Say hello to

Lisa

CPA | Senior Manager

Lisa’s competitive nature is a great asset to Clark Nuber, to her clients, and to her teammates on the volleyball court. She began playing the sport as a freshman in high school and can still be found spiking the ball over the net twice a week.

Occupational fraud doesn’t always translate to hard cash leaking out of the company’s bank account. This article from the Rochester Democrat & Chronicle discusses an ongoing case about the alleged employee theft of over $2 million worth of diabetes test strips, illustrating how noncash fraud can be very lucrative in the right circumstances.

Enabling Factors

First of all, for a noncash fraud scheme like this to work, there has to be a market for the stolen goods. If the product is too bulky or can only be sold to a limited group of buyers, the risks of this type of fraud reduce. However, the risks don’t necessarily go away.

In this case, authorities state the alleged offender was able to procure medical supplies and had identified a handful of buyers to complete the cycle. When considering your internal control plan, the “street value” of a company‘s product needs to be considered in the risk assessment process. Inventory that carries a greater street value needs to have a more robust internal control plan.

Secondly, more often than not, the perpetrator needs access to the receiving department. This article mentions that the alleged offender “intercepted” the medical supplies. Ideally, the roles of purchasing and receiving should never overlap. Those roles align too well and provide the perpetrator both the opportunity to gain access to the inventory and the potential to cover it up.

Detection Methods

The article also illustrates some very effective detection techniques that can and should be deployed to combat against this risk.

Clearly, the data analysis being performed by a function/department in the company was key. The company knew that the volume of diabetes test strips was far too great for their needs. They also knew that the orders of the test strips came from one secure user ID. The article isn’t clear on whether the company came to know these facts during the scheme or after the fact, but regardless, data analysis of key functions within a company is an extremely effective fraud detection tool. A simple report of purchased quantity by SKU would highlight unusually large volumes of purchases. That, coupled with a query to understand the sales of that same SKU, far less than the purchases, would shine a bright light on this issue.

It also seems likely to me that the company distributed some fraud training materials on things to look out for. After the internal audit system flagged the strip purchases, an employee was directed to look for inventory discrepancies. The article mentions that an employee noticed a box without a company logo on it, which appeared unusual. They also noticed it was purchased from a company they didn’t use very much, if at all, which was also unusual. Lastly, they noticed the return address matched the accused employee; again, this was unusual. Fraud training materials are critical to share with the front-line workforce. They are the ones in a position to notice this type of behavior.

Conclusion

Fraud is not an ordinary part of a business’s operations. By its nature, it is unusual and creates unusual pieces of data. The job of an internal control architect is to construct a series of controls that help the business identify and resolve unusual observations. You have to start with an informed approach based on a tailored assessment of the unique risks facing the business. Once that assessment is in place, the controls needed will start to align from there.

© Clark Nuber PS and Focus on Fraud, 2019. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Focus on Fraud with appropriate and specific direction to the original content.

Keep Reading

Articles and Publications

Cryptocurrency Gift Strategies for Not-for-Profits

Before deciding whether your not-for-profit organization should accept cryptocurrency for gifts, you must understand what it is. A cryptocurrency, or virtual currency, is a digital medium of exchange that can be used for purchasing, selling, and storing value, but it is not backed by a sovereign government. In that light, bitcoin, ether, syscoin, and litecoin are among the best-known cryptocurrencies, but there are more than 2,000 cryptocurrencies listed on Coinmarketcap.com, with varying degrees of popularity. The U.S. Treasury currently classifies cryptocurrency as intangible property or a commodity. Despite the name, it is not a currency and does not have legal tender status in any jurisdiction. The technology underpinning cryptocurrencies is blockchain, which is a "distributed ledger technology." This decentralized general ledger system in theory removes the need for banks and governments for security and regulation. Technically, cryptocurrencies are one of several types of digital tokens that have caught on with the public and caught the eye of regulators. For example, the two digital tokens, aka cryptoassets, with the largest market capitalization are bitcoin, a true cryptocurrency, and ether, which is defined by the SEC as a utility token. However, the most prominent class of digital tokens is cryptocurrencies and while there are differences among types of digital tokens, they are not essential in understanding the issues raised in this article. Thus, for the sake of simplicity, the blanket term cryptocurrency will be used. The authors are not advocating for or against accepting cryptocurrency. This article focuses on the key decisions needed once the not-for-profit organization determines it will accept this type of gift. After the decision is made, the organization must decide whether it will accept the asset directly or indirectly through a third-party facilitator and, if accepting this asset class directly, how to do so safely and securely. The four steps organizations may take to get ready to accept this new class of asset are:
  • Review and update the organization's gift acceptance policy;
  • Set up systems, accounts, policies, and procedures to accept and secure this class of asset;
  • Adopt accounting policies and adjust the chart of accounts as necessary to properly account for this class of asset if it cannot be readily converted to cash (this article does not address accounting practices, as accounting guidance for cryptocurrency is being evaluated by an AICPA working group); and
  • Understand and implement systems for gathering information needed to comply with all reporting requirements associated with accepting this class of asset.

