1 Internal Controls Audit: Just in Time for Foster Youth
Internal Controls Audit: Just in Time for Foster Youth Dana Black Derek Floyd Maria Belen Gonzalez Sutil Meredith Praniewicz Ricky Valdez
University of San Diego LEAD 503: Nonprofit Finance Professor Darla Trapp Spring 2012
2 Internal Controls Audit: Just in Time for Foster Youth
Table of Contents INTRODUCTION .................................................................................................................................. 3 BACKGROUND FOR SELECTION OF AN ORGANIZATION ............................................................................... 4 Table 1 (Revenue) ................................................................................................................................. 5 METHODOLOGY ................................................................................................................................. 5 FINDINGS & RECOMMENDATIONS ................................................................................................ 8 CONTROL ENVIRONMENT: ETHICAL STANDARDS & POLICIES .................................................................... 8 CONTROL ACTIVITIES ............................................................................................................................... 10 Control Activity: Segregation of Duties .............................................................................................. 10 Control Activity: Cash Disbursement for Vendors and Clients .......................................................... 11 Control Activity: Cash Disbursement - Emergency Check Signing for Clients .................................. 13 MONITORING: AUDIT COMMITTEE ........................................................................................................... 16 Set up an Audit Committee on Board of Directors .............................................................................. 17 Table 2 (Audit vs. Finance Committee Responsibilities) .................................................................... 17 Conduct an External Audit .................................................................................................................. 21 Table 3 (Actual vs. Goals Funding Streams) ...................................................................................... 23 CONCLUSION ..................................................................................................................................... 24 REFERENCES ..................................................................................................................................... 26 APPENDICES ...................................................................................................................................... 29 APPENDIX 1: INTERNAL CONTROL – A TOOL FOR THE AUDIT COMMITTEE .............................................. 29 APPENDIX 2: WHISTLEBLOWER MEMO & POLICY .................................................................................... 37 APPENDIX 3: CONFLICT OF INTEREST MEMO & POLICY ........................................................................... 41 APPENDIX 4: CODE OF ETHICS MEMO & POLICY ...................................................................................... 45 APPENDIX 5: FINANCIAL CONTROLS POLICY ............................................................................................ 49 APPENDIX 6: GIFT ACCEPTANCE MEMO & POLICY .................................................................................. 52 APPENDIX 7: SEGREGATION OF DUTIES WORKSHEET ............................................................................... 57 APPENDIX 8: FLOW CHARTS ..................................................................................................................... 61 Accounts Receivable (A/R) Vendors Flow Chart ................................................................................ 61 Accounts Payable (A/P) Vendors Flow Chart..................................................................................... 62 Accounts Payable (A/P) Clients Flow Chart....................................................................................... 63 Youth Emergency Services Flow Chart............................................................................................... 64 APPENDIX 9: REQUEST FORM ................................................................................................................... 65 Program Expense ................................................................................................................................ 65 Petty Cash Expense ............................................................................................................................. 66 APPENDIX 10: AUDIT COMMITTEE CHARTER MATRIX ............................................................................. 67
3 Internal Controls Audit: Just in Time for Foster Youth
Just In Time for Foster Youth (JIT) provides transitioning foster youth with opportunities for self-sufficiency through emergency support, essential resources, and caring personal guidance at critical junctures on their path to independence. – Mission Statement
Introduction In 2002, Ms. Jeanette Day, an advocacy attorney in San Diego’s juvenile court system, found that many of the young people emancipating from the foster care system were living in subsidized housing provided by the state, but lacked resources to adequately furnish their homes. Ms. Day also found that many emancipated foster youth were sleeping on the floor and did not have the basic necessities to cook or clean. Appalled by what she discovered, Ms. Day felt compelled to do something about this situation. She contacted close friends, colleagues, and associates and asked them to prepare gift baskets for the holidays for these youth. The gift basket project became the impetus for community members in San Diego County to create Just In Time for Foster Youth (JIT). These community members included: Jeanette Day, Diane Cox, Louarn Sorkin, Kathryn Vaughn, and Tony Hsu. In the beginning, JIT worked as an auxiliary under the Child Abuse Prevention Foundation (now known as Promises 2 Kids). In 2006, the organization incorporated into its own 501(c)(3) nonprofit. The organization began with a group of five community volunteers and has grown to six staff members, three contract workers, and an army of over 400 volunteers. Financially, JIT grew from an operating budget of under $1,000 in 2002 to nearly $1 million in 2012. During its infancy, JIT worked to fill the gaps of services for foster youth aging out of the system; however, the organization realized that without
4 Internal Controls Audit: Just in Time for Foster Youth
community support, the plight of emancipated children would continue. Nationwide, over 400,000 children were in the foster care system in 2009; nearly 80,000 were in foster care in California, and 4,000 resided in San Diego County (U.S. Department of Health and Human Services, 2010). Every year 300 children in San Diego age out of foster care and “emancipate.” These children are faced with unfavorable statistics, nationally publicized that less than 3% graduate from a four-year college, 37% experience homelessness within the first 18 months of emancipation, less than 50% are employed, and nearly 25% are imprisoned (California Department of Social Services, 2011). JIT now mobilizes the community to combat these statistics by creating opportunities for self-sufficiency through its six programs that include the following: Basic Needs provides immediate financial assistance during emergency situations; My First Home delivers home furnishings for first apartments; College Bound aimed at giving essential college supplies such as a computer, printer, school supplies, and dormitory furnishings; Career Bound geared toward networking in specific career fields, and Financial Fitness which provides financial literacy through education and mentoring and offers incentives for matched-savings.
Background for Selection of an Organization One of JIT’s current staff members, Ms. Meredith Praniewicz, Program Director, recommended reviewing the internal financial controls of JIT to other members of the Lead 503 Finance course. The organization expanded very rapidly over the past 5 years (see table 1); however, many of the policies and procedures did not expand during JIT’s
5 Internal Controls Audit: Just in Time for Foster Youth
growth stages to ensure adequate financial controls. Ms. Praniewicz met with JIT’s executive director (ED) and chief financial officer (CFO) on February 6th; both agreed that an internal financial audit of the organization would be very beneficial. On February 7th, Derek Floyd, Belen Gonzalez Sutil, Dana Black, and Ricky Valdez agreed to join the financial audit team for JIT.
