In the for-profit world (and particularly among SEC-regulated companies), environmental, social and governance (ESG) planning has largely focused on compliance and risk mitigation. Given the mission-based orientation of nonprofits, ESG can be approached as an opportunity to grow their mission and impact in a rapidly changing world. The integration of environmental and social sustainability principles into nonprofits’ operational lifecycles will be key to ensuring donor retention and programmatic success for years to come.
The Rise of ESG Standards and Reporting
Over the past few years, multiple global ESG frameworks and standards have emerged to encourage sustainability strategies and provide guidance on sustainability reporting and disclosure. In the for-profit space, ESG reporting is often used to inform investment decisions, comply with regulations and/or give a company a competitive edge. At present, there is no universally followed standard in place, but there is movement toward consolidation of frameworks and standards. The International Sustainability Standards Board (the ISSB) recently merged with the Sustainability Accounting Standards Board (SASB). In addition, the Global Reporting Initiative (GRI) is a leading framework guiding corporate ESG transparency. Together, they are collaborating in an attempt to establish universal metrics for reporting greenhouse gas emissions, human rights protections, diversity, equity and inclusion (DEI) progress, and linkages to the United Nations Sustainable Development Goals.
In a few short years, the private sector has evolved beyond the early adopters who have expanded their corporate social responsibility efforts into broader ESG reporting. Today, companies understand the risk of being left behind if they do not adopt comprehensive ESG programming. ESG reporting is becoming the new normal, even for entities not beholden to SEC regulations. In the corporate space, ESG adoption is often a reactive response to the demands of investors, customers and other stakeholders. That said, nonprofit organizations will ultimately face demands from their stakeholders; however they are uniquely positioned to leverage ESG to enhance their mission and brand.
The Social License and Increasing Call for Transparency
Nonprofit organizations exist to serve individuals and communities where gaps in the market are unaddressed by the private sector or government. Their social license to operate comes with the benefit of tax exemption in exchange for providing services and transparency (e.g., IRS Form 990). As the nonprofit industry has evolved, so have reporting expectations. In addition to reporting to the IRS, nonprofits self-report an ever-increasing amount of impact and operational data to third-party evaluators such as Charity Navigator, GuideStar and Candid. ESG reporting is the next evolution of transparency reporting for nonprofits.
As nonprofit organizations are adept at reporting financials and an increasing amount of impact data, they must now navigate the evolving expectations related to ESG stakeholders. For stakeholders focused on the bottom line of mission impact, it must not come at the expense of unaddressed (or uncalculated) negative environmental impacts. For example, stakeholders expect nonprofits to understand their environmental footprint and develop strategies to mitigate it. BDO’s Nonprofit Benchmarking Report shows that 18% of nonprofits surveyed report evaluating their vendors, partners and/or funders for their alignment to ESG policies and actions. If that expectation has not been set for an organization today, it is only a matter of time before corporate donors or other stakeholders will expect to see disclosure and alignment. Donors who are accustomed to evaluating their own investments utilizing ESG indexes will be asking questions about the investment portfolios for endowments that fund a nonprofit organization’s programs. Foundations are increasingly aligning their endowments to ESG metrics utilizing the Global Impact Investing Network’s (GIIN) IRIS+ for measuring, managing, and optimizing their impact. Lastly, stakeholders who expect an organization to embody expectations of DEI will also expect reporting on established metrics that demonstrate evidence of progress.
An Opportunity to Grow the Mission
As nonprofit executives examine the industry landscape and their organization’s opportunity to thrive in the future, sustainability must become a key focus in all aspects of management. From attuning to evolving stakeholder priorities to ensuring continued access to donations and capital, and amplifying the impact of their mission, the integration of ESG principles into all facets of the nonprofit lifecycle will contribute to continued success. Indeed, leading industry organizations such as the American Red Cross have exhibited this imperative by incorporating formal ESG programs into their strategic plans.
Establishing ESG expectations at the leadership level can also drive adoption throughout the organization. Program staff can seize the opportunity to further integrate ESG elements and frameworks into program design, delivery and measurement. Development professionals can utilize ESG reporting to articulate insights attractive to individual, corporate and foundation donors. Communication and marketing professionals can tell a truly holistic story of impact. Finance leaders can ensure that their investments reinforce the organization’s mission.
Written by Karen Baum and Corey Eide. © 2023 BDO USA, LLP. All rights reserved. www.bdo.com
An endowment is a pool of funds donated or set aside to be preserved over time in order to support an organization’s mission. Nonprofits establish endowments for a variety of reasons, usually as part of their long-term strategic plan. Donors may contribute assets, such as cash and securities, and make pledges for future contributions to a nonprofit for creating an endowment.
While an endowment is a great idea for long-term planning and may provide continuous funding for charitable activities, it comes with some nuances that must be carefully navigated to ensure it is successfully managed and fulfills the intended purpose for the organization.
The main types of endowments are as follows:
|Perpetual (donor restricted)||Perpetuity||Principal (corpus) preserved perpetually, while earnings may be expended based on donor stipulations.
|Term (donor restricted)||Varies||Principal preserved for a specified period or until the occurrence of an event, specified by the donor.|
|Board designated||Varies||Principal usually retained, while earnings may be expended. Principal may be utilized upon board approval.|
Understanding what they are and how to account for endowments
“I received an endowed gift. Now what?” Nonprofits that never had an endowment may not know where to start. Endowments are governed by guiding documents, which may come in various forms such as a trust instrument, other written agreements from the donor or a board resolution. Identifying the right key words in these documents becomes crucial to ensuring that endowments are set up and accounted for correctly. Additionally, recognizing the type of endowment is also important to ensure the appropriate accounting guidance is applied.
Stipulations plus governing laws
Endowment operations are not only governed by the gift instruments but also by state law. Nonprofits may not appropriately prioritize these. The Uniform Prudent Management of Institutional Funds Act (UPMIFA) is a uniform act that provides guidance on investment decisions and endowment expenditures for nonprofit and charitable organizations. Except for Pennsylvania, all states and the District of Columbia have enacted their version of UPMIFA. Pennsylvania has its own endowment law not based on UPMIFA. Nonprofits may not realize that the donor’s stipulations take precedence over UPMIFA, albeit at times the donor stipulations are not explicit enough to override UPMIFA. This can create confusion.
Unclear donor intent
It is not uncommon for donor agreements to be vague when it comes to conveying the intent and purpose of the gift. These documents can be written by various persons who are not accountants, which can create challenges when determining the appropriate financial statement classification and operating mechanics of the endowment.
Endowment management can be complex and time consuming without proper resources and knowledge. Nonprofits need to track endowment activity in detail, and retain adequate supporting documentation for all gifts and any investment returns. Funds are often commingled in investment pools, which can create allocation challenges for nonprofit accounting teams. Various levels of expertise and strong internal controls are required for effective management.
Over time, donors can submit modifications to their original gift instruments that are not correctly applied on a prospective basis. Nonprofits need to retain support from donors who make modifications to their endowment agreements as a record for any changes made to the accounting and treatment of an endowment from a donor.
Balancing the objectives
Under UPMIFA, applying prudence to the fund to preserve value is the goal, not just retention of the dollar amount of the initial corpus. This is due to the time value of money. A gift of $100 in 1990 is not worth the same today; thus, to preserve the purchasing power of the fund’s principal, prudent investment and spending policies must be applied, while considering the donor’s stipulations for the fund’s use. Funds with deficiencies (where the fund value drops below the corpus) require special considerations related to spending and estimating future recovery. Many of these challenges also apply to a board-designated endowment fund. A board-designated endowment fund is created by a nonprofit organization’s governing board by designating a portion of its net assets without donor restrictions to be invested to provide income for a long but not necessarily specified period. Proper management and investment tracking are also applicable to this type of endowment fund. The board of the organization establishes the purposes for the endowment fund and this should be documented in the board minutes.
Navigating the Challenges
To effectively manage endowments, nonprofits need to be proactive, sophisticated and careful. They must be willing to make the required investment to educate their team and put the right processes and controls in place. Here are some tips to help organizations navigate the challenges discussed above:
- Adopt formal gift acceptance, endowment and investment policies. Policies should clearly address how funds are to be invested, spent and used (purpose).
- Use consistent templates for gift/endowment agreements to standardize the language and avoid misinterpretation. It is important to have personnel from various areas of the organization review and approve these templates including legal, finance, operations and the board.
- When in doubt, clarify intent! Reach out to donors or their representatives, especially for unusual gifts that come into the organization from trusts and bequests.
- Maintain detailed documentation for all gifts. Accurate and detailed recordkeeping is crucial to the success of endowment operations. Documentation should include certain key information on the donor, assets transferred, specified use, spend rate, investment policy and any modifications.
- Monitor endowment assets regularly and compare to donor agreements often.
- At minimum, organizations should analyze investment returns, spending rates and fund balances throughout the year to ensure funds are being managed in accordance with the gift instrument and state law, if applicable.
- Organizations can go back to donors and discuss modifications, if needed. Seek legal advice before any significant changes are considered and obtain written approval from donors.
- Be mindful that the goal is to preserve the overall purchasing power of the endowment over time. Deficient funds should be tracked separately and monitored more frequently. Elevate these to the board or investment committee for review and a plan of action.
- Nonprofits should consider short- and long-term needs when accepting gifts to ensure it is the right strategic decision. Some organizations may need more short-term liquidity to fulfill their mission; thus, it may not be wise to accept endowments that must be maintained in perpetuity and do not generate adequate income for operations. Overly large endowments have been likened to hoarding in the public eye in some cases. Readers of financial statements may not understand how endowments work and see the large balances and question why the entity needs additional resources. Nonprofits may want to consider more flexibility to ensure the immediate needs of the organization are being met. Outside of perpetual endowments, nonprofits can consider term/quasi endowments or include variance power language in their agreements. This will grant the organization some flexibility in redirecting the use of the assets.
- Proper internal controls are imperative to ensure accuracy and completeness of endowment funds. Nonprofit finance personnel should stay abreast of the latest accounting guidance through research and training.
- Before establishing endowments, nonprofits should examine and quantify the costs to manage an endowment, in terms of time and resources. This may be in the form of investment managers, bank charges and other fees, and additional staff time required to reconcile and track activity.
Over the past three years, nonprofits have had to navigate some turbulent times with the disruption of the world’s economic and political environments due to the COVID-19 pandemic, inflation, and political unrest. Endowments and other reserves may be an opportunity for nonprofits to boost liquidity and permanently support their philanthropic goals and survive in an unstable economic climate. Nonprofits should weigh the benefits and costs of establishing and running an endowment. Organizations should also be mindful of the nuances described above and plan how to navigate these. With proper planning and the right resources, nonprofits can avoid improper classification of gifts and financial statement errors when it comes to accounting for endowments. Nonprofits can also lower reputational risk by ensuring compliance with applicable state law and donor stipulations.
Written by Orynthia Wildes. © 2023 BDO USA, LLP. All rights reserved. www.bdo.com
While Accounting Standards Codification (ASC) Topic 842 is applicable to all entities, the adoption of the new leasing standard by nonprofit organizations is bringing into focus some unique considerations that may impact the conclusion of whether a contract actually contains a lease.
What is a Lease?
To set the stage for some of the nonprofit-specific lease considerations to follow, it is important to understand the definition of a lease under Topic 842. A lease is defined as follows: “A contract is or contains a lease if the contract conveys the right to control the use of identified property, plant, or equipment (an identified asset) for a period of time in exchange for consideration.”
Free or Reduced Rent
A nonprofit organization may be given space, equipment or other assets to use free of charge, or be charged below-market rates for these items. For these types of transactions, a nonprofit organization must consider whether to apply ASC Topic 842, Leases, ASC Topic 958-605, Not-for-Profit Entities Revenue Recognition – Contributions, or a combination of both standards. Let’s illustrate these concepts with some specific examples.
Example 1: Free Rent
Company A provides Nonprofit B with the right to use office space free of charge for five years. Company A retains legal title to the office building but allows Nonprofit B to use the space in furtherance of Nonprofit B’s mission. If Company A had rented the space to another entity, Company A would have charged $1,000 per month for the first year of the lease with a 3% annual escalation of rent for each additional year of the five-year term, which is considered to be the market value.
What’s the accounting for that?
On day one of the arrangement, Nonprofit B would record a contribution receivable, and related contribution revenue, for the full amount of rent payments over the five-year period ($63,710), discounted to present value using an appropriate discount rate.
The revenue is donor-restricted due to time and is released from donor restrictions as the contributed asset (the office space) is used each period. On a straight-line basis each reporting period, Nonprofit B reduces the contribution receivable balance and records rent expense representing its use of the office space.
What is the basis for the accounting?
The transaction in this example falls within the scope of contribution accounting under Topic 958-605 but not lease accounting under Topic 842, because Topic 842 requires an exchange of consideration.
In other words, because Nonprofit B does not pay Company A cash (or other assets) for the use of the office space, the transaction falls outside of Topic 842. If the contributed assets are being provided for a specific number of periods (in this example, the period is five years), the contribution revenue (and related receivable) should be recorded in the period received for the market value of the lease payments discounted to present value.
If the arrangement in this example had not specified the period of use, Nonprofit B would have recorded contribution revenue and the related rent expense each reporting period based on the fair value of the space for that period.
Example 2: Below-Market Rent
Company C provides Nonprofit D with the right to use office space for $250 per month for five years. Company C retains legal title to the office building, but allows Nonprofit D to use the space in furtherance of Nonprofit D’s mission. If Company C had rented the space to another entity instead, Company C would have charged $1,000 per month for the first year of the lease with a 3% annual escalation for each additional year of the five-year term, which is considered to be the market value. For purposes of this example, there is no variable lease cost, no non-lease components, no prepaid rent, no initial direct costs, and no lease incentives. We will assume a 3.5% risk-free rate for the calculation of the lease liability. We will also assume Nonprofit D will use 3.5% as the discount rate for the contribution.
What’s the accounting for that?
On the commencement date of the lease, Nonprofit D would record a lease liability equal to the present value of the lease payments totaling $13,550 (rounded) and a right-of-use asset in the same amount. For simplicity purposes, the present value calculations in this example are based on annual rather than monthly payment amounts. The contribution portion of this arrangement is calculated as the difference between the fair market value of rent ($63,710) and lease payments ($15,000) over the lease term totaling $48,710. Nonprofit D should record contribution revenue and a related contribution receivable at present value of $43,870 on the commencement date of the lease. Similar to the first example, the revenue is donor restricted due to time and would be released from donor restrictions as the contributed asset (the office space) is used each period. On a straight-line basis each reporting period, Nonprofit D reduces the contribution receivable balance and records rent expense representing its use of the office space. This example assumes a known fair market value for the rental payments. When such information is not known, organizations need to obtain such information directly from the lessor or find comparable market data for a similar asset with a similar rental term.
What is the basis for the accounting?
The transaction above falls within the scope of both Topic 842 and Topic 958-605. Because ASC 842 defines consideration as cash or other assets exchanged, as well as non-cash consideration (subject to certain exceptions), only the portion of the transaction requiring payment is considered to be a lease within the scope of Topic 842. The fair value of the lease minus the cash payments made represents the contribution revenue and related receivable.
In both of the illustrative examples above, the contribution of free or reduced-rate office space represents a non-financial asset. Nonprofit organizations must consider the revised presentation and disclosure requirements for contributed non-financial assets as outlined in Accounting Standards Update 2020-07, Not-for-Profit Entities (Topic 958): Presentation and Disclosures by Not-for-Profit Entities for Contributed Nonfinancial Assets. This standard is effective for periods beginning after June 15, 2021.
As nonprofit organizations review their activities and agreements to determine the universe of lease transactions, in both the year of adoption of Topic 842 and in subsequent periods, management should be aware that there may be leases “hiding” within service or other contracts. These types of contracts are referred to as contracts with embedded leases. The following chart provides some examples of service or other contracts where embedded leases may be present:
|Information Technology||Advertising||Inventory Management||Shipment of Goods or Materials||Food Service|
|May contain embedded assets like phones, computers, copies, servers, etc.
|May contain embedded assets such as the use of a billboard.
|Third parties may be engaged to assist a non-profit organization with inventory management. Use of warehouse space could be an embedded asset.
|Use of a rail car or semi-truck.
|Some organizations provide on-site cafeterias or vending machines. The use of the vending machines, freezers, refrigerators, soft-drink dispensers, etc. could represent an embedded lease.|
As part of internal policies and procedures related to accounting for leases, management should document, in the year of adoption and annually, how the universe of leases was determined, as well as how management considered the possible existence of embedded leases. While embedded leases may not be material to a nonprofit organization’s financial statements, an analysis to determine the relative value of such transactions should be performed nonetheless.
Use of the risk-free rate
As an accounting policy election, Topic 842 permits nonprofit organizations (specifically entities that are not public business entities) to use a risk-free discount rate for leases instead of an incremental borrowing rate, determined using a period comparable with that of the lease term. The use of the risk-free rate may be a more expeditious approach for organizations that do not have a readily available incremental borrowing rate. As a reminder, Topic 842 defines the incremental borrowing rate as “the rate of interest that a lessee would have to pay to borrow on a collateralized basis over a similar term an amount equal to lease payments in a similar economic environment.” If an organization has a real estate lease with lease payments totaling $700,000 over the 10-year lease term, it would not be appropriate for the organization to use its $5 million, one-year, line-of-credit borrowing rate as the incremental borrowing rate because the term and amount of the borrowing is not similar. Organizations wishing to use an incremental borrowing rate that do not have such a rate readily available may need to use external parties such as banks or other lending institutions or valuation professionals to determine an appropriate collateralized rate for certain lease agreements.
In summary, nonprofit organizations should take the time to examine all their agreements to assess whether they have any embedded leases or other arrangements that are subject to lease accounting.
Written by Amy Duffin. © 2023 BDO USA, LLP. All rights reserved. www.bdo.com
 See ASC 842-10-15-3.
 See ASC 958-605-25-2 and 958-605-55-24.
 See ASC 958-605-55-24.
 See ASC 958-605-24 and 958-605-25-2.
 See ASC 958-605-55-24.
 See ASC 842-20-30-3.
Subrecipient risk assessments and monitoring are critical aspects of federal grants management. These practices ensure that funds are used in accordance with federal regulations, that grant objectives are met and that the risk of fraud, waste and abuse is minimized. The federal government has set forth guidelines in the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) found in 2 Code of Federal Regulations (CFR) 200, which outlines the requirements and responsibilities of grant recipients and their subrecipients. This article will delve into common pitfalls around performing subrecipient risk assessments and monitoring, and the best practices for organizations looking to improve their processes in these areas.
The Uniform Guidance addresses the requirements that subrecipients must comply with in section 2 CFR 200.332. This section describes the required procedures for performing monitoring and risk assessments to evaluate the likelihood of noncompliance, fraud or other issues when selecting subrecipients that could impact the performance and success of the grant.
Effective risk assessments and monitoring are crucial for various reasons, including:
- Compliance with federal regulations: Adhering to 2 CFR 200 requirements is essential to avoid penalties, such as disallowed costs or even suspension or termination of the funding.
- Mitigating risks: Timely identification and addressing risks can reduce the potential for mismanagement, waste or fraud, ensuring that federal funds are used effectively and efficiently.
- Performance and outcome achievement: Proper monitoring helps grant recipients track progress, confirm that milestones are met and determine if adjustments are necessary to achieve desired outcomes.
Below are some of the common pitfalls that plague pass-through entities (prime recipients) that work with subrecipients:
- Inadequate risk assessments: Failing to perform a comprehensive risk assessment prior to executing the subaward agreement or relying solely on historical information may result in an incomplete understanding of a subrecipient’s risk profile.
- Insufficient monitoring: Not allocating enough resources to monitor subrecipients or only relying on self-reporting can leave gaps in understanding that can allow certain risks to go unaddressed.
- Lack of documentation: Inadequate documentation of risk assessments, monitoring activities and communications with subrecipients can hinder an organization’s ability to demonstrate compliance with federal regulations and address potential issues effectively.
- Ineffective communication: Poor communication between grant recipients and subrecipients can lead to misunderstandings, missed deadlines and noncompliance with grant requirements.
Best Practices for Subrecipient Risk Assessments
Below are some of the best practices that we recommend:
- Develop a risk assessment framework: Create a structured process that outlines risk categories, scoring criteria, and the frequency of risk assessments. This framework should consider factors such as prior audit findings, debarment, financial stability and the subrecipient’s experience managing federal funds.
- Conduct pre-award evaluations: Before entering into a subaward agreement, assess the subrecipient’s capacity to manage the grant, considering its technical expertise, financial management systems and internal controls. Performing this required risk assessment in the pre-award phase allows for the determination and inclusion of the monitoring procedures as part of the subaward agreement.
- Implement ongoing risk assessments: Regularly reassess subrecipient risk throughout the grant period to identify any changes in circumstances that may affect its ability to meet grant requirements.
Best Practices for Subrecipient Monitoring
- Develop a monitoring plan: Establish a systematic approach to subrecipient monitoring that includes a schedule, tools and documentation requirements. This plan should consider the risk level of each subrecipient and the nature of the grant activities.
- Provide training and technical assistance: Offer support to subrecipients in the form of training, resources and guidance on federal grant requirements, financial management and performance reporting.
- Conduct regular communication and site visits: Maintain open lines of communication with subrecipients and schedule site visits as deemed appropriate to review progress, verify compliance and address any concerns.
- Review financial and performance reports: Regularly analyze subrecipient financial and performance reports and included data to identify potential issues, ensure compliance with grant terms and track progress toward grant objectives.
- Tailor monitoring efforts to risk level: Allocate resources for monitoring based on the risk profile of the subrecipient, with higher-risk subrecipients receiving more oversight and attention.
- As mentioned above, incorporate monitoring procedures directly into subaward agreements.
Effective subrecipient risk assessment and monitoring are essential for federal grant recipients to ensure compliance with 2 CFR 200, mitigate potential risks and achieve desired outcomes. By implementing best practices and avoiding common pitfalls, organizations can strengthen their grant management processes and ensure the responsible stewardship of federal funds.
Written by Dan Durst and Sly Atayee. © 2023 BDO USA, LLP. All rights reserved. www.bdo.com
When asked what is at the top of their finance department “to-do” list, many nonprofits name the need for an updated cost allocation plan. An effective cost allocation strategy is essential to organizations’ understanding of how their resources are being deployed. It is also integral to performing cost analyses, such as evaluating funding requirements and comparing actual versus budgeted costs.
Allocations are an efficient and effective way to distribute costs across activities, including programmatic, administrative and fundraising work. However, many find the practical application of allocation concepts challenging to navigate. While some costs are easily assigned to specific activities and do not need to be allocated at all, there are certain costs that need to be proportionately distributed across activities and the organization, magnifying the potential for complexity and errors.
When determining an organization’s allocation strategy, limiting the number of different methods utilized can avoid overcomplication, although most organizations use at least two different allocation methods based on the type of cost.
Payroll and related costs are typically a nonprofit’s most significant expense. Organizations determine employee time worked and how that information is documented and substantiated in different ways. However, the goal is ultimately the same: to report these costs in a way that reflects where employees spend their time—that is, where resources are actually being deployed.
For costs other than payroll, or other than personnel service (OTPS) costs, allocation can be accomplished via various methods, including:
- Full-time equivalent (FTE): The FTE method allocates OTPS in the same proportion as employee time worked in different activities.
- Percent of salary dollars: The salary dollars method allocates OTPS in the same proportion as payroll dollars assigned to different activities.
- Square footage (SF): The SF method, typically applied to occupancy costs, allocates costs proportionate to an activity’s share of facility space.
- Per participant: The participant-based method, typically applied to OTPS across programs, allocates costs proportionate to the ratio of participants in each activity.
Allocating Grant Costs
Grant agreements add a layer of complexity to nonprofit cost allocation. Commonly, grants require related costs to adhere to funder-approved, line-item budgets and conform to defined terms and conditions. That is true regardless of whether the funding is from another nonprofit, an individual or a government entity. Adopting and implementing both a consistent organizational cost allocation methodology and a consistent grant allocation methodology is critical. Special attention to grant allocations helps organizations:
- Understand progress against each grant’s budget
- Avoid the risk of double charging (charging the same cost to two different grants)
- Avoid potential consequences of violating such agreements
To provide an example of how an organizational cost allocation methodology interacts with grant allocations, let’s consider the allocation of program supplies expense for a nonprofit with two different grants supporting a certain program:
The nonprofit has chosen to allocate OTPS using the FTE approach. Under this approach:
- The program’s share of personnel time and effort is 20%, so the program also is allocated 20% of shared supply costs.
- The program’s supply expense can be further assigned to the two grants, barring any limitations based on grant budgets and related allowability of those costs per the contracts.
Costs allocated to grants need to be done so with a consistently applied methodology.
From a practical perspective, nonprofit financial systems need to accommodate such multi-dimensional expense tracking. The ability to automate allocation calculations, as opposed to calculating allocations using spreadsheets, is a significant efficiency opportunity. In any case, generating financial reports at different levels of detail, by both activity and grant, directly from the financial system is key.
Once an organization has effectively applied these concepts, the result should be a fair representation of the costs incurred in each program area and in each supportive service. This information is valuable for a variety of reasons. Knowing the cost of programs and the costs covered by grants allows organizations to make more informed choices when evaluating funding opportunities, planning for operational changes and monitoring ongoing activities.
Written by Dan Durst and Gina McDonald. © 2023 BDO USA, LLP. All rights reserved. www.bdo.com
Data quality is a critical factor for organizations of all sizes, and nonprofits are no exception. Poor data quality can lead to inaccurate business decisions, missed opportunities and even financial losses. Further, poor data quality can impact contributions negatively in several ways. It can obfuscate the nonprofit’s achievements year after year, which can erode donors’ trust or describe fewer accomplishments to its contributors. Poor data quality can lead to marketing campaigns that fail to appeal to first-time donors or are insufficient to recapture previous donors.
Why Data Quality is a Challenge
If data quality is a pervasive issue with real consequences, why have most organizations not solved it? This is the case because assessing and remediating data quality is fraught with challenges, such as:
- Data is an intangible asset and, unlike other assets, does not give detectable signals, such as changing color, giving off smoke or changing smell. In fact, a single erroneous record normally can only be detected when a knowledgeable individual notices the value is not correct in the data.
- It is not cost effective to confirm the accuracy of every data record. It requires real-world observations or corroboration by another source. These are expensive endeavors.
- So much data is collected and processed so quickly now that bad records are not perceived as worth the effort to correct, as they will just be replaced soon.
- Unless the root cause of data quality issues is discovered and resolved, organizations will continue to admit poor data quality into their systems.
Another challenge to data quality is defining what it means for data to be fit for purpose. That definition can change not only across different nonprofits, but within a single nonprofit’s departments as well. In general, high-quality data tends to be defined as:
- A data record presents what is found in reality without distortion (e.g., the ZIP code is the correct ZIP code for a donor).
- The data values follow the correct format (e.g., a U.S.-based ZIP code has five digits with no letters or special characters).
- A data record has no missing values where values are mandatory (e.g., a ZIP code is present for all donor address records).
- There are no duplicate data records for the same entity or event (e.g., the list of valid ZIP codes in a system presents each ZIP code only once per entity).
- There are no contradictions within a data record or across data records (e.g., a ZIP code is the correct ZIP code for the city and state in a donor record).
- The data record represents the most current known information (e.g., the ZIP code in a donor record exists for the donor’s current address, not the prior one).
- The parentage of the record can be traced so that the user knows whence the value was derived (e.g., the donor’s ZIP code was pulled from the contributions database after a donation was made last week).
What Can Be Done
Nonprofits can take one of three stances with regard to data quality:
- Do nothing. Consider poor data quality a cost of doing business and accept the inherent risk.
- Reactive remediation. When data quality problems are discovered—often too late to prevent a damaging business outcome—fix the problem and the class of problems it represents. Over time, data quality will improve.
- Proactive remediation. Pick the data records that are most critical to the nonprofit, usually meaning they are used by more than one department more than once. Define the data quality rules for those data records. Codify those rules into a dashboard that searches for data record violations and aggregates them into a scorecard. When a rule breaks a threshold value —say 15% or more data records have missing values —take action and fix that class of problems.
The proactive remediation approach requires resources and should be taken if the perceived cost of data quality issues is greater than its remediation. In this vein, the approach should not treat all data as equal, but instead consider only the critical data of the entity.
What Questions to Ask
Nonprofits’ leadership should find out what they can about their data quality. Some questions leaders should ask include:
- Is the nonprofit’s data considered trustworthy overall?
- How much time do staff spend cleaning data in preparation for a business analysis exercise?
- No organization has perfect data. Do the managers know where the data quality problems lie? Do they know why the problems occur?
- What steps have the managers taken to detect poor data quality? When found, do the managers fix the data record, fix the problem at the source or both?
The answers to these questions may suggest that leadership devote resources toward not only the assessment and remediation of data quality issues, but in identifying the root cause of those issues and remediating them as well.
Data quality is a critical component of good governance and effective oversight. Nonprofits need accurate and timely information to make informed decisions about their donors and strategy. Poor data quality can distort decision-making, lead to missed opportunities, lower fundraising outcomes and even cause compliance issues. Data quality is also important for risk management, as poor data quality can increase the risk of fraud and cyberattacks and create other business disruptions. Nonprofits should support data quality programs that identify the most critical data records, monitor those records for problems and address problems at the source when they occur.
Written by Jeff Lawton. © 2023 BDO USA, LLP. All rights reserved. www.bdo.com
The Internal Revenue Service finalized regulations on Feb. 23, 2023, significantly expanding mandatory electronic filing of tax and information returns that require almost all returns filed on or after Jan. 1, 2024, to be submitted to the IRS electronically instead of on paper.
Under the new rules, filers of 10 or more returns of any type for a calendar year generally will need to file electronically with the IRS. Previously, electronic filing was required if the filing was more than 250 returns of the same type for a calendar year.
The discussion below focuses primarily on common workplace IRS information forms, such as Form W-2 and 1099 filings and employee benefit plan filings, but the new rules broadly apply to other types of returns.
Affected employers may need significant lead time to implement new software, policies and procedures to comply with the new rules. Thus, even though electronic filing is not required until 2024 for the 2023 tax year, employers should evaluate what changes may be needed. Simply doing the “same as last year” will not work for many employers.
Who is affected? Practically all IRS filers of 10 or more information returns when counting any type, such as Forms W-2, Forms 1099, Affordable Care Act Forms 1094 and 1095 and Form 3921 (for incentive stock options) and other disclosure documents, are impacted by this change this year – that is, for 2023 returns that will be filed in 2024. Even workplace retirement plans may need to file Form 1099-Rs (for benefit payments) and other forms electronically with the IRS starting in 2024 for the 2023 plan or calendar year.
Which returns are affected? In addition to the information returns that are the primary focus of this article, the new rules cover a broad variety of returns, including partnership returns, corporate income tax returns, unrelated business income tax returns, withholding tax returns for U.S.-source income of foreign persons, registration statements, disclosure statements, notifications, actuarial reports and certain excise tax returns.
The rules are not relaxed under these regulations. Thus, returns that are already required to be filed electronically, including partnership returns with more than 100 partners, tax-exempt organization annual returns in the Form 990 series, Form 4720 (for certain excise taxes) and most Forms 5500 (Annual Return/Report of Employee Benefit Plan) continue to be subject to the electronic filing requirement. However, under the new regulations, any taxpayer with 10 or more returns, including income and information returns, must also file its income tax return electronically.
How to count to 10? A significant change introduced by the new regulations is that the 10-return threshold for mandatory electronic filing is determined on the aggregate number of different types of forms and returns. The aggregation rules are confusing because the filings included in the count change depending on which form the determination is made. Also, some filers must be aggregated with all entities within its controlled or affiliated service group to determine if 10 or more returns are being filed for the tax year. For instance, Form 5500 employee benefit plan filers (but not Form 8955-SSA employee benefit plan filers) must count the filings of the employer who is the “plan sponsor” and other entities in the employer’s controlled and affiliated service group.
Example 1: Company A is required to file five Forms 1099-INT (Interest Income) and five Forms 1099-DIV (Dividends and Distributions), for a total of 10 information returns. Because Company A is required to file a total of 10 information returns, Company A must file all of its 2023 Forms 1099-INT and 1099-DIV electronically, as well as any other return(s) that are subject to an electronic filing requirement. The reason for this result is that “specified information returns” such as Forms 1099 and W-2 must be aggregated when counting to determine whether the new 10-or-more threshold for electronic filing is met.
Example 2: Company B is required to file nine Forms W-2 and one Form 8955-SSA. Company B is not required to file the Forms W-2 electronically because the aggregation rules for “specified information returns” take into account only other specified information returns that do not include Form 8955-SSA nor the income tax return. But Company B must file the Form 8955-SSA electronically because the aggregation rules for Form 8955-SSA takes all returns into account.
Example 3: Corporation X, a C corporation with a fiscal year end of Sept. 30, was required to file one Form 1120 (U.S. Corporation Income Tax Return) during the calendar year ending Dec. 31, 2023, six Forms W-2 (for employees), three Forms 1099-DIV (for dividend distributions), one Form 940 (Employer’s Annual FUTA Tax Return) and four Forms 941 (Employer’s Quarterly Federal Tax Return). Because the Form 1120 aggregation rules include returns of any type during the calendar year that ends with or in the taxable year and Corporation X is required to file more than 10 returns of any type during calendar year 2023, Corporation X is required to file its Form 1120 electronically for its taxable year ending Sept. 30, 2024.
Any payers that currently file any returns on paper should consult with their tax advisor to determine if the new electronic filing requirements apply to them based on the number of returns that they anticipate filing in 2024 for tax year 2023.
Filers must, for the first time, pay particular attention to the total number of returns across all return types, because the new electronic filing threshold is determined based on the aggregate total, not the number of returns per return type. This might require coordination between different departments within an organization and immediate consultation with the IT department and/or software provider to ensure there is adequate time to implement technology solutions or software upgrades before the 2024 filing deadline.
The IRS’s new — and free — online portal for filing these returns electronically, Information Returns Intake System (IRIS), is especially helpful for small filers dealing with electronic filing for the first time. According to the IRS, IRIS is secure, accurate and does not require any special software. This free service is available to filers of any size.
© 2023 BDO USA, LLP. All rights reserved. www.bdo.com
The Small Business Administration (SBA) has updated the SVOG Post-Application Guidance and the Post-Award Frequently Asked Questions. These documents apply to both non-federal entity recipients (these include nonprofit entities, state and local governments and Native American tribes, and institutions of higher education) and for-profit recipients. Included in the updates made by SBA to these documents are updates to questions related to the audit requirements.
Copyright © 2022 BDO USA, LLP. All rights reserved. www.bdo.com
According to a study by N-able, managed service providers (MSPs) report that 82% of their customers have seen an increase in attempted cyberattacks since the pandemic. Even MSPs themselves are a target for cyber criminals, which can have wide-reaching impacts on their customers and network of resources if breached. As threats become more prevalent, it’s imperative organizations not only implement cybersecurity best practices, but also work with strategic advisors who value the same practices.
The Cybersecurity & Infrastructure Security Agency released a report detailing how MSPs and their customers should be protecting against cyber threats.
Here Are 10 Cybersecurity Best Practices That Should Be Top of Mind for Your Organization.
Take Preventive Measures to Mitigate Cyberattacks
First and foremost, your organization should take every preventive measure possible to prevent cyberattacks. Mitigation tools and resources can help you prevent initial compromise, thus making it less likely an attacker will disrupt business operations or pose a significant threat to your business.
If you’re unsure of your current level of cyber maturity, then cyber assessments are a great place to start. An assessment can help you understand what your biggest risks are, where you should focus your efforts and investments, and how to help improve your maturity and strengthen your defenses.
Be Diligent and Thorough with Your Logging and Monitoring Process
Logging and monitoring are critical components of a cybersecurity program. The reality is it can be months before an incident is detected within an environment, and with so many threats and an abundance of data to continuously comb through to identify an incident, it’s critical for organizations to implement and maintain a logging and monitoring solution.
It is recommended the logging solution retain your most relevant and important logs for at least six months. Logging and monitoring provide additional visibility into incidents, aids in threat hunting, and reduces the time needed to triage and investigate a potential incident.
If you are working with an MSP to deliver a logging and monitoring solution, make sure they can deliver on necessary contractual obligations to help ensure success. For example, a vendor should be able to do the following:
- Implement a comprehensive security information and event management (SIEM) solution that enables logging and monitoring.
- Deliver visibility and communication as it relates to the providers’ access, presence, activities and connections to the customer environment (are the MSPs’ accounts properly monitored and audited?).
- Notify the customer when a confirmed or suspicious event/incident occurs on the provider’s infrastructure and administrative networks. The provider should conduct a thorough analysis and investigation.
Deploy Multifactor Authentication (MFA) and Pay Attention to Account Privileges
As more entities shift to a hybrid or fully remote work environment, the need for MFA is more apparent than ever. Deploying MFA adds that extra foundational layer of security when you have employees accessing organization networks from varying locations and devices. It’s important that any business advisor you work with not only mandates the use of MFA, but also requires MFA within their own business.
To touch on a previous point, you should also make sure you’re reviewing logs for unexplained failed authentication attempts. In some cases, this may indicate that an account within the organization has been compromised. Additionally, be thoughtful about who has permissions to certain accounts and disable accounts when they are not actively being used. Audit this regularly.
Lastly, use the principle of least privilege to restrict unnecessary privileges. This requires that you identify the most high-risk devices across your organization and minimize the access people have to them. When working with a vendor, make sure they apply this principle to your network environments.
Segregate and Control Internal Data and Networks
As an organization, it’s important that you understand your environment and segregate your networks. By doing this, you’ll be able to isolate critical business systems and apply network security controls to reduce risk across the organization.