Gift Acceptance Policy Update

The first decision is whether the organization wants to accept this class of asset as a charitable gift (see the sidebars "The Case for Accepting Cryptocurrency Gifts" and "The Case Against Accepting Cryptocurrency Gifts" at bottom of page). Not-for-profit boards have fiduciary responsibilities for donated assets, and some may decide that cryptocurrencies offer enough uncertainties and unknowns to make exercising that fiduciary duty difficult. The decision to accept this class of asset is a board decision that should be reflected in board minutes and then implemented by the organization's management. If you determine the organization does not want to accept this class of asset directly, the organization can still encourage donors to use a donation-facilitating organization acting as an agent of either the donor or the organization. If the facilitator is acting on behalf of the donor, this could be a donor-advised fund (DAF) sponsor. Many DAF sponsors are equipped to accept most types of property, including cryptocurrency. There may be a delay between the time the donor makes the gift to the DAF sponsor and the time the gift is ultimately advised to your organization because, as noted above, it can take time to convert this type of property to cash depending upon the cryptocurrency donated and its liquidity. This could affect the gift's value. Alternatively, your organization can contract with a facilitating organization to act as its agent to accept cryptocurrency on its behalf, convert this type of property to cash, and remit the cash net of fees. This relationship is like using an agency to accept donated used automobiles. The donor receives a donor acknowledgment letter from the charity. However, the facilitating organization conducts the transaction on behalf of the charitable organization.

Safeguarding Gifted Assets

Once the board decides to accept cryptocurrencies, here are some quick implementation tips and safeguards to protect this asset. As a form of digital currency (classified as "property"), bitcoin and other cryptocurrencies exist only electronically. The crypto donation will arrive in the form of an email or Quick Response (QR) code that the organization will need a "digital wallet" to decipher. A "wallet" is software or an application downloaded to either a phone (mobile device) or a desktop computer that stores the public and private keys used to send and receive digital currency. The wallet is like a bank account for cryptocurrency, and you must have one before accepting the asset. If someone sends you cryptocurrency before you have a wallet, those tokens may not be recoverable. Using a secure computer with two-factor authentication is a good practice. Cryptocurrency is not actually "stored" in a wallet. Instead, a private key (secure digital code known only to the organization and its wallet) is stored that shows ownership of a public key (a public digital code connected to a certain amount of currency). The public and private keys have a mathematical connection to each other, allowing you to share your wallet address without sharing all of your wallet information. The public/private key pair enables verification, as a transaction includes the public keys of the sender's and recipient's wallets, with the connection to the respective private keys being used to verify. The organization's wallet stores its private and public keys, allowing it to send and receive cryptocurrency (coins or tokens). The wallet acts as a personal ledger of all transactions to which it is a party. The organization must have systems in place for protecting these keys so they are not lost, stolen, or misappropriated. When your organization sets up its wallet, it must share some sensitive data elements such as email addresses; cellphone numbers; identifying information for U.S. bank accounts, credit cards, or another similar payment service such as PayPal; tax identification number; and other forms of identification. A data classification policy, which provides the level of security and controls required to share these data outside of the organization, is a necessity. Risks to be taken into account include the vulnerability of wallets when keys aren't adequately protected or are stolen in a cyberattack. Because banks have been known to freeze accounts with cryptocurrency activity, the organization might set up a separate bank account or related credit card account for the sole purpose of receiving and processing the crypto donations into cash. It's important to apply security features such as dual approval and restricted access as a requirement for these accounts. Cryptocurrencies are vulnerable like any other data asset on the organization's network, especially systems that have access to the internet. This includes online wallets, exchanges, wallets on employee computers, cloud storage of private keys, and mobile applications. To prevent theft of cryptocurrencies, the use of cold storage (an offline archive of private keys) is recommended. This means basically taking them off the network. Top cold storage methods include an offline hardware wallet (a specialized device), a USB drive, or a paper wallet. Per the organization's gift acceptance policy, your organization will want to liquidate crypto donations as soon as possible, reducing the need for storage and the risk of loss. Alternatively, if the organization makes the conscious decision to hold on to the donation in cryptocurrency, then investment policy, storage, and security procedures around accessing this digital asset need to be established. This would be addressed under investment and asset control policies. Some wallet providers, such as Coinbase, act like a brokerage account, meaning you never have to worry about the private keys. However, you do want to use cold storage if you're using a traditional wallet. Because cryptocurrency operates on open blockchain networks and is facilitated over wallets and exchanges that require two-factor authentication, the person responsible for managing these items will receive various notifications and verification requests. Appropriate security awareness training over these procedures and alertness for phishing emails or smishing text messages (which allow hackers to attack your cellphone) are crucial. Additionally, protect your organization by:

