interest. • By signing a letter indicating real or potential conflicts of interest, or stating that the individual has none, the nonprofit has a record of those areas that may pose a conflict of interest for individual board 197

198

appendix e

conflict of interest policy

members. The nonprofit can then take steps to ensure that the individual board member does not take part in discussions or votes related to those areas. • Transparency and full disclosure are very important in today’s nonprofit environment. Procedures for Dealing with Conflict of Interest • Conflict of interest letters are signed on an annual basis. • When a board discussion addresses an area that has been identified as a conflict of interest, the individual involved is excused from the discussion and not permitted to vote. This is recorded in the minutes of the meeting. • The board reserves the right to ask an individual who presents a very serious conflict of interest to resign from the board, or be placed in a capacity that neutralizes a conflict of interest.

sample conflict of interest letter

Sample Conflict of Interest Letter

[Agency name Street address City, State, Zip code] [Date [Board member name Street address City, State, Zip code] Please complete and sign this annual conflict of interest statement. We appreciate your hard work on the [agency name] Board. I, [board member name], state that I have/do not have the following personal, business, or professional relationships that may present a conflict of interest: (Circle appropriate statement.) I do not have any conflicts of interest. I have the following relationships or business interests that may pose a conflict of interest: (List those relationships and businesses that might pose as conflict of interest.)

As a member of the [agency name] Board, I commit to placing the agency’s interest and gain ahead of my own, and will further commit to excusing myself from any discussion or votes related to those areas in which I may have a conflict of interest. Signed, [Board member name Date]

199

Appendix

F

Code of Ethics for Board and Senior Management

T

his policy describes the types of behavioral expectations that relate to the roles of board members and members of senior management and establishes a confidential means by which employees or volunteers can raise ethical concerns. One particularly significant provision is the prohibition against any type of loan or financial gift by the nonprofit to a board member or member of the staff at any level. Note: board, staff, and volunteers should be required to read/sign the code of ethics. Ensure that each category addresses how the nonprofit commits to being in compliance with laws and regulations, being accountable to the public, and responsibly handling resources.

Talking Points • Organizational values that are present or expressed in the nonprofit’s mission and other supporting documents such as strategic plans. • Mission • Governance • Conflicts of interest • Legal compliance • Responsible stewardship of resources and financial oversight • Openness and disclosure 201

202

appendix f

code of ethics for board and senior

• Professional integrity, as these related to all aspects of services rendered and in the process of development/fundraising • Other issues that relate to how your nonprofit operates

Sample Code of Ethics for a Nonprofit Board Member

[Agency name Street address City, State, Zip code] Board Member Code of Ethics As a member of the [agency name] Board, I will: • Endeavor at all times to place the interest of the [agency name] above my own. • Be diligent in the performance of my duties, come prepared to all board meetings, and fulfill my obligations as a board member. • Not seek or accept any personal financial gain from my membership on the board of the [agency name]. • Seek to continually improve my knowledge of the [agency name] and the nonprofit sector. • Strive to establish and maintain dignified and honorable relationships with my fellow board members, the [agency name] staff, clients, and donors. • Strive to improve the public understanding of the mission and vision of the [agency name]. • Obey all laws and regulations and will avoid any conduct or activity that would cause harm to the [agency name].

Appendix

G

Board of Directors—Governance Profile and Performance Expectations

This document outlines the roles and duties of the board, including the distinction between governance roles and management roles within the nonprofit.

Oversight and Policy Making • Supervise executive director (ED) or CEO of the nonprofit • Oversight in areas of: • Financial operations • Internal controls • Compliance with federal, state, and local laws and regulations • Ultimate control and authority and responsibility for the nonprofit operations

Term Limits All board members should be subject to term limits. When a board member joins the board, it should be for a specified number of years. There should also be a specified number of consecutive terms that a board 203

204

appendix g

board of directors—governance profile

member can hold (usually two). There’s no point in having term limits if a member can serve ad infinitum. There should also be a specified number of years that the person must be off the board before he or she can be allowed to rejoin the board. Former board members can certainly be assigned to other projects or committees, such as the audit committee, to take advantage of their knowledge and skills.

Summary of Board Committees’ Descriptions and Performance Objectives Here are some types of committees that could be useful to your nonprofit. Not all nonprofits need every committee, so choose what works for you. • Finance committee • Audit committee • Development and fundraising committee • Personnel committee • Nominating committee (for the board of directors) • Facilities committee • Strategic planning committee • Risk management committee

Process for Board Member Nomination and Election Here’s a recommended process for identifying suitable board candidates, screening the candidates, and preparing a slate for board consideration. 1. Director recruitment. A list of potential candidates for the board can be developed through board member suggestions, networking, and by means of a community nonprofit clearinghouse. 2. Speak informally with each potential candidate to determine his or her interest in joining the board, the candidate’s individual credentials, and suitability. 3. Those candidates who express interest should be permitted to observe one or two of the nonprofit’s board meetings.

