The Impact of Sarbanes Oxley and the Era of Corporate Governance on Nonprofit Organizations January 17, 2008 Facilitators Gary J. Dubas, CPA, CVA - Partner David B. Blain, CPA/ABV, CVA - Principal

What We Will Cover What is Sarbanes-Oxley and why does it exist? Why is this law important? Applying Corporate Governance Principles to Non-Profits. Tips and Tools.

What is Sarbanes-Oxley and why does it exist?

In a Nutshell, Sarbanes Oxley… The Sarbanes-Oxley Act signed into law July 30, Officially “American Competitiveness and Corporate Accountability Act of 2002.” Criminal penalties… –10 years in prison. –$1 - 5 fine (millions).

In a Nutshell, Sarbanes Oxley… Response to corporate and accounting scandals –Companies: Enron, Worldcom –Activities: Document Destruction, misleading financial statements –Results: Share holder loss, employee retirement funds lost Most provisions apply only to publicly traded corporations. –With two notable exceptions…

The Goal of SOX SOX has a purpose…really! –The creation of a Proper Control Environment Encompasses the attitudes and values of directors and executives. How much they recognize the importance of: –Transparency –Accountability –Method

What is a control? Internal Controls defined : –“…a process or set of processes designed to address operating efficiencies and effectiveness and reliability of financial reporting and compliance with laws and regulations.” Or… –“An action that ensures that the right things are being done at the right time.”

SOX Provisions Public Companies have more to do. Knowing all the areas can help you decide where to focus your efforts.

Benefits of Sarbanes-Oxley Review of your business, its processes, function, and activities. Clearer expectations. Better record keeping. Better transparency. Better accountability. Standardized processes.

Applying SOX Corporate Governance Principles to Nonprofit Organizations

Ten Principles to Consider Role of the Board. Importance of Independent Directors. Audit Committee. Governance and Nominating Committee. Compensation Committee. Disclosure and Integrity of Institutional Information. Ethics and Business Conduct Codes.

Ten Principles to Consider – (cont) Executive and Director Compensation. Monitoring Compliance and Investigating Complaints. Document Destruction and Retention.

Principle 1 Determine the Role of The Board

Determine the Role of the Board “The organization’s governing board should oversee the operations of the organization in such a manner as will assure effective and ethical management.” Review Board Structure and operations Determine optimal size – Effectiveness Composition – Expertise and requirements Operating procedures – Term limits, leadership, agenda, frequency of meetings

Steps For Review of Board Structure Step 1 – Process Critically review how effectively the board oversees organization operations and management. Step 2 – Assumptions Validate the usefulness of all positions. No “Sacred Cows.” Step 3 – Information Gathering Be sure to gather information from a variety of sources through interviews, surveys, and “walk around management.”

Steps For Review of Board Structure, cont. Step 4 – Document Findings Ensure all findings are documented and discuss with management. Step 5 – Future Reviews Establish annual review process through a governance committee or by board delegation by the executive board.

Principle 2 Importance of Independent Directors

“The independent and non-management board members are an organizational resource that should be used to assure the exercise of independent judgment in key committees and general board decision making.”

Common Issues Affecting the Independence of Directors Deference to Management –Avoid the tendency for boards to become complacent and defer decision-making to management. Cultural Issues –Realize and address issues that may affect otherwise independent directors’ decisions – such as dominant board member personalities or close personal relationships between directors and management. Ensure Proper Size and Makeup of Board

Principle 3 Audit Committee

“An organization with significant financial resources should have an audit committee composed solely of independent directors.” Audit Committee Functions –Assure independence of Financial Auditors. –Review critical accounting policies and internal controls. –Oversee accuracy of financial statements and reports.

Audit Committee Considerations Is an Audit needed or required? –Legal requirements, size of organization Independence of Committee Members. –Assure Financial Integrity –Strengthen Board’s oversight through information avenues independent of management Proper delegation of authority to the Committee. Committee’s expertise and understanding of financial matters.

Audit Firm Considerations Non-Audit Services Provided –Impact of fees on independence and decision making. Rotation of Audit Partner and/or Audit Firms –Maintain arms length perspective.

Principle 4 Governance/Nominating Committees

Proper Governance “An organization should have one or more committees composed solely of independent directors that focus on core governance and composition issues.” Governing Concerns Include: –Governing Documents of the Board and Organization –Appropriateness of the Board’s Size –Criteria for and Evaluation of Potential Directors –Leadership of the Board –Committee Structure –Code of Ethical Conduct

Governance Best Practices Create/Maintain Governance and Nominating Committees. –May be useful to combine committees. Periodically Evaluate the Board and the Directors. Governance Committee should take responsibility for “Setting the Tone at the Top”.

Principle 5 Compensation Committee

“ An organization should have a committee composed solely of independent directors that determines the compensation of the chief executive officer and determines or reviews the compensation of other executive officers.”

Applications Executive Compensation should be Performance Based and Tied to Predetermined Goals. Ensure that a Proper Succession Plan is in Place for Key Executives.