Using multiple wallets:

There is no restriction on the number of wallet addresses an organization can use. Some holders of cryptocurrency generate a new address every time they send or receive cryptocurrency, to reduce the risk ofloss.

Keeping only small amounts in a web wallet:

Web wallets are targets for hackers. Keep only a small amount of cryptocurrency protected by a password in each wallet. Wallets held on computers are also vulnerable. Use cold storage to hold large amounts of cryptocurrency.

Obeying a no-share policy: 

Never share your organization's private keys for your cryptocurrency with anyone. Doing so gives them full access to your organization's funds.

Reporting Issues

Generally, for tax purposes, a contribution of cryptocurrency will be treated as a noncash contribution, and the cryptocurrency must be valued at the time of the contribution. If the asset is immediately converted to cash upon receipt, the contribution and the conversion to cash are treated as two separate transactions for tax reporting purposes. The conversion transaction will be treated as a sale of property. The organization will likely be asked to sign a Form 8283, Noncash Charitable Contributions, acknowledging receipt of the asset. The organization should also provide a signed donor acknowledgment letter providing the donor (or the donor's agent) with the required items necessary to take a federal deduction for a charitable contribution (see the sidebar "What Should Be in a Donor Acknowledgment Letter" at bottom of page). Although the organization does not value the gift for donor acknowledgment purposes, the organization must value the gift for its own internal financial reporting and tax reporting purposes. This is not information the organization should share with the donor, as it could impact the donor's preparation of his or her income tax return. If the donor relied upon this information, it could cause the organization to incur penalties if the donor used the information and it resulted in the incorrect overstatement of an income tax deduction later disallowed by the IRS.

A New Asset with Staying Power

Like other assets, such as marketable securities just a few years ago, cryptocurrency is likely to be with us into the future. Therefore, organizations should consider if they want to accept it as a class of asset, either as a gift directly or through a facilitator. If a not-for-profit decides to directly accept this class of asset, implementing policies and procedures is necessary to safely propel the organization into the future.

The Case for Accepting Cryptocurrency Gifts

Arguments in favor of accepting cryptocurrency include:
  • This is a type of property that is likely to be with us for the long term. Therefore, organizations may find they need to accept the asset either directly or indirectly through a facilitator.
  • Donors want to make gifts of appreciated assets without recognizing gain on the appreciation. Cryptocurrency fits this class of asset.
  • Once you understand the basics, this is just another type of property. It is not a particularly special type of property. It is more a matter of having a system in place to convert it to cash so you can put the gift to use as quickly as possible.
  • If you have systems in place making it easy for donors to transfer assets to your organization, you will be an attractive recipient of gifts from sophisticated donors.

