James B. Yard CPA, CIA, CISA July 16, 2009 Nonp onpro rofi fit Symposium posium Nonprofit Risk Management Through Enhanced Internal Controls “A Board Member’s Perspective”
Agenda nda Board expectations Getting Started Building a Foundation for Good Internal Controls • Organizational Considerations – Entity-level Governance – Financial Oversight • Process Considerations – Pledge to Cash - Requisition to Payment – HR to Payroll - Investments – Information Technology 2
Board Expectations 3
What are re You ou Responsible sponsible For? For? Would you answ swer yes es to any of of the the follow owing ques estion ons: – Effective governance – Managing risk – Fundraising and customer service – Legal compliance and public disclosure – Fraud mitigation and ethical behavior – Technology – Internal controls – Internal audit 4
Boa oard rd Expe pectations tations Management has an established and well-defined process for assessing its risk and control practices. Expect fundamental business tools to be in-place: – Governance Process evaluation – Strategic Plan/Budgeting – SWOT Analysis – Enterprise Risk Management – Risk Assessment – Fraud Risk Assessment – COSO Framework – Control Self Assessment – Internal Audit 5
Whe here re Doe Does my Organiz rganization tion St Stack Up? Up? Would Would you ou answ swer yes to to any of of th the foll llowing owing que questi stions ons: • Have you recently undergone significant changes in size, management or structure? • Have you recently performed a review of your governance and control practices? • Are your board members and management educated on risk matters? • Do you have a formal process for evaluating internal controls or are you reliant on your auditor? 6
Getting Started 7
Nonp onpro rofi fit Ch Chall lleng nges • Attention and focus on running the business (not controls) • Sufficient resources to achieve segregation of duties • Management’s ability to dominate activities • Recruiting requisite financial reporting and other expertise to serve on Board/Committees • Recruiting and retaining sufficient financial reporting skill sets • Technical resources to run information systems 8
Re Recent nt Dri Drivers of of Risk Risk and nd Co Cont ntrol rol • Form 990/IRS • SAS 99, 109,110 and 112/Auditors – SAS 99 - Consideration of Fraud – SAS 109 - Understanding the Entity and its Environment and Assessing the Risk of Material Misstatement. – SAS 110 - Performing Audit Procedures in Response to Assessed Risks and Evaluating Audit Evidence – SAS 112 Communicating Internal Control Related Matters Identified in an audit • COSO Framework • AICPA Alert - Not for Profit Organizations • Sarbanes-Oxley Act 9
What are re We Tal Talkin king abou bout Here? re? Process for assessing risk and developing appropriate internal controls: – Setting objectives – Identifying risks to achieving those objectives – Prioritizing those risks – Designing and implementing responses to the risks (e.g., internal control) 10
Impor Important nt Th That We Und Underst stand nd • Smaller Nonprofits can meet the challenges of their unique environments • Management most likely already routinely monitors business activities and should take “credit” for their contributions to internal control effectiveness • Must take a risk based approach to controls • Must leverage a principles based framework • Cost vs. Benefits are critical to decision making 11
Impor Important nt Th That We Und Underst stand nd Four Factors to establishing internal controls: 1. Response to one or more identified risks that affect the achievement of organizational objectives. 2. Within the context of an effective control environment. 3. Method for information and communication. 4. How will we monitor? 12
Impor Important nt Th That We Und Underst stand nd Components of Internal Control (as defined by COSO) • The Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring 13
Impor Important nt Th That We Und Underst stand nd Three Reasons internal control systems fail: 1. Not designed and implemented properly at the outset. 2. Designed and implemented properly, but the environment in which they operate changes (changes in risk, people, processes or technology), and the design of the internal control system does not change accordingly. 3. Designed and implemented properly, but their operation changes in some way, rendering them ineffective in managing or mitigating applicable risks. 14
Impor Important nt Th That We Und Underst stand nd Seven Factors that increase the risk of failure: 1. Complexity 2. Judgment 3. Manual vs. automated 4. Known control failures 5. Competence/experience of personnel 6. Risk of management override 7. Likelihood of control failure detection 15
Whe here re Do Do You ou Get Get St Started rted? • Governance Structure/Board Committees • Financial Oversight • Code of Ethics / Conflict of Interest Policy • Expense Reimbursement and Gift Acceptance • Whistleblower Hotline • Control Environment/Activities 16
Re Resource sources AICPA Financial Management Center – Not-for-Profit Organizations Audit Committee Toolkit (2005) BoardSource – The Source, Board Governance Principles (2005) – Board Self Assessment Toolkit (2009) – The Principles Workbook (2009) Nonprofit Risk Management Center/Public Entity Risk Institute – Financial Risk Management Guide for Nonprofit Executives 17
Re Resource sources (co contin tinued ed) Open Compliance and Ethics Group (OCEG) – Red Book (April 2009) COSO – Internal Control over Financial Reporting – Guidance for Smaller Public Companies (June 2006) – Guidance on Monitoring Internal Control Systems (January 2009) 18
Organizational Considerations 19
Gov Governa ernance Str Structu ture • Review of the size and composition of Board • Establishment of Board committees to address risks, including regulatory, financial, operational, and reputational. 20
Boa oard rd of of Di Direc rectors ors • Composition – Who? Size? • Selection – How? • Contributions/Value – Performance? • Format of meetings – Formal? Timing of Materials? • Agenda – passive recipient of information or decision makers? • Transparency - role in communications and approval on matters? • Executive sessions • Board member education and training Items worth reviewing: Articles of Incorporation Bylaws Board minutes Election/Nomination/Termination process 21
Gov Governa rnanc nce/Ri Risk Co Committe ittee • Establishing a Governance Policy • Addressing Governance and Policy Matters • Risk Oversight • Monitoring conflicts of interest policy and ethics matters • Hotline/Whistleblower activity • Retention and document destruction policy • Board Member education and training • Reviewing adequacy of Form 990 disclosures Items worth reviewing: Articles of Incorporation Bylaws Board minutes Form 990 Process for evaluating strategy and risk 22
Nom omina inating ting Co Committe ittee • Selection of new Board members • Evaluation of existing Board members Items worth reviewing: Articles of Incorporation Bylaws Board minutes Nominating Committee charter 23
Fi Financ nance Co Committ ttee • Oversee the preparation of the annual budget, financial statements and Form 990 • Advising on capital structure and financial risk exposures • Advising on major planned or unplanned expenditures • Evaluate performance of investment advisor • Evaluate investment policy and monitor compliance with policy • Oversee and advising on all other financial/banking relationships Items worth reviewing: Articles of Incorporation Bylaws Board minutes Form 990 Finance Committee charter Finance Committee minutes 24
Audit Audit Co Committe ittee • Selection and evaluation of auditor • Auditor independence • Involvement in financial risk and control matters • Review of financial statements - Financially literate • Review of Form 990 disclosures Items worth reviewing: Articles of Incorporation Bylaws Board minutes Form 990 Audit Committee charter Audit Committee minutes 25
Co Compe pens nsation tion Co Committ ttee • Evaluate compensation of CEO, President, Executive Director and key Management • Evaluation of incentive compensation and bonus plans • Review of Form 990 disclosures Items worth reviewing: Articles of Incorporation Bylaws Board minutes Form 990 Compensation Committee charter Compensation Committee minutes 26
Financial Oversight 27
Fi Financ nancial Overs rsig ight ht • Close Process, Calendar, Checklists (Completeness) • Comprehensive budgeting and forecasting model • Precision and granularity of variance analysis (!!!!!!!!!!!!!) • Key Performance Metrics (Simple to ensure Early Warning) 28
Recommend
More recommend