By Donna Bernardi Paul, SPHR, SHRM-SCP
Are differences in work and communication style in the workplace among the different generations the cause of leadership/supervisory challenges or is it something else?
There have been a plethora of articles, seminars, webinars and discussions around millennials in the workplace and the challenges of managing and working with them due to their different work style.
When we talk about the importance of differences in the workplace, sometimes we forget about one of the most prominent dimensions—age. There are three main generations in our workforce currently, and we are on the brink of adding a fourth. Understanding how to relate to each is critical to successfully keeping them motivated and engaged in their work.
The Baby Boomers: Born between the end of World War II and the early 1960s. Also known as the “Me Generation.” They grew up with television. Mothers were typically home waiting for their children to come home from school, and children were allowed outside of their homes unsupervised. Their relationships with their parents, teachers and others in authority were somewhat contentious.
Boomers came into the workforce in droves. They were the first “workaholics.” Their frame of reference at work was to spend as much time as possible working, sacrificing time with families, so that good things would come to them. Motivating them at work is typically done via the “carrot and stick” approach.
Generation “X”: Born between the early 1960s and the early 1980s. Also known as the “Latchkey Kids” or the “Sandwich Generation” because they are sandwiched between the huge baby boomer and millennial groups. They grew up in an era when more mothers entered the workforce and children came home from school to an empty home. They fended for themselves. They were instructed not to answer the door to anyone they didn’t know. As a result, they became independent and skeptical. They entered the workforce with the frame of reference they needed to have multiple careers so that they didn’t put all their eggs in one basket. They didn’t want to experience the disappointments of prior generations. They tend to be entrepreneurial and individualistic. Managing them at work became more complicated due to their supercilious attitude and resentment towards the boomers and millennials.
Many feel that they do not have career paths because the boomers aren’t leaving and the millennials are leapfrogging over them.
Generation “Y” (millennials): Born between the early 1980s and the early 2000s. Also known as “Echo Boomers.” They represent the largest generation in the workforce and its members generally have high levels of self-esteem. They are highly educated and technologically savvy. Their preferred communication style is text messaging. Their relationships with their parents tend to be that of friends or peers because their parents typically have moved away from the authoritarian style in which they were raised. As a result, they have grown up in an era where their lives are programmed and organized from birth, which doesn’t prepare them to cope with disappointment or help them to make decisions on their own. For example, their nurseries were monitored via the baby monitor. Their parents organized their social activities via “play dates” vs. allowing them to go outside unsupervised. Moreover, parents of millennials have instilled within their children entitlement attitudes vis-à-vis “everyone is right” and “everyone gets a trophy.” Many parents become advocates for their children with schools, their friends and even their workplaces. As a result, this generation has expectations that may not be realistic. They’ve entered the workplace with the expectation that they can work whenever and however works best for them. Managers from prior generations tend to have trouble supervising this group, even though they were probably the same parents who raised them, because this generation’s virtual style of working is very different from what older generations are used to.
Generation “Z”: Born between early 2000s to the present. This generation is extremely technologically savvy. Many had iPads as toddlers. They are now in high school and college.
Perhaps the upshot to all of this is that it doesn’t matter to which generation a person belongs since all workers tend to want the same things:
- Good bosses
- Career paths
If you think back on all the jobs you’ve ever had and all the bosses you’ve ever had, which boss would you choose as your favorite and why? Now, give yourself a rating against your favorite boss in order to determine where you would like to develop your supervisory skills. After all, how do people become bosses? Do they go to school to learn how to be a great boss? Not usually. Typically, they do something well from a technical perspective and then they are promoted out of what they do well and placed into a job (managing others) that they may not be familiar with, and for which they get no training. With proper training of its managers and supervisors, organizations have a better chance to have skilled employees who care and are productive regardless of which generation they fall in because people join companies—they quit bosses.
By Marc R. Berger, CPA, JD, LLM
The IRS Tax Exempt and Government Entities (TE/GE) division released its Fiscal Year 2019 Program Letter on Oct. 3, 2018. The Program Letter outlines its projects and priorities for fiscal year 2019 for tax-exempt organizations, employee plans, Indian tribal governments, and tax-exempt bonds. This article focuses on those projects and priorities relating to tax‑exempt organizations.
The TE/GE division will continue to refine its compliance strategy approach, which is designed to ensure that its examination programs are focused on the highest priority compliance areas to promote efficient tax administration. In this regard, TE/GE collaborates with its IRS business partners and various other groups and agencies, including the Advisory Committee on Tax Exempt and Government Entities, the U.S. Department of Labor, the Municipal Securities Rulemaking Board, and the Securities and Exchange Commission. TE/GE will continue to use advance data and data analytics to drive decisions about identifying and addressing high-risk areas of noncompliance.
The Tax Cuts and Jobs Act (TCJA) will remain a priority in fiscal year 2019. TE/GE has completed numerous form revisions, as well as guidance and training, and it anticipates more developments in these areas going forward. It plans on initiating additional education efforts in FY 2019 along with TCJA-related compliance strategies.
For the first time this decade, TE/GE is onboarding a significant number of new hires, and is cross-training employees to allow flexibility in directing resources to shifting needs. The increase in employees signals a potential increase in examination and enforcement action.
The bulk of the Program Letter focuses on six areas of its compliance program in an effort to become more effective and efficient. These six areas are:
Compliance strategies are issues approved by TE/GE’s Compliance Governance Board (Board) to identify, prioritize and allocate resources within the TE/GE taxpayer base. Using a web-based portal, TE/GE employees submit suggestions for consideration by the Board. Once approved, these issues are considered priority work. Strategies approved to date include:
- Tax-exempt social clubs under Internal Revenue Code (IRC) Section 501(c)(7) – The focus will be on investment income, non-member income, and non-filers of Form 990-T, Exempt Organization Business Income Tax Return.
- Non-Exempt Charitable Trusts under IRC Section
4947(a)(1) – The focus will be on organizations under-reporting income and over-reporting charitable contributions.
- Tax-exempt organizations that were previously for-profit – The focus will be on organizations formerly operated as for-profit entities prior to their conversion to IRC Section 501(c)(3) organizations.
- Self-dealing by private foundations – The focus will be on organizations with loans to disqualified persons.
- Early retirement incentive plans – Determining whether federal, state or local governmental entities that provide cash (and other) options to employees as an incentive for early retirement have applied proper tax treatment to these benefits.
- Forms W-2/1099 matches – Comparing payments reported on Form 1099-Misc., Miscellaneous Income, with wages reported on Form W-2.
- Notice CP 2100 (backup withholding) – Determining whether mismatched and/or missing taxpayer identification numbers on Form 1099 indicate a failure to comply with backup withholding requirements.
- Worker classification – Determining whether misclassified workers result in incorrectly treating employees as independent contractors.
Data-driven approaches use data, models and queries to select work based on quantitative criteria, which allows TE/GE to allocate resources that focus on issues that have the greatest impact. TE/GE integrates data into its processes and procedures, using return data and historical information to identify the highest risk areas of noncompliance.
With respect to models, this includes continuing to improve compliance models based on Forms 990, 990-EZ, and 990-PF, as well as testing the newly developed model for Form 5227 (Split Interest Trust Information return). In addition, identifying returns containing the highest risk of employment tax noncompliance will be a priority.
Referrals, Claims and Other Casework
Referrals allege noncompliance by a TE/GE entity and are received from internal and external sources. The public can submit a specialized exempt organization referral on Form 13909 (Tax-Exempt Organization Complaint). With respect to referrals, TE/GE will continue to pursue referrals received from all sources alleging noncompliance.
Claims are requests for refunds or credits of overpayments of amounts already assessed and paid, and can include tax, penalties and interest. TE/GE will continue to address claims requests, including high-dollar complex employment tax claims filed by federal, state and local governments.
Other casework includes examining entities that filed and received exemption using Form 1023-EZ, focusing on (1) filers who are ineligible to file Form 1023-EZ, (2) filers who donate to (or pay expenses for) individuals, and (3) filers operating bingo and other gaming activities.
Compliance units are employed to address potential noncompliance, primarily using correspondence contacts known as “compliance checks” and “soft letters”.