The Case Against Accepting Cryptocurrency Gifts

Some arguments against accepting cryptocurrency are:
  • More than 2,000 cryptocurrencies are listed on Coinmarketcap.com. Accommodating them all would be a logistical challenge, and their rapidly changing values make them a risky asset class to hold even briefly.
  • Some cryptocurrencies may not be readily convertible to cash. Therefore, the organization must determine if it will accept the asset if it cannot convert it to cash and put it to use for the organization's charitable purpose. The accepting charity should be cautious and aware that it may need to use other assets of the charity pending liquidation of the cryptocurrency.
  • The charity may want to limit the amount of this class of asset it is willing to accept or hold at any time within its overall portfolio to help mitigate the risk of loss of value due to the current volatile nature of the asset class. However, limiting concentrations of any specific asset class applies generally to all portfolios.
  • This class of asset is an anonymous asset. The organization may have a policy of not accepting anonymous gifts. The organization may not be able to vet every donor. However, if the donor is known to the organization, the gift is not anonymous. If both the donor and the asset are anonymous, the organization may want to have a policy strictly for public relations purposes. An anonymous gift could be a fine gift. However, it could be a gift from a donor with an "image problem" who may not stay anonymous. What are your organization's terms for accepting an anonymous gift? Must the donor commit to staying anonymous? What if the money came from ill-gotten gains? Experts say ransomware hackers, for example, often demand to be paid in cryptocurrency, which can be used as an exchange for many criminal endeavors. Many gift acceptance policies do not address this issue because it has never arisen. Your policy does not need to address every possible hypothetical if it is currently considered unlikely or remote. It is acceptable to wait until a specific circumstance arises or is likely to arise. However, addressing the issue of anonymous gifts may be general enough to cover cryptocurrencies.

What Should be in a Donor Acknowledgement Letter

Final regulations issued by the IRS on July 30, 2018, for documenting noncash contributions will apply to donations of cryptocurrency (see the chart, "IRS Noncash Contribution Documentation Rules"). The regulations make clear that for gifts exceeding $5,000, a donor acknowledgment letter; a signed Form 8283, Noncash Charitable Contributions; and a qualified appraisal will be required for a donor to substantiate a charitable contribution deduction. The signed Form 8283 is not a substitute for the donor acknowledgment letter from the charity. A donor acknowledgment letter is required for any contributions of $250 or more and must include:
  • Date of donation.
  • Name of the donor (or the agent managing the gift on behalf of the anonymous donor).
  • Description of the donated asset (but not the value).
  • Name and tax status of the recipient organization.
  • Any restrictions on the gift that might affect the gift's value.
  • The value and a description of any goods or services provided in exchange for the gift or, alternatively, a statement that no goods or services were provided in exchange for the contribution of the gift.
The Form 8283 is prepared by the donor and must be attached to a tax return for any noncash gift valued at more than $500 for which a donor wishes to take a charitable deduction. For gifts with a value of $501 to $5,000, donors need only complete Section A of Form 8283; a qualified appraisal is not required. The Form 8283 must be attached to the tax return for which a charitable contribution deduction is claimed. For gifts valued over $5,000, barring a few limited exceptions including marketable securities but not cryptocurrencies, donors must obtain a qualified appraisal and complete Section B of Form 8283 and attach the qualified appraisal to the tax return on which the charitable deduction is claimed. The rules for what constitutes a qualified appraisal are detailed and complex. Donors should pay careful attention to the regulations if noncash contributions of substantial value are made. In addition, the new regulations make clear that for any tax filings made after July 30, 2018, if the donor is not able to use the full charitable contribution deduction in the year the gift is made and is using the five-year carryover, the donor must attach the Form 8283 (whether Section A or Section B is used), and for gifts over $500,000, the qualified appraisal must also be attached to the tax return for any year in which the carryover deduction is claimed.

IRS Noncash Documentation Rules

Final IRS regulations issued July 30, 2018, have different requirements for documenting noncash contributions, depending on the value and type of noncash gift: ©2019 Association of International Certified Professional Accountants. 

New Entertainment & Club Dues Rules Under Tax Reform

Prior to TCJA, meals and entertainment were 50% deductible if not lavish or extravagant and there was a business purpose. Among the 50% deductible items category were event tickets, golf outings, per diem meals, client lunches, and more.

