Transparency In Ministry

The first step to prevent fraud is to ensure that controls are in place. These controls may be as simple as having background checks performed on people working with the financial department of the organization.

The following are some examples of preventative controls, but they are not all-inclusive.

* Creating a Culture of Honesty and High Ethics
It is the organization's responsibility to create a culture of honesty and high ethics and to communicate clearly acceptable behavior and expectations of each employee. Such a culture is rooted in a strong set of core values (or value system) that provides the foundation for employees to know how the organization conducts its business ethically.

*Setting the Tone at the Top
Board of Directors, officers, pastors and leaders of an organization set the "Tone at the Top" for ethical behavior within their organization. Research in moral development strongly suggests that honesty can best be reinforced when a proper example is set--sometimes referred to as the "Tone at the Top." The management of an entity cannot act one way and expect others in the entity to behave differently.

Management must show employees through its words and actions that dishonest and unethical behavior will not be tolerated, even if the result of the action benefits the entity. Moreover, it should be evident that all employees will be treated equally, regardless of their position.

For example, statements by management regarding the absolute need to meet operating and financial targets can create undue pressures that may lead employees to commit fraud to achieve them. Setting unachievable goals for employees can give them two unattractive choices: fail or cheat.

So how can management create a positive workplace environment? Tune in to Post#5.

Understanding that management has a responsibility to prevent/detect fraud is hard for all types of entities, not just churches and ministries. One aspect of enhancing a value system within an organization is creating an office culture of honesty by creating a positive workplace environment.

Research indicates that wrongdoing occurs less frequently when employees have positive feelings about an entity than when they feel abused, threatened, or ignored. Without a positive workplace environment, there are more opportunities for poor employee morale, which can affect an employee's attitude about committing fraud against an entity. Factors that detract from a positive work environment and may increase the risk of fraud include:

*Top management that does not seem to care about or reward appropriate behavior

*Negative feedback and lack of recognition for job performance

*Perceived inequities in the organization

*Autocratic rather than participative management

*Low organizational loyalty or feelings of ownership

*Unreasonable budget expectations or other financial targets

*Fear of delivering "bad news" to supervisors and/or management

*Less-than-competitive compensation

*Poor training and promotion opportunities

*Lack of clear organizational responsibilities

*Poor communication practices or methods within the organization

The entity's human resources department often is instrumental in helping build a corporate culture and a positive work environment. Human resource professionals are responsible for implementing specific programs and initiatives consistent with management's strategies that can help to mitigate many of the detractors mentioned above.

Mitigating factors that help create a positive work environment and reduce the risk of fraud may include:

*Recognition and reward systems that are in tandem with goals and results

*Equal employment opportunities

*Team-oriented, collaborative decision-making policies

*Professionally administered compensation programs

*Professionally administered training programs and an organizational priority of career development.

Hiring and promoting appropriate employees goes a long way in detering fraud, see post #6 of this series on fraud.

How can a church or ministry protect resources against fraud? One of the most important facets of fraud prevention is hiring and promoting appropriate employees. Each employee has a unique set of values and personal code of ethics. When faced with sufficient pressure and a perceived opportunity, some employees will behave dishonestly rather than face the negative consequences of honest behavior. However, the threshold at which dishonest behavior starts varies among individuals.

Proactive hiring and promotion procedures may include:

*Conducting background investigations on individuals being considered for employment or for promotion to a position of trust

*Thoroughly checking a candidate's education, employment history, and personal references

*Periodic training of all employees about the entity's values and code of conduct (training is addressed in the following section)

*Incorporating regular performance reviews and evaluations, how each individual has contributed to create an appropriate workplace environment in line with the entity's values and code of conduct

*Continuously evaluating an individual's compliance with the organization's values and code of conduct, and addressing violations immediately

Training

New employees should have formal training at the time of hiring about the entity's values and its code of conduct. This training should explicitly cover expectations of all employees regarding:

*Their duty to communicate certain matters

*A list of the types of matters, including actual or suspected fraud, communicated along with specific examples

*information on how to communicate those matters.

There should also be an affirmation from senior management regarding employee expectations and communication responsibilities. Such training should include an element of "fraud awareness," the tone of which should be positive but nonetheless stress that fraud can be costly (and detrimental in other ways) to the entity and its employees.

Confirmation

Management needs to clearly articulate that all employees will be held accountable to act within the entity's code of conduct. All employees within senior management and the finance function, we well as other employees in areas the might be exposed to unethical behavior (for example, procurement, sales and marketing) should be required to sign a code of conduct statement annually, at a minimum. Requiring periodic confirmation by employees of their responsibilities will not only reinforce the policy but may also deter individuals from committing fraud and other violations and might identify problems before they can become significant.

In post #7, we will discuss ways to discipline behavior and evaluate controls.

Form 990 asks if a not-for-profit (church/ministry) is following SFAS 117 or is reporting under the old fund balance approach. SFAS 117 is a Generally Accepted Accounting Principles (GAAP) pronouncement. These questions generally come up if the organiztion has restricted funds. In determining whether the entity is following SFAS 117, the following are a few of the items to look for:
1) Does the entity’s income statement break the revenues into unrestricted, temporarily restricted, and if applicable, permanently restricted? Do the statements use the term "net assets" in both the income statement and balance sheet? Are all expenses reported in unrestricted? If the answers are yes, they are under SFAS 117.

2) Is the entity using OCBOA (Other Comprehensive Basis of Accounting)? If financial statement titles say cash or tax basis, this is OCBOA. OCBOA statements are not GAAP and frequently use the term fund balance. These are normally reported as fund statements.

The key in determining if they are under SFAS 117 is whether they are using the three buckets for classification of activity. The buckets for temporarily and permanently restricted can only be used for THIRD PARTY RESTRICTED CONTRIBUTIONS. Board or management restricted balances must be reported as unrestricted. This is because management or the board can remove the restriction on those funds.

