Nonprofit Standard Newsletter - Winter 2019
Nonprofit Standard Newsletter - Winter 2019
- Power of Real-Time Insights to Improve Donor Communications
- GASB Proposes Guidance to Address the Phaseout of Interbank Offered Rates
- FASB Issues Proposed Standard Related to Reference Rate Reform
- Tax Exempt & Government Entities Division Releases 2020 Program Letter
- Vet or Forget? The Case for Background Checks for Nonprofit Board Members
- Test Your Cyber Systems in 7 Steps
- What Plan Sponsors Need to Know About DOL Enforcement and Red Flags
- BDO Professionals In the News
- Other Items to Note
By Michael Ward CPA, CGMA, Brian Kenyon, CPA and Bis Dhar, CPA
For years, organizations looked to data primarily to understand past performance. But major advances in computing power and other technology have made it possible for organizations to leverage data for more than just keeping score.
Nonprofit organizations rely on donors, ranging from individuals to groups, such as private and family foundations, state and local government agencies, and federal programs, to support their mission. With more than 1.5 million nonprofit organizations in the U.S., these donors have a dizzying array of options where they can support causes that matter to them. And the recent change in tax laws, which doubled the standard deduction for federal individual tax returns, may cause donors to give less liberally or not at all. Organizations competing for donor support must communicate well to attract and retain donors to their work.
In order to stand out as a leader in a crowded field, a nonprofit organization can distinguish itself by providing compelling information about the impact of its work. Through many new channels for fundraising, there are numerous ways for nonprofits to share this information when seeking support—all leveraging the power of data.
As nonprofits look to gather data to provide donors with real-time insights, the key is to follow a systematic process scaled to their size as outlined in the following six steps.
1. Identify what you want to measure.
When considering what to measure, begin with the end in mind. Envision how the information will be presented, who will access it and how will it be shared with community stakeholders as well as existing and potential donors.
Basic financial metrics often need to be supplemented by other measures to maximize value. For example, the average cost per student for schools may have more power if coupled with the graduation rate. Plenty of schools may spend the same amount per student, but the cost per graduating student might reinforce that money well spent in a particular school can produce outcomes at a lower cost than other schools.
Incorporating the number of volunteers engaged into an analysis of the cost per book for a literacy program can show how investing in a particular program will not only get books to children but engage adults in their literacy growth in more impactful ways.
Thinking about and then measuring more than purely financial metrics can strengthen the message and differentiate your organization from others.
Insights about the data, ranging from shifts in trends to examples of when program results diverge from the norm, can help donors see how your organization will have an impact on the issue and position the nonprofit for sustained and increased support.
For example, health and human service providers must capture “encounter data” to get paid, but that data can also provide great insights into the health of and issues faced by the population served. Are there gaps in funding or reimbursement for certain types of services or constituents? Are chronic conditions more prevalent in certain groups? Is the local nonprofit hospital providing a disproportionate amount of charity care compared to other hospitals in the community?
When considering the data you want to measure, keep in mind that new privacy laws and other compliance regulations may restrict the collection and storage of certain types of data.
2. Catalog the data you currently capture.
Nonprofit organizations already gather a broad range of financial and non-financial data that can help donors understand the way resources are used and the impact of that work. This data likely resides in different systems, so don’t limit your review to only the most obvious sources, like the accounting system. In many cases, particularly in smaller organizations, there is often an overwhelming amount of data across disparate systems that could provide meaningful insights. If this is the case, you don't need to invest in new software or complex processes to gain control over your data. You can make significant headway simply by talking with your existing team.
Start by asking everyone who interacts with data to tell you where they get it and how they use it. From these conversations, you can create the three key documents that form the foundation of your new data management system:
A data register of your current data processes
A data flow diagram showing how data enters, leaves and moves around your organization
A data map depicting where various data lives and in what form
By allowing you to take inventory of and locate all your data, these tools can also help you comply with new privacy regulations that may require you to furnish or delete information about individual consumers upon request. Often, organizations can lower their risk exposure by purging data that isn’t essential.
3. Identify complementary external data sources.
Nonprofit organizations can build on the power of internally generated information by supplementing it with other local, regional or national data produced and shared by others, strengthening how they describe the impact of their work.
Data about challenges or barriers faced by the population an organization serves can enable your organization to show how it improves outcomes for those it serves, in turn helping to reinforce the value and impact on the community. In addition to data collected and disseminated by governments, there is also published research that can be found online or by reading scholarly articles written by leaders in the field.
For example, an organization serving the homeless can contextualize its impact by supplementing internal data on the people it served with point-in-time count (PIT) data from the U.S. Department of Housing and Urban Development, looking at trends in the number and composition of homeless in communities across the U.S.
