This resource discusses and provides examples of possible financial risk that a nonprofit organization may encounter. Nonprofit grantees may find this resource useful in identifying potential risks within their organization. The risks in financial management are any actions that result in the reduction in value or loss of any of the organization's financial assets.
The management and protection of financial resources must be a concern for all nonprofit organizations—from the smallest all-volunteer group to a large, national association. Without adequate financial resources, an organization is unable to achieve its mission and may not survive. Financial resources or assets fall into three categories—money, goods, and services. Money consists of cash, checking and savings accounts, securities and other investments. Goods involve merchandise or stock, supplies, and equipment. Services are the programs and activities the organization offers to its clients. Accountants classify goods and services as resources because they have a value or may be used to create value or revenues.
The risks in financial management are any actions that contribute to the reduction in value or loss of any of the organization's financial assets. The decrease can be from the actions of an internal source such as an employee or volunteer, or someone outside of the organization can perpetrate the loss—a burglar, "con man," or client defrauding the organization. Every organization should be aware of the possibility of a financial loss and take the appropriate protective actions.
A financial loss can have a tremendous impact on a nonprofit. The loss of money can create a cash flow crunch and force the organization to reduce its spending. The actions may include eliminating staff or reducing the hours worked plus adjusting the services offered to clients. Besides reduced services, the nonprofit may experience negative publicity about the incident. The bad press can lead to a decrease in donations and the willingness of volunteers to work with the organization. Lastly, a financial loss can affect the reputations of the people involved. Often, the board dismisses an executive director if a large theft occurs on his or her "watch." Members of the board are questioned by family, friends, associates, and others about the details of the incident and how could it happen to that organization. All of these factors make it imperative for every nonprofit organization to have the proper financial controls in place.
Categories of Risk
Fraud, the intentional pervasion of the truth in order to induce another to part with something of value or to surrender a legal right, is the umbrella term for most financial losses. Fraud is the most common crime perpetrated against nonprofits. Theft is a generic term for the fraudulent taking of property. In insurance terms, theft means any act of stealing. Types of theft include:
- Burglary – breaking and entering into a building for the purpose of committing a crime.
- Swindling – convincing someone to give or entrust property to you using deceit or false pretenses
- Forgery – the unauthorized making or altering of a writing so that it looks to be lawfully authorized
- Embezzlement – taking property lawfully entrusted to you and converting it to your own use.
Someone inside or outside the organization can commit a fraud or theft of organizational assets or resources. An employee can embezzle funds, steal office supplies or merchandise, pad their expense accounts or create a fictitious company and bill the organization for services never rendered. An outsider can sell bogus merchandise, overcharge the organization for materials or services, or entice the organization to make bad investments. Imagination is the only limit to the ways to defraud an organization. Unfortunately, for every control or security system the organization implements, there is always someone smart enough to breach it. Catching wrongdoing before it translates to sizable losses is key. Therefore, in addition to establishing internal controls, nonprofits must be ever vigilant in monitoring its programs.
The size and types of investments will vary with each organization. For the smaller organizations, investments might be cash on hand while large hospitals, colleges and universities may have sizable endowment funds. Regardless of the size of the investment funds, every nonprofit needs to control and monitor its investments. Many organizations lost money in the savings and loan crisis when banks and lending institutions closed. Another danger is that the organization may make poor investment decisions such as the purchase of junk bonds by Orange County, California that resulted in its bankruptcy.
The New Era scandal is another example of a bad investment decision. Another potential financial risk for an organization is investing in "politically incorrect" companies. If the nonprofit purchased stocks or bonds in a company that subsequently comes under public and media scrutiny, it may experience adverse publicity or a significant decrease in the value of the investment. Every board should establish an investment policy that will guide the nonprofit in its investment and financial decisions. Even an organization operating on a cash current basis should have a policy.
Misuse of Funds
All nonprofits exist for a specific purpose with a defined mission. The board is responsible for ensuring that the organization stays focused on its mission. An excellent way to monitor an organization's progress is through its use of funds. Many nonprofits receive gifts or funding with restrictions or limitations on its use. The improper use of these funds can cause the funder to withdraw the money, require repayment of the expended funds, and refuse to provide future funding.
A similar risk is the use of funds for purposes other than serving the organization's mission. Funds inappropriately expended can lead to the loss of the organization's tax-exempt status or other legal actions. As pressures continue to mount for nonprofits to meet social needs, it is often easy to lose sight of the organization's mission.
Although most nonprofits are "tax-exempt," the government still requires them to pay many taxes. An organization must pay the appropriate employment taxes such as Social Security, FICA, and state and federal income taxes. Failure to pay these taxes will lead to large fines.
A nonprofit may also be responsible for charging and remitting sales tax on items sold. Also, unrelated business income is becoming a significant concern as nonprofits seek creative ways to raise funds. Every nonprofit is responsible for knowing and paying its tax liabilities.