process for board member nomination and election

205

4. The nominating committee arranges for formal interviews with those candidates who would like to be considered. Board member obligations and performance expectations are discussed with candidates. Candidates are requested to present either a recent résumé or curriculum vitae. 5. The nominating committee presents the slate of candidates to the board. The board has been given the candidates résumés/CVs prior to the board meeting. A vote is taken on the slate, or by individual candidate. 6. Candidates are notified by phone, and a follow-up formal letter congratulating them on their election to the board. New board members should also be told when the board orientation will take place (see Appendix H for an orientation lesson plan), and how they can expect to receive a binder with board materials. New board members should also receive a conflict of interest letter for their completion and signature. New board members should also be paired with a current board member as a mentor.

Appendix

H

Board Orientation Session

The session should be approximately 60 to 90 minutes in length. The learning objectives of this orientation include: • New board members understand the nonprofit’s mission, vision, and strategic plan. • New board members have an understanding of the nonprofit’s history so they can appreciate where the organization has been and where it is headed. • New board members understand their obligations and performance objectives. • New board members understand the board policies on meetings, attendance, conflict of interest, and other policies that emerge from SOX best practices. • New board members have received their job descriptions and understand their performance expectations and fiduciary obligations as board members.

Outline of Curriculum • Introductions • Agency’s mission, vision, and strategic plan. This segment of the orientation provides an overview of the nonprofit’s mission, vision, and strategic plan. These documents should be part of the new board member’s “board binder.” 207

208

appendix h

board orientation session

• Agency’s history. This segment of the orientation should provide new board members with a brief history of the organization. Use of a time line to describe important events in the organization’s history can be helpful. • Being a board member. This section reviews the expectations of all board members. Particular emphasis should be on describing board member legal duties of care, loyalty, and obedience. Explain why board members are required to sign an annual conflict of interest letter, and why they need to review materials carefully before board meetings. It is important that the discussion parallel the materials found in the “board binder,” but also allow time for questions and answers. • Board member performance expectations. This segment reviews the material in the “board binder” on attendance requirements, conflict of interest policy, fiduciary obligations, financial support of the agency, code of ethics, and keeping informed about the agency’s operations. • Board member job description. This section is really a summary of the previous two sections and is presented so that board members understand their role in a more integrated fashion. If the agency has a committee system, describe how board members are placed on committees and performance expectations for committee members. • Role of the board mentor. If the new board member has been paired up with a seasoned board member, describe how the interaction will serve to enrich the new board member’s experience and provide him or her with a resource for questions or learning.

Board Binder Contents • Agency mission and vision statements • Agency strategic plan • Brief history of the agency • Financial statements from the past three months • Development and fundraising profile of the agency • Board member legal duties—care, loyalty, obedience • Board policies: • Meeting attendance and preparation expectations

board binder contents

• Fiduciary obligations and conflict of interest policies • Financial support of the agency • Code of ethics • Committee structure [if applicable] • Board roster • Staff roster

209

Appendix

I

Review of Internal Controls Report and Recommendations

Overview of the Project Describe: • Scope of the review and why it is being conducted • What the process for the review entails • Expected deliverables from the review

Systems Explain why the emphasis is on internal systems, and express (chart out if necessary) the types of interdependencies that exist within the agency’s internal systems. For each department, provide a brief description of each of its systems and discuss what other departments depend on of each department. For example: • Finance. Describe the systems of internal controls, the systems for payroll, receivables, and payables. • Information management. Describe the systems within the broad range of technology, such as e-mail, intranet, Internet access, software interdependency, and mobile technology, including cell phones, PDAs, and laptops.

211

212

appendix i

review of internal controls report and

• Human resources. Describe the required policies that are (or will be) put in place such as whistleblower protection, and how staff files are developed and kept up to date. Describe how performance expectations and performance reviews are coordinated. Describe other processes such as worker compensation claims process, benefit package administration, sick leave, and vacation time administration. • Operations. Describe the systems related to document retention (or identify if this system needs to be introduced), client intake and service, programmatic design and delivery, development, and other aspects of the agency’s operations. • Governance. Describe the agency’s governance system in terms of process for agenda development, strategic decision-making, board recruitment, and staffing. • Other areas of the nonprofit. This section would describe systems unique to the agency.

Recommendations and Time Line This section presents recommendations for those systems and policies that are specified by recent legislation (SOX or equivalent state law), and those systems and policies that need to be introduced to establish greater transparency and efficiency. Establish a reasonable time line and assign specific staff for completion of the deliverables identified in this section. For each deliverable, assign a staff member who will be accountable for the deliverable. Decide what you would be able to accomplish in: • One month • Three months • Six months Set a deadline for completing all of the systems/proof by 10 months from the start of the project. Book a look-back date (at the end of 10 months) to determine if further work is needed.