It is recommended that organizations verify their connections between internal systems, their MSPs’ systems, and other strategic advisors and supplier networks they communicate with. Virtual private networks (VPNs) or alternative secure access solutions should be used when connecting to MSP infrastructure, and all traffic should be limited to that one dedicated, secure connection.
Your organization should also ask and validate that any third-party vendor you are working with uses different admin credentials for each customer (i.e., they won’t use the same credentials they use to log in to your organization that they use for other customers). If any of those vendors’ customers are breached, those same credentials could be used to compromise other organizations, including yours.
With vendors and other trusted advisors having access to an organization’s network, it becomes increasingly important to limit network access. Limiting access of advisors to only the solutions or applications they require helps improve security hygiene. Over the past few years, ransomware actors have increasingly started to target business advisors to gain access to other organizations by abusing trusted access and a lack of segregation controls. Threat actors continue to have success by leveraging a lack of controls limiting user privileges and access to data.
Apply the Principle of Least Privilege
Use of tiering models is recommended for administrative accounts to provide layered permissions that don’t create unnecessary access or privileges. Full privileged accounts should only be used when absolutely necessary and should be time based to further restrict risk. Identifying high-risk devices, applications and users can help minimize access and associated risks.
As an organization, you should require that the vendors you work with apply this least privilege principle across your environment as well as their own. Additionally, they should only have access to the services and resources needed to deliver the agreed-upon scope of work.
Building on least privilege is the zero-trust model. While not quite interchangeable but tightly coupled, zero trust means every organization, by default, should put zero trust in every user, endpoint, device, etc. From internal to external users, mobile devices to laptops, network components to network connections, every endpoint should be considered untrusted until authenticated and authorized.
Apply Updates Regularly and Adhere to All Recommendations
To be fully secure and compliant, don’t just apply routine updates. Go the extra mile and address that all aspects of patches are adhered to. When working with a vendor, use their recommendations and experiences to help ensure you’re getting the most out of updates. For example, organizations should prioritize patching vulnerabilities included in CISA’s catalog of known exploited vulnerabilities (KEV) versus only those with high Common Vulnerability Scoring System (CVSS) scores that have not been exploited (and may never be exploited).
Back Up All Systems and Data Routinely
Equally as important as routine updates are routine backups. Regularly backing up your critical data and systems is an important cybersecurity best practice. Data from business-critical systems should be backed up, with the frequency of backups being informed by the type of data and business requirements. Backups should be stored remotely, encrypted and, ideally, have different retention spans as a best practice.
Further, keep backups separate and isolate them from network connections that could promote the spread of ransomware. Most ransomware variants attempt to find and encrypt/delete accessible backups. Isolating them will allow for the restoration of systems/data to their previous state.
Another important aspect of disaster recovery is frequent backup and restoration process testing. You must confirm that your process works; the time of a disaster is not the appropriate time for these tests! They should be planned, scheduled and tested at a regular cadence. Then, process and procedure documentation should be updated based on results.
Create and Implement an Incident Response and Recovery Plan
Often the best way to shore up a security program is to improve internal operational procedures. Make sure your computer emergency response team and crisis plans are tuned to the digital age. Don’t be caught flat-footed in terms of privacy, reputation or other impacts.
An incident response and recovery plan should outline the roles and responsibilities of all stakeholders in the organization in the event of a disaster. Make sure you keep updated, hard copies of this plan on hand to help ensure the plan is accessible even if networks are inaccessible. Additionally, to be extra prepared, you should test your plan often.
Understand Supply Chain Risk and Manage It
Vendors bring a certain level of expertise and valuable experiences to the table; however, with those connections comes increased risk. Integration of the digital supply chain creates massive conveniences but provides an increasing number of new opportunities for threat actors. Even within the secure and trusted connection of your most important digital vendors, threats can thrive with persistence and cause widespread damage.
Organizations should validate that their contractual agreements with third parties meet specific security requirements and that their contract specifies whether the third party or the customer owns specific responsibilities, such as hardening, detection and incident response.
Your organization must understand the risk of working with third-party vendors and subcontractors. When working with third-party vendors, make your security expectations very clear from the get-go and make sure that you understand and audit the level of access they have.
Partner With Those Who Believe in Transparency
Last but certainly not least, remember that more transparency leads to enhanced security. When working with external vendors, make sure you clearly understand what security services are being provided. Address anything you feel your business needs but that may fall outside of the scope of the contract.
Check to make sure your vendor clearly outlines how they will notify you in the case of an incident affecting your environment. As their customer, a vendor should want you to have as much information about your cybersecurity program as possible. Being transparent will only benefit both of you in the long run, as it can enable better results and a more secure business environment.
Written by Matt Cromwell, Sam Thompson, David Clark, Jackie Bernal, Matthew Becker and Cathryn McAleavey. Copyright © 2022 BDO USA, LLP. All rights reserved. www.bdo.com
Numerous organizations invite new individuals to get involved in the administration of their executive compensation program or hire new executives with a desire to know more about the program. This question is asked many times and often the answer is no.
Every year, we consult with members of many nonprofit boards as they address the annual compensation decisions for their organizations’ senior executive positions. In some cases, these are first-time projects and others are relationships that have spanned several years. There is a considerable range in the size of these organizations and the scope of services they offer. As you might expect, there is a similar range of experience and knowledge with pay-related matters among the board members we serve.
Somewhat surprisingly, the governance and administrative practices for board management of compensation are sometimes not as well developed as the size of the organization would suggest. A significant number of organizations have a rudimentary process in place with not much more than the calendar and the checkboxes on Form 990 and Schedule J guiding compensation decisions for the leadership team. Solely getting through the chief executive officer (CEO) / executive director’s annual pay discussion and completion of the IRS forms seem to be the focal points of the board’s attention to compensation.
I am not suggesting the absence of a robust process means that pay-related matters are not getting the board’s attention. In most cases they are but often without the benefit of a formal compensation program and its processes to guide them. In these cases, a process of sorts takes shape based on the particular issue that needs to be addressed or the individuals who happen to be involved in addressing it.
This can lead to a variety of situations that frustrate board members and executives alike, for example:
- Questions are raised about the size, type, performance or location of organizations used for competitive pay comparisons.
- Similar concerns arise about the type of external benchmark position used for competitive comparisons.
- Confusion may arise about the authority of the board versus the chief executive to make a pay decision for a particular position.
- There may be difficulty arriving at a consensus about the positioning of pay level for the organization in relation to the range of competitive pay (e.g., median, 75th percentile, etc.) and how it is achieved (e.g., salary only, salary plus bonus, etc.).
Individuals joining the compensation decision-making process for the first time often find themselves struggling to “catch up” with the group and understand the issues involved. Individuals experienced with the ad hoc approach sometimes become exasperated with the absence of any guidelines and lengthy deliberations to arrive at a consensus on a particular issue. As one board member told me: “We have a compensation policy. We develop a new one every time we meet!”
There is a downside to this lack of a defined compensation policy and process more serious than suboptimal use of board members’ time. We see instances where compensation decision-making goes off track. This puts the organization and all parties at risk. In some instances, a problem was created inadvertently. A well-intentioned desire to “do something nice” for a long-tenured executive, a large salary adjustment, or the adoption of a trendy new component for the executive’s compensation plan may create the problem. In some cases, a tally of all components of the compensation program for an executive has never been made. The total compensation could be alarming. Excessive pay, or pay that appears excessive, can create reputational and / or regulatory risk for the organization.
The opposite situation also occurs. In their efforts to be conservative, good stewards of the organization’s resources, compensation may fall far enough below competitive levels that the organization cannot retain or recruit qualified personnel for critical roles. Paying too little can also be problematic.
Of course, the examples I have cited are the more extreme ones. Most organizations do manage to handle executive compensation satisfactorily. What I am suggesting is that there’s a better way for almost every type of nonprofit organization to manage compensation for its executives.
A formal executive compensation program is the resolution. Some may call it compensation philosophy, pay strategy or guiding principles. A formal compensation program is a comprehensive collection of answers to all the key questions and issues about executive pay. The most effective programs are developed by, and tailored to, your organization. The topics covered in a formal compensation program are fairly standard, and the detailed contents require specific input based on your organization’s needs and beliefs about pay.
Key sections of a formal compensation policy and some of the topics within them often include the following:
- Identification of program participants including board, compensation committee, chief executive officer and outside advisor(s)
- Table of responsibilities and authorities
- Calendar of activities
Guiding Principles and Program Considerations
- Overall role of total rewards program
- Relevant competitive marketplace(s)
- Sources and uses of competitive information
- Regulatory compliance
- Overall competitive positioning goal
- Guiding principles, for example:
- Emphasis on team in relation to individual results.
- Support of shorter results in relation to longer-term results.
- Compensation ranges and management of individual’s compensation within ranges
- Communication of compensation information
Program Components and Their Roles
- Pay components
- Benefit components
The four broad sections of a formal program discussed above cover most of the issues and questions that routinely arise in administering compensation. The benefit of the formal compensation program is realized because key topics have been addressed in a comprehensive and coordinated manner. All parties in the process know their respective roles and have established policies and processes to guide them. New participants can quickly get acquainted with the program, and the number of future meetings or situations devoted to ad hoc decisions is virtually eliminated. Board and compensation committee members and management involved with compensation follow a schedule of meetings with each devoted to an area of the program’s governance and administration. Necessary preparatory materials are sent in advance of each meeting. Participants understand the expected objective for each meeting.
The process for creating a program begins with the thoughtful development of a series of broad policy positions for the organization’s compensation. Some organizations take shortcuts. They adopt glib generalities as their pay principles (e.g., “above average,” ”… able to recruit, motivate and retain…,” ”…competitive within our industry…,” ”pay for performance,” etc.) Others “borrow” programs from organizations.
The development process is straightforward. Potential policy positions covering broad program areas are explored, alternatives are examined, and a final position is then adopted by the organization’s leadership. Once established, each policy is then further developed with plans and processes used to implement it. A series of well-structured work sessions can complete the process in three or four work sessions. They are designed to methodically engage program stakeholders in key decisions that will define the specifics of their organization’s compensation program. The time and attention devoted to development of a compensation program tailored to the specific needs of the organization will determine its usefulness.
Is it time for your organization to develop a formal compensation program?
Written by Sam Thompson. Copyright © 2022 BDO USA, LLP. All rights reserved. www.bdo.com
The U.S. Census Bureau (Census) has updated the DCF for audits with fiscal periods ending in 2022 and can now accept these submissions on the FAC site.
The revised DCF for audits with fiscal periods ending in 2022 is now available and can be accessed along with the instructions for the form here.
OMB has noted that for any 2022 submissions with fiscal periods between Jan. 1, 2022 and Oct. 31, 2022, the portion of the requirement in 2 CFR section 200.512(l) (Uniform Guidance) that states that single audits are due to the FAC within 30 days after receipt of the auditor’s report(s) is waived since the new form was not available until late 2022. Instead, these audits will be considered on time if they are submitted within nine months after their fiscal period end date.
KEY CHANGES TO THE 2022 DCF
Unique Entity Identifier (UEI) Number
This is a new number that is replacing the DUNS number as an entity identifier. The UEI is a 12-digit, alphanumeric value, that is assigned to entities upon registration in SAM.gov. Entities that receive federal funding must have a UEI to submit the DCF. Please note that the form continues to ask for the DUNS number information to be provided but the DUNS field is not required to be completed in the DCF.
Coronavirus State and Local Fiscal Recovery Fund (CSLFRF) program
Revisions were made to allow for the submission of CSLFRF program alternative compliance examination engagements performed for fiscal years ending in 2022. There is a new screening question during the DCF setup on the FAC. Entities that qualify and opt for the alternative compliance examination engagement then receive a subset of questions that is included in the DCF. The standard DCF is used but the IDES instructions explain how certain fields are to be completed or left blank when the alternative engagement is performed.
In addition, different auditee and auditor certifications are provided when the auditee indicates it is submitting one of these engagements.
Please note that U.S. Department of Treasury is directly accepting submissions of CSLFRF alternative compliance examination engagements for fiscal years ending in 2021 through a Treasury portal.
Copyright © 2022 BDO USA, LLP. All rights reserved. www.bdo.com
In September 2020, the Financial Accounting Standards Board issued Accounting Standards Update (ASU) 2020-07 Not-For-Profit Entities (Topic 958): Presentation and Disclosures by Not-For-Profit Entities for Contributed Nonfinancial Assets. The intent of ASU 2020-07 is to provide enhanced transparency related to the presentation and disclosure of contributed nonfinancial assets. These enhancements will allow a clearer understanding of both the volume and type of nonfinancial assets that are received and recognized by an entity. Additionally, the ASU provides improved transparency into “cash versus non-cash” contributions and the impact on an organization’s operations. ASU 2020-07 does not change the historical valuation methodology used by the organization nor “how” that asset is recorded within the financial statements (only the “where”).
Adoption is required for annual reporting periods beginning after June 15, 2021. Thus, the ASU is effective for the June 30, 2022 year-ends and later. The ASU must be applied on a retrospective basis and comparative presentation is required if the organization presents comparative financial statements. Additionally, the transition disclosure requirements must include the nature and reason for the change as well as how the adoption of the ASU was applied.
Let’s take a step back however and determine what constitutes a nonfinancial asset.
Whatever was recorded previously as nonfinancial assets is now subject to the requirements of ASU 2020-07. This includes, but is not limited to, the receipt of donations of the following nonfinancial assets:
|Legal Services||Accounting services||IT Services||Pharmaceuticals||Commodities|
|Raffle items||Space||Personal protective equipment||
Radio, social media
(airline tickets, hotel
So at this point you are asking yourself, then what really changes upon adoption of ASU 2020‑07?
For most entities, there will be significant revisions to both the presentation and disclosure of nonfinancial assets. The overview below summarizes key changes for both of these areas.
ASU 2020-07 now requires that nonfinancial assets be segregated from financial assets within all financial statements (statement of activities, statement of functional expenses, etc.). ASU 2020-07 does not mandate the disaggregated level that is required in the financial statements; however, in practice, many organizations are leaning toward multiple levels of disaggregation to ensure transparency considerations are adequately considered. For example, prior to adoption of ASU 2020-07, an organization may have presented a single line for contributions. Upon adoption of ASU 2020-07, at a minimum, the presentation would show a disaggregation into two lines labeled “contributions – financial assets” and “contributions – nonfinancial assets.” Many organizations are further disaggregating their nonfinancial asset contributions into such line items as: “contributions — donated services,” “contributions — donated equipment,” ”contributions – donated materials/commodities,” etc. as these presentations will more fully align to the required footnote presentation discussed below.
ASU 2020-07 requires significant enhanced disclosure(s) regarding nonfinancial assets. All of the following must be addressed by category of nonfinancial assets (see earlier discussion of consideration of groupings):
- The organization must disclose its policy on liquidating instead of using the donated nonfinancial asset(s) within the significant accounting policies (and, if the organization doesn’t currently have a policy, one needs to be developed).
- Qualitative considerations on whether the contributed nonfinancial assets were liquidated or used during the reporting period.
- If the nonfinancial assets were used, a description of how the asset was utilized by the organization is required (i.e., detail of which program or supporting service utilized the nonfinancial assets).
- If there were any donor-imposed restrictions related to how the contributed nonfinancial assets were utilized.
- Valuation techniques utilized in assessing the value of the nonfinancial asset.
Example disclosure: The below example presents a general disclosure in a tabular format for an organization with multiple types of donated nonfinancial assets.
To date, the most important factor in successfully addressing ASU 2020-07 implementation has been ensuring a full inventory of donated nonfinancial services is available by taking a survey of the various departments of the organization. In addition, revisiting fiscal year 2021 to ensure the comparative presentation and disclosure requirements are addressed.
Furthermore, most entities are enhancing their internal policies to succinctly address the use of nonfinancial assets and “intent” from the donor regarding donated nonfinancial assets. Finally, organizations’ managements are finding the use of the tabular disclosure presentation, versus a solely narrative disclosure, provides a more transparent and informative presentation option. Many organizations feel the tabular option allows the reader of the financial statements easier access to disclosures supporting the presentation of nonfinancial assets in their financial statements.
Written by Matt Cromwell. Copyright © 2022 BDO USA, LLP. All rights reserved. www.bdo.com
In 2016, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments. Subsequently, FASB has issued ASUs 2018-19, 2019-04, 2019-05, 2019-10, 2019-11, 2020-03 and 2022-02 to clarify ASU 2016-13. All components are codified in the Accounting Standards Codification (ASC) Topic 326.
It is important to note that not-for-profits (NFP) are within the scope of the ASU. Some of the more common nonprofit financial assets that will be impacted by the adoption of the ASU are: trade receivables and contract assets that result from revenue transactions or other income, loan/notes receivable, and loans to officers and employees, and financing receivables, including program-related investments. This list is not all inclusive and entities are encouraged to read the ASU and look at their financial assets measured at amortized cost to assess the impact the adoption of the ASU will have on their entity.
Assets that are not covered under the ASU include: financial assets measured at fair value through net income; and promises to give (pledges receivable) of nonprofit entities. Loans and receivables between entities under common control are also scoped out of the ASU.
This ASU significantly changes the impairment model for most financial assets carried at amortized cost from an incurred loss model to an expected credit loss model that will be based on an estimate of current expected credit losses (CECL).
The incurred loss method is largely based on historical losses whereby a loss is recognized only after a loss event has occurred or is probable. In other words, we record an allowance for doubtful accounts in anticipation of future losses, based on past experience.
Under the expected credit loss model or CECL model, entities will estimate credit losses over the entire “contractual term” of the instrument from the date of initial recognition of that instrument. The initial measurement of expected credit losses, as well as any subsequent change in the estimate of expected credit losses, is recorded as a credit loss expense (or reversal) in the current period statement of activities. The objective of CECL is to provide financial statement users with an estimate of the new amount the entity expects to collect on these assets. The CECL model removes the threshold of “probable” and requires recognition of credit losses when such losses are “expected.” That is, even though a credit loss event may not have occurred yet, lifetime losses would still be recorded on Day One (i.e., origination or purchase of the asset) under CECL based on the expected future losses.
The chart below outlines the CECL model and its major premises.
The ASU does not prescribe a specific methodology for measuring the allowance for expected credit losses. For example, an entity may use discounted cash flow methods, loss-rate methods, roll-rate methods, probability-of-default methods or methods that utilize an aging schedule.
COMPONENTS OF CECL MODEL
Historical Loss Information
Segments or pools are created based on common loan characteristics. A combination of both internal and external information, including macroeconomic variables, are used to establish a relationship between historical losses and other variables.
To reflect current asset-specific risk characteristics, adjustments to the historical data will need to be considered. These adjustments are usually done through a combination of both qualitative and quantitative factors.
Reasonable & Supportable Forecasts
The forecast period to project expected credit losses should be reasonable and supportable. Document the rationale and provide evidence supporting the reliability and accuracy of economic scenarios and forecasts.
Revision to History
Entities are to revert to historical loss information when unable to make reasonable and supportable forecasts. The reversion method applied must be well documented and is not a policy election.
Expected Credit Loss
The results should represent the current expected credit loss over the remaining contractual term of the financial asset or group of financial assets.
When measuring credit losses under CECL, financial assets that share similar risk characteristics, (e.g., type, size, term, geographical location, etc.) should be evaluated on a collective (pool) basis. Financial assets that do not have similar risk characteristics must be evaluated individually. The ASU provides an indicative list of risk characteristics that includes both credit and non-credit related characteristics. In practice, it is expected that some credit-related characteristic would be considered.
However, the ASU does require that an entity base its estimate on:
- Available and relevant internal and/or external information about past events, e.g., historical loss experience with similar assets
- Current conditions
- Reasonable and supportable forecasts that affect the expected collectability of the reported amount of financial assets
For periods beyond which the entity is able to make or obtain reasonable and supportable forecasts of expected credit losses, an entity should revert to historical loss information that is reflective of the contractual term of the financial asset. An entity may revert to historical loss information immediately on a straight-line basis or using another rational and systematic basis, depending on its facts and circumstances. It is important to recognize that the reversion method is not a policy election the entity may make; rather, an entity should support the reversion methodology and period it uses to develop its estimates of expected credit losses.
Management’s estimate of excepted credit loss is recorded as an allowance for credit losses, adjusted for management’s current estimate as updated at each reporting date.
The key changes from the current incurred loss method to the new CECL model are outlined in the chart below.
TRADE RECEIVABLE EXAMPLE:
An example in the ASU regarding estimating the CECL reserve for trade receivables indicates that application of CECL to short-term receivables is not expected to differ significantly from current practice. However, it is key that entities consider forward-looking information and expectation of losses in developing and documenting the allowance at inception and each reporting period instead of basing the allowance only on incurred losses. Further, entities need to determine if an allowance should be recognized even for current receivables that are not yet past due.
In general, the process for estimating life-of-trade receivables credit losses using an aging schedule can be summarized as follows:
- Pool receivables with similar risk characteristics
- Consider whether historical loss rates need to be adjusted for asset-specific characteristics (e.g., differences in the portfolio mix)
- Adjust historical loss rates for current conditions and reasonable and supportable forecasts. If required (e.g., for longer duration receivables), revert to historical loss rates for future periods beyond those that can be reasonably forecast
- Apply revised loss rates to the amortized cost (i.e., trade receivable balance) to determine the CECL allowance
There is more to this ASU than it seems. Entities should take steps now to familiarize themselves with the provisions of this standard and make assessments as to whether their financial assets fall in the scope of CECL. The required assessments that need to be completed will require time and potentially the assistance of an outside party to ensure all aspects of CECL have been considered and full documentation of the expected losses for each type of financial asset are completed. In addition, the implementation of CECL will require entities to implement the proper internal controls over this process
The ASU is effective for nonprofit entities for fiscal years beginning after Dec. 15, 2022. CECL is generally effective on a modified retrospective basis. An entity must apply the amendments through a cumulative-effect adjustment to net assets as of the beginning of the first reporting period in which the guidance is effective. Of note, CECL requires judgments that are point-in-time specific (e.g., economic conditions). So an assessment of the CECL reserve should be performed as of Jan. 1 and Dec. 31, 2023 for a calendar 2023 year-end entity. There are also numerous required disclosures to enable a user of the financial statements to understand management’s expected credit losses and changes in the estimate of expected credit losses that occurred during a fiscal year.
This article was excerpted from the BDO practice aid titled, “CECL for NonFinancial Institutions.” The full practice aid can be accessed on www.bdo.com at this link.
Written by Brad Bird and Lee Klumpp. Copyright © 2022 BDO USA, LLP. All rights reserved. www.bdo.com
Office of Management and Budget (OMB) Issues Addenda to 2021 Compliance Supplement
OMB issued a Federal Register notice announcing the issuance of Addendum #1 to the 2021 Compliance Supplement (Supplement) on Dec. 3, 2021. Addendum #1 includes the following two programs: (1) the Coronavirus State and Local Fiscal Recovery Fund (CSLFRF), and (2) an update to the Education Stabilization Fund (ESF).
Then on Jan. 19, 2022 OMB issued a Federal Register notice announcing the issuance of Addendum #2 to the 2021 OMB Compliance Supplement (Supplement). Addendum #2 includes seven programs as outlined below.
CSLFRF in Addendum #1
Addendum #1 contains a new program section for CSLFRF (Assistance Listing 21.027). This new section outlines the U.S. Department of the Treasury’s (Treasury) auditing expectations for this new program, which will likely be a major program for many recipients.
State and local governments are most often the direct recipients of this funding; however, many nonprofit organizations have received funding under this program from state and local governments.
Addendum #1 provides program objectives and the compliance requirements entities must adhere to as well as those subject to audit. In addition, Addendum #1 clarifies that the “beneficiary” concept introduced in the Coronavirus Relief Fund also applies to CSLFRF. Addendum #1 also notes that Treasury has proposed program requirements in an interim Final Rule and notes that auditors should test compliance with the requirements that existed at the time of the expenditure. Thus, entities should ensure they are in compliance with these requirements. Treasury released the Final Rule on Jan. 6, 2022. The Final Rule is effective April 1, 2022. Until that date, the Interim Final Rule remains in effect although early implementation of the Final Rule provisions is permitted. (See article that discusses the Final Rule in more detail.)
The compliance requirements identified as being subject to audit for CSLFRF in the Addendum are as follows:
- Activities Allowed or Unallowed
- Allowable Costs/Cost Principles
- Period of Performance
- Procurement Suspension & Debarment
- Subrecipient Monitoring
Remember, as a recipient of federal funds an organization must comply with all compliance requirements, even those not identified as subject to audit, if they are outlined in the agreement.
Addendum #1 also includes a discussion of the following facts related to revenue loss, which is an important component of the program:
- Revenue loss is not an eligible use; instead, recipients calculate it based on a formula to determine the limit for the amount of CSLFRF funds that can be used for the “provision of government services.” Government services is one of the four eligible uses of CSLFRF funds.
- Revenue replacement calculations for expenditures covered under the Treasury’s interim Final Rule are not subject to audit in the single audit of this program for fiscal year 2021.
- For the schedule of expenditures of federal awards (SEFA) reporting purposes, the aggregate expenditures for all four eligible use categories are reported on the SEFA and not the result of the revenue loss calculation.
ESF in Addendum #1
As a reminder the original Supplement for ESF is divided into 2 sections:
- Section 1 – Elementary and Secondary Education
- Section 2 – Higher Education
Only Section 1 was updated in Addendum #1 to address American Rescue Plan Act (ARPA) funding implications in subprograms 84.425U and 84.425X. Please note that Section 2 was not included in the Addendum since it was already updated for ARPA implications in the original release of the Supplement. As a result, if your organization has significant funding under subprograms 84.425U or 84.425X and also funding under Section 2 subprograms you will use Section 1 in Addendum #1 and Section 2 in the 2021 Supplement to ascertain the program objectives and compliance requirements.
If Section 1 applies to your client but that client did not have funding under subprograms 84.425U or 84.425X, you can utilize the original release of the ESF program in the Supplement to identify the requirements your organization must comply with.
Implications of Timing of Addendum #1 Release
The cfo.gov page states that “For audits with report dates prior to the issuance of the guidance in Addendum #1, auditors are not required to go back retroactively to review these two programs based on the newly issued guidance.” For example, if your entity had already completed its audit of CSLFRF as a major program in advance of Addendum #1’s release by using Part 7 of the Supplement, the organization would not have to go back and refer to Addendum #1 as long as the audit report was issued with a date prior to Dec. 3, 3021.
Programs Included in Addendum #2
The following programs were included in Addendum #2:
This is a new U.S. Department of Agriculture program that provides school-age children with nutrition assistance. Funding was provided to state governments.
This is a new U.S. Department of Agriculture program that is provided primarily to defray administrative cost of executing the pandemic EBT initiative. Funding was provided to state governments.
This is an existing U.S. Department of Housing and Urban Development program with changes made primarily to address new American Rescue Plan Act (ARPA) funding provisions.
This is a new Department of Transportation program that has only one recipient (i.e., Amtrak).
This is a new Department of Health and Human Services (HHS) program that targets assistance to those households with the lowest incomes that pay a high proportion of household income for water and wastewater services.
This is an existing HHS program which is part of the TANF Cluster with changes made primarily to address ARPA funding provisions.
This is an existing HHS program which is part of the Child Care and Development Fund cluster. In addition to changes to address ARPA funding provisions, auditors should note that Addendum #2 makes the reporting type of compliance requirement subject to audit (which includes testing of a financial report and special reporting requirements associated with the Federal Funding Accountability and Transparency Act). HHS received approval from OMB to add this requirement and to exceed the six-requirement mandate.
Action to be Taken
Organizations with funding sources that are included in these Addenda should familiarize themselves with the requirements related to these programs. It is important to ensure that your organization has complied with the requirements in the Supplement and Addenda even if you are not subject to a Single Audit. Compliance with the requirements in both the originally issued Supplement and the two addenda are required.
By: Marc Berger, CPA, JD, LLM
The IRS Tax-Exempt and Government Entities (TE/GE) Division released its “Fiscal Year 2021 Accomplishments Letter” on Jan. 6, 2022. The letter contains information about the TE/GE’s contributions to the tax administration process and describes the division’s accomplishments during the recently completed year.
In fiscal year 2021, TE/GE continued to identify tax compliance issues through its compliance strategy process. This process is based on the following six programs:
- Compliance Strategies: Issues approved by the TE/GE Compliance Governance Board to identify, prioritize and allocate resources within the TE/GE filing population.
- Data-Driven Approaches: Data and queries, based on quantitative criteria, used to identify high risk areas of noncompliance and focus on issues with the greatest impact.
- Referrals, Claims and Other Casework: Referrals of alleged noncompliance from internal and external sources, and claims for refunds, credits or adjustments.
- Compliance Contacts: Correspondence contacts, known as compliance checks, addressing potential noncompliance, and educational letters to limit costs and taxpayer burden.
- Determinations: Letters issued to exempt organizations on exempt status, private foundation classification and other determinations related to exempt organizations.
- Voluntary Compliance and Other Technical Programs: In addition to the Voluntary Correction Program for employee benefit plans, other technical programs, including Knowledge Management, work to ensure the quality and consistency of technical positions, provide timely assistance to employees and preserve and share TE/GE’s knowledge base.
In fiscal year 2021, TE/GE continued its Lean Six Sigma (LSS) efforts in two significant areas. In the examination area, the LSS team continues to work through the recommendations to improve exam-related processes and should be completing these efforts in early 2022. In addition, a new LSS team was established to look for process efficiencies with the compliance check process.
TE/GE collaborated with a diverse group of stakeholders to strengthen its programs in fiscal year 2021. The division partnered with the IRS Information Technology function to drive key components of the IRS modernization plan. It continued its collaborative efforts with the deployment of Enterprise Case Management to its end users in the Exempt Organization’s Correspondence Unit. In addition, TE/GE spent the year working with stakeholders across the IRS to strengthen its programs addressing fraud, promoter investigations and abusive transactions. TE/GE agents also received specialized training in various areas ranging from promoter/abusive transactions to virtual currency.
TE/GE also continued to partner with its Large Business & International and its Research, Applied Analytics & Statistics (RAAS) groups in the area of high income/high wealth taxpayers and the identification of linkages involving TE/GE organizations. Collaboration in this area is expected to continue throughout fiscal year 2022 with the expectation of participation in joint examinations between IRS divisions.
In recent years, examinations of exempt organizations have been targeted, generally focusing on one or two areas or issues. The potential for joint exams with other IRS divisions brings back memories of the Coordinated Examination Program (CEP), which was eliminated in 2000. CEP examinations often involved multiple divisions of the IRS and typically lasted several years. The Fiscal Year 2021 Accomplishments Letter does not mention reinstituting the CEP.
TE/GE’s Exempt Organization division (EO) completed examinations of 3,249 filings in fiscal year 2021, including the Form 990 series (990, 990-EZ, 990-PF, 990-N and 990-T) and their associated employment and excise tax returns. Overall, 82% of closed examinations resulted in a tax change, and there were proposed revocations for 94 tax-exempt entities. The principal reasons for the revocations were: (1) failure to meet the organizational and/or operational tests, (2) inurement, (3) not operating for an exempt purpose, (4) not operating for an exempt purpose/commercial activity, (5) not operating for an exempt purpose/non-member income, (6) operational requirements, and (7) political activity.
EO initiated and continued several compliance strategy examinations to address noncompliance, including:
- Hospital Organizations with Unrelated Business Income: Focused on unrelated business taxable income reported on Form 990-T where expenses materially exceeded gross income.
- Section 501(c)(7) Social Clubs: Focused on investment and nonmember income.
- Section 4947(a)(1) Non-Exempt Charitable Trusts: Focused on organizations that under-reported income or over-reported charitable contributions.
- Previous For-Profit: Focused on organizations that formerly operated as for-profit entities prior to their conversion to Section 501(c)(3) organizations.
- Private Benefit and Inurement: Focused on organizations that show indicators of potential private benefit or inurement to individuals or private entities by way of private foundation loans to disqualified persons.
The most prominent issues that were found in closed compliance strategy examinations related to miscellaneous excise taxes, unrelated business income, filing requirements and operational requirements.
EO initiated and continued several data-driven compliance examinations, including:
- Tax-exempt organizations selected through compliance query sets based on information reported on Forms 990, 990-EZ, and 990-PF.
- Tax-exempt organizations identified with RAAS to research indicators of private benefit/inurement involving officer/business partnerships, under-reported credit card income and related employees in for-profit partnerships.
The most prominent issues found in these data-driven examinations related to filing requirements and unrelated business income.
Referrals, Claims and Other Casework
EO also examined entities that filed and received exemption using Form 1023-EZ, Streamlined Application for Recognition of Exemption Under Section 501(c)(3), and from referrals both inside and outside the IRS. These referrals included hospital examinations referred from reviews conducted by TE/GE for compliance with Section 501(r) and other noncompliance issues.
EO also pursued promoter investigations and supported examinations in partnership with the Small Business/Self-Employed group-led investigations. In addition, EO spent nearly 8,000 hours assisting the Criminal Investigations group with fraud investigations as cooperating agents.
The most prominent issues found in EO’s Referrals, Claims and Other Casework examinations were unrelated business income, organizational requirements, abatements and excise taxes.
EO closed 94,466 determination applications in fiscal year 2021, including 81,589 approvals, 76,852 of which were approvals for 501(c)(3) status. A large majority of these 501(c)(3) determinations used Form 1023-EZ to apply. Use of 1023-EZ has grown since its introduction in 2014, and in fiscal year 2021 TE/GE updated its procedures for processing Form 1023-EZ.
While TE/GE continues its efforts to improve service for the tax-exempt community, IRS response time on applications for exemption is still inconsistent, raising the frustration level for applicants and their advisors.
The Fiscal Year 2021 Accomplishments Letter reflects TE/GE’s continued focus on addressing noncompliance in the tax-exempt organization sector. The hiring of additional revenue agents, combined with continued advancement in the use of technology, will likely result in increased examinations of tax-exempt organizations for the foreseeable future. Organizations should take the necessary steps to ensure they are operating within the rules.
For more information, contact Marc Berger, National Director Nonprofit Tax Services, email@example.com.
By: Amy Guerra, CPA
The financial statement presentation for not-for-profit entities (NFP) experienced an overhaul with Accounting Standards Update (ASU) 2016-14, “Not-for-Profit Entities (Topic 958): Presentation of Financial Statements of Not-for-Profit Entities.” Prior to the ASU, only voluntary health and welfare organizations had a requirement to include the statement of functional expenses as part of a complete set of basic financials statements. ASU 2016-14, effective for fiscal years beginning after Dec. 15, 2017, required all NFPs to provide an analysis of expenses by their natural classification as well as their functional classification in one location in its financial statements.
Entities should periodically ensure their presentation of functional expenses they have chosen is still appropriate and accurately portrays the entity’s activities. Discussed below are some best practices to keep in mind to ensure your functional expense analysis accurately portrays your entity.
Choose the Presentation Format
Entities first need to decide which presentation format is most advantageous to their financial statements. ASU 2016-14 permits the analysis of expenses to be presented on the face of the financial statements or in the footnotes. If the expenses are reported on the face of the financial statements, this can be done either on the statement of activities or a separate statement of functional expenses. For a simple entity, a description on the face of the statement of activities or a footnote disclosure might be sufficient. Entities with multiple programs may prefer to use a separate statement of functional expenses to give appropriate detail for how the natural classification of expenses is allocated across functions.
Whether your entity chooses to present the expenses by nature and function on the face of the statement of activities, as a separate statement of functional expenses, or as a schedule within the notes, keep the presentation simple.
Keep the Presentation Simple
Regardless of the presentation option chosen it is important to keep the presentation simple. Consider the following two questions:
- Who are the end users of your financial statements?
- What information is most beneficial to them?
When disaggregating your programs think about the mission and activities of your entity. What makes the most sense for your entity in terms of the number of programs to present? This will vary depending on the entity’s mission and size. The users of your financials will look to the programs outlined to paint a picture of why the entity is in operation.
The presentation should show the natural expenses of the entity by program and supporting activities, but that doesn’t mean every expense account within your general ledger needs its own line item. Focus on the information which will be useful to the reader and use that to drive the natural classifications that are presented. Having a functional expense analysis that fills a page with natural expense classifications can cause readers of the financial statements to lose sight of what is important.
Develop a Policy
There will likely be many facets to the entity’s expense allocation method. Documentation to support the methodology is necessary. The first step is determining whether an expense follows a direct allocation or an indirect allocation. A direct allocation should occur when an expense is specifically identified with a particular program or funding source.
For indirect allocation, what is your allocation method and how does it apply to each natural classification? For the allocation of salaries and wages, you should understand and document the responsibilities of each position at the entity. At a smaller entity, the chief financial officer may have some program function, but focus primarily on finance. The finance portion must remain in management and general. Someone in the position of a program manager would likely have a larger portion of salaries and wages expense allocated to program category rather than supporting services.
An entity has to look at what allocation methodology makes sense to its operations for each expense category. For example, for some entities it may make sense to allocate rent expense based on personnel headcount and for others it may make sense to allocate rent expense based on actual square footage. Each entity has to make these types of decisions based on the nature of their operations.
Maintaining documentation to support the allocation methodologies ensures the appropriate allocation methods are reasonable and consistently applied. Individuals with suitable knowledge, skill and expertise on the operations of the entity are critical in establishing the policy. If the entity is required to have an audit, this documentation will be requested as part of the audit process.
Review the Policy Regularly for Needed Updates
Establishing the allocation policy is a start, but not the finish. NFPs are not static. Like other policies, a best practice is to review your entity’s expense allocation policy on an annual basis. A new program could start up one year or a new source of funding may come into the NFP, and these may necessitate revisions to the allocation policy. The new program or funding source could change the role of a particular employee or how the space within a facility is used. Keep in mind, your allocation methodology is described in the footnotes of your financial statements. Will the user of your financials find the methodology appropriate?
An NFP’s management has the responsibility to review the allocation policy, assess allocated activities, and ensure the allocation method for a particular activity is consistently applied in accordance with the documented policy.
