Thursday, September 18, 2014

National Philanthropy Day Sponsors Enable Community Celebration of Philanthrop


The 2014 National Philanthropy Day (NPD) Luncheon is on Thursday, November 13.  The Association of Fundraising Professionals (AFP) proudly holds this annual event to recognize outstanding community members who inspire change in our community through generously supporting area nonprofit organizations.   Registration is now open and will be solely online this year.

We look forward to introducing you to this year’s award winners at NPD:   Philanthropists of the Year – Barbara and Larry Kellar;  Volunteer of the Year – H. Richard Duval;  and Outstanding Youth in Philanthropy – Magnified Giving Student Philanthropy Program.

Additionally, NPD gives all nonprofits a unique opportunity to thank their own Nonprofit Champions -  benefactors and volunteers who impact their organizations.   When registering to attend NPD, indicate which of your guests are Nonprofit Champions.  They will be listed in the NPD program and AFP will provide certificates of recognition for them, which will be available for pick-up at NPD.    Keynote Speaker, Erin Gruwell’s book, can be pre-ordered as thank you gifts for your Champions, and nonprofits are encouraged to bring their own tokens of appreciation to present at NPD.
National Philanthropy Day is possible due only to our generous sponsors.   NPD sponsorship supports our entire nonprofit community by providing AFP with funding to hold educational programs and networking events to benefit development professionals, nonprofit executive directors and board members, and others who attend our sessions.  Sponsorship also allows all of us to come together – business, philanthropists, nonprofits and volunteers – at NPD to celebrate our community’s strong philanthropic spirit. 

On behalf of nonprofits in Greater Cincinnati, AFP extends sincere thanks to the following sponsors for making NPD possible:   Presenting Sponsor – Fifth Third Bank Foundation; Platinum Sponsors: Photonics Graphics, Plan-It Now, Prestige AV & Creative Services;  Gold Sponsors – Duke Energy Convention Center, and the University of Cincinnati; Media Sponsor – Cincinnati Business Courier; Silver Sponsors – Giveunity, Johnson Grossnickle & Associates, Greater Cincinnati Foundation, United Way of Greater Cincinnati; Bronze Sponsors – The Christ Hospital Foundation, Cincinnati Children’s Hospital Medical Center, Clovernook Center for the Blind, Graff Designs, MOBA Interactive, Inc. , Premier Mailing, Life Enriching Communities, March of Dimes,  Bethesda Foundation, and Streets of Manhattan; and Patron Sponsors – Arts Wave, Boys and Girls Clubs, Carol Ann & Ralph V. Haile Jr./US Bank Foundation, Catholic Inner-city Schools Education Fund (CISE),  Chanticleer Consulting, Clever Crazes for Kids, The Children’s Home of Cincinnati , Cincinnati Ballet,  Cincinnati Country Day School, Cincinnati Nature Center, Cincinnati Playhouse in the Park, Cincinnati Preservation Association, Cincinnati Youth Collaborative,  Crayons to Computers, Roman Catholic Diocese of Covington, Ronald McDonald House, St. Xavier High School, Shriners Hospitals for Children, and Talbert House.

We hope to see you on November 13 at NPD to recognize our community award winners and your Nonprofit Champions. For more information including sponsorships and registration, please visit www.afpnet.org/AFPCincyNPD. 

Tuesday, September 16, 2014

How to protect your nonprofit organization from fraud


By Jim Simpson, president, Financial Technologies & Management (FTM)

Four years ago when officials from a local cultural and arts volunteer organization discovered that more than $380,000 had been embezzled from its account, it was shocked. Over a nine-month period, an officer supported his gambling addiction with money from the organization’s bank account.

But according to a 2014 Association of Certified Fraud Examiners study, that is not all that unusual. In fact last year, The Washington Post analyzed nonprofits’ 990 filings from 2008 to 2012 and found more than 1,000 nonprofit organizations had checked the box indicating they had discovered diversion of assets due to theft, investment fraud or embezzlement.  

The Association of Certified Fraud Examiners (ACFE) reported the average loss is $108,000. But along with the loss of funds there is an even greater potential cost  -- damage to an organization’s reputation. 