Appendix

J

Risk Management Plan

Profile As discussed in Chapter 9, the first component of a nonprofit’s risk management plan is the profile of the organization. In this section of the risk management plan, briefly review your nonprofit’s mission, and important statistics such as number of staff, clients served, and the like. It is also important in this section to list those SOX best practices that your nonprofit has adopted, or is in the process of adopting. The content of the profile should set the tone for your nonprofit’s commitment to being proactive in dealing with risk.

Risk Management Worksheets The risk-assessment worksheets for this plan correspond to the discussion in Chapter 9.

213

214

appendix j

risk management plan

Worksheet 1— List Areas of Concern Organizational Area

Concerns

Governance—board activities

Staff/volunteer

Operations

Relations with the public

Worksheet 2— Tier 1 and Tier 2 Risks Tier 1 risks are those risks that are the most frequent or cause the most concern. Tier 1 risks receive the highest priority in terms of effort and resources.

Tier 2 risks are those risks that the nonprofit wants to address, but because of time, staff, or resource constraints may have to address in the next round of risk assessment.

worksheet 4—time line

Worksheet 3— Strategies for Dealing with Risk Risk

Strategy for Dealing with the Risk

Worksheet 4— Time Line Risk

Recommended Action

Responsibility (Staff Member)

215

216

appendix j

risk management plan

Worksheet 5— Risk Administration and Monitoring Complete this worksheet three to six months after implementing a risk treatment strategy. Identify Risk

Evaluation of Success—Did the Treatment Have the Desired Effect?

Worksheet 6— Risk Management Plan Template: Table of Contents Risk assessment report for the FY or calendar year 20XX Nonprofit’s profile Goals and objectives Risk assessment for each of the four (4) organizational areas: governance, staffing/volunteers, operations, and relations with the public • First-priority risks: • Resources needed to address these risks • Techniques for each risk • Responsibilities and timelines • Desired outcomes/measurements of success • Documentation of prior claims, occurrences • Summary—risks that will be addressed this year; what will be done; when it will be done; who is responsible for the action

sample risk management plan: table of contents

217

For consideration in the next round of risk assessment: • Second-priority risks • Resources needed to address these risks • Techniques for each risk • Responsibilities and timelines • Desired outcomes/measurements of success • Documentation of prior claims, occurrences Other sections of risk management program: • Important documents—insurance policies (declaration sheet only) • Phone numbers of insurance professional, attorney, board of directors, other key staff, and volunteers • Risks to be considered for next FY or calendar year

Sample Risk Management Plan: Table of Contents Risk assessment report for the FY or calendar year 20XX Nonprofit profile—this section of the plan provides information on the nonprofit’s current status. This section would describe the SOX best practices that the nonprofit has implemented. Plan of action to address the risk assessment report First-priority risks—these risks are the ones that the nonprofit will address first. For each risk, describe the following: • Resources needed to address the risk • Techniques for each risk • Responsibilities and timelines • Desired outcomes/measurements of success • Documentation of prior claims, occurrences Second-priority risks—these are the risks that the nonprofit will address after the primary risks have been treated. These could also be the primary risks for the next round of risk assessment. • Resources needed to address these risks • Techniques for each risk

218

appendix j

risk management plan

• Responsibilities and time lines • Desired outcomes/measurements of success • Documentation of prior claims, occurrences Other sections of risk management plan • Important documents—insurance policies (declaration sheet only). Include just the cover page of each of your insurance policies (i.e., the page that has the limits of the coverage listed on it). • Phone numbers of insurance professional, attorney, board of directors, other key staff, and volunteers • Risks to be considered for next FY or calendar year —this is the section of the plan in which emerging issues can be documented.

Appendix

K

Business Continuity Plan

This appendix provides a fill-in-the-blanks method of developing an initial business continuity plan. Once the initial plan is compiled, your nonprofit will be able to see how the plan can be customized to meet your organization’s needs. It is very important to include only the information that is necessary and sufficient. There should be systems in place to back up files, databases, and other critical information so that your nonprofit can resume operations in another location if necessary.

Emergency Protocols This section of the plan should: • Include a floor plan(s) for each floor in your nonprofit—the emergency exits should be shown clearly • Include information on fire alarms (if applicable) and smoke detectors and instructions for evacuating the building in the event of an emergency • Provide instructions for dealing with the type of emergencies that are appropriate to your geographic location (i.e., earthquakes, tornadoes, etc.) • Give the location of fire extinguishers, first aid kits, and flashlights • Ensure that fire extinguishers are current, and are inspected and recharged as appropriate • Identify those individuals who are first-aid and CPR certified 219

220

appendix k

business continuity plan

Contact Information for Board Members and Staff Important! The data contained in this worksheet is confidential material and should have very limited distribution. You can paste the contact information for all board, staff members, and key volunteers in this section of the plan. The following categories of information should be provided for everyone on the list: Name Address Home phone Office Phone Cell phone Family member’s cell phone number Pager Fax Business e-mail address Personal e-mail address