Table 1 (Revenue)
Methodology The audit team performed an initial assessment of JIT through interviews with key personnel regarding the financial management structure and existing internal controls. The team met with the ED on February 21st to better understand the organization’s origins, the strengths and weaknesses related to processes and procedures of financial reporting, and to gain an understanding of JIT’s culture. On February 28th,
6 Internal Controls Audit: Just in Time for Foster Youth
the team met with the CFO of the organization. The CFO gave a short biography of himself, how he became involved with JIT, and also explained the process in place for the financial department. The audit team met Ms. Praniewicz on March 13th regarding the day-to-day operations for check writing, receiving donations, donor relations, fundraising, and other processes. Additionally, the team conducted a meeting on March 19th with the bookkeeper, Lori Haynes, regarding the process of incoming and outgoing funds. Finally, we corresponded with the Treasurer and Chair of the board concerning the overall structure of JIT’s processes and future plans for the organization. We evaluated JIT’s internal control systems using the Committee of Sponsoring Organizations (COSO) framework (AICPA, 2010). COSO provides thought leadership in the areas of risk management, internal controls, and fraud prevention, and consists of the American Institute of Certified Public Accountants (AICPA), the Institute of Management Accountants (IMA), the Institute of Internal Auditors (IIA), Financial Executives International (FEI), and the American Accounting Association (AAA) (COSO, n.d.). The COSO framework defines internal control as a process, effected by an entity’s board of directors, management and other personnel, designed to provide "reasonable assurance" regarding the achievement of objectives in three areas: effectiveness and efficiency of operations; reliability of financial reporting; and compliance with applicable laws and regulations (AICPA, 2010). The framework consists of the following five interrelated components: 1. Control environment: the integrity, values, and operating philosophy of management.
7 Internal Controls Audit: Just in Time for Foster Youth
2. Risk assessment: assesses internal and external risks. 3. Control activities: policies and procedures that help ensure that directives are carried out at all levels. 4. Information and communication: addresses the need in the organization to identify, capture, and communicate information to the right people to enable them to carry out their responsibilities. 5. Monitoring: the internal audit function in the organization, as well as other means of monitoring such as general management activities and supervisory activities. We also utilized the AICPA’s (2010) AICPA Audit Committee Toolkit: A Tool for the Audit Committee to evaluate and recommend consistent and responsible financial reporting behavior. “The internal control system is intertwined with the organization’s operating activities, and is most effective when controls are built into the organization’s infrastructure, becoming part of the very essence of the organization” (AICPA, 2010, pg. 82). In addition, the AICPA (2010) toolkit evaluates eleven areas of focus to determine the strengths or weaknesses that need to be addressed in an organization’s internal financial controls: integrity and ethical values; commitment to competence; board of directors/audit committee; management philosophy and operating style; organizational structure; assignment of authority and responsibility; human resources policies and practice; risk assessment; control activities; information and communication; and monitoring. Using the AICPA (2010) toolkit as an audit guide, the team reviewed a variety of JIT’s financial and governing policies and documents, including: 990s; handbooks and
8 Internal Controls Audit: Just in Time for Foster Youth
manuals; budgets and variance reports; as well as other pertinent documents (Just in Time for Foster Youth, 2006-2011). Through the interview and documentation process we marked each corresponding box on the toolkit as in compliance, partial compliance, not in compliance, or not applicable. The areas marked as partial compliance or not in compliance were compared to best practice standards for the nonprofit community and sample templates are located in the appendices section of this report. The audit team plans to present the findings report to the finance committee and executive director for review and implementation.
Findings & Recommendations It became clear to the audit team that JIT had two significant challenges concerning its internal control policies: the nonexistence of an audit committee and insufficient policies and procedures for internal segregation of duties. In addition, the audit team also discovered that some areas of policy compliance under the COSO framework were in need of refinement, these included their Whistleblower and Conflict of Interest polices (AICPA, 2010). Finally, the team also identified a need to incorporate Code of Ethics and Financial Control policies that enhance JIT’s ethical standards and clarify financial procedures (AICPA, 2010).
Control Environment: Ethical Standards & Policies Since its inception in 2006, JIT has taken some respectable steps, to ensure that the organization maintains an ethical and fair environment and culture. As a young organization, JIT has already implemented a board of director’s handbook that is
9 Internal Controls Audit: Just in Time for Foster Youth
provided to all incoming board members; an employee manual, reviewed and signed by all incoming employees; and a volunteer conduct policy. Within these handbooks, the core values are defined and each board member, employee, or volunteer must sign an agreement that outlines legal and moral responsibilities to the organization. The organization has also written and approved Whistleblower and Conflict of Interest policies. The implementation of these policies is “an essential component of an ethical and open work environment” (Zuckerman, 2011). Our audit team reviewed these policies and made minor modifications to improve the documents. A memorandum to the board of directors for each policy recommendation is included in the appendices and along with a draft of the revised policy. In addition to minor modifications, we also found a need to expand and strengthen the “tone at the top” philosophy, which requires the board of directors and management to establish integrity and ethical values and behaviors within the work environment (AICPA, 2010). Currently, JIT has the following core values: we engage in a way that inspires our youth and fulfills the JIT mission; we are open, honest and courageous in the sharing of our time, treasure and talent; we take ownership of our words, actions and commitments; we ask great questions; we use effective and empowering communication to serve our youth; and we act in a respectful manner at all times (Just in Time for Foster Youth, 2012). Although the organization has written core values and an adequate mission and vision statement, our audit team recommends that JIT adopt a Code of Ethics policy, such as the one drafted in the appendices of this report.