External audits are of little help. According to the ACFE, they detect just over 3 percent of the fraud cases.  Instead, 42 percent of cases are discovered as a result of tips from employees, customers, vendors or anonymous whistleblowers.  Other top methods are management reviews (16 percent) and internal audits (14 percent). Seven percent of cases are uncovered simply by accident.

Relying on tips and happenstance to discover more than half of existing fraud cases is not good business practice. Despite having limited time and resources that make nonprofits vulnerable to fraud either internally or externally, organizations must be able to discover more cases on their own. 

Nonprofits typically have many checks and cash from numerous sources making them vulnerable to skimming and cash larceny schemes. Billing schemes are most common, and typically involve billing an organization for personal items or excessively marking up goods or services.

One step that all nonprofits should take is to develop anti-fraud controls that help decrease the cost and duration of fraud schemes.

Some anti-fraud controls include:
  • Create an independent board committee to provide management independence and professional skepticism.
  • Develop a process to report suspicious behavior.
  • Document when compliance at all levels occurs and when it does not.
  • Develop a response plan when fraud does occur.

Keep in mind that the tone from the top is important to promote an ethical environment throughout the organization to encourage self-policing.

But most importantly, nonprofit organizations need to make sure they don’t ignore fraud issues because they aren’t prepared to deal with them openly and honestly.


Nonprofits are typically most vulnerable to the following types of fraud schemes: billing, check tampering, expense reimbursements, skimming, corruption and cash larceny.
  • Skimming is when an employee accepts payment but does not record the revenue and steals the money.
  • Cash larceny is when an employee steals cash and checks from daily receipts before they are deposited in the bank. 
  • In billing schemes, a person may set up a fake entity that bills for goods or services that the organization did not receive. Sometimes, the goods or services may be received but are marked up excessively with proceeds diverted. Another common billing scheme is to charge personal items to the organization. 
  • Expense reimbursement schemes generate fraudulent disbursements. The four most common types of expense reimbursement schemes are mischaracterized expenses, overstated expenses, fictitious expenses and multiple reimbursements. 
  • Check tampering is when a person physically prepares a fraudulent check. 
  • Corruption is the wrongful use of influence including bribery, kickbacks, illegal gratuities, economic extortion and collusion.


Jim Simpson, CPA and president of Financial Technologies and Management, is a financial leader and trainer, CFO advisor, and forensic accountant to nonprofit organizations since 1999, serving over 350 nonprofit clients. He has worked as a financial advisor for over 20 years.

Tuesday, September 9, 2014

Security is more than locking the door


This is the second article in a series. For the first article, click here.  
 
By Dave Voris, Horizon Bank
Data Breach Investigations Report (DBIR) DBIR found that 96 percent of record breaches involved credit card numbers/data.

Nonprofits can attain a reasonable level of security against the potential risk of a breach.

In 2006 to combat these breaches, the major credit card companies launched a security standards council to manage the evolution of security standards and requirements. For more information about the standards and materials available, click here.

The credit card association has defined four levels based on volume and provides assessment tools -- a questionnaire and vulnerability scanning -- to determine potential exposure to a breach.

Level 1: Any nonprofit regardless of how credit cards are accepted that processes more than 6 million Visa credit card transactions annually is required to:
  • conduct an annual on-site security audit.
  • conduct a quarterly network scan.
  • conduct an independent security assessor validation.
Level 2: Any nonprofit processing 1 million to 6 million Visa or MasterCard transactions annually is required to:
  • For Visa: complete an annual PCI self-assessment questionnaire and quarterly network scan
  • For MasterCard: complete an annual PCI self-assessment questionnaire and quarterly network scan validated by the nonprofit or a qualified independent scan vendor
Level 3: 1 million Visa or MasterCard e-commerce transactions annually is required to:
  • complete annual PCI self-assessment questionnaire and quarterly network scan of the database validated by the nonprofit or a qualified independent scan vendor
Level 4: Any nonprofit with less than 20,000 Visa or MasterCard e-commerce transactions annually and ALL other nonprofits processing up to 1 million Visa or MasterCard transactions per year are required to:
  • complete annual PCI self-assessment questionnaire and quarterly network scan validated by the merchant or a qualified independent scan vendor.

The end of the business day used to be simpler. Merchants would protect their stores and inventory against theft by simply locking the door. And while bolting the door was a safeguard, these same storeowners were well aware that thieves might still find a way to enter and steal valuable inventory. 

