May 2017 Meeting: Steering Through Uncharted Waters: Planning in Times of Financial Uncertainty

Steering Through Uncharted Waters:  Planning in Times of Financial Uncertainty
 

These are uncertain times for people and organizations dedicated to providing crucial services to under-served U.S. Communities. But an unclear environment does not mean we should sit still and wait.

Jihye Gyde and Nicole Curtain, two senior consultants from Nonprofit Finance Fund, facilitated a session
on concrete first steps for assessing your organization’s financial situation and options to inform
decision-making. These are uncertain times for people and organizations dedicated to providing crucial
services to under-served U.S. communities. But an unclear operating environment does not mean we
should sit still and wait. This is exactly the time to prepare our organizations for whatever change is
coming in a thoughtful, data-driven way.  Topics included: gauging your organization’s financial health,
adaptability, and risk tolerance; assessing risks and opportunities; and developing potential scenarios
and corresponding action plans.

One of the main concerns for nonprofits in planning for the future is the predictability of funding. There
are 6 basic steps that agency leaders should take when planning for an uncertain future. First, open a
dialogue with your staff, board, and stakeholders about what everyone is concerned about. Second,
assess your current financial situation, risks, and opportunities. Do a “pulse” check and focus on the
state of your unrestricted operating revenue. How many months of unrestricted cash do you have?
Determine where your agency stands financially – do you have room to breathe or do you have to take
action now? Can the agency afford to absorb a deficit? On you balance sheet, identify the drivers of
your assets and identify the drivers of your liabilities. Are your receivables collectible and are your
building and equipment being used efficiently?

Third, identify and focus on what issues are controllable by you. Start with the shortest term and
proceed to the longest term. There are financial, human, intellectual, and social capital considerations to
take into account. You need to think through the various levels of change.

Fourth, do the planning –develop various scenarios and what steps you need to take. It is important to
write down each scenario and think it through. Identify the main issues and opportunities, what are the
priorities, and identify the areas of risk, variability, and viability. Identify the range of changes that may
occur, articulate the assumption that you are making, and then create an actionable plan with a
timeline, benchmarks, and objectives and priorities. You should o a program economic analysis, do a
cash flow projection, and determine how much working capital you will need. You can do a go no-go
analysis, an if-then analysis, a decision money/mission matrix, or develop some useful management
dashboards. Senior Managers and the Board should be involved in developing the scenarios. The Board
is used to looking at actual to budget financial results, but you have to look beyond revenue and the
budget. Look at the range of deficits or surpluses that your agency can absorb.

Fifth, monitor developments and operationalize your plan. Develop the means to monitor your plan and
a way to check in with staff to monitor developments. A plan of action should include: timeline,
benchmarks, identify the information /date needed to manage the plan, and identify the staff or team
responsible for implementation.

Finally, share information and develop a culture of collaboration. The goal is not necessarily to provide
answers, but rather to foster a healthy dialog about the future. Communicate often with staff and try
not to be reactive, rather be proactive. Adopt sound financial practices which allow the agency to take
advantage of opportunities and avoid pitfalls.

 

Link to the presentation: http://www.nff.org/news/nff-helps-social-sector-leaders-prepare-change

April 2017 Meeting: Lobbying vs. Advocacy: Massachusetts and Federal requirements

Dan O’Brien, Esq. and Karen Kent, CPA, gave a presentation about issues involved
with lobbying and advocacy by non-profit agencies in Massachusetts. Dan O’Brien,
Esq., is Vice President with The Brennan Group and has over twenty-five years of
public affairs experience in Massachusetts, including significant lobbying and lobbying
consulting experience. Dan has worked on a wide variety of issues in the areas of
higher education, financial services, and real estate and on behalf of Fortune 500
companies. He also served as a government relations professional in the Executive
Office of the Massachusetts Water Resource Authority for three years. Karen
Kent, CPA, is a Principal and a member of the Firm’s Executive Committee. Her
accounting and management consulting practice encompasses numerous clients in the
non-profit and real estate industries.  She also specializes in compliance-driven audits
and process implementation.

Some of the topics that they discussed are as follows: In this day and age — what do you
need to know about advocacy vs. lobbying to protect your organization’s 501(c)3
status?  Massachusetts vs. Federal rules reporting?    501(h) election vs. insubstantial
reporting on the 990? Tracking and reporting your staff, volunteers and organization’s
time costs? Do you, your staff, volunteers and consultants know how to manage your
advocacy to keep it separate from your lobbying efforts and stay within required limits?
The rules can be murky and the implementation of processes to manage, track, and
report your data can be messy.

