Nonprofit Agendas - May, 2016

By Michael McNee  |  May 4, 2016  |  Download PDF

Marks Paneth has published the latest issue of Nonprofit Agendas.

The Changing World of Internal Audit

?Do you make use of its expanded role?

The internal audit function has evolved in recent years. The key role of a nonprofit’s internal auditors was once limited largely to testing financial and compliance controls and reporting their findings to the organization’s leadership. But today, with its cross-departmental perspective, the internal audit staff (whether employees or outsourced help) can help anticipate and mitigate a variety of risks, improve financial and operational processes — and even help evaluate the nonprofit’s strategies.

An independent function

On its most basic level, the internal audit function provides independent assurance of a not-for-profit’s compliance with its internal controls and their effectiveness in the areas of financial and operational risk. Potential risks include fraud, insufficient funds to support programming, and reputational damage.

Such risks are, of course, of concern to all types of organizations. But they’re particularly critical for nonprofits, which are often held to a higher public standard of integrity. Moreover, noncompliance with regulations could cost your nonprofit its tax-exempt status.

All-important duties

Internal auditors are typically charged with some of the most central — and critical — duties in an organization. These individuals, for example, should identify your nonprofit’s risks and prioritize them from high to low. They also must, through testing and other methods, assess the effectiveness of your internal controls. Further, your internal auditors should focus on the threats they’ve identified with targeted audit plans that give the greatest attention to high-risk areas. Their results should include reports with recommended improvements.

The internal audit function also typically includes evaluating compliance with laws, regulations and contracts; following up on management’s remediation actions to eliminate identified risks; and assisting external auditors, when applicable.

Internal audit’s overall objective is to help your not-for-profit accomplish its goals through proactive risk management and informed governance.

A wide-ranging review

The internal auditors’ wide-ranging review will consider everything involved in accomplishing the organization’s objectives, including financial procedures and processes (from cash and banking practices to financial reporting).

When high-risk areas are identified, auditors use various methods, such as the testing of transactions, interviews of staff and extraction of electronic data, to assess the strength of internal controls.

Smaller organizations aren’t exempt from the internal audit imperative. Their board and management can oversee internal controls with the assistance of a qualified third party.

What it takes to be effective

The effectiveness of the internal audit function hinges on several factors, and independence tops the list. Internal auditors should be independent from management and all areas they review to avoid bias or a conflict of interest. They should report directly to the board of directors or its audit committee.

Your board of directors and executive management should provide clear support for the internal audit function’s activities, and convey their importance to the full organization. Leadership must indicate its support both verbally and by its actions. For example, the board must meet regularly with internal auditors to discuss their findings and should visibly act on their recommendations.

Stumbling blocks

Not surprisingly, the quality of the internal audit function’s work is directly related to its capacity, yet one of the major handicaps suffered by many internal audit departments is insufficient resources. Even where the function is manned by individuals with extensive audit expertise, it might lack employees with the requisite knowledge of relevant program areas. For peak performance, internal audit should engage internal or outsourced staff with experience in compliance and controls, program areas, operations, and specialized areas (such as IT), especially those identified as high-risk.

Quality assurance reviews

A quality assurance review (QAR), required to be completed once every five years, evaluates the internal audit activity’s conformance with The Institute of Internal Auditors’ Definition of Internal Auditing, Code of Ethics, and Standards, and focuses on opportunities for improvement. The QAR can be in the form of a full external assessment or a self-assessment with independent external validation.

The final report will include recommendations for improving and enhancing the internal audit function’s role.

Beyond compliance

Although the internal audit function is often viewed mainly through the prism of compliance and internal controls, it has a lot to offer beyond risk assessments and audit plans. Savvy organizations have begun to tap internal audit for strategic purposes.

For those not-for-profits, the internal audit function serves almost as an internal consultant, providing critical insights gathered in the course of compliance and assessment work on issues such as operational efficiencies. For example, while reviewing invoices, internal auditors may discover a way to streamline invoice processing.

The internal audit function’s familiarity with the organization’s inner workings also affords it an unusual perspective for evaluating strategic opportunities. For instance, does your not-for-profit have an operational or financial weakness that could undermine plans for continuing your current programs or launching a new one? Your internal auditor should know the answer.

Bump up oversight

Internal auditors add an important layer of oversight to your organization. And in today’s environment, with increased public scrutiny of how nonprofits are governed and held accountable, this makes an effective internal audit function a must.

Continuity Planning

?Be realistic — prepare for a disaster

It’s early in the year and already the nation has been struck by its share of tornadoes, floods and blizzards. Nonprofits everywhere face the potential at some point of having to shut their doors because of a natural disaster. Add to the list the modern-day threats of prolonged power outages, computer hackers, flu epidemics and terrorist attacks, and the importance of having an effective disaster or “business continuity” plan in place should hit home.

