Kindle Version Available

Nonprofit Finance: A Practical Guide is available now as a kindle book on Amazon:

http://amzn.to/2GF2E8W

 

Nonprofit Payroll Risks and Controls

Some organizations run on volunteers only, but many need employees to perform certain tasks. Since having employees is costly, it’s no surprise that payroll is usually the biggest expense in the financial statements. Running payroll can be difficult, and while many organizations contract out outside payroll services, some prefer to process it in-house. Some key risks and controls with payroll are:

Risk: Time sheets could contain wrong information.

In many organizations receiving government funds, everyone files time sheets—even the president—to support charging grants “real” salaries rather than estimated/budgeted ones. Fortunately, many organizations use computerized timekeeping devices and time sheets that once implemented, reduce errors and confusion significantly.

A traditional internal control is for nonprofits to require supervisory approvals on time sheets (manual or electronic) to make sure hours and overtime are authorized. Auditors typically verify if the time charged to a grant was allocated and authorized properly. If the auditor finds errors or no time sheets, or time sheets with no approvals, the scope of the audit is likely to increase, becoming more expensive.

Risk: Employees may be fictitious.

Each employee should file the proper paperwork with human resources and should visit the HR department personally. I know of a case where a program supervisor “hired” a relative part-time who was a “ghost employee.” The nonprofit paid the “employee” for six months, while the supervisor cashed the paychecks.

It was only after a problem with the time sheet of this person (all fake) that the human resources manager got involved, and the fraud was discovered. So, it’s crucial for HR to see and meet with all employees, including part-timers to be sure they’re real and are actually working for the organization.

Risk: Unauthorized payroll changes or increases happen.

To make sure payroll records are correct, department managers should review and sign off payroll registers regarding their department at least once a quarter. Many department managers get the dollar amount of their department’s payroll expenses through regular internal financial reporting, but not the details.

So, having managers verify payroll numbers, overtime, sick days, vacations, etc. is very helpful in keeping it all correct. If they see someone claiming overtime that the manager didn’t approve, he or she can follow up on it.

Controllers or accounting managers should review payroll registers and change reports to make sure the persons running payroll aren’t paying themselves unauthorized overtime or salary increases—a fraud I witnessed that could have been prevented had the controller taken a look at payroll reports regularly.

Risk: Paying terminated employees by mistake.

One issue I often see with payroll relates to nonprofits paying terminated employees because payroll staff didn’t know about the terminations. Once paid, it’s tough to get the money back.  So, it’s important for human resources and managers to notify the payroll department when people quit or are let go. Staff may need to process final checks and update the payroll system.

Nonprofits may implement policies and procedures, including a checklist to follow when employees leave. Many details are involved, such as COBRA requirements that need to be handled correctly or the organization could be liable for fines.

Risk: Payroll information may leak.

Confidentiality is essential with payroll records. Nonprofits must keep all payroll-related documents, including time sheets, in safe, locked filing cabinets where only a few selected authorized personnel are allowed in. Similar security measures must be considered with access to the computerized payroll systems that should be very limited.

Nonprofits should hire people who are discreet and don’t discuss confidential matters with others in the organization. They should avoid using email when mentioning any sensitive payroll information because the system may not be secure enough.

Excerpt from book Nonprofit Finance – A Practical Guide Second Edition — https://goo.gl/M563u9

 

Ideas for Cash Controls

Cash is the riskiest asset of an organization. Why? Because it can be easily stolen or lost.

Below are some controls to prevent or identify these losses.

1-Two people should count any money before it’s deposited to be sure the total is correct.

2-Organizations should acquire a safe preferably bolted to the wall or floor with the code known to limited personnel to safeguard cash, checks not yet deposited, and other valuables.

3-Limit physical access to the area where money is received to just a few people.

4- Don’t keep cash, checks, or credit card slips on a desk or in another unsafe place that is easily accessible. Thieves typically look for petty cash in drawers under desk

5-Nonprofits should use their websites to collect money as much as possible.

6- Organizations should implement a policy indicating that no cash over a certain amount would be accepted.

7- When money is received, it must be deposited promptly in the bank after the count by two separate individuals to confirm the total amount.

8- Nonprofits should perform bank reconciliations, also known as cash reconciliations, every month to be sure all cash transactions have been accounted for correctly.

9- People outside accounting may answer phone calls or emails regarding complaints about payments not showing up in invoices or statements. The question would be– where’s the money these people sent in? The problem could be just an error or an unfortunate situation where money is stolen.

Just knowing that an organization has controls in place to prevent cash theft or losses may be a deterrent to some people with bad intent. The key here is for the tasks to be done all the time, not just once in awhile to avoid problems down the road.

Interested in CPE credits regarding nonprofits?  Online Practical CPE Courses

You can also check out my books:

Nonprofit Finance: A Practical Guide -Second Edition— Nominated for a  2016 McAdam Book Award

15 Quick Tips on Becoming a Great Consultant  — Free on Kindle Unlimited

Is Your Nonprofit Data Safe?