In speaking to donors, it is important not only to describe the impact of your organization’s work on specific groups but also to show the importance of the work in the context of local, regional and national trends.
As described above, the nonprofit sector can leverage extensive data collected and analyzed through federal programs that help focus national resources and inform community organizations of the areas of most significant need and progress made in addressing them. Many organizations also publish their own data for others to see. The information is readily available today, often in the time it takes to run a Google search.
4. Consolidate your data.
Before you can extract meaningful insights from the data you have collected, you need to structure and organize it in a way that makes sense. The required adjustments will depend on your unique data sets, but you may need to integrate data from multiple sources into a single destination, segment large blocks of data into smaller subsets or standardize the format of various data points. This step might be the most time-consuming and technically demanding part of the process, but it is essential.
For example, one reflection of the literacy crisis in the U.S. is the percentage of children living in poverty in critical age groups who lose reading proficiency over summer break, also known as the “summer slide.” Research suggests that the lack of access to books and the lack of parental involvement, particularly when parents can’t themselves read, are key factors in the loss in proficiency. To align internal results of reading interventions with the national trends, therefore, it is important to gather and roll up the data by the same criteria—by age group and poverty status. To increase credibility in the insights drawn from the data, it is critical to ensure the time periods over which data is drawn are in sync and categories are consistent.
5. Report your data.
Unless your data is presented to donors in a user-friendly format that enables them to take timely action, it is like a tree falling in the forest with no one around to hear it. Present your findings in a way that allows users to see clear patterns and discover correlations. The most poignant insights are frequently those that have been distilled down to a very understandable set of metrics rather than a complex array of statistics.
There are numerous ways to share the data, ranging from your organization’s website or annual report to issuing a report on the state of affairs for a given area of need or authoring articles for local or national publication.
For example, Mothers Against Drunk Driving (MADD) maintains three counts on its home page—the number of drunk driving incidents per day, the number of deaths per year and the number of injuries per year. These statistics set the backdrop for MADD’s work, highlighting the severity of the drunk driving problem, and then supplemented with victims’ stories to put a face on the statistics.
While large enterprises may have sophisticated reporting software and a team of data analysts, you don’t need all of that to extract real-time insights from your data. For many, Excel software is sufficient. Other affordable tools, including Tableau and Power BI, offer robust reporting and analytics capabilities. And, free online tutorials make it easy for someone to learn how to use these tools to build a useful dashboard and manage data reporting.
6. Build an implementation plan for today and the future
Create a plan to ensure that employees understand how and why to integrate analytics into their day-to-day activities, ensuring they understand how data can improve donor relations and generate new ideas for moving your organization forward.
Technology advances, organizations evolve and priorities change. Your data management process must be able to adapt. Consider establishing a steering committee that cuts across the organization to regularly evaluate your data analytics efforts. This group might initially review the dashboard considering the organization’s current goals and then focus on ensuring it continues to align with the long-term growth strategy.
Insights about issues relevant to donors come from informed analysis of issues and the experience of constituent groups but can also come from research. Bringing new data to help demonstrate how certain programs can help people overcome barriers or improve outcomes can be a powerful driver in messaging to donors. Speaking about research results rather than just sharing anecdotes about an organization’s work can set it apart from others in the space and help donors see how their contributions can drive specific impacts.
The idea of utilizing data to improve communication can seem daunting but working through the steps above can create a more manageable process and yield powerful results in attracting and retaining donors.
For more information, contact Michael Ward, partner, Business Services and Outsourcing (BSO), at [email protected], or Brian Kenyon, managing director, BSO, at [email protected], or Bis Dhar, managing director, BSO, at [email protected].
Return to the Table of Contents
By Susan Friend, CPA
Many governments have entered into agreements, including interest rate swaps and other derivative instruments, where variable payments made or received depend on an interbank offered rate (IBOR). One of the most commonly used reference rates, the London Interbank Offered Rate (LIBOR), is expected to cease to be used as an international benchmark by the end of 2021, prompting governments to amend or replace agreements in which variable payments made or received depend on LIBOR.
One of the more challenging aspects for governments of the phaseout of LIBOR will be the effect of the hedge accounting provisions of Governmental Accounting Standards Board (GASB) Statement No. 53, Accounting and Financial Reporting for Derivative Instruments. Under GASB Statement No. 53, changes in fair values of hedging derivative instruments are reported as either deferred inflows of resources or deferred outflows of resources in the statement of net position. If a critical term of a hedging derivative, such as the renegotiation or amendment of a reference rate of the instruments variable payment occurs, hedge accounting is to be terminated, resulting in the immediate recognition of the accumulated deferrals as a component of investment income. Another impact facing governments relates to GASB Statement No. 87, Leases, which requires that a government apply the provisions for lease modifications, including remeasurement of the lease liability or lease receivable, if the rate on which variable payments depend on in a lease contract is replaced.