10 Internal Controls Audit: Just in Time for Foster Youth
This particular policy applies to employees, board members, and volunteers with the intent to communicate clear and general guidelines on ethical behavior for decisionmaking and conduct within the work environment. The policy should “serve as an overarching statement for other polices,” such as Whistleblower and Conflict of Interest (Lawrence & Flynn, 2006, pg. 5). The audit team drafted a sample policy; however it is recommend that a formal team of board members and employees establish time to reflect and discuss specific standards that address JIT’s culture and value system (National Council of Nonprofits, n.d.). While the Code of Ethics policy does not eliminate wrongdoing within an organization, “it conveys a strong message both internally and externally about the culture and work of the organization” (Lawrence & Flynn, 2006, pg. 5).
Control Activities Control Activity: Segregation of Duties As previously mentioned, JIT is a small nonprofit organization with approximately $1 million in revenue. This can create unique, although not uncommon, challenges when applying financial internal control processes such as segregation of duties. “Due to a lack of employees, internal control is seldom strong in small business” (Whittington & Pany, 2012). One specific challenge is an over-reliance on a few key employees, leaving them susceptible to potential problems such as fraud (McLaughlin, 2009). JIT tends to emulate a nurturing family because they serve youth who age out of the foster care system. This creates a core culture and value system that is anchored in trust. This trust-based culture
11 Internal Controls Audit: Just in Time for Foster Youth
carries over to staff members who handle money; which became apparent to the team during the interview with the bookkeeper and the executive director. A small staff and trust-based culture can lead to inadequate internal controls (Pratt, 2008). Our audit team felt that JIT could consider some modifications in the short and long term in the areas of cash and check receipts and disbursements. The first area focuses on cash and check receipts. Appropriate segregation of duties requires that more than one person manage a transactional process from beginning to end; we found JIT in compliance (Yale Finance, 2008). Currently, there are three individuals involved in the cash and check receipt process. The executive director opens the mail and logs all cash and check receipts into givezooks.org (on-line donation tracking system); he does not reconcile the accounts or make the deposits. The bookkeeper maintains and reconciles the accounts and does not make deposits. The development manager prepares the deposit slip(s), makes copies of the checks and makes the deposits. While this process is acceptable, our audit team recommends that as JIT grows, the board of directors considers employing a part-time or full-time office manager. The office manager would be the person responsible for obtaining, opening and logging the mail in a public place, such as a reception area (Standards of Excellence Institute, 2007). Unfortunately, because staff is limited, the executive director must fulfill this role, which takes him away from other areas that may need his attention.
Control Activity: Cash Disbursement for Vendors and Clients
12 Internal Controls Audit: Just in Time for Foster Youth
The check signing or cash disbursement process is an opportunity to improve segregation of duties. JIT maintains four accounts: program account, operating account, financial fitness account and LEAP account. The operating account is used for payroll, bill payment, taxes, other operating needs, and any large vendor program payments. The program account is used for any payments for Basic Needs/Emergency, My First Home, Career Bound, and College Bound. Financial Fitness is utilized only for expenses related directly to that program. JIT originally became the fiscal agent for Financial Fitness in 2009 (then called Opportunity Passport), but has since adopted and revised the program. Lastly, JIT is the fiscal agent for LEAP and pays out any bills requested by LEAP staff and approved by a manager at the Commission on Youth and Families, the agency that oversees the program. Currently, the bookkeeper and executive director have authorization to sign checks off the operating account, which creates a conflict as they have primary responsibility for approving operating invoices (Yale, 2008). The bookkeeper is also the person who reconciles the accounts and generates the checks from the operating account. It is best practice for the person who approves invoices and reconciles accounts not to obtain custody of checks (Yale, 2008; The Standards for Excellence Institute, 2007). The existing process leaves JIT susceptible to human error and inappropriate actions. Our audit team recommends that JIT authorize the program director to be the primary signatory for checks drawn off the operating account. If more than two signatures are required, we recommend the executive director or a board member is the co-signer.
13 Internal Controls Audit: Just in Time for Foster Youth
The program, financial fitness, and LEAP accounts all present the same challenges. For these accounts the program director approves, generates and signs the checks. After reviewing the disbursement processes, our team recommends JIT would benefit from a written Financial Control policy that could be approved by the board of directors. This policy provides clarity on basic financial procedures, such as the number of signatures required on a check and who can sign checks (Lawrence & Flynn, 2006). The audit team’s draft Financial Control policy is located in appendices section. Overall, while trust within an organization is positive, transparency and consistency within a nonprofit is critical. A financial control policy demonstrates these aspects and reassures employees, board members, volunteers and most importantly donors, that financial accountability is a top priority for the organization (AICPA, 2010; Finkler, 2003; McLaughlin, 2009). We also included flow charts that map out the cash and check receipts process and the disbursement process for the accounts. These are located in appendices section. Specifically, we recommend that the program director generate the checks and executive director or bookkeeper be the signatories on these accounts. Another option is for the board to add another signatory on the accounts, such as the development manager. The development manager could sign operating or program checks, after the program director or bookkeeper generate and print them. In addition, we recommend further policies and procedures for an emergency request through the Basic Needs program.