Many nonprofits keep confidential information on their computers, including sensitive data and items that cannot be lost. Membership or donor information, accounting data, and other confidential information should be safeguarded against snooping eyes.

A typical control here is to have a disaster preparedness plan, which includes a recovery strategy for the nonprofit’s functions. But that’s not enough.  Organizations should consider the following issues with software, hardware, and the cloud.

Software

Risks when dealing with software include unauthorized entry, loss of data, and confidentiality issues. Some internal control mechanisms to minimize these risks are:

  • Use anti-virus and firewall programs to prevent malware from infiltrating the system.
  • Do daily backups of all systems and keep the backed up file outside the premises.
  • Require IDs and passwords on all systems.
  • Acquire programs to identify and stop unauthorized entry using the Internet and other means.
  • Require information system’s authorization for program purchases to be sure the program is indeed needed and is compatible with existing software.
  • Once employees leave the organization, they should not have access to the nonprofit’s systems
  • Include security to prevent information systems personnel access to passwords or confidential information.
  • Create policies and procedures about computer usage and safety.

Hardware

The risks with hardware involve theft, maintenance, and obsolescence of the machines. Below are some controls to minimize these risks:

  • Place all equipment, including servers and printers, in a safe location.
  • Label all equipment with numbers and create a list of all equipment using the number and description.
  • Maintain this list, doing physical audits to identify equipment disappearances, losses and damages.
  • Centralize maintenance services and schedule them regularly.
  • IT management should approve purchases, retirement or sales of hardware.
  • Dispositions of old computers must be done carefully since they contain confidential information that may be recovered unless the nonprofit takes certain
  • Dispositions of old computers and peripherals must comply with laws to avoid poisoning the environment and possible fines.

Using the Cloud

Many nonprofits have been using accounting and other programs “in the cloud.” This means that organizations’ management and staff access these computerized programs through the Internet, making the software very convenient since employees can access the system anywhere as long as they have proper online connections, login IDs, and passwords.

-Organizations using old, unreliable equipment may benefit from the cloud since the data is not saved locally. If the server or individual computers stop working, the information is not lost and is still available.

However, there are risks associated with the cloud system. For example, the program may not be available online for long periods. So, before selecting a cloud system, check its reliability through Internet searches and word-of-mouth.

Once the organization decides to go online, management must trust the Internet provider to provide adequate security for the data, which may include donor information. Not surprisingly, data security of cloud systems is a major concern for both for-profit and nonprofit users.

Another issue with the cloud is the data transfer. If a nonprofit employs the cloud and then moves to another system, the existing data will need to be downloaded and transferred to another program. The cloud provider should allow for such transfers and help the organization in this matter, but some charge fees, so inquiries about this matter are beneficial to avoid surprises later.

Interested in CPE credits regarding nonprofits?  Online Practical CPE Courses

You can also check out my books:

Nonprofit Finance: A Practical Guide 2nd Edition— Nominated for a  2016 McAdam Book Award

15 Quick Tips on Becoming a Great Consultant  — Free on Kindle Unlimited

 

Another Nonprofit Exec in Jail

Not to be too paranoid here, but I just read an article about the Simi Valley Community Foundation whose former executive director stole over $45,000. According to the news, she forged a second signature on the checks used to pay her own mortgage.  Sadly, this embezzlement cost the organization its reputation as it had to stop operations, at least for now.  A total disaster.

It’s not clear how exactly the theft was discovered, but board members noted something odd, hired a forensic accountant to review the records, and went to the police with evidence of embezzlement. So, I give credit to the board for finding this out, but this theft had been going on for awhile.

So, what can a board do to prevent or identify financial fraud faster?

1- Knowledge –Get people on the board who understand financial matters and can ask the right questions. The board cannot have the obligation to fundraise and provide oversight only. Board members should have different backgrounds with least one person having the education and experience to really understand the information provided and ask good questions. Had this person been on the board of this Simi Valley nonprofit, the fraud may have been identified earlier.

2- Online Access –Have someone from the board check on the bank accounts of the organization online. He or she should review checks and deposits, looking for checks that don’t look right. Just having a policy about this review may deter fraud. Employees may think twice before forging signatures or doing something odd when they know that someone would be looking at the bank transactions regularly.

3- Pay attention –Listen to complaints from staff, donor, and vendors. Oftentimes, information that could be construed as gossip can be useful in pointing you in the right direction. People talk. Even though it’s not clear how the board of the nonprofit became aware of something wrong, my bet is that someone saw something and talked about it. Some nonprofits have started using hotlines for people to report possible fraud anonymously, a very good idea.

4- Variances –Pay attention to the actual vs. budget reports. Looking at this fraud, one may wonder how the $45,000 theft was classified and shown on the financial reports. The amount didn’t show up all at once, but it was likely classified as a budget item. So, if an overage is noted, the board should ask for back up documentations, such as bills.Talk only doesn’t explain financial issues.