Rules for Entertainment

Starting in 2018, entertainment expenses are no longer deductible:
  • The 50% deduction to bring clients to the Huskies, Mariners, or other sporting events is now lost.
  • The 80% charitable deduction related to seat-related gifts to college sporting events is also disallowed. Skybox fees remain non-deductible.
  • The IRS recently clarified that separately stated meals at entertainment facilities will still be 50% deductible with a business purpose.
Meals and entertainment expenses for employee parties, employee snacks, and golf outing sponsored advertisements remain 100% deductible. However, meals provided for the convenience of the employer are reduced from 100% deductible to 50% deductible.  Other meals including client meals, employee meals, travel meals and per diem meals remain 50% deductible unless separately billed to a client.

Rules for Club Dues

Club dues can be another topic of confusion as to what is and what is not deductible.  Under the new rules, any membership dues paid to a club for business, leisure, recreation, country club or other social purposes are 100% non-deductible, unless they are included as compensation on an employee’s Form W-2. While club dues are specifically disallowed, the meals at these locations remain 50% deductible, as long as there is a business purpose. There is an exception that allows a 50% deduction for dues paid to professional, civic and public service type organizations, as well as business leagues, chambers of commerce and boards of trade. With these new tax law changes, you might want to rethink your entertainment and club dues expenses and how they are accounted.  Please consult your Clark Nuber professional or Rene Schaefer for additional guidance and questions. Co-author Joseph McGahan is a senior associate in Clark Nuber’s Tax Services Group. © Clark Nuber PS, 2019. All Rights Reserved

How to Apply for Federal Grant Funding: Part One

Applying for federal grant funding may seem like an intimidating prospect, especially if it is your first attempt, but there are steps your organization can take to prepare for a smooth application process and successful grant administration. Before applying for federal grant funding your organization should consider the following advice:

Step 1: Register with the proper entities

If your organization is interested in applying for awards, it must be a legal entity with an Employer Identification Number (EIN). To apply for federal grants, an organization must have a Data Universal Numbering System (DUNS) number. A DUNS number is a unique nine-digit identification number. The registration process is a free online service and your organization must have one for each of its physical business locations. Your organization must also register with the System for Award Management (SAM.gov), a searchable database of firms eligible to do business with the U.S. government. You must have an active registration in SAM to apply for a federal grant. Awardees are also required to search SAM.gov before selecting vendors, subcontractors, or sub-awardees. Organizations are required to renew their online SAM registration annually. If your organization completes the renewal process online before its due date, the renewal process takes place instantly. However, as of June 2018, new entities and those with lapsed registration must submit a notarized letter appointing the organization’s authorized administrator. If you need to submit a notarized letter, your SAM registration could take up to five weeks. To ensure your organization’s eligibility for grant funding, give yourself plenty of time to register with SAM.gov and do not let your registration lapse. Once you are registered in SAM.gov, your organization is required to assign two important roles to staff: 1) an e-biz point of contact who sets up rights and roles for other staff; and 2) the Authorized Organization Representative (AOR) who approves the submission of a grant application and the acceptance of a federal award. These roles can often be assigned to the same person, but it’s important to know who at your organization is assigned these roles. The final step in the pre-application process is to register with Grants.gov. This website contains a searchable database of federal funding opportunities and is also a main portal for submitting federal funding grant applications. There are step-by-step instructions, including how-to user videos, for most of the tasks associated with using Grants.gov. Clark Nuber Tip #1: The help desk (1-800-518-4726) is extremely helpful and willing to walk you through the complex process.

Step 2: Set-up a Grants.gov Workspace

Once you are registered, you must set up your Grants.gov Workspace, which is currently the required platform for submitting federal grants. This online platform allows an applicant to add concurrent users (both internal staff and/or external grant writers) to work on a single application together. While Grants.gov has thorough instructions available for the set-up and use of Workspace, it is not especially user-friendly or intuitive. Clark Nuber Tip #2: Learn how to use Workspace well before the imminent pressure of a grant application deadline.

Step 3: Check your organization’s eligibility

Many federal funding opportunities look promising, but are you certain you are eligible to apply? Eligible federal grantee applicants may be a governmental, educational, public housing, not-for-profit, for-profit, small business, individual, or foreign entity. It is important to check the eligibility criteria for each specific funding opportunity of interest to verify your organization is eligible to apply. Clark Nuber Tip #3: If you are not eligible to apply as the lead applicant, it may still be possible to pursue the funding opportunity if you work in partnership or collaboration with another entity who is eligible. This is also a great way to gain a track record managing federal grants, even if you are a sub-recipient or sub-awardee on another’s federal award.