The objective of the Exposure Draft, Replacement of Interbank Offered Rates, issued by the GASB in September 2019, is to assist governments in addressing the accounting and financial reporting issues that will result from the replacement of an IBOR. The proposed Statement would:
Allow governments to continue using hedge accounting for certain hedging derivative instruments that are amended or replaced to change the reference rate from an IBOR
Clarify the hedge accounting termination provisions when an IBOR is replaced as the reference rate of a hedged item
Clarify that the uncertainty associated with reference rate reform does not, by itself, affect the probability that an expected transaction will occur
Remove LIBOR as an appropriate benchmark interest rate for the qualitative evaluation of the effectiveness of an interest rate swap
Add the Secured Overnight Financing Rate and the Effective Federal Funds Rate as appropriate benchmark interest rates
Clarify the definition of reference rate
Provide an exception to the lease modifications guidance in Statement No. 87 for certain IBOR-related lease contract amendments
The removal of LIBOR as an appropriate benchmark interest rate as proposed would be effective for reporting periods beginning after Dec. 15, 2020. All other provisions of the proposed standard would be effective for reporting periods beginning after June 15, 2020. The comment period for the proposed update ended on Nov. 27, 2019.
(See article on similar proposed guidance issued by the Financial Accounting Standards Board below.)
For more information, contact Susan Friend, National Assurance Director, at [email protected].
Return to the Table of Contents
By Tammy Ricciardella, CPA
As a result of concerns regarding the structural risks of interbank offered rates (IBORs) and, in particular, the risk of cessation of the London Interbank Offered Rate (LIBOR), regulators around the world have undertaken reference rate reform initiatives to identify alternative reference rates that are more observable or transaction based and less susceptible to manipulation.
Since these rates appear in many contracts and hedge transactions, questions have been raised regarding the accounting challenges for these transactions. To address these concerns, the Financial Accounting Standards Board (FASB) issued a proposed Accounting Standards Update (ASU or Update) on Sept. 5, 2019 entitled Reference Rate Reform (Topic 848): Facilitation of the Effects of Reference Rate Reform on Financial Reporting.
Reference rate reform will impact a large number of contracts and other agreements including, but not limited to, debt agreements, lease agreements and derivative instruments. All of these agreements will need to be modified to replace references to discontinued rates with references to modified rates.
Under current accounting principles generally accepted in the United States of America (U.S. GAAP), the changes that will be caused by the reference rate reform would be considered a contract modification. Such contract modifications are required to be evaluated to determine if the modifications result in a new contract or the continuation of an existing contract. Due to the overarching effect of this reform, this would affect a significant volume of contracts and other arrangements and would be burdensome to all those affected.
In response, FASB issued the proposed ASU that provides optional expedients and exceptions for applying U.S. GAAP to contracts, hedging relationships, and other transactions affected by reference rate reform if certain criteria are met. The amendments will be elective and are only offered on a temporary basis. The amendments in the proposed ASU would only apply to contracts and hedging relationships that reference LIBOR or another reference rate expected to be discontinued due to reference rate reform.
The following optional expedients in this proposed amendment for contract modifications are as follows:
Modifications of contracts within the scopes of Topic 210, Receivables, and Topic 470, Debt, would be accounted for by prospectively adjusting the effective interest rate in the agreement
Modifications of contracts within the scope of Topic 842, Leases, would be accounted for as a continuation of the existing contract with no reassessments or remeasurements that otherwise would be required under that Topic
Modifications of contracts would not require a reassessment under Subtopic 815-15, Derivatives and Hedging-Embedded Derivatives, of whether an embedded derivative should be accounted for as a separate instrument
For other topics and subtopics in the Accounting Standards Codification (ASC), the amendments in this proposed Update also include a general principle that would permit entities to:
Consider modification of contracts due to reference rate reform to be a continuation of these contracts
Not reassess previous determinations
The optional expedient elected would need to be applied consistently to all contract modifications under a topic, subtopic or industry subtopic within the ASC.
There are a variety of optional expedients and some exceptions for various types of hedging transactions included in the proposed Update.
The amendments proposed in this Update would be effective for all entities upon the issuance of a final ASU. Upon adoption, an entity may elect to apply the proposed amendments prospectively to contract modifications made and to hedging relationships existing as of or entered into on or after the date of adoption and through Dec. 31, 2022. The proposed amendments would not apply to contract modifications made and hedging relationships entered into or evaluated after Jan. 1, 2023.
The comment period for the proposed Update ended on Oct. 7. On Nov. 13, 2019 the FASB approved the exposure draft and instructed the FASB staff to prepare the final ASU for issuance. The final ASU is expected to be issued in early 2020.
(See article on similar proposed guidance issued by the Governmental Accounting Standards Board above.)