But what does a complete continuity plan entail and how should you proceed to implement one? Or, if you already have a plan — only six out of 10 nonprofits do, according to a University of Dallas study — have you reviewed it lately?

What might happen?

When forming your continuity plan, your imagination is a good place to start. Challenge your staff to imagine what would happen if a disaster hit. What programs would be impaired if your physical site were shut down for several days or more? What would the impact be if your staff were unable to access your computer system for an extended period? If roads were closed to all but the most resilient vehicles, how would your operation be affected?

Once you’ve identified the risks and possible adverse scenarios, you can begin to develop suitable responses.

For example, if a fire badly damages your offices, your staff might be able to work remotely from their homes or an alternative facility, if proper arrangements have been made. And if important data about your constituents and programs has been saved — for example, in the cloud — your staff would be able to access that information seamlessly. (Also see “IT recovery strategies are crucial.”)

Here are some other factors to consider when forming a continuity plan:

Your disaster planning team. Your team should represent your full operation. Include representatives from each department and your board of directors. Appoint an executive to lead the group, because the plan is that important. The team should create, review, assess and modify the written document. Sub-teams should be created to handle certain tasks that will arise, such as contacting and updating staff and initiating data recovery.

Communication with the community, those constituents you serve. An important function following a disaster is communicating with the community and any reciprocal agencies you have identified. Appoint, or have the team appoint, a spokesperson for the organization. Also be prepared to coordinate with fire, police and government officials who might be able to offer assistance during a catastrophe.

Training and plan oversight. Your continuity plan should include staff training. Don’t shy away from devoting enough time to get them up to speed. Also, once the plan is finalized, it should be reviewed and updated at least once a year. Among other things, make sure that it keeps pace with technological changes at your organization.

Be prepared

No one wants to think that a catastrophe will hit their organization. But the truth is that disaster can strike at any time. As part of good governance, arm your organization with the tools and resources it requires to minimize the detrimental effects of a disaster.

Sidebar: IT recovery strategies are crucial

Recovering data should be a top priority after a disaster. The Department of Homeland Security recommends that you:

• Develop recovery strategies for all of your IT systems, applications and data, including networks, servers, desktops, laptops, wireless devices and connectivity,

• Anticipate the loss of one or more of the following: a secure computer environment, hardware, connectivity to a service provider, software applications and data — and develop appropriate responses, and

• Identify the IT resources required to support your time-sensitive functions and processes.

Your IT recovery plan should include a strategy to ensure that all crucial information is backed up. Last, document the plan and test it periodically to make sure that it works.

For more details, visit http://www.ready.gov/business/implementation/IT.

What to Consider About HR Outsourcing

?Too much work and not enough staff to go around? If being understaffed is getting you down, you might consider outsourcing your human resources function. It could give your staff more time to spend on your nonprofit’s other core duties, mission-driven programs and strategic plans.

Here are some suggestions to keep in mind if you’re thinking about outsourcing part or all of your HR work.

Weigh the benefits

First off, you’ll need to decide which segments of the HR function to “farm out.” Take a look at recruiting, training, benefits planning and administration, compliance monitoring, leave management and performance reviews. These are all labor-intensive responsibilities where expertise counts. Transferring all or some of them to the right outside party can vault your organization to a higher level of professionalism and efficiency in those areas.

The move also might result in improvements. For example, an HR specialist firm is likely to have more tools, contacts and time to spend recruiting new employees than your own organization has.

Calculate the costs

Let’s face it: You’ll appreciate the savings in staff hours caused by a decision to outsource. But the primary draw for most not-for-profits is reduced costs. So you’ll need to perform a cost-benefit analysis, and your CPA can assist with this step. Even if the cost is more to outsource, you may decide that the extra dollars are worth freeing up staff hours for other initiatives.

Gauge the drawbacks

One of the biggest drawbacks to outsourcing is the loss of control. That’s why it’s important to think through the ramifications of handing off various HR responsibilities. Certain tasks may require an understanding of your organization’s culture and history to be effective. Also consider the impact of letting go any HR people currently on staff who’d duplicate the outsourced work.

Before you contact outsourcing service providers, make sure you have buy-in from your staff and the board of directors. Prepare to launch Once you’ve researched and met with outside service providers (see “What to ask an outsourcing firm” for some tips), you’ll want your attorney to review the contract. And after you’ve committed, but before you make the big change, be sure that you have controls in place to monitor the quality of the new arrangement. Your CPA can assist you with this. Also appoint one or more individuals to test those controls regularly. Look to the future If you’re happy with your new arrangement, you might want to explore other areas of your operation as possible outsourcing candidates. Those could include payroll, IT, bookkeeping, financial management, purchasing or marketing and communications.