Today inventory is not the only consideration -- protecting consumers’ personal data from theft is equally important. As breaches at Target, P.F. Chang’s and, most recently at Home Depot, rattled shoppers’ confidence in the care of their personal data, nonprofits must be concerned about the storage and protection of valuable credit card information.

But what protection services exist for nonprofits and what is mandated by law?

Today the payment card industry (PCI) offers its Data Security Standard v2.0, which includes a password policy framework. Those issuing credit cards require all merchants – including nonprofits -- to protect not only the card data that may be stored on an organization’s computers, but also donors’ personal identify information. That information is worth millions and millions of dollars for thieves on the black market, and the modern day data criminal is very smart, tech savvy. 

For nonprofits, the task is to secure the data and avert the risk of theft. While computers and web connections have given us dramatic advances in productivity and communication, they have also made it necessary for organizations to change the way they protect their assets. 
While storing credit card data might make future tasks easier, it is also risky.   Organizations often prefer to keep credit card information on file to issue refunds, to process additional transactions, to settle outstanding balances, as a convenience to regular donors and to process recurring payments.  

What organizations fail to consider is the potential effects of a data breach, which can result in brand damage, loss of client trust, unplanned costs to upgrade and maintain computer systems, fines from regulatory entities, legal costs and business disruption while attending to the breach.
So what does a nonprofit do about this mess? The PCI offers some help (See accompanying box). It has set up a list of standards that companies and nonprofits must comply with depending on the amount of business they do. 


But ultimately, it is up to companies and nonprofits themselves to instill their own internal safeguards. Industry specialists recommend that organizations use a multi-layered approach for security against physical intrusion or computer intrusion.
Internal policies and controls
  • Establish a security policy and train employees to follow the policy.
  • Develop a system for investigating irregularities. Consider creating a security SWAT team that includes management, IT and accounting staff.
  • Create a response plan for donors who believe his/her credit card information was stolen after making a contribution. Include process for talking with the credit card company and banks and logging conversations.

Technical internal controls
  • Monitor access: change default logins for newly installed systems, ensure that each computer user has a unique login ID and password, and review user information to ensure all current users are valid employees or volunteers.
  • Secure network: install and maintain a firewall configuration to protect their systems, then use and regularly update anti-virus software. 
  • Secure personal information: TRUST3 is an independent, nonprofit organization that enables trues-based privacy for personal information on the Internet. TRUSTe or another privacy provider can help ensure that website privacy and email policies provide protection to donors, members, volunteers and employees.
  • Protect transactions: identify and install an encryption technology to protect online transactions.

At the end of the day, it’s important to remember to be safe, or to weakly paraphrase former President Clinton’s one-liner,  “It’s about security, stupid.”


Dave Voris is a vice president for Horizon Bank in Indianapolis. As a senior treasury management officer, he works closely with both middle market and small business companies from a wide variety of industries.

Tuesday, September 2, 2014

Best practices in the digital age


By Chris Mennel, audit manager, Alerding CPA Advisory Group

How prepared are you to prevent fraud or financial misstatements in the digital age? Technological advances have forced everyone to continually reassess their internal controls. 

Technology has improved efficiency and expedited basic transactions like paying by check and depositing cash and checks.  On the downside, these improvements have created opportunities for fraud. 

Because technology is constantly changing, your control environment must be continually reassessed. Here are a few technological changes that have had an impact on a variety of cash-related transactions and should be closely overseen to minimize opportunities for fraud.

Credit cards

Credit card use for businesses and nonprofit organizations has dramatically increased in the past five years.  Employees are being encouraged to use their company credit cards for all business expenses, not just for travel.  Whether it is for increased rewards points or for ease of use, this method of payment is very popular.  The downside is that all cardholders essentially become authorized signers.  This may sound fine, but in our experience, organizations are more lenient as to who may carry a company credit card or have access to the “office card” compared with those they allow to be authorized check signers.  Instead of having a few authorized check signers, the organization now has multiple people who can make purchases with company credit cards.

If this is the case in your organization, consider limiting the number of cards in use or implement detailed review procedures on all monthly statements.

And finally, require receipts!  Not only will they be necessary for a sales tax audit, but credit cards are one of the most common sources of fraud.  Don’t make yourself an easy target.