Control Activity: Cash Disbursement - Emergency Check Signing for Clients
14 Internal Controls Audit: Just in Time for Foster Youth
Due to JIT’s mission and the nature of its clients, there is a regular need for staff to request emergency funds for participants who are in crisis. Often the client’s needs are immediate and funds must be available for access within twenty-four hours. Currently, JIT staff request and process emergency funds on an as-needed basis without a formal written policy or procedure. As needs arise, clients are instructed to fill out an online application that details the need and the amount requested. A program coordinator reviews the request, verifies the applicant is a former foster youth, and interviews the client. The request is then taken to the program director for a verbal approval of the request, and if approved, the program director generates and signs the check and then gives it back to the program coordinator to disburse to the client. In order to provide JIT with a practical system for requesting emergency funds we conducted research of organizations (e.g., Second Chance, Home Start, and Escondido Compact) that currently provide a similar service and included a check request system based on JIT’s needs. While conducting our research of other organizations we found that they do not have a check request system solely for emergency funds, but do have written processes for requesting checks. Each organization had a slightly different process according to their organizational needs. Some differences include the maximum amount of funds that are available and the length of time for checks to be processed. As demonstrated by other nonprofit organizations, our audit team believes that segregation of duties for check writing is important. JIT’s current process needs to be formalized by implementing a written policy and procedural process for requesting, approving, and distributing emergency funds. One way to do this is by using a written
15 Internal Controls Audit: Just in Time for Foster Youth
check request system that is filled out by the staff and approved by the program director. A formal check request system is both a preventative control and a detective control (Finkler, 2003). Having a paper approval system allows the misuse of funds to be prevented by management staff before the funds are distributed. A check request system ensures that the funds are being used for eligible participants and are in line with the mission of the organization. It also ensures that funds used are in alignment with the donors intent and prevent inurement (Internal Revenue Service, 1990; Nonprofit Expert, 1998-2012). The IRS (1990) requires that an “organization must not be organized or operated for the benefit of private interests, and no part of a section 501(c)(3) organization's net earnings may inure to the benefit of any private shareholder or individual" (Nonprofit Expert, 1998-2012). Ensuring funds are not used inappropriately by an “insider” of the organization protects not only its funding, but also its tax exempt status granted by the IRS (1990). Furthermore, from a quality standpoint, preventive controls are essential because they are proactive and emphasize superiority. A check request system also serves as a detective control because staff can review the paper records if a discrepancy arises. Detective controls play a critical role providing evidence that the preventive controls are functioning and preventing losses (Finkler, 2003; University of California, n.d.). Segregation of duties for small nonprofit organizations can be challenging (McLaughlin, 2009). However, with education and recognition that fraud can happen, boards and senior management can develop an environment that safeguards an organization’s assets, which ultimately protects the mission. Nonprofits that implement
16 Internal Controls Audit: Just in Time for Foster Youth
clear, written internal control procedures can confidently develop relationships with donors who will invest in the organization’s work to fulfill the mission.
Monitoring: Audit Committee One of JIT’s objectives when reporting to donors is transparency, which was evidenced by their detailed accounts of program reports of client activities, client stories, and thorough financial statements. The organization could create further transparency with current and potential donors by conducting an audit. Auditors can look at an entity with “fresh eyes” and take a close look its internal control systems. Weaknesses in the internal controls can cause many problems, including fraudulent activities, errors, and noncompliance with laws and regulations (McLaughin, 2009). An audit can provide valuable suggestions for improving financial reporting and controls, and provide validity to the organization’s financial systems. The process can even “help shape the organization’s future” (McLaughlin, 2009, pg. 111). California law requires nonprofit organizations with revenue over $2 million to host an audit by an independent public certified accountant; however, according to “best practices” in the nonprofit community, organizations with an excess of $300,000 should hold an independent audit each year (CA Office of the Attorney General, 2004; Standards for Excellence, 2009). Conducting an external audit can be a lengthy and costly process, but we believe the benefit outweighs the cost. Although JIT’s current reporting structure to foundations, banks, donors, and other entities is a thorough account of the use of funds, it is merely an internal function. An outside auditor’s report shows that an independent and certified public accountant inspected the books and records of the organization
17 Internal Controls Audit: Just in Time for Foster Youth
(McLaughlin, 2009). Further, an auditor explicitly states “whether the financial statements are in compliance with GAAP and are free of material misstatement” (Finkler, 2003). The audit offers reliability to outside parties and demonstrates transparency and fiscal responsibility. Although JIT’s revenue is under $2 million, we encourage the organization to set up an audit committee and hold an audit by an outside accounting firm.
Set up an Audit Committee on Board of Directors Our team recommends that the board form an audit committee. An effective audit committee can increase the integrity and efficiency of the audit process, as well as the system of detective internal controls and financial reporting (Bobowick, Hughes, & Lakey, 2011). Currently, the JIT board has the following committees: executive, governance, finance, and fund development. We recommend that the organization form an audit committee in the fiscal year 2013. According to JIT’s (2010) bylaws, the board may adopt a resolution to create committees . . . [C]onsisting of two or more members, to serve at the discretion of the Board. The Board Chair & President shall nominate Committee Chairs and Co-chairs, if any, and present such Nominees to the Board for its approval. Approval of Committee Chairs and Co-chairs shall be by resolution adopted by a majority of the Directors then in office. (Article 8, Section 1). The audit committee differs from the finance committee, as defined under the AICPA’s (2010) Audit Committee Member Rules and Responsibilities (table 2):
Table 2 (Audit vs. Finance Committee Responsibilities) Audit Committee The audit committee
Finance Committee The finance committee
18 Internal Controls Audit: Just in Time for Foster Youth
Audit Committee
Finance Committee
(a) reviews the financial statements of the organization and other official financial information provided to the public;
(a) oversees the preparation of the annual budget and financial statements. The finance committee ensures that budgets and interim financial statements are prepared;
(b) has oversight for ensuring that reports are received, monitored, and disseminated appropriately;
(b) oversees the administration, collection, and disbursement of the financial resources of the organization as well as the policies and procedures related to the financial resources;
(c) provides oversight of the organization’s systems of internal controls, including overseeing compliance by management with applicable policies and procedures and risk management (for example, for organizations that are part of a national network, annually reviewing whether the organization meets the re-chartering requirements of its national organization);
(c) advises the board with respect to making significant financial decisions;
(d) oversees the annual independent audit process, including the recommended engagement of the external auditor and receiving of all reports, and management letters, from the independent certified public accountants; (e) reviews the annual information returns, (IRS (e) oversees the preparation and Form 990, related schedules, and forms) and implementation of the governance policies recommends for approval, signature, and referenced in the Form 990: conflict of submission by the appropriate officer. The interest, document retention, whistleaudit committee also transmits the returns to blower, review of executive compensation, the board for its review prior to signing and endowments, investments, submission. The audit committee engages and so on; and (on the board’s behalf) and interacts with the external auditor or auditing firm. Many audit firms also prepare the federal and state tax returns for their nonprofit audit clients; and (f) reviews the organization’s procedures for reporting problems. The audit committee may exercise primary responsibility to review the whistle-blower policy and process, antifraud policies, and policy and procedures related to the discovery of errors or illegal acts, whistle-blower hotline, and other communication methods and determine the process for “special investigations” (whistleblower allegations, anti-fraud compliance, discovery of errors or illegal acts).
