Man Admits to Embezzling $1.1Mil from Atlanta Non-profit

Ralph Clark was the Director of Facilities at the Woodruff Arts Center in Atlanta, GA, comprised of the Atlanta Symphony Orchestra, Alliance Theatre,  High Museum of Art, and Young Audiences. He plead guilty to charges of embezzling over $1.1 million from the organization over approximately 8 years.

A few different schemes were in place. As part of his leadership position, he was allowed to authorize any vendor contracts up to $50,000.  He arranged for kickbacks  from vendors that totaled $168,000. He signed off on $780,000 worth of invoices for services that were not performed by his wife’s cleaning company. He billed $41,000 for services supposedly performed by students and $153,000 for services supposedly performed by himself after hours. It is unlikely much of any of that will get repaid.

According to the Atlanta Journal-Constitution, “some observers in the city questioned [the organization's] management oversight.”

Read more about the case here.

Webcast on Internal Controls for Smaller Entities

MACPA is having a webcast April 2, 2013 from 1-3pm Eastern entitled “Internal Controls for Smaller Entities – Practical Case Studies in Design, Evaluation and Communication”.  Cost is $79 for members and non-members for 2 CPE credits. 

See http://www.macpa.org/public/catalog/coursedetails.aspx?courseID=1317W610 for more details.

Webinar: The Myth of Asset Allocation: Would You Rather Beat the Market or Make Money?

For nonprofits, choosing the right investment strategy is a key factor in determining the future viability of your mission. Join Aronson LLC and American Asset Management Group, Inc. on October 17th for a webinar that will offer a brief overview of the differences between Relative Return and Absolute Return investment philosophies. Topics will include:

• Modern Portfolio Theory (MPT)
• Efficient Market Hypothesis (EMH)
• Capital Asset Pricing Model (CAPM)
• Systematic vs. Non-Systematic Investment Risk
• The Importance of the Investment Policy Statement ( IPS)

John O. Low, Institutional Investor Counsel with American Asset Management Group will share his perspective and help attendees understand the finer points of investment strategy. In addition to his work with AAMG, Mr. Low is passionate about serving the needs of the nonprofit community. He founded the Non-Profit Cooperation Circle – a model for peer to peer networking, education and support for association executives, board members and other nonprofit professionals.

REGISTER HERE

IT Security and Common Weaknesses

In case you missed the webinar Aronson conducted on the topic of IT Security and Common Weaknesses, a recording of the webinar and a pdf of the presentation is available for you to download!

Click HERE for the recording and HERE for the presentation materials.

Be sure to visit and bookmark our events page to see upcoming topics that may be of interest to you!

IT Security and Common Weaknesses

The internet has provided nonprofit organizations with increased fundraising reach and unprecedented access to donors. However, as you continue to adopt technology, greater emphasis must also be placed on reducing the risk associated with it. Intrusion and data loss can jeopardize a nonprofits reputation and brand and raise concerns among donors. Join Aronson LLC on September 18th for a webinar that will introduce you to these important concepts. Guest speaker Jack Heyman of Your Internal Controls will discuss:

• Introduction to IT Security
• IT Security and Common Weaknesses
• Logical Security Weakness, Prevention, Detection and Correction
• PC Security Weakness, Prevention, Detection and Correction
• Internal Controls Testing in Support of Financial Statement Audits

Register today to reserve your spot at this free and convenient online presentation!

Guest Speaker: Jack Heyman earned a Bachelor of Science in Accounting from Florida International University and a Master of Art in Information Assurance Information Technology from the University of Maryland. He is a Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Government Financial Manager (CGFM), Certification and Accreditation Professional (CAP), and a Certified Information Privacy Professional (CIPP). Jack also co-authored Identity Management, which was published by the Information Security, Audit & Control Association (ISACA).

REGISTER HERE

Exec Director of 21 Years Files Plea Agreement for $1.35Mil in Embezzlement Case

Thomas Nelson was, until recently, the Executive Director of a York County, Maine nonprofit that provides services to low-income residents. It was a position he held for 21 years. He’s now awaiting sentencing after copping a plea arrangement in federal court, agreeing to pay restitution of $1.2Mil to the nonprofit and $150,000 to the IRS for tax evasion. He stands to receive up to 10 years for embezzlement, 5 years for conspiracy, 5 years for tax evasion, and 3 years for signing false tax returns.

How’d he do it? He arranged over-payments to a consulting company that gave him kickbacks and he also diverted money to a defunct nonprofit where he had served as treasurer. He used the money to pay his mortgage and cover gambling debts. There was only one invoice from the consulting company over the time of the collusion but it was for $8,700, not the $413,000 they were paid.

He claimed he avoided diverting federal money because he knew government funds are subjected to greater scrutiny.

