Basic Internal Control for Nonprofits

The idea of separation of duties is not that obvious for many organizations, specially the ones with tight budgets, having one person handle too many functions because it seems simple and straightforward.  It’s usually a mistake.

The overall goal of separating duties is to have a system osf checks and balances to prevent losses and mistakes.

See the following articles about this topic:

https://sanfranciscohotelso.weebly.com/department/organizing-an-accounting-departiment

http://www.exemptmagazine.com/management_tips/separation-duties-effective-internal-financial-controls/

http://smallbusiness.chron.com/strengthen-office-billing-accounting-procedures-3933.html

 

 

How Nonprofit Tax Form Helps Management

The nonprofit tax form 990 contains interesting questions and requirements that should be reviewed by the board, not just by the financial people. I highly recommend to download and print the full form, even if the nonprofit doesn’t need to file it.  You can check out the core pages at https://www.irs.gov/pub/irs-pdf/f990.pdf

Take a look at the 990 page 6- “Part VI Governance, Management and Disclosure “section” and what is asked in this page– it may be an eye-opener for many.

Untitled

As you can see, this form raises good questions that may be used to improve operations.  According to the instructions on the top, saying “yes’ to lines 2 through 7b requires explanations and management should review these items carefully.

Line 2 is about identifying people who may personally benefit from the organization, a possible private inurement situation, usually a no-no for tax-exempt organizations or a hefty excise tax. The take away here — be careful with business relations involving board members.

Line 5 is about the loss of assets, an intriguing item on the tax return. A “significant diversion of assets” according to the IRS is embezzlement, fraud, theft or other inappropriate use of funds that is the lesser of 5% of current annual gross receipts, 5% of total assets at year-end, or $250,000.  According to a Washington Post report in 2013, more than 1,000 organizations marked “yes” here and most were for embezzlement.  Besides giving details of the problem, it’s a good idea to also disclose any new internal controls used after the problem was disclosed to prevent it from happening again. Note that this is NOT confidential information.

Line 11 specifically asks about top management getting copies of the tax return and how reviews are conducted.  The board must be engaged in this process, even if they are not financial people.  They cannot say that they don’t know or understand the tax returns.

Line 12 asks about conflicts of interest while line 13 is about whistleblowing, and line 14 covers document retention and destruction policy.  These lines underscore the need for written policies, and under the conflict of interest item, the need to monitor those regularly.  The idea is to say “yes” to all of these.  And the take away for management is to make sure these policies are followed up by procedures to make sure they’re not just “lip service.”

Line 18 reminds organizations to make certain forms available for review, as required by law.   Such reminders are all over the tax form, including reminding nonprofits about reporting contractors and gambling winnings.  Management could highlight those items and follow up on them with the finance department.

Also, note that the 990 asks for the nonprofit’s mission statement as the first line, and also on Part III- Statement of Program Services Accomplishments.  The idea here is to match the mission statement to the programs.  If an organization mission is to provide food for the homeless, but programs relate to buying books to schools, the nonprofit may be at risk to lose its tax-exempt status, which can be a major problem.

 

You can check the new edition of the book Nonprofit Finance A Practical Guide at https://goo.gl/M563u9

 

 

 

Kindle Version Available

Nonprofit Finance: A Practical Guide is available now as a kindle book on Amazon:

http://amzn.to/2GF2E8W

 

Ideas for Cash Controls

Cash is the riskiest asset of an organization. Why? Because it can be easily stolen or lost.

Below are some controls to prevent or identify these losses.

1-Two people should count any money before it’s deposited to be sure the total is correct.

2-Organizations should acquire a safe preferably bolted to the wall or floor with the code known to limited personnel to safeguard cash, checks not yet deposited, and other valuables.

3-Limit physical access to the area where money is received to just a few people.

4- Don’t keep cash, checks, or credit card slips on a desk or in another unsafe place that is easily accessible. Thieves typically look for petty cash in drawers under desk

5-Nonprofits should use their websites to collect money as much as possible.

6- Organizations should implement a policy indicating that no cash over a certain amount would be accepted.

7- When money is received, it must be deposited promptly in the bank after the count by two separate individuals to confirm the total amount.

8- Nonprofits should perform bank reconciliations, also known as cash reconciliations, every month to be sure all cash transactions have been accounted for correctly.

9- People outside accounting may answer phone calls or emails regarding complaints about payments not showing up in invoices or statements. The question would be– where’s the money these people sent in? The problem could be just an error or an unfortunate situation where money is stolen.