(f)
should ensure that joint membership between the audit committee and the finance committee is appropriate and meets local laws and regulations.
19 Internal Controls Audit: Just in Time for Foster Youth
Audit Committee
Finance Committee
(g) The audit committee shall have such other authority and perform such other duties as may be delegated to it by the board. Originally published as What’s The Difference? Audit Committee vs. Finance Committee, this paper has been adapted and edited with the consent of the Nonprofit Risk Management Center at www.nonprofitrisk.org.
An audit committee can provide JIT with important fiscal oversight and to the board of directors. It is an integral element of accountability and governance; it plays a key role with respect to the reliability of the entity’s financial information, its system of internal controls, and the legal and ethical conduct of management and employees (Bobowick et al., 2011). Committee members should understand the organization’s internal controls and ensure that the five components of internal controls in the COSO framework— control environment, risk assessment, control activities, information and communication, and monitoring—are present and operating effectively (AICPA, 2010). Further, an audit committee should have three important qualities to fulfill its duties: independence, communication, and accountability (Bobowick et al., 2011). 1. Independence: Public sector audit committees should be independent both in fact and in appearance, and have processes in place to ensure such independence. An essential feature of an effective audit committee is independence from management and the outside auditor. Independence drives the building of trust and confidence 2. Communication: Communication between a governing body and its finance officers can be difficult at times because both parties are not always going to agree on what is necessary to be done. For example, the external financial reporting follows standard principles; however, budgets and expressions of policy
20 Internal Controls Audit: Just in Time for Foster Youth
are unique to the circumstances of the organization and its jurisdiction. Communication may be complicated when a governing body approves a budget but not the financial statements. The United States Government Accountability Office (GAO) has indicated that audit committees can provide assistance if they have the necessary technical skills in accounting and auditing and are able to communicate with finance officers and auditors on complex issues. 3.
Accountability: An audit committee must be independent to contribute to the integrity of the financial reporting process. By independent, it means to establish a separate audit committee of the board. An independent audit committee can help reinforce a culture with zero tolerance for fraud. Typical audit committee responsibilities include approving the overall audit scope,
recommending the appointment of the external auditor, overseeing the entity’s financial statement and internal controls, helping to ensure that the audit is conducted in a costeffective manner, and risk management oversight (Bobowick et al., 2011). An audit committee’s activities should include the following (McNamara, 2010): ●
Understanding how the internal control objectives are achieved within the entity.
●
Considering whether the control environment and procedures can accomplish their objectives.
●
Reviewing the auditor’s reports on internal controls and compliance with laws and regulations.
●
Determining whether material weaknesses, reportable conditions, or other findings were reported.
21 Internal Controls Audit: Just in Time for Foster Youth
●
Reviewing suggested improvements to internal controls and following up to correct the weaknesses in internal controls.
Conduct an External Audit Once the organization has an audit committee in place, we suggest that it hosts an audit. There are two forms of audits: internal and external. An internal audit is a function that, although operating independently from other departments and reporting directly to the audit committee, resides within an organization (e.g., they are JIT employees) (AICPA, 2010). An internal audit looks at key risks facing the business and what is being done to manage those risks effectively, in order to help the organization achieve its objectives. If an audit is not performed by employees, the board of directors could also fill this role. An external audit is performed by independent accounting firm and looks at an entity’s financial reporting and systems. An external audit performs a detective review of the organization by focusing on the financial accounts and associated risks, and provides an opinion on whether the organization’s financial reporting and accounts are a true and fair reflection of the company’s financial position. The practice of outside auditing has three distinct levels: audit, review, and compilation (McLaughlin, 2009). A compilation involves compiling and looking at various financial records without any written report. A review takes one step further by performing quick analysis to the compiled documents. An audit is the deepest and most extensive examination of financials by testing management’s representations, analyzing the results, and providing a written report (McLaughlin, 2009). External auditors examine and evaluate the internal controls in
22 Internal Controls Audit: Just in Time for Foster Youth
place to manage the risks that could affect the financial accounts, to determine if they are working as intended (Bobowick et al., 2011). According to the AICPA (2010), there are three types of general standards an external auditor must comply with when performing an audit or a review. First, an auditor must have technical knowledge and expertise in auditing and accounting.. Technical knowledge comes from academic training and experience. Second, an auditor must be independent from a segment or department under review. For instance, an auditor must not review a department run by a spouse or an in-law. Third, an external auditor must use "professional care" in performing audit duties (AICPA, 2010). "Professional care" means excellence and---that is, an auditor must not be negligent in performing tasks quality of work (AICPA, 2010). The audit committee can use the following as guide for procuring an auditor: 1.
Identify the service and scope needed, including the anticipated fees and
schedule for performance. 2.
Determine that the expert or advisor has the competence and experience to
perform the requested service. Check references with other clients of the service provider. 3.
Consider and discuss whether the expert or advisor has a conflict of
interest with respect to the organization and/or members of the audit committee. 4.
Determine if the expert or advisor has sufficient resources to perform the
work in the time frame specified by the audit committee. In addition to the proposed guide, the audit committee should also discuss the auditor’s role with management, determine the evaluation method for assessing the work,
23 Internal Controls Audit: Just in Time for Foster Youth
and once the work is complete, review the auditing firm’s performance (AICPA, 2010). The initial legwork performed by the audit committee will give the organization necessary procedures for hosting an annual audit and will ease anxiety amongst staff and other members of the board because they will understand its importance, even if it is not required by law.