Note: Churches are not required to file a Form 990, but other non-profits are required to file the form which is due 4 and ½ months after year-end. Form 990 may be extended however the final due date is 10 and ½ months after year-end.

.

In March 2006, the Auditing Standards Board (ASB), the senior technical body of the AICPA, released its long-anticipated Risk Assessment standards (SAS 104-111) relating to assessment of risk in an audit of financial statements. These standards amended or replaced several existing standards in an effort to enhance overall quality of audits by focusing the auditor's attention on areas such as:

1. A more in-depth understanding of the entity and its control environment
2. A more rigorous assessment of the risks of material misstatement of the financial statements based on that understanding
3. An improved linkage between the assessed risk and nature, timing, and extent of audit procedures performed in response to those risks.

Another reason for these standards at this time is that the ASB has been working with the International Federation of Accountants to bring forth the convergence and acceptance of an international set of auditing standards.

The effective date for these standards will be for audit periods ending after December 15, 2007.

So what affect do these new audit standards have on non-profit ministry organizations? During the 2006 and 2007 audits, your auditors will/should be spending more time understanding the Church's operations and "linking" risk with internal controls. It is anticipated that these new standards will result in more audit documentation during the "planning" and control testing phase, thus affecting the audit fee.

More good news for 2007! See post #2 on understanding "the client".

In future postings, we will be noting important changes/differences between existing standards and the new standards and their effect on auditors and their clients.

In a Brave New World of Risk Assessment post #1, we introduced the new risk assessment standards published in March 2006 for CPAs. We will summarize the high-level differences between the old and new standards and their effect on auditors and their clients.

SAS 104 Amendment to Statement on Auditing Standards No. 1, Codification of Auditing Standards and Procedures ("Due Professional Care in the Performance of Work").
The previous standard made reference to "reasonable assurance" when discussing how the auditor must exercise due professional care to plan and perform their audit of the financial statements so that it was free of material misstatement due to error or fraud. The new standard now defines "reasonable assurance" as "high, but not absolute, level of assurance."

For auditors, this is meant to imply that the auditor now must have a better understanding of their clients and their operations for the year/period under audit. As for clients, this will mean that your auditors will be spending more time gaining this understanding with you--mainly in the beginning phase of the audit.

See post #3, explaining implementation of "understanding the client's business".

This posting is a continuation of previous discussions on the new Risk Assessment Standards. In this posting, we discuss changes/differences resulting from SAS 105 Amendment to Statement on Auditing Standards No. 95, Generally Accepted Auditing Standards.

This standard expands the understanding that an auditor must have of their audit client from having an understanding of "internal control" to "the entity and its environment, including its internal control. In the past, the purpose of this was to allow the auditor to "plan the audit." However, the purpose of this understanding has been modified to "assess the risk of material misstatement of the financial statements whether due to error or fraud and to design the nature, timing and extent of further audit procedures.

For the auditor, this means they will need to expand their overall knowledge of the client to include both internal and outside influences that could affect client internal controls. For the client, management will have to start thinking beyond the normal day-to-day internal controls and consider how high-level or outside influences could affect their internal operational controls and address/mitigate those concerns with their auditors prior to or near the beginning of their audits.

In post #4, we will be discussing SAS 106 dealing with Audit Evidence.

There are several new auditing standards that will be implemented during the 2006 and 2007 audits of non-profit organizations. The impact to churches and ministries is the auditor will/should be spending additional time understanding "the business" and assessing the "risk" of a material misstatement to the financial statements. Management must assess external factors affecting the operations of the Church.

In post #4, we discuss changes/differences resulting from SAS 106, Audit Evidence (Supercedes SAS 31 of the same name).

The new standard defines audit evidence as "all the information used by the auditor in arriving at the conclusions on which the audit opinion is based." Previously, this was not defined. How this is obtained is defined more clearly in the standard but emphasis is now placed on inquiry as audit evidence and how that alone is not sufficient to evaluate the design of internal control.

The new standard also describes new assertions that management makes as they apply to their financial statements. Previously, auditors considered five assertions management made. These were that management asserts that financial statement items existed, were owned, were complete, were properly valued and properly presented.

The new standard now expands these five assertions to thirteen, broken into three broad categories of the following:

Classes of Transactions and Events
1. The transactions "occurred"
2. The transactions are "complete" and have been recorded
3. The transactions are "accurate"
4. The trasactions were properly "cut off" and occured in the correct accounting period
5. The transactions are properly "classified" in the proper accounts

Account Balance Assertions
6. The assets, liabilities and equity interests "exist"
7. The entity owns the "rights and obligations" of the assets/liabilities of the entity
8. The financial statements are "complete" as to recording of assets, liabilities and equity interests.
9. The assets, liabilities and equity interests are properly "valued"

Presentation and Disclosure Assertions
10. Disclosed events and transactions have "occurred"
11. All disclosures are "complete" and have been included in the financial statements
12. Financial information is appropriately described and is "understandable"
13. Financial information is appropriately "valued"

For auditors, this, in many cases, will require designing new audit procedures to address these new assertions. Assertions 1-5 will mainly affect tests of internal controls. Assertions 6-9 will affect testing of balance sheet accounts. Assertions 10-13 will affect financial statements and footnotes with new emphasis on "understandability" by the presumed reader.

For clients, this will impact their responsibility for their own financial statements. Clients can no longer rely on the auditors to draft their financial statements and footnotes as before. They will have to become more proactive in ensuring proper internal controls are in place to allow the auditors to effectively address these assertions in all facets of the audit and obtain proper evidence of the same.

In future postings, we will be discussing ways both parties can do this.