There is a rising effort to protect personally identifiable information (PII). For instance, the OMB provided new guidance under 2 CFR Chapter Part 200 which requires entities receiving federal grant funds to take reasonable measures to safeguard such information. The new reforms define PII as information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that can be linked to a specific individual. However, there is no silver bullet with respect to whether any given information is in fact PII. Certain instances will require a case-by-case analysis based on the facts and circumstance of the situation. All in all, these newer requirements on grantees may require grantees to implement tighter controls.
In one of our previous posts, we discussed the issue of fraud and the fact that many large nonprofit organizations are victimized each year by fraudulent acts. We wish to continue this discussion but from a slightly different perspective. During research, I came across a statement from Michael Ballin, President of Edna McConnell Clark Foundation. He stated that their foundation spends “100-200 hours on site with each potential grantee organization, examining the organization’s financial health, leadership and management, and measurement of outcomes.” He went on to state that investing in the best nonprofits helps strengthen the entire nonprofit filed. The selection process of the Edna McConnell Clark Foundation suggests that due diligence and accountability can have a positive impact on nonprofit management. Careful scrutiny during grantee selection has the potential of raising organizational standards and the control environment within nonprofit organizations. This can lead to improved policies, procedures and internal controls that protect against fraud and asset losses. Likewise, nonprofit organizations who wish to shine during a grant selection process should be positioned to demonstrate control activities used to promote the financial health of the organization. For example, a nonprofit organization can demonstrate systems to protect patient privacy, prevent cybercrime, or protect system data. Nonprofit organizations should contact a nonprofit specialist if it desires to improve management practices in this area. Likewise, private foundations who wish to revamp their grant selection process should contact a nonprofit consultant.