Mark Koscinski fraud

Fraud and the Smaller NFP

The Association of Certified Fraud Examiners (ACFE) reported the median loss for any single fraud in a not-for-profit organization (NFP) was approximately $100,000 in 2016. This amount was less than the median losses from  frauds committed in governmental entities ( $109,000), public companies ($178,000) and public companies ($180,000) during the same time period.  Sadly, NFP fraud constituted approximately 20% of all the reported cases. Putting the median loss number in perspective, a $100,000 loss would have been devastating to the NFP I served as board chair.  On top of this, the $100,000 loss was the median loss, meaning one-half of the losses were larger than $100,000 so the pain could even be more acute. Why are the median losses in the NFP sector smaller than in other organizations?  My guess is that there is simply less cash available for conversion in the NFP than in the other entities, but more research will be needed to support my supposition. The ACFE also reports the average fraud in an NFP organization will last two years as opposed to eighteen months in public companies. 

That is not all the bad news though.  In a recent report, ACFE expects the amount of fraud will increase after the pandemic.  Many small NFP entities are chronically short staffed so there is often a lack of segregation of duties, a key element of internal control. This is compounded by the pandemic as skilled labor is often in short supply. One executive director I worked with joked she would need to sweep up on the way home because the NFP couldn’t afford janitorial services. Being underfunded as most small NFP organizations are also means a lack of software that supports good internal controls as well.  

Is the situation hopeless then?  No.  There are some cost effective compensating controls the ACFE has found to be effective and they are relatively cost efficient as well.  Here are a few suggestions:

  • Management review of the financial data and performance indicators.  An involved upper management regularly reviewing financial information and  performance indicators is often an effective fraud deterrent.  No one knows the company better than the senior management.  Getting in the habit of reviewing operating data on a regular basis is one cost effective way to combat fraud.
  • Fraud training for managers and executives.  Training courses are relatively inexpensive, especially compared to the pain an organization will feel from a major fraud. Training heightens  management and employees’ awareness of fraud possibilities.  
  • Fraud assessments. These can be undertaken annually as a joint venture among board members, management, and the external auditors.  Knowing the weaknesses in internal controls can often focus management’s attention on them and lead to future mitigation. 
  • Employee assistance programs (EAPs).  Many of you are familiar with the fraud triangle. This relatively simple theoretical construct says fraud is most likely to occur when there is pressure (financial, psychological, etc.) on an employee, the opportunity for the employee to commit fraud (due to a lack of internal control) and rationalization of the action by the employee (“I don’t get paid enough for what I do!”). Organizations can deter fraud by addressing any and all of these root causes. Fraudsters often succumb to psychological pressure because they feel isolated and believe they have to deal with their personal problems themselves. They may be overwhelmed by the situations they find themselve in. An EAP gives employees an opportunity to get counseling help on an anonymous basis.  Many benefit plans contain an EAP feature. It is cheap compared to a fraud loss. 
  • An anti-fraud policy and a code of conduct.  The existence of these documents and their annual review also deters fraud.  They should contain a clear policy about who whistleblowers should speak to when they suspect fraud and an anti-retaliation policy against whistleblowers. Anonymous tips are still one of the most significant ways frauds are uncovered. Employees and clients should not be afraid of retaliation from making a legitimate whistleblower complaint. 

These suggestions are not in and of themselves sufficient as a system of internal controls. General, application, processing  and reconciliation internal controls should be used wherever possible. This list is just a few recommendations for compensating internal controls when the organization lacks the time, talent, and treasure to implement a more functional, effective system of internal controls. 

Mark Koscinski Uncategorized

The Colonial Pipeline Cyberattack

The cyberattack on May 7, 2021 shutting down the Colonial Pipeline caused gas shortages throughout the Southeastern United States This ransomware attack is a stark reminder of how important technology is in the modern world.  In the most recent semester that just ended I spent a considerable amount of time with my students studying critical new  technologies such as  Blockchain, the Cloud, VR/AR, AI,  and RPA.  These and  other new technologies will permanently impact how  organizations operate.  

It is also a reminder  cyberattacks against NFP organizations and governmental entities have continued unabated.  At the same time the pipeline cyberattack was occurring, the District of Columbia police department systems were hacked.  The hackers began releasing the personal information from 22 police officers.  Obviously, this can be a life threatening situation for these officers.   

NFP organizations that ignore the new technological reality and the “New Normal” risk failure in carrying out their vision and their mission.  At the same time, organizations must ensure cybersecurity is still a major concern.  It is inconceivable an NFP can operate in the modern world without adequate technology. Yet, many ignore the risk of cyberattack.  Perhaps they believe they are too small or inconsequential to be of interest to a hacker.  That is a dangerous assumption.  A client of mine, a small church, suffered a devastating cyberattack.  