A compliance check is correspondence with organizations to inquire about an item on a filed return; to determine if specific reporting requirements have been met; or to determine whether an organization’s activities are consistent with its stated tax-exempt purpose. A compliance check is not an examination.
A soft letter is correspondence with organizations that provides notification of changes in tax-exempt law or compliance issues. A response to these letters is generally not expected.
TE/GE will continue to inform taxpayers via compliance checks and soft letters, in particular in the area of adhering to recordkeeping and information reporting requirements, including:
- Combined Annual Wage Reporting – Focusing on tax-exempt employers that had discrepancies between Form W-2 and either Form 941 or Form 944.
- Financial Assistance Policy – Whether tax-exempt hospitals are complying with IRC Section 501(r)(4).
- Form 990-T Non-filers – Looking for IRC Section 501(c)(7) organizations that reported investment income on Form 990 but did not file Form 990-T.
- Supporting Organizations – Entities that state that they are supporting organizations but have filed Form 990-N, which is not allowed.
TE/GE expects a continued increase in determination applications and will concentrate on identifying new strategies for reducing a filing burden and case processing time. The exempt organizations group expects to hire 40 new revenue agents to process determination applications to help offset application increases and workforce attrition.
Voluntary Compliance and Other Technical Programs
This area is focused primarily in the employee plans group of TE/GE, and enables a plan sponsor, at any time before audit, to pay a fee and receive IRS approval for correction of plan failures.
Management of exempt organizations should evaluate the potential implications of the areas identified in the Program Letter on their organizations and consult with their tax advisors.
By Katherine Gauntt
Sales tax is imposed upon retail sales of tangible personal property and taxable services in 45 states and the District of Columbia. Each state determines the circumstances under which a sales tax is imposed on the purchaser.
Purchases by nonprofit organizations are exempt in most of the states, if the tangible personal property or taxable services are used or consumed exclusively for the purposes for which the organization was established. The states usually require each legal entity to register as a nonprofit entity with the state to receive state tax-exempt status. Upon state authorization, the entity can provide a state-approved exemption certificate to its vendors in order to purchase goods and services without paying sales tax.
While nonprofit organizations can make purchases free of sales tax, their sales of goods and taxable services are usually taxable. One could argue that these sales ultimately benefit the organizations’ nonprofit activities but most states do not extend the nonprofit exemption. Many organizations selling promotional goods on their websites are registered in their home state but rarely are registered in multiple states to collect sales tax. Usually they have no “physical presence” in states beyond their home state and did not have to collect the sales tax. However, everything changed on June 21, 2018 when the U.S. Supreme Court held in South Dakota v. Wayfair that states can require a retailer to collect and remit sales tax even if the retailer lacks an in-state physical presence.
History of the Wayfair Case
Effective May 1, 2016, South Dakota passed a law requiring remote sellers to remit sales tax on all taxable sales if the seller’s gross revenue from the sale of products or taxable services delivered into South Dakota exceeded $100,000 or 200 or more separate transactions. Wayfair, Inc., Overstock.com, Inc. and Newegg Inc. refused to comply on the basis that they had no physical presence in South Dakota and, therefore, were not obligated to collect the sales tax. South Dakota filed a declaratory judgment action in state court. The case was fast-tracked through the South Dakota lower courts. Ultimately, the South Dakota Supreme Court, compelled by the 1992 U.S. Supreme Court decision in Quill, found in favor of the Wayfair, Inc. et al. The U.S. Supreme Court in Quill affirmed that “substantial nexus” under the U.S. Constitution’s Commerce Clause required a business to have a physical presence within a state before the state could impose tax or a tax collection obligation.
Nonetheless, the ultimate goal was a U.S. Supreme Court challenge to overturn Quill. On Jan. 12, 2018, the U.S. Supreme Court granted South Dakota’s petition for a Writ of Certiorari with respect to the Wayfair case. Oral argument was heard on April 17, 2018. And on June 21, 2018 the U.S. Supreme Court overruled Quill and the physical presence standard. The Court then ruled that South Dakota’s sales tax economic nexus statute was constitutional and “substantial nexus” under the Commerce Clause. In anticipation of the ruling, many states already had laws on the books which were designed to go into effect if the ruling was favorable. As of Oct. 15, 2018, 35 states have passed some form of economic nexus standard for sales tax purposes.
Wayfair Impact and Action Items for Nonprofits
All industries are likely to see an impact from the Wayfair decision, but industries selling goods and taxable services remotely over the internet at retail have the greatest exposure. Nonprofits carry the same burdens as for-profit e-commerce sellers for taxable goods and services, if their sales reach the economic thresholds established by the states. (For the latest information on thresholds by state go to: https://www.bdo.com/wayfair.) When it comes to Wayfair, it’s also important to keep in mind that all states aren’t equal. The following are areas that nonprofit organizations should review to mitigate their risk of overpaying or under-collecting the sales tax.
Most states require nonprofits to register with the state departments of revenue if they are eligible for a sales tax exemption on purchases. In addition, once the economic thresholds are reached, the nonprofit must register as a vendor with the state since its sales will likely be treated the same as for-profit vendors. Again, each state is different regarding its nonprofit tax registration requirements.
As a result of Wayfair, more sellers will be required to collect sales tax. Many of these sellers either “assume” everything they sell to nonprofits is exempt from tax or default all sales to taxable without consideration for nonprofit status. Either way, nonprofits must be proactive in informing their vendors when to charge them sales tax or they could end up overpaying sales tax on purchases or underpaying and creating a use tax assessment if they are audited. Each vendor’s sales should be reviewed to ensure that, if no sales tax is charged, the sale qualifies for the nonprofit exemption (i.e., the purchase benefits the organization’s nonprofit activities). It is important to establish an exemption certificate policy to ensure that only those vendors selling qualified goods and services are given an exemption certificate. Providing an exemption certificate to a vendor shifts the liability for the tax to the nonprofit even if it is provided in error. Areas where sales to nonprofits are generally taxable include sales of food, lodging, certain types of software and supplies such as uniforms, furniture and fixtures or any other type of sale unrelated to the purpose for which nonprofit status was granted by the state.
Nonprofits should examine their sales volumes in each state and compare it to the economic nexus thresholds established by each state. In general, measurement should be done at a legal entity level if there is more than one legal entity doing business in the state (although some states may combine sales of affiliated legal entities.) For tangible products, the state where sales occur is determined by the delivery address. However certain nonprofits, especially in healthcare, sell tangible goods, digital products (e.g., e-books) and services. In addition, some are part of an organization of affiliated companies consisting of nonprofit and for-profit entities. Nonprofits should consider the following when developing an action plan for determining nexus and potentially charging sales tax:
- Where are the tangible goods, digital products and services sold?
- Do the sales reach the threshold for economic nexus?
- If yes, what are the necessary actions needed for complying?
- Registration – Nonprofits should register as a vendor in each tax jurisdiction.
- Taxability of Products Sold – A determination of the tax status of each product sold should be made.
- Exemption Certificate Procedures – If products are sold to other nonprofits, a process to collect exemption certificates should be established.
- Billing Sales Tax – A process must be established to charge the correct sales tax on an invoice. To do so, the nonprofit must utilize the most current sales tax rates to charge its customers.
- Reporting – Depending on volumes, sales tax reporting can be in-house or outsourced through third parties. Most states have portals where tax returns can be filed by keying in the data manually if the nonprofit has established economic nexus in only a few states.
- In addition, nonprofits should consider their internal operational capabilities:
- Accounting – Do you have Sales Tax Liability Accounts set up that can undergo reconciliation and audits?
- Technology – Do you have the functionality in your billing system to charge the correct tax on taxable sales?
- Resources – Do you have enough resources in-house to administer exemption certificates and tax reporting?
- Document Retention – Most states require retention of all invoices, work papers, tax returns and other supporting documentation to support the taxes reported.
Wayfair has impacted every organization in the country in one form or another. Not all nonprofits sell goods and services, but they may see an uptick in the costs of the things they buy as a result. Those that do sell, must perform their own due diligence and incur the costs of compliance just like any other company dealing with the complexities of 46 different state tax jurisdictions with 46 different sets of rules. The rules are still evolving but one thing is certain: Unless Congress acts to change the economic nexus standards established by the Wayfair case, every entity, including nonprofit entities, that buys or sells will incur extra costs in its attempt to comply with current law.