For more information, contact Amy Guerra, assurance director, firstname.lastname@example.org
By Adam Cole, CPA, and Andrea Espinola Wilson
Amid the early stages of the COVID-19 pandemic, many nonprofits saw an increase in goodwill as individuals and organizations were inspired to give back in a time of crisis. Now, nonprofit leaders are looking to understand how they can maintain that goodwill — and many are turning to corporate volunteers.
1. FOSTERING A FEELING OF TOGETHERNESS
Though employees have widely embraced remote working, some employers are eager to get staff back in the office to maintain and even rebuild a sense of community and teamwork that they feel has been lost in remote or hybrid work environments. Nonprofit leaders can tap into this desire for togetherness by finding companies to partner with by positioning volunteering as a team-building exercise. Doing good for the world comes with a plethora of benefits — and when in the workplace, can help employees create deeper connections with each other.
2. TAPPING INTO THE ESG FOCUS
As the business world slowly shifts toward sustainable strategies to create long-term value, there is an opportunity for nonprofit leaders to be a part of this change. Though traditional environmental, social and governance (ESG) efforts are focused more on internal operational changes to make a business more sustainable, public-facing action can also improve the business’s reputation in the eyes of investors and stakeholders more broadly. Nonprofits whose mission is
focused on sustainability and bettering the world can tap into this sustainability-driven mindset and work with corporate employers to build a better volunteer base while furthering their mission.
3. CATERING TO THE SOCIALLY CONSCIOUS GENERATION
Gen Z is now flooding into the workforce in droves, and its priorities are somewhat different from those of the generations they will coexist with in the workplace. Gen Z expects to feel a connection to work and wants a job to align with its members’ values — a LinkedIn Workforce Confidence Survey found that 69% of Gen Z would switch jobs to one that better aligns with their interests or values, as compared to 59% of millennials, 45% of Gen X and 40% of Baby Boomers.
Nonprofit leaders can tap into this need for organizations to cater to Gen Z job seekers by partnering with businesses looking to attract new talent. This helps the nonprofit ensure it has a steady flow of volunteers while also allowing the company to promote itself as community-focused and driven by more than just profit.
While COVID-19-related pressures still weigh on the nonprofit industry, new opportunities are on the horizon. Staying tapped into corporate volunteering trends can help nonprofit leaders build new and lasting relationships, ensuring they can continue to serve the communities they support and further their mission far into the future.
For more information, contact Adam Cole, Partner and National Co-Leader, Nonprofit & Education Practice, email@example.com, and Andrea Espinola Wilson, Partner and National Co-Leader, Nonprofit & Education Practice, firstname.lastname@example.org.
By Karen A. Schuler, CIPM, CIPP/E, CIPP/US, FIP, CDPSE, CFE, and Taryn Crane, PMP, FIP, CIPM, CIPP/E, CIPP/US
Nonprofit organizations, including many charities, harness blockchain technology to improve sustainability, reduce cost and protect donor information. The most frequently asked questions about blockchain for nonprofits include: what is it, how does it work and why is it effective. Before further discussion, let’s review some common terminology.
General purpose technology (GPT) is “technological progress that drives long-term economic growth.” GPTs apply to almost any activity and have the ability to ”transform those activities by improving efficiency or creating opportunities for new ways of doing things.” Distributed ledger technologies (DLTs) are databases that are shared and synchronized across multiple sites, institutions, or geographies. They are accessible by numerous people, and transactions can be public in certain situations. Blockchains are DLTs, so they are databases that store information in blockchains that are chained together. Nonprofits can store different types of information in blockchains, but the most common type is for transactions.
The terms “digital assets,” “cryptocurrency” and “tokens” are often interchangeable. However, there are notable differences. Digital assets are non-tangible assets, such as non-fungible tokens (NFT), created, traded and stored digitally. Cryptocurrency is a medium of exchange or the digital equivalent of fiat currency (e.g., USD, Euro) that allows organizations to trade them for goods or services. Tokens, on the other hand, are built on the platform on top of blockchains. They are programmable, permissionless, trustless and transparent. They are composed of smart contracts that provide the rules of engagement of the token.
The goal of blockchain technologies is to give organizations complete control of their data and manage the flow of information.
Nonprofits’ Blockchain Use Cases
Philanthropy is driving blockchain use for nonprofits. Because charities, nonprofits, and non-governmental organizations (NGOs) can find it challenging to reach suitable donors, they build blockchain solutions to help change that. However, opportunities exist for nonprofits to expand their use of blockchain solutions to support Environmental, Social and Governance (ESG) efforts. Additionally, nonprofits have an opportunity to develop a digital asset, NFTs, to support their philanthropic initiatives. The entertainment industry sells NFTs to provide unique features such as meeting the artist, engaging with filmmakers or obtaining ownership rights.
Below is a matrix that introduces opportunities for nonprofits to leverage blockchain technology.
Philanthropy will continue to lead nonprofits’ blockchain use. Still, the ability to drive efficiencies, privacy and data protection, transparent reporting and global workforce flexibility presents a unique opportunity for this sector.
Environmental, Social & Governance
Initial versions of cryptocurrency platforms consume large amounts of energy and are not environmentally conscious; however, recent advancements in the technology drive energy-efficient options for blockchain operators. From a social perspective, blockchains aid in humanitarian efforts by providing distributed and shared records that are immutable and tamper-proof. Finally, blockchain data management allows for transparency and trust, contributing to the governance pillar of ESG.
Nonprofits at times find it challenging to attract new talent. However, blockchain technologies allow:
- Organizations to verify education, evaluate skills and assess performance of candidates in a timely manner.
- Candidates to manage and share their credentials more efficiently.
- Nonprofit organizations to handle cross-border payments, tax liabilities and create their own corporate currencies.
Privacy and Data Protection
Blockchain protects personal information and the benefits for nonprofits are endless. Organizations outsource aspects of their business to drive marketing, philanthropy, awareness and operational management. In many cases, organizations benefit from outsourcing IT, data storage and security operations. However, copies of data reside throughout the organization’s network, and many organizations have developed custom databases and applications or shadow technologies, creating additional risk.
Data privacy is the relationship between the collection and dissemination of data and the public’s expectation of keeping that information private. As the enforcement of domestic and global regulations continues to rise, organizations are challenged to meet strict and evolving obligations.
Blockchain can both negatively and positively impact an organization’s privacy operations. Below is a chart that provides an overview of common privacy principles and blockchain’s impact on each of them.
Table 1. Blockchain Impact on Privacy
 International Association of Privacy Professionals, Resource Center, Fair Information Privacy Principles
Other obligations that an organization should consider are cross-border data transfers and whether the blockchain solution meets the legal requirements of each jurisdiction where data resides. Additionally, the roles of each entity using the blockchain data must consider whether it is the owner of the data or a participant processing the data.
It is essential to evaluate any technology’s regulatory, legal, security and privacy implications and obligations. Organizations can do this by taking a Data Protection by Design & Default approach. Data Protection by Design allows an organization to “embed data privacy features and data privacy-enhancing technology into the design of projects at an early stage”. To get started with Data Protection by Design, there are seven fundamental principles that should be followed.
The development of a Data Protection by Design program is a challenge for many organizations. So, BDO developed a Data Protection by Design & Default Framework® to help organizations build this program. See related article entitled, “How Nonprofits Can Protect Their Data and Reputation in the New Era of Data Privacy” in the Winter 2020 newsletter.
 6 Irish Data Protection Commission, Data protection by Design and by Default
The benefits of blockchain for nonprofits are countless and the opportunity exists for organizations to embed these technologies into business operations. However, before embarking on the development of a DLT, organizations must first consider and weigh the benefits, risks, data protection implications and legal obligations. It is essential to follow the principles outlined in this article and ensure that data protection and data privacy are considered at the start of an organization’s journey with blockchain.
By Barbara Finke, CPA
Are you tired of the “new normal,” logging into yet another virtual meeting and hoping your internet will hold out for your key presentation? Or do you love being remote so much that you’ve thrown out all your business pants and shoes, replacing them with loungewear and comfy socks? Either way, it’s time to admit that even after the COVID-19 shutdowns end, remote work settings are likely here for the long haul. Given this change, it is key for management to adapt its training and interactions with teams while striving to keep the organization’s culture.
Based on the tone at recruiting events throughout 2020 and 2021 thus far, it is clear that the next group entering the workforce expects location flexibility and demands a vibrant corporate culture. Meanwhile, the need for productivity and efficiencies have not changed, as nonprofits are continuously expected to do more with less. Effectively managing a remote team is a matter of being intentional and adaptative.
In a remote environment, there isn’t an opportunity to run into someone in the breakroom or other communal areas and spark a conversation. In the past, inter-department communication often depended on those chance encounters. A fund development officer might start telling the chief financial officer (CFO) about a great art piece that was part of the most recent bequest. This offhanded comment would allow the CFO to discuss how this should be accounted for and if any tax forms would be required. Without this chance meeting, would the CFO ever know about the gift? Maybe not. To avoid these potential gaps and others in a remote environment, communication needs to be intentional. Create a virtual “meeting space” where, on a recurring basis, team leaders meet to discuss what is happening. Create an agenda to discuss wins, challenges and other developments that allows each department to catch everyone up on what is happening. This meeting should be frequent enough so that it’s not too long and relevant information is shared in a timely manner. Consider making these video meetings so you can still maintain face-to-face interaction.
Leaders also need to be intentional about reaching out to their team members. Pulse of HR, a website partnership between Josh Bersin Academy, CultureX and Waggl, maintained several surveys during the pandemic asking employees and human resource professionals questions about policies and procedures during the last year. One of the questions was “What is one thing your organization has done in response to COVID-19 that has positively impacted employee engagement?” The top three answers all included increases in communication. So, how can management communicate more in a virtual environment? Be cautious about sending more and more emails. Inboxes are full, and group-wide emails are often ignored. Try building a strong intra-network page as the landing page for your team members when they start the day. This is a great way to pass out key information to all staff. Some offices may want to start a monthly newsletter to keep the team informed of exciting personal or professional happenings. This is also a great place to keep up personal interactions between colleagues with games and other virtual hangouts.
Leaders must be responsible for driving intentional communication, but should also think about how to involve the whole team in helping write and circulate the information. This could be a great project for an intern who was hired remotely to help teach them about the corporate values and culture.
In addition to intentional, well-planned communication, a remote leader needs to drive organizational adaptation. Remote work requires evaluating and updating potentially antiquated or “office-biased” policies and perceptions.
For example, how has the organization adapted to providing the tools and equipment needed for teams to work remotely? Do you have a checklist of what equipment team members need at home to complete their work tasks? Have you created a policy on how much the organization will provide and how much may be at the expense of the employee? Some organizations provided stipends during the year to assist with working-from-home requirements. Is this something that needs to be budgeted now for new hires? What onboarding or training procedures will need to be revamped to equip your team members for success?
Does the organization need to consider updating or revamping how to measure employee success? Oftentimes, organizations are focused on time inputs. An employee’s time is tracked and those who show up and stay at their desk are often labeled successful. What if the organization created more output metrics? Track project assignments and completions. Eliminate the need for tracking keystrokes or checking to see if the team is online during the old “office hours.” If you remain focused on intentional communication, it may be possible for remote teams to set their own working hours while still coordinating group projects.
Another concept prevalent for embracing a remote workforce is asynchronous communication, which allows teams to communicate through applications, such as Teams, Slack, email and others, without an expectation for an immediate response. The traditional in-person meeting can still take place through these chat room functions at the convenience of the team. Allowing a shift to more asynchronous communication empowers employees to work efficiently with fewer interruptions and on their own schedule. It can even foster more honest communication, as employees are given the time and space to formulate a response. In addition, employees sometimes feel they can be more direct through the written word in a chat room than face to face. Consider how many meetings could be shifted to this model to encourage productivity, honesty and breaking down silos.
It’s likely that the shift to remote work settings for most organizations will change the way employees work forever. By being intentional, adaptive and flexible, organizational leaders can help ensure that the current workforce is both productive and satisfied while continuing to recruit and retain top talent.
Article reprinted from Nonprofit Standard blog.
By Divya Gadre, CPA
Since navigating the headwinds of the past year, nonprofit organizations have reimagined their operations to maintain relationships with donors, volunteers and the communities they serve while discovering new means to protect mission funding. Even so, the impacts of the pandemic and calls to further social justice work won’t subside overnight, leaving many organizations continuing to reassess their processes, approaches and impact.
In this article we outline five considerations nonprofits are contending with and how organizations can approach them:
1. COVID-19 Relief Funds
Since the outbreak of the COVID-19 global pandemic, some nonprofit organizations have benefited from different types of federal financial aid. These include the Paycheck Protection Program (PPP), Economic Injury Disaster Loans (EIDL) and the Main Street Lending program advances and loans, the Higher Education Emergency Relief Fund (HEERF), the Employee Retention Credit (ERC), the Families First Coronavirus Response Act (FFCRA) which paid sick and child care leave and related federal tax credits, shuttered venue relief, special relief for hospitals and healthcare providers, and the ability to defer certain federal payroll deposits interest free. To ensure compliance, nonprofits should consider the following questions:
- Is your organization covering the same cost by two sources of stimulus funding?
- Are your costs and stimulus aid accounted for appropriately? Consider whether the funding is a loan or revenue, and investigate potential debt covenant implications. Be mindful of maintaining appropriate controls to process your funding and complying with the specific requirements related to your federal assistance, such as the single audit.
Organizations should involve auditors, bankers and key board members in discussions around managing and abiding by the various requirements of pandemic-related federal financial aid. Nonprofits should be cognizant of any federal program rules (which frequently change) and should be sure to document the organization’s compliance with those requirements.
2. New Accounting Standards
The Financial Accounting Standards Board (FASB) Accounting Standards Update (ASU) 2016-02, Leases, is now effective for many nonprofit organizations. The impacts of adopting ASU 2016-02 include:
- Lease arrangements have to be classified as either finance leases or operating leases.
- The right-of-use asset model, which shifts from the risk-and-reward approach to a control-based approach.
- Lessees will recognize an asset on the statement of financial position, representing their right to use the leased asset over the lease term and recognize a corresponding lease liability to make the lease payments.
- The lease liability is based on the present value of future lease payments using a discount rate to determine the present value based on the rate implicit in the lease, if readily determinable, or the lessee’s incremental borrowing rate.
To prepare, organizations should discuss the new lease standard with their accounting advisors and evaluate the impact the standard will have on all facets of the organization’s leasing activities. Organizations should also identify and classify all leases based on the criteria in the ASU, and prepare financial statements based on the guidance. The organization should determine if the impact of adopting the standard causes any potential issues with meeting current debt covenants. Lastly, organizations should review current lease disclosures and update them to meet the ASU’s criteria.
The FASB issued ASU 2020-07, Presentation and Disclosures by Not-for-Profit Entities for Contributed Nonfinancial Assets, to increase the transparency of the presentation and disclosure of these items. Important items to note are:
- The ASU should be applied retrospectively to all periods presented and is effective for annual reporting periods after June 15, 2021 and interim periods within annual periods after June 15, 2022. Early adoption is permitted.
- The ASU requires that contributed nonfinancial assets be presented as a separate line item in the statement of activities, apart from contributions of cash and other financial assets.
- The ASU outlines specific disclosures related to contributed nonfinancial assets that organizations will have to add to their financial statements.
To prepare, organizations should discuss this new standard with their accounting advisors and evaluate the impact the standard will have on the presentation and disclosure of contributed nonfinancial assets.
3. Cybersecurity and Breaches
As many nonprofits have moved to adopt a fully remote or hybrid work environment, there are significantly more employees working from home, using personal devices, internet providers and cybersecurity practices that likely aren’t as robust as an organization’s systems. As a result, there has been an increase in cybercrime, and these occurrences are only expected to continue to rise as bad actors become more advanced. This is especially harmful to nonprofits because of the sensitive information they may have in their records pertaining to staff and the communities they serve. A breach could present significant reputational risk and damage future fundraising efforts and partnerships.
For this reason, it’s imperative that nonprofits prioritize risk management to implement procedures to safeguard against cyberattacks as well as prepare their organizations to respond to a cyber breach. Organizations should develop a robust plan and implement procedures to guide the steps the organization will undertake if a breach were to occur.
4. Sudden Increased Use of Technology
For some organizations, remote work has highlighted their reliance on manual workflows. Certain internal processes that worked before, such as cross-organization collaboration in communal workspaces and in-person reviews of invoices, are no longer the status quo.
As a result, organizations should reassess systems, controls and processes from a remote work point of view and develop a plan to share with management and board members/committees. The plan should reflect the organization’s goals for adopting technology across departments, a funding plan and actionable steps to facilitate implementation.
5. Diversity, Equity and Inclusion (DEI)
The events of the past year have drawn heightened attention to organizations’ social impact, and nonprofits should carefully consider their organizational approach to DEI. Begin with an exploration of these terms and define what they mean for your organization and its mission. Consider the following questions:
- Is your organization prepared to be transparent about the steps it is taking to become more diverse and encourage inclusive practices? How does your organization communicate its values to the public and new or existing staff and volunteers?
- Does your nonprofit create opportunities to listen to the voices directly from community, grassroots or young leaders in low-income, underserved and/or marginalized populations?
- How can your nonprofit open its board recruitment and staff hiring pipeline to talented candidates from underrepresented groups?
- How can your organization work with existing and future collaborative and community partners to ensure they share similar values and approaches to DEI? Are you having these conversations at the onset of new partnerships?
- How will your nonprofit assess the progress you are making toward your goals? What will success look like?
No matter what stage your organization is in with regard to a DEI strategy, you should ensure that it’s ingrained seamlessly in all processes. Organizations can broaden their view by relying on experts, board members and external consultants, to brainstorm the most impactful approach.
As we emerge from the pandemic, the nonprofit landscape will continue to evolve. To support operational sustainability and social justice work, it’s imperative for organizations to monitor how these considerations impact their mission and processes, and their ability to remain agile enough to adapt to change.
Article reprinted from BDO Nonprofit Standard blog.
By Tammy Ricciardella, CPA
On Aug. 12, 2021, the Office of Management and Budget (OMB) issued the 2021 Compliance Supplement (Supplement). The Supplement is effective for audits of fiscal years beginning after June 30, 2020. The Supplement can be accessed on the OMB website.
The Supplement is issued annually to assist auditors by providing a source of information related to various federal programs and assist with the identification of compliance requirements. However, auditees, both for-profit and nonprofit, should be familiar with the content included in the Supplement as it relates to their federal funding. The Supplement includes information related to the Provider Relief Fund, Coronavirus Relief Fund (CRF) and Education Stabilization Fund (ESF) among many others.
There are numerous changes in the Supplement this year that will be important for those with federal funding to focus on. Some highlights are as follows:
Part 2, Matrix of Compliance Requirements, is important to review to determine the programs included in the Supplement and the compliance requirements that will be subject to audit. Although auditees need to ensure they comply with all requirements of their agreements from the federal agencies and pass-through entities, the Supplement is helpful to see which compliance areas will be subjected to audit for their major programs.
Part 3, Compliance Requirements, has been updated to reflect the August 2020 Uniform Guidance revisions. In addition, the section for the reporting compliance requirement has been updated to reflect changes to the Federal Funding Accountability and Transparency Act (FFATA) that is applicable for certain major programs. Auditees should be aware of these requirements to ensure they are in compliance with the FFATA reporting.
Part 5, Student Financial Assistance, has been updated significantly to reflect numerous compliance requirement changes.
All recipients with federal funding should read Appendix V, List of Changes for the 2021 Compliance Supplement, and Appendix VII, Other Audit Advisories. Appendix V lists the changes to the programs that were made in the Supplement and Appendix VII focuses on additional guidance on COVID-19 funding and other matters. Appendix VII contains a definition of COVID-19 funding and makes it clear that only funding from one of the following federal programs that was received by an entity as a new program or funding to an existing program meets the definition of COVID-19 funding referred to throughout the Supplement:
- Coronavirus Preparedness and Response Supplemental Appropriations Act
- Families First Coronavirus Response Act
- Coronavirus Aid, Relief, and Economic Security Act (CARES Act)
- Coronavirus Response and Relief Supplemental Appropriations Act (CRRSAA)
- American Rescue Plan (ARP)
Appendix VII also outlines how to reflect donated personal protective equipment (PPE) on the Schedule of Expenditures of Federal Awards (SEFA). If an entity received donations of PPE without any compliance or reporting requirements or Assistance Listings (formerly CFDA) from donors, these should be shown at the fair market value at the time of receipt as a stand-alone footnote accompanying the SEFA. In addition, the amount of donated PPE should not be included for purposes of determining if the entity has met the threshold for a single audit.
However, if an auditee receives funds provided under an Assistance Listing, either from a federal agency directly or a pass-through entity, to purchase PPE these amounts would be included in expenditures on the SEFA.
Appendix VII reminds entities acting as a pass-through entity when awarding COVID-19 funds to subrecipients to be sure they are documenting at the time of the subaward the fact that the funds are COVID-19 funds and providing the Assistance Listing number and the dollar amount of COVID-19 funds.
Subsequent to the release of the Supplement, OMB has announced that they plan to issue two Addenda. The first Addendum is to be issued in early Fall and likely include the Coronavirus State and Local Fiscal Recovery Fund (Assistance Listing 21.027) and updates to the Education Stabilization Fund (Assistance Listing 84.425). The second Addendum is to be issued later in the Fall. The second Addendum is expected to include the following three Treasury programs: Capital Projects Fund (no Assistance Listing yet); Homeownership Assistance Fund (Assistance Listing 21.026); and the Local Assistance and Tribal Consistency Fund (no Assistance Listing yet). The second Addendum may include additional new programs.
OMB will post the Addenda to the CFO.gov website when available. The Addenda will not be posted to the OMB website; however, OMB will be responsible for reviewing the Addenda prior to issuance and they will be considered an official part of the 2021 OMB Compliance Supplement.
Appendix IV, Internal Reference Tables, lists all COVID-19 programs arising from the COVID-19 funding listed earlier that have been identified as “higher risk.” The designation of “higher risk” programs from the ARP have not been made yet, so stay tuned for any communication of these in the forthcoming Addenda. The Medicaid cluster continues to be designated as “higher risk” as in prior years.
The designation of these new programs as “higher risk” in the Supplement may result in additional programs being identified as major programs by your auditors in the single audit. Auditees should be aware of this effect and be prepared for this reality. This will mean that additional documentation and support may be required by the auditors.
By Gail Spielberger, CIPM
Privacy in the age of modern technology is a major concern for individuals and, moreover, is the focus of laws and regulations directed at organizations that use personal data. The fast-moving digital landscape has not only challenged current lawmakers, but has also resulted in an erosion of public trust in how data is used, stored, transmitted and protected. As organizations, including nonprofits, adopt new technologies, services and business operations, they must be proactive about their data policies and practices to assure individuals their personal data is safe, and likewise reduce the likelihood of data loss, unauthorized disclosure or misuse.
What is Privacy by Design?
Privacy by Design (PbD) is an approach that considers privacy concepts from the moment a product, service or business process is designed or planned, from inception to implementation. This means that products, services and applications must be designed and developed to protect privacy from the beginning rather than applied later as an afterthought.
Some privacy laws and regulations, such as the General Data Protection Regulation, legally require organizations to apply PbD principles as part of their organizational data practices. As part of these regulations, organizations may be required to provide evidence that they have implemented PbD. This documentation not only demonstrates compliance to regulators, but it also allows your organization to recognize potential privacy issues so risks can be identified and mitigated as projects move forward. Further, these privacy implementations will provide your enterprise with a framework to comply with privacy and data protection laws and regulations, and can strengthen your reputation while differentiating your organization from the competition.
What does this mean in practice?
There are seven PbD principles that serve as an overarching framework for organizations to insert privacy and data protection early, effectively and credibly into information technologies, services or business practices. The information below provides the foundation for your organization to implement PbD principles for new projects where personal data will be collected, used, processed or stored.
Proactive not Reactive; Preventive not Remedial
Anticipate and prevent privacy events before they occur by:
- Creating individual awareness and adoption at the highest levels of the organization, mandating and enforcing high standards as it relates to data protection.
- Promoting a culture of accountability.
- Establishing methodologies and processes to identify data protection risks to ensure they are remediated in a timely and systematic manner.
Privacy as the Default
Build privacy into systems and processes so that personal data is protected automatically, by default, with no additional action required by the individual. This principle can be achieved by:
- Collecting only the minimum amount of data actually needed for specific business purposes and destroying or anonymizing data once it is no longer necessary for those purposes.
- Ensuring personal data is used only for a specific defined purpose and not repurposed unless proper notification and/or consent is provided.
- Not using personal data without a legal basis or consent from the individual .
- Applying reasonable technical and organizational security measures to safeguard against unauthorized access, loss, destruction, modification or disclosure of data.
Privacy Embedded into Design
Integrate privacy into technologies, operations and information architectures to evaluate risks early in the ideation and design processes. Privacy should be embedded in the design and development process, not just considered after the fact. Consider:
- Adopting a systematic approach to embedding privacy in the design and development phases of each project, technology or business process.
- Systematically conducting Privacy Impact Assessments, Data Protection Impact Assessments and Vendor Risk Assessments to clearly identify and assess privacy risks.
- Measuring the risks and considering alternatives or mitigating actions.
Full Functionality – Positive-Sum, not Zero-Sum
Accommodate all business objectives, not just privacy goals, to achieve practical results and benefits for all parties and business units involved by:
- Embedding privacy in a way that does not impair the intended functionality, technical capability or business need.
- Carefully considering all requirements to achieve the optimal multi-functionality of each product.
End-to-End Security – Lifecycle Protection
Personal data needs to be protected throughout the entire information lifecycle from initial collection through destruction. Aim to collect, process, use, share, maintain and destroy personal data in a secure and timely fashion. Consider:
- Building protections for the secure destruction and disposal of personal data when it is no longer needed.
- Monitoring data transfers and ensuring appropriate safeguards and contractual arrangements are in place prior to doing business with third parties.
- Adopting appropriate access controls, encryption standards, data backups and continuous monitoring to ensure personal data remains accurate, with its integrity and availability intact.
Visibility and Transparency
Establish accountability and trust through transparency by informing individuals what data will be collected, how it will be used, and with whom it will be shared. Transparency is not just displaying what the organization does, but also bridging the gap between expectations and reality. To meet this principle, consider:
- Making privacy notices easily accessible and written in clear and simple terms in order to avoid overwhelming the reader with information.
- Mandating and enforcing privacy-related policies for employees and ensuring that vendors are evaluated to identify and mitigate risk in a timely manner.
- Keeping accurate records of data, how it is being used, with whom it is being shared, where it is stored, how long is it being stored for and how the data will be destroyed when no longer necessary.
- Allowing individuals to access and correct their information.
Keep it User-Centric
Respect individual privacy and provide employees, customers and third parties with an effective privacy experience. This means providing them with clear choices about how and when your organization will communicate with them, as well as ways to opt out of having information shared with others and the right to have their data deleted. Consider the individual by:
- Obtaining consent to collect and use individual data in specific ways and allowing them the ability to modify or withdraw their consent if possible.
- Consciously designing products, systems and applications with the individual and their protection in mind.
- Limiting the amount of data your organization collects to reduce overall risk and liability for the individual and the organization alike.
As stated above, Privacy by Design is about examining how your organization uses personal data and what impact that use will have on individuals. By incorporating the aforementioned principles into your operations, your organization will be able to better: capture and mitigate risks, understand the data it possesses, demonstrate compliance to regulators and maintain respect for individual privacy.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2021). Copyright © 2021 BDO USA, LLP. All rights reserved. www.bdo.com
By Michaela Kay, CPA
2020 was quite the year. While we started off with record highs in the stock market, by mid-March, we saw the fastest 30% decline in the S&P 500 in the history of the index. Since then, we have continued to see many ups and downs, but we still saw overall gains in the stock market.
What does this mean for your organization’s spending policy? Is it time for an update?
Most financial experts advise sticking to your plan during tumultuous financial times and embracing volatility, as it can be an organization’s best tool to beat inflation and maintain the spending power of invested funds.
However, the events of the past year have shed light on some reasons why an organization should consider updating its spending plan.
Here are a few examples of scenarios that might trigger a policy revision:
1. The investment fund is underwater.
Just as with your personal finances, an organization should not live paycheck to paycheck. If an organization has withdrawn all the income from an investment fund, it may want to consider revising the spending policy to decrease spending. It is healthy to have a cushion of accumulated earnings. That way, when future losses come, it will not be necessary to dip into the corpus in order to keep funding program services.
2. The spending policy doesn’t include a smoothing policy.
The most common type of smoothing policy is a simple moving average based on the average balance of the account over a specified period of time (often three years). This helps stabilize spending compared to a policy that focuses on fully spending the annual income or a fixed rate. It also helps to preserve the corpus in the long run.
3. The organization’s goals and needs have changed.
Depending on an organization’s mission, operations may have changed drastically in the past year. Some organizations, especially in arts and culture, have been shut down. Other organizations, especially those that serve basic needs, may have seen the biggest year in the organization’s history. All of these changes have likely led to shifts in financial needs. As a result, it may be necessary to adjust spending in order to use funds responsibly.
4. The organization received a financial windfall.
From time to time, organizations receive bequests or other large contributions. Often these gifts are hard to predict and come at unexpected times. While it is always tempting to spend money, executive management and the board should strongly consider the best use for the funds over the long term. If the contribution is invested, organizations may be able to support programs with very stable funding for years into the future.
Best Practices for Updating Your Organization’s Spending Policy
Investment committees should regularly review their organization’s investment and spending policies with help from a professional investment advisor. If organizations decide that it is time for a policy update, here are a few next steps:
1. Understand the organization’s needs.
When designing a new policy, it is best to start from the ground and work your way up. What are the organization’s needs? What is or is not working with the current policy? What is the primary goal for the investment fund? Don’t rush into a solution before carefully considering the needs and issues.
2. Seek professional guidance.
Even if the organization has board members or others within the organization with strong financial backgrounds, it may be helpful to seek guidance from a third-party investment advisor. An investment advisor, especially one with a strong background in serving nonprofit organizations, may be able to offer an alternative viewpoint or provide additional ideas about how to meet the organization’s objectives. An investment advisor may also be able to model investment and spending policies to give the organization a better idea of how these policies may play out in the future.
3. Start writing.
For any policy to be effective, it must be clear, consistent, specific and realistic. This will likely require several drafts and reviews from multiple people. When drafting, organizations should make sure to compare the new policy with other existing policies for consistency.
4. Seek approval from the board of directors.
Important policies, such as spending policies, should be approved by the board of directors prior to implementation. It’s important for organizations to document policy approval in the board of directors meeting minutes and save the policy in a place where it can easily be accessed.
That said, there is no one-size-fits-all spending policy or process to update policies. Each nonprofit is unique and has unique needs for its spending policy. Thus, organizations should consider their options carefully, seek advice and input from others and, if an update is needed, begin writing a new policy with their specific needs in mind.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2021). Copyright © 2021 BDO USA, LLP. All rights reserved. www.bdo.com
By Mark Antalik
A data breach is one of the worst things that can happen to nonprofit organizations, their clients, donors and volunteers. When malicious perpetrators gain unauthorized access to financial information or other personal data, they can steal identities, exfiltrate intellectual property and can cause reputational damages that will affect the organization for years to come.
Information sharing is fundamental to virtually every aspect of business. As an organization grows, information sharing grows along with it—with vendors, contractors, partners and customers. And every one of these relationships present a new set of potential vulnerabilities.
Data breaches are increasing in frequency and can be potentially catastrophic to an organization; therefore, the need for data protection, as well as the way in which it is implemented, must be balanced thoughtfully against strategic and operational needs.
However, given that data breaches are virtually impossible to stop, it is imperative for organizations to build, maintain and follow a sound breach response program. To accomplish this, BDO developed a two-part series with step-by-step methodology to effectively respond to incidents and maintain a program that allows the organization to respond in the wake of crisis.
- Identify, Understand and Communicate – Processes to identify the potential threat, gain an understanding of the threat and its potential impact, and communicate with the appropriate agencies and other involved or impacted parties.
- Respond and Contain – Responses and efforts to contain or limit data breaches can have significant impacts on an organization’s ability to recover from the incident.
- Perpetuation – Preservation of evidence will assist in remediating the current breach and may aid in identifying future attempted breaches.
- Notification and Identity Monitoring – Through internal or third-party services, affected parties can be notified of any activity related to their personal information and efforts to remediate and reduce potential impact.
In this article we address the first series. We discuss identifying, understanding and communicating during a breach situation and how breaches should be managed. In the second series, we will elaborate on perpetuation through digital forensics, as well as outlining approaches to notification and identity monitoring. While it is impossible to eliminate all risk of a data breach, a well-designed program will minimize the negative impact on both short- and long-term business goals.
Identify, Understand and Communicate
There are numerous ways data breaches can occur. An organization’s data governance architecture is important for providing the most resilient defenses. When reviewing priorities of a network security program, one must understand that breaches can occur in the following formats:
- Criminal act by outsider (hacking; portable device theft; cloning; burglary)
- Technology failure (firewall or server compromise)
- Insider threat (theft; embezzlement; unauthorized disclosures; collusion; retaliation)
- Human error (lost mobile device; misdirected email or fax [yes…faxes are still in use]; improper configuration of security systems; improper trash disposal; failure to secure physical premises)
- Vendor error (misdirected data, packages or mail)
Given the interconnected nature of our business and personal environments, data breaches can be relatively simple for the persistent malicious perpetrator or discontented insider. Every computer, cellular device, networked system and unsecured Wi-Fi connection represents a potential point of entry.
Unfortunately, most organizations are unaware of how vulnerable they really are; some understand the threat landscape, but they may be focused on other revenue-generating areas of the business. IT professionals, with support from senior leadership, must understand that data breaches are responsible for $400 billion in global losses every year. The problem will only get worse, especially as individuals migrate more of their lives to online systems and resources.
Data breach threats are on the rise for organizations of all sizes and in all industries. Regulators, industry associations and the federal government have begun to act, issuing attestation guidelines and regulatory mandates surrounding organizational cybersecurity programs.
With concern growing among stakeholders, there is building pressure for organizations to prove they have effective controls in place. Organizations must be able to detect and mitigate data breaches that have the potential to disrupt business operations, damage their brand and cause significant financial losses.
Undertaking a comprehensive data protection and cyber risk assessment allows an organization to understand the current state of its program, identify potential gaps and risks and, ultimately, implement and operationalize an effective framework. At a minimum, risk assessments should evaluate:
- Application Security. Are your applications protected from outside threats?
- Data Protection. Do you know where your sensitive data is stored and how it is protected?
- Identity and Access Management. How well do you control who accesses your systems and data?
- Infrastructure Management. How well is your network protected?
- Event Management. Do you know what to do if there is a cyber breach?
- Vendor Management. What are the security practices of third-party vendors who have access to your systems and data?
- How aware is the employee population about their cyber responsibilities?
Respond and Contain
Having a plan to respond and contain a breach is a critical step in the breach preparation process. A well-planned response will provide explicit guidance for response resources, reduce emotional conflicts in tense breach situations and demonstrate to clients, donors and volunteers that organizations are in control of the situation and are concerned about protecting personal information.
Consider the following key data breach response-and-contain plan elements:
- Stay calm. The steps in dealing with a data breach are mostly common sense. A well-crafted data breach response plan helps avoid reckless decision-making.
- Assembling a team. Choose an organization spokesperson in advance such as the general counsel, chief executive officer or another senior leader. Identifying and training backup resources for each role is essential as well.
- Understanding of the law. Organizations are sometimes unaware that their public statements, including media appearances and communication with clients, donors and volunteers, may be admissible in court if a lawsuit is filed. Consulting with a privacy attorney and media relations expert can guide language and strategy while also helping to address regulatory and fiduciary responsibilities.
- Keep the risk within the organization. Organizations that have been breached can, in turn, unintentionally compromise other organizations by transmitting infected files or malware links. To prevent this, organizations should choose to spend resources and time to fully evaluate the risk and determine measures to reduce it. Measures to reduce risk may include soliciting the expertise of cybersecurity experts that can evaluate and address current and future risk levels for the organization.
- Deploying a cyber forensic team. A cyber forensic team will analyze the data breach and determine how the organization was breached, what areas of the enterprise were affected and what information may have been compromised. They can further investigate if the data breach was initiated by an insider, either unknowingly or by nefarious means.
- Involve legal counsel. Either internal or external counsel should be engaged for legal guidance and to maintain privilege through the breach response process. Assume that clients, donors, volunteers or other third parties may take legal action against the organization related to the data breach.
- For data breaches that require notification, a communications plan should include call center guidelines and training. The training might include the tone and message for responding to calls and how any frequently asked questions will be scripted. There will likely be additional notification obligations to regulators or other authorities where counsel and data privacy subject matter experts should be consulted.
- Communicate on all available channels. Use the organization’s corporate social media channels to frame the story rather than waiting for it to unfold in the media. The media may misinterpret or embellish facts, where the organization can control the narrative. Additionally, organizations should use plain language for these communications rather than potentially confusing technical and legal terminology to express what remediation efforts are being conducted to protect their information.
- Employee communications. Communicate with employees so they are aware of the data breach before they hear about it in the media. With knowledge of the breach, employees, with the appropriate approvals, can provide informed communications to their business contacts.
- Transfer risk to another entity. This is primarily done through obtaining insurance coverage that specifically addresses the impacts of a data breach. An insurance broker specializing in cyber risk, along with the expertise of forensic accounting and claims consultants experienced in measuring losses, is essential. Keep in mind that communications with insurance agencies do not typically fall under privilege. (See the Spring 2021 Issue of the Nonprofit Standard for an article on cybersecurity insurance.)
