Say hello to

Shelly

CPA | Principal

There’s nothing that Shelly enjoys more than vacationing with her daughter, especially when those vacations involve all things Disney.

One requirement in the auditing standards is to ask our clients, point blank, if they are aware of any fraud within the company. This requirement is for all entities undergoing a financial statement audit, whether they are a large publicly traded corporation, a small family-owned business, or even a not-for-profit (NFP) organization.

To me, the worst answer is not so much getting a response of “yes,” because let’s face it, we don’t get that response very often. What’s most disappointing is a shocked reply of, “Fraud could never happen here, we’re a charity!”

Unfortunately, history has proven time after time that NFPs are vulnerable to fraud.

Past Clark Nuber Focus on Fraud blog posts have touched on the importance of oversight and separation of duties; having all of your eggs in one basket from the perspective of financial transactions puts you at risk of that trusted employee embezzling funds right under your nose.

Employees with longevity gain trust and take on more responsibilities, giving them greater access. One need only look at this example of a trusted employee stealing from her organization. Over her five years working at the National Veteran Services Fund Cynthia Tanner stole more than $800,000 from the organization.  Using the funds to write checks to herself, her family, or to pay bills, she then changed the accounting records to make it look like the payments were for legitimate business or charitable purposes. You can read more on that case here.

You may hope your client’s staff and volunteers have only the best interests of the organization and its mission at heart. But fraudsters can work and volunteer at any organization.

Data on Frauds at NFP Organizations

The 2016 ACFE Fraud Report to the Nations on Occupational Fraud and Abuse  is the result of a biannual survey of Certified Fraud Examiners around the globe on cases they worked on. The data is summarized and analyzed for trends. For NFPs, the statistics are troubling.

Religious, charitable, and social service agencies report a disproportionate share of expense reimbursement fraud, check tampering, and skimming, as compared with other industry sectors. This may be in part because other common fraud schemes like financial statement fraud are much more popular in the public company arena, where CEOs are trying to meet projections or drive up stock prices. It may also be because employees handling cash transactions at some NFPs are trusted to do the right thing and are given too much access and not enough oversight.

Want another example of too much access/not enough oversight? In Beaumont, Texas, a director at a health care clinic specializing in treating AIDS patients, was indicted for embezzling more than $342,000, through writing checks and paying her daughter, who was not an employee. She is serving a prison sentence.

How Internal Controls Can Help

Ensuring there are enough checks and balances in each step of the cash and check handling process can greatly reduce the risk of fraud in these common areas. Staff who generate checks should not have access to change the accounting records afterwards. A high-level employee who does not have a role in the check-writing or approving cycle should review the cancelled checks to ensure they appear to be reasonable business expenses, and should not rely solely on the accounting records.

For the cash receipts cycle, two people opening envelopes together is a much stronger control than having one person, especially if that one person is also making the bank deposit and recording it in the accounting system.

Implementing appropriate internal control procedures can also protect the employees doing those jobs. Initially, they may feel that they’re being singled out for scrutiny and review; in fact, they’re being protected from suspicion. If an organization has strong controls in place that are consistently followed, no one can accuse an individual staff person of wrongdoing.

Fraud is not solely in the realm of public companies and privately held businesses. Nonprofits should review their internal controls and ensure their trusted employees are not just trusted, but verified.

© Clark Nuber PS and Focus on Fraud, 2016. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Focus on Fraud with appropriate and specific direction to the original content.

Keep Reading

Articles and Publications

Following Best Practices in Financial Matters Enhances Business Value

A strong financial house supports growth and sustainability - enhancing the value of a business. The following are key areas that should be considered when evaluating your company’s financial strength.