 South Dakota v. Wayfair, Inc. 585 U.S.__(2018)
 Quill Corp. v. North Dakota, 504 U.S. 298 (1992)
 In addition to Quill, National Bellas Hess v. Department of Revenue, 386 U.S. 753, 87 S.Ct. 1389 (1967), was also overruled.
By Laurie De Armond, CPA, and Adam Cole, CPA
Nonprofit organizations are uniquely shaped by their mission, history, size, program goals and community.
But leaders of these organizations—whether a CFO at a global health services charity, a CIO of an education endowment or the executive director at a museum—share a common goal of advancing their organization’s mission. To drive forward progress, it’s essential that leaders understand where their organization sits in relation to its peers on objective measures of performance.
The BDO Institute for Nonprofit Excellence’s 2018 benchmarking survey, Nonprofit Standards, surveyed leaders at midrange organizations (those with less than $25 million in annual revenue), upper-midrange organizations ($25-$75 million in annual revenue), and large nonprofits (above $75 million in revenue) to reveal insights nonprofits can leverage to strengthen their organization. Across the spectrum, the report finds that upper-midrange organizations face more significant challenges than their smaller and larger peers.
Funding Challenges Amid Rising Costs
While 56 percent of upper-midrange nonprofits saw their revenues grow over the past year, this was dwarfed by the 69 percent of large nonprofits and 70 percent of midrange nonprofits that also saw some revenue growth. At the same time, nearly half (49 percent) say declining revenue and funding is at least a moderate challenge, compared to 45 percent of midrange and large organizations. Perhaps as a result of this challenge, 49 percent of organizations at this scale maintain six months or less of operating reserves, and one third cite maintaining adequate liquidity as a moderate or significant challenge—indicating a potential gap in the fiscal safety net for these organizations.
Some of the funding challenges upper-midrange nonprofits face may be attributable to the types of funding sources these organizations rely upon, including individual contributions (15 percent), government grants (12.6 percent), fundraising/special events (11.4 percent), and corporate contributions (7.8 percent)—all of which can be either cyclical in nature or impacted by regulatory changes, such as tax reform.
Nevertheless, amid these challenges in securing funding, upper-midrange nonprofits face the same challenges as all other organization sizes in addressing rising overhead costs: 58 percent of upper-midrange nonprofits and nonprofits overall say rising costs is at least a moderate challenge.
Program Growth Emphasizes Importance of Communicating Impact
Despite challenges in securing funding, upper-midrange nonprofits are working to expand their program offerings and deliver on their core mission. Organizations in the upper-midrange devote 80 percent of their total expenditures to program-related activities—compared to 78 percent for large nonprofits and 68 percent for midrange nonprofits. Forty-two percent of upper-midrange nonprofits also say the inability to meet demand for their services is a high or moderate challenge, and 58 percent are responding by planning to introduce new programs in the next year without eliminating others.
This program expansion makes demonstrating impact to stakeholders more important than ever. When it comes to making an impact, nearly all nonprofits surveyed (93 percent) communicate their impact outside of the organization; meanwhile, 72 percent of upper-midrange nonprofits say some portion of their donors have demanded more information about outcomes and impact than before.
But as nonprofit leaders know all too well, reporting impact to donors and other stakeholders is no easy task. Organizations in the upper-midrange are more likely than midrange or large nonprofits to say they face moderate or significant challenges in reporting impact, including having no consistent framework for measuring and reporting (66 percent vs. 56 and 53 percent, respectively), lacking clear program objectives and/or key performance indicators (55 percent vs. 43 and 41 percent, respectively), and inadequate financial resources devoted to reporting (55 percent vs. 31 and 33 percent, respectively).
Recruitment and Retention Challenge Upper-Midrange Organizations
Nonprofits derive their strength from dedicated and driven employees, yet recruitment and retention remain a high or moderate challenge for 6 in 10 nonprofit leaders. Upper-midrange nonprofits are the most concerned, with 70 percent citing recruitment and retention as a high or moderate challenge, compared to 61 percent of large organizations and only 35 percent of midrange organizations.
Key factors in keeping employees engaged and growing employee satisfaction levels for all organizations include having competitive compensation levels (59 percent), up-to-date technology (58 percent), internal communications (54 percent), and management-employee relations (51 percent). These challenges were all most pronounced among upper-midsized organizations. While 7 in 10 midrange nonprofits were able to provide at least a 3 percent increase in employee compensation levels within the last year, only 44 percent of upper-midrange and large nonprofits were able to do the same.
Overcoming Key Challenges: Planning Ahead
Do the data show that upper-midrange nonprofits are doomed? Not at all. Instead, this year’s Nonprofit Standards highlights the success of many nonprofits that were able to overcome these classic scaling challenges to grow successfully and expand their programs.
While not comprehensive, below are some best practices for organizations looking to overcome these challenges.
Fundraising Effectiveness: Nonprofits looking to increase their fundraising effectiveness should:
- Match their donor behavior. Nonprofits should consider what influences their donors to donate in general—and to their organization specifically—and tailor their messaging accordingly.
- Reduce their giving barriers. It’s critical that organizations regularly update and modernize their donation channels (including online and mobile giving platforms) to keep pace with changing consumer behavior.
- Leverage data analytics. Nonprofits should dig into their own data to understand the demographics of their core contributors and to identify new prospects. (See the article on page 10 entitled, How Predictive Analytics is Transforming NPO Fundraising.)
Donor Communications & Impact Reporting: To ensure smoother donor communications and reporting, nonprofits should:
- Start with the end in mind. Organizations should identify the story they want to tell their stakeholders and paint a vision of what the world could look like if their mission were achieved.
- Make reporting an ongoing process. Nonprofits should gather and report data on a quarterly or monthly basis to keep stakeholders in the loop and make year-end reports less daunting.
- Remain transparent. Nonprofit reports offer an unparalleled opportunity to contextualize an organization’s metrics and finances.
- Share their report widely. Organizations should distribute their report via multiple channels so both existing and prospective donors have a chance to see it.
Staffing and Recruiting: To maintain and attract top talent, nonprofits should:
- Stay competitive in their local market. Nonprofits should ensure their policies make their organization an attractive place for potential employees.
- Capitalize on flexible work options. Remote work arrangements can be both beneficial to employees and cost-effective for organizations.
- Remain proactive about succession planning. With 4 million baby boomers retiring each year, the need for a succession plan is a “when” rather than an “if” scenario.
The more upper-midrange nonprofits—and those of all sizes—can learn from benchmarking against their peers, the better prepared they will be to advance their mission and support continued growth. Gaining intelligence is vital to staying afloat.
Adapted from article originally published in NC State University’s Philanthropy Journal News.
By Michael Conover
I have previously discussed the inevitable transition of numerous baby boomers holding leadership posts in nonprofit organizations. The topic has been well-covered in a variety of publications for nearly a decade.
However, I believe the seismic shift that some have predicted has failed to materialize on a scale that was predicted. I attribute this to a variety of factors, including: delayed retirements out of financial need or resistance to change; belief that age 75 is the new 65; or just procrastination.
The slowdown in the rate of change will not soften its impact. It may intensify it. The delay on the part of these baby boomer executives and the boards to whom they report could increase the likelihood of an unexpected and disruptive leadership crisis. The problems can range from a noticeable decline in performance to an abrupt departure caused by sickness or death. Leadership changes under the best of circumstances are not 100 percent successful; thus, in crisis mode, the odds of success are much slimmer.
The other obstacle I allude to in my title is executive retirement arrangements (or lack of same). As organizations finally confront the departure of a long-tenured and critically important executive, the details of the retirement arrangements come to the forefront. This is the point at which many organizations and executives discover the price that will be paid for failing to address this important issue well in advance. Proper advance planning can not only minimize financial uncertainties for the executive and the organization that may interfere with retirement planning, but can prevent other potential and very expensive obstacles as well.