For more information, contact Tammy Ricciardella, director, at [email protected].
Return to the Table of Contents
By Joyce Underwood, CPA
The IRS Tax Exempt and Government Entities (TE/GE) division functions to help organizations and entities understand and comply with applicable tax laws and to protect the public by applying them with integrity and fairness.
The TE/GE division reports it has been busy carrying out its 2019 program activities with the added task of navigating and implementing changes resulting from the 2017 Tax Cuts and Jobs Act and recent legislation from The First Act enacted in July 2019. TE/GE reports that it has been hiring and building teams, and announced that Edward T. Killen joined Tamera Ripperda, TE/GE commissioner, as the team’s deputy commissioner.
The TE/GE released its Fiscal Year 2020 Program Letter on Oct. 8, 2019, summarizing its upcoming plans. The Program Letter outlines the projects and priorities for fiscal year 2020 for tax-exempt organizations, employee plans, Indian tribal governments, and tax-exempt bonds. This article focuses on those projects and priorities related to tax‑exempt organizations.
The TE/GE division works to carry out its plans while striving to improve efficiency and modernize processes to best utilize government resources. The current program letter focuses on six areas of its compliance program, as described below.
Compliance strategies are issues approved by TE/GE’s Compliance Governance Board to identify, prioritize and allocate resources within the TE/GE filing population. Using a web-based portal, TE/GE employees submit suggestions for consideration by the board. Once approved, these issues are considered priority work. As more issues are developed and approved, those with a higher priority may potentially replace compliance strategies currently approved to include:
Hospital organizations with unrelated business income – The focus will be on unrelated business taxable income reported on Form 990-T, Exempt Organization Business Income Tax Return, where expenses materially exceed gross income.
IRC (Internal Revenue Code) Section 501(c)(7) entities – The focus will be on investment and nonmember income by tax-exempt pleasure, social and recreation clubs.
IRC Section 4947(a)(1) Non-Exempt Charitable Trusts (NECTs) – The focus will be on organizations that under-report income or over-report charitable contributions.
Previous for-profit entities – The focus will be on organizations formerly operated as for-profit entities prior to their conversion to IRC Section 501(c)(3) organizations.
Private benefit and inurement – The focus will be on organizations that show indicators of potential private benefit or inurement to individuals or private entities by way of private foundation loans to disqualified persons.
Data-driven approaches use data and queries to select work based on quantitative criteria, which allows TE/GE to allocate resources that focus on issues that have the greatest impact. TE/GE is committed to integrating data into its processes and procedures and will use return data and historical information to identify the highest risk areas of noncompliance. Two examples include:
Query sets (previously referred to as models) – Allow TE/GE to continue to improve compliance query sets based on information reported on Form 990, Return of Organization Exempt From Income Tax; Form 990-EZ, Short Form Return of Organization Exempt From Income Tax; Form 990-PF, Return of Private Foundation or Section 4947(a)(1) Trust Treated as Private Foundation; and Form 5227, Split Interest Trust Information Return.
Research, Applied Analytics & Statistics collaboration – Allow TE/GE to continue to review various items and activities, including private benefit/inurement.
Referrals, Claims and Other Casework
Referrals allege noncompliance by a TE/GE entity and are received from internal and external sources . Claims are requests for refunds or credits of overpayments of amounts already assessed and paid; they can include tax, penalties and interest, or an adjustment of tax paid or credit not previously reported or allowed. Other casework includes examining entities that filed or received exemption using Form 1023-EZ. The focus of these three areas will be as summarized below.
Referrals – pursue referrals received from internal and external sources that allege noncompliance by an exempt organization and pursue taxpayer and interagency referrals, including information items from sources within and outside the IRS that allege noncompliance with an employment tax law by an exempt organization.
Claims – address requests for refunds or credits of overpayments of amounts already assessed and paid, including taxes, penalties, interest or an adjustment of tax paid or credit not previously reported or allowed.
Other casework – examine entities that filed and received exemption using Form 1023-EZ, Streamlined Application for Recognition of Exemption Under Section 501(c)(3) of the Internal Revenue Code. Additionally, support IRS-wide compliance efforts on IRC Section 4980H with respect to certain exempt employers.
Compliance units are employed to address potential noncompliance, primarily using correspondence contacts known as “compliance checks” and “soft letters.” These contacts allow TE/GE to establish a presence in the taxpayer community in a manner that reduces the cost to the IRS while limiting taxpayer burden. TE/GE will continue educating taxpayers via compliance checks and soft letters while seeking to improve return filings and filing accuracy on issues of noncompliance, including but not limited to:
Determining whether an exempt organization is adhering to recordkeeping, return filing and information reporting requirements, including:
Combined Annual Wage Reporting – Federal Unemployment Tax Act: exempt organizations that are required to, but fail to file Form 940, Employer’s Annual Federal Unemployment Tax Return.