Business Resumption Strategies for Each Department within Your Nonprofit Complete a strategy sheet for every department within your nonprofit. • For each department or function within your nonprofit, list the most important activities or tasks that have to be done to remain in operation. • What are the ways in which the nonprofit can ensure that these functions can continue or resume—perhaps at another location? • What are the materials and/or supplies that would be needed to resume these functions if the nonprofit’s offices are destroyed? • Provide an inventory of furnishings, equipment, and specialized software/hardware and other technology needs. • Cross training of the staff is essential. Ensure that more than one individual knows how to do each important task or function.

vendors

221

Communication • Internal communication. Identify the strategy for communicating with the board, staff, volunteers, and clients about the nature of the business interruption and how to contact the nonprofit. • External communication. Prepare a general statement that can be retrieved in the event of a business interruption. The statement should identify the name of the nonprofit, the name of the spokesperson, contact information for the spokesperson, provide a general description of what happened (the fewer the details, the better), and information about the location of the nonprofit and how to make an emergency donation (if applicable). • This section should contain the contact information for the local media.

Financial Services [Confidential—only include this section in the copies of the plan distributed to the executive committee of the board, the executive director, and the CFO.] In this section of the plan, include the account information for all financial accounts—banks, investments, and other financial instruments. The purpose of this section is to have the information available on a “need to know” basis for those senior board and staff members who are authorized to make transactions with your nonprofit’s bank and other financial service providers. For each bank and/or financial service provider, provide the following information: • Signature authority for your nonprofit—list the names and contact information for all signatories. • Bank codes and other security access information

Vendors Vendors are very important people to your nonprofit in the event of a serious business interruption. As you determine which vendors to include, consider commercial realtors, plumbers, electricians, locksmiths, windowrepair, and the like. IT vendors are always important, particularly if your nonprofit has to relocate.

222

appendix k

business continuity plan

Have at least the following information available for each vendor: Vendor name Contact person for your nonprofit’s account with the vendor Customer service manager (if the contact person is not available) Phone number Cell phone or pager Fax number Your nonprofit’s account number Person at your nonprofit who is authorized to place an order Alternate person Address of vendor

Service Providers—Utilities, Water, Governmental Agencies Have at least the following information available for each service provider: Contact person at the agency Phone number Cell phone or pager Fax number Your nonprofit’s identifying information (account number or ID number) Person at your nonprofit who is authorized to interact with the agency Alternate person Address of agency

If Your Nonprofit Needs to Relocate In this section, outline the materials and data that would be needed to resume operations in an alternative location. As you determine what you will need, also consider the sources of these materials and the account numbers and/or security codes that will be necessary to access the materials and data.

if your nonprofit needs to Relocate

223

• Vendors • Essential equipment and material to support the critical functions of this department • Contacts, account numbers, and security codes—identify the individuals who are in possession of this data • Other materials needed

Appendix

L

Bibliography AICPA. Sarbanes-Oxley Act/PCAOB implementation central. Retrieved on June 25, 2004 from www.aicpa.org/sarbanes/index.asp. Abernathy, K. Q. (2002). “Special alert: What WorldCom bankruptcy means to consumers.” Focus on Consumer Concerns 2, no. 5. Retrieved on August 15, 2004 from www.fcc.gov/commissioners/abernathy/news/worldcom.html. About the Great Depression. Retrieved September 24, 2004 from www.english .uiuc.edu/maps/depression/about.htm. Anderson, Christopher B. “Form 990: More Than Just a Tax Return.” The Tax Advisor 35, no. 4, (April 2004), p. 200 (2). Beattie, A. (2003). Why it’s all our fault: How investors often cause the market’s problems. Retrieved on June 17, 2004 from www.investopedia.com/articles/ basics/03/062003.asp. Bonello, F. J. (2004). Stock exchange. Microsoft Encarta Online Encyclopedia. Retrieved May 23, 2004 from http://encarta.msn.com/encyclopedia_761560145_2/ Stock_Exchange.html#p67. Borenstein, E. R. (1998). Legal need relative to non-profit and/or tax-exempt status of new organizations. Retrieved June 27, 2004 from www.muridae.com/ nporegulation/. Bumgardner, L. J. (2003). How does the Sarbanes-Oxley Act impact American business? Journal of Contemporary Business Practice 6, no. 1. Retrieved on July 19, 2004 from http://gbr.pepperdine.edu/031/sarbanesoxley.html. CNN.com (1998). The market “circuit breakers”: How they work. Retrieved on July 17, 2004 from www.cnn.com/US/9809/01/market.circuit.breakers/. Davis, R. R. (April 2004). Using disclaimers in audit reports: Discerning between shades of opinion. The CPA Journal, Online. Retrieved on August 3, 2004 from www.nysscpa.org/cpajournal/2004/404/essentials/p26.htm. 225