Many compensation committees have failed to proactively raise the subject of retirement plans and acknowledge the impact that they will have on an orderly retirement / leadership transition. There are a variety of reasons including: financial costs; reluctance to broach the subject of leadership change; mistaken assumptions that arrangements made many years ago will address the needs; embarrassment that arrangements are inadequate or have not been made; etc. Committee members must realize that time is not on their side for addressing retirement-related arrangements. Delaying can create many negative impacts for both the executive and the organization.
I would like to describe a few different scenarios that illustrate the types of situations we have discovered in “11th hour” reviews of retirement arrangements:
Plan Document Failures: Plan documents (e.g., employment contracts, deferred compensation arrangements, life insurance plans, etc.) developed many years ago and / or those that have been drafted without the benefit of needed expertise to ensure compliance with current requirements pose potential problems to the unwary.
The inclusion of what appear to be ordinary terms in the arrangements, or the failure to include critical details, can prove disastrous in terms of potential tax liability and penalties for the executive as well as the employer. Language included to ensure that retirement resources are secure may produce inadvertent vesting of a benefit and tax liability long before it is actually available. Similarly, incorrectly structuring payments can result in an unforeseen tax liability and punitive excise tax penalties.
If these issues are identified proactively or within a time period that corrective actions can be taken, the problems can be minimized. There is, however, a point at which it is simply too late.
Plan Administration Failures: In some instances, well-drafted plan documents are not adhered to from an administrative standpoint. Contributions, excess contributions, payment amounts and / or payment terms are made that fail to follow plan requirements. The failure to ensure compliance may result in adverse tax consequences to the executive and the organization.
Failure to properly recognize and report details of retirement arrangements are also common. The executive’s W-2 form, personal tax return and the organization’s Form 990 may all need to include information related to the plan arrangements as well as timely recognition of income when vesting occurs. Discovering these issues after the fact can necessitate amending prior year returns and also involve adverse tax consequences to the executive and the organization.
Improbable Catch Up: A compensation committee’s failure to establish a specific position on retirement benefits for the executive, as well as a specific objective for the level of benefits to be provided well in advance of the probable retirement event, drastically diminishes the likelihood of providing any level of benefit beyond that provided to all employees. Waiting until just a year or two prior to retirement will likely place an unreasonable financial burden on the organization to fund a benefit that might have been spread over many years of employment. Similarly, large contributions / payments toward the very end of employment may trigger an excess benefit situation, or the appearance of same, that may create adverse consequences for the executive and the organization.
The Wake-Up Call
Most compensation committees spend most of their time on decisions about current cash compensation (i.e., salary, bonus and incentive) matters for executives. Clearly, these are important matters and ones that require the committee’s attention in light of the disclosure of this information to external stakeholders and the public. I am not suggesting the committee members spend any less time on them.
I am however suggesting that compensation committees incorporate an immediate and recurring review of the organization’s retirement program to ensure that all documentation, administration and funding are in accordance with the organization’s policy, on track to meet stated objectives and fully compliant with pertinent regulatory and reporting requirements. Regular checkups may also be beneficial in helping the organization to be more attentive and proactive on succession / transition needs. As we have pointed out, delay on these matters is the enemy of effective solutions.
Executive management also has a role to play in this wake up call. Steps should be taken to ensure that the compensation committee has access to all internal and external information and advice that will assist them in their efforts to ensure that all steps have been taken to ensure that the retirement arrangements pose no obstacles to the inevitable retirement and leadership succession that every organization faces.
By Lee Klumpp, CPA, CGMA and Laura Kalick, JD, LLM in Taxation
The Financial Accounting Standards Board (FASB) recently posted a Q&A stating the FASB staff would not object to nonprofits applying guidance from the Securities and Exchange Commission (SEC) on the application of Topic 740, Income Taxes, in the reporting period that includes the date on which the new tax law was signed.
The SEC staff issues statements expressing a view on applying topics in the FASB Accounting Standards Codification (ASC) and/or disclosure requirements through staff accounting bulletins (SABs). These statements represent the practices and interpretations followed by the SEC staff. Historically even though the SEC staff’s views and interpretations aren’t directly applicable, nonprofits have chosen to apply the guidance in the SABs.
When the new tax law was signed, the SEC staff released SAB 118 for applying Topic 740, Income Taxes, as it relates to tax reform. SAB 118 outlines the approach entities may take if they determine that the necessary information is not available (in reasonable detail) to evaluate, compute and prepare accounting entries to recognize the effect(s) of the new tax law by the time the financial statements are required to be filed. Entities may use this approach when the timely determination of some or all of the income tax effect(s) from the tax law is incomplete by the due date of the financial statements. SAB 118 also prescribes disclosures that reporting entities must provide in these circumstances.
MAIN PROVISIONS OF THE FASB Q&A
The FASB staff would not object to nonprofits applying SAB 118, which the staff believes complies with generally accepted accounting principles (GAAP). This view is based upon the historical application of SABs by nonprofits.
The FASB staff also believes that a nonprofit opting to apply SAB 118 would need to do so in its entirety, including the disclosure requirements. Such reporting entity should also disclose its accounting policy of applying SAB 118, required by ASC paragraphs 235-10-50-1 through 50-3.3
For more information on nonprofit financial reporting, contact a Blackman & Sloop nonprofit advisor.
Article reprinted from the BDO Nonprofit Standard blog.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2018). Copyright © 2018 BDO USA, LLP. All rights reserved. www.bdo.com.
By Ken Eye and Andrea Wilson
The internal audit (IA) function is vital to the health of any nonprofit, regardless of mission or scope. The audit committee and its individual members are crucial partners in safeguarding the integrity, purpose and, ultimately, the success of organizations.
But, they often face challenges navigating a strained regulatory environment, all while trying to do more with less. Adjusting to these new realities means that proper management is more important than ever. This article outlines the top 10 challenges keeping internal auditors up at night, and providing remedies to help them continue their critical work.
1. CHANGES TO OPERATIONS OR STRATEGY
For most nonprofit organizations, change is inevitable. As the needs of communities, internal dynamics, priorities and leadership transform, nonprofits adjust their mission and strategies. While this dynamism is essential for organizations to further their work, change can create strain for internal auditors. Whether its expanding operations to a new location, working with new donors or rolling out a new organizational structure, internal auditors are often left scrambling to ensure compliance.
THE REMEDY: Change is unavoidable, but compliance headaches don’t have to be. Nonprofits should be proactive about integrating internal audit into large scale organizational changes. This means allocating IA resources to evaluate emerging compliance and legal requirements, incorporating IA into the strategic decision-making process at the outset, revising policies and procedures with the new compliance environment, and developing succession plans to facilitate smooth personnel changes. And, IA should not just be involved in the change process—organizations should allow internal auditors to conduct post-implementation assessments to ensure ongoing compliance.
2. ORGANIZATIONAL CULTURE
The organizational culture of nonprofit organizations usually centers on a mission that employees are passionate about. This passion attracts staff personally motivated to help the overall organization succeed, but can come at the cost of internal controls. For nonprofits, “the cause” can often be promoted at any cost. Mid-level management professionals can be highly skilled in technical areas, but may lack knowledge in compliance, financial accountability and oversight. A lack of interactive communication between key administrative and program units within the organization can result in insufficient internal controls.
THE REMEDY: To balance maintaining organizational culture with proper operational management, communication is essential. Nonprofits should develop a sound communication strategy that brings the internal audit and compliance functions in regular contact with the rest of the staff. During these interactions, IA professionals should be sure to communicate how risk management practices align with overall organizational strategy and mission objectives. Bringing people together in this way helps make IA an integral part of an organization, rather than an afterthought.
Even when strong communications are in place, breakdowns are sometimes inevitable. Organizations should conduct regular assessments of business processes to determine where breakdowns in communication between business units occur. These assessments should help identify gaps that could pose significant risks to the organization.
Based on the results of these assessments, organizations should design and implement remediation plans, including scheduling necessary trainings for all employees and rolling out new process flows and accountability points to close any gaps.
3. NEW TECHNOLOGY
Technological advances help organizations store and share data, but new technology is often implemented without the knowledge or involvement of the internal audit function, to potentially disastrous and costly results. Ideally, internal auditors should assess new technology well before it’s utilized to review issues like control over sensitive data, continuity of the technologies between offices, and adherence to compliance and regulatory requirements. Without this review, nonprofits leave themselves open to a number of risky consequences, as well as operational inefficiencies.