Just knowing that an organization has controls in place to prevent cash theft or losses may be a deterrent to some people with bad intent. The key here is for the tasks to be done all the time, not just once in awhile to avoid problems down the road.

Interested in CPE credits regarding nonprofits?  Online Practical CPE Courses

You can also check out my books:

Nonprofit Finance: A Practical Guide -Second Edition— Nominated for a  2016 McAdam Book Award

15 Quick Tips on Becoming a Great Consultant  — Free on Kindle Unlimited

Another Nonprofit Exec in Jail

Not to be too paranoid here, but I just read an article about the Simi Valley Community Foundation whose former executive director stole over $45,000. According to the news, she forged a second signature on the checks used to pay her own mortgage.  Sadly, this embezzlement cost the organization its reputation as it had to stop operations, at least for now.  A total disaster.

It’s not clear how exactly the theft was discovered, but board members noted something odd, hired a forensic accountant to review the records, and went to the police with evidence of embezzlement. So, I give credit to the board for finding this out, but this theft had been going on for awhile.

So, what can a board do to prevent or identify financial fraud faster?

1- Knowledge –Get people on the board who understand financial matters and can ask the right questions. The board cannot have the obligation to fundraise and provide oversight only. Board members should have different backgrounds with least one person having the education and experience to really understand the information provided and ask good questions. Had this person been on the board of this Simi Valley nonprofit, the fraud may have been identified earlier.

2- Online Access –Have someone from the board check on the bank accounts of the organization online. He or she should review checks and deposits, looking for checks that don’t look right. Just having a policy about this review may deter fraud. Employees may think twice before forging signatures or doing something odd when they know that someone would be looking at the bank transactions regularly.

3- Pay attention –Listen to complaints from staff, donor, and vendors. Oftentimes, information that could be construed as gossip can be useful in pointing you in the right direction. People talk. Even though it’s not clear how the board of the nonprofit became aware of something wrong, my bet is that someone saw something and talked about it. Some nonprofits have started using hotlines for people to report possible fraud anonymously, a very good idea.

4- Variances –Pay attention to the actual vs. budget reports. Looking at this fraud, one may wonder how the $45,000 theft was classified and shown on the financial reports. The amount didn’t show up all at once, but it was likely classified as a budget item. So, if an overage is noted, the board should ask for back up documentations, such as bills.Talk only doesn’t explain financial issues.

5- System reports –Review new vendor/change vendor reports once a month to question any odd new vendor or changes. In this situation, the bank where the mortgage was paid to would have been added at a certain point to the accounting system. Had this report been reviewed, it may have flagged the bank as an odd vendor. Some accounting systems can send an email whenever a new vendor is added or changed, making this task automatic.

6- Bank reconciliations — Check on bank reconciliations, making sure they are done monthly. Keep an eye on deposits that are recognized in the accounting records, but don’t seem to be in the bank.  Also, look at the detailed outstanding checklist. This can be done online using the accounting system and can be emailed to someone at the board. If a check shows up at the bank, but not on the accounting records of the organization, it could be a red flag.

7- Self-reliance –Don’t count on auditors to notice embezzlement. Audits are designed to assure reasonableness of financial statements and they may identify fraud, but not always, especially when done by management. When something seems wrong, not it, and don’t wait for the auditors to figure it out. Insiders are the first people to note things that don’t seem right.

8- Education — Educate all employees on fraud and embezzlement. Nonprofits should have this topic on its policies and procedures documentation and not be embarrassed about it. Fraud happens not just with stealing funds, but in other areas as well, such as equipment theft and overtime pay without authorization. Just showing this awareness and clarity over fraud may prevent it in the first place.

It’s a shame that nonprofit boards must be always on alert for fraud and embezzlement, but that’s the reality of the situation.  Once a scandal happens, it’s hard for the organization to regain the trust and respect of donors, making it hard to move forward.

So, it’s time to talk about this issue openly and set up written policies and procedures with tasks specifically designed to prevent and identify fraud and theft.  The ideas presented here won’t assure boards that they are safe from this issue, but are steps in the right direction.  Each organization is different and I’m sure many will need more control features than the ones presented here.  The crucial point here is that fraud signs cannot be ignored by the board.