The board has been reviewing its financial oversight practices and is “very disappointed.”

#smh

Read more about it in the Portland Press Herald

Risk Assessment: Updating Controls Over Confidential Information

The August edition of the Journal of Accountancy has a good article reminding CPA firms to update controls that protect the privacy of individuals as well as other confidential information that may be in the firm’s workpapers and electronic systems. Their key points actually translate well to the nonprofit community since this is an industry that regularly receives confidential information about their donors (credit card accounts, bank account information, social security numbers, etc.).  With all the effort of maintaining transparency, don’t overlook your organization’s responsibility to protect your donors’ privacy and security.

The article suggests: “Identify and classify the types of information the firm maintains.” As a nonprofit organization, can you identify categories of information that flows through your systems whether it is restricted, confidential, sensitive, or ok to be public? You are required to disclose major donors as well as anyone you paid grants or scholarships out to, but have you taken steps to keep their credit card numbers or social security numbers private and secure?

“Assess your current controls/Upgrade protection strategies.” Where would the weak link be in your chain of ownership of sensitive information? Do volunteers have open access to files with donor information? Do employees ever carry information on transportable data storage devices that could transfer information outside of the office, intentionally or not?

“Review the impact of vendors and 3rd party service providers.” Cloud computing is a powerful tool but as the article points out, “although functions can be contractually assigned to a third party, accountability for data protection cannot.” Make sure you understand how and to what extent your service providers are safeguarding the information that flows through their systems, whether it is for online registration or processing of donations.

Ref: Protecting Privacy, by Joel Lanz and Nancy Cohen, Journal of Accountancy, August 2012

Canceled Checks – Auditor and IRS Requirements

The days of receiving a stack of canceled checks back with your bank statement have passed, thanks to the Check Clearing for the 21st Century Act. You have probably been receiving scanned images of the cleared checks along with your monthly statements but in certain cases, you may not even be receiving those.

The IRS will usually accept a scanned copy of the canceled check during an audit but if there is some suspicion that there is a problem with the copy’s integrity, the IRS is going to need more information from your bank. The same is true during a financial statement audit and this is why it is important to understand your record keeping obligations and what your bank does and doesn’t do.

Because of technological advances and the Check 21 Act, your bank may not ever see the actual paper copy of the original check but if they do, depending on your customer agreement, they may be allowed to destroy the paper copy. There is no retention requirement for original documents for any specified length of time that the bank must follow.   The bank records will instead maintain an electronic substitute check that is legally the same as the original check if all information is accurately retained.

The burden of documentation is on you, the bank customer, not the bank. Make sure to download and protect the copies of checks that accompany the bank statements and make sure you understand the terms of your customer agreement with your bank.

Read more about the Check 21 Act here.

Approval of Journal Entries (avoiding management letter comments, part 6)

One part of a good system of internal controls is having all general journal entries reviewed.  This is also a key part of the segregation of duties in that someone other than the person making the journal entry reviews it.  This review is done to help prevent errors such as adjusting the wrong accounts and transposing numbers.  It also helps protect against fraud by making sure there is a valid reason for the journal entry and someone is not just increasing revenue to make the organization appear better.

Depending on the size of the organization, it can be difficult to determine who should be reviewing the journal entries.  If there are two or more people in the accounting department, one person can be the reviewer while the other person makes the entries.  If there is only one person in the accounting department, then it is necessary to go outside the department to get the journal entries reviewed.  This can be done by have the president or executive director be involved.  A Board member is also a good person to have review the journal entries.

There are also different ways to review the journal entries.  At some organizations each journal entry is reviewed prior to posting.  Other organizations review the entries on a weekly or monthly basis after they are posted.  One of the important things to remember is to document the review and approval.  The simplest way to do this is to print out the journal entries and have the reviewer initial them.  This should then be saved as support.

This is part 6 of a continuing series on common management letter comments.  Click here to read part 1, part 2, part 3, part 4, and part 5.

#nonprofit #nonprofitaccounting #fraud #internalcontrols

Update: FBI Now Involved in Fiscal Sponsor Scam

The FBI and the state attorney general’s office have gotten involved in the investigation of the International Humanities Center, which closed its doors after  three years of IRS scrutiny. IHC was a California-based 501(c)(3) organization that functioned as an umbrella structure and fiscal sponsor for over 200 nonprofits but it now appears it may have all been a Ponzi scam.  IHC closed its doors suddenly in January, with little explanation and almost $1 million unaccounted for. That figure is with only 49 groups reporting and may go higher as other groups come forward. Many of the groups have been completely crippled by the loss of their donations and donors’ reluctance to give once the news hit about the missing funds.

Source: LA Times