THE REMEDY: Technology can be a huge boon to nonprofit organizations, but only when it’s used wisely. IA should
work with nonprofit leaders to first assess technology currently being used organization-wide, and then identify what the organization still needs to address. Internal auditors can assist with researching and proposing approved technologies for organization-wide usage, to facilitate cohesion and compliance and to help management improve system efficiencies.
Organizations also need to implement proper internal controls to ensure they’re mitigating technology risk as much as possible. IA can conduct a risk assessment of each technology used and implement policies to restrict or prevent the use of high-risk programs or devices. Organizations should also require similar checks and risk assessments for all new technology prior to usage.
With new technologies exploding in popularity, cybersecurity risks abound. Nonprofit organizations often mistakenly believe they aren’t of interest to cyber criminals, but the amount of personal data they store from donors and employees, and the tendency to underinvest in cybersecurity measures, make them an ideal target. It can be difficult for nonprofits to maintain up-to-date technology and hardware, keep pace with technological changes and navigate the shifting regulatory landscape with their limited funding. Nonprofits also frequently partner with technology suppliers and other contractors that leave them open to third-party cyber risks.
THE REMEDY: The first step to mitigating cyber risk is to conduct an organization-wide cybersecurity risk assessment that includes partner, contractor and technology supplier cybersecurity as part of the due diligence process. This assessment should shed light on where internal and external gaps exist. Following the assessment, organizations should implement additional controls by updating policies, procedures and internal controls to address identified gaps.
A startling number of cyber incidents arise from employees unknowingly exposing the organization to bad actors. Training staff to recognize these exposures is fundamental to their prevention. Nonprofits need to regularly communicate risks to employees and vendors to ensure everyone is adhering to established policies.
Monitoring cyber risk needs to be an ongoing effort. Nonprofits should develop a risk assessment schedule to examine internal partner, contractor and technology supplier cybersecurity on a quarterly or annual basis. Internal audit can assist with implementing these assessments.
5. COMPLIANCE WITH FUNDER REQUIREMENTS
Nonprofit organizations often have the unique challenge of negotiating compliance requirements across multiple funding sources including government entities, individuals, private foundations or other organizations. This challenge is only growing as budget cuts force organizations to focus on diversifying revenue streams and expanding donor pools, and with a recent increase in donor audits of specific grant activity at the materiality level. Further complicating the matter is a growing emphasis on international accounting standards (as opposed to relying on U.S. generally accepted accounting principles).
THE REMEDY: To clarify exactly what funding requirements an organization faces, it should conduct a compliance assessment, comparing requirements across all donor agreements to determine areas of overlap and areas of discontinuity. These agreements should then be compared against written policies and current practices to identify gaps.
Remediation plans can amend policies and procedures, and staff trainings should be conducted to ensure all levels and functions understand their role in maintaining compliance with funding requirements.
Staying current is critical. Nonprofits should develop a compliance assessment schedule, and IA and compliance departments need to stay on top of new funding streams and emerging trends so they can pivot when necessary.
6. FINANCIAL CONTROLS
Even though nonprofits are motivated by making an impact rather than money, organizations still face a host of hurdles when it comes to financial management. Many international nonprofits operate in countries with cash-based economies, making it tough to maintain adequate control of funds and sufficient supporting documentation. And new payment technologies, while enabling new and widespread operational tools, are often accompanied by verification and other control challenges. Nonprofits also face resource constraints and may have a limited number of finance staff to oversee financial management processes, which can be manual and prone to human error. For organizations with
several offices, branches often operate with little to no centralized oversight over their accounting and cash management procedures.
THE REMEDY: Nonprofits should review cash management procedures and evaluate typical expenditure cycles to identify potential risk areas across the entirety of an organization. Internal audit is central in assisting management in testing cash management controls.
- Organizations can then implement additional controls in keeping with best practices, like limiting cash handling or volume of cash transactions where possible. Nonprofit managers should consider investing in technologies and resources that limit high risk processes.
Standardizing procedures will help cut down on variance of practices between offices. All branches should centralize accounting and reporting procedures. At a minimum, each location should maintain copies of supporting documentation of all expenditures and financial reporting and should regularly review them with staff.
7. RELIANCE ON THIRD PARTIES
Vendor actions can create extremely adverse consequences for nonprofit organizations. Concerns range from reputation damage to the vendor’s illegal acts being attributed to the nonprofit organization. This risk applies to all types of organizational relationships with vendors and nonprofits, especially those administering federal grant programs given increased subrecipient monitoring and due diligence requirements.
Despite the risks, most nonprofits rely on partners or contractors for critical program functions. This makes it difficult to conduct due diligence reviews and monitoring activities, particularly when the partners/contractors are numerous, geographically dispersed or operating overseas. Partners are normally tasked with self-reporting, meaning frauds like ghost employee payments are easily hidden. Contractors also usually have access to organizational networks and information, creating an additional layer of risk.
THE REMEDY: Organizations should review current policies and procedures to ensure robust due diligence and monitoring processes are in place for all third-party relationships. This should include an assessment of partner/contractor access to project data, systems and networks, and the limitation of access where possible.
- Nonprofits need to implement additional monitoring and verification processes, including:
- Conducting regular spot reviews or investigations of reported data
- Requiring partners and contractors to certify financial and programmatic assertions
- Verifying number of partner/contractor staff and salary payment amounts
- Conducting unannounced site visits
- Considering third-party verification systems
These processes should be re-evaluated on a regular basis to ensure their effectiveness.
8. PROCUREMENT PROCEDURES
Nonprofit organizations rely heavily on non-competitive procurement processes due to several reasons. Often, procurement procedures, selection criteria and selection decisions are inadequately documented, leaving organizations unable to show that there was no bias in the selection process. Preferred vendor lists are rarely updated, and control of vendor solicitation, selection and site visits is often left with just a few individuals.
THE REMEDY: IA should review current procurement procedures against industry standards and donor requirements. They should also be transparent about their procurement policies including:
- Publicly announcing tenders as much as possible
- Updating vendor lists through open competition as frequently as possible
- Verifying vendors and prices through in-person or third-party checks
- Comparing bids against market prices
- Documenting criteria and selection procedures to bid samples with procurement files
- Ensuring procurement/selection committees are rotated on a regular basis
9. TRANSPORTATION AND DISTRIBUTION
For organizations that distribute goods, inventory management and oversight can prove to be major sources of stress for internal auditors. Often, nonprofits have difficulties verifying receipt of goods or services by their intended beneficiary, and confirming the goods provided are in the same quality and quantity as what was purchased. Diversion, theft and product substitution are especially difficult to identify. Despite resource and capacity issues, recent increased scrutiny of internal controls and supply chain management means that organizations need to address these issues sooner rather than later.
THE REMEDY: To help combat issues in the distribution chain, organizations need to shore up monitoring procedures by:
- Establishing monitoring teams for critical points along the supply chain
- Implementing two-step or three-step verification procedures at each critical stage
- Hiring a third party to conduct site visits and monitor transportation and distribution
- Using technology to assist in tracking and monitoring, including unique identifiers on products for inventory and tracking purposes and requiring distributors to take time-stamped photos/videos of deliveries
- Another effective risk mitigation strategy is to communicate directly with beneficiaries. Organizations can hold pre-distribution meetings with communities to review any past issues or concerns. Detailed packing lists and/or photographs of parcel contents should be inside packages. Nonprofits can include in the contract clauses with distributors to withhold payments to distributors until delivery is confirmed. This further ensures the distributor is holding up its end of the agreement.
10. FRAUD AND CORRUPTION
It’s the job of the internal audit function to uncover fraud, waste and abuse in nonprofit organizations, but often they are set up for failure. Due to a lack of communication between functional and program units within organizations, increased used of third parties, outdated systems, increased regulations (and the list goes on…), the opportunity to exploit a nonprofit’s controls is growing at a time when IA resources are shrinking and reputational risk for organizations is at an all-time high.
