Nonprofits Be Prepared to Protect PII

detective

There is a rising effort to protect personally identifiable information (PII).  For instance, the OMB provided new guidance under 2 CFR Chapter Part 200 which requires entities receiving federal grant funds to take reasonable measures to safeguard such information.  The new reforms define PII as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that can be linked to a specific individual.  However, there is no silver bullet with respect to whether any given information is in fact PII. Certain instances will require a case-by-case analysis based on the facts and circumstance of the situation. All in all, these newer requirements on grantees may require grantees to implement tighter controls.

The Grantee Selection Process

Image

In one of our previous posts, we discussed the issue of fraud and the fact that many large nonprofit organizations are victimized each year by fraudulent acts.  We wish to continue this discussion but from a slightly different perspective.  During research, I came across a statement from Michael Ballin, President of Edna McConnell Clark Foundation.  He stated that their foundation spends “100-200 hours on site with each potential grantee organization, examining the organization’s financial health, leadership and management, and measurement of outcomes.”  He went on to state that investing in the best nonprofits helps strengthen the entire nonprofit filed.  The selection process of the Edna McConnell Clark Foundation suggests that due diligence and accountability can have a positive impact on nonprofit management.  Careful scrutiny during grantee selection has the potential of raising organizational standards and the control environment within nonprofit organizations. This can lead to improved policies, procedures and internal controls that protect against fraud and asset losses.  Likewise, nonprofit organizations who wish to shine during a grant selection process should be positioned to demonstrate control activities used to promote the financial health of the organization.  For example, a nonprofit organization can demonstrate systems to protect patient privacy, prevent cybercrime, or protect system data.  Nonprofit organizations should contact a nonprofit specialist if it desires to improve management practices in this area.  Likewise, private foundations who wish to revamp their grant selection process should contact a nonprofit consultant.

Check Fraud

Our firm recently consulted on issues related to external fraud and so we believe it is befitting to address this issue here.  Most of this article will be to educate persons on this issue than to tell a story.  You will find in reading this blog that educating the public is also one of our goals in posting here.  Our hope is that in reading this information, you become more informed of this issue.  The Washington Post recently conducted an investigation where they found that over 1000 nonprofit organizations have had a “significant diversion” of assets since 2008 mostly attributed to theft or embezzlement.

The losses suffered by some nonprofit organizations sometimes amounted to tens of millions of dollars as reported on the organization’s IRS Form 990 return.  For a struggling nonprofit organization, the loss of even thousands of dollars may impair the nonprofit organization from achieving its mission.  Therefore, proper internal controls are essential for organizations of all sizes.

Embezzlement has been defined as the fraudulent appropriation of money or property lawfully in one’s possession according to Dr. Larry Crumbley in his book Forensic Investigative Accounting.  One way a fraudster may embezzle funds is by check tampering.  In fact, checks are known to be one of the most frequent fraud schemes with over 500 million checks forged each year in the United States.  Many frauds are perpetrated by an employee who gains access to a check and goes on to prepare computer copies and cash them under someone else’s name.  Thus, one way a nonprofit can protect it is by incorporating a control concerning checks. Checks can be imprinted with holographic images, watermarks, and inks that cannot be erased or copy or other types of security inks as one control to deter check fraud.

Organizations that wish to do more to identify operations risks should have a risk assessment conducted to expose and strengthen weaknesses within the organization.  Image

IRS Automatic Revocation of Nonprofit Tax Exemption

Organizations that are required to file an IRS Form 990, 990-EZ or 990-PF or submit an annual electronic notice on Form 990-N are subject to automatic revocation if the exempt organization fails to file for three consecutive years.  The consequence of automatic revocation can be economically devastating for struggling non-profit organizations since the organization may be required to file a Form 1120 corporate income tax return or Form 1041 Estates & Trusts return and pay applicable taxes on income received.

 

Organizations previously eligible to file Form 990-EZ or Form 990-N for each of the three prior consecutive years that have lost their tax-exempt status may be eligible for retroactive reinstatement by filing for recognition of tax exemption on the required Form 1023 or Form 1024 and paying the appropriate user fee no later than 15 months of the date on the organization’s Revocation Letter (CP-102A) or the date the organization appeared on the Revocation List on the IRS Website, whichever is later.   This process is called the “Streamlined Retroactive Reinstatement Process”. 

 

The IRS will not impose a penalty for failure to file annual returns for the three consecutive taxable years that caused the revocation if the organization is successfully reinstated under the Streamlined Retroactive Reinstatement Process and files paper Forms 990-EZ for all 3 previous taxable years.  For organizations eligible to file Form 990-N, the organization is not required to file a prior year Form 990-N or Form 990-EZ to avoid penalties if reinstated.  

Organizations should contact a qualified attorney as soon as possible if they do not qualify for or need assistance complying with the requirements under the Streamlined Retroactive Reinstatement Process.  

Expanding Your Capacity

SP Consulting, A division of The Scott Practice, LLC provides technical, legal and consulting services all designed to help nonprofit organizations expand capacity and reach while remaining in compliance with federal regulatory requirements. This web ad provides information on our NPO compliance services.