Audit Readiness

How would you rate your company in terms of being “audit ready”? Even if an outside accounting firm does not audit your financial statements, it is good business practice to have effective financial reporting processes in place. This ensures accurate and timely financial reporting. Audit readiness improves the quality of financial information, which leads to better data for decision-making. Being “audit ready” means having reliable documentation available to support the financial statement balances, documented accounting policies and procedures that are consistently applied; effective segregation of duties; and proper data retention policies. If a potential buyer of your business dropped into your office without notice and offered big dollars to purchase your business, would you be able to respond to their financial due diligence requests in a timely manner? Delays in responding to questions about the financial information of a company can cause investors and owners to doubt that sufficient accounting functions are in place and operating effectively. Does your company provide your investors and owners with proof that your company has a healthy and standardized reporting structure?

Sufficient Capital

Do you have a stable banking relationship that provides access to sufficient capital for running and growing your business? Is the company financially strong enough to pass the analysis a lender performs when approving a loan? One area a lender will review is the company’s ability to generate cash flow to meet debt obligations. Lenders will typically review a company’s past three years of cash flow performance and compare it to the projected debt service requirements. A common metric for evaluating cash flow is the debt service coverage ratio, which is defined as net income before interest, taxes, depreciation and amortization, divided by projected debt principal and interest payments, over the next twelve months. A debt service coverage ratio less than one depicts negative cash flow. Most lenders require a ratio of at least 1.2 times. Lenders also like to see sufficient equity in the company, which is necessary for surviving a downturn. If the company were to become unprofitable for a period, the lender needs to feel confident that the company won’t run out of cash while it works to restore itself financially. A company with sufficient capital also demonstrates that ownership is invested in the company’s success, or has the “skin in the game,” to work through difficult financial times.

Risk Management

Have you protected, or limited, your company from risk? Regardless of size, all companies face business risk. Therefore, every company should evaluate how it can best limit its risk. Implementing a risk management program that identifies threats, assesses the vulnerability of the business to the threats, manages ways to reduce the risk, and monitors for continual improvement, can protect a company. Your company’s risk management program should align strategically with executive management’s risk appetite. Both department management and executive management should participate in the process of identifying threats and assessing vulnerability. Department managers have specific knowledge of issues and unique business risks that affect their department. This insight can be a valuable addition to the discussion. Management should take a broad view when identifying and assessing the risks that could potentially affect the business negatively. Risk management is more than protecting physical and financial assets; it includes protecting a company’s reputation, its employees, and its customers. The Clark Nuber Core Value methodology can assist owners and management in assessing their company’s financial strength and identifying opportunities for improvement. Implementing best practices in financial reporting, capital management, and risk assessment procedures establishes the oversight and discipline necessary to drive business improvement and enhance its value. What steps are you taking to enhance your business value? © 2016 Clark Nuber PS All Rights Reserved

Product Differentiation

Future owners need to believe that a company has significant room to grow before they will invest in a venture. Additionally, having a unique business is not enough. A company’s products or services must address the goods or services that consistently receive high value within the market and drive customers to come back for more. Many owners focus too heavily on putting their heads down and getting their product out the door. While moving product is important, it is also essential that you understand what makes your product unique and desirable. That is to say, what compels buyers to purchase your product over your competitor’s product? Start by asking yourself questions, such as, why would anyone buy my product or service? How am I different from my competitors and does it really matter to the ultimate customer? Can I objectively measure my differentiation? Does my differentiation allow me to maximize my margin? Is my addressable market large enough to drive meaningful sales volumes? And, how does this tie into my reputation and brand? These are often not easy questions to answer, but they are essential when laying out a strategic approach to enhancing the value of your company. After wrestling with your questions, you can begin determining and documenting your answers. During this step, it is important to find supporting documentation that establishes a current base case on your differentiation. This will serve as a good benchmark going forward as you continue to re-measure these same questions in the future. When differentiating your business, you must also factor in the dimension of continually needing to reinvent yourself. Even though your company might initially be meaningfully unique, your product or service often becomes commoditized over time—thus introducing the need for reinvention. Think of great companies that have lost their positions in the market, or their very existence—Yahoo, Xerox, Palm, etc. While their initial product or service created a buzz, these companies weren’t able to sustain their innovative edge over time. We will discuss this idea more in our blog regarding innovation. steve-brilling-chart-for-post-11-v3The above graphic highlights the importance of product differentiation through showing the life cycle of a typical product or service. Meaningful product or service differentiation is an essential component in enhancing the value of a company. © 2016 Clark Nuber PS All Rights Reserved