THE REMEDY: Preventing fraud starts within an organization itself. Stakeholders should evaluate current fraud prevention, detection and investigation measures against regulatory requirements and develop a plan to remediate any identified gaps. They should also be sure to provide accessible fraud reporting mechanisms for all employees, partners, grantees/beneficiaries and stakeholders.
- Despite resource constraints, organizations need to ensure IA has the appropriate level of resources to detect and investigate potential cases of fraud. Funds should also be set aside for visits to third parties and office locations and the establishment of a fraud hotline. Put a process in place to notify any impacted funders in a timely manner and in line with donor requirements to prevent exacerbating the impact when fraud does occur.
It’s also key to establish a fraud prevention and detection assessment schedule so practices can stay up-to-date and make sure nothing falls through the cracks.
Internal auditors at nonprofits have a tough, but essential job that’s key to keeping the organization focused on mission fulfillment. By assessing current practices, developing action plans and regularly monitoring activities, organizations can mitigate risk and serve their beneficiaries more effectively.
Article reprinted from the BDO Nonprofit Standard blog.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2018). Copyright © 2018 BDO USA, LLP. All rights reserved. www.bdo.com.
By Lewis Sharpstone, CPA
The quality and completeness of the audit committee charters that I have seen typically range from very good to great. This is why there is no mention in this article, other than here, of core audit committee responsibilities such as auditor appointment, audit review, monitoring of whistleblowing incidents, or conflicts of interest reporting. However, here are my top five suggestions that should be considered for strengthening even a great audit committee charter.
- INCORPORATE ALL YOUR STATE AUDIT COMMITTEE REQUIREMENTS INTO THE CHARTER
For example, under California law there are stated guidelines as to who can and cannot serve on the audit committee. The most well-known California rule is that no more than 50 percent of the audit committee can comprise finance committee members. Most California audit committee charters I see cover this rule. But many California audit committee charters I see don’t include the lesser known but equally important rules. For example, in California the chair of the audit committee is also prohibited from serving on the finance committee. Make sure you know your state audit committee requirements, if any, and ensure that they are embedded into your charter.
- MINUTES OF MEETINGS
Part VI, Section A, question 8 of IRS Form 990 reminds us that as a best practice, organizations should memorialize all board meetings with documented minutes. This also applies to all meetings of subcommittees of the board. The audit committee is a subcommittee of the board, so documented minutes should be produced for each meeting. Accordingly, this should be stated in the charter.
- EXECUTIVE SESSIONS
Most audit committees build into their charter the notion that they can hold executive sessions with specific parties. In almost all cases it is either written or implied that executive session means organization staff members are excused from the meeting and the audit committee meets alone with the external auditors or other parties. However, executive sessions can be much broader than this and should probably be defined as such. For example, since the responsibility of audit committees includes a broad understanding of risk, and since a significant risk facing any organization today is cybersecurity, it is probably appropriate for the audit committee to want to meet in executive session with the chief information officer.
- THE AUTHORITY TO INDEPENDENTLY CONSULT WITH AND RETAIN OUTSIDE LEGAL COUNSEL
The audit committee should be collaborative most of the time but function objectively all the time. The authority of the audit committee to retain outside legal counsel, if needed, is recommended to be included in the charter. If the need arises, having this documented within the charter will be important to the audit committee in exercising its responsibilities. Conversely, it might prove almost impossible in certain circumstances for the audit committee to exercise its duties without this authority.
Self-review is a powerful and useful process if performed correctly and periodically. It provides an appropriate time and forum for members of a committee to voice suggestions to improve the effectiveness of the committee on which they serve. Certainly, the absence of an appropriate time and forum to voice these suggestions for improvement can lead to problems down the road. This is why embedding a periodic audit committee effectiveness self-review requirement and process into the charter is highly recommended. The audit committee charter should also be self-reviewed periodically.
This article originally appeared in BDO USA, LLP’s “Nonprofit Standard” newsletter (Summer 2018). Copyright © 2018 BDO USA, LLP. All rights reserved. www.bdo.com.
By Laura Kalick, JD, LLM in Taxation
Does your tax-exempt organization provide transportation and parking benefits to employees? If so, you may have another commuter headache: a new tax. Under the Tax Cut and Jobs Act of 2017 (the Act), a provision was added to the Internal Revenue Code that is likely to require many tax-exempt organizations to pay unrelated business income tax (UBIT). Certain costs of qualified transportation, including transit passes, qualified parking and more, will now be taxed as unrelated business income at 21 percent.
The Act added the following provision to the Internal Revenue Code: Internal Revenue Code (IRC) Section 512(a)(7): Increase in unrelated business taxable income by disallowed fringe.
This provision was an attempt to put exempt organizations on the same footing as taxable organizations that will no longer be able to deduct these costs. The provision is effective for amounts paid or incurred after Dec. 31, 2017.
Under this provision, certain qualified transportation fringe benefits, including those relating to parking garages, must be reported as unrelated business income (UBI). All tax-exempt organizations (and a college or university owned and operated by a state or other governmental unit) will have to include as unrelated business taxable income any amounts paid or incurred for any qualified transportation fringe benefit, including the following:
- A ride in a commuter highway vehicle between the employee’s home and workplace.
- A transit pass.
- Qualified parking.
Qualified parking is parking you provide to your employees on or near your business premises. It includes parking on or near the location from which your employees commute to work using mass transit, commuter highway vehicles, or carpools. If an organization has its own garage that is used for parking that is already reported as UBI (e.g., parking for the general public), then the percentage of those costs attributable to the amount already included in its UBI does not have to be included in the amount treated as UBI under the new provision.
The UBIT on these employer costs is 21 percent at the federal level and state taxes may apply as well. Organizations should consider making estimated tax payments on these taxes.
These employee fringe benefits are still excluded from an employee’s income. Employers can generally exclude the value of transportation benefits provided to an employee during 2018 from the employee’s wages up to the following limits:
- $260 per month for combined commuter highway vehicle transportation and transit passes.
- $260 per month for qualified parking.
See IRS Publication 15-b for more information.
Even if the benefit is provided under a compensation reduction agreement, the payment will still result in UBIT for the organization. The only way the organization can avoid counting these benefits as UBI is to have the employee pay for the benefits with after-tax dollars.
COMPENSATION REDUCTION AGREEMENT EXAMPLE:
For 2018, the monthly limit on the amount that may be excluded from an employee’s income for qualified parking benefits is $260. Commuter employees can receive both the transit and parking benefits up to $520 per month tax-free.
On a per employee basis, for commuter and transit passes only, $260 monthly is $3,120 annually, and the UBI tax on this amount at 21 percent is $655 plus state taxes, if applicable. With 100 employees, the federal tax alone would be $655 per employee and approximately $65,500 in total. To the extent your organization provides a commuter benefit of up to $520 per month, the UBI tax can be much more.
- Organizations should determine whether they provide these transportation and parking benefits, and if so, to how many employees, what kind and how much?
- Calculate the estimated tax payments for Federal UBI and the state, if applicable.
- If your organization has not filed Form 990-T in the past, enroll the organization in the Electronic Federal Tax Payment System in order to remit the taxes.
By Karen Schuler, CFE, IGP, IGP and Taryn Crane, PMP
Notwithstanding the EU General Data Protection Regulation (GDPR)—the most sweeping change to data privacy in 20-plus years, with extraterritorial scope that went into effect on May 25, 2018—there are numerous privacy laws that are often overlooked.
Earlier this year companies like Facebook have come under fire for privacy violations while Congress is looking for ways to protect the privacy of American citizens. These movements are just the beginning of widespread change that we expect for privacy laws over the next several years.
As discussed in the Spring 2018 issue of the Nonprofit Standard in an article entitled “The Integration of Data Privacy into a Data Governance Program,” nonprofits can’t afford to ignore regulations like GDPR as many organizations are impacted due to their global reach. But now that May 25, 2018 has passed and GDPR officially went into effect, it’s time to think about your holistic privacy program—or implementing a Privacy Operational Life Cycle that helps your organization keep employees apprised of new privacy requirements, embraces recordkeeping and sound data protection practices while offering enhanced data privacy for your donors, employees, and constituents.
Think about these areas to develop a sound Privacy Operational Life Cycle:
- Develop an organizational privacy vision and mission, and document the program’s objectives.
