This is the html version of the file http://www.mcgladrey.com/Resource_Center/Audit/Articles/SOX_NPO.pdf.
Google automatically generates html versions of documents as we crawl the web.
The Sarbanes-Oxley Act May Impact Your Not-for-Profit Organization
Page 1
McGladrey & Pullen, LLP is a member firm of RSM International – an affiliation of separate and independent legal entities.
1
The Sarbanes-Oxley Act May Impact Your
Not-for-Profit Organization
Accountability, ethics, transparency, duty, full-
disclosure, compliance, responsibility … More
than simply buzz words for public sector
organizations who want to meet the expectations of
their constituents.
Even the smallest not-for-profit organizations (NPOs)
interact with or impact a significant portion of the
population. Public concerns, expectations, and motives
have changed significantly in the past several years.
Gone is the blind faith and trust the public historically
placed in NPOs because of their perceptions about
“inherent goodness” of employees, management,
committee members, and/or their governing boards.
Some of us even fear that the one million-plus
associations, educational institutions, foundations,
clubs, churches, and all other types of NPOs will
struggle to recover their esteemed position with
constituents.
Rather than focus on why things have changed, this
document addresses the current business environment,
and provides suggestions as to how NPOs can and
should react to this change.
The Sarbanes-Oxley Act (the Act) is one of the most
significant business related events to impact the
commercial marketplace in recent years. As issued, the
Act is only applicable to public companies and their
auditors. However, special interest groups and oversight
agencies have been questioning why it shouldn’t be
applied, at least in some respects, to the public sector.
According to information from the National Council of
Nonprofit Associations [NCNA], a number of state
legislators and attorney generals are considering
various proposals to increase nonprofit accountability at
the state level. A chart outlining the current status of
impending legislation in various states is posted to the
NCNA Web site at http://www.ncna.org.
No one believes all of the problems in the current
business environment are restricted to public
companies. Therefore, provisions of the Act are
beginning to cascade down to the public sector.
Our intent here is to provide a broad view of the
Sarbanes-Oxley Act and its key provisions to help you
understand why so many constituency groups and
oversight agencies are focusing their attention on the
Act’s application to the public sector even though, as
written, they were principally designed for public
companies.
Briefly, the Act's principal reforms include:
Creation of an independent public company
accounting oversight board (the PCAOB)
Auditor independence provisions that restrict non-
audit services that accountants may provide to their
public audit clients
A heightened level of corporate governance and
responsibility measures
Expanded corporate, financial and insider
disclosure requirements
Mandatory disclosure by analysts of potential
conflicts of interest
A range of tough new penalties for fraud and other
violations
A summary of key provisions of the Act is available on the
American Institute of Certified Public Accountants Web site:
http://www.aicpa.org/info/sarbanes_oxley_summary.htm. A
complete text of the Sarbanes-Oxley Act is located at
http://financialservices.house.gov/media/pdf/hr107610.pdf.
Page 2
McGladrey & Pullen, LLP is a member firm of RSM International – an affiliation of separate and independent legal entities.
2
Key Objectives of the Sarbanes-Oxley Act
Increase investor/shareholder confidence in public
reporting
Increase management’s accountability for financial
reporting and information disclosed to the market
Develop a stronger, more independent audit
system
Reduce accounting irregularities/aggressive
financial reporting
Ensure that the internal controls surrounding
financial reporting are effective via internal
monitoring functions
Reduce fraud and increase accountability for
expenses
It’s apparent these objectives could easily be applied to
the public sector accounting, and financial and
compliance reporting environment. It’s all about
members of management, various committees, and the
governing board, as well as the organization’s auditor,
acting with integrity and being accountable to their
constituents as well as the general public. Now, let’s
delve deeper into some of the more significant
provisions.
Corporate Governance
The Act requires:
Audit committee members to be on the board and
be independent (i.e., not part of management or
compensated outside of board service)
Audit committee to have (or to disclose why they
don’t have) at least one member who is a “financial
expert” and who
o Understands GAAP and financial statements
o Can assess accounting principles
o Has experience with preparing, auditing, and
analyzing statements
o Understands internal controls and audit
committee functions
Audit committee to be directly responsible for
hiring, setting compensation, and overseeing
auditor activities
Auditor must report directly to audit committee
Audit committee to approve non-audit services of
audit firm
Governance is an especially relevant topic for public
sector entities. The governing board, finance committee,
and audit committee are often responsible for protecting
the interests of a large number of constituency groups
who could have very different views and opinions about
how their interests are best addressed. While it is
impossible to please all-of-the-people all-of-the-time,
these constituents expect their interests to be
addressed. We have learned in the external financial
and compliance reporting area, that governance is best
addressed through the creation and operation of a
strong and independent audit committee.