 At the end of the day, technology can be a great boon for the efficiency of an organization’s operations.  With increased return though, there is often increased risk.  One of management’s core functions is to manage and balance risk and return. Cyberattacks are a risk to the mission critical new technology.  A management that ignores this risk is simply not doing its job. 

Mark Koscinski Uncategorized

On the Horizon

As summer approaches, it is time to take a look and see if any large issues are on the horizon for NFP organizations.  Of course, the biggest one will be how to cope with reopening after the COVID pandemic.  Many NFPs have been financially weakened by the enforced shutdowns and social distancing.  Finding employees and volunteers may prove to be difficult in the “New Normal”.  The final accounting for the Payroll Protection Plan (PPP) loans will also be looming on the horizon.  Nevertheless, as NFPs fight for their survival in the post pandemic era, there are some other interesting developments on the horizon management may wish to keep an eye on. .  

The first is the United States Supreme Court has recently heard oral arguments in a major NFP case, Americans for Prosperity Foundation v. Rodriquez.  The State of California requires NFP organizations to disclose major donors.  The petitioner is backed by a large donor to the Republican Party  causes and opposed the Constitutionality of the California law, claiming it is a restriction on the freedom of association and could put a chilling effect on donors to potentially unpopular causes.  California has responded by claiming the collection of this information is one way to combat fraud.  What makes this case so interesting is not only its implications for NFPs but the unusual alignment of groups for or against this particular law.  For instance, the ACLU has come out in support of the petitioner, a group largely composed of Republicans. It is difficult to predict how the Court will rule on this case and a decision is expected by June, 2020. 

All NFP development personnel need to keep an eye on the Biden Administration tax proposals.  The proposed increase in the capital gains rate for wealthy Americans as well as the proposed change in the inheritance tax law (elimination in the stepped-up basis)  would make gifts of appreciated property significantly more attractive to potential donors.  There are  a lot of things that can change between now and Congress adopting the new taxes and there is no certainty the proposed changes will even be adopted given the slim Democrat majorities in both houses of Congress.  Nevertheless, the effective dates of any new tax legislation will probably be January 1, 2022. Therefore, NFPs have to be ready to discuss these possibilities this year in order to generate additional donations. Wealthier individuals will need to do tax planning this year to minimize future taxes. NFPs will have to get up to speed very quickly in order to take advantage of this fundraising opportunity. 

The third development is the pending divorce of Bill and Melinda Gates. While I have been critical of his business practices, I have also applauded his charitable work. It is truly sad that anyone would get divorced, but we are all happy to hear the soon to be former couple will still cooperate and continue to run their foundation. It has done a lot of good for a lot of people. I wish them good luck in their personal lives.

Mark Koscinski Uncategorized

Use Them or Lose Them!

We all know the airline industry has suffered horribly during this pandemic. Only a fraction of the airline fleet is being used, and I can’t even guess at what capacity. It should come as no surprise though many frequent flier points are lapsing. One way you can help your favorite Not-For-Profit organizations is to donate your expiring points to them. I am told this will update your usage record and roll the points forward. If this is correct, it is a win-win for both the NFP and you. Even so, donating points seems like a painless way to help struggling organizations serving the common good. Please consider this as another way to help!

Mark Koscinski Uncategorized

PPP Loan Forgiveness–Part II

The  Small Business Administration(SBA) has just published its PPP loan forgiveness process. Borrowers are required to submit a package to their lenders documenting use of the funds was done in accordance with the terms of the loans.  The lender will have 60 days to make a good faith determination this was so.  Any deficiencies in the application will need to be corrected before the package is submitted to the SBA. Assuming this is done properly, the SBA will then have 90 days to make a determination of forgiveness.  If rejected, there is an appeals process. The SBA has indicated it will review all loans in excess of $2 million for compliance and possibly for eligibility as well.  

In a previous blog I was critical of the Financial Accounting Standards Board requiring organizations to wait until the SBA formally grants forgiveness of the PPP loans before they could be removed from the borrowers’ balance sheet. Let’s look at this situation. There is a high probability the loan packages will be rejected by either the bank or the lender along the way. Corrections will be made, adding more time to the process. (You have all dealt with banks and regulators before, right?)  Optimistically, this could take a minimum of six months.   The borrower could have satisfied all of the requirements for forgiveness except not  hand-in complete paperwork. This simple action, subject to the whims of bankers and regulators, could determine the date the loan is forgiven and not the economic event of compliance. Since the SBA will not begin accepting applications until August 10, PPP liabilities will be on the balance sheet for six months minimum, clouding  readers’ analysis of the financial statements. Does this make sense to anyone?