Electronic funds transfers (EFTs)

Electronic funds transfers aren’t as prevalent as credit cards, however, like credit cards, companies and nonprofit organizations are utilizing EFTs much more frequently.  Some companies, especially larger ones, are even requiring vendors to accept payments by EFT.  Again, this type of payment method can be convenient and beneficial to organizations, but it increases their vulnerability to new risks.

The first step in managing this risk is to know your bank’s processes and requirements for sending funds by EFT.  Do they only allow authorized signers to initiate an EFT?  Can anyone else gain access to this information over the phone? 

Once you fully understand the banking side, then you can properly design controls in your organization to prevent any unintended access.  When it comes time to make the payment, every EFT request should be documented and approved.  Since there isn’t a written document (like a check), creating a form for the requestor and the approver to sign would be beneficial.  All invoices and receipts can then be attached to the form and filed by the vendor.

Remote check scanning

Remote check scanners popped up a few years ago and have become quite popular. Not only do they prevent employees from having to leave the office to make daily deposits, they also allow funds to be deposited faster so that they can be available for use earlier. 

As is the case with most banking transactions, the details of remote check scanners vary from bank to bank.  Some provide copies of the scanned check images while others do not.  Maintaining check copies is always a good idea, so whether you plan to save the hard copies of the checks or you prefer electronic images, it’s important to have a plan in place before you start using your remote scanner.  In addition, access to the scanner remains important.  While it seems the risk is minimal since someone wouldn’t voluntarily deposit extra funds into your account, limiting access to the scanner ensures you have knowledge of who is initiating all transactions should a questionable transaction arise.

Mobile card readers

Finally, credit card readers that attach to a mobile phone are the latest method of receiving payments (think of a vendor with a booth at a farmer’s market that couldn’t accept credit cards until now).  These devices aren’t overly common among companies with more than a few employees, but are likely to become more popular in the future.  As they do, companies will want to monitor access and ensure proper controls are in place before they jump on board.

As long as organizations have someone opening the mail, making deposits and paying bills, they will be vulnerable to fraud. New technologies provide many conveniences, but they also create new risks the we must continually adopt new systems of control.  Make sure you are prepared by creating a control environment that will deter fraud and ensure the long-term health of your business or organization.  


Christopher J. Mennel, CPA

Chris oversees audit and accounting services, not-for-profit and consulting services. Since joining Alerding CPA Group in 2006, Chris’ clientele has grown to include several of the firm’s larger for-profit clients, as well as approximately 20 nonprofits located throughout Central Indiana.
If you have questions or would like to discuss ways to further protect yourself and your business, contact Chris Mennel, 317-569-4181 ext. 260 or cmennel@alerdingcpagroup.com.

Finding a niche: reshaping the idea of disability


By Lindsey Hill, marketing manager, Tangram



Listen to Scott McGuire, a UIndy student, talk about the differences his life coach has made. Diagnosed with severe dyslexia, this spring he completed his junior year, passing all his classes. During the summer, he worked on campus and made connections for his senior social work practicum. Scott and his life coach, Megan Lauman, continue to work on organizational skills, time management and setting priorities. Together, they have developed a plan and work in tandem with UIndy’s Baccalaureate for University of Indianapolis Learning Disabled (BUILD), program and the school’s tutors to attain his academic goals.
The problem

Four years ago, nearly 2.8 million of 53.9 million school-aged children were reported to have a disability. What this U.S. Census Bureau statistic did not include were students who had learning differences or “undiagnosed” disabilities.

While some of these young people try college or enter the workforce, many are unsuccessful.  Just a quarter of students who received help for their disabilities in high school acknowledge in college that they need the same assistance, according to the National Center for Learning Disabilities. And while 94 percent of high school students with learning disabilities get some kind of help, just 17 percent of learning-disabled college students do and are more likely to drop out.

One nonprofit’s solution

While some community organizations serve this population, Tangram, a local nonprofit, also took on this challenge. With nearly 30 years of experience serving individuals with disabilities, four years ago, it created Tangram Life Coaching to help young adults with hidden or undiagnosed disabilities become independent. Specifically, they work with families/support teams, incorporate clinical oversight and pair students with life coaches.