The IRS's approval of tax-exempt status is not a right but a privilege that it can easily revoke. One possible challenge to the status is that the organization is not meeting the charitable purpose guideline. If the nonprofit uses its funds for reasons not related to its charitable purpose, it can lose its tax-exempt status.
Private inurement is another cause for losing the exemption. In one case, the IRS revoked the tax-exempt status for a child care center. The board, whose members were parents of the children in the center, set a fee structure substantially below market rates. The board made up the short-fall with tax-deductible "contributions." The IRS ruled that it was unlawful private inurement, revoked its exemption and is investigating prior years.
Nonprofits have restrictions on the types of "political" activities they can undertake. The IRS guidelines bar any direct or indirect political activity. Lobbying is another area with restrictions. An organization may, however:
- Communicate with its legislators as a constituent
- Petition the government
- Respond to governmental inquiries and testify before legislative and administrative bodies
- Offer nonpartisan analysis of an issue to educate the public
- A nonprofit cannot devote a "substantial part" of its activities to lobbying
The financial risks for fundraising are two-fold and extend beyond the theft of the money raised. First, an organization must protect itself from unscrupulous fundraising. Many organizations have discovered fictitious groups raising funds on their behalf. However, the organization never receives any of the money. An organization may also suffer losses stemming from injuries at a fundraising event staged by the fictitious group. Every nonprofit must guard against improper use of its name and logo, especially in regard to fundraising. The organization should respond quickly whenever it discovers someone using its name and logo without authorization.
The second issue concerns the selection and use of sponsors and cause-related marketing partners. An organization may spend hours and many dollars to negotiate a sponsorship arrangement only to later discover a flaw with the new partner. Although it did not involve a nonprofit, the Kathie Lee Gifford controversy regarding the use of child labor had a negative impact on sales. Imagine if your organization had been a partner in that deal. The potential damage to an organization's reputation and goodwill could have a lasting impact. A nonprofit need to evaluate carefully its sponsors and partners to avoid a press relations incident and other losses.
When discussing financial risks, most of the attention focuses on the loss of money or funds. However, all nonprofits have physical assets at risk. Every organization owns office furniture and other fixtures and equipment used to meet its mission that is subject to loss. A fire or flood can damage or destroy the office contents. Also, an employee, volunteer, computer hacker, or other person wanting to harm the organization can steal or damage its assets. In addition, some nonprofits may have warehouses of supplies whether it is a food bank, soup kitchen, sports organization, or mentoring program. The loss of the supplies could have a devastating effect on the organization's mission.
The best protection is systems and procedures that limit the access to these assets. Computers contain not only a wealth of information but also confidential data. Control and limit access to the people with the "need to know." Also, protect the organization's supplies and merchandise. Although every employee "borrows" a pen or pad of paper, what about the merchandise (sweatshirts, briefcases, coffee mugs, books) that the organization sells to raise money? Many organizations lose money on merchandise sales due to the lack of inventory and access controls.
Risk Management Techniques
One key to controlling financial management risks is the development and use of effective internal controls. Every nonprofit needs policies and procedures to control the access and use of its financial resources. The techniques involve general management controls and accounting controls.
General Management Controls
General management controls consist of the board's and senior management's responsibilities for establishing the proper oversight of financial operations. The board should require clear and informative financial reports and statements on a regular basis. The organization, if possible, should use a certified public accountant and have an outside independent audit. If it cannot afford an audit, it should at least have an outside party review its financial reports and accounting records. A word of caution, an audit is not designed to detect fraud. An audit's purpose is to affirm the organization's financial records and position.
The board should establish the appropriate financial polices such as investment and loan policies. Senior management and the board also must ensure that the proper financial and accounting procedures are in place. Lastly, the board and senior management should set the organization's priorities and goals, keeping the nonprofit focused on achieving its mission.
Accounting controls are the procedure used to safeguard the nonprofit’s assets. Proper accounting controls also provide reliable and accurate financial records. Both of these goals enable the board and senior management to monitor the organization's financial operations.
The creation of adequate accounting controls should focus on four areas—authority and approval, proper documentation, physical security, and early detection. Authority and approval procedures require the identification of who has the authority to perform and approve certain transactions, such as approving invoices, expense accounts, signing checks, and dispensing supplies. Proper documentation is a part of the approval and authority process, in that every financial transaction should leave a "paper trail." Physical security addresses limiting access to various physical assets (accounting records, personnel files, merchandise, supplies, and other equipment).
Organizations often ignore the early signs of wrongdoing. If the proper controls are in place, the systems should alert someone to possible fraud. Unfortunately, people tend to ignore the early warning signs and let the deceit continue. Everyone must follow the established procedures for the controls to work. Any deviation from the system will enable someone to defraud the organization successfully. Good risk management may prevent a financial loss or catch the culprit early in the process, thereby minimizing the loss.
SOURCE: Alliance for Nonprofit Management. 2008. English.
Last Updated: June 11, 2018