Step 4: Identify whether the grant is a good fit for your organization

If you are eligible to apply, be sure to identify a process for assessing each potential grant for suitability and alignment with your organization’s mission and capacity. Not every grant for which you are eligible to apply is a good fit for your organization. Identify those within your organization who can evaluate the cost-benefits of a funding opportunity; this task may also be delegated to a grants committee. Clark Nuber Tip #4: Larger organizations should create an orderly and well documented process for applying, preparing, reviewing grant applications, and accepting grant awards. This process will include all relevant policies and procedures and should include checklists and review/approve forms.

Step 5: Identify the individuals in charge of handling the grant application process

Identify those individual(s) in your organization (or outside grant consultants) involved in writing grant applications and ensure they speak with key stakeholders in human resources, finance, and information technology when they are developing budgets for projects and programs. Applying for funding is a team effort; no one person can do it alone. To develop a successful application, at least one member of the team working on your grant application should understand the Uniform Guidance and other points mentioned in this article. Clark Nuber Tip #5: Always write the project budget before writing the grant narrative. Doing so will ensure the funding opportunity is right for your organization, assure adequate resources have been allocated, and support a consistent, narrative flow throughout all sections of the grant application.

Step 6: Create an internal review process

A grant should not be submitted before it has been evaluated by key stakeholders within the organization. The grant application should be completed and ready for internal review well in advance of the submission deadline. The application should be reviewed for realistic programming objectives, a compelling narrative, an accurate budget, and for its compliance with the Notice of Funding Availability (NOFA). The NOFA usually describes the evaluation criteria that the federal grant reviewers will apply to your application, so it’s important for your organization’s internal reviewers to use these criteria during their review process. Clark Nuber Tip #6: The NOFA should be read more than once with a highlighter in hand during the grant preparation process because it is difficult to absorb the vast amount of information it contains. Once the grant preparation process is complete and the application is ready for submission, the AOR must sign any additional documentation (e.g., certifications, assurances, etc.). Submission of the final application through Grants.gov’s Workspace constitutes automatic approval by your organization’s AOR, so be sure this individual has read and approved the grant’s submission prior to using Workspace.

Step 7: Develop a way to manage, organize, and store submitted applications

Approaches can be as simple as maintaining an Excel spreadsheet or the use of more sophisticated databases, such as the grants module in Raiser’s Edge. Clark Nuber Tip #7: Declined applications can still be used to repurpose content in future grant applications, but always start fresh to ensure you have created a competitive grant application that complies with the current, not past, funding opportunity. If your federal grant is awarded, be sure to review all grant agreements before signing. A grant award is a legal, binding contract. Your organization should thoroughly review all documents and the associated terms, rules, regulations, and reporting requirements associated with the expenditure of the grant. Properly file away the grant award, approved application and budget, and all other documentation, both electronically and in hard copy. When the project starts, be sure to store all pre-approvals, award/budget modifications, major grantor communications, programmatic/financial reporting, etc. in this comprehensive file. Clark Nuber Tip #8: A complete grant file will smooth future interactions, such as during a site-visit from a program officer or during a single audit.

Step 8: Communicate with those involved

Be sure to share the great news that your organization has won a federal award. As you set up the appropriate financial systems to track expenses, make sure to identify and regularly communicate with all individuals responsible for the grant project’s implementation, compliance, programmatic reporting, and financial reporting. Clark Nuber Tip #9: A well-documented pre-award process will lay the foundation for strong project implementation during the post-award phase of the grant.

Learn More

If you would like to learn more about applying for federal grants, please contact Clark Nuber. Check back next month for Part Two in the series, where we discuss the resources and procedures you should have in place before applying for a federal grant. Jennifer Keller, Clark Nuber Jennifer Keller is a manager in Clark Nuber’s accounting and consulting services team. Sara T. Behrman is a freelance writer and grants consultant living in Portland, Oregon. © Clark Nuber PS, 2019. All Rights Reserved

Featured Resources