Does Your Organization Have a Written Conflict of Interest Policy?

Any organization that has had to prepare the new Federal Form 990 has seen this question - page 6, Section B, item 12a. Furthermore, if your organization does have a written conflict of interest policy, "are officers, directors or trustees, and key employees required to disclose annually interests that could give rise to conflicts?"
What is a conflict of interest, and why do I need a policy for this?
Back in January 2010 my first blog addressed Board governance, describing a Board member's fiduciary responsibility to protect the assets of the organization it serves, which includes putting the interests of the organization ahead of his or her own personal interests. If a Board member or staff member in a decision making role has a personal interest that conflicts with the interests of the organization it serves, and he or she may be influenced by that personal interest when making a decision for the organization, there is a conflict of interest (Board Source, Managing Conflicts of Interest: A Primer for Nonprofit Boards, 2006). This conflict could potentially prevent the Board member from fulfilling his or her legal and fiduciary responsibilities, and ultimately jeopardize the organization's tax exempt status.
The following are a few simple examples of potential conflicts of interest:
  •  the organization rents office space in a building owned by a board member or related family member;
  • the organization purchases goods or services from a company owned by a board member or related family member;
  • a board member serves on the Board of more than one nonprofit organization, and has to approach the same donors for a substantial contribution on behalf of both organizations;
  • a key staff member or volunteer accepts a gift from a vendor which does business, or seeks to do business, with the organization.
Public confidence is important to most nonprofit organizations. Even the appearance of impropriety could be damaging to the reputation of the nonprofit organization. Creating a written conflict of interest policy based on the needs and circumstances of the organization can help prevent actual conflict of interest situations. A conflict of interest policy should apply to all Board and staff members, as well as certain volunteers. Each member and volunteer should agree in writing to uphold the policy.
Key elements of a written conflict of interest policy include:
1. Full disclosure of the potential conflict (known relationship/interest)
2. Board member abstention from discussion and voting when it pertains to transactions involving the potential conflict (known relationship/interest)
3. Staff member abstention from decision-making when it pertains to transactions involving the potential conflict (known relationship/interest)
A written conflict of interest policy should require full disclosure from each new Board and staff member and each new volunteer at the time he or she first becomes associated or involved with the organization, and then it should be required annually. The policy should also require members and volunteers disclose conflicts that may arise during the year as soon as they are known. Making this an agenda item for each board meeting would help the Board keep abreast of potential conflicts that may arise throughout the year. Once these disclosures are made, they need to be independently reviewed and approved perhaps by the Executive Committee or some other similar Committee of the Board of Directors.
If you have questions about situations in your organization that may appear to be conflicts of interest, or if you want assistance in creating a written conflict of interest policy for your organization, please contact Elko & Associates Ltd. Remember, even the appearance of impropriety could damage the organization's reputation as well as jeopardize the organization's tax exempt status. So address those potential conflicts of interest now!

When it Comes to Fraud Risks, "Cash is King"

By now most of you are familiar with or at least aware of SAS 99, Consideration of Fraud in a Financial Statement Audit, which requires the auditor to gather, assess, and respond to information regarding fraud that could lead to the risk of material misstatement in an organization's financial statements. Subsequently the AICPA issued the set of risk assessment audit standards requiring auditors to obtain a more in-depth understanding of an organization in order to better identify the risks of material misstatements in the financial statements they were auditing, including the risk of fraud. While these standards discuss financial reporting risks and misstatements of an organization's financial statements, there's also a call to address misappropriation of assets, i.e. theft of assets or fraudulent expenditures.

Most times when you read about the occurrence of fraud in a non-profit organization, it’s usually about theft or misappropriation of assets, and it usually involves cash; and these are the ones that make the papers. Most non-profits don't want those outside the organization to know that theft has occurred; it’s just not good PR, particularly if you're a local organization looking for donations from the public or some other donor who wants to know the money is being put to good use (not the bookkeeper’s vacation home). Those in the organization who have incentive, opportunity, and attitude to rationalize their behavior will generally "go for the green" if you let them. So how should this risk be addressed?
Familiar battle cries...."Where was the Board", "Where was management", "Why didn't the auditors catch this", just to name a few. You've heard them before.

Good governance by the Board includes financial oversight - we've addressed this in some of our previous Blogs. If the organization is small and doesn't have the luxury of adequate personnel to provide proper segregation of duties, someone on the Board, preferably someone with knowledge of financial matters, needs to be involved. Things for the Board to consider:

• review and signoff on monthly bank reconciliations and credit card statements

• obtain access to bank account, credit card, and general ledger information for review purposes

• require a second signature on all checks (or at least the larger ones - set a limit)

These or similar practices can be used by management where there's limited personnel and a shortage of controls. If possible, management should perform its own internal fraud risk assessment, focusing on the use of cash and related controls for cash receipts and disbursements. (see “Managing the Business Risk of Fraud: A Practical Guide”.
For us auditors, as we gain a thorough understanding of the organization’s control environment, policies, procedures, systems and controls (as outlined above), we need to then verify that such oversight and preventative measures are, in fact, in place and working. Consider using data extraction software and similar tools to identify certain populations or trends, i.e. payments to “cash”, individuals, similar vendors, as well as common addresses, etc.

A commonly used small business general ledger software package allows the user to “turn off” the audit trail feature, so a check can be generated and the payee subsequently changed in the system. Depending on the general ledger software and the ability to manipulate transactions in the software, consider examining original cancelled checks (or copies received directly from the bank) to ensure the payees and endorsements are consistent with the payee recorded in the general ledger.

Remember, non-profits don’t get bad press because their employees or volunteers steal office supplies and office furniture and equipment. When it comes to fraud risks and the related financial losses, “CASH IS KING”. Make sure this asset is well protected and being put to good use in achieving the organization’s mission.