226

appendix l

bibliography

Editors of Career Press. Business Finance for the Numerically Challenged. Career Press: New Jersey, 1998. Eichenwald, Kurt. “Arthur Andersen convicted of obstruction of justice.” The New York Times (June 15, 2002). Emert, Carol. “Financial Irregularities Prompt Shakeups at Beard Foundation.” San Francisco Chronicle (September 15, 2004). Estrada, Heron Marquez. “Theft at Paper Exposes Vulnerability of Nonprofits.” Minneapolis Star Tribune (October 4, 2004). Everson, Mark W., Commissioner of the Internal Revenue Service. Testimony before the U.S. Senate Finance Committee hearings on “Charity Oversight and Reform: Keeping Bad Things from Happening to Good Charities,” Washington, DC, June 2004. Evergreen State Society (2003). What is Form 990?: How is it used?. Retrieved on June 16, 2004 from www.nonprofits.org/npofaq/19/06.html. Fabrizius, Michael P., and Richard M. Sarafini. “Learning to Love the Scrutiny: Initiating a Quality Assessment Can Help an Internal Audit Group Come Out on Top.” Internal Auditor 61, no. 1 (February 2004), p. 38(7). Farrell, G. “Anderson staffer says phrase was a hint to shred.” USA Today (May 21, 2002). Francis-Smithy, Janice. “Sarbanes-Oxley Holds Big Implications for Nonprofits.” Journal Record (January 8, 2004): 1. Hopkins, Bruce. “Sarbanes-Oxley Act of 2002: What It Means For Nonprofit Organizations.” Nonprofit Counsel XIX, no. 10 (October 2002). Internal Revenue Service. “Corporate Responsibility.” Ann. 2002–87,37. Jacobs, Jerald. “Conflict of Interest Policies—Address Them Now.” Association Management 55, no. 5. Washington, DC (May 2003), p. 17 (2). Lambert, Joyce. “Reduce Your Losses From Errors and Fraud.” Nonprofit World 16, no. 5 (Sept/Oct 1998): pp. 46–49. Lange, Michele, C. S. “Keeping Your Head: New Sarbanes-Oxley Rules Make Document Retention Dizzying.” Corporate Counsel Magazine (April 2003). Light, Paul C. “Fact Sheet on the Continued Crisis in Charitable Confidence.” Brookings Institution, Washington, DC, September 13, 2004. Markon, Jerry. “Ex-Chief of Local United Way Sentenced.” Washington Post (May 15, 2004). Maryland Association of Nonprofit Organizations. “Standards for Excellence: An Ethics and Accountability Code for the Nonprofit Sector.” Baltimore, MD, 2004.

bibliography

227

McDonough, Siobhan. “Survey: Charity CEO Raises Nearly Double Inflation Rate.” Advocate (September 27, 2004): 12.A. Mondaq Business Briefing. Governance and Nonprofit Corporations: Requirements and Expectations in a Post-Sarbanes-Oxley World. May 20, 2004. ———. Nonprofit Governance Reforms: Five Steps Toward Improved Accountability, May 25, 2004. Moskin, Julia. “Thousands Missing in Revenue Records of Culinary Charity.” The New York Times (September 6, 2004): A.1. Nonprofit Integrity Act (2004), State of California. State Senate Bill 1262, September 2004. Office of the Attorney General, State of California. “Attorney General Lockyer Unveils Reforms to Toughen Nonprofit Accountability, Fundraiser Controls.” February 12, 2004. O’Reilly-Allen, Margaret. “How to Have an Audit Without Breaking the Bank.” Nonprofit World 20, no. 4 (July/August 2002): 26(3). Peregrine, Michael W. and James R. Schwartz. “Taking the Prudent Path: Best Practices for Not-for-Profit Boards.” Trustee 56, no. 10 (November/December 2003): 24. PricewaterhouseCoopers LLP. United Way of the National Capital Area Forensic Accounting Investigation, Washington, DC. August 7, 2003. Revised Model Nonprofit Corporation Act (1987) defines “duty of care” in section 8:30: Schein, Edgar. Organizational Culture and Leadership, 2nd ed. San Francisco: JosseyBass Publishers, 1992. Schroeder, Mike. “Is It Time to Rethink Your Board’s Structure?” Nonprofit World 21, no. 6 (November/December 2003): 9. Schweitzer, Carole. “The Board Balancing Act: Achieving Board Accountability Without Micromanaging.” Association Management 56, no. 1 (January 2004): 34(7). Schwinn, Elizabeth, and Grant Williams. “IRS Outlines Audit Plans for Nonprofit Organizations.” Chronicle of Philanthropy 16, no. 1 (October 16, 2003): 33. Silk, Thomas. “Ten Emerging Principles of Governance of Nonprofit Corporations.” The Exempt Organization Tax Review 43, no. 1 (January 2004): 35 (4). Silverman, Rachel Emma. “Charities to Start to Grade Themselves.” The Wall Street Journal (August 18, 2004).