Table 3 (Actual vs. Goals Funding Streams) Currently JIT receives revenue from foundations, corporations, and individual donors (see table 3). In addition, JIT receives about $15,000 per year from the County Supervisor’s offices. Although JIT does not receive any other government funding, an audit requirement may arise as funding streams change. Government contracts and many foundation grants have statutory and contractual requirements for organizations receiving funding to have conducted an audit. Such procedures may outline the scope, timeline, and specific procurement requirements for advertising, securing bids, and bid acceptance (AICPA, 2010). Since JIT is looking to diversify its funding streams in the future, it may look to government contracts for funding and therefore, will want to consider hosting an audit before it is required. This
24 Internal Controls Audit: Just in Time for Foster Youth
will allow the organization to feel comfortable with the process and also improve efficiency by having set procedures. According to correspondence with JIT’s Treasurer, Lisa Fousiannes, the organization is researching whether the board of directors should conduct an internal audit of the organization. Our team recommends that the board look closely at this option for performing an initial financial audit of the organization at the board level and take it one step further to hire an outside accounting firm to perform an external audit. Further, we recommend that JIT publish its 990s and audited financials on its website for the purpose of transparency (Just in Time for Foster Youth, 2006-2011). Nonprofits should prepare, and make available annually to the public, information about the organization’s mission, program activities, and basic audited financial data (Standards for Excellence, 2009).
Conclusion JIT has grown tremendously since its inception and is poised to continue that growth in the foreseeable future. As JIT grows it is crucial that the leadership continue to promote a culture of accountability and transparency in order to sustain the continued organizational growth. The recommendations included in this report are tools that will promote accountability and transparency and may protect the organization from misconduct. The recommendations will also ensure that JIT maintains its compliance with applicable laws as it grows. Having an adequate set of internal controls and systems of accountability will position the organization to meet the challenges of growth or even prevent unforeseeable issues that could potentially arise. This will allow staff at JIT to
25 Internal Controls Audit: Just in Time for Foster Youth
continue working toward accomplishing their mission and meeting the mission and needs of the youth served.
26 Internal Controls Audit: Just in Time for Foster Youth
References AICPA. (2010). Audit committee toolkit: Not-for-profit organizations. Bobowick, M.J., Hughes, S.R. & Lakey, B.M. (2011). Transforming board structure; Strategies for committees and task forces. Washington, DC: BoardSource California Department of Social Services. (2011). Child welfare dynamic report. Retrieved
from http://cssr.berkeley.edu/ucb_childwelfare/ COSO. (n.d.). Welcome to COSO. Retrieved from http://coso.org/default.htm CA Office of the Attorney General. (2004). Charities - Nonprofit integrity act of 2004. Retrieved from http://oag.ca.gov/charities/faq#nonprofit Finkler, S. (2003). Finance & accounting for nonfinancial managers. Aspen Publishers Inc. Finkler, S. (2009). Financial management for public, health and not-for-profit organizations (3rd Edition ed.). Upper Saddle River, N.J.: Prentice Hall. First Star & The Children’s Advocacy Institute. (2011). The fleecing of foster children. How we confiscate their assets and undermine their financial security. Retrieved from: http://www.caichildlaw.org/Misc/Fleecing_Report_Final_HR.pdf Internal Revenue Service. (1990). Internal revenue code: “Concept of Charity" in the exempt organizations annual technical review. Regs. 1.501(c)(3)-1(c)(2). Retrieved from: http://www.irs.gov/pub/irs-tege/eotopicc90.pdf Just In Time for Foster Youth. (2010). Bylaws. San Diego, CA Just In Time for Foster Youth. (2012). Core values draft statement. San Diego, CA Just In Time for Foster Youth. (2006-2011). 990 financial statements. San Diego, CA
27 Internal Controls Audit: Just in Time for Foster Youth
Lawrence, B. & Flynn, O. (2006). The nonprofit policy sampler (2nd ed.). Washington, DC: BoardSource McLaughlin, T.A. (2009). Streetsmart financial basics for nonprofit managers (3rd ed.). Hoboken, NJ: John Wiley & Sons, Inc. McNamara, C. (2010). Typical types of board committees. Retrieved from http://managementhelp.org/boards/committees.htm Nashwa, G. (2005). The role of audit committees in the public sector. The CPA Journal. Retrieved from http://www.nysscpa.org/printversions/cpaj/2005/805/p42.htm National Council of Nonprofits. (n.d). Ethics and accountability in the nonprofit sector. Retrieved from www.councilofnonprofits.org/resources/resources-topic/ ethics-accountability Nonprofit Expert. (1998-2012). What does inure or inurement mean? Retrieved from http://www.nonprofitexpert.com/faq/q107.htm Pratt, J. (2008). Financial malfeasance and nonfeasance: Ten pitfalls boards should avoid. Minnesota Council of Nonprofits. Retrieved from http://www.minnesotanonprofits.org/nonprofit-resources/financialmanagement/budgeting/financial-malfeasance-and-nonfeasance-ten-pitfallsboards-should-avoid?vm=r&s=1 Standards for Excellence Institute速. (2007). The standards for excellence: Financial policies. Baltimore, MD. Standards for Excellence Institute速. (2009). The standards for excellence
28 Internal Controls Audit: Just in Time for Foster Youth
Institute: An ethics and accountability code for the nonprofit sectorŽ. Baltimore, MD. U.S. Department of Health and Human Services. (2010, July). Child welfare outcomes 2006-2009 report to congress. Children’s Bureau. Retrieved from http://www.acf.hhs.gov/programs/cb/pubs/cwo06-09/cwo06-09.pdf University of California. (n.d.). Understanding internal controls. Retrieved from http://www.ucop.edu/ctlacct/under-ic.pdf Whittington, R. & Pany, K. (2012). Principles of auditing and other assurance services (18th ed.). New York: NY. McGraw Hill. Yale Finance. (2008). Segregation of duties policy. Retrieved from http://www.yale.edu/auditing/balancing/segregation_duties.html Zuckerman, J. (2011). Whistleblower protections in the nonprofit sector. Nonprofit Risk Management Center. Retrieved from http://www.nonprofitrisk.org/ library/articles/employment091005.shtml
29 Internal Controls Audit: Just in Time for Foster Youth
Appendices Appendix 1: Internal Control – A Tool for the Audit Committee INSTRUCTIONS FOR USING THIS TOOL: This tool is created around the five interrelated components of an internal control structure. Within each component is a series of questions that the audit committee should focus on to assure itself that controls are in place and functioning. These questions should be discussed in an open forum with the individuals who have a basis for responding to the questions. The audit committee should ask for detailed answers and examples from the management team, including key members of the financial management team, internal auditors, and independent auditors to assure itself that the system is operating as management represents. Evaluation of the internal control structure is not a one-time, but rather a continuous, event for the audit committee—the audit committee should always have its eyes and ears open for potential weaknesses in internal control and should continuously probe the responsible parties regarding the operation of the system. These questions are written in a manner such that a “no response” indicates a weakness that must be addressed.