5- System reports –Review new vendor/change vendor reports once a month to question any odd new vendor or changes. In this situation, the bank where the mortgage was paid to would have been added at a certain point to the accounting system. Had this report been reviewed, it may have flagged the bank as an odd vendor. Some accounting systems can send an email whenever a new vendor is added or changed, making this task automatic.

6- Bank reconciliations — Check on bank reconciliations, making sure they are done monthly. Keep an eye on deposits that are recognized in the accounting records, but don’t seem to be in the bank.  Also, look at the detailed outstanding checklist. This can be done online using the accounting system and can be emailed to someone at the board. If a check shows up at the bank, but not on the accounting records of the organization, it could be a red flag.

7- Self-reliance –Don’t count on auditors to notice embezzlement. Audits are designed to assure reasonableness of financial statements and they may identify fraud, but not always, especially when done by management. When something seems wrong, not it, and don’t wait for the auditors to figure it out. Insiders are the first people to note things that don’t seem right.

8- Education — Educate all employees on fraud and embezzlement. Nonprofits should have this topic on its policies and procedures documentation and not be embarrassed about it. Fraud happens not just with stealing funds, but in other areas as well, such as equipment theft and overtime pay without authorization. Just showing this awareness and clarity over fraud may prevent it in the first place.

It’s a shame that nonprofit boards must be always on alert for fraud and embezzlement, but that’s the reality of the situation.  Once a scandal happens, it’s hard for the organization to regain the trust and respect of donors, making it hard to move forward.

So, it’s time to talk about this issue openly and set up written policies and procedures with tasks specifically designed to prevent and identify fraud and theft.  The ideas presented here won’t assure boards that they are safe from this issue, but are steps in the right direction.  Each organization is different and I’m sure many will need more control features than the ones presented here.  The crucial point here is that fraud signs cannot be ignored by the board.

Interested on CPE credits regarding nonprofits?  Online Practical CPE Courses

You can also check out my books:

Nonprofit Finance: A Practical Guide — Second Edition 

Nonprofit Finance: A Practical Guide — Nominated for a  2016 McAdam Book Award

15 Quick Tips on Becoming a Great Consultant  — Free on Kindle Unlimited

Why Financial Rules Are Good for You

Oh no….Marcie from accounting is again asking for receipts, signatures and other stuff. Can’t she see that we’re busy?  What’s wrong with these people?  Where do they come up with these ideas? Well….there is a reason for this apparent madness and annoyance.

Many managers indeed get aggravated with demands from the accounting/financial department.  However, nonprofits have a lot to gain by following proper accounting requirements, such as requesting proper receipts or approvals. The requirements may seem a bit burdensome, but they serve important purposes within a nonprofit organization’s operations.  These requests are not to drive you nuts.

Oftentimes requirements for certain tasks are to assure that processes flow properly with enough check and balances to avoid errors or fraud. Below are a few important reasons for nonprofits to follow accounting requirements:

1- Financial requirements may be mandatory for recipients of federal and other government funding, such as demands for certain internal controls to avoid errors and misappropriations and the use of a budget. There is really no choice — either the nonprofit follows the prescribed requirements or funding stops.

2- The IRS specifically asks about financial tasks on the tax form 990, the information return filed by many nonprofits. For instance, the return explicitly inquires about the number of items reported on the form 1096, the Annual Summary and Transmittal of U.S. Information Returns. This is usually related to reporting payments to contractors over a certain amount. To comply with this inquiry properly, the nonprofit should have financial rules to capture this information.

3- The nonprofit must also follow all local, State and federal laws. For example, employees may need to file time sheets to be paid correctly. If they don’t follow this accounting rule, paychecks may be printed incorrectly, putting the nonprofit at risk for fines and penalties. So, accounting folks must require proper documentation and approvals so that this process run smoothly.

4- Following financial guidelines protect nonprofits from errors and fraud. An example would be the procedure of requiring approvals on all invoices to be paid. Usually, a supervisor approves such invoices to avoid payments for fake or wrong items or services. You don’t want employees charging the nonprofit for their own tech or other personal purchases.

5- Compliance with accounting requirements, including financial processes, are often evaluated by auditors to assess the risks of nonprofits. For instance, if an accounting requires monthly cash reconciliations, but the auditors note that they are actually done once every four months, most likely the audit risk will increase along with the costs of such audit. So, accounting requirements are to be followed ALL THE TIME to avoid problems. Even by the accounting department.

6-Financial  rules can help in building a nonprofit’s competence while minimizing confusion. For example, a rule to pay bills on only certain days every week may give employees the sense of a set order in finance. One cannot walk in and expect that a check would be ready within minutes. Financial rules can instill confidence and controls within a nonprofit.

Accounting, taxes change throughout the years, so don’t be surprised if the requirements change. For example, starting effectively in 2018, nonprofits must prove that they can pay their bills short term. This is a new requirement of FASB, the organization that dictates accounting rules for nonprofits. So, expect some new requirements from folks from the accounting department regarding this new guideline and others coming down the pipe.

You can check the new edition of the book Nonprofit Finance A Practical Guide at https://goo.gl/M563u9  -First edition nominated for a McAdam Book Award.