- Identify legal and regulatory compliance challenges that are relevant to your organization.
- Locate and document where personal information resides throughout your organization or across third parties (e.g., hosting vendors, outsourced applications).
- Develop a privacy strategy that identifies stakeholders, leverages key functions throughout the organization, creates a process for interfacing within the organization, and outlines a data governance strategy.
- Conduct a privacy awareness workshop to highlight to the entire organization the goals of the program.
- And, finally, develop a structure for your privacy team with a governance model that is clear and consistent for the size of your organization.
The above-mentioned items are a starting point, but there is more to do after you develop your initial structure and communicate the purpose of the program. Below is a guide to developing the Privacy Operational Life Cycle.
DEVELOP AND IMPLEMENT A FRAMEWORK
The framework should provide you with an implementation road map that outlines your privacy procedures and processes. Developing a framework helps you identify high risk areas, reduce data loss, and provide a measurement against compliance to laws, regulations, and standards. Frameworks that provide initial guidance include the AICPA and CICA Privacy Framework, ISO 17779/BD7799, or OECD Privacy Guidelines.
DEVELOP PRIVACY POLICIES
Once you have selected an overall framework to govern your privacy program, look at your existing policies, procedures, and guidelines. During this phase you should evaluate the goals of the privacy program and determine what business initiatives are the baseline of the privacy program. Just remember, as you look to update policies, procedures and guidelines for the organization, ensure that there is a mechanism to enforce these policies. And don’t forget to review the current website privacy notice. This has become a critical target of privacy watchdogs to ensure that you can fulfill the commitment of the statements in that notice.
DEVELOP MECHANISMS TO MEASURE PERFORMANCE
Within your privacy life cycle, it will be important to develop the ability to measure performance of the program. To implement metrics, consider your audience—will it be the board, external parties, regulatory agencies, or the staff?
Determine how you will report on these metrics that you have identified. Decide what measurements you are interested in sharing with your audience and how this could impact funding positively or negatively. Next, determine how you will measure progress toward the organization’s business goals and objectives. Do your best to limit improper metrics that do not support the organization’s mission. And finally, determine the best methods to collect the data you need. Your goal is to demonstrate compliance while establishing the privacy program’s return on investment (ROI).
DEVELOP THE PRIVACY OPERATIONAL LIFE CYCLE
The Privacy Operational Life Cycle should consider measurement, improvements, and the ability to sustain and support the program. To effectively do this, develop an operational life cycle that considers the assessment, protection, governance, and response phases. Some tips to consider for each aspect of the life cycle:
- Assess – embed Privacy by Design (PbD) into the design of technology, business practices, and physical design of new programs. In addition to PbD, regularly evaluate third-party compliance, as well as internal program compliance.
- Protect – ensure that information life cycle management (ILM) is built into your data protection strategy. While it is important to ensure that your data protection strategies mitigate the risk of a data breach, you need to consider sound ILM practices to promote the organization’s data protection strategies. Remember, the less you have, the less you have to protect.
- Govern – while it’s important to be able to evaluate and protect information, you also need to monitor, audit, and communicate the privacy framework. Develop a strategy and operational procedures that allow your organization to maintain a transparent and visibly sound program. And don’t forget to monitor regulatory changes that impact your organization. Develop ongoing processes that allow you to measure the privacy program’s effectiveness.
- Respond – traditionally privacy and security teams viewed their ability to respond as responding to a security event. Today that has changed – it’s much broader and requires the ability to respond to complaints, requests for information, corrections of inaccurate data, clarifications of privacy matters and access requests. When developing your response capabilities, take into consideration these items in addition to your ability to respond to a security event.
Holistic privacy program development is the wave of the future, especially in a competitive world where data is at the core of every business or organization. Establish a program that fits your organization to ensure that you remain ahead of the curve and out of the sight of regulators.
PAY DATA FOR ‘SIMILARLY QUALIFIED PERSONS IN COMPARABLE POSITIONS AT SIMILARLY SITUATED ORGANIZATIONS’
By Michael Conover
Valid information on competitive pay levels and practices for “… similarly qualified persons in comparable positions at similarly situated organizations” has long been the basis for responsible management, and Internal Revenue Service (IRS) enforcement, of appropriate pay practices among all tax-exempt organizations.
When the IRS Intermediate Sanctions (Internal Revenue Code 4958) were enacted, the importance of good comparative data was underscored by its inclusion as one of the three elements of the protection offered in the Rebuttable Presumption of Reasonableness. The data provides a critical context for determining how much and how to pay a nonprofit’s executives.
Regardless of its importance, however, many organizations fail to devote the attention to this important element of their compensation program that it deserves. We regularly work with organizations that have difficulty describing or producing the data used as the basis for executive pay decisions. References are made to “a report done a while ago,” “a survey we had,” or “some Form 990s from organizations like us.” Examining the Form 990s and Schedule Js of these same organizations, we find they have checked all the appropriate boxes related to these data sources and yet there is little or nothing to be found.
Another group of organizations we find has a different competitive data issue. They have competitive data to offer as the basis of compensation decisions, but there are serious issues about the quality and comparability of the data being used. The data may be drawn from organizations that are not at all comparable, positions that are marginally similar or based on such a small sample that the data’s validity is very questionable. In these situations, this poor data may be as bad, or possibly worse, than having no data at all because it may lead to problematic pay decisions.
Obtaining and properly using good data for compensation purposes requires some thoughtful examination of your organization, its positions, and the requirements for individuals holding those positions. Only after accurately understanding your own circumstances can a search begin for the sources of valid data needed. Areas that need to be explored include:
- Details of your organization: This information includes the type of service(s) your organization performs as well as the broad organizational metrics that reflect its size and scope (e.g., revenue, operating budget, total assets, number of employees, etc.). These are usually among the factors most readily used for identifying similar organizations.
- Primary role(s) of your position(s): Competitive data sources (surveys, Form 990s, etc.) usually offer only brief descriptions of positions and generic titles for job-matching purposes so the focus here is on the central focus and impact of your position in terms of overall impact on the organization. The chief/principal executive officer and chief/principal financial officer positions tend to be very similar from one organization to another and are Disqualified Individuals from an Intermediate Sanctions perspective. Therefore, they are routinely included in competitive data needs. Ensure you note any significant difference in the role played by your position vs. the typical benchmark. The presence of an additional role not associated with the typical benchmark for the position (or the absence of some portion of the role commonly associated with it must be taken into account to ensure appropriate comparisons will be made.
- Position requirements: The emphasis on position requirements is intentional. The purpose is to focus on the essential education, expertise, and experience required to perform the role, not what the current incumbent happens to have or acquired in the role. For example, the fact that the current receptionist has five years of experience at the front desk does not mean that five years is a requirement for a qualified incumbent. On the other hand, your position may require a type of professional certification, education, or experience that is unique
and essential for successfully performing the role. For example, an individual holding the position of executive director in an association of athletic coaches and involved with external organizations regulating the conduct of the sport must have credible experience in the sport.
Armed with an accurate understanding of your own organization and the positions that will be examined in the competitive compensation assessment, attention now is focused on the identification of the data that will be sought for use in the analysis. The process follows the same criteria referenced above in the descriptors of your organization and positions, as follows:
- Organizations selected for inclusion in the analysis: Typically, these are organizations offering the same types of services that your organization provides. In some instances, there are other types of organizations, perhaps even for-profit ones that employ and compete for executive resources that are very similar to your specific organization. These can also be included in the search for competitive data. Compensation surveys are conducted among many different types of nonprofit organizations (e.g., higher education, social service organizations, professional/trade organizations, philanthropic foundations, etc.). In addition, Form 990 filings from other organizations like yours are also a source of competitive data. If necessary, a custom survey and/or consultant may be required to obtain data for specialized/hard-to-find sources of data.
The size and scope of organizations included in the analysis must be comparable to your organization. Revenue and budget levels for a group of organizations ranging from 50 percent to 200 percent of your size are typically viewed as reasonable for inclusion. Of course, care must be taken to avoid “skewing” the data in the direction of organizations much larger than your own.
I often explain the objective for identification of comparable organizations as comparing “apples to apples” but doesn’t necessarily need to be as specific as comparing McIntosh to Fuji.