Interested on CPE credits regarding nonprofits?  Online Practical CPE Courses

You can also check out my books:

Nonprofit Finance: A Practical Guide — Second Edition 

Nonprofit Finance: A Practical Guide — Nominated for a  2016 McAdam Book Award

15 Quick Tips on Becoming a Great Consultant  — Free on Kindle Unlimited

Setting up an Accounting Dept– Some Pointers

 

Many growing for-profit and nonprofit organizations find themselves with financial reports that make no sense, “forgotten” revenues and slow bill paying processes. They may be at a point where the part-time bookkeeper is over his or her head and flooded in work. So, what can you do? Below are some ideas to get you going.

Identify accounting tasks

You can look at accounting tasks and divide the work within these tasks. For example, a typical accounting department performs the following work:

  • Pay bills – Accounts Payable
  • Recognize revenues – Accounts Receivable
  • Process payroll – Payroll Administrator

Other tasks associated with an accounting department are: Cash management, bank reconciliations, budgets, financial reporting, and taxes. In large businesses, each of these functions is performed by one individual or more. In smaller firms, tasks are shared and the staff is supervised by a manager or a controller, who often is responsible for financial policies and procedures for the organization.

Analyze functions

Many businesses, including nonprofits, organize their accounting department using flowcharts and job descriptions. You don’t want to have the same task be performed twice or three times, but also,  you don’t want to miss an important process. Some nonprofits hire outside consultants to help them in organizing their department for maximum efficiency, while considering risks and controls. Unfortunately, this last option is usually used after a fraud or loss situation, when people are traumatized and willing to pay for professional advice.

Hire people with proper accounting skills

A common mistake is to assume that accounting is easy and can be done by the person who is a receptionist or works in another part of the organization. Without training or education, this person should be able to perform accounting functions of a full-charge bookkeeper. That’s a mistake and is not fair. Hire accounting people who have the proper education and experience. Accounting managers or controllers should have at least a bachelors’ degree in accounting. Someone with a four-year degree in business and a few years of accounting experience may also qualify.

Segregation of duties

As you organize the department, consider segregation of duties. For example, the person who opens the mail or receives money should NOT be the person who books revenues in the accounting system. If the person running accounts payable is also doing bank reconciliations, then a manager or controller should review the reconciliation and look at cashed checks. Why?  To have check-and-balances, internal controls, to prevent and correct mistakes or misappropriations.

Background checks 

Don’t forget to run background checks on all employees and volunteers dealing with accounting and cash functions. Make this a policy within your organization, so that people understand the situation as one of internal controls, not just paranoia.  Actually, many insurance companies require this step before issuing policies against theft and fraud.

Interested on CPE credits regarding nonprofits?  Online Practical CPE Courses

You can also check out my books:

Nonprofit Finance: A Practical Guide – Second Edition— First edition Nominated for a  2016 McAdam Book Award

15 Quick Tips on Becoming a Great Consultant  — Free on Kindle Unlimited

Yikes— Nonprofit fraud again….

It’s too common to hear that a trusted person has taken money from a nonprofit illegally. Even a little bit makes my blood boil. Stealing from any business is bad, but from a nonprofit that provides goods and services to a community is just despicable. The problem is that the organization staff and managers may not aware that something is amiss or odd. People are busy with their own jobs and day-to-day activities to focus on situations that may point to internal fraud. Ghost employees and unauthorized overtime pay come to mind…

Ghost Employee

A ghost employee situation happens when someone is hired and paid, but he or she doesn’t really exist and, not surprisingly, never shows up for work. But nobody notices it. I have this happening with a nonprofit program for youth where a manager hired this new person, Mary, who filled out timesheets and was very, very quiet.  This manager was an old-timer with the organization and could control many aspects of the program, which was located in a different building. When asked, she would give glowing reviews of Mary, a great find.

This situation went on for a few months. Mary was too busy to show up at the HR office to sign papers and the manager would take all to her, as to not inconvenience the HR dept. that was busy with other activities. Paychecks and other stuff were always picked up by the manager as well. Things were going well for Mary, until someone in HR had to talk to her about benefits. And she was nowhere to be found. Actually, Mary never existed.

The manager used a relative’s name and social security to “hire” Mary.  In fact, the manager was cashing all payroll checks after Mary would endorse them to a “business checking account” the manager had.

This ruse may not have worked with a smaller nonprofit, where everybody knows everybody, but it can happen with large ones that operate in various locations and have many employees in various programs. What can be done to avoid this situation?

1- HR should meet every employee and match the face with a drivers’ license or other identification. If one cannot meet personally, then at least a video talk can be utilized.

2- Run background checks on all employees. In the case of Mary, for example, the last job the real one had was in the seventies, so a background check would have helped to identify strange jobs or situations that may raise suspicion.