Even though customers and individuals are increasingly aware that organizations are at risk for data breach, a breach can be a real test of resiliency. Organizations must plan for a breach and be clear and transparent to clients, donors, volunteers and other third parties about what the organization is doing to protect data. Organizations who meet the crisis head on may even be able to emerge stronger, with a closer connection to their constituencies.
Stay tuned for a discussion of the Series Two topics.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2021). Copyright © 2021 BDO USA, LLP. All rights reserved. www.bdo.com
By Matthew Cromwell, CPA
We find ourselves years into the implementation of Title 2 Code of Federal Regulations (CFR) 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). However, a few recurring matters continue to arise that lead to audit findings.
This article will discuss the following areas where we still see findings:
- Subrecipient monitoring
- Period of performance
Three areas where we see challenges on subrecipient monitoring are:
Vendor versus subrecipient analysis
In many instances, this line can be blurred depending on facts and circumstances. Depending on the final determination, different compliance requirements apply to vendors and subrecipients. CFR §200.331 considerations should be clearly documented for each entity engaged. Documentation of this analysis and the final determination should be retained by the organization.
CFR 200.332(b), Requirements for pass-through entities, state that an entity evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward. The pre-award assessment is designed to determine what level of monitoring is required once the subaward is granted as well as determining risk level to the granting organization. Decisions made here determine if the subrecipient is awarded funds in advance or on a cost reimbursement basis, how often program and financial reports are required, or how many site visits or other monitoring actions are required. A granting organization cannot use a blanket pre-award assessment based on the expected amount of grant funding. To be clear, a $20,000 subaward will not receive the same significant level of assessment as a $1 million subaward. For example, grants to subrecipients of less than $20,000 cannot all be labeled as “low risk” just because of a dollar threshold. Risk assessments need to consider such factors as whether:
- Work is being completed in a high risk location
- First time working as a subgrantee for the organization
- Strong financial controls (and how assessed)
These decisions are all based on the pre-award assessment and certainly it is not a one-size-fits all analysis.
Just as the word implies, the purpose is to monitor subrecipients but entities must also determine if monitoring is uncovering issues (audit findings, lack of financial wherewithal, programmatic departures, etc.). Entities who make subawards need to ensure their monitoring process also ensures subrecipients are addressing and correcting issues identified. Oftentimes, as auditors, we see a file full of single audit reports or financial reports submitted by subrecipients, but nothing has been documented as to the review of these documents. Pass-through entities need to review these items to determine:
- What was done by subrecipients—were audit findings corrected?
- Were the financial reports with missing receipts or approvals addressed?
Especially in this COVID environment where in-person monitoring site visits have been rare, the threat of issues is especially high, so take a moment to revisit how you are monitoring from afar and considering reports, calls and other factors that just don’t “feel right.”
Equipment requirements were one of the Uniform Guidance areas where there was little change from prior requirements. However, CFR §200.313, Equipment continues to be a challenge for many organizations. A few points or a “check the box” if you will:
- Property records must be maintained. These should include description, serial number and source of funding for each piece of equipment purchased with federal funds.
- An inventory and reconciliation of each piece of equipment is required, at a minimum, every two years. The Office of Management and Budget (OMB) did not issue any waivers for this requirement even during COVID. Advance approval would have had to be obtained from the federal awarding agency regarding the inability to perform physical inventory counts as required.
- Property is to be kept in suitable working order and maintenance performed. For entities working in remote and/or difficult operating environments, repair/operating costs should be adequately budgeted.
- And finally doing away with a “myth” that some organizations have in regard to equipment compliance testing. We get this question many times a year: If your current year federal expenditures do not include “material” equipment purchases in the current period under audit, the auditor doesn’t need to test, right? That is false. If you continue to hold property purchased with federal funds, and it has not yet been disposed, the auditor is still required to test various provisions such as 1) inventory is performed at least biannually; and 2) any disposals, if material, have been disposed in accordance with 200.313 – Equipment e) Disposition.
Period of Performance
An area we have seen regulators focusing on is the use of funds pre-award and costs incurred post award (often referred to as trailing or project closure costs). What is most likely the shortest compliance requirement in the OMB Compliance Supplement (it is literally one paragraph) is often one of the most difficult for organizations to comply with: how to fit all the costs into the actual grant agreement term, more commonly referred to as the “period of performance.” It takes significant coordination between all facets of an organization, the program team, the subgrant team and the administrative team to ensure all costs are incurred, including subgrantee costs, and reported correctly. Regulators have continued to raise points of emphasis and findings when identifying costs that occurred after the grant agreement term ends. Yes, they may provide no-cost extensions (see §200.308) for final report submissions. But the regulators have been clear, this does not allow for additional costs to be incurred, contrary to what was for many years seemingly a readily accepted industry practice.
In addition, the recent revisions to the Uniform Guidance have updated the definition of “period of performance” to be “the total estimated time interval between the start of an initial federal award and the planned end date, which may include one or more funded portions, or budget periods.” This change is effective for all contracts entered into after Nov. 30, 2020. Entities should stay tuned to see if OMB updates the period of performance audit objectives/procedures in the 2021 OMB Compliance Supplement.
SINGLE AUDIT SUBMISSION EXTENSION
The Office of Management and Budget (OMB) issued Memo M-20-21 (Memo) that instructs federal awarding agencies to allow recipients and subrecipients that have not yet filed their single audits with the Federal Audit Clearinghouse (FAC) as of Mar. 19, 2021 (the date of the Memo) with fiscal year ends through June 30, 2021, an extension to delay the completion and submission of their single audit reporting package for up to six months beyond the normal due date.
No action is needed by federal awarding agencies to enact this extension. Recipients and subrecipients do not need to obtain approval to utilize this extension. However, as with past extensions, recipients and subrecipients need to maintain documentation of the reason for the delayed filing.
Recipients and subrecipients who take advantage of this extension would still qualify as a “low-risk auditee” for their next year’s audit.
It is important to note that this new 6-month extension is longer than the 3-month extension included in the OMB Compliance Supplement Addendum (Addendum). In addition, this extension applies to all single audits. The prior extension noted in the Addendum was only available to those who received COVID-19 funds.
OMB Compliance Supplement Addendum
OMB issued the long awaited Addendum to the Compliance Supplement on Dec. 22, 2020. The Addendum includes information on certain COVID-19 stimulus funds including the Provider Relief Fund, Coronavirus Relief Fund and the Education Stabilization Fund.
FASB Approves Goodwill Alternative for Nonprofits
On Mar. 30, 2021 the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) 2021-03, Intangibles – Goodwill and Other (Topic 350) Accounting Alternatives for Evaluating Triggering Events. This ASU makes a change to the accounting rules for nonprofits and private businesses that will help reduce the costs and complexity for accounting for goodwill.
Goodwill is often recorded when one entity purchases another entity for more than the value of the existing physical assets. Under the current accounting rules, entities must monitor and evaluate whether what is known as a triggering event may have occurred that could result in the value of the goodwill recorded being impaired.
Issues around identifying triggering events has become more apparent during the pandemic because of ongoing economic uncertainty.
For the majority of nonprofits and private companies this analysis is likely only performed annually at the date that the financial statements are prepared. The current accounting guidance that requires the assessment of a potential impairment as of the interim date creates difficulties for these entities.
This ASU will permit all nonprofits and private companies to utilize the option to perform the identification and evaluation of a triggering event for goodwill impairment as required by Accounting Standards Codification (ASC) 350-20 to be completed at either the end of a quarterly or annual period in line with their standard reporting periods. An entity that elects this alternative would not be required to monitor the goodwill impairment triggering event in interim periods but would instead evaluate the facts and circumstances as of year-end to determine whether it is more likely than not that goodwill is impaired.
The ASU is effective on a prospective basis for annual reporting periods beginning after Dec. 15, 2019. Early adoption is permitted for financial statements that have not yet been issued or made available for issuance.
This ASU is separate from a larger goodwill project that the FASB is working on, in which it is considering a requirement that entities write down a set portion of goodwill each year, instead of testing for potential impairment annually.
FASB REMOVAL OF CONSOLIDATION OF A NOT-FOR-PROFIT ENTITY BY A FOR-PROFIT SPONSOR FROM TECHNICAL AGENDA
The FASB (the Board) decided to remove the project related to consolidation of a not-for-profit entity by a for-profit sponsor from its technical agenda. The Board’s research determined that this situation is not sufficiently pervasive to amend generally accepted accounting principles. The project was initially added to the agenda because based on initial research it was noted that there was diversity in practice and that for-profit sponsors predominantly do not consolidate sponsored not-for-profits in their financial statements.
Updates to IRS Mandatory E-filing Requirements for 2021
The IRS provided an update to mandatory e-filing requirements for 2021 in its Exempt Organizations (EO) Update. The updates noted are as follows:
- Tax year 2020 Forms 990-T and 4720 are being revised and will be available for e-filing in 2021.
- Transitional relief is available for Form 990-EZ for tax years ending before July 31, 2021.
- Forms 990 and 990-PF or tax years ending on and after July 31, 2020 must be filed electronically.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2021). Copyright © 2021 BDO USA, LLP. All rights reserved. www.bdo.com
By Mark Millard
It’s 8 a.m. on Monday. You open the doors to the office, preoccupied with tasks for the week: grant applications that need review, donor phone calls to make, staff disagreements to manage, current program execution and strategy for the future. As you settle into your desk and turn on your computer, the startup screen displays a simple message: “Pay 100 Bitcoin to 123 account number in the next 12 hours or lose all of your data.” Panic sets in, your mind races, all thoughts from two minutes ago have disappeared. What do you do next?
These days, this type of scenario is all too common. Some make headlines, but most don’t and are dealt with quietly and quickly. The challenge with many nonprofits is they reside in a place of reaction when it comes to IT infrastructure, security and crisis management. Many nonprofits walk the tightrope of pressure to reduce administrative expenditures and improve programmatic spending. Often, donors look at operating percentages when choosing where they will make their gifts. This challenge creates difficulties in determining how much to spend on IT infrastructure and cybersecurity.
The exposure to cyber intrusion for a nonprofit is often not adequately understood and, as such, marginalized by thinking that because we do work for the “greater good,” the entity won’t be a target. Unfortunately, cybercrime focuses on the ease and reward of opportunity, thus making many nonprofits a perfect target. (See further discussion in the article on page 13.)
Before COVID, it was typical to find remote access driven by individual employees trying to find solutions to the work challenges and not organizationally driven by strategy. COVID and the exodus to a remote work environment have only exacerbated the issue. Many organizations have strung together technology solutions to meet the need for remote work. This rush to operationalize has been fraught with missteps and increased the risk for intrusion.
So what do you do with finite administrative dollars to spend? Do you spend the dollars on IT security and testing, training employees on proper cyber hygiene (e.g., “Don’t click on that link”), crisis management and business continuity planning, or insurance? The answer is all of the above, while strategically prioritizing where you can’t have everything on the shelf. Depending on your organization’s IT security maturity, the quickest and most reliable risk mitigation you can take will be insurance. When adequately structured, it will be your most crucial risk mitigation effort.
Cyber insurance has been one of the fastest-growing and evolving products in the insurance market during the past decade. News of the mega-breaches that readily come to everyone’s mind has driven this growth with many organizations recognizing the tremendous exposure to liability and business interruption resulting from a cyber intrusion. And what have we learned about cyber intrusions through the countless breaches we’ve read about over the years? They have many sources, are ever-evolving, impact organizations in different and unique ways and are challenging to stop, making a case for spending dollars on a cyber insurance policy that much more significant.
The problem we find with many organizations is their insurance approach and, more specifically, cyber insurance approach. Insurance is often a check the box mindset. Buy it once a year, pay a premium, receive an insurance policy and promptly place it in the drawer. This approach is always problematic, but less so for certain insurance types than others such as auto or workers’ compensation insurance policies. Cyber insurance is the exact opposite of these aforementioned policies where there are standard forms and definitions and decades of claims experience providing a guide to what is and is not insured. Cyber insurance is the new kid on the block that everyone is still figuring out.
The cyber insurance marketplace is a highly fractured space that lacks a standard definition set and coverage provisions. There are over 100 insurance companies that underwrite the product with common coverages but little standardization.
For cyber insurance, most start with a basic coverage form. However, that form’s value will depend on how well you understand your unique risk and negotiate the insurance policy’s appropriate coverage. We’ve encountered many clients who purchased cyber insurance, put it in the drawer, checked the box and moved on with their lives. Then the claim showed up. Surprise, coverage denied. The conversation from there is typical: “Denied?!? I bought insurance for this.” Yes, but you didn’t buy the right insurance. You didn’t understand your unique type and amount of risk, leading to the coverage gap. So what steps can you take to avoid this dreadful scenario and not spend precious funds doing so? Start by looking at the risk.
Broadly speaking, we bucket cyber risk into two categories; first-party and third-party losses. Or, in other words, damage to your organization’s property and ability to conduct business (first party), and injuries to others due to your negligence (third-party). When determining the type of cyber insurance needed, we begin with risk management 101, identify the risk.
Risk can originate from an insider, whether intentionally or not, criminal hackers, hacktivists or third-party compromise. To understand your threat areas, start with a simple whiteboarding session with the key stakeholders in your organization—CEO, chief financial officer, Operations lead, IT, HR and others, and play through a few what-if scenarios to determine what would happen and the resulting operational and financial impact. Areas to focus on can include:
- Computer system damage and loss
- Data loss
- Business shutdown
- Fines and penalties
- Liability associated with data loss
- Reputational damage
- Theft of funds
It is essential to understand where these risks can stem from as insurance policies will have exclusions that limit coverage due to cause. For instance, an insurance policy might require that you provide all IT vendors’ names that offer your organization services. The simple error of omitting one vendor can void coverage should the loss result from their services. Next, you will want to assign value to your risk areas to determine exposure to one or multiple impacts. Consider:
- The cost to replace your computer systems if required due to system bricking (damaged beyond repair, making the device unusable) for the first-party loss.
- Would you need to spend money to recreate data?
- Would you be subject to a business interruption where revenue generation would be reduced or ceased?
- Would you incur extra expenses to have temporary fixes or accelerate your recovery?
- How many personally identifiable information (PII) or protected health information (PHI) records do you maintain and what is the potential liability for losing these records?
As more and more entities are moving data to cloud storage, do not believe that this relieves you of liability exposure. In these instances, assessing risk transfer and protection through your contractual agreements will be important in addition to the protections you might take with insurance. Once you’ve built an understanding of individual risks and their value, you are ready to consider the type and amount of insurance to purchase.
Here is the good news. Cyber insurance options are plentiful, with broad coverage and reasonable prices compared to its early years. Obtaining a base cyber insurance policy for $1 million in limits can often be done for minimal cost. When purchasing cyber insurance, it will be critical to have a partner who understands the insurance coverage—further making this point. A recent advertisement from an insurer for NFP cyber insurance provided a listing of the policy coverages: Privacy Liability for release of PII or other corporate confidential data, network security liability, media liability and breach response costs. At first glance, this might look great. The policy will cover the third-party liability aspects. Also, it has coverage for breach response costs, which we will explore in a moment. But what is missing? There is limited first-party coverage and no coverage for system damage resulting from the breach. Given the check-the-box insurance approach discussed earlier, these insurance policies’ deficiencies often go unnoticed until a claim arises.
So what should you look out for in a well-structured cyber insurance policy?
- Privacy liability – coverage for damages associated with the release of personal information
- Network security liability – coverage for failure to prevent an attack against your network
- Media liability – coverage for liability associated with content you create and distribute
- Breach response costs – coverage for direct costs associated with a breach (This can include credit monitoring, forensic and remediation services, and public relations costs.)
- Property damage directly resulting from the breach – coverage for replacement and repair of systems damaged from the breach
- Income loss, extra expense and dependent business income– coverage that protects against lost revenue due to a service disruption or network outage
- Data recovery – coverage for costs associated with recreating data lost or stolen
- Extortion – coverage for payment for a demand placed by the cybercriminal
- System failure – coverage for unintentional outage resulting from an error
- Regulatory fines and penalties – coverage for payment of fines assessed by a governing body associated with a breach
In addition to these coverages, cyber insurance policies have evolved to provide liquidity relief and a service tool with crisis management, breach response and even some systems diagnostic services. Many cyber insurance policies offer a specific panel of specialists on call and available for the insured’s use in a breach. For the nonprofit community, these additional services can be worth as much as the insurance policy’s liquidity relief.
So as you look to spend your finite administrative dollars, a key part of your cyber risk mitigation strategy should focus on the purchase of a cyber insurance policy. When properly structured, it is the one protection you can count on when all other security measures put in place fail.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2021). Copyright © 2021 BDO USA, LLP. All rights reserved. www.bdo.com
By Amy Guerra, CPA
New aid provided by federal agencies in response to the COVID-19 pandemic can impact the presentation of your organization’s Schedule of Expenditures of Federal Awards (SEFA), Notes to the SEFA, and Federal Audit Clearinghouse Data Collection Form (DCF). As you prepare for your audit, it is important to understand the funding you received and identify the COVID-19 related funds separately on the SEFA provided to the auditors to support an effective audit.
Various federal programs provided new aid in response to the COVID-19 pandemic. Certain funds are subject to single audit, which requires recipients to prepare an SEFA. Federal agencies may have incorporated COVID-19 funding into an existing program and CFDA number or established a new COVID-19 program with a unique CFDA number. Federal agencies are required to specifically identify COVID-19 awards, regardless of whether the funding was incorporated into an existing program or a new program.
If an entity receives COVID-19 funds and makes subawards, the information furnished to the subrecipients should distinguish the subawards of incremental COVID-19 funds from non-COVID-19 subawards existing under the program.
All COVID-19 funding is required to be identified as such per Appendix VII of the OMB 2020 Compliance Supplement (Supplement). To maximize the transparency and accountability of COVID-19 related award expenditures, non-federal entities should separately identify COVID-19 expenditures on the SEFA by presenting this funding on a separate line by CFDA number with “COVID-19” as a prefix to the program name. The following is an example of such presentation based on the OMB 2020 Compliance Supplement Appendix VII.
In addition to separately identifying COVID-19 expenditures on the SEFA, there are new disclosures related to COVID-19 assistance that needs to be incorporated in the notes to the SEFA. Federal sources may have donated personal protective equipment (PPE) to an organization for the COVID-19 response. Nonfederal entities that received this donated PPE should provide the fair market value at the time of receipt as a stand-alone footnote accompanying their SEFA. As the donated PPE does not impact the single audit, the stand-alone footnote may be marked as “unaudited.” PPE that is purchased using federal funds provided to the entity should be reported as federal expenditures.
The amount of donated PPE should not be counted for purposes of assessing whether your organization is over the $750,000 threshold of federal expenditures used to determine if a single audit is required. Donated PPE would also not count toward the Type A and Type B threshold for major program determination.
If a nonprofit organization is subject to single audit, it also requires a DCF submission to the Federal Audit Clearinghouse. At this time the instructions to the DCF have not been amended but entities should follow the OMB Compliance Supplement guidance to show the COVID-19 programs separately. The OMB Compliance Supplement recommends that the COVID funds should be entered on a separate row by CFDA number with “COVID-19” in the “Additional Award Identification” column. See example below:
As you prepare your internal SEFA be sure to follow this guidance.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Spring 2021). Copyright © 2021 BDO USA, LLP. All rights reserved. www.bdo.com
By Marc Berger, CPA, JD, LLM
On Dec. 2, 2020 the U.S. Treasury and IRS published final regulations under Internal Revenue Code (IRC or Code) Section 512(a)(6), the provision requiring tax-exempt organizations with more than one unrelated trade or business to calculate unrelated business taxable income (UBTI) separately with respect to each trade or business. The provision, which was added to the Code by the 2017 tax law often referred to as the Tax Cuts and Jobs Act (TCJA), is known as the UBI “Silo” provision. The final regulations provide guidance on how an exempt organization determines if it has more than one unrelated trade or business and, if so, how the organization calculates UBTI under Section 512(a)(6).
The final regulations generally follow the approach taken in the proposed regulations (issued in April 2020), while making a few modifications based on comments received from tax-exempt organizations and practitioners.
Identifying Separate Unrelated Trades or Businesses
Similar to the proposed regulations, most unrelated business activities must be classified using the first two digits of the North American Industry Classification System (NAICS) code that most accurately describes the trade or business. The IRS considered one commenter’s view that the NAICS 2-digit codes be used as a safe harbor and that a facts and circumstances test be applied as the primary method of identifying separate unrelated trades or businesses. In rejecting that suggested change the IRS noted that adopting a facts and circumstances test would offer exempt organizations less certainty and likely result in inconsistency among exempt organizations conducting more than one unrelated trade or business because of differing approaches exempt organizations would take in applying such a test. It further stated that a facts and circumstances test would increase the administrative burden on the IRS which, upon examination, must perform the same fact-intensive analysis on each of the unrelated trades or businesses identified by the exempt organization.
In clarifying how an exempt organization should choose an NAICS 2-digit code, the IRS reiterated that the choice of the code must focus on the separate unrelated trade or business activity engaged in, and not the NAICS 2-digit code that describes the activities the conduct of which are substantially related to the exercise or performance of the organization’s exempt purpose or function. For example, a college or university exempt under Section 501(c)(3) cannot use the NAICS 2-digit code for educational services to identify all of its separate unrelated trades or businesses.
One area that the final regulations differed from the proposed regulations concerns the ability to change an NAICS 2-digit code once it has been selected and reported on Form 990-T. The proposed regulations generally provided that, once an organization has identified a separate unrelated trade or business using a particular NAICS 2-digit code, the organization cannot change the NAICS 2-digit code describing that separate unrelated trade or business unless two requirements are met. First, the exempt organization must show that the NAICS 2-digit code chosen was due to an unintentional error. Second, the exempt organization must show that another NAICS 2-digit code more accurately describes the unrelated trade or business. In response to numerous comments on this issue, the final regulations remove the restriction requirements for changing NAICS 2-digit code(s). Instead, the final regulations require an exempt organization that changes the identification of a separate unrelated trade or business to report the change in the taxable year of the change in accordance with forms and instructions. To report the change, the final regulations require an organization to provide certain information with respect to each separate unrelated trade or business the identification of which changes: (1) the identification of the separate unrelated trade or business in the previous taxable year, (2) the identification of the separate unrelated trade or business in the current taxable year, and (3) the reason for the change. The IRS anticipates that the instructions to the Form 990‑T will be revised to provide instructions regarding where and how changes in identification are reported.
Activities Deemed Separate Trades or Businesses
As provided under the proposed regulations, certain activities are treated as separate trades or businesses under the final regulations.
The proposed regulations provided an exclusive list of an exempt organization’s investment activities that may be treated as a separate unrelated trade or business for purposes of section 512(a)(6). Under the proposed regulations, for most exempt organizations, such investment activities are limited to: (i) qualifying partnership interests; (ii) qualifying S corporation interests; and (iii) debt-financed properties. Although commenters recommended modifications to the rules regarding the individual items included in this list, no commenters objected to the treatment of these items as investment activities. The final regulations adopt this list of investment activities without change.
Similar to the proposed regulations, the final regulations permit the aggregation of qualifying partnership interests (QPIs) into one separate unrelated trade or business in order to reduce the administrative burden of obtaining information from the partnership regarding its underlying trade or business activities where its percentage interest level indicates that the exempt organization does not significantly participate in the partnership. QPIs are generally defined as partnership interests that meet one of two tests: (1) A de minimis test, which the exempt organization satisfies if it holds directly or indirectly no more than 2% of the profits interest and no more than 2% of the capital interest of the partnership; or (2) A participation test (formerly known as the “control test” under the proposed regulations), which the exempt organization satisfies if it holds directly or indirectly no more than 20% of the capital interest and does not “significantly participate in” (formerly “control”) the partnership.
As modified by the final regulations, an exempt organization significantly participates in a partnership if:
- The exempt organization, by itself, may require the partnership to perform, or prevent the partnership from performing (other than through a unanimous voting requirement or through minority consent rights), any act that significantly affects the operations of the partnership;
- Any of the exempt organization’s officers, directors, trustees, or employees have rights to participate in the management of the partnership at any time;
- Any of the organization’s officers, directors, trustees, or employees have rights to conduct the partnership’s business at any time; or
- The organization, by itself, has the power to appoint or remove any of the partnership’s officers or employees or a majority of directors.
Similar to the proposed regulations, the final regulations require the interests of certain supporting organizations and controlled entities to be combined with those of the of the exempt organization in determining whether the organization’s interest crosses the participation test’s 20% threshold. One difference, however, is that the final regulations do not require an organization to combine the interests of a Type III supporting organization unless that supporting organization is the organization’s parent.
In making the determination whether an exempt organization’s interest in a partnership meets one of the two tests to be a QPI, the final regulations follow the rule in the proposed regulations that an exempt organization’s percentage interest is determined by averaging the organization’s percentage interest at the beginning of the partnership’s tax year with its percentage interest at the end of that same partnership tax year. The final regulations, however, now provide a grace period when a change in an organization’s percentage interest is due entirely to the actions of other partners. The grace period permits a partnership interest that fails to meet the requirements of either test because of an increase in the current year’s percentage interest may be treated as meeting the requirements of the de minimis test or the participation test that it met in the prior year for the taxable year of the change if: (1) the partnership interest met the requirements of the de minimis test or the participation test in the organization’s prior taxable year without application of the grace period; (2) the increase in percentage interest is due to the actions of one or more partners other than the exempt organization; and (3) in the case where a partnership interest met the participation test in the prior taxable year, the interest of the partner or partners that caused the increase in the current year was not one that was combined with the exempt organization’s interest as described in the preceding paragraph in either the prior or current year.
With respect to qualifying S corporation interests (QSIs), the final regulations clarify that the exempt organization can rely on the Schedule K-1 (Form 1120-S) that it received from the S corporation if the form lists information sufficient to determine the organization’s percentage of stock ownership for the year. For example, a Schedule K-1 that reports “zero” as the organization’s percentage interest in the S corporation is not sufficient to determine the organization’s percentage of stock ownership for the year. The IRS is considering whether revision of Schedule K-1 is needed to provide the information necessary to determine whether an S corporation interest is a QSI.
With respect to debt-financed income, several commenters suggested that this income should be reportable using an NAICS 2-digit code instead of as an investment activity. The final regulations rejected this suggestion and adopted the proposed regulations treatment as a separate investment activity.
Finally, the transition rule included in both IRS Notice 2018-67 and the proposed regulations, which permitted an organization to treat any partnership interest acquired prior to Aug. 21, 2018 as a single trade or business activity, will lapse as of the first day of the organization’s taxable year following the issuance of final regulations. Despite receiving several comments asking the Treasury Department and the IRS to adopt the transition rule as a grandfather rule, it was not so adopted in the final regulations.
Payments from Controlled Entities
Similar to the proposed regulations, all “specified payments” (i.e., interest, rents, royalties and annuity payments per Code Sec. 512(b)(13)) received by a controlling tax-exempt organization from an entity it controls (i.e., more than 50 percent controlled by the organization) are treated as gross income from a separate unrelated trade or business. Moreover, if a controlling organization receives specified payments from two different controlled entities, the payments from each controlled entity would be treated as a separate unrelated trade or business.
Certain Amounts from Controlled Foreign Corporations (CFCs)
Similar to the proposed regulations, amounts included in UBTI under Section 512(b)(17) are treated as income derived from a single separate unrelated trade or business.
Other Items of Note
Allocation of Expenses – Pending the publication of further guidance in a separate notice of proposed rulemaking, the final regulations continue to provide that an exempt organization with more than one unrelated trade or business must allocate deductions between separate unrelated trades or businesses using the reasonable basis standard described in Treas. Reg. Section 1.512(a)-1(c).
Net Operating Losses (NOLs) – Under Section 512(a)(6), NOLs arising in a tax year beginning before Jan. 1, 2018 (“pre‑2018 NOLs”) may be taken against aggregate or total UBTI, while NOLs arising in a tax year beginning after Dec. 31, 2017 (“post‑2017 NOLs”) may only be taken against UBTI from the same trade or business from which the post-2017 NOL arose. The final regulations require an organization with both pre-2018 NOLs and post-2017 NOLs to first deduct its pre-2018 NOLs from its total UBTI before deducting any post-2017 NOLs from the UBTI of the separate trade or business that gave rise to the NOL. The final regulations further provide that if a trade or business is terminated, sold, exchanged or disposed of, any NOLs remaining after offsetting any gain on the sale or disposition are suspended. Suspended NOLs may only be used if the previous business is later resumed or if a new business using the same NAICS 2-digit code is commenced or acquired. For this purpose, a business is considered “terminated” if the appropriate identification of the business changes from one NAICS code to a different NAICS code.
Charitable Contributions – Under Section 512(b)(10), tax-exempt corporations can take charitable contribution deductions under Section 170 up to 10% of UBTI (tax-exempt trusts look to Section 512(b)(11) for its percentage limitations). The final regulations provide that in applying these percentage limitations, exempt organizations would use total UBTI computed pursuant to Section 512(a)(6) and would not allocate the charitable contribution deduction among silos.
Public Support Tests – The final regulations address the fact that the calculation of public support on Form 990, Schedule A could be negatively impacted by the treatment of UBTI under the new silo rules. To address this issue, the final regulations allow exempt organizations to calculate public support tests using either UBTI as computed under Section 512(a)(6) or UBI calculated in the aggregate, whichever is least administratively burdensome or provides the highest ratio for the organization.
Subpart F and Global Intangible Low-Taxed Income – Similar to the proposed regulations, the final regulations clarify that inclusions of Subpart F income under Section 951(a)(1)(A) and global intangible low-taxed income (GILTI) under Section 951A(a) are treated in the same manner as dividends for purposes of Section 512(b)(1).
The final regulations are applicable to tax years beginning on or after Dec. 2, 2020 (date of publication in the Federal Register). For virtually all exempt organizations this means their 2021 tax years. Organizations should consult with their tax advisors to ensure the identification of any and all of their separate unrelated trades or businesses, especially those organizations with significant investment activities.
By Lee Klumpp, CPA, CGMA
In 2016, the Financial Accounting Standards Board (FASB) updated its lease accounting rules (ASC 842) and closed a diversity in practice in the previous standard. The major change is that organizations must now include lease assets and liabilities on their balance sheets. The upshot is that despite a recently granted extension that applies to private companies and nonprofits, the task of becoming compliant is urgent and challenging. Impacted nonprofits don’t have a moment to spare.
Under the previous standards, operating leases were off-balance sheet. That essentially allowed companies to omit certain lease assets and liabilities from their balance sheets, potentially skewing their debt-to-equity ratio. In 2016, the International Accounting Standards Board estimated that public companies using either the International Financial Reporting Standards or accounting principles generally accepted in the United States of America (U.S. GAAP) had around $3.3 trillion of lease commitments, 85% of which were not recorded on their balance sheets. This, of course, makes it difficult for shareholders (stakeholders), investors and lenders to get a true sense of an organization’s financial health. Under the previous ASC 840 standard, operating leases were only required to be disclosed in the footnotes of the financial statements. Under ASC 842, the only leases that may be omitted from financial statements are short-term leases with an original term of fewer than 12 months. ASC 842 increases transparency and comparability among organizations that enter into lease agreements and provides a clearer picture of an organization’s liabilities related to leasing obligations. ASC 842 also includes extensive disclosures intended to enable users of financial statements to understand the amount, timing and judgment related to an entity’s accounting for leases and the related cash flows as well as disclosure of both qualitative and quantitative information about leases.
But what it also does is implement a one-size-fits-all accounting standard that significantly increases the reporting burden on smaller, nonpublic companies, including nonprofits. Implementation will involve significant challenges and require major investments in time, money and other resources. Fortunately at its Oct. 16, 2019 meeting, FASB affirmed its decisions on two proposed Accounting Standards Updates (ASUs) – one of which extended the implementation deadline for the new standards on leases that were not yet effective for private companies and nonprofits to the first fiscal year after Dec. 15, 2020, instead of Dec. 15, 2019, as originally mandated.
Subsequently, in June 2020 the FASB decided to provide near-term relief for the adoption of the leasing standards based on feedback from stakeholders regarding challenges with the adoption as a result of the current business and capital disruptions caused by the coronavirus (COVID-19) pandemic. As a result, the FASB issued ASU 2020-05 which provides an additional one-year deferral of the effective date of the leasing standards. As a result, the leasing standards will now be effective for private companies and private nonprofits for fiscal years beginning after Dec. 15, 2021. Public nonprofits who had not issued their statements as of June 3, 2020, can also opt to defer adoption until fiscal years beginning after Dec. 15, 2019. This is an elective deferral so entities can still choose early adoption if they wish.
This is good news for nonprofits, which now have extra time to implement these changes. However, it should also serve as a wake-up call, as many organizations weren’t even aware of the change and the need to become compliant. Even within this updated timeline, ensuring compliance will be a significant effort.
Nonprofits face multiple significant implementation challenges such as:
- The number of business arrangements that were previously not identified as leases may now be identified as meeting the definition of a lease or embedded lease
- Existing systems and processes may need to be modified or enhanced in order to provide information necessary to address the new reporting and disclosure requirements
- Multiple departments across the organization will be affected by this standard, including information technology (IT), tax, legal, treasury, and financial planning and analysis, among others
- Ongoing efforts to remain compliant might be more significant than the initial implementation effort
It’s clear that complying with ASC 842 is a time-consuming process. Organizations should develop an implementation timeline keeping several factors top of mind, including existing lease commitments, data governance maturity and cross-function coordination needs.
To get started, organizations should first learn one of the key lessons from public companies that have already gone through this process: The standard requires the collection of significant data from every lease and business arrangement that could contain an embedded lease that exists on, or will exist after, the effective date. Analyzing leases and business arrangements to identify and extract those details for inclusion in the organization’s financial reports requires substantial time and resources. It is crucial to identify the full population of leases upon adoption of ASC 842.
Nonprofits should also consider adopting the following best practices:
Solicit the involvement of the entire organization: Although the implementation of ASC 842 is primarily the responsibility of the organization’s accounting department, successful implementation requires support from across the entity, especially when an organization has a large real estate portfolio or embedded leases. This may mean seeking assistance from IT, legal or procurement departments. Soliciting executive sponsorship to champion implementation will also help to streamline the process.
Use technology to your advantage: Under the stress of deadlines, the compilation of lease terms and data can be daunting, especially within larger nonprofits where leases may exist across departments – and possibly internationally if the organization has international operations. For organizations that have developed a robust data governance program or specific procedures to collect and manage enterprise data, implementation should be considerably easier. However, for the many organizations that have yet to build out these structures, there are off-the-shelf and purpose-built technology solutions that can help standardize and aggregate the information.
Keep an open line of communication: Organizations that maintain a large physical footprint are impacted the most. They should factor in extra time for both implementation and keeping stakeholders informed. Unexpected roadblocks, such as a delay in receiving necessary data from external sources, should also be accounted for in the timeline. Benchmarking the organization’s progress on implementation against its timeline throughout the process is paramount in keeping on task and meeting goals.
The bottom line is that even with the extension, it will take a concerted effort to become compliant in time. Nonprofits need to start the implementation process now.
Adapted from article in the Nonprofit Standard blog.
By Jibran Hussain, Andrew Tobel, J.D., CIPP/US, and Derrick King, CIPP/US
In this highly interconnected, digitized global economy, cross-border data flows are imperative in maintaining and enhancing strong ties between countries. On July 16, 2020, a pivotal component of European Union (EU)–United States (U.S.) data transfers, the EU-US Privacy Shield Framework (Privacy Shield), was declared invalid by the Court of Justice of the European Union (CJEU) with immediate effect. According to the CJEU, EU data transfers to the U.S. under the Privacy Shield arrangement are not safeguarded in a manner that are consistent with EU data privacy standards due to U.S. government surveillance programs.
GDPR Applicability Background
Any nonprofit that collects or processes any information relating directly or indirectly to identifiable individuals, in connection with the offer of goods and/or services or monitoring of EU residents, is subject to the General Data Protection Regulation (GDPR). This could include the collecting or processing of EU members’, benefactors’, grantees’, grantors’, or trustees’ Personal Data. Per the GDPR Personal Data are any data related to an identified or identifiable natural individual. Examples of Personal Data are first and last names, home address, Internet Protocol (IP) address, cookie identifiers and credit card numbers.
Nonprofits are not exempt from the GDPR, especially if they hold seminars or meetings in the EU, and/or monitor the online behavior of EU residents who visit their website, and/or maintain records on EU residents. Moreover, nonprofit activities that may also be in scope include the processing of Personal Data of volunteers, employees, donors, beneficiaries or fundraising activities. For example, if a U.S. nonprofit organization is aiding Yemeni refugees based in Germany – it would be required to comply with the GDPR as it is engaging in data processing activities pertaining to individuals in the EU. Lastly, the submission of grant reports to agencies or submission of accounting transactions from foreign office locations to U.S. home offices which include E.U. Personal Data may also have GDPR implications.
The CJEU’s decision is a major setback as it removes a commonly used method for transferring Personal Data from the EU to the U.S., i.e., the Privacy Shield. The Privacy Shield was administered by the Federal Trade Commission (FTC); however, 501(c)(3)s and other nonprofits, are not typically under the jurisdiction of the FTC and therefore likely could not participate in the Privacy Shield. Nonetheless, nonprofit organizations should be put on notice that transfer mechanisms are a requirement under the GDPR and subject to strict scrutiny by the courts. There are other data transfer mechanisms available should nonprofit organizations engage in EU-U.S. data transfers:
- Standard Contractual Clauses
- Binding Corporate Rules
- Adequacy Decisions
- Derogations for Specific Circumstances
- Certification Mechanism
Permissible Data Transfer Mechanisms
The GDPR permits EU data transfers to non-EU countries which are deemed by the EU Commission to provide an “adequate” level of data protection standards. However, if there is no “adequacy decision,” organizations can utilize other data transfer mechanisms such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), and Derogations for specific circumstances. Crucially, the CJEU upheld the validity of SCCs, but stated there must be supplemental measures and additional data protection safeguards in place with special attention to access by judicial and administrative authorities. In particular, SCCs should include sufficient data protection safeguard provisions when organizations engage in EU-U.S. data transfers. As a result, organizations should reassess their SCC provisions by:
- Reviewing the types of EU Personal Data subject to transfer and whether there is a risk of subpoenas by U.S. National Security agencies;
- Assessing if the transfer of EU Personal Data is necessary and, if not, reducing the scope of the data transfer;
- Including strong provisions that outline strong data retention practices (e.g., immediate deletion of EU Personal Data if no longer required);
- Implementing strong encryption to protect EU Personal Data.