- Selection of benchmark positions: Positions selected for comparisons should closely resemble the role described in your organization. Titles alone may not fully describe a position’s role or they may be misleading. A controller may be the chief/principal financial officer or a subordinate, depending on the data source in question. In those cases where a significant difference has been identified between your position and the external benchmark, it may be advisable to make adjustments (upward or downward) to competitive data to appropriately compare them.
- Special position requirements: Bona fide requirements for your organization’s position that are not typically associated with the benchmark position may also require an adjustment to competitive data in order to produce an appropriate comparison.
Collecting this information about your organization and the external benchmarks planned for use prior to an analysis of competitive compensation is not the end of this process. Two critical steps remain. First, it is important to engage the organization’s governing body (e.g., board, compensation committee) and involve them in a review of this information and affirmation/modification of it for use in the analysis. Involving the independent members of the organization in the process performs a very helpful educational role about compensation and the importance of good competitive data. It also enlists individuals with a critical oversight role in the governance of pay in an independent validation of the plan to secure the data before it is collected. A sound rationale has been prepared and ratified for the analysis of competitive data which board and management should view as valid for this purpose.
Second, this description of your organization and positions, as well as the external benchmark criteria or the comparative framework, should be documented. It will become part of the other important documents maintained to support the compensation program (e.g., board minutes, compensation strategy/guiding principles, etc.). The framework should be reviewed periodically and updated as needed to ensure its continued relevance to your organization as well as the external marketplace(s) in which you compete for executive resources.
By Joe Sremack, CFE
Robotic process automation is helping both for-profit and nonprofit organizations do more with less. Robotic Process Automation (RPA) is transforming the way organizations across different industries do business. It allows organizations to automate certain types of work processes to reduce the time spent on costly manual tasks and increase efforts to deliver mission-critical work. RPA is helping organizations do more with less, helping them automatically process and store data without having to perform manual data entry, generate financial status reports without spending considerable amounts of time in Excel, and execute outreach campaigns without spending hours in a customer relationship manager (CRM) program. These types of optimizations have been made a reality through RPA, with organizations just beginning to scratch the surface of the possibilities.
RPA is the use of software that automates manual tasks. It eliminates the need for employees to perform repetitive tasks by integrating software that performs the same set of steps the employee does. The software is designed to perform routine tasks across multiple applications and systems within an existing workflow. It performs specific tasks to automate the transfer, editing, reporting and/or saving of data.
At least some portion of white collar employees’ time is spent on repetitive computer tasks. That includes the CEO’s time–about 25 percent of the CEO’s tasks could be automated and RPA can help achieve this. Repetitive work typically involves the collection of data from one or more sources, performing a data manipulation—such as applying data formulas in Excel—and then exporting or saving the information to a readily available location. These are just some of the kinds of work that RPA automates.
One of the main differentiators of RPA from other solutions is that it performs tasks that do not require deep cognitive capabilities. RPA is the automation of a process, but the software is not improved or changed based on the inputs or its results. This is different from machine learning or artificial intelligence (AI) software, which can learn and improve based on the continuous evaluation of its inputs and results. Instead, RPA software simply repetitively performs the same task(s) based on business requirements.
RPA provides several major benefits. The most immediate impact from RPA is that routine tasks are performed in an error-free, consistent manner. RPA also provides an audit trail of work performed, which can be valuable in regulated industries or when the output of a process produces an unexpected result. In addition, RPA solutions can be configured to identify anomalies or red flags that may not be identifiable to an employee.
The long-term benefits are also valuable. Perhaps the most important benefit is increased job satisfaction. When employees are asked which parts of their jobs they dislike the most, the tasks they list usually involve a type of manual work that is a good candidate for an RPA solution. 1 This increased job satisfaction results in a better work environment and more productive employees. Moreover, the results of the formerly manual processes become better and the cost savings can be recognized.
APPLICATIONS OF RPA
The list of potential uses for RPA is robust. Most manual computer-based tasks performed by employees can be automated with RPA. RPA is often used for back office functions but can extend to customer relationship management, data analysis, and other key areas that involve manual work.
The best way to understand RPA is to learn about the kinds of problems RPA can solve. For example, an RPA program–called a “bot”–can be used to manage customer email inquiries. The bot monitors a sales inquiry email account and automatically imports the information into the CRM, sends alerts to the sales team, sends an automated message to the customer, and imports the information into other systems that are used to track employee availability and sales campaign successes. This works well when timely responses to customers are required.
An example of a nonprofit-specific use of an RPA solution is the management of fundraising campaigns. In many organizations, this process involves pulling past donor information, generating marketing materials, contacting past and new donors, collecting donor payment information, and entering it into an accounting software, updating financial information, and updating a donor database. Most of these steps are performed manually, slowing down the process and introducing the risk of error. With an RPA solution, most of this process can be automated, allowing the organization to spend more time interfacing with donors and working on other mission-critical tasks.
The following is a chart that lists several types of tasks that can be automated by department in most organizations:
While the list above appears to be limited to single-department tasks, many of these are cross-department tasks in nature. Consider a process where the finance department needs to work with IT and sales to request multiple data sets, get input, and share the results. Rather than emailing those departments to pull the same data set every quarter to develop an Excel-based report, an RPA solution automatically performs the data pull and generates the entire Excel report. This not only saves time and effort across the various departments, it also enables the finance team to spend more time doing meaningful analysis of the reports and develop projections and deeper insights.
RPA AND NONPROFITS
RPA is well-suited for solving problems encountered by nonprofits since they face many of the same challenges associated with reducing the time employees spend on manual tasks as for-profit organizations. Whether the work involves manually entering accounts receivable and accounts payable data in accounting software, generating compliance reports, or performing outreach campaigns, time is being spent by employees on less valuable work. Employees would agree that they would rather work on mission-specific tasks rather than repetitive tasks.2
Several examples of the types of nonprofit processes an RPA solution works well with are:
- Pledge campaigns.
- Recurring donation management.
- Digital and print marketing campaigns.
- Outreach campaigns.
- Government and regulatory issue tracking.
- Volunteer management.
Service providers and software developers have begun offering solutions geared toward nonprofits. Several major RPA software developers have recently launched commercial software solutions specifically designed for nonprofits, and service providers who understand the nonprofit sector are able to implement tailored RPA solutions.
RPA solutions can be implemented in several ways. The most common method for organizations is to implement individual bots. These are single programs that perform tasks automatically. The bot can be accessed through a desktop or web-based application. The second method is to implement a server that controls a set of bots within a department or across the organization. The server-based approach is a more robust system that is typically employed when there are a larger number of bots utilized throughout an organization that need to be managed centrally, whereas the individual bot method is appropriate when only several bots are used.
The cost of an RPA solution, a common concern for any organization, depends on these factors:
- Number of bots.
- Time to develop and implement.
- Level of customization.
An enterprise-wide RPA solution of hundreds of bots can be expensive. A smaller implementation with only ten 10 bots or less, however, can be implemented relatively inexpensively and within a short period of time. Companies who sell RPA solutions often have a suite of pre-built bots that can be quickly customized and implemented without requiring a new bot to be developed. As the RPA market matures, the cost will continue to decline.
The key steps for determining whether an RPA solution is appropriate are to:
- Identify where most time and effort is being expended on manual tasks.
- Identify bottlenecks of key processes—specifically identifying manual tasks.
- Implement a pilot program to tackle a high-value discrete task that can have immediate value.
RPA is an exciting new way for organizations to improve their operations while also improving employee job satisfaction. RPA solutions have become a widely adopted strategy for enhancing various parts of organizations’ operations by allowing employees to focus their time and efforts on more high-value and meaningful work. It has helped organizations do significantly more with less while reducing errors, increasing workforce job satisfaction, and better ensuring that deadlines are met. These benefits have been possible with relatively small capital investments and IT resources. While RPA is not applicable to all types of work, it is a good option for reducing hours spent on routine, manual tasks.
BENEFITS OF RPA
- Error-free, consistent results
- Employees can be utilized for higher-value work
- Increased job satisfaction (not spending time doing repetitive, low-value work)
- Faster, more predictable delivery timing
- Documented trail of work performed
- Identify anomalies or other red flags