Sidebar: What to ask an outsourcing firm Before you choose a firm to handle your human resources function, you must do your homework. The Nonprofit Coordinating Committee of New York, comprising about 1,500 nonprofit managers and leaders, suggests asking these questions in person to three service provider candidates: • What is the scope of your service, in detail? • How long have you been in business? • Where are your services typically provided: on-site, off-site or a combination? • How many nonprofit clients do you have in my area, sector and size? • Can you provide references for three nonprofit clients of similar size and complexity to my organization’s? • How do you charge for services: hourly or on retainer? • Who’ll I be directly working with? • What will you expect of our organization, including the board and staff?

News for Nonprofits

?New leadership program offered online

New website Leaderosity offers online training in nonprofit leadership, and is operated by the Presidio Institute, a firm that fosters cross-sector collaboration among leaders. The American Express Foundation gave initial gifts of $1 million to launch the platform. The new site currently offers courses from the Presidio Institute and the Nonprofit Leadership Alliance.

According to the Foundation, the website is an ambitious digital effort to train aspiring charity executives.

The Foundation’s president said the site will serve as a centralized, one-stop location for a diverse range of courses created by professional development service providers and, eventually, academic institutions.

Cost per course will range from free to a few thousand dollars. A 5-week class, “Management and Leadership of the Nonprofit Sector,” which costs $300, was the site’s inaugural course. The Foundation hopes to make available as many as 40 courses in several languages in the next three years.

Proving that your programs are effective is crucial to donors

Evidence that a charity’s programs are effective is the most important factor in deciding to contribute to that organization, according to a recent survey. Of those polled by The Chronicle of Philanthropy, 68% cited that reason.

Participants pointed to low overhead spending (50%), good ratings from watchdogs (54%) and “working on a cause that has affected me or my loved ones” (39%) as other key influences in their decision to donate.

Most of the respondents (80%) said charities do a “very good” or “somewhat good” job helping people. But, when it came to finances, one-third said charities do a “not too good” or “not at all good” job spending money wisely. And 41% said leaders of charities are paid too much. Only 13% of participants said charities do a “very good” job of spending money wisely.

Princeton Survey Research Associates International conducted the telephone survey of 1,000 adults. How to improve your strategic planning sessions Teaching participants to distinguish between “strategic” and “operational” issues — so that the former may be discussed — should take place at the onset of any strategic planning event. That is, you want them to consider the “big picture” obstacles and opportunities facing your nonprofit rather than simply day-to-day issues. Here are some other tips for improving the strategic planning process at your organization: • Present future scenarios in operational rather than abstract terms (describing how the ideas will be implemented) to make future goals concrete, and

• Identify influential staff members who, during the sessions, can make presentations that display, and encourage thinking about, future goals rather than about past successes and failures.

Partner Profile: ?Sibi Thomas, CPA, CFE, CGMA

Sibi Thomas is a Partner with the firm’s Nonprofit and Government Group. Sibi plans, coordinates and conducts audits for a wide range of nonprofit organizations – including large social service organizations, third-party funded organizations, educational institutions, charities, and fundraising and membership organizations. Sibi has led numerous training seminars for clients and professional staff on various topics relating to new accounting standards, governance, compliance and financial reporting.

In addition to his professional activities, Sibi continues to hone his expertise in nonprofit accounting as an adjunct faculty member at New York University. He is also regularly published in nonprofit-related publications, discussing governance and financial reporting challenges faced by the sector.

When not working on client-related matters, Sibi enjoys spending time with his family and writing articles on various topics affecting nonprofits. He is also a huge soccer fan and follows Manchester United religiously.

Sibi resides with his family in Westchester County, New York.

Leverage Our Expertise

??Marks Paneth LLP is the 35th largest accounting firm in the US and 9th largest in the mid-Atlantic region. We have a long history of serving the not-for-profit community. Today, we work with more than 150 tax-exempt clients and proudly serve 20% of New York’s 25 largest charitable organizations, as ranked by Crain’s New York Business. Our firm is ranked in the top 1% nationally in pension plan audits and is the 8th largest preparer of Form 990 PFs in the US. Our Nonprofit and Government Group consists of approximately 45 people in New York and Washington DC, including our six Partners and four Directors listed below. If you have questions, please contact one of us. More information can also be found at markspaneth.com.

Nonprofit and Government Leadership Team Michael McNee, Partner-in-Charge of the Nonprofit and Government Group Hope Goldstein, Partner Joseph J. Kanjamala, Partner Sibi Thomas, Partner Warren Ruppel, Partner Anthony J. Tempesta, Partner-in-Charge of the Westchester Office Alan Becker, Director Howard Becker, Director John D’Amico

About Michael McNee