Additionally, BCRs are also a permissible data transfer mechanism that require similar SCC data protection safeguard provisions but require the approval of EU supervisory authorities. While this can take several months for approval, BCRs are more flexible for organizations as they result in less administrative burden once they are implemented. However, they can be a costly and lengthy process to implement.
On the contrary, under Article 49 of the GDPR, if a nonprofit organization has exhausted the data transfer options including BCRs or SCCs, a data transfer can still take place for a limited number of data subjects under Derogations for specific circumstances:
- The data controller has assessed and provided sufficient safeguards pertaining to the protection of Personal Data of data subjects;
- The data subject has consented to the data transfer after being informed of the risks associated with the data transfer due to a no adequacy decision or sufficient data transfer safeguards;
- The data transfer is required for the performance of a contract between the data subject and the controller;
- The data transfer is required for public interest reasons;
- The data transfer is required to protect the vital interests of a data subject.
Nonprofit organizations, as the data controller, should inform the applicable data protection authority of the data transfer and subsequently inform the data subject.
Nonprofit organizations that fail to comply may risk fines by Data Protection Authorities (DPAs). As a Belgian nonprofit organization recently discovered, DPAs certainly have the appetite to punish organizations that fail to comply with data transfer requirements. The Belgian nonprofit organization was fined €1000 by the Belgian DPA, as it utilized a complainant’s Personal Data for direct marketing purposes and did not have a valid legal basis for processing the complainant’s Personal Data—which is a breach under the GDPR.
Given the CJEU’s ruling on Privacy Shield, U.S. nonprofit organizations engaging in cross-border data transfers can be under greater scrutiny by the EU Commission and will be subject to regulatory fines and reputational loss for violations. However, by bolstering or implementing the aforementioned data transfer mechanisms, nonprofit organizations will be better equipped to navigate and adapt to the evolving data privacy requirements, primarily EU data transfers.
By Tammy Ricciardella, CPA
On Sept. 17, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU), 2020-07, Presentation and Disclosures by Not-for-Profit Entities for Contributed Nonfinancial Assets. This ASU is intended to increase transparency on how contributed nonfinancial assets (also referred to as gifts-in-kind) received by nonprofits are to be used and how they are valued.
The ASU was issued to address stakeholder concerns about how nonprofit entities report contributed nonfinancial assets. Stakeholders expressed a need for additional transparency surrounding the amount of contributed nonfinancial assets and how they are used in a nonprofit’s programs and activities. Others noted the need for clarity in how these contributed nonfinancial assets were valued.
Though the update does not change the current recognition and measurement requirements in generally accepted accounting principles (GAAP), which is included in Accounting Standards Codification (ASC) 958-605, Revenue Recognition, the ASU is intended to improve current GAAP through enhancements to presentation and disclosures of contributed nonfinancial assets.
The scope of the ASU is limited to gifts of nonfinancial assets. The term nonfinancial assets includes fixed assets such as land, buildings and equipment; the use of fixed assets or utilities, materials and supplies such as food, clothing or pharmaceuticals; intangible assets; recognized contributed services; and unconditional promises of those assets. Many nonprofit organizations rely on these contributions to conduct their programs and mission-related activities.
The ASU requires that a nonprofit present contributed nonfinancial assets as a separate line item in the statement of activities apart from contributions of cash or other financial assets.
The ASU requires the following information be disclosed related to the contributed nonfinancial assets:
- The contributed nonfinancial assets recognized in the statement of activities disaggregated by categories that depict the type of contributed nonfinancial assets.
- Each category of contributed nonfinancial assets recognized as noted above should disclose the following:
- Qualitative information about whether the contributed nonfinancial assets were either monetized or utilized during the reporting period.
– If utilized, a description of the programs or other activities in which those assets were used.
- The nonprofit’s policy (if any) about monetizing rather than utilizing contributed nonfinancial assets.
- A description of any donor restrictions associated with the contributed nonfinancial assets. An example of this would be if an entity received contributed pharmaceuticals, and the donor restricted these for use outside of the United States.
- The valuation techniques and inputs used to arrive at a fair value measure in accordance with the requirements in ASC 820, Fair Value Measurements, at initial recognition.
- The principal market (or most advantageous market) used to arrive at a fair value measure if it is a market in which the recipient nonprofit is prohibited by a donor-imposed restriction from selling or using the contributed nonfinancial assets.
The amendments in the ASU should be applied on a retrospective basis and are effective for annual reporting periods beginning after June 15, 2021. Early adoption of the ASU is permitted.
Reprinted from the Nonprofit Standard blog.
By Michael Conover
“Are we paying our executives appropriately?” I am frequently asked this question by board members and these questions have become even more frequent in the current COVID-19 environment. Amidst all the uncertainty, the question seems more relevant than ever. Whether it is an organization taking its first formal look at executive pay, a new board member serving on a compensation committee or a question raised following our presentation of an annual compensation “checkup,” it is a key question that every board should be able to confidently answer. Regardless of the type of nonprofit organization, there is an expectation (and IRS regulations!) that board members must be good stewards of the organization’s assets. This is especially true regarding the most highly compensated members of management.
Board members are specifically charged with responsibility for managing the pay for top executives, but many have little to no experience with the subject. Those individuals with some compensation experience with other organizations, frequently have little to no experience directly related to the nonprofit board on which they serve. This is likely the explanation for the prevalence of “Are we paying our executives appropriately?” question.
It is a good question. And it is one that all boards, or at least their compensation committee, should be able to answer. If a board member does not know the answer, there should be no reluctance to ask the question. Unfortunately, people are sometimes hesitant to do so. People not familiar with the compensation topic or new to the organization’s board hold back. Whether unwilling to admit they have questions or feeling a need to “go along with others who seem to know what to do” or “continue to do things the way we’ve always done them”—the important question above just does not get asked. The path of least resistance is to simply chime in for the all too familiar “All those in favor, say Aye” board chorus.
In these COVID times there are, however, some new questions about executive compensation that need to be answered. Many of the familiar and essential factors normally included in board decisions about executive pay are no longer available or relevant. The disruption related to the virus has broadly impacted all sectors of the economy. The issue of competitiveness in terms of compensation is muted at least for the moment. Uncertainties abound and everyone is searching for answers about what they should do. For most organizations, the answers will come from within. Each must chart its own way for the foreseeable future. For this reason, I’d like to suggest the following three new questions to be considered to arrive at an answer for your organization related to whether executive pay is appropriate in these COVID times when unknowns seem to be the order of the day.
Do our current financial condition and outlook for the next 18 to 24 months allow us to continue our current methods and levels of compensation for staff members and our executives?
Affordability is a critical issue and. possibly the most urgent one. If there are concerns about finances, there are a series of progressively more stringent techniques that can be taken, including: discontinuation of “voluntary” plans / payments; salary freeze; salary reduction; furloughs; staff reduction, etc. Each of these must be carefully weighed to arrive at the best answer for your organization. The consideration is not solely financial. Retention of key personnel, staff morale / engagement, continuation of critical services, stakeholder reactions, etc. are also important factors to consider.
Once decisions have been made about any cost-saving actions, they should be fully communicated to all concerned with as much advance notice as possible. In particular, all the details about the duration of the change(s) should be included to the degree that they can confidently be set. Future communications should be made as conditions change, as well as to affirm that the subject has not been forgotten.
Under current conditions, should our competitive pay positioning policy be maintained?
Even if the organization’s financial condition can support holding current executive compensation at target levels in the competitive market, should they stay the same? There are several factors to consider.
COVID times have disrupted the availability and relevance of many sources of competitive compensation data. Newer IRS Form 990 filings are not being posted and are even more outdated than in normal times. Most compensation surveys are reporting on data collected pre-COVID and do not reflect current conditions. Reliable information on competitive compensation may not be available to guide pay decisions.
In some instances, competitive compensation levels have likely decreased due to temporary salary reductions, suspension of bonus / incentive plans, etc. The pressure to keep up with the market has decreased significantly for most organizations.
Finally, there are other factors that may weigh more heavily in executive compensation during these times such as: public / stakeholder perception of executive pay actions, equitable treatment of staff members vs. executives; etc.
For the next 12 to 18 months, executive compensation should be carefully considered as part of a thorough assessment of the organization’s situation and circumstances. As mentioned previously, competitiveness may not be as prominent a consideration now. Again, regular communication to all concerned about any change / moderation of traditional approaches to pay is critically important.
What factors should be considered in executive pay decisions that are needed for 2020 or 2021?
COVID times may have deprived the organization of its traditional benchmarks or made its performance metrics no longer relevant. For this reason, many organizations will need to make pay decisions on a largely discretionary basis. Discretionary should not imply a hastily made monetary “thanks for everything” at year end. I am suggesting a thoughtful approach, one that requires pre-planning and discussion by the compensation committee of the criteria that will be used for any pay-related decision making.
Rather than delaying a discretionary decision until the final compensation committee meeting for 2020, boards would be well-advised to begin discussions and planning now for the specific factors that will be considered when these decisions are made. Board members can exchange and consider ideas to arrive at a general consensus about several critical factors that will be used.
For example, boards may consider:
- How well has management cared for the organization’s employees?
- How have the organization’s stakeholders been treated?
- How have the organization’s vendors been treated?
These types of questions focus on the executives’ stewardship of the organization for the longer term. Once decided, the factors should be communicated to all concerned parties in advance. That information will highlight the behaviors and results that are important for moving forward through this time.
In summary, good answers to the three questions we’ve raised here are essential for a good answer to the “big” question—“Are we paying our executives appropriately?”—during these unprecedented times. Arriving at the right answer for your organization is critically important.
If you do not know the answer to “Are we paying our executives appropriately?” for your organization, please ask!
President Signs Protecting Nonprofits from Catastrophic Cash Flow Strain Act to Assist Nonprofit Organizations into Law
By Lee Klumpp, CPA, CGMA
On Aug. 3, 2020, President Trump signed the legislation to assist nonprofits and governmental entities into law.
The purpose of the legislation is noted as: “The Protecting Nonprofits from Catastrophic Cash Flow Strain Act aims to ensure that nonprofits, state and local governments, and federally recognized Tribes that operate as reimbursing employers under state unemployment insurance (UI) systems can receive the UI relief secured through the CARES Act (Coronavirus Aid, Relief, and Economic Security Act) without bearing onerous cash flow burdens that threaten liquidity.” State and local governments and federally recognized tribes have been able to remain financially viable during the COVID-19 pandemic by ensuring they receive federal help for unemployment payments upfront, instead of being reimbursed later. Nonprofits have not had these same benefits.
Nonprofit organizations, state and local governments, and federally recognized American Indian tribes generally have the option of operating as “reimbursing employers” (also known as “reimbursable employers”) under state unemployment insurance systems. This means that they make “payments in lieu of contributions” to finance unemployment benefits attributable to them. Most states periodically bill reimbursing employers for benefits paid out during that period to their former employees. In turn, employers who opt for this payment method are not obligated to pay unemployment insurance payroll taxes.
Section 2103 of the CARES Act, was intended to provide emergency relief to reimbursing employers by federally financing 50% of the UI obligations for these employers for the period beginning March 13, 2020 and ending Dec. 31, 2020. However, as interpreted by the Department of Labor (DOL) in guidance issued on April 27, reimbursing employers “must pay their bill in full” before they can receive reimbursement for one-half of their obligation. For many employers, the requirement to pay 100% of the UI bill before securing relief exacerbates the financial impact of historically high claims triggered by the pandemic, increasing the risk of further layoffs, closures or substantial reductions in services.
This new legislation would enable states to provide the CARES Act’s 50% emergency relief to reimbursing employers without requiring these nonprofits or other entities to pay their full bill first. While the net cost to the employer and the federal government would remain the same, as the employer would still be responsible for paying 50% of its bill and the federal government would still finance the remaining 50%, the procedural fix included in this legislation would significantly mitigate the cash flow concerns for reimbursing employers.
For states that have already begun administering Section 2103 relief under current law requirements, the legislation includes an explicit safe harbor for claim weeks prior to the date of enactment.
The following is an example that outlines how this process works under the current DOL guidance and how it would work under this new legislation.
Former and furloughed employees of a charitable nonprofit file UI claims collectively amounting to $50,000 in a given calendar quarter. The state workforce agency bills the nonprofit for $50,000 at the end of the quarter, at which point the nonprofit must pay the full bill or risk financial penalties. If the employer can pay the full bill, then the state can ultimately reimburse it for $25,000, provided by the federal government for this express purpose.
Under the new legislation, if the nonprofit pays any portion of its bill, the state workforce agency uses a federal transfer to the state unemployment trust fund to effectively reduce the bill to $25,000, which the nonprofit can pay without needing to pay the full $50,000 first.
Adapted from BDO Nonprofit Standard blog.
By Marc Berger, CPA, JD, LLM
The recently issued proposed regulations interpreting Internal Revenue Code (IRC) Section 512(a)(6) provide additional guidance and builds on Internal Revenue Service (IRS) Notice 2018-67.
On April 24, 2020, the U.S. Treasury Department and IRS published proposed regulations under IRC Section 512(a)(6) in the Federal Register, which was added to the tax law as part of the 2017 Tax Cuts and Jobs Act (TCJA). The provision requires tax-exempt organizations with more than one unrelated trade or business to calculate unrelated business taxable income (UBTI) separately with respect to each unrelated trade or business. The underlying purpose of the provision is to prevent a net loss from one activity from reducing the net income from a profitable activity. As a result of having to treat each unrelated activity separately, Section 512(a)(6) has become known as the “Silo” provision. The provision has been effective for tax years beginning on Jan. 1, 2018 and thereafter.
The IRS released Notice 2018-67 in August 2018 to provide organizations and their tax advisors some guidance on how to interpret Section 512(a)(6). The proposed regulations generally follow the guidance in the notice, although they make several modifications in response to comments received from the tax-exempt organization community.
The principal issue for organizations seeking to comply with Section 512(a)(6) is determining how many unrelated trade or business activities they have. Congress did not provide explicit criteria for determining whether an exempt organization has “more than one unrelated trade or business” or how to identify “separate” unrelated trades or businesses for purposes of computing UBTI in accordance with Section 512(a)(6). The proposed regulations seek to clarify these issues by establishing a method for determining whether an organization has more than one unrelated trade or business and by identifying separate unrelated trades or businesses. Most business activities will use the North American Industry Classification System (NAICS) business codes, and separate guidance is provided for investment activities. In each of these instances the proposed regulations start with the approach utilized in Notice 2018-67 but make some additional changes to this guidance based on the comments received.
Business Activities Other Than Investment Activities
The proposed regulations would classify most unrelated business activities pursuant to 2-digit NAICS codes, which differ from the more specific 6-digit NAICS codes proposed in Notice 2018-67. The 6-digit codes are described as follows: the first two digits designate the sector, each of which represents a general category of economic sector, e.g., real estate and rental and leasing (53), health care and social assistance (62), accommodation and food services (72); the third digit designates the subsector; the fourth digit designates the industry group; and the fifth digit designates the NAICS industry. When applicable, the sixth digit is used to designate the national industry, to reflect differences between the countries. A zero as the sixth digit generally indicates that the NAICS industry and the U.S. industry are the same.
After considering the comments received from its issuing Notice 2018-67, the Treasury Department and the IRS continue to view an identification method based on NAICS codes as administrable for exempt organizations and the IRS. However, in updating the guidance recommended in the notice, the proposed regulations provide that an exempt organization generally will identify its separate unrelated trades or businesses using the first two digits of the NAICS codes, i.e., by economic sector. While there are more than 1,000 NAICS 6-digit codes, the NAICS divides the economy into only 20 economic sectors. Using the 2-digit codes is expected to result in broader, less subjective identification of trades or businesses that would naturally permit the aggregation of similar activities. In addition, it was noted that the 2-digit codes are less likely to change over time because the codes are revised through notice and comment rulemaking (and OMB has historically not revised the codes at the 2-digit level).
Administratively, the proposed regulations provide that an exempt organization will report each NAICS 2-digit code only once. For example, a hospital organization may operate several hospital facilities in a geographic area (or multiple geographic areas), all of which include pharmacies that sell goods to the general public. Pharmacies are described under the NAICS 2-digit code for retail trade (44). Although each pharmacy potentially could be considered a “separate” trade or business under Section 512(a)(6), particularly if separate books and records exist for each pharmacy, the hospital organization would report all the pharmacies using the 2-digit code for retail trade (44), along with any other retail trades or businesses described by this code, on Form 990-T as one unrelated trade or business.
Finally, the proposed regulations provide that once an exempt organization has identified a separate unrelated trade or business using a particular 2-digit code, the organization may not change the 2-digit code describing that trade or business unless the organization can show that the 2-digit code chosen was due to unintentional error and that another 2-digit code more accurately describes the trade or business. This limitation will apply to codes reported on the first Form 990-T filed after final regulations under Section 512(a)(6) are published in the Federal Register. It is anticipated that the instructions to Form 990-T will be revised to describe how an exempt organization provides notification of such an error. In addition, the Treasury Department and the IRS are requesting comments regarding whether there are other circumstances in which an exempt organization should be permitted to change the selected 2-digit codes.
The proposed regulations provide that NAICS 2-digit codes are used to identify separate unrelated trades or businesses except to the extent provided in other paragraphs of the proposed regulations. An exempt organization’s investment activities fall under this exception as their rules are provided in other paragraphs of the proposed regulations.
The proposed regulations provide that exempt organizations may aggregate certain investment activities and treat them as one unrelated trade or business for purposes of Section 512(a)(6). For most exempt organizations those activities are limited to: (i) qualifying partnership interests (QPIs); (ii) debt-financed properties; and (iii) qualifying S corporation interests.
For partnership interests, Notice 2018-67 states that the category of “investment activities” should include only partnership interests in which the exempt organization does not significantly participate in any partnership trade or business. As in the notice, the proposed regulations define QPIs as partnership interests that meet one of two tests:
- A de minimis test, which the exempt organization satisfies if it holds directly no more than 2% of the profits interest and no more than 2% of the capital interest of the partnership; or,
- A control test, which the exempt organization satisfies if it directly holds no more than 20% of the capital interest and does not control the partnership, taking into account all facts and circumstances.
In response to comments received on the notice, the percentage interests held by disqualified persons (e.g., directors) do not need to be taken into account under the proposed regulations in applying the percentage thresholds of the de minimis and control tests. In addition, interests held by controlled entities and supporting organizations no longer need to be taken into account for the de minimis test (but do need to be combined for the control test).
With respect to the control test, the notice looked to whether the exempt organization had “control or influence” over the partnership, while the proposed regulations only look to “control.” The proposed regulations provide that control is shown if the exempt organization “by itself” has the ability to require the partnership to perform, or may prevent the partnership from performing, any act that significantly affects the operation of the partnership, or if it has the power to appoint or remove any of the partnership’s officers or employees or a majority of its directors. Like the notice, the proposed regulations also provide that control is shown if any of the exempt organization’s officers, directors, trustees or employees have rights to participate in the management of the partnership or conduct the partnership’s business at any time.
The proposed regulations allow exempt organizations to rely on the information in the annual Schedule K-1s provided to it for purposes of the de minimis and control tests. In addition, once an organization designates a partnership interest as a QPI, it cannot use the NAICS codes to subsequently identify trades or businesses of the partnership unless and until the partnership no longer qualifies as a QPI (in which case it would be required to use the NAICS codes).
Additionally, the proposed regulations temporarily maintain the “transition rule” that was provided in the notice, under which a partnership interest acquired prior to Aug. 21, 2018 may be treated as comprising a single trade or business under Section 512(a)(6). However, the proposed regulations state that an organization’s ability to rely on the transition rule ends at the beginning of the first day of its first taxable year beginning after the final regulations under Section 512(a)(6) are published in the Federal Register.
The proposed regulations provide that income from debt-financed properties includible in unrelated business income (UBI) under Section 512(b)(4) should be included in an organization’s trade or business from ‘investment activities’ for purposes of Section 512(a)(6). This treatment supports the IRS belief that debt-financed properties are generally held for investment purposes. In addition, an S corporation interest that meets either the de mininis or control test for QPIs is considered a “qualified S corporation interest” and would also be included as part of an organization’s ‘investment activities’ unrelated trade or business. An S corporation interest that is not a qualified S corporation interest would be treated as an interest in a separate unrelated trade or business.
The proposed regulations provide that all “specified payments” (i.e., interest, rents, royalties and annuities) received from controlled entities and includible in UBI under Section 512(b)(13) would be treated as a separate trade or business. Moreover, if a controlling organization receives these payments from two different controlled entities, the payment from each controlled entity would be treated as a separate unrelated trade or business.
The proposed regulations also provide that amounts received from controlled foreign corporations which are includible in UBI under Section 512(b)(17) would be treated as income from a separate unrelated trade or business. Finally, the proposed regulations clarify that inclusions of Subpart F income and global intangible low-taxed income (GILTI) are treated in the same manner as dividends for UBI purposes.
Net Operating Loss Deductions (NOLs)
As enacted, Section 512(a)(6) requires organizations with more than one unrelated trade or business to determine any NOL deduction separately for each trade or business. By limiting the reportable unrelated business taxable income from a separate trade or business to zero, the statute supports the underlying purpose of the provision to prevent a loss incurred from one trade or business to offset income generated from another trade or business. To preserve NOLs from tax years prior to the effective date of the TCJA, Congress created a special transition rule for NOLs arising in a taxable year beginning before Jan. 1, 2018 (pre-2018 NOLs). Section 13702(b)(2) of the TCJA provides that Section 512(a)(6)(A) does not apply to pre-2018 NOLs, i.e., that they may be used without regard to the Section 512(a)(6) limitation. For organizations with pre-2018 NOLs, and NOLs arising from years beginning after Dec. 31, 2017 (post-2017 NOLs), a question arose regarding the order in which such losses should be taken. Notice 2018-67 did not affirmatively answer that question, however the proposed regulations do.
The proposed regulations provide that an exempt organization with both pre-2018 NOLs and post-2017 NOLs will deduct its pre-2018 NOLs from its total UBTI before deducting any post-2017 NOLs with regard to a separate unrelated trade or business’s UBTI. Moreover, the proposed regulations state that pre-2018 NOLs are deducted from total UBTI in the manner that results in maximum utilization of the pre-2018 NOLs in a taxable year. This result is organization-friendly in that it allows for the maximum use of these NOLs before their expiration (pre-2018 NOLs expire after 20 years; post-2017 NOLs do not expire).
Charitable Contributions Deduction
For tax-exempt organizations that are corporations, Section 512(b)(10) limits the organization’s charitable contributions deduction to 10% of UBTI. The proposed regulations clarify that Section 512(b)(10)’s reference to ‘UBTI’ refers to UBTI after the application of 512(a)(6). This result is also organization-friendly in that activities with net losses will not lower UBTI for purposes of determining the 10% deduction limit since those loss activities will be limited to zero for purposes of Section 512(a)(6).
Allocation of Expenses
Regarding the issue of allocating expenses between separate unrelated trades or businesses, Notice 2018-67 stated that the Treasury and IRS were considering modifying the “reasonable allocation method” described in Treas. Reg. Sec. 1.512(a)-1(c) and providing specific standards for allocating expenses under Section 512(a)(6). The preamble to the proposed regulations state that Treasury and IRS are still considering the issue and intend to publish separate proposed regulations providing further guidance on this issue. Until these proposed regulations are issued organizations are instructed to allocate deductions in accordance with any reasonable allocation method. Per the IRS, utilizing gross revenues as a method of allocation is not reasonable as it overstates the deduction(s) in determining UBTI.
Proposed Applicability Dates and Approaches
The proposed regulations apply to taxable years beginning on or after the date they are published in the Federal Register as final regulations. For taxable years beginning before that effective date, exempt organizations may (1) rely on the proposed regulations in their entirety; (2) rely on the methods of aggregating or identifying separate trades or businesses provided in Notice 2018-67; or, (3) rely on a reasonable, good-faith interpretation of Sections 511 through 514, considering all of the facts and circumstances, when identifying separate unrelated trades or businesses under Section 512(a)(6).
While some important questions remain unanswered (e.g., allocation of expenses among various UBI silos), the proposed regulations should provide organizations some comfort in the potential aggregation of activities, which may help the determination of how many unrelated trades or businesses they have. However, this may not ease the inevitable result of increasing their unrelated business income tax liability exposure from a provision that tilts the proverbial “level playing field” towards their taxable entity competitors.
By Michael Conover
The novel coronavirus (COVID-19) crisis has affected all sizes and types of organizations including the nonprofit sector. Regardless of the type of nonprofit, they have been impacted by: forced office closures, dramatic swings (upward or downward) in demand for their services, actual or threatened loss of revenue, budgetary and staff cuts, etc. As the crisis has unfolded, each organization has struggled to respond as new information and guidelines for moving forward have changed. And there is no certainty as to when or how things will begin to change for the better.
Because compensation is generally the largest expense for most nonprofit organizations, it should come as no surprise that many have been forced to reduce or eliminate salaries, and discontinue any bonus and incentive plans. Over time, additional compensation reductions may become necessary if revenues fail to recover to needed levels.
With the struggles to manage day-to-day operational issues a full-time affair, a discussion of compensation would seem to be a pretty low priority in most organizations … particularly since there is likely no good news to report. Like most difficult topics, however, this does need to be raised.
While we cannot make many specific predictions about the future as far as compensation is concerned, I believe there are a few things we can expect as things move forward:
- Staff and salary reductions in response to the crisis will likely result in no or negligible wage growth for the year with possible negative growth in some cases.
- Interest normally devoted to surveys about salary increases for the coming year will likely be focused instead on surveys of trends for addressing the ”no growth” situation which can include plans for restoration of salary cuts, use of one-time bonuses/spot awards, “premium”/ hazard pay for essential personnel, etc.
- Boards will wrestle with decisions about compensation for the executive team managing the organization through the crisis period—pondering a basis for evaluation of performance and an appropriate means for rewarding steps taken for the organization’s survival versus a celebration of growth and profitability.
Under the best of circumstances, good advice for addressing an organization’s compensation needs is based on an understanding of the facts and circumstances associated with that organization. These uncertain times underscore the need for specific information, but very little is available. With little or no information about when or how things will begin to emerge from the crisis, it might be best to offer some general guidelines for managing compensation in the new normal. A few that come to mind follow:
- Prior to implementing changes in any compensation practices (if not already made), organizations must check with state regulations about required periods of notice before changes can be made. Similarly, plans for eliminating, delaying or changing the terms of payment under any formal plans or employment agreements should be thoroughly researched to avoid any adverse compliance issues.
- Communication about compensation is always important and often not done well. In difficult situations it is more important and must be done better. Information must be shared and provided in advance of change (when possible) by board and management to staff.
- Periodic updates on compensation, particularly in cases where salaries have been reduced, is important. Ideally, plans for restoration can be shared. Until that can occur, communication of assurances that the subject has not been dropped and a plan will be announced as soon as one can be developed should be made. While employees may be reluctant to raise the topic, it is a top-of-mind issue on the home front.
- While board members are likely absorbed in many other issues, the annual compensation discussion may be delayed, but its return to the agenda is a certainty. Management has the same interest in and need for information about compensation as staff members.
- The typical review of actuals in relation to budget, personal objectives met and/or missed, etc. will likely be moot at this point. Similarly, efforts to reset bonus or incentive plans will likely be a pointless effort under current circumstances.
- Rather than delay consideration of management compensation decisions until several days beforehand, board members might do well to devote some time to identifying and discussing some new and/or revised criteria for assessing management’s stewardship of the organization in the crisis. For example:
- How well were employees treated?
- How well were the organization’s clients/service recipients treated?
- How well were the organization’s vendors treated?
- How did the organization respond to the needs of the community?
- Explore some ideas and/or options for alternative compensation such as non-monetary alternatives for recognition, reward payments (e.g. one-time bonus / spot award, extra paid time off, etc.).
- As circumstances improve and plans for recovery begin to become clearer, communications with all parties about plans for compensation must be a priority. People should not be left in a position to wonder what will happen or be forced to ask. Proactive communication is the best approach.
We expect that in the weeks and months to come, there will be more information to share about trends that will impact compensation later in this year and into next. We will provide updates as they become available.
by Dick Larkin, CPA, MBA
This article is aimed at helping nonprofit organizations plan to cope with the new challenges imposed by the coronavirus pandemic. The first part of the article focuses on matters external to the organization, while the second part focuses on internal matters. The article is intended to raise questions and get people thinking, not to provide pat answers; such would require a book. These challenges are in some ways pervasive among all organizations; in others there will be different effects on different types of organizations, e.g., educational institutions, the performing arts, membership organizations, religious organizations, charitable organizations, healthcare, etc.
The coronavirus has changed our world in ways unimaginable a year ago. The events of Sept. 11, 2001 resulted in permanent changes to air travel. The coronavirus has resulted and will result in permanent changes to a much wider variety of aspects of our personal and business lives. Some of these changes affect both businesses and governments, as well as nonprofits. These articles will focus on those aspects unique to, or that will have a disproportionate effect on, nonprofits.
The most recent events of comparable nature, magnitude, and pervasiveness were the influenza pandemic of 1918-19, which killed tens of millions of people, and the Great Depression of the early 1930s. But, you are thinking: what about 9-11? World War II? 9-11 was over in a few hours; it directly affected only a small number of places and a limited number of people, and was unlikely to happen again. World War II, for most Americans—except those actually in battle and their close families—was not here; it was almost entirely “over there.” Yes there was rationing, and unavailability of some consumer products like new automobiles, but the daily impact of those was relatively small, and not dangerous for most people.
Coronavirus is here, it directly affects everybody everywhere, it is dangerous, and there is as yet no way to predict how long even its direct effects—much less the indirect effects—will last. Even if a preventive vaccine—and a cure for those already sick—were to be discovered tomorrow and made widely available next week, many of these changes still will not ever be completely reversed.
Effect on organizations’ revenue and financial health
Except for healthcare organizations (which of course are working overtime), the nonprofit sector is largely shut down. Educational institutions have closed their facilities and many are conducting classes online, but bookstore sales have largely ceased and athletic department income has completely dried up. Performing arts organizations are silent. Museums are closed, which reduces both admissions income and gift shop sales (some gift shops continue to sell online). Many houses of worship are conducting services online, which has resulted in a drop in “plate” collections. Membership organizations still have their dues income, for now, but meetings are canceled or postponed. Many charitable organizations are seeing increased need for their services, but trying to increase revenue to cover those added costs is challenging because many donors are themselves in financial distress. Many individuals have lost their jobs or seen a reduction in pay. The 2017 income tax act had already reduced the incentive for some to make charitable contributions by doubling the standard deduction for individuals. Now Congress has eliminated the year 2020 required minimum distribution from deferred compensation plans (IRAs and the like), so seniors over age 70½ will have less incentive to make direct charitable rollovers from those plans. On the more incentive side, there is now a $300 charitable deduction available to donors who do not itemize. Foundations have seen their investment portfolios lose value, so they have less available to make grants. State and local governments are seeing declines in sales, gasoline and income tax revenue, so they have less to distribute as support. Only the federal government is pumping money into the economy, some of which is flowing to nonprofits, but this cannot possibly make up for all the other revenue losses.
There are some offsets. It is well known that many performing arts organizations lose money on every performance they put on, so by cancelling performances, they may save more in expenses than they lose in revenue. The real losers there (besides the audiences) are the performers: actors, singers, orchestra musicians, etc., and the supporting staff: stagehands, technicians, ushers, etc. Those organizations that can afford to are doing what they can to keep some of these people on the payroll (there is a limited federal grant program expressly for that purpose), but that does not make everyone whole, and cannot go on indefinitely. Residential educational institutions have lost room and board revenue, but do not have to pay for food and kitchen staff (again a hardship for that staff), or pay for most dormitory current operating costs.
These are short-term effects. But what about the longer term? Will an orchestra or chorus or theater that has had to cancel the rest of its current season be able to attract its audience back when things are able to reopen? Will the performers still be available? (What will a choral concert sound like if all the singers are wearing face masks?) If half of this concert season has been canceled, will donors continue the same level of annual support next season? Will college students re-enroll next semester? Will individuals and companies that have had to cut back on expenditures due to lost income return to their previous levels of charitable giving? Will association members renew their memberships? Will people be willing to resume participating in and attending events in spaces with large numbers of other people, for example, classes, concerts, conferences?
Planning for how to survive these effects is made even more difficult by the current uncertainty about when things will return to anywhere close to normal, if ever. Mounting a museum exhibit or a theater production, or getting all the pieces of a college curriculum in place, or organizing the annual convention of a trade or professional association cannot be done in a week, but at this point no one can be certain when, for example, colleges will be able to fully reopen: This summer session? The coming fall semester? Next year? None of the above? The answer will likely vary by locality. And what if there is a resurgence of the virus during the flu season next fall, as some healthcare experts are predicting is possible?
Internal Effects on Nonprofits
Given the external effects discussed above, how will they affect the internal operations of nonprofits? The governing board and the CEO will take the lead here by first thoroughly understanding the organization’s current situation, then communicating that to the staff (including volunteers), donors, clients (members, students, etc.) and the community. For example, how many months of anticipated expenditures do we now have available in liquid assets?
Some things are obvious. With less income and greater uncertainty, organizations must manage their expenditures even more carefully than they normally do. Expense budgets must be pared; revenue, expense and cash flow budgets must be closely monitored on a timely basis. Difficult choices may have to be planned for and made:
Do we continue this program (academic department, publication, concert series, location) or that one? We no longer may be able to count on the availability of resources to do both.
Should we consider pursuing a merger with [other nearby organization whose programs are similar to ours]?
Do we have access to a line of credit? (If not, why did we not arrange for one before this crisis?)
Would [Major Donor X] be willing to convert a previous restricted gift into an unrestricted gift, or to allow re-purposing of the gift to what is now a more important program?
We are ok for the moment, but what are our Plans B, C, and D if next year’s revenue falls by 20%? 30%? 50%?
Donor and customer relations take on greater importance. Timely and clear communication is vital. Organizations must make every effort to keep the ones they have, motivate donors to increase their giving level, and to attract new donors to make up for the inevitable lost ones. Ditto for educational institutions (students), associations and houses of worship (members), museums (visitors), performing arts organizations (audiences), etc.
Management should become aware of all available governmental resources and take advantage of the ones that may pertain to the organization, such as the Paycheck Protection Program or the SBA Loan Program. Find out what insurance coverage is in place for things like cancelation of events. Would coverage be different depending on whether the cancelation was due to governmental quarantine regulations or the closure of a rented venue versus proactive action by management? Are there foundations which might be willing to help?
Many smaller nonprofits with few staff have always found it challenging to maintain adequate internal controls over their accounting and operational functions. With many staff now working off-site, this challenge is even greater. But the need for these controls is greater, not less. And remember, the responsibility for designing, implementing and monitoring these controls lies squarely with management, not with the auditors. Auditors will (and must under their own professional standards) continue to ask questions of management such as: “How do you satisfy yourself that (for example):
All revenue intended for the organization—especially contributions—has been collected and properly recorded?
All expenditures are for appropriate purposes, consistent with any applicable donor restrictions, in proper amounts, have been properly recorded, and that commensurate benefit has been (will be) received?
All assets that properly belong to the organization are adequately secured, managed, and properly valued and recorded?
All liabilities, and only true liabilities, of the organization are properly recorded and paid?
The organization is in compliance with applicable laws, regulations and funder (private or governmental) restrictions?
All of the organization’s activities are being conducted in an ethical manner? Another way to phrase this is, “Is there anything about the organization, its personnel, or its operations that would cause embarrassment if reported on the front page of tomorrow’s local newspaper?”
Auditors, in turn, are subject to various constraints in performing audit work. They may not have normal access to the client’s personnel, office or other facilities, and thus may be unable to examine hard copies of documents or observe inventory of gift shops or bookstores. Examination of documents and interviews with client staff may have to be conducted electronically, and extra steps taken to verify the authenticity of documents and the proper functioning of internal control procedures.
With the greater risk that staff (including volunteers) may become infected and unable to work at all, and/or infect others, organizations should be sure that every function is backed up by at least one other person or that outsourcing arrangements are in place if needed. Government healthcare privacy regulations probably forbid explanation to the rest of the staff as to why “Mary” is not going to be at work for the next month. But if a virus case is identified in the organization, quarantine regulations may require that that fact (alone—no names) be disclosed to those who may have had contact with the infected person. Legal advice may be needed here.
Some operational areas that may be affected include anything involving travel—especially international, such as students studying abroad, bringing visiting performing artists in from other cities, travel by athletic teams to away games, out-of-town speakers at conferences, members traveling to attend conventions, etc. Technology is already being used in some of these areas, and such use will likely increase. (Ok, technology will not work for team sports: football, soccer, basketball, hockey or racquet sports such as tennis; but maybe it could if golf or a racing-type event such as track and field, swimming or skiing could be contested simultaneously in both home facilities, so the race is effectively against the clock.)
Organizations such as homeless shelters and soup kitchens will need to rearrange their spaces to allow for more social distancing by their clients. Even after the immediate threat of infection has largely passed, would-be users of such facilities may want to feel comfortable that they are adequately separated from their neighbors. An extreme example would be a charity dental clinic, which will have to take extraordinary steps to keep both its patients and staff feeling safe. These and similar organizations should also be certain they have adequate insurance coverage to protect from claims by someone who has accidentally been exposed while in their facility.
