“It has been said that Democracy is the worst of form of government except all the others that have been tried.” —          Winston Churchill

Well, I did it. I took one for my team of nonprofit colleagues and board members. That is, I read every word of the 67 pages that constitutes the Nonprofit Revitalization Act of 2013. It was recently passed by the New York State Senate and Assembly and has been sent to Gov. Cuomo for his likely signature.

For those of you who have never had the pleasure of reading a legislative bill, it is a mind-numbing experience. The proposed changes are intended to both revitalize and reform the nonprofit sector in the state and have actually been considered for the last five to seven years. The origin of many of these reform initiatives dates back to Eliot Spitzer when he was attorney general, prior to his ill-fated tenure as New York Governor.

The reform initiatives were reintroduced in early 2012 by our current Attorney General Eric Schneiderman.

This bill, when signed by Gov. Cuomo, continues the government regulators’ focus on the following areas of nonprofit management and operations:

§ Effective board governance and oversight

§ Conflict-of-interest disclosures and due process

§ Related party transactions conducted at fair market value

§ Accountability and transparency by adopting a whistleblower policy

§ Mergers and asset transfers

In many cases, you will find the requirements of the act to have already been adopted by your nonprofit organization. However, since the requirements of the act are very specific, every nonprofit should conduct a “gap analysis” to identify what policy and procedure changes need to occur within your organization in order to comply with these new requirements.

The following represents my latest top 10 list of actions / requirements that should be considered by your organization. Keep in mind that there may be other requirements in the legislation’s 67 pages that you should evaluate since they may affect your specific organization. However, the following list addresses those requirements that affect virtually all tax-exempt organizations.

1.  Effective date — Assuming signature by Gov. Cuomo, the effective date of the act’s requirements is July 1, 2014. However, many of the requirements described below can and should be implemented prior to that date.

2.  Corporate type of organization — In an effort to both simplify and clarify New York State Nonprofit Corporation Law (NPCL), the act eliminates the segregation of nonprofits as Type A, B, C, or D corporations. All nonprofit corporations will now fall under statutory definitions of either a “Charitable Corporation” or a “Non-charitable Corporation.” Each organization should verify that its corporate type under previous NPCL translates appropriately to these new definitions. Generally speaking, Type A corporations are Non-charitable. Type B or C corporations are Charitable. Type D corporations can be either classification based on the organization’s original purpose. Fortunately, no additional filings with New York State are required in this area since existing nonprofits will be grandfathered.

3. Whistleblower policy — If you are a health- and human-services provider, you should already have a whistleblower policy. The act requires all nonprofit corporations with more than 20 employees and annual revenue in excess of $1 million to adopt a whistleblower policy. Organizations with existing policies will most likely not have to make changes. However, all nonprofits should adopt a whistleblower policy well in advance of the act’s effective date. Jan. 1, 2014, would be a reasonable target.

4. Audit oversight / board governance — From my perspective, this section of the act adopts requirements for independent auditors and the nonprofit boards that are long overdue. In a nutshell, the act requires the nonprofit board or its designated audit committee (comprised of independent directors) to do the following:

§ Review directly with the independent auditor the audit scope and planning prior to the commencement of the audit.

§ At audit completion, meet with the independent auditor to review all required audit reports, including internal control recommendations, required communications, and the audited financial statements.

§ An annual requirement to consider the performance and independence of the independent auditor.

If the requirements above are completed by the audit committee, periodic reports of the audit committee must be made to the full board.

5. Merger approvals by the Attorney General — The act significantly expands the role of the New York State attorney general regarding:

§ Approvals for mergers of nonprofit organizations.

§ Approvals to sell, lease, or otherwise dispose of all, or substantially all, of a corporation’s assets.

§ Specific reporting requirements are detailed in the act. The attorney general may refer the final approval in certain circumstances to the Supreme Court of the applicable judicial district.

6. New definition of “entire board” — In order to address the issue of significant decisions being made by a small group of eligible voting board members, the act provides a definition for the “entire board.” The “entire board” is defined as the total number of directors entitled to a vote if the organization had no board vacancies. The bylaws control this number if a fixed number of directors is specified. In the event of a bylaw range for directors, the “entire board” is the number of directors elected at the most recently held election of directors.

This particular provision relates directly to significant transactions involving the purchase or sale of significant assets of the organization. Specifically, in these applicable situations, an affirmative vote of two-thirds of the entire board is required.