228

appendix l

bibliography

Snyder, Gary. “Boards Must Change the Way They Do Business.” Nonprofit World 21, no. 4 (July/August 2003): 14. Strom, Stephanie. “Questions About Some Charities’ Activities Lead to a Push for Tighter Regulation.” The New York Times (March 21, 2004): 1.23. ———. “Public Confidence in Charities Stays Flat.” The New York Times (September 13, 2004): A.17. Tyler, J., Larry Biggs, and L. Errol. “Conflict of Interest: Strategies for Remaining ‘Purer Than Caesar’s Wife’.” Trustee 57, no. 3 (March 2004): 22(5). United States Senate Finance Committee. Staff Discussion Paper released in conjunction with June 2004 hearings on “Charity Oversight and Reform: Keeping Bad Things from Happening to Good Charities.” Washington, DC, June 2004. Van Derbeken, Jaxon. “Free Clinics’ Ex-Exec Accused Of Fraud.” San Francisco Chronicle (June 25, 2004). Vishneski III, John S. “New Liabilities Created by Sarbanes-Oxley: Are Your Directors, Officers Covered?” National Underwriter 107, no. 48 (December 1, 2003): 36. Wallack, Todd. “Nonprofit Advisory Group in Crisis, Management Center Helped Local Agencies.” San Francisco Chronicle (January 22, 2004). ———. “Charity Settles in Pipevine Fiasco.” San Francisco Chronicle (February 19, 2004). ———. “SF Nonprofit to Shut Down.” San Francisco Chronicle (May 19, 2004). ———. “Nonprofits Fight Tougher Disclosure Rules.” San Francisco Chronicle (June 24, 2004). Walters, Brent R. “Nonprofits Are Corporations Too: Now It’s time for Iowa to Treat Them That Way.” Journal of Corporation Law 28, no. 1 (Fall 2002): 79, (25). Weidenfeld, Edward L. “Sarbanes-Oxley and Fiduciary Best Practices for Officers and Directors of Nonprofit Organizations.” Tax Management Estates, Gifts and Trusts Journal 29, no. 2 (March 11, 2004): 104 (4). Wolverton, Brad. “What Went Wrong? Board Actions at Issue At Troubled D.C. United Way.” Chronicle of Philanthropy 15, no. 22 (September 4, 2003): 27(4).

Index

Accounting system, 70 Accounts payable, 44 Accounts receivable, 43–44 Accrual basis of accounting, 41–42 Activity ratios, 55 Adelphia Communications, 6 Age of facility ratio, 62–63 American Red Cross, 12 Analyst conflicts of interest (Title V), 9, 11 Anti-discrimination legislation, 131 Arthur Andersen LLP, 6, 28, 33, 125 Assets, 43–45 Audit, 129 defined, 30 Audit committee, 33, 93, 129 creation of, 35–36 procedures and protocols, 195–196 role of, 36–38 and small nonprofits, 159–160 SOX requirements for, 34–35 Auditor, 141 restriction of services, 33–34 Auditor independence (Title II), 8, 11, 28–29 Auditor’s opinion, 30–32 adverse, 31 disclaimer of opinion, 31–32 qualified, 31 unqualified, 30 unqualified with explanatory language, 30–31

Average collection period ratio, 57 Average payment period, 59 Balance sheet, 40, 42–46 assets, 43–44 liabilities, 44 net assets, 45–46 sample, 167–174 Behavioral norms, 106 Behavior and its consequences, 104–105 Beliefs, 106–107 Below the line items, 48–49 Best practices (SOX), 127 checklists, worksheets and sample documents, 165–223 and the board, 85–102 governance, 86–89, 98–102 and creating competitive advantage, 137–154 and organizational culture, 103–121 for small nonprofits, 155–163 Black Tuesday, 4 Board, nonprofit, 22 composition of, 23 culture, 112–121 strategies for change, 120–121 transforming, 119–120 duties, 22–23 dysfunctional, 112, 114–119 governance profile and performance expectations, 203–205

229

230

index

Board, nonprofit (cont.) guided by ethical and operational principles, 100 incorporating SOX best practices in activities and administration, 96–97 leadership and role clarity, 99 members, potential, 142–143 membership and deliberations, 90–95 traditional standards of behavior, 91–93 upgraded standards based on SOX best practices, 93 orientation, 97–98, 207–209 overall management responsibility, 100–101 oversight and governance, 89, 98–102 policies and procedures, in small nonprofit, 161 recruitment and retention, 93 relationship with auditor, 32–33 responsibility regarding financial statements, 32–38 and staff interaction, 100 Board binder, 207–209 contents, 208–209 Bonds payable, 44 Bush, George W., 7 Business continuity plan (BCP), 149–154, 219–223 defined, 150–151 designing, 151–154 sources of business interruptions, 149–150 California “Nonprofit Integrity Act” (SB1262), 24–25, 87–88, 108 and fundraising activities of board, 101–102 Capital structure ratios, 55 Cash basis of accounting, 41–42 Cash equivalents, 43