Control Environment – Tone at the Top
Yes
Partial
No
Not Sure
N/A
Comments
Integrity and Ethical Values 1. Does the organization have a comprehensive code of conduct, and/or other policies addressing acceptable business practice, conflicts of interest, and expected standards of ethical and moral behavior?
2. Is the code distributed to all employees?
The organization has some code of conduct policies within the organization. Conflict of interest policy does exist and is in employee manual.
X
It is distributed to all employees, but is not signed on an annual basis.
X
3. Are all employees required to annually acknowledge that they have read, understood, and complied with the code?
X
4. Does management demonstrate through actions its own commitment to the code of conduct?
X
5. Are dealings with clients and other constituents, customers, suppliers, employees, and other parties based on honesty and fair business practices?
X
30 Internal Controls Audit: Just in Time for Foster Youth
6. Does management take appropriate action in response to violations of the code of conduct? 7. Is management explicitly prohibited from overriding established controls? What controls are in place to provide reasonable assurance that controls are not overridden by management? Are deviations from this policy investigated and documented? Are violations (if any) and the results of investigations brought to the attention of the audit committee?
X
X
8. Is the organization proactive in reducing fraud opportunities by (1) identifying and measuring fraud risks, (2) taking steps to mitigate identified risks, (3) identifying a position within the organization to “own” the fraud prevention program, and (4) implementing and monitoring appropriate preventative and detective internal controls and other deterrent measures?
Staff has some controls in place such as a gift card policy, but does not have anyone identified to measure fraud risks.
X
9. Does the company use an anonymous ethics and fraud hotline and, if so, are procedures in place to investigate and report results to the audit committee? (See also the tool “Sample Whistleblower Tracking Report,” in this toolkit.)
X
Commitment to Competence
1. Are the level of competence and the requisite knowledge and skills defined for each job in the accounting and internal audit organizations?
X
2. Does management make an effort to determine whether the accounting and internal audit organizations have adequate knowledge and skills to do their jobs?
X
Board of Directors and/or Audit Committee
Formal written policies are spotty at best. The organization has some written policies and formal procedures, but these are not comprehensive enough for the size of the organization.
31 Internal Controls Audit: Just in Time for Foster Youth
1. Are the audit committee’s responsibilities defined in a charter? If so, is the charter updated annually and approved by the board of directors? (See also the tool “Audit Committee Charter Matrix,” in this toolkit.)
No audit committee in place. The finance committee functions as the audit committee.
X
2. Are audit committee members independent of the company and of management? Do audit committee members have the knowledge, industry experience, and financial expertise to serve effectively in their role?
X
No audit committee in place.
3. Are a sufficient number of meetings held, and are the meetings of sufficient length and depth to cover the agenda and provide healthy discussion of issues?
X
No audit committee in place.
4. Does the audit committee constructively challenge management’s planned decisions, particularly in the area of financial reporting, and probe the evaluation of past results?
X
No audit committee in place.
5. Are regular meetings held between the audit committee and the CFO, the CAE (internal audit), other key members of the financial management and reporting team, and the independent auditors? Are executive sessions conducted on a regular basis? (See also the tool “Conducting an Audit Committee Executive Session: Guidelines and Questions,” in this toolkit.)
Meetings between the CFO and ED are held weekly, as well as with the bookkeeper. Meetings between the CFO and Treasurer are held monthly. The Executive Committee (Chair, VP, Treasurer, ED) meet at minimum, quarterly.
X
6. Does the audit committee approve internal audit’s annual audit plan?
X
No audit committee in place.
7. Does the audit committee receive key information from management in sufficient time in advance of meetings to prepare for discussions at the meetings?
X
No audit committee in place.
32 Internal Controls Audit: Just in Time for Foster Youth
8. Does a process exist for informing audit committee members about significant issues on a timely basis and in a manner conducive to the audit committee having a full understanding of the issues and their implications? (See also the tool “Issues Report from Management,� in this toolkit.)
X
No audit committee in place.
9. Is the audit committee informed about personnel turnover in key functions including the audit team (both internal and the independent auditors), senior executives, and key personnel in the financial accounting and reporting teams? Are unusual employee turnover situations observed for patterns or other indicators of problems?
X
No audit committee in place.
Management’s Philosophy and Operating Style
1. Is the accounting function viewed as a team of competent professionals bringing information, order, and controls to decisionmaking?
X
2. Is the selection of accounting principles made in the long-term best interest of the organization (as opposed to short-term maximization of income)?
X
3. Are assets, including intellectual assets, protected from unauthorized access and use?
X
4. Do managers respond appropriately to unfavorable signals and reports?
X
5. Are estimates and budgets reasonable and achievable?
X
Organizational Structure
Follows GAAP standards.
33 Internal Controls Audit: Just in Time for Foster Youth
1. Is the organizational structure within the accounting function and the internal audit function appropriate for the size of the organization?
X
2. Are key managers in the accounting and internal audit functions given adequate definition of their responsibilities?
X
3. Do sufficient numbers of employees exist, particularly at the management levels in the accounting and internal audit functions, to allow those individuals to effectively carry out their responsibilities?
X
Positions formed: Bookkeeper - 3 years. CFO - 3 years. ED - 2 years. Development Manager - 6 months. Development Officer - 3 months.
Assignment of Authority and Responsibility
1. Is the authority delegated appropriate for the responsibilities assigned?
X
2. Are job descriptions in place for management and supervisory personnel in the accounting and internal audit functions?
X
3. Do senior managers get involved as needed to provide direction, address issues, correct problems, and/or implement improvements?