Auditor Responsibilities
The Act requires:
Lead and reviewing partner of audit firm to rotate
every five years
Auditor is prohibited from providing certain non-
audit services
Audit committee to pre-approve most non-audit
services (i.e. tax preparation)
All critical accounting policies and practices used
by the company and management’s application of
them must be disclosed to the audit committee
The audit committee, or its equivalent for small NPOs,
should be very involved in the audit arrangements and
post audit review process. Both management and the
audit committee should take great care in making any
arrangements for the auditor to provide certain non-
audit services. When an audit or attest engagement is
performed in accordance with the Government Auditing
Standards (GAS), issued by the Comptroller General of
the United States, the auditor is currently restricted as to
the type, as well as the manner in which many non-audit
services are provided. We have designed a
comprehensive guide to comply with the GAS and tools
to avoid casting even the perception that our audit
independence is impaired. While we have not seen
proof that any benefits of a partner rotation requirement
To help build and strengthen audit committees,
McGladrey & Pullen’s National Public Sector Practice has
published the Audit Committee Guide for Not-for-Profit
Organizations. A printed version is available from your
local McGladrey & Pullen, LLP office or an electronic
version is available on our Web site at
http://www.mcgladrey.com/.
Page 3
McGladrey & Pullen, LLP is a member firm of RSM International – an affiliation of separate and independent legal entities.
3
is cost justified in the public sector audit environment,
we have found that changes in staffing at various
different levels, on a periodic basis, add value to the
audit process.
Financial Statement Certification
Another requirement of the Act addresses the
certification of financial statements by the chief
executive and financial officers (CEO and CFO). These
individuals face the threat of serving jail time for false
certifications. Additionally, this section of the Act
mandates that the CEO, CFO, controller and/or chief
accounting officer cannot have worked for the auditing
firm for one year preceding the audit.
As with the previous requirements, we can’t take
exception to the spirit behind these requirements. The
CEO and CFO should understand enough about the
financial, compliance and other external information
reporting to sign such a certification or they should be
required to gain such skills. For years, the audit
profession has asked these individuals and other
members of management to sign letters representing to
the accuracy of audited financial statements; the Act
just takes that responsibility a step farther. The
employment requirement is designed to strengthen
auditor independence and is similar to one of the
provisions of the GAS independence standards.
Insider Trading and Conflict of Interest
These provisions prohibit loans to any directors or
executives of the company.
The implications of this provision on NPOs should be
minimal. NPOs are already subject to many conflict of
interest provisions as a condition of retaining their
favored federal tax status, as a result of state laws and
regulations, or as a matter of internal policy. However, if
your organization has not already done so, we suggest
you adopt a formal policy prohibiting such transactions.
Because of the way the following Whistle-Blower
Protection and Document Destruction provisions of the
Act were written, it is generally held that they apply to all
types of public sector entities, including not-for-profit
organizations.
Whistle-Blower Protection
The Act calls for criminal penalties for any action taken
in retaliation against whistleblowers. The Act also
increases a whistleblowing employee’s:
Ability to sue an employer
Ability to collect a civil remedy if discriminated
against
Ability to receive special damages and attorney’s
fees
Since this provision applies to not-for-profit
organizations, we recommend you begin to take steps
to protect your organization including:
Identify weak spots
Install processes to guard against fraud abuse
Do not tolerate misconduct
Develop procedures to handle employee
complaints
Take complaints seriously and handle them
appropriately
Establish a confidential and anonymous
mechanism to encourage employees to report
Make sure no punishment for reporting claims is
allowed even if the claims are unfounded
A Sample Whistleblower Policy is available on the
National Council of Nonprofit Associations (NCNA)
Web site. [http://www.ncna.org/]
Document Destruction
Provisions of the Act make it a crime for a NPO to
destroy, alter, cover up, or falsify (or to persuade
someone else to do so), a document to prevent its use
in an official proceeding.
NPOs should develop and follow a formal document
retention and destruction policy. Maintain and archive all
appropriate records about your operations (e.g.,
financial records, significant contracts, real estate and
other major transactions, employment files, fundraising
obligations, etc.). A Sample Document Destruction
Policy is also available on the NCNA Web site.
Internal Control Disclosures
The Act’s Section 404 requirements are turning out to
be the most costly provisions for public companies to
address. Internal control disclosures require that:
Management establish and maintain an adequate
internal control structure and procedures for
financial reporting
Management assess the effectiveness of the
internal control structure
Auditors attest to and report on the assessment
made by management
Page 4
McGladrey & Pullen, LLP is a member firm of RSM International – an affiliation of separate and independent legal entities.
4
Internal controls are the cornerstones for building,
maintaining and improving stakeholder confidence, and
these controls also provide a process to reasonably
assure achievement in:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws, regulations and
agreements
Safeguarding assets
We clearly support the need for management to
establish, maintain, and document significant financial
and compliance controls for the public sector entity they
represent. For many years, not-for-profit organizations
subject to Single Audit have had more attention focused
on their internal controls than most commercial entities,
including certain public companies. However, we are
concerned that management for many not-for-profit
organizations may not be adequately trained and are
not prepared to assess their effectiveness. Further, we
have learned from the commercial sector that the cost
of the auditor attestation would be quite significant.
In Conclusion
We are not advocating that not-for-profit organizations
adopt all of the provisions of the Sarbanes-Oxley Act.
However, we feel that you cannot simply put your head
in the sand and hope this issue just passes you by.
Before regulatory and oversight agencies make the
decision for you, acquaint yourself with key provisions of
the Act. Balance the needs and expectations of your
constituents with any resource limitations you may have
and try to achieve the best accountability improvement
bang for the buck. We would be glad to help.
We all need to start working towards helping the
industry regain the “good faith and trust” that the public
has traditionally placed in not-for-profit organizations.