Credit Balance Nonfiler: entities that have credit balances but fail to file employment tax returns.
Financial Assistance Policy: tax-exempt hospital organizations that did not comply with IRC Section
Form 990-T Nonfiler: IRC Section 501(c)(7) organizations that reported investment income on Form 990/990-EZ but did not file Form 990-T, Exempt Organization Business Income Tax Return.
Form 1099 Stop Filer: entities that were required to file, but failed to file Form 1099-MISC, Miscellaneous Income.
IRC Section 501(c)(12) Mutual or Cooperative Telephone Companies: organizations that may have failed to meet the 85% member income test.
IRC Section 4947(a)(1) Non-Exempt Charitable Trusts (NECTs): exempt organizations that are required to file, but fail to file Form 1041, U.S. Income Tax Return for Estates and Trusts.
Determination letters are issued to exempt organizations on exempt status, private foundation classification and other determinations relating to exempt organizations and to retirement plans that satisfy the qualification requirements of federal pension law.
TE/GE expects a continued increase in the volume of determination application receipts. The TE/GE continues to look at process efficiencies, as well as expects to hire more revenue agents to address the work and offset anticipated attrition losses.
Voluntary Compliance and Other Technical Programs
The Voluntary Correction Program applies to employee plans and tax-exempt bonds and works to ensure the quality and consistency of technical positions, provide timely assistance to employees and preserve and share TE/GE’s knowledge base.
Management of exempt organizations should be aware of the role TE/GE plays, consider the potential implications the plans outlined in the Program Letter may have on their organizations, and consult with their tax advisors as necessary.
For more information, contact Joyce Underwood, director, Nonprofit Tax Services, at [email protected].
Return to the Table of Contents
By Laurie De Armond, CPA
A client who serves on the board of a nonprofit recently asked whether the organization’s policy on background checks should also apply to board members, or at least to those with the greatest influence over funding.
Determining whether to pursue background checks on board members should take into consideration several factors:
the organization’s culture
the organization’s risk tolerance
the role of the board member
It might seem odd to entertain this idea, since many nonprofit board members are established members of their communities with a professional history. However, it can be dangerous from a financial and reputational standpoint to make assumptions about anyone’s history. We’ve seen a number of organizations embarrassed by information that was discovered about a board member after the individual was appointed.
At a minimum, a general public records search should be conducted on all board members. Extending full background checks to board officers and/or all board members is worth discussion.
Weigh the risks
Ensuring organizational integrity and reputation are key reasons to consider a policy of background checks for board members.
Those with the greatest levels of responsibility (especially over financial matters) should be subject to the same—if not higher—levels of scrutiny as employees. Even if the individual is a volunteer, a leader’s unscrupulous past actions can significantly diminish an organization’s hard-earned reputation overnight. Even seemingly minor discrepancies about an individual’s history, such as an inaccurate academic degree, can raise major concerns about a professional’s character. Leaders set the tone of the organization, and dishonesty or unethical practices by leaders can have a dramatic ripple effect on everyone from employees to donors.
Of course, background checks may feel cumbersome and awkward for some organizations. It requires time, money and resources that are likely in short supply. Establishing a clear policy on who must receive background checks—and the process involved—can help ease uncomfortable conversations with new board members and justify its cost as part of standard recruiting practice.
Consider the level of detail
Detailing the scope of the background check for board members is critical. Some organizations limit it to checking public records for a criminal history.
More comprehensive background checks can encompass a range of activities, such as:
Verification of prior employment and education
National sex offender registry, especially for organizations that represent vulnerable people
Military service records
Smaller nonprofit organizations may have greater constraints when it comes to doing more thorough investigations, but it’s arguably more important at this level, since board members likely have greater access to information and the pool of board candidates may be smaller. While broadening the scope will increase the expense, it’s important to consider how that investment can potentially outweigh a negative consequence that could be more costly if anything was uncovered in its absence.
A thorough background check can’t guarantee that a problem won’t emerge, but it can serve as a solid deterrent to help mitigate the risk—one worth serious consideration.
Article reprinted from Nonprofit Standard blog.
For more information, contact Laurie De Armond, partner, at [email protected].
Return to the Table of Contents
By Jeff Ward, CPA, CGMA, CITP, CISA, CISSP, CEH
Many nonprofits consider themselves unlikely targets for cybercrime, however this couldn't be further from the truth. The reality is that your organization is a treasure trove of data and often has fewer resources and less cyber expertise to put protections in place. In short, you may be the perfect target for bad actors.