First, it is important to define what acts constitutes lobbying and who is a lobbyist. On
the Federal level, a lobbyist is any individual who is either employed or retained by a
client for financial or other compensation, whose services include more than one
lobbying contract, and whose lobbying activates constitute 20 percent or more of his/her
time in services for that client over any 3-month period. Covered Federal officials
include members of Congress and their employees, committees, etc. and members of
the Executive branch. In Massachusetts, legislative lobbying is an act to influence
legislation including strategizing, planning, and research performed in connection to this
effort, and Executive lobbying is any act to influence the decision of any officer or
employee of the executive branch of the State. To be a lobbyist in legal terms, you
have to be compensated and you need to have direct contact with the official you are
trying to influence. Advocacy means speaking generally about an issues, but lobbying
involves try to advance specific legislation. If you have two or more communications
about an issue and meet the other thresholds (being compensated, etc.), then you need
to register as a lobbyist. If you write up a position paper for general education, then that
is not lobbying. If that activity is directed at advancing specific legislation, then it is
lobbying. If you or your organization belongs to an association or trade group that
lobbies, that does not make you a lobbyist.

If your agency directly hires a lobbyist, then both your agency and the lobbyist have to
register with the State or Federal government. There are hours worked and compensation
received thresholds which trigger the requirement to register as a lobbyist. The standards
are different for the State of Massachusetts and for the IRS. According to the IRS, there
are 2 types of lobbying: direct lobbying and grassroots lobbying. Direct lobbying is direct
communication concerning official action or legislation. Grassroots lobbying involves
asking the broader public to support certain causes or legislation. Reporting lobbying
activities to the IRS is not an easy task. You need to list exactly all of the costs
associated with the lobbying activities. There are different regulations for direct
lobbying and for grassroots lobbying. Check with the Secretary of State for the
Commonwealth, the Secretary of the State Senate, or the Office of the Clerk for the
U.S.House of Representatives for further information and clarification.

March 2017 Meeting: Information Security for Nonprofits

Information Security for Nonprofits

Dan Keleher from KPM Consulting gave a presentation on Information Security for Nonprofits. Dan Keleher is the Executive Director of KPM Consulting, LLC, the information technology consulting arm of the CPA firm, KPM. Prior to entering consulting Dan had a distinguished 18 year career with Liberty Mutual, where he was responsible for creating cohesive integration of business needs and information technology. Dan discussed some of the key ways data breaches can occur at a nonprofit organization and steps that every employee can take to help minimize exposure. He reviewed: the top risks for nonprofits after exposure to a data breach; how to identify spear phishing attempts; and tips for improved password security

What is the goal of information security? Everything that applies to business organizations also applies to an individual’s own computers and personal devices. Information security is designed to reduce or eliminate the risk of exposure from a data breaches and the ensuing damage to your company’s reputation. It is especially important to safeguard donor/customer/ and employee data: names, addresses, date of birth, phone numbers, social security numbers, bank account information, and much more. By law, companies have to report data breaches. Since January of this year, there have been over 100 data breaches in Massachusetts alone. Hackers often use “phishing” schemes where they trick workers to unknowingly reveal a password or download malicious software. The data thieves are not necessarily going after money – it is more likely that they are going after data.

How do businesses (and individuals) protect themselves? You can protect yourself from outside threats by installing very robust next generation firewalls. You also need to install very strong internal controls. You need to have access to data controls, both physical (locked doors, file cabinets) and logical. Logical Access involves authentication controls to ensure that persons logging into the system, are who they say they are. The best way to do this is to combine two or more types of authentication: username, password, code number, secret questions, biometrics, etc. You also need to restrict access to data based on job requirements, separation of duties, and by adopting the principle of least privilege: if you don’t need access to it, you don’t get it, and if you do need access to it, you only get access for the time you need it. Having strong passwords which are complex and are changed on a regular basis is very important.

Next, you need to have a 100% reliable back-up system. You need to back-up your hard drives, networks, software programs, everything. Back-ups need to be on-site or remote and either by tape, disk, or in the cloud. If you get hit with malware or ransomware, you will either need to pay the hackers to restore your system or you can completely flush the system and restore it with your backup. You need to have a formal plan for doing periodic restore tests and validations. Keep in mind that most hackers can get into any system, given enough time and money.