Principle 6 Disclosure and Integrity of Institutional Information

Openness and Certification “ Disclosures made by an organization regarding its assets, activities, liabilities, and results of operations should be accurate and complete and include all material information.” Fairly represent the financial condition of the organization. Executives should be able to certify the accuracy of the financial information and the adequacy of internal controls.

Openness Determine the appropriateness of certifying financial information. Determine which information and how much to disclose. Ensure that at least one staff member is responsible for ensuring compliance with Federal and State Laws.

Principle 7 Ethics and Business Conduct Codes

Ethics “An organization should adopt and implement ethics and business conduct codes applicable to directors, senior management, agents, and employees that reflect a commitment to operating in the best interests of the organization and in compliance with applicable law, ethical business standards, and the organization’s governing documents.”

Business Conduct Codes Proper Codes of Conduct should include: –Definitions of, and procedures for handling, conflicts of interest. –Prohibitions against use of corporate information or resources for personal gain or in competition with the organization. –Nondisclosure of confidential information. –Promotion of procedures to assure compliance with applicable laws. –Means to encourage the reporting of illegal or unethical behavior.

Principle 8 Executive and Director Compensation

Compensation “Executive (and directors if appropriate) should be compensated fairly and in a manner that reflects their contribution to the organization.”

Executive Compensation Considerations Should be no loans to executives. Based on individual and organizational performance. –Can be financial or mission-related objectives. Comparable to similarly sized and complex organizations. Critical that all compensation is reported for tax purposes. Understand benefit rules and implications.

Director Compensation Considerations Liability Considerations. Form of Compensation. Who will approve compensation for Directors. Available data from comparable organizations. State laws that may cap Director compensation.

Principle 9 Monitoring Compliance and Investigating Complaints

Obtaining Timely Feedback “An organization should have procedures for receiving, investigating, and taking appropriate action regarding fraud or noncompliance with law or organization policy, and should protect ‘whistleblowers’ against retaliation.” Create and periodically review a written policy for the communication of concerns from employees. Ensure that current policy (if applicable) complies, at a minimum, with “whistleblower” protection provisions.

Principle 10 Document Destruction and Retention

Proper Retention of Documents “An organization should have document retention policies that comply with applicable laws and are implemented in a manner that does not result in the destruction of documents that may be relevant to an actual or anticipated legal proceeding or governmental investigation.” Be aware of increased criminal sanctions for obstruction of justice by destruction of documents. Periodically review document retention policies to ensure proper compliance with state and federal laws.

Tips and Tools

STEPS TO EFFICIENT SOX COMPLIANCE Step 1 – Educate Your Organization  Understand the requirements of SOX.  Formulate the appropriate plan of action.  Education will enhance the effectiveness and efficiency of compliance.

STEPS TO EFFICIENT SOX COMPLIANCE Step 2 – Retain Experienced Consultants  Look for a firm that: Has extensive working knowledge and experience with SOX. Has not-for-profit industry experience. Has provided SOX training to executive management.

STEPS TO EFFICIENT SOX COMPLIANCE Step 3 – Retain Experienced Consultants (cont’d)  Look for a consulting firm that can educate your staff and implement your Plan of Action. Proper education can allow for work to be shifted to internal resources. Experience gained by internal resources can help reduce future compliance costs.

STEPS TO EFFICIENT SOX COMPLIANCE Step 3 – Demonstrate Complete Management Buy-In  Early management buy-in is critical to the success of a SOX project.  This will set tone for entire project (and the business).  Encourage pre-project and weekly management meetings to monitor the success of the project.  Integrate IT & Accounting Controls.

STEPS TO EFFICIENT SOX COMPLIANCE Step 4 – Start Early  Allow adequate time to properly complete requirements of SOX compliance.  Short deadlines and rush-to-completion can increase the financial cost of the project.  Take time early to appropriately assess information system needs.

STEPS TO EFFICIENT SOX COMPLIANCE Step 5 – Invest in the Proper Tools  Learn from others who have already completed a SOX project.  Plan ahead, investigate and seek input from your consultant.  Remember, software alone will not complete this project.

CONCLUSION THANK YOU!!!!

The End, The Beginning… Questions Open Discussion Practical Experiences

Appendices

Appendix A - Samples Conflict of Interest Statement Document Retention Policy Whistleblower Policy

Appendix B – Informational Sources American Bar Association (ABA) – Guide to Nonprofit Corporate Governance in the Wake of Sarbanes-Oxley Pennsylvania Association of Nonprofit Organizations – Standards for Excellence – An Ethics and Accountability Code for the Nonprofit Sector

Appendix C – Published Articles to Research “Are Your Nonprofit Leaders Super?” – PICPA Journal, Winter 2007 “Good Governance Policies for Charitable Organizations” – AICPA Focus, September/October 2007 “Can Sarbanes-Oxley Hold the Keys to Nonprofit Governance” – PICPA Journal, Winter 2006