Houses of worship have some special challenges: how do they handle group events (apart from regular services) that often involve close personal contact, such as weddings, funerals, baptisms, confirmations, bar/bat mitzvahs, etc.? Even when in-person group services can be safely resumed, should the communion ritual be altered? Should congregants still pass the peace during the service? (There should be an understanding so there will not be embarrassment if one person wants to shake hands or hug a neighbor, but the neighbor does not.)
Some facilities may need to be re-purposed. Convention centers and sports arenas are being used to help meet medical needs of cities. Now-empty college dormitories and dining facilities could be used for helping people in need due to job loss or homelessness.
Now is definitely the time to be thoughtful and creative.
By Barbara Finke, CPA
Most organizations have an established budgeting process. Whether the entity uses a robust performance management tool or a spreadsheet, there is likely a thoughtful process to predict the next year’s revenues and expenses. The budget is usually approved by the board of directors and/or other committee and memorialized in the meeting minutes. Once the budget is final, how an organization utilizes this tool varies. Most organizations utilize the budget as a tool for comparing actuals on a periodic basis while some revisit the budget and make changes based on certain events, and a rare few actually revisit the budget on a rolling schedule and update forecasts routinely.
Based on a survey conducted by KPMG in 2016 with the Economic Intelligence Unit (consisting of 544 global companies) only two-thirds of organizations surveyed incorporated rolling budgets. Although experts often say reforecasting or rolling budgets are important, many organizations continue to operate with a static budget, citing time or computer system limitations. A static or fixed budget occurs when the organization prepares an annual budget, which remains untouched for the fiscal year. The organization compares actual performance to the budget at periodic reporting intervals. This common type of budgeting is a good tool for keeping spending within a predetermined threshold. A static budget remains useful when spending is generally predictable and consistent. However, it can become cumbersome and unhelpful when the organization sees major changes, and the variances, while explainable, render the static budget meaningless.
Consider the current reality of our unprecedented economic and social times. On Jan. 30, 2020, the World Health Organization (WHO) announced a global health emergency because of a new strain of coronavirus originating in Wuhan, China (COVID-19), and the risks to the international community as the virus spread globally. In March 2020, the WHO classified COVID-19 as a pandemic, based on the rapid increase in global exposure. The world is still determining the ultimate impact of the global pandemic. In the United States, shelter-in-place orders seem to change daily and differ not only by state, but by county or even potentially by neighborhood. Economic stimulus packages were enacted on March 27, 2020, under the Coronavirus Aid, Relief and Economic Security Act, with new grant opportunities, tax changes, and ever evolving lending programs. In addition, we have seen historic stock market changes based on seemingly every announcement from the Centers for Disease Control and Prevention (CDC), the president and/or major corporations. Now, more than ever, organizations need to understand how to reforecast static budgets so that the executive teams can make real-time informed decisions.
Per an article from Kshitjil Dayal, Workday, “…from March 23 to 27, our [Workday] cloud planning platform processed up to 30 times more forecasts and build-out scenarios than in a typical week. Since the emergence of the COVID-19 pandemic, we’ve [Workday] seen an overall average increase of 15 times the amount of modeling and recalibrating as organizations everywhere attempt to make sense of the ripple effects.” Based on that evidence, organizations seem to be aware of the need to reforecast budgets for fiscal year 2020 and beyond. Was your organization ready?
Historically, the most common reason noted for using reforecasting or a rolling budget was the constantly changing nature of the business environment, whether it be technology innovations, stock market fluctuations or management changes, and the belief that a static budget would not provide organizations with a useful tool when making key decisions. In the past, your organization may have concluded your environment was not constantly changing, or that the headache of the reforecasting process was larger than the benefits. Now every organization is in a state of constant change, and reforecasting is critical.
Budgeting is a bit like road trip directions. In the past, you pulled out the road atlas, plotted your course and headed out. It was a surprise when you hit a major traffic jam or detour, and you were forced to wait patiently. Now, you put the destination into your favorite mapping app and start your route. As you drive, the app periodically notifies you of a shorter available route, or a major road blockage ahead that requires rerouting. Your mapping app provides all of the information you need to quickly make the decision to take a new course or stay on the original one. A budget that can be reforecast quickly gives your organization the same ability. If you want this capability for your organization, the next step is to decide whether you will use a reforecast or a rolling budget.
What is reforecasting?
Reforecasting means updating the entire budget based on new facts and circumstances, taking a holistic look at your original budget and updating any elements as necessary. In the end there is a separate, fully revised budget, not an adjustment to just a line or two. The reforecast allows the operational group to understand the new route to follow and what will be ahead on the new path. It provides a more relevant decision tool than the static budget.
When should an organization reforecast?
As noted above, a reforecast should happen whenever there is a large or unexpected trigger event, such as the COVID-19 pandemic. However, it doesn’t have to be that big of a trigger. It could be a large or unexpected change in one of the organization’s major revenue streams or cost drivers, such as winning (or losing) a major contract. When the main driver of your budget is expected to change as a result of the event, a reforecast should be completed.
Organizations should also consider reforecasting when trends show that the original budget was not accurate, and you start to see recurring, significant variances in line items between actual and budgeted amounts.
The key message is that a reforecast is needed when the main driver of your budget suffers a significant enough impact that it is necessary to consider a holistic change in your original static budget.
How should an organization reforecast?
Before you determine the next steps in reforecasting, consider the budget process in your organization. Do you have a zero-based budget? In a zero-based budget, the organization builds the budget from scratch, considering each expense driving the budget from the expense side and attempting to grow profit by reducing expenses, rather than increasing price per unit or units sold. Or, does the organization look at historical trends and adjust revenues and expenses according to expected growth or shrinkage? Either way, break down the assumptions to the original drivers, whether it is variable costs or variable revenue sources that drive the bottom-line budget. This may require more thought if your organization has not done a zero-based budget recently. If you are struggling to identify your organization’s drivers, consider what key performance indicators you report to the board of directors or what benchmarks you are tracking. These are likely the drivers to consider when you are reforecasting.
Once you have determined which costs or revenues are variable, then reforecast what impact the event will have on your variable drivers. If you budget based on costs, think about what costs are variable, such as operational payroll or supplies. Will these costs increase or decrease? If your costs increase, what will the organization need to do to increase revenues? Another approach is to start with the variable revenue drivers (such as patients served, units sold or students enrolled). Will the visit/unit sales rate increase or decrease? If the unit sales increase or decrease, what is the impact on costs? Will prices need to change? If prices change, what must the organization do in response? Remember as you change the cost driver, consider the impact on revenue, or vice versa.
Next, consider fixed costs and if there are any changes to these based on the trigger event. Typically, fixed costs would not be subject to change; however, in response to an event such as the COVID-19 pandemic, organizations may be renegotiating administrative payroll or rent expenses and, therefore, those fixed costs should be reforecast as well. Perhaps the original fixed-cost assumptions were not accurate in the first place. It is worth looking at all significant line items to ensure the accuracy of the forecast. Take this time to be critical of all original assumptions. Review future debt payments, rental agreements or other recurring charges to ensure that the terms of those contracts have not substantially changed since the budget was originally prepared.
The main drivers of the budget are always program/operational related. Therefore, it is critical that you speak with the managers of each division to understand what their projections entail. Accounting and finance personnel must understand if a change to the budget is realistic and if operations can function with the parameters that have been assigned. For example, if you cut expenses to balance the budget from anticipated revenue losses, make sure operational/program managers agree that there are enough expenses to produce whatever is needed to meet anticipated demands. Finance teams have noted that siloed operations or lack of integrations are main reasons for preparing only a static budget and finding a lack of value in other models.
While working on reforecasting, time is of the essence. The sooner the data is reforecast, the sooner the organization can use it as a tool for their decision making. It may be difficult the first time the organization works through a reforecast. Take notes on lessons learned and consider how you can set up the next period’s budget in a format that may be easier to reforecast in the future.
How do I predict the unpredictable?
Reforecasting for a trigger event, such as a new contract, is relatively straightforward. Program managers will understand how drivers will be impacted and what considerations should be made. However, what should organizations do with something like the COVID-19 pandemic? How can the future be predicted?
Financial analysts have made a living out of creating models that consider scenarios such as these. Those scenarios are then stress tested to see what happens if certain assumptions change. Using the same thought process can help you “predict” the future.
One way to create a model is to understand your organization’s cash burn. Most CFOs are acutely aware of cash trends. Look back at historical cash flows and calculate what your average spend rate is compared to your average collection rate. With this knowledge you could model a few scenarios.
Consider the worst case scenario first. If the organization is unable to collect cash from any revenue for an entire quarter what reforecast is needed on the budget? What happens if cash from revenue is only reduced a certain percentage over that same quarter? Essentially using this theory, you can start to build steps to respond to a prediction and implement those steps as necessary.
As an example, Organization Y has noted that the current cash position is $1 million, and that fixed costs requiring cash for the next quarter are $200,000. This leaves $800,000 of potential spending. If the organization’s variable expenses are $900,000 a quarter, what steps would need to be taken to cover the shortfall of $100,000 ($1.1 million of variable and fixed costs for the quarter less cash on hand of $1 million)? With a predicted shortfall number, the organization can decide if that means taking on new debt, curbing capital expenses or potentially cutting salaries.
The worst case scenario may not be the most likely. But rather if Organization Y forecasts that instead of the typical cash from revenue of $1 million a quarter, they anticipate $500,000 in cash from revenue this quarter. Now the organization has $1.5 million ($1 million of cash on hand plus the $500,000) to spend over the quarter. If the cash needs are $1.1 million, they know going into the next quarter that they have $400,000 of cash available.
It is easy to establish the worst case scenario. It is harder to picture a realistic scenario, especially during situations like the COVID-19 pandemic. To assist your organization in determining the most realistic scenarios when reforecasting, look at what is happening in your industry in particular. If you are a member of a trade organization, it is likely that they are polling members and publicizing what member organizations are experiencing. You can also look to other sources of benchmarking, such as public companies, to see what the quarterly earnings or filings look like.
Economic sources like IBISworld, Moody’s Analytics, Morgan Stanley Economic Outlook, Morningstar Economic Outlook, or Placer.ai on Retail Foot Traffic provide data and information on economic trends experts are seeing. Organizations often forget to look at external sources to help predict the course of the budget drivers, which can be detrimental when creating an accurate forecast. When preparing any kind of budget, looking at external data sources is critical.
Even if your organization struggles with defining the most realistic scenario, the reforecast is still a helpful tool as it starts to put parameters (Organization Y has somewhere between a shortfall of $100,000 or a surplus of $400,000 to consider) that management can work with to make informed decisions about the best next direction rather than driving blind.
What is a rolling budget?
A rolling budget is similar to a reforecast, except a rolling budget was never intended to remain static and has a set time of when it should be adjusted (rather than waiting for trigger events). A common example of a rolling budget is where an organization would budget four quarters ahead. Each quarter the organization updates the next three quarters and adds a new fourth. Meanwhile monthly comparisons would be made to the monthly budget planned in the rolling budget. The organization would set a time period at which point the budget will be reviewed and updated using the same techniques as noted above for reforecasting. The rolling period could always be adjusted if a trigger event occurred outside of the normal update period. The rolling budget is always anticipating change, so an organization is set up to continuously monitor the trends and update either revenue or cost predictions, or both, to stay nimble.
Which one is better?
The best budget method depends entirely on the attributes of your organization and the industry it operates in.
A static budget is likely the best option for a small organization with relatively small fluctuations year over year. It may also be helpful in organizations that are grant driven where the grant budgets will not change once adopted. While the budgeting process can be long, it only occurs once a year in this environment, which makes it easier for a small staff and limited software capabilities. If your organization utilizes a static budget, to ensure that the budget stays relevant, the organization should routinely compare actual results to budget.
Reforecasting is not always necessary, especially if there is no trigger event and no major variances from the static budget. However, because events like the COVID-19 pandemic are rarely foreseen, the ability to reforecast a static budget is beneficial for any organization. Right now, every organization should prepare a reforecast budget using the steps outlined above based on the impacts of the COVID-19 pandemic. While working on the reforecast, use this time to set up a process and policy of how and when to reforecast your budget in the future. For example, as a policy, an organization could define a trigger event. Try to use thresholds such as an event that would likely change the main budget driver by 20% . When a “roadblock” like the COVID -19 pandemic comes up, the organization needs the tools to create a new fiscal road map. It will likely also lead the organization to identify areas to improve in the static budget process.
If your organization is in a more volatile industry where the drivers are constantly changing and strategy is ever evolving, then the rolling budget is most likely the best method for your organization. Another benefit of a rolling budget is that it inherently pushes the organization to a forward-looking approach, as governance discussions center around how the budget was adjusted and why, versus the historical approach of comparing the static budget to actual and repeating oftentimes the same variances each time. To be successful, a rolling budget requires an ongoing assessment with quick changes to ensure that the periodic budget to actual reporting can be maintained. Reforecasting with a rolling budget also needs to be fairly quick since it is continuous.
If the organization adopts a rolling budget or a reforecasting model moving forward, it is important to make sure careful thought goes into preparing the original budget. Drivers should be clearly identified, and formulas used to show how the variable revenues and costs build from the drivers.
Does my Organization Need Budgeting Software?
A budget could be a simple spreadsheet or prepared using budgeting software. The team should consider how complex the organization’s drivers are when considering whether to utilize a spreadsheet or software. Organizations with multiple streams of revenue with different corresponding variable costs, may find it necessary to utilize software. Software often allows for more complex planning and reforecasting, allowing the organization to create various scenarios to see what an impact such as changing the price of a unit by 5% versus 7% would be. Software can aid collaboration amongst different teams or units, while using a spreadsheet could make maintaining version integrity when sharing with multiple users problematic.
Consider what the likely trend in budgeting will be for your organization to select a tool. In a study done by the Chartered Institute of Management Accountants in 2016, The Reforecasting Report, the authors note that “buying an increasingly complex software platform without full cooperation and negotiation may fail to reduce ‘noise’ in the planning and budgeting process.” In addition, bad data in, bad data out, no matter what the tool, so an organization should first make sure the budget basics are in place and reliable data can be easily obtained to ensure a software or spreadsheet’s ability to create a proper forecast is enhanced.
 Kothari, S.P et al. (2007, September) Forecasting With Confidence: Insights from Leading Finance Functions. Retrieved from https://home.kpmg/content/dam/kpmg/pdf/2016/07/forecasting-with-confidence.pdf
 Dayal, Kshitij (2020, April 15) How to Gain Business Agility in Uncertain Times. Retrieved from: https://blog.workday.com/en-us/2020/how-to-gain-business-agility-in-uncertain-times.html
 Jelly, Robert (2007, May 1). The Reforecasting Report, 2006 Survey of Current Practices in the UK. Retrieved from https://www.cimaglobal.com/Documents/ImportedDocuments/The_Reforecasting_Survey.pdf
Dayal, Kshitij (2020, April 15) How to Gain Business Agility in Uncertain Times. Retrieved from: https://blog.workday.com/en-us/2020/how-to-gain-business-agility-in-uncertain-times.html
 Jelly, Robert (2007, May 1). The Reforecasting Report, 2006 Survey of Current Practices in the UK. Retrieved from https://www.cimaglobal.com/Documents/ImportedDocuments/The_Reforecasting_Survey.pdf
By Tammy Ricciardella, CPA
Many nonprofit organizations receive a variety of gifts-in-kind (GIK) that provide them with resources to supplement their programming.
GIK represent a wide variety of non-cash items donated to nonprofits. Nonprofits must follow Accounting Standards Codification (ASC) Topic 820, Fair Value Measurement, to account for the GIK. This means that GIK must be recorded at fair value which is defined as “the price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date.” This creates difficulties for many entities since they receive the goods as a contribution and not a market participant. This creates the question of how to value the items received. The entity must assess what market they would use if they were to sell the donated goods. This assessment must be performed in the process of determining the fair value even though the entity has no plans to actually sell the donated goods. Would the goods be sold in an exit market as a retailer, wholesaler or manufacturer, or in some other market? Once the market is determined, there can still be complications if the entity doesn’t have access to the valuation inputs in that market. The entity may have to use the inputs available to them to assess the fair value and then make an adjustment to the market they chose.
These are all complications faced by entities who receive GIK as they may not have prior transactions or the market experience to use as a resource for the fair value inputs. Under the ASC, entities must distinguish between the principal market and the distribution market. The principal market is defined as “the market in which the reporting entity would sell the asset or transfer the liability with the greatest volume and level of activity for the asset or liability.” Based on this definition, the actual location in which the donated goods may be distributed at no cost is not necessarily the principal market.
Determination of the fair value also has to take into consideration if there are any legal restrictions either on the entity or the donated assets. Asset restrictions may limit the legal sale of GIK to certain markets which would affect the determination of the principal market. Since these legal restrictions on the asset restrictions would be considered by a potential buyer, the entity has to take this into account in the fair value assessment.
It is important to note that the value assigned by the donor of the goods may not relate to the principal exit market of the nonprofit. In addition, the donor’s tax values are not equivalent to the fair value under accounting principles generally accepted in the United States. In many cases, the nonprofit will not have access to the same market as the donor. The nonprofit must value the GIK based on the principal exit market from their perspective.
To assist in addressing these complications, entities should have a documented policy on accepting GIK and a policy on how the fair value assessments will be performed. The determination of fair value for each type of GIK received should be clearly documented, including management’s assessments and factors considered and the final conclusion reached.
For more information, contact Tammy Ricciardella, Director, at email@example.com.
For more information from Blackman & Sloop, please contact Deetra B. Watson.
By Laurie De Armond, CPA, and Adam B. Cole, CPA
All nonprofits want to do good. Helping their constituents and driving impactful, positive change in communities is what propels their mission forward. Whether they’re on a quest to combat social injustice, poverty or climate change, nonprofits play a vital role in keeping our society moving forward. And yet, noble intentions are not enough for nonprofits to effectively fulfill their intended goals.
So, how can nonprofits successfully maximize good?
The answer can be borrowed from a classic adage: “Charity begins at home.” Just as a doctor cannot take care of others if he himself is ill, organizations cannot help their constituents if they’re unable to manage their own operations effectively and sustainably. As mentioned in our insight, “The Business of Impact,” nonprofits must balance good intentions with a business mindset.
This begins with learning how to balance external and internal needs. Too often, nonprofits, in a quest to save the world, fail to save themselves.
By taking these steps, nonprofits are poised to maximize their impact.
STEP 1: BALANCE PROGRAMMATIC & OPERATIONAL INVESTMENTS
Donor pressure may dictate high programmatic spending, but nonprofits must realize that underfunding overhead costs is dangerous and, ultimately, unsustainable. There are critical areas all nonprofits should keep in mind when making strategic spending choices, including:
Talent Management: Nonprofits need to support the people behind their mission and invest in recruiting and retention. Our Nonprofit Standards benchmarking survey found that keeping employees satisfied is a challenging task, with most respondents citing issues like compensation, technology, and training and development. By regularly reassessing the processes, programs and structures in place, nonprofits can understand what motivates—or demotivates—their employees.
Governance and Compliance: Nonprofits should think of good governance as an imperative, not simply a nice-to-have. Even with limited resources, they must take a proactive approach to regulatory compliance and risk mitigation. Earmarking funds to cover compliance costs may be painful initially, but the costs of noncompliance are even greater.
Technology, Equipment and Supplies: In addition to jeopardizing employee satisfaction, having outdated IT and equipment can drain already-limited resources by reinforcing operational inefficiencies, weakening impact reporting (58 percent of Nonprofit Standards survey participants cite inadequate technology as a barrier to impact reporting), increasing cyber and data privacy vulnerabilities and more. Nonprofits should invest in technology that can help them advance a larger goal—whether it’s empowering their employees to accomplish more, making their programs more accessible or amplifying their current fundraising efforts.
Cybersecurity and Data Privacy: Nonprofits must safeguard the data they possess, regardless of where it originated. Unfortunately, many fail to invest in cyber or data privacy programs, due to the assumption that they’re too small to be a viable target. However, this often makes them even more appealing and vulnerable to cyber attackers. Security needs to remain a key priority, even amid multiple projects.
Fundraising: Many investments in this category fall into similar buckets as those outlined above, especially people and technology. Whether it’s spending money to hire and train a fundraising team or purchasing new fundraising tools that can expand an organization’s reach, putting aside funds to improve visibility will pay off in the long run.
Balancing programmatic and operational spending isn’t easy and requires organizations to assess their operations with a critical business mindset. Altruism without an efficient infrastructure to support it won’t go far.
STEP 2: EMPHASIZE FINANCIAL DUE DILIGENCE
Financial due diligence for nonprofits extends beyond having enough liquidity to function effectively and investing with self-care in mind—it’s also managing finances with the same level of dedication as a for-profit business.
Maintain Sufficient Operating Reserves
When organizations encounter funding disruptions or lose a major donor, a healthy supply of operating reserves (liquid, unrestricted net assets) is a critical fiscal safety net to keep programs up and running.
The “right” amount of operating reserves varies according to organization size, sector and scope. However, establishing at least six months of operating reserves is a prudent target for the sector overall. More than half (51 percent) of organizations in Nonprofit Standards fall short of that goal.
Nonprofits should consider adopting a “reserve policy” (if they don’t already have one) based on a comprehensive risk analysis. This policy should provide guidance on how (and how much) money they should put into their reserves, under what circumstances the reserves should be used, as well any other restrictions or limitations that ought to be considered. Having a few months’ worth of operating funds can at least help nonprofits continue their programs if they’re facing revenue interruptions.
Stay Abreast of Regulatory, Tax & Financial Accounting Changes
Not only are legislative financial changes required, they also affect how nonprofits document their donations and financial statements to their stakeholders—including their board, donors, constituents and the general public. This, consequently, affects how the latter will assess an organization’s financial health.
When undergoing the compliance process, nonprofit leaders should be prepared to address any questions about how these changes affected their financial statements. Maximizing good requires organizations to not only mitigate compliance risk, but also to be able to clearly explain all facets of their financial situation.
STEP 3: INSPIRE & MAINTAIN TRUST
Donor and stakeholder needs and expectations are ever-evolving. Clear, frequent and open communication, on their terms, is essential to getting the support you need to accomplish your mission.
This is especially true now that the profile of the average donor is changing. Millennials currently make up the largest portion of the overall population and have begun to take on a key role in philanthropy worldwide. These donors differ significantly from their predecessors: They not only place a huge emphasis on trust, but also expect faster reporting times, thanks to social media and other technologies.
With such close scrutiny upon them, nonprofits need to get better at not only measuring impact, but reporting it. According to Nonprofit Standards, many are under increased pressure to demonstrate results and provide further transparency: 61 percent say that some portion of their funders have required more information than was previously required.
Nonprofits will need to go beyond traditional reporting tactics to meet donors on their turf and on their real-time timeline.
When impact reporting is effective, it really pays off—not only in donations, but in a currency much more valuable long term: loyalty and trust.
Adapted from article in the Nonprofit Standard blog.
For more information, contact Laurie De Armond, Partner, at firstname.lastname@example.org or Adam Cole, Partner at email@example.com.
For more information from Blackman & Sloop, please contact Deetra B. Watson.
By Marc Berger, CPA, JD, LLM and Katherine Gauntt
It’s been more than a year since the Supreme Court announced the landmark decision in the South Dakota v. Wayfair case, opening the door for states to require organizations to collect and remit sales tax even if the organization has no in-state physical presence. The impact of the decision has proven to be far-reaching.
Since that time, organizations selling goods and services across state lines, including nonprofits, have had to navigate the fallout. While we covered this decision in depth earlier this year, it’s important as we mark the one-year anniversary of Wayfair, to take a look at what’s changed and what challenges may still be on the horizon for nonprofits.
The Wayfair Domino Effect
Prior to the Wayfair decision, most nonprofits selling goods and services didn’t have a physical presence in states beyond their home states and, thus, did not collect sales tax.
But the Wayfair decision had a domino effect: States began adding or revising statutory language to accommodate an economic nexus standard for remote sellers. Several states already had laws on the books that automatically went into effect following the decision. As of this article’s publication, all but three states (Florida, Kansas and Missouri) have enacted economic nexus rules. Organizations selling things like promotional items, event tickets or other goods or services are likely affected in some way.
Each state has differing economic thresholds that require organizations to collect sales taxes, and the deadlines for compliance vary state-by-state as well. Even if no tax is collected, the requirement to file a return remains. This patchwork of regulations and deadlines may leave many nonprofits struggling to understand where their obligations lie, and how quickly they need to address them.
Complicating matters, the state thresholds vary in terms of dollar amount and number of transactions required to trigger economic nexus and the deadlines to comply also vary. For nonprofits, knowing where and when they’re required to administer sales tax is often half the battle.
For up-to-date information on state thresholds and effective dates, check out our interactive Wayfair map.
Automation Offers a Potential Solution
One possible option for monitoring the thousands of shifting tax rates that may apply in a post-Wayfair world is the use of automated software that monitors these changes in real time. Automated software solutions offer several benefits, including:
- Tracking tens of thousands of tax rates in real time
- Access to taxability information to determine how products and services are taxed in various jurisdictions
- A history of transaction data that can be used to compile tax returns and provide a single source of information in the event of a sales tax audit
- Assistance with managing exemption certificates for tax-exempt sales
For nonprofits, which typically have fewer resources than for-profit companies, a full-service automated solution might seem out of reach. However, there are many simple products that offer basic services—such as tax rate tracking—at a lower cost. Ultimately, while there are costs associated with these services, they may be eclipsed by the administrative and resource burden that comes with keeping pace with constant change without them.
For more information about how automation can assist with Wayfair compliance, read our recent Insight.
Marketplace Facilitator Laws, The Next Frontier
While Wayfair had obvious effects on the e-commerce sector, its impact also extends to the middlemen of retail sales transactions. New sales tax laws are now requiring marketplace facilitators—third-party entities that facilitate sales, such as Amazon—to collect and remit sales and use taxes on behalf of retailers. These laws help to substantially reduce the number of remote sellers that state tax authorities may seek to audit. We expect nearly all states will enact marketplace facilitator tax laws soon.
By nature, marketplace facilitators don’t have intimate knowledge of the goods or services being sold as the retailers themselves do. This lack of familiarity could result in a fair amount of under-collected sales tax if these sales are not properly accounted for or mapped to the correct taxability classification. This under-collecting is compounded by the fact that there is a lack of regulatory clarity around who should ultimately be responsible for the correct amount of sales taxes collected and reported to the taxing agencies, whether it’s the retailer or the company facilitating the sale.
While nonprofits might not seem like marketplace facilitators, there is still a lot of confusion about what constitutes a dealer or seller under these laws. It is possible that nonprofits that maintain online marketplaces or facilitate online auctions could be considered facilitators. With so much up in the air regarding these laws, it’s critical that organizations keep a close eye on the latest developments in any state where they do business.
Don’t Forget Purchasing Exemptions
While much of the commentary around Wayfair has focused on selling, it highlights the importance of purchasing considerations, as well. As sellers begin to increasingly collect sales tax on purchases, nonprofits should be sure to understand and maximize any exemptions they qualify for due to their nonprofit status.
While the details vary, many states exempt nonprofits from paying sales tax on purchases if they are made exclusively for charitable purposes. According to the National Council of Nonprofits, more than half of U.S. states give broad sales tax exemptions for purchases by nonprofits, and an additional 15 states allow limited exemptions by certain types of nonprofits or specific organizations.
For nonprofits to take advantage of these exemptions, they need to keep track of where they exist, and work with their vendors to ensure they either do not pay sales tax on purchases or receive sales tax credits on applicable purchases. Ideally, every time an organization begins to work with a new vendor, they should determine if the purchase is exempt from sales tax and provide the vendor with applicable exemption certificates. It’s also important to note that some types of nonprofit organizations, like associations, generally don’t qualify for these exemptions.
When Wayfair was first decided, many nonprofits assumed they wouldn’t be affected, but in the year since have had to come to the realization they may be responsible for collecting and remitting sales taxes in states where they have economic nexus. While this has created concerns about the administrative burden nonprofits might face to stay Wayfair-compliant, it’s important to remember that sales tax is ultimately a cost to the buyer, not the nonprofit seller. That is, of course, provided the nonprofit is compliant. If they fail to collect and remit the sales tax, there could be an actual liability in the form of an audit assessment to the organization.
As the impact of Wayfair continues to unfold, it’s crucial that nonprofits stay up to date on the latest developments and take proactive steps to get—and stay—compliant.
Adapted from article in the Nonprofit Standard blog.
For more information, contact Marc Berger, National Director, Nonprofit Tax Services, at firstname.lastname@example.org or Katherine Gauntt, Senior Manager, Specialized Tax Services – SALT Southeast Region, at email@example.com.
For more information from Blackman & Sloop, please contact Deetra B. Watson.
By Tammy Ricciardella, CPA
On Aug. 15, 2019, the Financial Accounting Standards Board (FASB) issued an exposure draft that would grant private companies and nonprofit organizations additional time to implement FASB standards. Comments on the exposure draft are due by Sept. 16, 2019.
The exposure draft describes a new FASB philosophy that extends and simplifies how effective dates for major standards would be staggered using a two-bucket approach. Bucket one would be only Securities and Exchange Commission (SEC) filers. Bucket two would encompass all other entities, including all nonprofit organizations, as well as nonprofit entities that have issued, or are conduit bond obligors for, securities that are traded, listed or quoted on an exchange or an over-the-counter market.
Under the proposed philosophy, a major standard would be effective for larger public companies first. For all other entities, FASB would establish an effective date that would be staggered at least two years later. Early adoption would still be permitted for all entities.
FASB is proposing that the two-bucket approach be applied to the effective dates of the following Accounting Standards Updates (ASU) if they have not yet been adopted by entities:
- ASU 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments (Credit Losses)
- ASU 2016-02, Leases (Topic 842) (Leases)
Under the proposal, the effective dates of the aforementioned standards would be as follows for entities with calendar year ends:
- Fiscal years beginning after Dec. 15, 2022 for all nonprofit entities.
- Fiscal years beginning after Dec. 15, 2018 for nonprofit entities that have issued, or are conduit bond obligors for, securities that are traded, listed or quoted on an exchange or an over-the-counter market. These nonprofits are still in bucket one because the Leases standard as currently written is effective for these types of entities.
- For all other nonprofit entities, Leases will be effective for fiscal years beginning after Dec. 15, 2020.
The effective dates for entities with fiscal year ends would be the first year that begins after the dates noted above.
The FASB believes that the proposed change in establishing effective dates for standards will permit smaller stakeholders to have additional time to implement major standards.
For more information, contact Tammy Ricciardella, Director, at firstname.lastname@example.org.
For more information from Blackman & Sloop, please contact Deetra B. Watson.
By Laurie De Armond, CPA
What is the audit committee self-assessment?
This is a tool designed to assist the audit committee in evaluating how well the audit committee is executing their responsibilities. Please refer to BDO’s Effective Audit Committees for Nonprofit Organizations audit committee self-assessment section to ensure that governance responsibilities are adequately aligned with the charter and are being fulfilled appropriately.
Why should audit committees perform a self‑assessment?
As there is always room for improving quality and performance, we recommend that this document be used in conjunction with your organization’s Audit Committee Charter (or similar document) to ensure that governance responsibilities are adequately aligned with the charter and are being fulfilled appropriately. You may choose to customize this self-assessment further to reflect specific attributes of your organization and develop specific action steps and estimated completion dates to enhance your audit committee’s performance.
Who should use this self-assessment?
This Audit Committee Self-Assessment may be used by those charged with governance (in particular, audit committees) in performing an annual self-assessment. The audit committee chair would generally compile the results, which may be obtained from individual committee members on a confidential basis, but should also contemplate feedback from other key stakeholders such as the board, internal and external audit, and management.
When should the audit committee use this self‑assessment?
The audit committee should perform a self-assessment at least annually with areas identified for improvement to be assessed throughout the year.
How should the audit committee use this self-assessment?
This self-assessment tool is to be used as a guide and in correlation with the responsibilities laid out within the audit committee charter approved by the full board. Thus, organizations may feel the need to tailor the self-assessment to their specific needs. At the discretion of the audit committee chair and members, an additional free-form commentary box could be included to allow for specific recommendations or observations to be captured for further consideration.
Areas of assessment
- Composition and Character
- Continuing Education
- Setting Tone at the Top
- Oversight of Internal Control Over Financial Reporting
- Evaluation of and Communication with Management
- Evaluation of and Communication with Internal Audit, if applicable
- Evaluation of and Communication with External Auditors
- Financial Statements and Other Information
- Ethics and Code of Conduct
- Authority and Funding
- Overall Assessment
Please see the full Effective Audit Committees for Nonprofit Organizations guide here.
For more information from Blackman & Sloop, please contact Deetra B. Watson.
By Tammy Ricciardella, CPA
As calendar-year-end nonprofits have worked through the implementation of Accounting Standards Update (ASU) 2016-14, Not-for-Profit Entities (Topic 958): Presentation of Financial Statements of Not-for-Profit Entities, we have seen quite a bit of diversity in the preparation of the liquidity and availability disclosure required by the ASU.
To improve the ability of financial statement users to assess a nonprofit entity’s available financial resources and the methods by which it manages liquidity and liquidity risk, the ASU requires specific disclosures including:
- Qualitative information that communicates how a nonprofit entity manages its liquid available resources to meet cash needs for general expenditures within one year of the statement of financial position (balance sheet) date
- Quantitative information that communicates the availability of a nonprofit’s financial assets to meet cash needs for general expenditures within one year of the statement of financial position date. Items that should be taken into consideration in this analysis are whether the availability of a financial asset is affected by its (1) nature, (2) external limits imposed by grantors, donors, laws and contracts with others, and (3) internal limits imposed by governing board decisions
The following information can be displayed either on the face of the statement of financial position, or in the notes to the financial statements, unless otherwise required to be on the face of the statement of financial position:
- Relevant information about the nature and amount of limitations on the use of cash and cash equivalents (such as cash held on deposit as a compensating balance)
- Contractual limitations on the use of particular assets. These include, for example, restricted cash or other assets set aside under debt agreements, assets set aside under collateral arrangements or assets set aside to satisfy reserve requirements that states may impose under charitable gift annuity arrangements
- Quantitative information and additional qualitative information in the notes, as necessary, about the availability of a nonprofit’s financial assets at the statement of financial position date
An entity can provide additional information about liquidity in any of the following ways:
- Sequencing assets according to their nearness of conversion to cash and sequencing liabilities according to the nearness of their maturity and resulting use of cash
- Classifying assets and liabilities as current and noncurrent
- Disclosing in the notes to financial statements any additional relevant information about the liquidity or maturity of assets or liabilities, including restrictions on the use of particular assets
Liquidity is defined in the Accounting Standards Codification (ASC) Master Glossary as “an asset’s or liability’s nearness to cash. Donor-imposed restrictions may influence the liquidity or cash flow patterns of certain assets. For example, a donor stipulation that donated cash be used to acquire land and buildings limits an entity’s ability to take effective actions to respond to unexpected opportunities or needs, such as emergency disaster relief. On the other hand, some donor-imposed restrictions have little or no influence on cash flow patterns or an entity’s financial flexibility. For example, a gift of cash with a donor stipulation that it be used for emergency-relief efforts has a negligible impact on an entity if emergency relief is one of its major programs.”
Based on this definition, an entity will have to carefully look at its assets and consider any donor-imposed restrictions that may exist when determining the presentation of liquidity.
A simple measure of liquidity per the ASU is the availability of resources to meet cash needs for general expenditures within one year of the date of the statement of financial position. The ASU does not define general expenditures but does provide some suggestions regarding limitations that would preclude financial assets from being available for general expenditures. Some of these items noted in the ASU include:
- Donor restrictions on the use of assets for particular programs or activities
- Donor restrictions on the time period in which assets are used
- Board designations that commit certain assets to a particular purpose
- Loan covenants that require certain reserves or collateralized assets to be kept on hand
- Compensating deposit balances required by financial institutions
To provide the liquidity and availability disclosure, entities should likely consider combining both a narrative description of their method for managing revenue with donor restrictions and a table that lists the dollar amounts expected to be released from various sources. Entities should develop a liquidity management program that allows them to determine what portions of donor restricted funds will be released from restriction and available for both direct program costs as well as shared expenses that support those programs.
In addition, entities should have a program in place to assess what resources are available. These should only include the portion of funding commitments that are expected to be received in the next year. To assist in this determination, as well as the overall liquidity management, entities should consider utilizing a rolling cash flow projection that covers at least a 12-month period.
Entities should also provide, in the qualitative component of the disclosure, information about other methods they use to manage liquidity and maintain financial flexibility. Examples of these could include:
- The use of lines of credit
- Established operating reserve policies
- Cash management process
It is important to develop this disclosure to present an accurate picture of the liquidity and availability of resources utilizing both financial information and supporting narrative to fully explain the financial health of the organization.
For more information from Blackman & Sloop, please contact Deetra B. Watson.
By Laurie De Armond, CPA, and Adam Cole, CPA
The world needs nonprofits to continue striving for meaningful impact on a wide range of social, economic and human rights issues, and it needs them to remain financially healthy. To do so, organizations need to balance a nonprofit heart with a business mindset.
Your mission is the heartbeat of your nonprofit. Just as the human heart sustains a body, your mission is the driving force of your organization’s work. But the heart can’t do it on its own. One clogged artery puts stress on another element of the system—and while it may go undetected for some time, eventually that stress starts to show. A healthy heart and a strong organization rely on fully functioning support systems.
Like the four chambers of the heart, following are four critical elements for sustainability that can take your mission from idea to impact:
1. People: From the Governing Board to the C-suite team to employees and volunteers, supporting the people behind the nonprofit is vital. While the typical nonprofit professional is highly motivated and engaged, it’s critical for the organization’s leadership team to ensure the skills of its people align with the present and future needs of the organization. If you don’t have the right people or maintain proper engagement and focus on the organization’s mission—or don’t treat your people well—it could ultimately harm your ability to fulfill your mission.