Finally, you need to educate your employees and users of your system to recognize threats to the system, to avoid letting those threats in (by not clicking on or opening suspicious emails and attachments), and by reporting suspicious activity to your system administrator or help desk. Education and training of users is your last line of defense. Also, you can create an incident response plan, periodically review your MA Data Privacy Written Information Security Plan, and run vulnerability scans on your network.

A summary of the keys steps to protected your IT system and prevent data breaches are as follows: 1) Defend the perimeter with a next generation firewall; 2) control access to your system with authorization controls; 3) have strong and complex passwords; 4) keep your software up to date; 5) secure your data with strong reliable back-up and recovery plans; 6) train you users and make them aware of potential threats; 7) train your staff to be aware of spear phishing and ransomware; and 8) report incidents to your administrator or help desk.

 

The presentation can be found here: KPM_InfoSecurity_03-30-2017-1

February 2017 Meeting: Meet the Massachusetts Attorney General’s Public Charities Division

Meet the Massachusetts Attorney General’s Public Charities Division

Is the sum total of your relationship with the Attorney General’s office the annual filing of the Form PC? Members of the AG’s Nonprofit Organizations/ Public Charities Division came to speak about the regulation of the nonprofit sector, their priorities to support a vibrant nonprofit sector, and how they hope to work with you, as nonprofit leaders, to prevent misuse of charitable funds and protect nonprofits and their donors from fraud and loss.

Assistant Attorneys General Courtney Aladro and Emily Gabrault, members of the AG’s Nonprofit Organizations/ Public Charities Division, gave a presentation about the regulation of the nonprofit sector, their priorities to support a vibrant nonprofit sector, and how they hope to work with nonprofit leaders to prevent misuse of charitable funds and protect nonprofits and their donors from fraud and loss. They spoke candidly about their work, including some real-life examples of cases their office has seen, current office priorities, and best practices for what to do when problems arise in your organization.  They discussed how to avoid common pitfalls and identify red flags to support a constructive relationship with the Division.

The AG’s Nonprofit Organizations/ Public Charities Division, which has a staff of 18 people, has as its major purpose to regulate the nonprofit sector, enforce regulations, and to provide a resource for the sector. In total, the Division oversees approximately 27,000 public charities in the Commonwealth of Massachusetts. The government regulations governing companies (nonprofit and for profits) are constantly changing: DOL regulations, the definition of exempt and nonexempt, IRS requirements, reporting requirements, etc. In addition, the political climate has changed drastically since the last election, so the AG’s office has started a hate crime hotline, which has received a lot of calls recently.

One area that the AG’s office examines is the whether the Board of Directors for a public charity performs its fiduciary duties in a responsible manner. Fiduciary duties include the following: sound fiscal policy; legal and regulatory compliance; sound policies and procedures; oversight of management; Board self-assessment; and safeguarding assets. Board members and management have a duty of loyalty including policies against conflicts of interest and personal financial gain from corporate decisions. Some of the common problems that the AG’s office has dealt with public charities are: “founders syndrome” where the charismatic, visionary, committed founders has become autocratic, distracted, weak, and too comfortable with a controllable Board; conflicts of interest in the Board and management; and a lack of structure and sound corporate processes, especially when it relates to checks and balances and separation of duties. Courtney and Emily reviewed the Fraud Triangle with the 3 points of the triangle being: motivation, rationalization, and opportunity.

How do issues involving public charities come to the attention of the AG’s office? Sometimes a Board member contacts the AG, sometimes issues are raised by other government agencies, sometimes from a consumer. The main goal of the Public Charities Division of the AG’s Office is not to penalize or punish an agency, but to assist the agency in correcting the problem and adopting preventive measures and sound policies. The AG can seek restitution and can assess penalties for various violations and can issue injunctive relief to prevent a “bad actor” from continuing in his/her nonprofit role. Courtney and Emily gave several examples of the types of issues the Division deals with. Example one involved a husband and wife team operating a nonprofit where the lines between personal and business activities became blurred. Example two involved a charity which purchased health insurance from a Board member who worked for the insurance company. Example number three involves a lack of segregation of duties, which led to fraud. A civil case is often easier to prosecute than a criminal case. Example four involved an agency who received a funding cut and as a result, cut back on its operational functions such as paying its employees and paying its debts in order to keep operating. In that case the agency has to maintain its operational functions as well as to continue to fulfill its mission. The agency should monitor its expenses and keep ahead of any potential funding issues. The AG’s office lists the best practices for a public charity as the following: have an independent Board; adopt sound documented policies and procedures; adopt good governance procedures; adopt solid disclosure, evaluation, discussion, and documentation procedures; and major decisions should be made by the independent Board.