Last fall, Tangram recognized this need to provide services to schools concerned about graduation rates for this underserved population. It secured a grant from Nina Mason Pulliam Charitable Trust to design and implement a pilot program that would improve graduation rates by intensifying services to complement and enhance the existing supports available to students. As part of the project, they would also develop tools that can be useful to other nonprofits that serve these students.

The grant provided services for 10 students, who were juniors and seniors at Midwest Academy High School in Carmel and University of Indianapolis. Five students from each school were assigned a life coach who could provide continuity and meet individual student’s needs.

As part of the project, Tangram developed Workforce Accelerator, a database to match students and other individuals with disabilities, including veterans with employment possibilities. The tool uses a patent-pending algorithm to match individuals to jobs, leading to more successful placement and better potential for long-term employment.

Before using the database, however, students completed the Wisconsin Quality of Life Index (W-QLI) Assessment to evaluate quality of life. Armed with these results, together they developed a personalized Quality of Life Plan (QLP) to shape personal goals.

During the past semester, students met weekly with their life coaches to work on:

  • Finding a tool to keep them organized and then putting it to use daily.
  • Evaluating service eligibility, like vocational rehabilitation, student loan services, and then applying for appropriate services.
  • Working to find and secure employment by practicing job searches and job procurement skills, assembling a portfolio, and using social media if applicable to job searches.
  • Completing a career inventory to identify potential career paths and/or identify potential areas of study to further education.
  • Working with a life coach to widen professional and social networks.
  • Identifying and getting involved with interest groups.


Application to nonprofits

Tangram believes this program can be replicated at other schools and nonprofits to improve graduation rates and post-graduation success for these undiagnosed students.

Nonprofits and schools interested in exploring Tangram Life Coaching opportunities for their students should e-mail coaches@tangramlifecoaching.org or call the information line at (317) 968-9035. You can also visit www.tangramlifecoaching.org for more information.



After Lindsey Hill graduated from Butler University in 2010 with a B.A. in English Literature, she put her talents to work for the organization, spreading the word about Tangram’s innovative solutions to barriers faced by those with disabilities.
 

Tuesday, August 26, 2014

Are new “EZ” charities second class?




By now you’ve likely heard of the new IRS Form 1023-EZ, a streamlined Application for Recognition of Tax Exemption that greatly reduces entry barriers for new, small charities. There are some potential benefits. There are some serious potential drawbacks.
The benefits are fairly obvious.
·       The application fee is only $400, instead of $850. The total form is only 2½ pages, rather than 12 pages with eight schedules and scores of pages of attachments.
·       The time necessary to complete the new EZ application is less than 10 percent of the time necessary to complete the regular application. Less time is spent on administrative and managerial tasks.
·       The organization still gets an IRS “determination letter” and in about three weeks instead of 12 to18 months.
·       The organization may receive tax-deductible contributions.

This is the good news.
But what are the drawbacks? They are more serious than you might imagine.
Some drawbacks are obvious. With the new simple form, nonprofits now may fail to think through business planning, program development or board development. Most charities that complete the full Form 1023 receive substantial guidance from an accountant, lawyer or other professional. As part of the startup process, these professionals usually advise on the overall regulations and wise business practices.
The major issue lurking is that highly respected attorneys in the field are advising private foundations and, by extension, other major funders and grantmakers NOT to respect or honor the EZ “determination letter.”
Private foundations are responsible for how their money is used, even after it leaves their possession, which is why their grant application process can be so cumbersome. Without the built-in safeguards of the “long form,” private foundations would want to complete an extensive, expenditure-responsibility-like, in-depth review of all activities of a grant applicant. This would be cost-prohibitive and fraught with risk, risk that was once borne by the IRS. Most private foundations cannot afford this kind of responsibility.
This effectively creates a “second class” of charities, those who took the “EZ” route, and those who took the time and energy to complete a full Form 1023.
The kicker? Once a charity takes the “EZ” route, they cannot undo it. They cannot go back and reapply with the full Form 1023. They may forever be second class.
Charities and donors should seek competent counsel when determining whether a novel process is as good as it seems. Most often, if it seems too good to be true, it probably is. 
Attorney Zac Kester provides generalist and strategic nonprofit legal and consulting services. He holds a Master of Law, a post-law school advanced degree, in which he studied the unique needs of tax-exempt nonprofit organizations. His legal and consulting career has focused on nonprofit organizations.