- Retention: Nonprofits who take a business mindset to their recruitment and retention policies will work with their best assets—highly impactful and rewarding work—to promote internally and externally the holistic value of a nonprofit career.
- Succession Planning: Successful organizations have strong leaders at the helm, but they also plan ahead for the inevitable day when a change in leadership must occur. Unfortunately, leadership succession planning can be neglected in the nonprofit world, where devoted leaders often stay for long tenures and can be hesitant to pass the reins to a new leader.
- CFO/Financial Leaders: While the CEO and executive director are critical leaders who set the tone and mission of the organization, nonprofits cannot overlook the importance of their financial leadership.
2. Operational & Financial Management: Nonprofits must look at their operations with a more critical business mindset to find the appropriate balance between programmatic spending and the investments (both capital and programmatic) required for continued growth and stability. Prioritizing programmatic spending is a given, but nonprofits that place equal focus on long-term scalability and sustainability will maximize their impact.
- Tackling the Overhead Myth: Charity rating sites have put additional pressure on organizations to minimize their overhead spending. The unfortunate consequence is that many donors now assume, incorrectly, that low overhead costs are a good measure of a nonprofit’s performance—what is commonly referred to as the “overhead myth.” Low overhead may serve as a nice, short-term talking point for donors, but it’s an unsustainable strategy.
- Avoid the Starvation Cycle: In reality, high ratios of programmatic spending could mean the organization is underfunding critical areas necessary for long-term growth—a phenomenon known as the “starvation cycle,” which creates an unhealthy environment for the organization. Failing to invest in infrastructure, such as new technology, security, employee training and fundraising capabilities, can be detrimental to organizational growth.
3. Transparency & Communication: Prospective donors are increasingly thinking like discerning shoppers—researching organizations as they would a major purchase. They are seeking convenience, and fewer clicks to donate. Meeting these demands requires new skill sets, enhanced training and education, and creates opportunities for automation to improve and streamline processes.
- Digitizing Donor Relations: It’s not enough to create an annual report and share it online, or to send regular email and mail communications on impact and outcomes. Donors expect near real-time reporting, with frequent updates. A large number of nonprofits already use social media to communicate with external stakeholders and that is only likely to increase.
- Communicating Clearly & Often: It’s no secret that budgets have been constrained by economic and donor and funding shifts. To mitigate surprises down the line, start the budgeting process early and make projections to give a realistic picture of how the organization’s financial situation could shake out. By planning ahead and communicating early and often, stakeholders will be better prepared to advise and respond.
4. Governance & Compliance: Lack of compliance with a regulation or insufficient board oversight on a key risk like cybersecurity can erase great mission-driven outcomes, sever trust with stakeholders and put the entire organization in jeopardy. The professionals in and outside of a nonprofit organization who proactively plan for risk, digest and implement new regulations, and prepare for compliance changes are unsung heroes who do behind-the-scenes, labor-intensive work to ensure the broader organization can focus on its mission without the worry of hitting costly roadblocks.
- Staying Cyber Secure: Nonprofits can’t maximize their impact if they are constantly responding to data privacy breaches or cyberattacks. A hack can take down a great organization by erasing trust and diverting resources from the mission. Nonprofits should think of these efforts as their secret weapon, not a financial anchor weighing them down. Even with limited resources, nonprofits must take a proactive approach to regulatory compliance and risk mitigation because the alternative could mean betraying donor and public trust and resulting in financial ruin.
- Managing Your Data Plan: Consider a holistic data privacy strategy as part of your data governance program. A Privacy Operational Life Cycle that helps keep employees apprised of new privacy requirements, embraces recordkeeping and sound data protection practices, and offers enhanced data privacy for stakeholders is crucial with the General Data Protection Regulation in effect and other state and national laws in motion.
- Tax-Exempt, not Tax-Blind: Nonprofits also know that tax-exempt doesn’t mean they can ignore taxes. Tax reform provided another significant shift in rules for nonprofits to address. Major changes to unrelated business income, executive compensation, endowment taxes for higher education institutions and changes to charitable giving deductions, among other items, impacted nonprofits and created significant compliance work for internal and external teams. Assessing guidance and understanding total tax liability is critical to strategic tax planning and maintaining operations. With changes to the tax code still a possibility in the future (including the release of additional guidance), this may be a moving target of sorts for nonprofit leaders, but it’s one that can’t be ignored.
When each of these elements, like the four chambers of the heart, are considered and given priority in setting and executing strategy, nonprofits are poised for greater success and long-term impact.
For more on how to balance a nonprofit heart with a business mindset for optimal, sustainable outcomes, read the first insight in our Nonprofit Heart, Business Mindset series: The Business of Impact.
By Amy Guerra, CPA
Historically there has been diversity in practice among nonprofits with regard to presentation of restricted cash and cash equivalents in the statement of cash flows.
To address this diversity, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) No. 2016‑18, Statement of Cash Flows (Topic 230): Restricted Cash. As a result of this ASU, a nonprofit will be required to present the total change in cash, cash equivalents, restricted cash and restricted cash equivalents for the period covered by the statement of cash flows. Thus, cash flows that directly affect restricted cash will be presented in the body of the statement of cash flows regardless of how they are classified in the statement of financial position and the timing of the establishment and release of the restrictions.
The ASU does not define restricted cash and restricted cash equivalents, so how a nonprofit defines these will not be impacted. What will be impacted is how these amounts are presented in the statement of cash flows. Oftentimes, a nonprofit will have these items presented in separate lines throughout its statement of financial position and may not even have them labeled as restricted cash or restricted cash equivalents.
Under the ASU, a nonprofit will show the net cash provided by or used in the operating, investing and financing activities of the nonprofit and the total increase or decrease as a result of these activities on the total of cash, cash equivalents and amounts considered restricted cash and restricted cash equivalents.
Internal transfers between cash and cash equivalents and amounts considered restricted cash and restricted cash equivalents are not deemed to be operating, investing or financing activities and thus the details of any transfers would not be presented in the statement of cash flows.
If a nonprofit identifies cash, cash equivalents, restricted cash and restricted cash equivalents in separate lines in the statement of financial position, these amounts should reconcile to the statement of cash flows. The nonprofit needs to present a reconciliation of the various cash and cash equivalents line items presented in the statement of financial position that shows the total that is presented in the statement of cash flows for each year presented. This reconciliation can be presented either on the face of the statement of cash flows or in the notes to the financial statements. The disclosure may be either in narrative or tabular format. The requirement to provide this reconciliation will allow users of the financial statements to identify where the restricted cash and restricted cash equivalents are included in the statement of financial position and how much is included in these line items.
In addition, a nonprofit must disclose information about the nature of the restrictions on its cash and cash equivalents.
For those nonprofits considered public business entities because they have issued or are a conduit bond obligor for securities that are traded, listed or quoted on an exchange or an over-the-counter market, the ASU is effective for fiscal years beginning after Dec. 15, 2017, and interim periods within those fiscal years. For all other entities, the ASU is effective for financial statements issued for fiscal years beginning after Dec. 15, 2018, and interim periods within fiscal years beginning after Dec. 15, 2019. The adoption of the ASU should be done on a retrospective basis. A nonprofit may opt to adopt the provisions of the ASU early.
For more information from Blackman & Sloop, please contact Deetra Watson.
Amy Guerra is an Assurance Senior Manager in BDO’s Rosemont office and is the Central Region Audit Quality Director for the Nonprofit practice. With more than 15 years in public accounting, she has extensive nonprofit experience in performing financial statement audits of human service organizations, trade associations, private and operating foundations, and other 501(c)(3) entities. She has extensive experience with Single Audits. Amy is experienced in addressing issues unique to nonprofits, ranging from tax-exempt status to endowments, pledge campaigns, and reserve levels. She understands the reporting and compliance requirements of Form 990 and its related complexities having prepared the Form 990 for several years. She has assisted clients with resolving issues related to board governance and fiduciary responsibility as well as the reconciliation of Form 990 to the audited financial statements. Amy approaches each engagement collaboratively with the client’s accounting department and BDO’s assurance and tax teams. Her responsibilities at BDO include planning, supervising and coordinating audit engagements as well as presenting audit reports and management letters to boards of directors and Finance and Audit Committees. Amy is a CPA in Illinois and a member of the AICPA. She is also a member of Association Forum of Chicagoland. Amy has a B.S. in Accounting from the University of Illinois at Urbana-Champaign.
By Laurie De Armond, CPA and Adam Cole, CPA
The nonprofit industry is anything but static. Many outside factors impact their daily operations. Following is a list of what we see as the top 10 trends that are currently impacting nonprofit organizations.
Protecting Nonprofit Nonpartisanship
The current political environment has created a lot of uncertainty. This impacts everything from legislation, such as tax reform, federal funding and government shutdown that in turn impact nonprofits. This is a struggle that nonprofits are trying to navigate. Nonprofits are focused on providing their services and focusing on their missions and are hopeful that the current political environment does not impact their missions.
Budget Cuts – Federal, State and Local Governments
Over the course of several years many nonprofit organizations have been faced with budget cuts that impact their programs at all levels of government. These budget cuts have put many organizations in financial hardship, particularly in the social services subsegment. The uncertainty of future budget cuts makes it difficult to prepare budgets and cash flow projections for the future. Many organizations are faced with more demand for their services and increased cash requirements for infrastructure while facing uncertainty in their funding sources from government entities. As a result, many are looking to expand their revenue streams to rely less on government funding.
Mergers, Partnerships and Joint Ventures
Many organizations are looking at the potential for a merger, or establishing a partnership or joint venture to accomplish their missions. Many organizations have historically tried to conduct all of the programs on their own. This has caused them to expand their operations into areas that are not their core strengths. Demographic and technology shifts have made it more expensive and more difficult to be successful. As a result many are looking to form partnerships or joint ventures to continue this work successfully. Other organizations are finding that mergers with either another nonprofit or a for-profit may be the best way to continue to serve their constituents.
Technology – Augmented Reality, Automation, Crowdfunding
There is a large push to increase technology used by organizations. The use of these technologies can save the organization money and resources in the long run but do require investment up front. Organizations are trying to implement these technologies but are faced with balancing this with potential decreases in funding.
This is a continued focus for all organizations – both large and small. The increasing complexity in the world of cybersecurity and the increased sophistication of cybersecurity breaches challenges many entities. The need to protect data, especially for health and human services organizations who maintain large amounts of personal data is critical.
It’s All About Engagement
How nonprofits engage their constituents and donors is more important than ever. Changes in technology and the way in which individuals absorb information are requiring nonprofits to be creative in the way that they use social media. Many organizations struggle to develop a constant stream of content to engage constituents and donors. With the proliferation of crowdfunding, engaging constituents on a regular basis and creating a sense of community are critical.
Changes in Charitable Giving Paradigm
With so many worthy nonprofits and the proliferation of crowdfunding platforms there are a lot of demands for donor dollars. As the charitable giving paradigm continues to evolve, nonprofits must monitor how their core donor base is changing and how they might be affected by these shifts. The good news for now is that the change in the tax law did not seem to have a large impact in 2018 as some had predicted, but some believe the major impact may occur in the coming year once people see the impact of the tax law changes on their tax situation and the charitable contributions they made.
Employee Engagement – As Retention Tool
Nonprofits find that employees are very interested in making an impact in the world. They have joined the organization to specifically make an impact. Employees who don’t see this coming to fruition are likely to leave. Organizations who regularly link employee performance to mission impact may well be more successful at employee retention.
Board Members as Advocates/Developers
An age long debate – should your board members be fundraisers? The Board should be comprised of various members who bring different skill sets to the Board. If board members are only selected because they can provide funds or act as fundraisers this can cause issues. However, it is important for many organizations that Board members be contributors and assist with fundraising efforts.
Not-for-profit Sustainability in the Social Services Space
Demand for services provided by social service organizations continues to increase. In addition, the evolution and sophistication of services is greater such as the ability to see a health care provider electronically. These evolutions in how services are provided are demanding more resources, making organizations look closely at how they can fund these changes to keep pace with these changes.
By Donna Bernardi Paul, SPHR, SHRM-SCP
Are differences in work and communication style in the workplace among the different generations the cause of leadership/supervisory challenges or is it something else?
There have been a plethora of articles, seminars, webinars and discussions around millennials in the workplace and the challenges of managing and working with them due to their different work style.
When we talk about the importance of differences in the workplace, sometimes we forget about one of the most prominent dimensions—age. There are three main generations in our workforce currently, and we are on the brink of adding a fourth. Understanding how to relate to each is critical to successfully keeping them motivated and engaged in their work.
The Baby Boomers: Born between the end of World War II and the early 1960s. Also known as the “Me Generation.” They grew up with television. Mothers were typically home waiting for their children to come home from school, and children were allowed outside of their homes unsupervised. Their relationships with their parents, teachers and others in authority were somewhat contentious.
Boomers came into the workforce in droves. They were the first “workaholics.” Their frame of reference at work was to spend as much time as possible working, sacrificing time with families, so that good things would come to them. Motivating them at work is typically done via the “carrot and stick” approach.
Generation “X”: Born between the early 1960s and the early 1980s. Also known as the “Latchkey Kids” or the “Sandwich Generation” because they are sandwiched between the huge baby boomer and millennial groups. They grew up in an era when more mothers entered the workforce and children came home from school to an empty home. They fended for themselves. They were instructed not to answer the door to anyone they didn’t know. As a result, they became independent and skeptical. They entered the workforce with the frame of reference they needed to have multiple careers so that they didn’t put all their eggs in one basket. They didn’t want to experience the disappointments of prior generations. They tend to be entrepreneurial and individualistic. Managing them at work became more complicated due to their supercilious attitude and resentment towards the boomers and millennials.
Many feel that they do not have career paths because the boomers aren’t leaving and the millennials are leapfrogging over them.
Generation “Y” (millennials): Born between the early 1980s and the early 2000s. Also known as “Echo Boomers.” They represent the largest generation in the workforce and its members generally have high levels of self-esteem. They are highly educated and technologically savvy. Their preferred communication style is text messaging. Their relationships with their parents tend to be that of friends or peers because their parents typically have moved away from the authoritarian style in which they were raised. As a result, they have grown up in an era where their lives are programmed and organized from birth, which doesn’t prepare them to cope with disappointment or help them to make decisions on their own. For example, their nurseries were monitored via the baby monitor. Their parents organized their social activities via “play dates” vs. allowing them to go outside unsupervised. Moreover, parents of millennials have instilled within their children entitlement attitudes vis-à-vis “everyone is right” and “everyone gets a trophy.” Many parents become advocates for their children with schools, their friends and even their workplaces. As a result, this generation has expectations that may not be realistic. They’ve entered the workplace with the expectation that they can work whenever and however works best for them. Managers from prior generations tend to have trouble supervising this group, even though they were probably the same parents who raised them, because this generation’s virtual style of working is very different from what older generations are used to.
Generation “Z”: Born between early 2000s to the present. This generation is extremely technologically savvy. Many had iPads as toddlers. They are now in high school and college.
Perhaps the upshot to all of this is that it doesn’t matter to which generation a person belongs since all workers tend to want the same things:
- Good bosses
- Career paths
If you think back on all the jobs you’ve ever had and all the bosses you’ve ever had, which boss would you choose as your favorite and why? Now, give yourself a rating against your favorite boss in order to determine where you would like to develop your supervisory skills. After all, how do people become bosses? Do they go to school to learn how to be a great boss? Not usually. Typically, they do something well from a technical perspective and then they are promoted out of what they do well and placed into a job (managing others) that they may not be familiar with, and for which they get no training. With proper training of its managers and supervisors, organizations have a better chance to have skilled employees who care and are productive regardless of which generation they fall in because people join companies—they quit bosses.
By Marc R. Berger, CPA, JD, LLM
The IRS Tax Exempt and Government Entities (TE/GE) division released its Fiscal Year 2019 Program Letter on Oct. 3, 2018. The Program Letter outlines its projects and priorities for fiscal year 2019 for tax-exempt organizations, employee plans, Indian tribal governments, and tax-exempt bonds. This article focuses on those projects and priorities relating to tax‑exempt organizations.
The TE/GE division will continue to refine its compliance strategy approach, which is designed to ensure that its examination programs are focused on the highest priority compliance areas to promote efficient tax administration. In this regard, TE/GE collaborates with its IRS business partners and various other groups and agencies, including the Advisory Committee on Tax Exempt and Government Entities, the U.S. Department of Labor, the Municipal Securities Rulemaking Board, and the Securities and Exchange Commission. TE/GE will continue to use advance data and data analytics to drive decisions about identifying and addressing high-risk areas of noncompliance.
The Tax Cuts and Jobs Act (TCJA) will remain a priority in fiscal year 2019. TE/GE has completed numerous form revisions, as well as guidance and training, and it anticipates more developments in these areas going forward. It plans on initiating additional education efforts in FY 2019 along with TCJA-related compliance strategies.
For the first time this decade, TE/GE is onboarding a significant number of new hires, and is cross-training employees to allow flexibility in directing resources to shifting needs. The increase in employees signals a potential increase in examination and enforcement action.
The bulk of the Program Letter focuses on six areas of its compliance program in an effort to become more effective and efficient. These six areas are:
Compliance strategies are issues approved by TE/GE’s Compliance Governance Board (Board) to identify, prioritize and allocate resources within the TE/GE taxpayer base. Using a web-based portal, TE/GE employees submit suggestions for consideration by the Board. Once approved, these issues are considered priority work. Strategies approved to date include:
- Tax-exempt social clubs under Internal Revenue Code (IRC) Section 501(c)(7) – The focus will be on investment income, non-member income, and non-filers of Form 990-T, Exempt Organization Business Income Tax Return.
- Non-Exempt Charitable Trusts under IRC Section
4947(a)(1) – The focus will be on organizations under-reporting income and over-reporting charitable contributions.
- Tax-exempt organizations that were previously for-profit – The focus will be on organizations formerly operated as for-profit entities prior to their conversion to IRC Section 501(c)(3) organizations.
- Self-dealing by private foundations – The focus will be on organizations with loans to disqualified persons.
- Early retirement incentive plans – Determining whether federal, state or local governmental entities that provide cash (and other) options to employees as an incentive for early retirement have applied proper tax treatment to these benefits.
- Forms W-2/1099 matches – Comparing payments reported on Form 1099-Misc., Miscellaneous Income, with wages reported on Form W-2.
- Notice CP 2100 (backup withholding) – Determining whether mismatched and/or missing taxpayer identification numbers on Form 1099 indicate a failure to comply with backup withholding requirements.
- Worker classification – Determining whether misclassified workers result in incorrectly treating employees as independent contractors.
Data-driven approaches use data, models and queries to select work based on quantitative criteria, which allows TE/GE to allocate resources that focus on issues that have the greatest impact. TE/GE integrates data into its processes and procedures, using return data and historical information to identify the highest risk areas of noncompliance.
With respect to models, this includes continuing to improve compliance models based on Forms 990, 990-EZ, and 990-PF, as well as testing the newly developed model for Form 5227 (Split Interest Trust Information return). In addition, identifying returns containing the highest risk of employment tax noncompliance will be a priority.
Referrals, Claims and Other Casework
Referrals allege noncompliance by a TE/GE entity and are received from internal and external sources. The public can submit a specialized exempt organization referral on Form 13909 (Tax-Exempt Organization Complaint). With respect to referrals, TE/GE will continue to pursue referrals received from all sources alleging noncompliance.
Claims are requests for refunds or credits of overpayments of amounts already assessed and paid, and can include tax, penalties and interest. TE/GE will continue to address claims requests, including high-dollar complex employment tax claims filed by federal, state and local governments.
Other casework includes examining entities that filed and received exemption using Form 1023-EZ, focusing on (1) filers who are ineligible to file Form 1023-EZ, (2) filers who donate to (or pay expenses for) individuals, and (3) filers operating bingo and other gaming activities.
Compliance units are employed to address potential noncompliance, primarily using correspondence contacts known as “compliance checks” and “soft letters”.
A compliance check is correspondence with organizations to inquire about an item on a filed return; to determine if specific reporting requirements have been met; or to determine whether an organization’s activities are consistent with its stated tax-exempt purpose. A compliance check is not an examination.
A soft letter is correspondence with organizations that provides notification of changes in tax-exempt law or compliance issues. A response to these letters is generally not expected.
TE/GE will continue to inform taxpayers via compliance checks and soft letters, in particular in the area of adhering to recordkeeping and information reporting requirements, including:
- Combined Annual Wage Reporting – Focusing on tax-exempt employers that had discrepancies between Form W-2 and either Form 941 or Form 944.
- Financial Assistance Policy – Whether tax-exempt hospitals are complying with IRC Section 501(r)(4).
- Form 990-T Non-filers – Looking for IRC Section 501(c)(7) organizations that reported investment income on Form 990 but did not file Form 990-T.
- Supporting Organizations – Entities that state that they are supporting organizations but have filed Form 990-N, which is not allowed.
TE/GE expects a continued increase in determination applications and will concentrate on identifying new strategies for reducing a filing burden and case processing time. The exempt organizations group expects to hire 40 new revenue agents to process determination applications to help offset application increases and workforce attrition.
Voluntary Compliance and Other Technical Programs
This area is focused primarily in the employee plans group of TE/GE, and enables a plan sponsor, at any time before audit, to pay a fee and receive IRS approval for correction of plan failures.
Management of exempt organizations should evaluate the potential implications of the areas identified in the Program Letter on their organizations and consult with their tax advisors.
By Katherine Gauntt
Sales tax is imposed upon retail sales of tangible personal property and taxable services in 45 states and the District of Columbia. Each state determines the circumstances under which a sales tax is imposed on the purchaser.
Purchases by nonprofit organizations are exempt in most of the states, if the tangible personal property or taxable services are used or consumed exclusively for the purposes for which the organization was established. The states usually require each legal entity to register as a nonprofit entity with the state to receive state tax-exempt status. Upon state authorization, the entity can provide a state-approved exemption certificate to its vendors in order to purchase goods and services without paying sales tax.
While nonprofit organizations can make purchases free of sales tax, their sales of goods and taxable services are usually taxable. One could argue that these sales ultimately benefit the organizations’ nonprofit activities but most states do not extend the nonprofit exemption. Many organizations selling promotional goods on their websites are registered in their home state but rarely are registered in multiple states to collect sales tax. Usually they have no “physical presence” in states beyond their home state and did not have to collect the sales tax. However, everything changed on June 21, 2018 when the U.S. Supreme Court held in South Dakota v. Wayfair that states can require a retailer to collect and remit sales tax even if the retailer lacks an in-state physical presence.
History of the Wayfair Case
Effective May 1, 2016, South Dakota passed a law requiring remote sellers to remit sales tax on all taxable sales if the seller’s gross revenue from the sale of products or taxable services delivered into South Dakota exceeded $100,000 or 200 or more separate transactions. Wayfair, Inc., Overstock.com, Inc. and Newegg Inc. refused to comply on the basis that they had no physical presence in South Dakota and, therefore, were not obligated to collect the sales tax. South Dakota filed a declaratory judgment action in state court. The case was fast-tracked through the South Dakota lower courts. Ultimately, the South Dakota Supreme Court, compelled by the 1992 U.S. Supreme Court decision in Quill, found in favor of the Wayfair, Inc. et al. The U.S. Supreme Court in Quill affirmed that “substantial nexus” under the U.S. Constitution’s Commerce Clause required a business to have a physical presence within a state before the state could impose tax or a tax collection obligation.
Nonetheless, the ultimate goal was a U.S. Supreme Court challenge to overturn Quill. On Jan. 12, 2018, the U.S. Supreme Court granted South Dakota’s petition for a Writ of Certiorari with respect to the Wayfair case. Oral argument was heard on April 17, 2018. And on June 21, 2018 the U.S. Supreme Court overruled Quill and the physical presence standard. The Court then ruled that South Dakota’s sales tax economic nexus statute was constitutional and “substantial nexus” under the Commerce Clause. In anticipation of the ruling, many states already had laws on the books which were designed to go into effect if the ruling was favorable. As of Oct. 15, 2018, 35 states have passed some form of economic nexus standard for sales tax purposes.
Wayfair Impact and Action Items for Nonprofits
All industries are likely to see an impact from the Wayfair decision, but industries selling goods and taxable services remotely over the internet at retail have the greatest exposure. Nonprofits carry the same burdens as for-profit e-commerce sellers for taxable goods and services, if their sales reach the economic thresholds established by the states. (For the latest information on thresholds by state go to: https://www.bdo.com/wayfair.) When it comes to Wayfair, it’s also important to keep in mind that all states aren’t equal. The following are areas that nonprofit organizations should review to mitigate their risk of overpaying or under-collecting the sales tax.
Most states require nonprofits to register with the state departments of revenue if they are eligible for a sales tax exemption on purchases. In addition, once the economic thresholds are reached, the nonprofit must register as a vendor with the state since its sales will likely be treated the same as for-profit vendors. Again, each state is different regarding its nonprofit tax registration requirements.
As a result of Wayfair, more sellers will be required to collect sales tax. Many of these sellers either “assume” everything they sell to nonprofits is exempt from tax or default all sales to taxable without consideration for nonprofit status. Either way, nonprofits must be proactive in informing their vendors when to charge them sales tax or they could end up overpaying sales tax on purchases or underpaying and creating a use tax assessment if they are audited. Each vendor’s sales should be reviewed to ensure that, if no sales tax is charged, the sale qualifies for the nonprofit exemption (i.e., the purchase benefits the organization’s nonprofit activities). It is important to establish an exemption certificate policy to ensure that only those vendors selling qualified goods and services are given an exemption certificate. Providing an exemption certificate to a vendor shifts the liability for the tax to the nonprofit even if it is provided in error. Areas where sales to nonprofits are generally taxable include sales of food, lodging, certain types of software and supplies such as uniforms, furniture and fixtures or any other type of sale unrelated to the purpose for which nonprofit status was granted by the state.
Nonprofits should examine their sales volumes in each state and compare it to the economic nexus thresholds established by each state. In general, measurement should be done at a legal entity level if there is more than one legal entity doing business in the state (although some states may combine sales of affiliated legal entities.) For tangible products, the state where sales occur is determined by the delivery address. However certain nonprofits, especially in healthcare, sell tangible goods, digital products (e.g., e-books) and services. In addition, some are part of an organization of affiliated companies consisting of nonprofit and for-profit entities. Nonprofits should consider the following when developing an action plan for determining nexus and potentially charging sales tax:
- Where are the tangible goods, digital products and services sold?
- Do the sales reach the threshold for economic nexus?
- If yes, what are the necessary actions needed for complying?
- Registration – Nonprofits should register as a vendor in each tax jurisdiction.
- Taxability of Products Sold – A determination of the tax status of each product sold should be made.
- Exemption Certificate Procedures – If products are sold to other nonprofits, a process to collect exemption certificates should be established.
- Billing Sales Tax – A process must be established to charge the correct sales tax on an invoice. To do so, the nonprofit must utilize the most current sales tax rates to charge its customers.
- Reporting – Depending on volumes, sales tax reporting can be in-house or outsourced through third parties. Most states have portals where tax returns can be filed by keying in the data manually if the nonprofit has established economic nexus in only a few states.
- In addition, nonprofits should consider their internal operational capabilities:
- Accounting – Do you have Sales Tax Liability Accounts set up that can undergo reconciliation and audits?
- Technology – Do you have the functionality in your billing system to charge the correct tax on taxable sales?
- Resources – Do you have enough resources in-house to administer exemption certificates and tax reporting?
- Document Retention – Most states require retention of all invoices, work papers, tax returns and other supporting documentation to support the taxes reported.
Wayfair has impacted every organization in the country in one form or another. Not all nonprofits sell goods and services, but they may see an uptick in the costs of the things they buy as a result. Those that do sell, must perform their own due diligence and incur the costs of compliance just like any other company dealing with the complexities of 46 different state tax jurisdictions with 46 different sets of rules. The rules are still evolving but one thing is certain: Unless Congress acts to change the economic nexus standards established by the Wayfair case, every entity, including nonprofit entities, that buys or sells will incur extra costs in its attempt to comply with current law.
 South Dakota v. Wayfair, Inc. 585 U.S.__(2018)
 Quill Corp. v. North Dakota, 504 U.S. 298 (1992)
 In addition to Quill, National Bellas Hess v. Department of Revenue, 386 U.S. 753, 87 S.Ct. 1389 (1967), was also overruled.
By Laurie De Armond, CPA, and Adam Cole, CPA
Nonprofit organizations are uniquely shaped by their mission, history, size, program goals and community.
But leaders of these organizations—whether a CFO at a global health services charity, a CIO of an education endowment or the executive director at a museum—share a common goal of advancing their organization’s mission. To drive forward progress, it’s essential that leaders understand where their organization sits in relation to its peers on objective measures of performance.
The BDO Institute for Nonprofit Excellence’s 2018 benchmarking survey, Nonprofit Standards, surveyed leaders at midrange organizations (those with less than $25 million in annual revenue), upper-midrange organizations ($25-$75 million in annual revenue), and large nonprofits (above $75 million in revenue) to reveal insights nonprofits can leverage to strengthen their organization. Across the spectrum, the report finds that upper-midrange organizations face more significant challenges than their smaller and larger peers.
Funding Challenges Amid Rising Costs
While 56 percent of upper-midrange nonprofits saw their revenues grow over the past year, this was dwarfed by the 69 percent of large nonprofits and 70 percent of midrange nonprofits that also saw some revenue growth. At the same time, nearly half (49 percent) say declining revenue and funding is at least a moderate challenge, compared to 45 percent of midrange and large organizations. Perhaps as a result of this challenge, 49 percent of organizations at this scale maintain six months or less of operating reserves, and one third cite maintaining adequate liquidity as a moderate or significant challenge—indicating a potential gap in the fiscal safety net for these organizations.
Some of the funding challenges upper-midrange nonprofits face may be attributable to the types of funding sources these organizations rely upon, including individual contributions (15 percent), government grants (12.6 percent), fundraising/special events (11.4 percent), and corporate contributions (7.8 percent)—all of which can be either cyclical in nature or impacted by regulatory changes, such as tax reform.
Nevertheless, amid these challenges in securing funding, upper-midrange nonprofits face the same challenges as all other organization sizes in addressing rising overhead costs: 58 percent of upper-midrange nonprofits and nonprofits overall say rising costs is at least a moderate challenge.
Program Growth Emphasizes Importance of Communicating Impact
Despite challenges in securing funding, upper-midrange nonprofits are working to expand their program offerings and deliver on their core mission. Organizations in the upper-midrange devote 80 percent of their total expenditures to program-related activities—compared to 78 percent for large nonprofits and 68 percent for midrange nonprofits. Forty-two percent of upper-midrange nonprofits also say the inability to meet demand for their services is a high or moderate challenge, and 58 percent are responding by planning to introduce new programs in the next year without eliminating others.
This program expansion makes demonstrating impact to stakeholders more important than ever. When it comes to making an impact, nearly all nonprofits surveyed (93 percent) communicate their impact outside of the organization; meanwhile, 72 percent of upper-midrange nonprofits say some portion of their donors have demanded more information about outcomes and impact than before.
But as nonprofit leaders know all too well, reporting impact to donors and other stakeholders is no easy task. Organizations in the upper-midrange are more likely than midrange or large nonprofits to say they face moderate or significant challenges in reporting impact, including having no consistent framework for measuring and reporting (66 percent vs. 56 and 53 percent, respectively), lacking clear program objectives and/or key performance indicators (55 percent vs. 43 and 41 percent, respectively), and inadequate financial resources devoted to reporting (55 percent vs. 31 and 33 percent, respectively).
Recruitment and Retention Challenge Upper-Midrange Organizations
Nonprofits derive their strength from dedicated and driven employees, yet recruitment and retention remain a high or moderate challenge for 6 in 10 nonprofit leaders. Upper-midrange nonprofits are the most concerned, with 70 percent citing recruitment and retention as a high or moderate challenge, compared to 61 percent of large organizations and only 35 percent of midrange organizations.
Key factors in keeping employees engaged and growing employee satisfaction levels for all organizations include having competitive compensation levels (59 percent), up-to-date technology (58 percent), internal communications (54 percent), and management-employee relations (51 percent). These challenges were all most pronounced among upper-midsized organizations. While 7 in 10 midrange nonprofits were able to provide at least a 3 percent increase in employee compensation levels within the last year, only 44 percent of upper-midrange and large nonprofits were able to do the same.
Overcoming Key Challenges: Planning Ahead
Do the data show that upper-midrange nonprofits are doomed? Not at all. Instead, this year’s Nonprofit Standards highlights the success of many nonprofits that were able to overcome these classic scaling challenges to grow successfully and expand their programs.
While not comprehensive, below are some best practices for organizations looking to overcome these challenges.
Fundraising Effectiveness: Nonprofits looking to increase their fundraising effectiveness should:
- Match their donor behavior. Nonprofits should consider what influences their donors to donate in general—and to their organization specifically—and tailor their messaging accordingly.
- Reduce their giving barriers. It’s critical that organizations regularly update and modernize their donation channels (including online and mobile giving platforms) to keep pace with changing consumer behavior.
- Leverage data analytics. Nonprofits should dig into their own data to understand the demographics of their core contributors and to identify new prospects. (See the article on page 10 entitled, How Predictive Analytics is Transforming NPO Fundraising.)
Donor Communications & Impact Reporting: To ensure smoother donor communications and reporting, nonprofits should:
- Start with the end in mind. Organizations should identify the story they want to tell their stakeholders and paint a vision of what the world could look like if their mission were achieved.
- Make reporting an ongoing process. Nonprofits should gather and report data on a quarterly or monthly basis to keep stakeholders in the loop and make year-end reports less daunting.
- Remain transparent. Nonprofit reports offer an unparalleled opportunity to contextualize an organization’s metrics and finances.
- Share their report widely. Organizations should distribute their report via multiple channels so both existing and prospective donors have a chance to see it.
Staffing and Recruiting: To maintain and attract top talent, nonprofits should:
- Stay competitive in their local market. Nonprofits should ensure their policies make their organization an attractive place for potential employees.
- Capitalize on flexible work options. Remote work arrangements can be both beneficial to employees and cost-effective for organizations.
- Remain proactive about succession planning. With 4 million baby boomers retiring each year, the need for a succession plan is a “when” rather than an “if” scenario.
The more upper-midrange nonprofits—and those of all sizes—can learn from benchmarking against their peers, the better prepared they will be to advance their mission and support continued growth. Gaining intelligence is vital to staying afloat.
Adapted from article originally published in NC State University’s Philanthropy Journal News.
By Michael Conover
I have previously discussed the inevitable transition of numerous baby boomers holding leadership posts in nonprofit organizations. The topic has been well-covered in a variety of publications for nearly a decade.
However, I believe the seismic shift that some have predicted has failed to materialize on a scale that was predicted. I attribute this to a variety of factors, including: delayed retirements out of financial need or resistance to change; belief that age 75 is the new 65; or just procrastination.
The slowdown in the rate of change will not soften its impact. It may intensify it. The delay on the part of these baby boomer executives and the boards to whom they report could increase the likelihood of an unexpected and disruptive leadership crisis. The problems can range from a noticeable decline in performance to an abrupt departure caused by sickness or death. Leadership changes under the best of circumstances are not 100 percent successful; thus, in crisis mode, the odds of success are much slimmer.
The other obstacle I allude to in my title is executive retirement arrangements (or lack of same). As organizations finally confront the departure of a long-tenured and critically important executive, the details of the retirement arrangements come to the forefront. This is the point at which many organizations and executives discover the price that will be paid for failing to address this important issue well in advance. Proper advance planning can not only minimize financial uncertainties for the executive and the organization that may interfere with retirement planning, but can prevent other potential and very expensive obstacles as well.
Many compensation committees have failed to proactively raise the subject of retirement plans and acknowledge the impact that they will have on an orderly retirement / leadership transition. There are a variety of reasons including: financial costs; reluctance to broach the subject of leadership change; mistaken assumptions that arrangements made many years ago will address the needs; embarrassment that arrangements are inadequate or have not been made; etc. Committee members must realize that time is not on their side for addressing retirement-related arrangements. Delaying can create many negative impacts for both the executive and the organization.
I would like to describe a few different scenarios that illustrate the types of situations we have discovered in “11th hour” reviews of retirement arrangements:
Plan Document Failures: Plan documents (e.g., employment contracts, deferred compensation arrangements, life insurance plans, etc.) developed many years ago and / or those that have been drafted without the benefit of needed expertise to ensure compliance with current requirements pose potential problems to the unwary.
The inclusion of what appear to be ordinary terms in the arrangements, or the failure to include critical details, can prove disastrous in terms of potential tax liability and penalties for the executive as well as the employer. Language included to ensure that retirement resources are secure may produce inadvertent vesting of a benefit and tax liability long before it is actually available. Similarly, incorrectly structuring payments can result in an unforeseen tax liability and punitive excise tax penalties.
If these issues are identified proactively or within a time period that corrective actions can be taken, the problems can be minimized. There is, however, a point at which it is simply too late.
Plan Administration Failures: In some instances, well-drafted plan documents are not adhered to from an administrative standpoint. Contributions, excess contributions, payment amounts and / or payment terms are made that fail to follow plan requirements. The failure to ensure compliance may result in adverse tax consequences to the executive and the organization.
Failure to properly recognize and report details of retirement arrangements are also common. The executive’s W-2 form, personal tax return and the organization’s Form 990 may all need to include information related to the plan arrangements as well as timely recognition of income when vesting occurs. Discovering these issues after the fact can necessitate amending prior year returns and also involve adverse tax consequences to the executive and the organization.