Ceremonies, 106 Chief Executive Officer (CEO), and interaction with board, 100 Circuit breakers, 5 Client files, 132 Code of ethics for board and senior management, 94, 201–202 sample, 202 for small nonprofit, 161 Commission resources and authority (Title VI), 9, 11 Common-size analysis, 54 Competitive environment, 124 Confidential reporting system, 77–78 ombudsman, 77–78 third-party reporting systems, 78 Conflict of interest policy, 94–95, 197–199 for small nonprofit, 160–161 Control activities, 71 Coolidge, Calvin, 3 Corporate and criminal fraud accountability (Title VIII), 9, 12 Corporate fraud and accountability (Title XI), 10, 12 Corporate responsibility (Title III), 8, 11, 28–29 Corporate tax returns (Title X), 10, 12 Current assets, 43 Current investment, 44 Current liabilities, 44 Current ratio, 56 Days cash on hand, 58 Debt service coverage ratio, 65 Decision-making models, 98–99 Depreciation, 48 Development, 129–130 Document preservation (Title VIII), 9, 12, 79–84, 86, 95 Document retention, archiving, and retrieval, 79–84, 129–130, 131, 158–159, 191–194 and small nonprofits, 158–159

index

Donors, 130, 141–142 Dysfunctional boards, 112 factors that contribute to dysfunction, 118–119 sources of dysfunction, 114–116 symptoms of dysfunction, 116–118 Economic history, U.S., 3–7 Great Depression, 3–4 Securities Act of 1933, 4 Securities Exchange Act of 1934, 5 twenty-first century corporate and accounting scandals, 5–7 Adelphia Communications, 6 Arthur Andersen LLP, 6 Enron Corporation, 6 Global Crossing, 6 Tyco, 6 WorldCom, Inc., 6 Xerox, 6 EDGAR. See Electronic Data Gathering, Analysis, and Retrieval system Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system, 5 Enron Corporation, 1, 2, 6, 28, 125 Environment, 107 Ernst & Young, 33 Everson, Mark W., 13, 109 Executive director (ED) compensation package, 23 and interaction with board, 100 relationship with auditor, 27–28, 33 and responsibility for internal control system, 69 Exempt Organization Hotline, 2, 24, 87 Expenses, 48 Fairness, of financial statements, 32–33 Family and Medical Leave Act, 131 Financial Accounting Standards Board (FASB), 29 FASB standard 116, 30 FASB standard 117, 29–30 lobbying activities, 73, 74

231

salaries for managers and staff, 73 certification by upper management, 73 Financial disclosures (Title IV), 8–9, 11 Financial literacy, 94 training, for small nonprofits, 160 Financial operations, 128–129 Financial ratios, 55–65 asset management ratios, 55, 61–63 age of facility ratio, 62 fixed assets ratio, 62 total asset turnover ratio, 61–62 debt management ratios, 55, 63–65 debt service coverage ratio, 65 long-term debt to net assets, 63–64 times interest earned, 64 liquidity ratios, 55, 56–59 average collection period ratio, 57 average payment period, 59 current ratio, 56 days cash on hand, 58 quick ratio, 57 profitability ratios, 55, 59–61 operating margin, 60 return on total assets, 60–61 Financial statements, 29–30 analyzing, 52–65 common-size analysis, 54 financial ratios, 55–65 trend analysis, 53–54 basic statements, 40 board’s responsibility regarding, 32–38 reading and interpreting, 39–65 Financing activities, 51, 52 Fixed assets ratio, 62 Form 990, Return of Organization Exempt From Income Tax, 19–21, 40, 41, 67–74, 127, 140–141 advantages of good internal control systems, 69–72 board’s role in improving, 72–74 fundraising, 72–73 lobbying activities, 73–74 salaries for managers and staff, 73

232

index

board’s role in improving (cont.) certification by upper management, 71–72 importance of, 68–69 Form 990-EZ, 40, 41, 67–68 Fund balance, 45 Funding sources, 141–142 Fundraising, 72–73, 129–130 California Nonprofit Integrity Act and, 101–102 Gains, 47 Generally accepted accounting principles (GAAP), 29 Global Crossing, 6 Goals, 107 Grassroots organizations, 124, 125 Great Depression, 3–4 GuideStar, 40, 68, 127, 140 Haight-Ashbury Free Clinic, 88, 91 Harding, Warren, 3 Hoover, Herbert, 3 Human resources, 131–132 Income statement, 46 Insurance, 95 Insurance professional, 141 Internal control system, 69–72 accounting system, 70 code of ethics, 69 control activities, 71 monitoring activities, 71 review of, 126–135, 211–212 Internal Revenue Code section 501(c)(3), 29, 40, 67, 68 Internal Revenue Service (IRS), 140 Intervention strategies, 107–108 Investing activities, 51, 52 Labor payable, 44 Language, 106