Ignoring or underestimating cyber threats could result in an attach that could cripple your ability to pursue your mission. The average cost of a data breach in the U.S. is $7.91M, according to Forbes and Statista. For many nonprofits, even a fraction of those costs could make it impossible to keep the lights on. Assessing your cyber risk is literally mission critical, and it goes far beyond a compliance audit.
What steps can you take to thoroughly test your systems for cyber risk?
1. Conduct a comprehensive risk assessment
Take a look at the functions of your nonprofit that contain the most valuable assets—and this doesn’t just include sensitive donor or organizational data. Consider your operations and where disruption would be damaging. For instance, not all hackers are financially motivated. Some may be politically opposed to your mission. Once you’ve laid out all areas of risks—from financial to operational and reputational—you can begin to tackle them one by one based on your organizational goals.
2. Administer a penetration test
Do you know where your network infrastructure and information systems exposures are? To safeguard your cyber systems, you have to find the hacker’s way in. If a hacker can locate a single means of entry or bypass security features, your entire system is vulnerable. Simulate attacks against your network to discover unknown weaknesses, both internally and externally. However, keep in mind this test ends once a single point of entry is found, leaving the possibility open for other unknown exposures.
3. Run a vulnerability scan
At a bank, the vault may be the main prize, but physical vulnerabilities that can be leveraged by hackers may be less obvious at a nonprofit. The level of physical security needed for systems, access to buildings and secure areas and protection for your employees will vary depending on the type of nonprofit organization. You need to be strategic about security guard placement, entrance surveillance and physical access to office space and sensitive areas. A comprehensive vulnerability scan is critical to allow you to zoom out to view the full layout of your organization’s physical infrastructure and test each potential access point and weakness. Then, you can pinpoint the right fix.
4. Conduct an email system cyber-attack assessment
Two of the most notable cyberattacks in recent history, WannaCry and NotPetya, were launched via malicious email. Given the dramatic growth of cyberattacks that take place through email, an in-depth, advanced diagnostic assessment of an organization’s email system is essential. These separate tests can detect complex, persistent threat malware, which may otherwise go undetected.
5. Implement a spear-phishing campaign
Have you ever received a frantic late-night email from your boss or board member? Now imagine a hacker is actually behind that email, posing as these individuals. Spear-phishing attacks are highly targeted attempts to secure sensitive information and have proven effective. It’s vital to assess the level of cyber awareness of your organization’s employees at all levels to reduce instances of human vulnerabilities.
6. Scrutinize your vendors
Even if your organization’s systems are protected, all of your outside vendors—from maintenance vendors and catering services to corporate partners or software providers—are also access points. Third-party relationships should be viewed as an extension of your organization and held to the same standards you have internally. Make sure each vendor has the appropriate level of access to your data and that their data privacy policies and compliance practices are examined.
7. Reassess, rinse, repeat
Cyber risks change and mature as quickly as technology does. To maintain secure systems, it’s critical that you continually assess cybersecurity controls and conduct these tests on an annual basis—and this is not a project strictly for the IT function. Protecting your nonprofit from catastrophe is a shared responsibility. It’s contingent upon proper communication of cybersecurity strategies and plans, and an in-depth understanding by the board, management and any organizational leaders charged with oversight.
Thorough cyber systems testing is a substantial undertaking, and many nonprofits don't have the internal resources to go it alone.
A System and Organization Controls (SOC) attestation can help you find and close gaps in cybersecurity controls and add credibility to your risk management program.
Article reprinted from Nonprofit Standard blog.
For more information, contact Jeff Ward, Third-Party Attestation – National Managing Partner, at [email protected].
Return to the Table of Contents
By Kim Flett, CPA, QPA, QKA, CHRA and Beth Garner, CPA
Being selected for a Department of Labor (DOL) audit is not exactly a prize most plan sponsors want or intend to win. Often, plan sponsors think service providers will take the blame when compliance issues arise. But plan sponsors are ultimately responsible for plan administration and operation. Plan sponsors who don’t realize this can suffer devastating consequences and become a statistic on the agency’s annual enforcement report.
In fiscal year 2018, the DOL’s Employee Benefits Security Administration (EBSA) recovered more than $1.6 billion in direct payments to plans, participants and beneficiaries. This is about $500 million more than the $1.1 billion it recovered in 2017—even though the agency conducted about 400 fewer investigations in 2018 than it did in 2017.
This means that the agency, which carries extensive authority to investigate employee benefit plans, is getting better at its craft. More than half of the plans that were investigated by the EBSA in 2018 were assessed penalties or were subject to other corrective actions.
Plan sponsors need to realize they are absolutely responsible for those plans governed by the 1974 Employee Retirement Income Security Act (ERISA). They need to stay on top of service provider activity and make sure those vendors are performing tasks as expected—or face serious penalties. We examine how the EBSA enforces the law, identify some of the top investigation triggers and discuss what plan sponsors can do to avoid the agency’s attention.