A question was asked about changing the purpose of a restricted fund when the funder is no longer available. You can go to the AG’s office to try to get that resolved. You cannot borrow from restricted funds or an endowment fund to temporarily fund cash flow shortfalls. Courtney and Emily said that the enforcement priorities for the next year will be to curtail foundation self- dealing and to better monitor how organizations solicit donations.

 

January 2017 Meeting: Best Practices and What’s New with Procurement Compliance

Best Practices and What’s New with Procurement Compliance

The focal point of the presentation was new procurement requirements for organizations receiving federal grants. Explanation of the standards anchored a broader discussion of best practices for procurement.

The Uniform Guidance (“UG”) containing procurement and contract standards is under Title 2 of the U.S. Code of Federal Regulations (CFR), Part 200: “Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards.” (See Subpart D and Appendix II)

See also: Federal Register – notice regarding the final guidance, 12/26/13

The UG sets forth revised guidelines for the procurement of goods, services, and property using federal funds. The standards apply only to direct expense charged to federal awards, not to procurements allocated to a grant as part of indirect costs. The revision primarily affects grantees that are subject to A-110, namely, educational institutions and nonprofits.

One change is semantic: Under the new guidance, “must” signifies a requirement, whereas “should” (which formerly marked a requirement) now indicates a recommendation.

Major provisions and changes were highlighted:

  • New provision covering conflicts of interest with parent, affiliate or subsidiary organizations
  • Requirement for more detailed record-keeping around procurement (which may be construed as a nudge toward digital records; doing this on paper will likely prove onerous)
  • Focus on adequate competition for contracts
  • A new framework for cost and price evaluation, and new thresholds for mandated methods of procurement
  • Provisions for small and minority-owned businesses
  • Standards for contracts involving pass-through entities

Grantees were given a two-year grace period to implement the guidance on procurement, and the expiration of the grace period depends on your fiscal year. For December 31 year-ends, the grace period ended 12/31/16, and the standards should have been implemented by 1/1/17. If you have a June 30 fiscal year end, you need to implement the standards fully by 7/1/17. If you relied on the grace period, you should have documentation on file that your policy-making body (e.g., your board) elected to do so – it does not need to be submitted, just recorded.

If you receive federal grants, your written policy must comply with the guidance as of the deadline, and from that point on, you need to document compliance with your policy.

When procuring property or services with federal funds, states must follow the same policies they use for procurement with non-federal funds. Nonprofits using federal funds – including those receiving federal funds through the state – need to adhere to the new UG.

Under the new standards, there is an emphasis on adopting well-documented procedures that conform to the guidance, and maintaining oversight to ensure actual compliance with contracts and purchase orders. As part of an overall orientation toward cost containment, the guidance mandates avoidance of superfluous or redundant purchases. In addition, the conflict of interest provisions were strengthened and extended to related organizations, and the standards mandate disciplinary action when procurement standards are flouted or neglected.

The standards encourage the use of federal surplus property in place of new purchases. Also, grant recipients are asked to make use of value engineering clauses in major construction projects. Time and material contracts are acceptable only if other types of contracts are not suitable, and if used, require closer oversight. The overarching theme is cost containment.

The new standards reflect an effort to eliminate favoritism, and to ensure full and open competition. For example, if a contractor is involved in drafting standards or specifications for a contract, they are barred from competing for that contract. In general, organizations need to keep detailed records of the procurement process, including why a method was chosen, what drove particular decisions, and how costs were negotiated. Practices that unnecessarily restrict competition are to be avoided. Geographical preferences cannot be applied, except where mandated by federal standards, such as with architects and engineers who need local expertise. If you use prequalified lists of vendors or suppliers, the lists should include enough options to ensure competition, and should be reviewed regularly.

As a general rule, the scale of procurement dictates the method used. Note that the threshold applies to the aggregate amount directly allocated to a federal contract, and excludes charges from the contractor or supplier that do not involve federal funding.