Improbable Catch Up: A compensation committee’s failure to establish a specific position on retirement benefits for the executive, as well as a specific objective for the level of benefits to be provided well in advance of the probable retirement event, drastically diminishes the likelihood of providing any level of benefit beyond that provided to all employees. Waiting until just a year or two prior to retirement will likely place an unreasonable financial burden on the organization to fund a benefit that might have been spread over many years of employment. Similarly, large contributions / payments toward the very end of employment may trigger an excess benefit situation, or the appearance of same, that may create adverse consequences for the executive and the organization.
The Wake-Up Call
Most compensation committees spend most of their time on decisions about current cash compensation (i.e., salary, bonus and incentive) matters for executives. Clearly, these are important matters and ones that require the committee’s attention in light of the disclosure of this information to external stakeholders and the public. I am not suggesting the committee members spend any less time on them.
I am however suggesting that compensation committees incorporate an immediate and recurring review of the organization’s retirement program to ensure that all documentation, administration and funding are in accordance with the organization’s policy, on track to meet stated objectives and fully compliant with pertinent regulatory and reporting requirements. Regular checkups may also be beneficial in helping the organization to be more attentive and proactive on succession / transition needs. As we have pointed out, delay on these matters is the enemy of effective solutions.
Executive management also has a role to play in this wake up call. Steps should be taken to ensure that the compensation committee has access to all internal and external information and advice that will assist them in their efforts to ensure that all steps have been taken to ensure that the retirement arrangements pose no obstacles to the inevitable retirement and leadership succession that every organization faces.
By Lee Klumpp, CPA, CGMA and Laura Kalick, JD, LLM in Taxation
The Financial Accounting Standards Board (FASB) recently posted a Q&A stating the FASB staff would not object to nonprofits applying guidance from the Securities and Exchange Commission (SEC) on the application of Topic 740, Income Taxes, in the reporting period that includes the date on which the new tax law was signed.
The SEC staff issues statements expressing a view on applying topics in the FASB Accounting Standards Codification (ASC) and/or disclosure requirements through staff accounting bulletins (SABs). These statements represent the practices and interpretations followed by the SEC staff. Historically even though the SEC staff’s views and interpretations aren’t directly applicable, nonprofits have chosen to apply the guidance in the SABs.
When the new tax law was signed, the SEC staff released SAB 118 for applying Topic 740, Income Taxes, as it relates to tax reform. SAB 118 outlines the approach entities may take if they determine that the necessary information is not available (in reasonable detail) to evaluate, compute and prepare accounting entries to recognize the effect(s) of the new tax law by the time the financial statements are required to be filed. Entities may use this approach when the timely determination of some or all of the income tax effect(s) from the tax law is incomplete by the due date of the financial statements. SAB 118 also prescribes disclosures that reporting entities must provide in these circumstances.
MAIN PROVISIONS OF THE FASB Q&A
The FASB staff would not object to nonprofits applying SAB 118, which the staff believes complies with generally accepted accounting principles (GAAP). This view is based upon the historical application of SABs by nonprofits.
The FASB staff also believes that a nonprofit opting to apply SAB 118 would need to do so in its entirety, including the disclosure requirements. Such reporting entity should also disclose its accounting policy of applying SAB 118, required by ASC paragraphs 235-10-50-1 through 50-3.3
For more information on nonprofit financial reporting, contact a Blackman & Sloop nonprofit advisor.
Article reprinted from the BDO Nonprofit Standard blog.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2018). Copyright © 2018 BDO USA, LLP. All rights reserved. www.bdo.com.
By Ken Eye and Andrea Wilson
The internal audit (IA) function is vital to the health of any nonprofit, regardless of mission or scope. The audit committee and its individual members are crucial partners in safeguarding the integrity, purpose and, ultimately, the success of organizations.
But, they often face challenges navigating a strained regulatory environment, all while trying to do more with less. Adjusting to these new realities means that proper management is more important than ever. This article outlines the top 10 challenges keeping internal auditors up at night, and providing remedies to help them continue their critical work.
1. CHANGES TO OPERATIONS OR STRATEGY
For most nonprofit organizations, change is inevitable. As the needs of communities, internal dynamics, priorities and leadership transform, nonprofits adjust their mission and strategies. While this dynamism is essential for organizations to further their work, change can create strain for internal auditors. Whether its expanding operations to a new location, working with new donors or rolling out a new organizational structure, internal auditors are often left scrambling to ensure compliance.
THE REMEDY: Change is unavoidable, but compliance headaches don’t have to be. Nonprofits should be proactive about integrating internal audit into large scale organizational changes. This means allocating IA resources to evaluate emerging compliance and legal requirements, incorporating IA into the strategic decision-making process at the outset, revising policies and procedures with the new compliance environment, and developing succession plans to facilitate smooth personnel changes. And, IA should not just be involved in the change process—organizations should allow internal auditors to conduct post-implementation assessments to ensure ongoing compliance.
2. ORGANIZATIONAL CULTURE
The organizational culture of nonprofit organizations usually centers on a mission that employees are passionate about. This passion attracts staff personally motivated to help the overall organization succeed, but can come at the cost of internal controls. For nonprofits, “the cause” can often be promoted at any cost. Mid-level management professionals can be highly skilled in technical areas, but may lack knowledge in compliance, financial accountability and oversight. A lack of interactive communication between key administrative and program units within the organization can result in insufficient internal controls.
THE REMEDY: To balance maintaining organizational culture with proper operational management, communication is essential. Nonprofits should develop a sound communication strategy that brings the internal audit and compliance functions in regular contact with the rest of the staff. During these interactions, IA professionals should be sure to communicate how risk management practices align with overall organizational strategy and mission objectives. Bringing people together in this way helps make IA an integral part of an organization, rather than an afterthought.
Even when strong communications are in place, breakdowns are sometimes inevitable. Organizations should conduct regular assessments of business processes to determine where breakdowns in communication between business units occur. These assessments should help identify gaps that could pose significant risks to the organization.
Based on the results of these assessments, organizations should design and implement remediation plans, including scheduling necessary trainings for all employees and rolling out new process flows and accountability points to close any gaps.
3. NEW TECHNOLOGY
Technological advances help organizations store and share data, but new technology is often implemented without the knowledge or involvement of the internal audit function, to potentially disastrous and costly results. Ideally, internal auditors should assess new technology well before it’s utilized to review issues like control over sensitive data, continuity of the technologies between offices, and adherence to compliance and regulatory requirements. Without this review, nonprofits leave themselves open to a number of risky consequences, as well as operational inefficiencies.
THE REMEDY: Technology can be a huge boon to nonprofit organizations, but only when it’s used wisely. IA should
work with nonprofit leaders to first assess technology currently being used organization-wide, and then identify what the organization still needs to address. Internal auditors can assist with researching and proposing approved technologies for organization-wide usage, to facilitate cohesion and compliance and to help management improve system efficiencies.
Organizations also need to implement proper internal controls to ensure they’re mitigating technology risk as much as possible. IA can conduct a risk assessment of each technology used and implement policies to restrict or prevent the use of high-risk programs or devices. Organizations should also require similar checks and risk assessments for all new technology prior to usage.
With new technologies exploding in popularity, cybersecurity risks abound. Nonprofit organizations often mistakenly believe they aren’t of interest to cyber criminals, but the amount of personal data they store from donors and employees, and the tendency to underinvest in cybersecurity measures, make them an ideal target. It can be difficult for nonprofits to maintain up-to-date technology and hardware, keep pace with technological changes and navigate the shifting regulatory landscape with their limited funding. Nonprofits also frequently partner with technology suppliers and other contractors that leave them open to third-party cyber risks.
THE REMEDY: The first step to mitigating cyber risk is to conduct an organization-wide cybersecurity risk assessment that includes partner, contractor and technology supplier cybersecurity as part of the due diligence process. This assessment should shed light on where internal and external gaps exist. Following the assessment, organizations should implement additional controls by updating policies, procedures and internal controls to address identified gaps.
A startling number of cyber incidents arise from employees unknowingly exposing the organization to bad actors. Training staff to recognize these exposures is fundamental to their prevention. Nonprofits need to regularly communicate risks to employees and vendors to ensure everyone is adhering to established policies.
Monitoring cyber risk needs to be an ongoing effort. Nonprofits should develop a risk assessment schedule to examine internal partner, contractor and technology supplier cybersecurity on a quarterly or annual basis. Internal audit can assist with implementing these assessments.
5. COMPLIANCE WITH FUNDER REQUIREMENTS
Nonprofit organizations often have the unique challenge of negotiating compliance requirements across multiple funding sources including government entities, individuals, private foundations or other organizations. This challenge is only growing as budget cuts force organizations to focus on diversifying revenue streams and expanding donor pools, and with a recent increase in donor audits of specific grant activity at the materiality level. Further complicating the matter is a growing emphasis on international accounting standards (as opposed to relying on U.S. generally accepted accounting principles).
THE REMEDY: To clarify exactly what funding requirements an organization faces, it should conduct a compliance assessment, comparing requirements across all donor agreements to determine areas of overlap and areas of discontinuity. These agreements should then be compared against written policies and current practices to identify gaps.
Remediation plans can amend policies and procedures, and staff trainings should be conducted to ensure all levels and functions understand their role in maintaining compliance with funding requirements.
Staying current is critical. Nonprofits should develop a compliance assessment schedule, and IA and compliance departments need to stay on top of new funding streams and emerging trends so they can pivot when necessary.
6. FINANCIAL CONTROLS
Even though nonprofits are motivated by making an impact rather than money, organizations still face a host of hurdles when it comes to financial management. Many international nonprofits operate in countries with cash-based economies, making it tough to maintain adequate control of funds and sufficient supporting documentation. And new payment technologies, while enabling new and widespread operational tools, are often accompanied by verification and other control challenges. Nonprofits also face resource constraints and may have a limited number of finance staff to oversee financial management processes, which can be manual and prone to human error. For organizations with
several offices, branches often operate with little to no centralized oversight over their accounting and cash management procedures.
THE REMEDY: Nonprofits should review cash management procedures and evaluate typical expenditure cycles to identify potential risk areas across the entirety of an organization. Internal audit is central in assisting management in testing cash management controls.
- Organizations can then implement additional controls in keeping with best practices, like limiting cash handling or volume of cash transactions where possible. Nonprofit managers should consider investing in technologies and resources that limit high risk processes.
Standardizing procedures will help cut down on variance of practices between offices. All branches should centralize accounting and reporting procedures. At a minimum, each location should maintain copies of supporting documentation of all expenditures and financial reporting and should regularly review them with staff.
7. RELIANCE ON THIRD PARTIES
Vendor actions can create extremely adverse consequences for nonprofit organizations. Concerns range from reputation damage to the vendor’s illegal acts being attributed to the nonprofit organization. This risk applies to all types of organizational relationships with vendors and nonprofits, especially those administering federal grant programs given increased subrecipient monitoring and due diligence requirements.
Despite the risks, most nonprofits rely on partners or contractors for critical program functions. This makes it difficult to conduct due diligence reviews and monitoring activities, particularly when the partners/contractors are numerous, geographically dispersed or operating overseas. Partners are normally tasked with self-reporting, meaning frauds like ghost employee payments are easily hidden. Contractors also usually have access to organizational networks and information, creating an additional layer of risk.
THE REMEDY: Organizations should review current policies and procedures to ensure robust due diligence and monitoring processes are in place for all third-party relationships. This should include an assessment of partner/contractor access to project data, systems and networks, and the limitation of access where possible.
- Nonprofits need to implement additional monitoring and verification processes, including:
- Conducting regular spot reviews or investigations of reported data
- Requiring partners and contractors to certify financial and programmatic assertions
- Verifying number of partner/contractor staff and salary payment amounts
- Conducting unannounced site visits
- Considering third-party verification systems
These processes should be re-evaluated on a regular basis to ensure their effectiveness.
8. PROCUREMENT PROCEDURES
Nonprofit organizations rely heavily on non-competitive procurement processes due to several reasons. Often, procurement procedures, selection criteria and selection decisions are inadequately documented, leaving organizations unable to show that there was no bias in the selection process. Preferred vendor lists are rarely updated, and control of vendor solicitation, selection and site visits is often left with just a few individuals.
THE REMEDY: IA should review current procurement procedures against industry standards and donor requirements. They should also be transparent about their procurement policies including:
- Publicly announcing tenders as much as possible
- Updating vendor lists through open competition as frequently as possible
- Verifying vendors and prices through in-person or third-party checks
- Comparing bids against market prices
- Documenting criteria and selection procedures to bid samples with procurement files
- Ensuring procurement/selection committees are rotated on a regular basis
9. TRANSPORTATION AND DISTRIBUTION
For organizations that distribute goods, inventory management and oversight can prove to be major sources of stress for internal auditors. Often, nonprofits have difficulties verifying receipt of goods or services by their intended beneficiary, and confirming the goods provided are in the same quality and quantity as what was purchased. Diversion, theft and product substitution are especially difficult to identify. Despite resource and capacity issues, recent increased scrutiny of internal controls and supply chain management means that organizations need to address these issues sooner rather than later.
THE REMEDY: To help combat issues in the distribution chain, organizations need to shore up monitoring procedures by:
- Establishing monitoring teams for critical points along the supply chain
- Implementing two-step or three-step verification procedures at each critical stage
- Hiring a third party to conduct site visits and monitor transportation and distribution
- Using technology to assist in tracking and monitoring, including unique identifiers on products for inventory and tracking purposes and requiring distributors to take time-stamped photos/videos of deliveries
- Another effective risk mitigation strategy is to communicate directly with beneficiaries. Organizations can hold pre-distribution meetings with communities to review any past issues or concerns. Detailed packing lists and/or photographs of parcel contents should be inside packages. Nonprofits can include in the contract clauses with distributors to withhold payments to distributors until delivery is confirmed. This further ensures the distributor is holding up its end of the agreement.
10. FRAUD AND CORRUPTION
It’s the job of the internal audit function to uncover fraud, waste and abuse in nonprofit organizations, but often they are set up for failure. Due to a lack of communication between functional and program units within organizations, increased used of third parties, outdated systems, increased regulations (and the list goes on…), the opportunity to exploit a nonprofit’s controls is growing at a time when IA resources are shrinking and reputational risk for organizations is at an all-time high.
THE REMEDY: Preventing fraud starts within an organization itself. Stakeholders should evaluate current fraud prevention, detection and investigation measures against regulatory requirements and develop a plan to remediate any identified gaps. They should also be sure to provide accessible fraud reporting mechanisms for all employees, partners, grantees/beneficiaries and stakeholders.
- Despite resource constraints, organizations need to ensure IA has the appropriate level of resources to detect and investigate potential cases of fraud. Funds should also be set aside for visits to third parties and office locations and the establishment of a fraud hotline. Put a process in place to notify any impacted funders in a timely manner and in line with donor requirements to prevent exacerbating the impact when fraud does occur.
It’s also key to establish a fraud prevention and detection assessment schedule so practices can stay up-to-date and make sure nothing falls through the cracks.
Internal auditors at nonprofits have a tough, but essential job that’s key to keeping the organization focused on mission fulfillment. By assessing current practices, developing action plans and regularly monitoring activities, organizations can mitigate risk and serve their beneficiaries more effectively.
Article reprinted from the BDO Nonprofit Standard blog.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2018). Copyright © 2018 BDO USA, LLP. All rights reserved. www.bdo.com.
By Lewis Sharpstone, CPA
The quality and completeness of the audit committee charters that I have seen typically range from very good to great. This is why there is no mention in this article, other than here, of core audit committee responsibilities such as auditor appointment, audit review, monitoring of whistleblowing incidents, or conflicts of interest reporting. However, here are my top five suggestions that should be considered for strengthening even a great audit committee charter.
- INCORPORATE ALL YOUR STATE AUDIT COMMITTEE REQUIREMENTS INTO THE CHARTER
For example, under California law there are stated guidelines as to who can and cannot serve on the audit committee. The most well-known California rule is that no more than 50 percent of the audit committee can comprise finance committee members. Most California audit committee charters I see cover this rule. But many California audit committee charters I see don’t include the lesser known but equally important rules. For example, in California the chair of the audit committee is also prohibited from serving on the finance committee. Make sure you know your state audit committee requirements, if any, and ensure that they are embedded into your charter.
- MINUTES OF MEETINGS
Part VI, Section A, question 8 of IRS Form 990 reminds us that as a best practice, organizations should memorialize all board meetings with documented minutes. This also applies to all meetings of subcommittees of the board. The audit committee is a subcommittee of the board, so documented minutes should be produced for each meeting. Accordingly, this should be stated in the charter.
- EXECUTIVE SESSIONS
Most audit committees build into their charter the notion that they can hold executive sessions with specific parties. In almost all cases it is either written or implied that executive session means organization staff members are excused from the meeting and the audit committee meets alone with the external auditors or other parties. However, executive sessions can be much broader than this and should probably be defined as such. For example, since the responsibility of audit committees includes a broad understanding of risk, and since a significant risk facing any organization today is cybersecurity, it is probably appropriate for the audit committee to want to meet in executive session with the chief information officer.
- THE AUTHORITY TO INDEPENDENTLY CONSULT WITH AND RETAIN OUTSIDE LEGAL COUNSEL
The audit committee should be collaborative most of the time but function objectively all the time. The authority of the audit committee to retain outside legal counsel, if needed, is recommended to be included in the charter. If the need arises, having this documented within the charter will be important to the audit committee in exercising its responsibilities. Conversely, it might prove almost impossible in certain circumstances for the audit committee to exercise its duties without this authority.
Self-review is a powerful and useful process if performed correctly and periodically. It provides an appropriate time and forum for members of a committee to voice suggestions to improve the effectiveness of the committee on which they serve. Certainly, the absence of an appropriate time and forum to voice these suggestions for improvement can lead to problems down the road. This is why embedding a periodic audit committee effectiveness self-review requirement and process into the charter is highly recommended. The audit committee charter should also be self-reviewed periodically.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2018). Copyright © 2018 BDO USA, LLP. All rights reserved. www.bdo.com.
By Laura Kalick, JD, LLM in Taxation
Does your tax-exempt organization provide transportation and parking benefits to employees? If so, you may have another commuter headache: a new tax. Under the Tax Cut and Jobs Act of 2017 (the Act), a provision was added to the Internal Revenue Code that is likely to require many tax-exempt organizations to pay unrelated business income tax (UBIT). Certain costs of qualified transportation, including transit passes, qualified parking and more, will now be taxed as unrelated business income at 21 percent.
The Act added the following provision to the Internal Revenue Code: Internal Revenue Code (IRC) Section 512(a)(7): Increase in unrelated business taxable income by disallowed fringe.
This provision was an attempt to put exempt organizations on the same footing as taxable organizations that will no longer be able to deduct these costs. The provision is effective for amounts paid or incurred after Dec. 31, 2017.
Under this provision, certain qualified transportation fringe benefits, including those relating to parking garages, must be reported as unrelated business income (UBI). All tax-exempt organizations (and a college or university owned and operated by a state or other governmental unit) will have to include as unrelated business taxable income any amounts paid or incurred for any qualified transportation fringe benefit, including the following:
- A ride in a commuter highway vehicle between the employee’s home and workplace.
- A transit pass.
- Qualified parking.
Qualified parking is parking you provide to your employees on or near your business premises. It includes parking on or near the location from which your employees commute to work using mass transit, commuter highway vehicles, or carpools. If an organization has its own garage that is used for parking that is already reported as UBI (e.g., parking for the general public), then the percentage of those costs attributable to the amount already included in its UBI does not have to be included in the amount treated as UBI under the new provision.
The UBIT on these employer costs is 21 percent at the federal level and state taxes may apply as well. Organizations should consider making estimated tax payments on these taxes.
These employee fringe benefits are still excluded from an employee’s income. Employers can generally exclude the value of transportation benefits provided to an employee during 2018 from the employee’s wages up to the following limits:
- $260 per month for combined commuter highway vehicle transportation and transit passes.
- $260 per month for qualified parking.
See IRS Publication 15-b for more information.
Even if the benefit is provided under a compensation reduction agreement, the payment will still result in UBIT for the organization. The only way the organization can avoid counting these benefits as UBI is to have the employee pay for the benefits with after-tax dollars.
COMPENSATION REDUCTION AGREEMENT EXAMPLE:
For 2018, the monthly limit on the amount that may be excluded from an employee’s income for qualified parking benefits is $260. Commuter employees can receive both the transit and parking benefits up to $520 per month tax-free.
On a per employee basis, for commuter and transit passes only, $260 monthly is $3,120 annually, and the UBI tax on this amount at 21 percent is $655 plus state taxes, if applicable. With 100 employees, the federal tax alone would be $655 per employee and approximately $65,500 in total. To the extent your organization provides a commuter benefit of up to $520 per month, the UBI tax can be much more.
- Organizations should determine whether they provide these transportation and parking benefits, and if so, to how many employees, what kind and how much?
- Calculate the estimated tax payments for Federal UBI and the state, if applicable.
- If your organization has not filed Form 990-T in the past, enroll the organization in the Electronic Federal Tax Payment System in order to remit the taxes.
By Karen Schuler, CFE, IGP, IGP and Taryn Crane, PMP
Notwithstanding the EU General Data Protection Regulation (GDPR)—the most sweeping change to data privacy in 20-plus years, with extraterritorial scope that went into effect on May 25, 2018—there are numerous privacy laws that are often overlooked.
Earlier this year companies like Facebook have come under fire for privacy violations while Congress is looking for ways to protect the privacy of American citizens. These movements are just the beginning of widespread change that we expect for privacy laws over the next several years.
As discussed in the Spring 2018 issue of the Nonprofit Standard in an article entitled “The Integration of Data Privacy into a Data Governance Program,” nonprofits can’t afford to ignore regulations like GDPR as many organizations are impacted due to their global reach. But now that May 25, 2018 has passed and GDPR officially went into effect, it’s time to think about your holistic privacy program—or implementing a Privacy Operational Life Cycle that helps your organization keep employees apprised of new privacy requirements, embraces recordkeeping and sound data protection practices while offering enhanced data privacy for your donors, employees, and constituents.
Think about these areas to develop a sound Privacy Operational Life Cycle:
- Develop an organizational privacy vision and mission, and document the program’s objectives.
- Identify legal and regulatory compliance challenges that are relevant to your organization.
- Locate and document where personal information resides throughout your organization or across third parties (e.g., hosting vendors, outsourced applications).
- Develop a privacy strategy that identifies stakeholders, leverages key functions throughout the organization, creates a process for interfacing within the organization, and outlines a data governance strategy.
- Conduct a privacy awareness workshop to highlight to the entire organization the goals of the program.
- And, finally, develop a structure for your privacy team with a governance model that is clear and consistent for the size of your organization.
The above-mentioned items are a starting point, but there is more to do after you develop your initial structure and communicate the purpose of the program. Below is a guide to developing the Privacy Operational Life Cycle.
DEVELOP AND IMPLEMENT A FRAMEWORK
The framework should provide you with an implementation road map that outlines your privacy procedures and processes. Developing a framework helps you identify high risk areas, reduce data loss, and provide a measurement against compliance to laws, regulations, and standards. Frameworks that provide initial guidance include the AICPA and CICA Privacy Framework, ISO 17779/BD7799, or OECD Privacy Guidelines.
DEVELOP PRIVACY POLICIES
Once you have selected an overall framework to govern your privacy program, look at your existing policies, procedures, and guidelines. During this phase you should evaluate the goals of the privacy program and determine what business initiatives are the baseline of the privacy program. Just remember, as you look to update policies, procedures and guidelines for the organization, ensure that there is a mechanism to enforce these policies. And don’t forget to review the current website privacy notice. This has become a critical target of privacy watchdogs to ensure that you can fulfill the commitment of the statements in that notice.
DEVELOP MECHANISMS TO MEASURE PERFORMANCE
Within your privacy life cycle, it will be important to develop the ability to measure performance of the program. To implement metrics, consider your audience—will it be the board, external parties, regulatory agencies, or the staff?
Determine how you will report on these metrics that you have identified. Decide what measurements you are interested in sharing with your audience and how this could impact funding positively or negatively. Next, determine how you will measure progress toward the organization’s business goals and objectives. Do your best to limit improper metrics that do not support the organization’s mission. And finally, determine the best methods to collect the data you need. Your goal is to demonstrate compliance while establishing the privacy program’s return on investment (ROI).
DEVELOP THE PRIVACY OPERATIONAL LIFE CYCLE
The Privacy Operational Life Cycle should consider measurement, improvements, and the ability to sustain and support the program. To effectively do this, develop an operational life cycle that considers the assessment, protection, governance, and response phases. Some tips to consider for each aspect of the life cycle:
- Assess – embed Privacy by Design (PbD) into the design of technology, business practices, and physical design of new programs. In addition to PbD, regularly evaluate third-party compliance, as well as internal program compliance.
- Protect – ensure that information life cycle management (ILM) is built into your data protection strategy. While it is important to ensure that your data protection strategies mitigate the risk of a data breach, you need to consider sound ILM practices to promote the organization’s data protection strategies. Remember, the less you have, the less you have to protect.
- Govern – while it’s important to be able to evaluate and protect information, you also need to monitor, audit, and communicate the privacy framework. Develop a strategy and operational procedures that allow your organization to maintain a transparent and visibly sound program. And don’t forget to monitor regulatory changes that impact your organization. Develop ongoing processes that allow you to measure the privacy program’s effectiveness.
- Respond – traditionally privacy and security teams viewed their ability to respond as responding to a security event. Today that has changed – it’s much broader and requires the ability to respond to complaints, requests for information, corrections of inaccurate data, clarifications of privacy matters and access requests. When developing your response capabilities, take into consideration these items in addition to your ability to respond to a security event.
Holistic privacy program development is the wave of the future, especially in a competitive world where data is at the core of every business or organization. Establish a program that fits your organization to ensure that you remain ahead of the curve and out of the sight of regulators.
PAY DATA FOR ‘SIMILARLY QUALIFIED PERSONS IN COMPARABLE POSITIONS AT SIMILARLY SITUATED ORGANIZATIONS’
By Michael Conover
Valid information on competitive pay levels and practices for “… similarly qualified persons in comparable positions at similarly situated organizations” has long been the basis for responsible management, and Internal Revenue Service (IRS) enforcement, of appropriate pay practices among all tax-exempt organizations.
When the IRS Intermediate Sanctions (Internal Revenue Code 4958) were enacted, the importance of good comparative data was underscored by its inclusion as one of the three elements of the protection offered in the Rebuttable Presumption of Reasonableness. The data provides a critical context for determining how much and how to pay a nonprofit’s executives.
Regardless of its importance, however, many organizations fail to devote the attention to this important element of their compensation program that it deserves. We regularly work with organizations that have difficulty describing or producing the data used as the basis for executive pay decisions. References are made to “a report done a while ago,” “a survey we had,” or “some Form 990s from organizations like us.” Examining the Form 990s and Schedule Js of these same organizations, we find they have checked all the appropriate boxes related to these data sources and yet there is little or nothing to be found.
Another group of organizations we find has a different competitive data issue. They have competitive data to offer as the basis of compensation decisions, but there are serious issues about the quality and comparability of the data being used. The data may be drawn from organizations that are not at all comparable, positions that are marginally similar or based on such a small sample that the data’s validity is very questionable. In these situations, this poor data may be as bad, or possibly worse, than having no data at all because it may lead to problematic pay decisions.
Obtaining and properly using good data for compensation purposes requires some thoughtful examination of your organization, its positions, and the requirements for individuals holding those positions. Only after accurately understanding your own circumstances can a search begin for the sources of valid data needed. Areas that need to be explored include:
- Details of your organization: This information includes the type of service(s) your organization performs as well as the broad organizational metrics that reflect its size and scope (e.g., revenue, operating budget, total assets, number of employees, etc.). These are usually among the factors most readily used for identifying similar organizations.
- Primary role(s) of your position(s): Competitive data sources (surveys, Form 990s, etc.) usually offer only brief descriptions of positions and generic titles for job-matching purposes so the focus here is on the central focus and impact of your position in terms of overall impact on the organization. The chief/principal executive officer and chief/principal financial officer positions tend to be very similar from one organization to another and are Disqualified Individuals from an Intermediate Sanctions perspective. Therefore, they are routinely included in competitive data needs. Ensure you note any significant difference in the role played by your position vs. the typical benchmark. The presence of an additional role not associated with the typical benchmark for the position (or the absence of some portion of the role commonly associated with it must be taken into account to ensure appropriate comparisons will be made.
- Position requirements: The emphasis on position requirements is intentional. The purpose is to focus on the essential education, expertise, and experience required to perform the role, not what the current incumbent happens to have or acquired in the role. For example, the fact that the current receptionist has five years of experience at the front desk does not mean that five years is a requirement for a qualified incumbent. On the other hand, your position may require a type of professional certification, education, or experience that is unique
and essential for successfully performing the role. For example, an individual holding the position of executive director in an association of athletic coaches and involved with external organizations regulating the conduct of the sport must have credible experience in the sport.
Armed with an accurate understanding of your own organization and the positions that will be examined in the competitive compensation assessment, attention now is focused on the identification of the data that will be sought for use in the analysis. The process follows the same criteria referenced above in the descriptors of your organization and positions, as follows:
- Organizations selected for inclusion in the analysis: Typically, these are organizations offering the same types of services that your organization provides. In some instances, there are other types of organizations, perhaps even for-profit ones that employ and compete for executive resources that are very similar to your specific organization. These can also be included in the search for competitive data. Compensation surveys are conducted among many different types of nonprofit organizations (e.g., higher education, social service organizations, professional/trade organizations, philanthropic foundations, etc.). In addition, Form 990 filings from other organizations like yours are also a source of competitive data. If necessary, a custom survey and/or consultant may be required to obtain data for specialized/hard-to-find sources of data.
The size and scope of organizations included in the analysis must be comparable to your organization. Revenue and budget levels for a group of organizations ranging from 50 percent to 200 percent of your size are typically viewed as reasonable for inclusion. Of course, care must be taken to avoid “skewing” the data in the direction of organizations much larger than your own.
I often explain the objective for identification of comparable organizations as comparing “apples to apples” but doesn’t necessarily need to be as specific as comparing McIntosh to Fuji.
- Selection of benchmark positions: Positions selected for comparisons should closely resemble the role described in your organization. Titles alone may not fully describe a position’s role or they may be misleading. A controller may be the chief/principal financial officer or a subordinate, depending on the data source in question. In those cases where a significant difference has been identified between your position and the external benchmark, it may be advisable to make adjustments (upward or downward) to competitive data to appropriately compare them.
- Special position requirements: Bona fide requirements for your organization’s position that are not typically associated with the benchmark position may also require an adjustment to competitive data in order to produce an appropriate comparison.
Collecting this information about your organization and the external benchmarks planned for use prior to an analysis of competitive compensation is not the end of this process. Two critical steps remain. First, it is important to engage the organization’s governing body (e.g., board, compensation committee) and involve them in a review of this information and affirmation/modification of it for use in the analysis. Involving the independent members of the organization in the process performs a very helpful educational role about compensation and the importance of good competitive data. It also enlists individuals with a critical oversight role in the governance of pay in an independent validation of the plan to secure the data before it is collected. A sound rationale has been prepared and ratified for the analysis of competitive data which board and management should view as valid for this purpose.
Second, this description of your organization and positions, as well as the external benchmark criteria or the comparative framework, should be documented. It will become part of the other important documents maintained to support the compensation program (e.g., board minutes, compensation strategy/guiding principles, etc.). The framework should be reviewed periodically and updated as needed to ensure its continued relevance to your organization as well as the external marketplace(s) in which you compete for executive resources.
By Joe Sremack, CFE
Robotic process automation is helping both for-profit and nonprofit organizations do more with less. Robotic Process Automation (RPA) is transforming the way organizations across different industries do business. It allows organizations to automate certain types of work processes to reduce the time spent on costly manual tasks and increase efforts to deliver mission-critical work. RPA is helping organizations do more with less, helping them automatically process and store data without having to perform manual data entry, generate financial status reports without spending considerable amounts of time in Excel, and execute outreach campaigns without spending hours in a customer relationship manager (CRM) program. These types of optimizations have been made a reality through RPA, with organizations just beginning to scratch the surface of the possibilities.
RPA is the use of software that automates manual tasks. It eliminates the need for employees to perform repetitive tasks by integrating software that performs the same set of steps the employee does. The software is designed to perform routine tasks across multiple applications and systems within an existing workflow. It performs specific tasks to automate the transfer, editing, reporting and/or saving of data.
At least some portion of white collar employees’ time is spent on repetitive computer tasks. That includes the CEO’s time–about 25 percent of the CEO’s tasks could be automated and RPA can help achieve this. Repetitive work typically involves the collection of data from one or more sources, performing a data manipulation—such as applying data formulas in Excel—and then exporting or saving the information to a readily available location. These are just some of the kinds of work that RPA automates.
One of the main differentiators of RPA from other solutions is that it performs tasks that do not require deep cognitive capabilities. RPA is the automation of a process, but the software is not improved or changed based on the inputs or its results. This is different from machine learning or artificial intelligence (AI) software, which can learn and improve based on the continuous evaluation of its inputs and results. Instead, RPA software simply repetitively performs the same task(s) based on business requirements.
RPA provides several major benefits. The most immediate impact from RPA is that routine tasks are performed in an error-free, consistent manner. RPA also provides an audit trail of work performed, which can be valuable in regulated industries or when the output of a process produces an unexpected result. In addition, RPA solutions can be configured to identify anomalies or red flags that may not be identifiable to an employee.
The long-term benefits are also valuable. Perhaps the most important benefit is increased job satisfaction. When employees are asked which parts of their jobs they dislike the most, the tasks they list usually involve a type of manual work that is a good candidate for an RPA solution. 1 This increased job satisfaction results in a better work environment and more productive employees. Moreover, the results of the formerly manual processes become better and the cost savings can be recognized.
APPLICATIONS OF RPA
The list of potential uses for RPA is robust. Most manual computer-based tasks performed by employees can be automated with RPA. RPA is often used for back office functions but can extend to customer relationship management, data analysis, and other key areas that involve manual work.
The best way to understand RPA is to learn about the kinds of problems RPA can solve. For example, an RPA program–called a “bot”–can be used to manage customer email inquiries. The bot monitors a sales inquiry email account and automatically imports the information into the CRM, sends alerts to the sales team, sends an automated message to the customer, and imports the information into other systems that are used to track employee availability and sales campaign successes. This works well when timely responses to customers are required.
An example of a nonprofit-specific use of an RPA solution is the management of fundraising campaigns. In many organizations, this process involves pulling past donor information, generating marketing materials, contacting past and new donors, collecting donor payment information, and entering it into an accounting software, updating financial information, and updating a donor database. Most of these steps are performed manually, slowing down the process and introducing the risk of error. With an RPA solution, most of this process can be automated, allowing the organization to spend more time interfacing with donors and working on other mission-critical tasks.
The following is a chart that lists several types of tasks that can be automated by department in most organizations:
While the list above appears to be limited to single-department tasks, many of these are cross-department tasks in nature. Consider a process where the finance department needs to work with IT and sales to request multiple data sets, get input, and share the results. Rather than emailing those departments to pull the same data set every quarter to develop an Excel-based report, an RPA solution automatically performs the data pull and generates the entire Excel report. This not only saves time and effort across the various departments, it also enables the finance team to spend more time doing meaningful analysis of the reports and develop projections and deeper insights.
RPA AND NONPROFITS
RPA is well-suited for solving problems encountered by nonprofits since they face many of the same challenges associated with reducing the time employees spend on manual tasks as for-profit organizations. Whether the work involves manually entering accounts receivable and accounts payable data in accounting software, generating compliance reports, or performing outreach campaigns, time is being spent by employees on less valuable work. Employees would agree that they would rather work on mission-specific tasks rather than repetitive tasks.2
Several examples of the types of nonprofit processes an RPA solution works well with are:
- Pledge campaigns.
- Recurring donation management.
- Digital and print marketing campaigns.
- Outreach campaigns.
- Government and regulatory issue tracking.
- Volunteer management.
Service providers and software developers have begun offering solutions geared toward nonprofits. Several major RPA software developers have recently launched commercial software solutions specifically designed for nonprofits, and service providers who understand the nonprofit sector are able to implement tailored RPA solutions.
RPA solutions can be implemented in several ways. The most common method for organizations is to implement individual bots. These are single programs that perform tasks automatically. The bot can be accessed through a desktop or web-based application. The second method is to implement a server that controls a set of bots within a department or across the organization. The server-based approach is a more robust system that is typically employed when there are a larger number of bots utilized throughout an organization that need to be managed centrally, whereas the individual bot method is appropriate when only several bots are used.
The cost of an RPA solution, a common concern for any organization, depends on these factors:
- Number of bots.
- Time to develop and implement.
- Level of customization.
An enterprise-wide RPA solution of hundreds of bots can be expensive. A smaller implementation with only ten 10 bots or less, however, can be implemented relatively inexpensively and within a short period of time. Companies who sell RPA solutions often have a suite of pre-built bots that can be quickly customized and implemented without requiring a new bot to be developed. As the RPA market matures, the cost will continue to decline.
The key steps for determining whether an RPA solution is appropriate are to:
- Identify where most time and effort is being expended on manual tasks.
- Identify bottlenecks of key processes—specifically identifying manual tasks.
- Implement a pilot program to tackle a high-value discrete task that can have immediate value.
RPA is an exciting new way for organizations to improve their operations while also improving employee job satisfaction. RPA solutions have become a widely adopted strategy for enhancing various parts of organizations’ operations by allowing employees to focus their time and efforts on more high-value and meaningful work. It has helped organizations do significantly more with less while reducing errors, increasing workforce job satisfaction, and better ensuring that deadlines are met. These benefits have been possible with relatively small capital investments and IT resources. While RPA is not applicable to all types of work, it is a good option for reducing hours spent on routine, manual tasks.
BENEFITS OF RPA
- Error-free, consistent results
- Employees can be utilized for higher-value work
- Increased job satisfaction (not spending time doing repetitive, low-value work)
- Faster, more predictable delivery timing
- Documented trail of work performed
- Identify anomalies or other red flags