3- If a nonprofit is large enough to have an internal audit department, auditors should always check on new hires to make sure they are working where they are supposed to be.  They also could personally meet all employees.

4- Payroll should distribute checks or check stubs to employees personally at least once every quarter or year. The point is to meet new employees.

5- Watch out for employees who claim very little or nothing to be withheld in taxes. They could be just fake employees used for someone else to cash in.

Unauthorized Overtime Pay

This type of theft happens when someone gives him or herself a bump in pay by showing overtime that wasn’t authorized and never happened. While many organizations have policies regarding payment of overtime, this fraud keeps going on in government, for-profit and nonprofit sectors. Take Amtrak, for instance, that paid $200 million in overtime in 2014. Unfortunately, a lot has been deemed as fraudulent according to the Amtrak’s Office of Inspector General  (Dailysignal.com).

The fake overtime bid can be perpetrated by staff, managers and payroll personnel  Actually, I have seen this happening when finance managers and others were not paying attention, didn’t supervise the guy running payroll, and didn’t know much about controls. He paid himself overtime running into the 5 figures, which was material for the nonprofit. Since overtime pay can be time and a half or even more, the nonprofit lost quite a lot of money with this fraud.

Sometimes employees fake a supervisor approval signature or may change a time sheet after it’s approved. This problem is minimized with online or electronic time sheets, but odd things can still happen, as the authorization may be automatic and not reviewed carefully by a supervisor.

Like the ghost employee fraud, this one is harder to identify with larger organizations, where details may get lost and certain people may work in more than one department, making payroll a bit complex and allowing the fraud to happen.

What can nonprofits do to minimize the problem of unauthorized overtime pay?

1- Any overtime claimed by managers should be scrutinized since managers are usually exempt from overtime.

2- Be sure managers, especially the ones supervising payroll, have the time and focus to reviewing payroll reports. Oftentimes, managers, especially in the administrative area, wear too many hats, are spread too thinly to don’t a good job in paying attention to payroll issues, including overtime and exceptions reports.

3- Department leaders should sign off on payroll reports at least once every quarter to document that they looked at the information.  The act of manually sign off usually make people pay a bit more attention to such reports.

4-Know the total payroll amount for each department and if totals on payroll reports are very different, inquire about it.  Usually, this is done using budget numbers related to wages and benefits.

It’s a shame that people are willing to take advantage of nonprofits to enrich themselves. But it does happen and organizations should do whatever they can to minimize this problem or they may lose funds and credibility, which could spell disaster for any business.  Don’t wait until something happens to take action to prevent these types of fraud.
Interested on CPE credits regarding nonprofits?  Online Practical CPE Courses

You can also check out my books:

Nonprofit Finance: A Practical Guide — Nominated for a  2016 McAdam Book Award

15 Quick Tips on Becoming a Great Consultant  — Free on Kindle Unlimited

Preventing Fraud in Your Nonprofit– Tips

I don’t know about you, but I’m sick and tired of hearing about nonprofit fraud, especially when done by an in-house, trustworthy person. It’s heartbreaking to see people in stealing from such organizations. In many cases, the theft lasts for a while, until someone stumbles upon it by chance to the shock and dismay of many people. Unfortunately, this is not that rare. So, how can a nonprofit stop such unpleasant incidents and at the same not be overtly suspicious of people who are, in most cases, innocent?

There are a couple of activities that can be used to find errors that may be very innocent, while at the same time identify signs of fraud. These tasks, known as controls within financial circles, can do double-duty in keeping an organization safe and error-free. They are by no means the only controls to prevent or identify fraud, but they are fairly easy to perform and worth a close look.

1- Look at bank accounts online —-Someone from the board could review bank activities online, looking for unusual vendors or checks. This task should be specified in the organization’s policies and procedures and should be known by everyone. The idea here is to let people know that there’s a process established that is part of the day-to-day business of the organization and not a big deal. Having a board member ask questions about checks and deposits should be expected. This is not micro-management, but a way to double check on bank transactions, like unusual vendors or amounts paid out or deposited.

A second pair of eyes looking at online bank data at least once a week can also help to find errors. For example, if the board member knows that someone donated $20,000 recently, but only sees $2,000 deposited in the bank, then the bank should be contacted and asked if this was an error on the part of the bank, which can happen. This discrepancy could also be an error from accounting that can be fixed right away. However, if errors don’t explain the discrepancies, then the situation needs to be further investigated. There’s a chance that someone misappropriated the funds, even if you don’t want to think about it.