Background on EBSA Investigations
ERISA’s fiduciary rule requires plan sponsors to act in the best interests of the plan beneficiaries. These plans include 401(k) and other defined contribution plans, defined benefit as well as health and welfare plans. In addition, since the passage of the Affordable Care Act (ACA) in 2010, the EBSA has been charged with enforcement and conducting audits on these health plans.
EBSA audits primarily focus on fiduciary issues as well as reporting and disclosure requirements. The issues can mostly be found in the Form 5500 that plans are required to file annually. Plan participants or others tied to the plan can file complaints against plans, employers or service providers. Last year, EBSA opened 524 new investigations because of participants’ complaints, resulting in $443.2 million restored to workers.
What Is the EBSA Looking For?
Form 5500 is a treasure trove for EBSA investigators. Filing late or incomplete forms is likely to get investigators’ attention. But the EBSA doesn’t stop there. Other red flags include:
Failure to maintain an ERISA bond
Improper payment of expenses or compensation to fiduciaries
Prohibited transactions or self-dealing transactions
The EBSA runs a Voluntary Fiduciary Correction Program, where plan sponsors can find 19 specific violations. The agency encourages plan sponsors to actively self-correct these violations. In some cases, plan sponsors who comply don’t pay the excise tax. Plan sponsors need to be careful because those who submit incomplete or inaccurate applications might wind up being audited by the EBSA. Last year, the Voluntary Fiduciary Correction Program received 1,414 applications and recovered $10.8 million.
It is worth noting that the EBSA is finding significant success in its Terminated Vested Participant Project (TVPP), which makes sure plan sponsors are actively looking for missing participants and notifying deferred vested participants of their benefit. Last year, total recoveries for this project rose to $808 million from $327 million in 2017.
The DOL fines for lack of compliance are heavy. Failure to file a Form 5500 will cost a plan sponsor $2,194 for each day it is late during 2019. ACA plans that don’t provide the summary of benefits and coverage can be fined between $1,128 to $1,156 for each failure.
Defined contribution 401(k) plan sponsors will be responsible for record keeping and reporting glitches, too. Those fees can be significant at $30 per participant.
How can plan sponsors avoid enforcement actions?
First, make sure the “team” of other fiduciaries and service providers are aware of the design laid out in the plan document. Fiduciaries need to make sure everyone is doing what is prescribed in the plan document. Not every service provider is proficient in qualified plans, so it is important to ask about experience, internal controls and other qualities that will raise your comfort level when deciding which service provider to hire. Lastly, documenting the decision-making process will also help auditors understand whether certain actions were in the best interests of the participants.
There is no doubt that plan sponsors have many responsibilities to manage. But compliance issues should be a top priority. In certain cases, fines and other penalties can destroy not just the plan, but the entity itself. Creating accountability standards and hiring a qualified team are some of the critical steps plan sponsors can take to avoid enforcement actions.
Article reprinted from bdo.com.
For more information, contact Kim Flett, Compensation and Benefits Services Managing Director, at [email protected] or Beth Garner, Partner, National Practice Leader, Employee Benefit Plan Audits, at [email protected].
Return to the Table of Contents
BDO professionals are regularly asked to speak at various conferences due to their recognized experience in the industry. You can hear BDO professionals speak at these upcoming events:
Dick Larkin is presenting a session, entitled “Not‑for-Profit Accounting Update,” at the Washington Non-Profit Legal & Tax Conference being held March 19-20 in Washington, D.C.
Marc Berger and Katherine Gauntt are also presenting a session at this conference entitled “Wayfair Impact and Other State and Local Tax Updates.”
Return to the Table of Contents
Delayed Effective Dates of Certain FASB Standards
As discussed in the article, “FASB Proposes Delayed Effective Dates of Certain Standards,” in our Fall 2019 Nonprofit Standard, the Financial Accounting Standards Board (FASB) will issue a final Accounting Standards Update (ASU) to extend the deadline to implement certain standards that have not been adopted by entities to date. At its Oct. 16, 2019 meeting, FASB affirmed its prior decisions on the changes in effective dates for its standards on current expected credit losses (CECL), leases and hedging.
ASU 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments will be effective for all nonprofit entities for fiscal years beginning after Dec. 15, 2022.
ASU 2016-02, Leases (Topic 842) will be effective as follows:
Fiscal years beginning after Dec. 15, 2018 for nonprofit entities that have issued, or are conduit bond obligors for, securities that are traded, listed or quoted on an exchange or over-the-counter market. There was no delay in the implementation date for these entities.
For all other nonprofit entities, ASU 2016-02, Leases, will be effective for fiscal years beginning after Dec. 15, 2020.
