Nonprofit Financial Accountability & Sarbanes-Oxley
This article, by Tracey Bolotnick, originally appeared in the Alliance for Nonprofit Management's "Insights" Newsletter.
The American Competitiveness and Corporate Accountability Act, popularly known as the Sarbanes-Oxley Act, was passed in 2002 in response to the Enron, WorldCom and other corporate and accounting scandals in the for-profit realm. The Act introduced a variety of measures requiring boards to keep closer tabs on, and take more responsibility for, financial transactions and auditing procedures of their corporations.
Most of the provisions of the Act are expressly limited to publicly-traded corporations. However, whether by design or ambiguous drafting, two provisions dealing with document retention and retaliation against whistle blowers also apply to nonprofit organizations. In addition, the Act and the general sentiment that inspired its passage -- that corporate boards should be both aware of and accountable for the acts of their corporations - are leading state lawmakers around the country to propose and pass legislation extending similar good governance requirements to charitable and nonprofit corporations.
Section 802 of the Sarbanes-Oxley Act makes it a crime to knowingly alter, destroy, conceal or falsify any record or document with intent to impede, obstruct, or influence a federal investigation or the administration of any other federal matter. Unlike most provisions of the Act, the applicability of the document retention provision is not limited to companies that report under the Securities and Exchange Act of 1934, and hence likely applies to nonprofit organizations as well. Violations of this provision are punishable by fines or imprisonment up to 20 years.
Many nonprofit organizations, particularly those with paid employees, would benefit from having a document retention/destruction policy that would enable them to comply with various existing state and federal laws (such as the Fair Labor Standards Act, which requires that payroll records be kept for a certain minimum period of time) and to maintain useful evidence for potential lawsuits. Section 802's likely applicability to nonprofit organizations provides one more reason to adopt a written policy.
For most nonprofit organizations, particularly those with smaller budgets or staff sizes, a succinct and straightforward policy should suffice. Such a policy should set forth the timelines for maintaining various categories of documents (financial, fundraising, personnel, contracts, leases, etc.) in accordance with applicable state and federal requirements, and should cover electronically held materials such as e-mails and voice mails as well as printed documents. Including rules requiring destruction at the end of the retention period is advisable, as it would be useful in defending against an alleged violation of Section 802 and in demonstrating that materials were purged in the ordinary course of business.
Three sections of the Sarbanes-Oxley Act relate to protection for corporate whistle blowers; one requires audit committees to establish procedures for dealing with complaints about suspicious accounting and auditing practices, another provides for a civil cause of action at the Department of Labor for whistle blowers who have faced retaliation, and the third makes it a crime to retaliate against whistle blowers. Of these, only the latter (Section 1107) is not limited by the Act's terms to publicly-traded companies.
Under Section 1107, it is a felony to retaliate against an individual for providing law enforcement authorities with truthful information relating to the commission, or possible commission, of any federal offense. In the nonprofit context, this might involve, for example, the termination of a CFO or other employee for reporting information to the IRS revealing a charity's failure to comply with its tax reporting obligations. Violations of this section are punishable by fines or imprisonment up to ten years.
Although the Act does not require nonprofit organizations to adopt a written whistle blower policy, nonprofit boards should consider doing so as a preventative measure to avoid potential liability, and as a matter of good governance. A relatively simple and brief policy, which should suffice for most organizations, would encourage employees to report potential problems as soon as they arise (possibly offering the option of maintaining anonymity) and ensure protection from retaliation for those who choose to do so (not only from termination but from other negative employment actions such as demotion, suspension or relocation).
The major provisions of the Sarbanes-Oxley Act are concerned with ensuring a sufficient degree of separation and independence between a corporation's board and its auditors. For example, it defines who should serve on the corporation's audit committee (directors who are not also managers), requires disclosure as to the level of financial expertise on the audit committee, and dictates that the corporation's outside auditing firm periodically change the lead partner on the audit. It also promotes honesty and transparency in board governance by requiring both the CEO and CFO to certify financial statements, prohibiting loans by the corporation to its directors, and requiring disclosures regarding a corporation's material financial and operational changes.
As noted above, the Act does not mandate that any of the foregoing provisions be followed by nonprofit boards, and to date, there is no federal version of Sarbanes-Oxley targeting nonprofit organizations. However, lawmakers in several states have introduced legislation applicable to nonprofit organizations mirroring the broad goals, and in some cases the specific provisions, of the Sarbanes-Oxley Act.
For example, the California Nonprofit Integrity Act of 2004 (effective as of January 1, 2005), stipulates, among other requirements, that all nonprofit organizations with $2 million or more in annual revenues have an audit prepared by an independent firm. It also calls for board review and approval of executive compensation and the establishment of an internal audit committee responsible for influencing the hiring and firing of independent CPAs, negotiating their compensation and reviewing their audit. Although board members may serve on the audit committee, the committee may not include staff members, the president or CEO, or the treasurer or CFO. Moreover, if the organization has a finance committee, members of that committee may not comprise 50% or more of the audit committee. These provisions are notable in that they limit the otherwise broad freedom enjoyed by nonprofit organizations in the composition of their board committees.
Other states have joined the movement to impose stricter financial oversight and independence obligations on nonprofit boards as well. New Hampshire, for example, recently passed a law requiring nonprofit organizations with revenues in excess of $500,000 to submit audited financial statements with their Form 990s. Connecticut, Kansas and Maine passed similar laws. And in other states, such as Massachusetts, nonprofit accountability bills are pending.
Whether in a state with accountability legislation or not, in order to preserve the confidence of their contributors and constituents, nonprofit boards should focus attention on their governance practices and ensuring that their organizing documents, employee handbooks, financial statements and written policies are in order.
For more information, refer to Independent Sector's Checklist for Accountability and a code of ethics that provides a useful place for boards seeking to ensure transparency and good governance to start. Other useful resources include the AICPA's Center for Audit Quality and Independent Sector's Sarbanes-Oxley Checklist.