2- Contact donors often — Someone outside development dept. or the CEO’s office could contact donors, especially if they haven’t donated as before or as expected. The point is to have someone who usually doesn’t talk to donors to follow up on an informal basis, verifying if any donation or payment was made. Why is this important?

Fraudsters call donors as a follow-up, but when the money arrives instead of depositing the money in the organization’s bank account, they deposit it elsewhere. Sometimes the payment goes to a bank account with similar name or initials, while other times the check is endorsed and deposited elsewhere with a totally different name.  Banks usually don’t look this closely at the check to identify the ruse, unless there is a problem. Accounting staff wouldn’t  know about the donation, and nobody, except for the thief, knows about the payment. This issue may be found when someone different talks to the donors.

Note that issues found are likely to be very innocent as well. Maybe the donor forgot about making the donation. However, if the donor made a payment, but it didn’t make it to the organization’s bank account, it could be because it was lost or the bank deposited it in the wrong account by mistake. These situations usually don’t point to internal fraud, just errors that can be corrected.  The point is to follow the money trail.

These are only a few activities a nonprofit can do to protect itself against theft and fraud.  It’s sad that we have to be a bit paranoid running a nonprofit, but it’s a must in today’s environment. Auditors may come in once a year to double check on financial issues, but they usually don’t find all fraud. By following just these two processes, nonprofits can make fraud harder to happen and that’s always a good thing.

Check out the book “Nonprofit Finance: A Practical Guide- Second Edition” –– First edition was nominated for the 2016 McAdam Book Award.

 

Checks & Balances Ideas for Nonprofits

Checks and balances are activities that protect organizations against errors and fraud. Also known as internal controls, these checks and balances provide an extra level of protection to the organization so that errors or losses are issues are caught and can be fixed or managed. Internal controls may also protect against fraud, including money theft. The good news is that you don’t  need to spend a fortune to have good controls at a small environment, nonprofit organizations.

Below are some ideas that can be implemented easily to protect your organization:

1- Have bank statements sent to the home of the executive director or a board member not involved in accounting. This person can take a quick look at the statement and at copies of checks for any unusual activity. Then he can give the statements to accounting personnel. Since many use online banking, someone apart from accounting can take a look online at bank transactions, even before statements are mailed out.

2- Always have two people counting cash. One person can count first while another one witnesses it, and then the other person counts it, writing down the total and then securing cash with a rubber band and/or an envelope. Keep it in a safe before depositing it in the bank, not in a drawer or in an obvious place. If needed, get a safe and have it bolted to the floor or wall.

3- Wire transfers must be done by two people- one to initiate the transfer and another one to approve it. Both could have passwords or PIN numbers for extra security. In the case of online payments where the bank pays someone directly, at least one person outside accounting should approve this before it is done. You can set this up with your bank.

4- Petty cash is kept in a safe, not in a desk drawer. Thieves know that drawers may contain petty cash and they go there first. Keep petty cash small and replenish often, checking on receipts.

5- Review bank reconciliations monthly with no delays and look at odd deposits that have not cleared the bank and old checks that are still outstanding. Check on deposit amounts on the books and on the bank to make sure they are the same. Also, look at checks being cashed to see if the amount and payee make sense. Many online banks allow you to actually see a copy of the check online, which can be very helpful.

6- Give receipts to everyone giving your organization money, especially cash. The receipt book should have duplicates so that the top receipt goes to the donor and the copy stays in the book. Depending on the amount, the person receiving the money could sign a receipt to make sure the organization has proper records.

7- If using faxed forms for donations or payments, mark the original faxed page as “Original” in red. This is especially important in credit card donations. Otherwise, it is too easy to charge a card multiple times for one donation. Make sure that donors know that faxed forms are NOT to be mailed. A good option here is to handle most cash inflows through a website.

8-People working with cash and accounting should take vacations. Many fraud cases are discovered when the perpetrator is home sick or away and someone else takes over for a few days. It’s good to have more than one person trained in certain accounting tasks so that if something happens, he or she can fit in with minimum training.

9- Make sure your insurance policy covers losses, such as fraud, just in case. This policy should also cover volunteers and part-timers. Be sure to double check with your insurance company regarding any special events or programs that may require a special rider.

10- Consider getting background checks on everybody handling financial tasks. It’s not that expensive and you can decide about hiring the person upon reviewing the background check. These checks are often required by insurance companies, so it’s usually not a big deal.

Check out the book “Nonprofit Finance: A Practical Guide” –– Nominated for the McAdam Book Award