7. Conflicts of interest — The act requires every nonprofit corporation to adopt a Conflict of Interest policy that is intended to ensure that its directors, officers, and key employees act in the corporation’s best interest. As stated previously, many nonprofits have an existing policy in this area. If you need a template for either conflict of interest or whistleblower policies, please email me at garchibald@bonadio.com.

8. Electronic technology updates — The act recognizes that a significant amount of corporate business activity is completed electronically. However, existing regulations are outdated in this area. The act provides the following guidance:

§ A continued prohibition on board voting by email or fax transmission.

§ Proxies may now be submitted by board members via email, which authorizes another board member in attendance to vote on his/her behalf.

§ Notice provisions for membership meetings can be provided by either fax or email.

9. New York Supreme Court Personal Jurisdiction Provision — All directors, officers, key employees, or agents of the nonprofit organization will be subject to the personal jurisdiction of the Supreme Court of New York related to attorney general proceedings. This particular provision appears to be directed at addressing issues regarding directors, officers, or employees who are not New York State residents. However, depending upon interpretation of this provision, recruitment of volunteer board members may be more difficult.

10. Related-Party transactions and independent directors — The act defines a related-party transaction as any transaction, agreement, or other arrangement in which a related party has a financial interest and in which the corporation or any affiliate of the corporation is a participant.

[“Independent Director” is defined as an individual who has not, within the last three years, been an employee of the corporation or an affiliate, and does not have a relative who was a key employee within the last three years. Additional details regarding the independent director definition are specified in the act.

Every organization should identify whether individual directors are independent or not under the definition provided in the Act. In addition, all related party transactions should be thoroughly documented at fair-market value, with no involvement of the related party in the decision-making process.

The act has a number of additional references regarding requirements and roles that must be fulfilled by independent directors. For example, the audit committee must consist of only independent directors.]

In my view, the requirements of this act should be viewed by nonprofit organizations as “best practices” that should be adopted and implemented as soon as possible. While signature by Gov. Cuomo is expected, your organization must recognize that these requirements originated with the New York State attorney general. Therefore, whether legally adopted or not, the requirements clearly set the standard of expectation for all New York nonprofit organizations.

Gerald J. Archibald, CPA, is a partner in charge of the management advisory services at The Bonadio Group. Contact him at (585) 381-1000, or via email at garchibald@bonadio.com

If I only had a dollar for every time that I have heard that statement.

The fact is, workplace fraud happens, and it happens frequently. Newspaper headlines featuring employees stealing large sums of money are becoming more frequent. It happens to all businesses, large and small. It also happens in the nonprofit and municipal sectors with alarming frequency. No one will argue that economic times are tough and many employees are under financial pressure. Often this pressure translates into incentive or rationalization for employees to steal from your business to make ends meet.

Even with all the statistics and news, many business owners think it can never happen to their company. It is often this type of thinking that makes a business more vulnerable. While it is true that fraud can happen in even the best controlled environments, a few simple changes and safeguards can often go a long way.

Small-office environments are particularly vulnerable to fraud because of their size. Fraud can happen in any size company. However, the fewer people involved in the accounting function, the more opportunity there is for an individual to commit fraud and go undetected.

A common term often used when accountants discuss internal control is “segregation of duties.” Simply put, the more segregated the accounting function is, the better the control environment. If the same individual is responsible for collecting payments from customers, adjusting customer accounts, and making bank deposits, there is a lot of opportunity for that person to steal money and cover up his/her tracks.

Fully segregating all of the accounting duties is a struggle for many small businesses because they simply do not have enough people in the accounting department to segregate duties adequately. This does not mean that small businesses have to live with this risk. There are some simple questions all business owners can ask themselves to help improve controls at their company.

Do you really see all the checks your business issues?

Having the business owner sign all the checks is probably one of the most common controls among small businesses. While this is a great control to have in place, many fraud investigations uncover checks being issued that the owner did not know about. In addition to signing the checks, business owners should keep track of check numbers.

Simply put, the first check number in the pile of checks that the payables person requests a signature for this week should be one check number higher than the last check number in the pile the owner signed last week. Any breaks in sequencing should be investigated as these could be unauthorized checks being issued.

Do you review the cancelled checks for the month?