Legislative environment for nonprofits, 13–25, 86–89 California’s “Nonprofit Integrity Act,” 24–25 U.S. Senate Finance Committee hearings on nonprofit accountability, June 2004, 13–24 Liabilities, 44 Loan policies, 125 Lobbying activities, 74 Long-term debt to net assets, 63–64 Mission-driven organizations, 124 Monitoring activities, 71 Mortgages payable, 44 NASDAQ, 35 National Center for Charitable Statistics, 40, 68 Net assets, 45–46 permanently restricted, 45 temporarily restricted, 45 unrestricted, 45 Newcomers, 104 New York Stock Exchange (NYSE), 4 Non-current assets, 44 Non-current liabilities, 44 Nonprofit organizations legislative environment and, 13–25 and relevance of Sarbanes-Oxley Act, 12–13 Notes payable, 44 Ombudsman, 77–78 Operating activities, 51, 52 Operating margin, 60 Organizational culture, 103–121 as barrier to SOX best practices, 108–110 defined, 104 interpretation of, 105–108 introducing change, 110–112 modeling new behavior: SOX best practices, 111–112

index

modifying current culture, 110–111 time required for change, 112 Orientation, 97–98, 207–209 Oxley, Michael, 2 Philanthropic Research, Inc., 140 Pipevine, 88 Platinum operating standards, 123–135 characteristics of, 125–126 conducting review of internal controls, 126–135 incorporating SOX best practices, 126–128 Policies and protocols, 107 Price Waterhouse, 33 Privacy issues, 130, 132 Problem solving, 107 Pro bono assistance, 162–163 Profit and loss (P & L) statement, 46 Programs and operations, 132 Public Company Accounting Oversight Board (PCAOB) (Title I), 7, 8, 10–11 Public Company Accounting Reform and Investor Protection Act, 1, 7. See also Sarbanes-Oxley Act Public trust and scrutiny, 89 Quick ratio, 57 Regulatory practices knowledge, 95 Return on total assets, 60–61 Revenues, 47 Risk management plan, 213–218 sample, 217–218 worksheets, 213–217 Risk management program, 144–149 designing program, 148 developing plan, 148–149 risk administration and monitoring, 147–148 risk assessment, 145–146 risk management implementation, 146–147

233

Roosevelt, Franklin D., 4 Rules of the game, 106 Salaries for key managers and staff members, 73 Sarbanes, Paul, 2 Sarbanes-Oxley Act (SOX), 1–26 best practices resulting from compliance, 3, 138–154 current legislative environment for nonprofits, 13–25 economic history and, 3–6 importance of, 7 list of titles and sections of Act, 7–12 provisions of, 2 relevance to nonprofits, 12–13 Schein, Edgar, 104 SEC. See Securities and Exchange Commission Securities Act of 1933, 4, 29 Securities and Exchange Commission (SEC), 5 EDGAR, 5 Securities Exchange Act of 1934, 5, 29 Small nonprofits, 155–163 adopting SOX best practices, 157 customizing SOX best practices successfully, 162–163 myths that impede, 155–157 scaling SOX best practices to suit needs, 157–161 Smith, Adam, 124 Social marketing, 111 SOX. See Sarbanes-Oxley Act Staff members, 143 Statement of cash flows, 40, 50–52 financing activities, 51, 52 investing activities, 51, 52 operating activities, 51, 52 sample, 184–187 Statement of changes in net assets, 40, 49–50 sample, 181–184

234

index

Statement of operations, 40, 46–49 below the line items, 48–49 expenses, 48 revenues, gains, and other support, 47 sample, 175–180 Stock market crash of 1929, 4 Strategic planning, 107 Studies and reports (Title VII), 9, 11 Suer, Oral, 113 Support, 47 Term limits, 203–204 Third-party reporting systems, 78 Time line, establishing, 135 Times interest earned, 64 Total asset turnover ratio, 61–62 Traditions, 106 Transparency, 21 Trend analysis, 53–54 Truth in securities act, 4 Tyco, 6 U.S. Senate Finance Committee hearings on nonprofit accountability, 2, 13–24, 108

proposals, 2 staff paper, 86–87 United Way, 12 United Way of the National Capital Area, 112–113, 125, 138 lessons learned from scandal, 113–114 United Way of the San Francisco/Bay Area, 88, 91 Values, 106–107 Vendor contracts, 130 Volunteers, 143 Web site, 143 Whistleblower protection (Title VII), 9, 12, 76–77, 86, 95, 132 sample policy, 189 and small nonprofits, 157–158 White collar crime penalty (Title IX), 10, 12 Workers Compensation claims and legislation, 131 WorldCom, Inc., 6, 125 Xerox, 6