  • Micro-purchases (under $3K, in the aggregate)
    • Should be distributed equitably among qualified suppliers, to the extent practical
    • If the price is reasonable, these purchases do not require competitive quotes
    • Cost analysis not required
  • Small purchases ($3K-$150K)
    • Must document that quotations were gotten from an “adequate number” of sources, which should be defined by your policy
    • Methods of obtaining quotes should be spelled out in your policy
    • Cost analysis not required
  • Sealed bids (over $150K)
    • Request for bids must be publicly advertised; must define deliverables; and must indicate when and where the bids will be opened.
    • Lowest responsible bidder wins fixed-price contract
    • Sealed bids are the preferred method for construction projects
  • Competitive proposals (over $150K)
    • RFPs must be publicized; must spell out all evaluation criteria; and must be submitted to an “adequate” number of sources, as defined in your policy.
    • Method of technical evaluation and selection must be recorded before process starts
    • Must be more than one source
    • Contract is awarded to proposal that is evaluated most advantageous; factors other than cost and price can be considered
    • Can be either fixed price or cost-reimbursement
    • Competitive proposals are used only when sealed bids are not appropriate
  • Noncompetitive proposals (sole source), regardless of size, must meet at least one of these conditions:
    • The product or service is only available from one source
    • A public exigency or emergency does not allow a competitive process
    • The federal department has approved a written request for a noncompetitive proposal
    • After multiple sources are solicited, competition is judged inadequate

There is more flexibility for purchases below the “Simplified Acquisition Threshold” of $150K. Above that level, you must record a cost or price analysis for every procurement, including modification. In the case of single bid contracts, you must negotiate profit as part of the price. Cost estimates must be reasonable, and are permitted only if allowed under the UG Cost Principle (Subpart E). Cost plus percentage and percentage of construction cost methods are not allowed.

Nonprofits must take affirmative steps to use small and minority businesses (SMB), women’s business enterprises (WBE), and labor surplus area firms.

  • Solicit qualified SMB and WBE whenever possible, and include them on any standing lists
  • Break requirements into smaller packages, to create more opportunities for participation
  • Set project schedules to encourage SMB and WBE participation
  • Tap agencies (e.g., SBA) that promote SMB and WBE businesses
  • Require the prime contractor to adopt these steps when subcontracting

Where pass-through entities are involved, the nonprofit must make technical specifications and procurement documents available to both the federal agency and the pass-through entity. If either the federal agency or the pass-through entity decides that your procurement system complies with the UG, your organization is exempt from pre-procurement review.

Best practices for procurement:

  • Familiarize yourself with the procurement requirements contained in:
  • Understand all contracts – not just federal – for your programs
  • Place procurement in the context of your organization’s culture and experience
  • Review and revise your policies in the context of the requirements flowing from all of your contracts
  • Clearly define roles and responsibilities in policy and practice
  • Train staff on the parts of the procurement process that they are involved in
  • After an implementation period, evaluate the effectiveness of your procedures
  • Ensure that your procurement policy covers all requirements discussed in this presentation in addition to other issues, such as evaluation, disputes, and claims. Some of the key policies and procedures in the context of federal standards are:
    • Conflict of Interest (§ 200.112)
    • Mandatory Disclosures (§ 200.113)
    • Financial Management (§ 200.302)
    • Internal Controls (§ 200.303)
    • Procurement Standards (§ 200.117)
    • Sub-recipient Monitoring (§ 200.331)
    • Personnel Compensation (§ 200.430)
  • Put a working system in place for documenting compliance with your procurement policy

Other resources provided at the presentation: Links to procurement resources, links to federal agency-specific requirements.

Carla McCall is co-managing partner of AAFCPAs and specializes in providing assurance, tax, and business consulting services to sophisticated nonprofit organizations and closely-held companies. Carla’s diverse client base includes health care, arts and cultural, affordable housing, manufacturing and distribution. Carla advises her clients in the specialty areas of revenue recognition, stock option plans, and government contract compliance. She has extensive experience with federal, state and other regulatory compliance requirements of nonprofit organizations.

Hui-Ting is a manager at AAFCPAs and has audit and tax experience with various types of nonprofit organizations, including community development corporations and their development projects with HUD and MHFA requirements, nursing homes, health centers, educational institutions, and social services and behavioral health agencies. She also provides audits in accordance with Uniform Guidance/Single Audit and Government Auditing Standards.