Management’s Responsibility for Going Concern Analysis

Up until now, there has not been guidance related to going concern analysis and financial statement disclosure requirements in U.S. GAAP. Existing guidance has been embedded in the auditing standards, which have always required that auditors, not management, evaluate an organization’s ability to continue as a going concern for a reasonable period of time. To help provide clarity around the issue, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) No. 2014-15, Presentation of Financial Statements - Going Concern (Subtopic 205-40), Disclosure of Uncertainties about an Entity’s Ability to Continue as a Going Concern. One common theme you will see as we move through the requirements of the new standard, is the going concern analysis and disclosure shifting from an auditor’s assessment to a management’s assessment. As substantial doubt and uncertainties about going concern would likely be a material financial statement disclosure, it makes sense for it to be incorporated into U.S. GAAP financial reporting requirements. Relevant Changes Look Forward Period - The look forward period is one of the more significant changes. The auditing standards require the auditor to evaluate relevant conditions and events about an entity’s ability to continue as a going concern one year from the financial statement date. ASU 2014-15 requires that the look forward period for management’s analysis be one year from the date that the financial statements are available for issuing. This is typically several months after the fiscal year-end. Defines Substantial Doubt - Prior to ASU 2014-15, a definition for substantial doubt did not exist. However, the new guidance says that substantial doubt exists when relevant conditions and events, considered in the aggregate, indicate that it is probable that the entity will be unable to meet its obligations as they become due within one year after the date that the financial statements are available to be issued. The FASB’s definition could be perceived as a higher threshold than current practice as the term “probable” means likely to occur. Management’s Analysis Assessing Substantial Doubt - Under the new standard, management should evaluate all relevant known conditions, or those that can be reasonably expected to happen as of the date the financial statements are to be issued. This evaluation should be both qualitative and quantitative in nature, and should include conditions that might give rise to substantial doubt. Information to consider could include the current financial condition, available cash, access to credit, obligations that are due or anticipated, and cash flow projections to fund operations. It is important to note that the process of determining substantial doubt is independent from any mitigating effects that result from management’s plan. Assessing Mitigating Factors - If management determines that substantial doubt does exist, the next step is to evaluate management’s plan for alleviating the substantial doubt. The guidance says that only plans that have been approved prior to the issuance of the financial statements should be considered.   As such, management and the board need to determine and approve a well thought-out game plan, versus a basket of potential ideas. Management then needs to determine whether they can effectively implement the plan, and whether the plan, once implemented, will it alleviate the conditions that raise the substantial doubt. Disclosure and Reporting Requirement If management’s plan alleviates substantial doubt, the organization should disclose:
  • Principal conditions or events that raised substantial doubt about the organization’s ability to continue as a going concern
  • Management’s evaluation of the significance of those conditions or events in relation to the organization's ability to meet its obligations
  • Management’s plans for alleviating substantial doubt about the organization’s ability to continue as a going concern
If management concludes the substantial doubt is not alleviated, the organization should disclose:
  • Principal conditions or events that raise substantial doubt about the entity’s ability to continue as a going concern
  • Management’s evaluation of the significance of those conditions or events in relation to the entity’s ability to meet its obligations
  • Management’s plans for mitigating the conditions or events that raise substantial doubt about the entity’s ability to continue as a going concern
  • Include a statement that there is “substantial doubt about the entity’s ability to continue as a going concern within one year from issuance date”
Effective Date ASU 2014-15 becomes effective for periods ending after December 15, 2016.  If you believe your organization is in a situation that will warrant a going concern analysis, we encourage you to become familiar with the guidance.   © Clark Nuber PS, 2016.  All Rights Reserved

Featured Resources