2019 Corrected OMB Compliance Supplement Issued
The Office of Management and Budget (OMB) has issued a corrected 2019 Compliance Supplement (Supplement) dated August 2019. Due to the volume and nature of the changes to the Supplement this year there were numerous errors that needed to be corrected. (See Summer 2019 Nonprofit Standard for discussion of the changes to the 2019 Supplement.)
A high-level summary of some of the changes in the revised 2019 Supplement are as follows:
Corrections were made to the compliance requirements identified as subject to the audit in the Part 2 and 4 matrices due to inconsistencies between the two sets of matrices in the original 2019 Supplement.
Compliance requirements were added as subject to audit for certain programs
For CFDA 10.766 and the Student Financial Assistance Cluster, the changes were so significant that these are to be treated as completely new documents.
Changes were made to several “other clusters” in Part 5
It is important to review the corrected 2019 Supplement to ensure what compliance requirements are applicable to audit.
Federal Audit Clearinghouse Communication
The Federal Audit Clearinghouse (FAC) on behalf of OMB sent an email to every auditor and auditee of record to clarify the effect the issuance of the August 2019 corrected edition of the 2019 Compliance Supplement may have on audits that have already been submitted to the FAC, as well as audits near completion.
The communication notes that if your audit was completed using the June 2019 version of the Supplement and your audit has already been completed and filed with the FAC prior to Oct. 31, 2019, then this audit will be accepted. There will not be a requirement to perform any additional audit procedures if the compliance requirements subsequently changed for your major programs in the August 2019 corrected Supplement.
However, if your audit is in process, the August 2019 corrected Supplement must be used. This could mean that auditors have to return to the field to perform additional work if any of the changes in the corrected 2019 Supplement impact your organization’s major programs.
FASB Decides to Issue an Exposure Draft on Gifts in Kind
The Financial Accounting Standards Board (FASB) directed FASB staff to draft a proposed Accounting Standards Update (ASU) at its Nov. 6 meeting. The scope of the project is limited to gifts in kind (GIKs) of nonfinancial assets. The board decided to require a not-for-profit (NFP) entity to present GIKs of nonfinancial assets received in a separate line item in revenue in the statement of activities. In addition, the board decided to require an NFP to disclose GIKs received by category in the footnotes to the financial statements. In addition, the disclosures would require the following information for each category of GIKs received:
Qualitative information about whether the GIKs were monetized or utilized and, if utilized, a description of the specific programs or other activities in which those GIKs were used
Description of any associated donor restrictions
The principal market (or most advantageous market) used in the valuation which would be in addition to the disclosures required by Topic 820, Fair Value Measurement, relating to valuation techniques and inputs used to arrive at a fair value measure
The board decided that an NFP should apply a retrospective method of transition.
The exposure draft is expected to be issued for comment in late December or early January and will have a comment period ending on the later of 60 days after issuance of the exposure draft or Feb. 28, 2020.
Electronic Form 1023
Tamera Ripperda, TE/GE commissioner, and IRS representatives have announced that the IRS Form 1023, Application for Recognition of Exemption Under 501(c)(3), will be offered in electronic format in January 2020, although a date has not yet been established for digital conversion.
Mandatory 990 E-filing
The Taxpayer First Act (H.R. 3151), signed into law on July 1, 2019, extends the requirement for nonprofits to electronically file IRS annual information returns (Forms 990, 990-PF, 990-EZ, and 990-T) to all tax-exempt organizations that must file returns.
Under the new law, mandatory e-filing will arrive for most tax-exempt nonprofit organizations in 2021 and for all tax-exempt nonprofits that file returns with the IRS by 2022. The new requirements apply to calendar-year filers for returns covering tax year 2020 (due May 15, 2021) and to fiscal-year filers for returns covering tax years beginning on and after July 2, 2019 (due the 15th day of the fifth month after the end of the tax period).
IRS Priority Guidance Plan
The IRS released its annual Priority Guidance Plan Oct. 8, 2019. Upcoming guidance affecting tax-exempt organizations includes:
Revision of Revenue Procedure 80-27 regarding group exemption letters
Guidance on circumstances under which an LLC can qualify for recognition under Internal Revenue Code (IRC) Section 501(c)(3)
Final regulations on IRC Section 506, relating to notification of intent to operate under IRC Section 501(c)(4)
Final regulations on IRC Section 509(a)(3) supporting organizations
Guidance under IRC Section 4941 regarding a private foundation’s investment in a partnership in which disqualified persons are also partners
Regulations regarding the excise taxes on donor-advised funds and fund management
Regulations and other guidance under IRC Sections 6033 and 6104(c)
Final regulations under IRC Section 512 explaining how to compute unrelated business taxable income of voluntary employees’ beneficiary associations
 McKeever, Brice; “The Nonprofit Sector in Brief,” National Center for Charitable Statistics, The Urban Institute