Let’s look at some of the practical implications of this. I had complained  NFP organizations with a fiscal year-end of June 30 had no chance of having the debt removed from their balance sheet.  Now, NFP organizations with a fiscal year-end of September 30 will also be carrying the debt on their year-end balance sheets. This will probably be the case for December 31 year end organizations as well. 

In the meantime, bankers will need to give very clear instructions about what they will accept as proof of compliance to speed the process along.  Similarly, NFP management should not make the lenders or the SBA work hard to recommend or grant forgiveness.  Take the time to put together an easy to follow package with sufficient detail. Make the package easy to review.  In short, don’t scrimp on the upfront preparation.  It will only slow the process down.  You want this loan off your balance sheet as fast as you can. 

Mark Koscinski Uncategorized

Some Welcome Relief

As if the rugged terrain of managing an NFP entity wasn’t difficult enough, then came along the Coronavirus.  This created turmoil in the NFP world  and in the world in general) and will certainly result in some organizations suffering deep budget cuts or even failing.  The State of New Jersey for instance has announced a new budget deficit as a result of the pandemic that could  reduce its spending across the board.  The Financial Accounting Standards Board, the private body that sets accounting standards for NFP entities, has proposed some welcome relief for NFPs. It is  postponing the implementation of the new lease accounting standard  for private businesses and NFPs until fiscal years beginning after December 15, 2021. In effect, this gives these entities a year’s grace period for implementation. 

Implementing this  accounting  standard would be a burden on many organizations as accounting staffs will be pressured to even maintain and close the books for  these organizations.  Many accountants could not even access source data  for extended periods of time as offices were shuttered across the country. Adding another burden of adopting a new accounting standard  let alone one as complex as this one  would be beyond many organizations’ capabilities.  In the meantime, many NFPs are either granting rent concessions for facilities they lease out or receiving rent concessions for properties they rent.  The NFP financial statements should clearly disclose any material concessions granted and received, as well as the accounting treatment used. 

On another front, the President signed a bipartisan bill expanding uses of the Payroll Protection Plan (PPP) loans.  Previously, 75% of the funding had to be used for payroll purposes in order to have the loan balance forgiven. The new law lowers that threshold  to 60%. This flexibility will also be a welcome relief to many NFPs struggling with utility bills and other operating expenses.  The bill also lengthened the amount of time the funding could be used.  When you couple these two developments with the surprising May 2020 jobs numbers, perhaps there is some more hope on the horizon!  Stay tuned.

Mark Koscinski Uncategorized

Contract Review

As the COVID-19 pandemic continues to wreak havoc with the United States economy, some organizations are beginning to dig in for the long haul. While everyone wishes we could get back to business as soon as possible (and there are some indications this is what will occur), it may be many months before that happens.  Increased expense control is becoming the watchword for many NFP organizations as donations and other sources of revenue dwindle.  In some cases, stringent cost controls will be a matter of survival. Sadly, many employees may be furloughed in upcoming week because of the fallout from current events. 

One area all NFPs should investigate thoroughly is the possibility of business interruption clauses in their contracts.  Lease contracts often provide rent abatement for “Acts of God” preventing the normal operation of the organization or if the landlord closes down the building. Yes, there is a good reason for the landlord to close a building in an epidemic, but it is good for any NFP management to understand what its options are in the circumstances.  Perhaps a negotiated settlement fair to all parties can be reached. Needless to say, rent is often a major expense for any organization and an abatement for the period of the national emergency could be a lifesaver for an NFP. On the other side of the coin, many NFP organizations may also be landlords.  Knowing if your lease contains an “out” clause for tenants could be a nasty surprise, but it is better for management to find out about it now rather than later.

NFP management should also take the time to review other contracts where services are contracted or services are being provided.  These contracts may contain force majeure clauses.  Management will also want to know if there are liquidated damages clauses in these contracts.  A liquidated damages clause will spell out what one party may have to pay the other in case of nonperformance under the terms of the agreement.  Contracts with major vendors and customers should be reviewed because of the material consequences such clauses could have on its future operations.

Finally, NFPs should consider opening up a general ledger account where losses from this crisis can be accumulated.  No one knows how long the current state of affairs will continue or what the federal government will do about losses sustained by NFPs because of it.  If the federal government does provide additional relief, you can bet there will be reporting requirements. It is better to be ahead of the curve and have the information neatly stored in one place and readily accessible. 

More to come as the days go by!