While most banks no longer provide the cancelled-check copies in the mail anymore, most provide access to scanned copies of the cancelled checks online. You would be surprised at how many fraud investigations often uncover alternate manual checkbooks that business owners never knew existed. With the availability of online banking, owners have instant access to review all banking activity.

Who has access to the company credit card?

Abuse of corporate credit cards is one of the most common sources of fraudulent activity at small businesses. Company credit cards should be used for just that, company expenses only. Often, small-business owners will use one credit card for both business and personal expenses. Some will provide the number or even a card to their office or business manager. If the credit-card activity is not monitored, the opportunity for authorized users to use the card for personal charges is unlimited.

It is very easy for employees with the company card to rationalize that they will pay the company back, etc. Again, this is an area where real-time monitoring of activity online is very easy to do. Any unexpected or unusual charges should be investigated, and all charges to the company credit card should require back-up receipts with explanation of business purpose. Personal charges to the company credit card should be strictly disallowed.

Who brings the deposit to the bank?

If it is the same person who reconciles the bank accounts or posts the deposits to the general ledger, there is opportunity for that person to short the deposit and adjust the records to cover it up.

Is there independent verification from the billing system or receipts ledger to ensure all deposits actually made it to the bank? A simple control small businesses can often add is having a receptionist open the mail and make a list of payments received so that that listing can be compared to the deposits actually made to the bank.

What do I do if I catch one of my employees stealing?

This is probably the one area that small businesses differ from larger ones. Large companies often have “no tolerance” policies requiring prosecution of employees caught stealing from the firm. This sends a strong message to employees that if you decide to steal from the company, the consequences are going to be great.

In small businesses, however, the reaction and punishment of the employee can vary tremendously. While no one wants to see a long-time employee arrested or named in the newspaper, the bottom line is that that employee stole from the company and there should be consequences. The message business owners send by how they deal with an employee caught stealing is very important. Any employee caught stealing should have his/her employment terminated and should be prosecuted.

Many times, small-business owners do not prosecute because they just want it to be over, they don’t think they will ever recover the money, they don’t want to ruin the person’s reputation, etc. However, the employee who stole from the company will most likely go on to steal from his next employer. In no case should an employee caught stealing from the company be allowed to remain employed. Especially in a small-business environment where everyone talks, it is very easy to send a message that stealing from the business will be brushed off and it becomes more likely that others within the organization will try it because they think they can get away with it.

When looking at their office environment and controls in place, all business owners should always remember that for fraud to happen, three underlying factors must be present — incentive, rationalization, and opportunity. These three factors are commonly referred to as the “fraud triangle.” While most companies have little control of why an employee commits fraud or how the employee rationalizes his actions, a good control environment will strive to limit the opportunities for fraud to occur and go undetected. The beginning of a good fraud-deterrence program starts with asking a few simple questions and maybe trusting employees just a little bit less. While no control environment is fool-proof, a few simple changes can often go a long way.

Linda Gabor is a certified public accountant and certified fraud examiner. She is the partner-in-charge of audit services at Grossman St. Amour CPAs PLLC. Contact Gabor at lgabor@gsacpas.com or (315) 701-6346.

No one can prepare for a crisis.

Well, actually, they can — and they do. A lot of businesses and nonprofits have operational disaster plans. But few also have a crisis-communications plan.

Recently, however, we have started to see an increased trend in organizations coming to us to help them plan their communications roles, strategies, and even messages before a crisis event. What a crisis-communications plan does is help you to manage information and the messages you deliver to employees, the media, the public, and other audiences affected by a crisis situation.

The most important goals of a crisis-communications plan are to identify the potential and emerging risk scenarios for your organization and to determine who will serve in what roles for making and delivering communications decisions during a crisis. You also want to outline the specific action steps to take and even develop some of the messages that you might use during any of the potential scenarios that you identified. And, you want to prepare to do all of this while your team is calm and focused — not during a crisis.

But it doesn’t do you much good to spend weeks, even months, creating this plan if you’re not going to be able to use it during a crisis. We use a secure and customized mobile app to access a crisis-communications plan, which gives your team members the ability to access the most critical information quickly when they are away from the office or their computers.

The result of developing, and using, this plan is always a better reputation for your organization than if you did not have this resource.

Are you being heard?

Crystal Smith is director of integrated media for public relations at Strategic Communications, LLC, which says it provides “trusted counsel” for public relations, crisis communications, government relations, and business strategy. Contact her at csmith@stratcomllc.com