X
Human Resources Policies and Practices
1. Are policies and procedures in place for hiring, training, promoting, and compensating employees in the accounting and internal audit functions?
2. Do employees understand that substandard performance will result in remedial action?
X
X
Quarterly meetings with employees regarding performance standards. Formal annual meeting concerning performance. All employees are given 360 evaluations completed by all team members regarding evaluation.
34 Internal Controls Audit: Just in Time for Foster Youth
3. Is remedial or corrective action taken in response to departures from approved policies?
X
4. Do employees understand the performance criteria necessary for promotions and salary increases?
X
Risk Assessment
1. Does the organization consider risks from external sources such as creditor demands, economic conditions, regulation, or labor relations?
2. Does the organization consider risks from internal sources such as key employees (retention and succession planning), financing and the availability of funding for key programs, competitive compensation and benefits, information systems security, and backup systems?
3. Is the risk of a misstatement of the financial statements considered, and are steps taken to mitigate that risk?
JIT has no loans on books, has normal A/P and diversified revenue. No outside debt.
X
No formal succession plan for ED in place. Other forms of risk management are considered including yearly SWAT analyysis of internal and external affairs. IT systems are supported by a board member.
X
X
4. If applicable, are the risks associated with foreign/off-shore operations considered, including their impact on the financial reporting process?
X
Control Activities
1. Does the organization have a process in place to ensure that controls as described in its policy and procedures manuals are applied as they are meant to be applied? Do the policy and procedures manuals document all important policies and procedures? Are these policies and procedures reviewed and updated on a regular basis? If so, by whom?
X
Some internal policies exist, but not comprehensive enough for size of organization.
35 Internal Controls Audit: Just in Time for Foster Youth
2. Do supervisory personnel review the functioning of controls? If so, how is that review conducted and what happens to the results? Is appropriate and timely follow-up action taken on exceptions?
X
Information and Communication
1. Is a process in place to collect information from external sources, such as industry, economic, and regulatory information, that could have an impact on the organization and/or the financial reporting process?
X
CFO monitors developments to accounting standards.
2. Are milestones to achieve financial reporting objectives monitored to ensure that timing deadlines are met?
X
Budgeting process and montitoring monthly by all staff.
3. Is necessary operational and financial information communicated to the right people in the organization on a timely basis and in a format that facilitates its use, including new or changed policies and procedures?
X
4. Is a process in place to respond to new information needs in the organization on a timely basis?
X
5. Is there a process in place to collect and document errors or complaints to analyze, determine cause, and eliminate a problem from recurring in future? 6. Is a process established and communicated to officers, employees, and others, about how to communicate suspected instances of wrongdoing by the organization or employees of the organization? Further, does a process exist to ensure that anyone making such a report is protected from retaliation for making one? (See also the tool entitled “Sample Whistleblower Tracking Report,� in this toolkit.)
X
X
JIT adopted a Whistleblower Policy on 2/24/11. The team has made a few recommendations to enhance the existing policy.
36 Internal Controls Audit: Just in Time for Foster Youth
Monitoring
1. Do officers and employees understand their obligation to communicate observed weaknesses in design or compliance with the internal control structure of the organization to the appropriate supervisory or management personnel?
2. Are interactions with external stakeholders periodically evaluated to determine if they are indicative of a weakness in the internal controls structure? (For example, consider the frequency of complaints about incorrect invoices, statements, and acknowledgments.)
X
3. Is there follow-up on recommendations from the internal and external auditors for improvements to the internal control system?
4. Are personnel required to sign off, indicating their performance of critical control activities such as performing reconciliations? 5. Does the internal audit team have the right number of competent and experienced staff? Do they have access to the board of directors and audit committee? Is the reporting structure in place to ensure their objectivity and independence? Is the work of the internal audit team appropriate to the organization’s needs, and prioritized with the audit committee’s direction?
Ad hoc yes; however, no formal process exists.
X
X
X
X
No audit committee in place.
37 Internal Controls Audit: Just in Time for Foster Youth
Appendix 2: Whistleblower Memo & Policy
MEMORANDUM To:
Just In Time for Foster Youth Board of Directors
From:
University of San Diego Consulting Team (D. Black, D. Floyd, M. Praniewicz, B. Sutil, R. Valdez)
CC:
Mr. Don Wells, Executive Director
Date:
5/8/2012
Re:
Modifications for existing Whistleblower Policy
The Sarbanes-Oxley Act of 2002 (SOX) made it a federal crime for any organization, including nonprofits, to retaliate against a “whistleblower� that reports fraudulent activity (Lawrence & Flynn, 2006). Therefore, it is critical for nonprofits to develop and implement a well-constructed whistleblower and non-retaliation policy. Policies should address any unsuitable behavior that occurs in the work environment and reporters must feel comfortable speaking out. Policies should include two key elements: 1. Fraudulent actions are not tolerated 2. A confidential reporting process exists, which should include a hierarchy of levels within the organization. Just In Time for Foster Youth (JIT) established the original whistleblower policy on February 24, 2011. The existing policy is easy to understand and interpret. However, after review, our audit team identified several areas to enhance clarification and improve the overall process for whistleblower reporting. Those areas are outlined below: 1. 2. 3. 4.
Created a section for definitions Strengthened the description for confidential reports Outline an explicit process on whom and how to submit complaints Cleary expressed intolerance for fraudulent and illegal activity
A draft copy of the recommended whistleblower policy is included with our internal control audit. If there are additional questions or concerns, please let us know and we can expand on our intent.
38 Internal Controls Audit: Just in Time for Foster Youth
Whistleblower Policy May 2012 Purpose Just In Time for Foster Youth (JIT) is committed to high standards of ethical, moral, and legal business conduct. In line with this commitment, and JIT’s commitment to open communication, this policy aims to provide a confidential avenue for board of directors, employees, and volunteers to raise concerns and reassurance that they will be protected from reprisals or victimization for whistleblowing. This whistleblowing policy is intended to cover protections for board of directors, employees and volunteers raising concerns regarding JIT, such as: Incorrect or fraudulent financial reporting Misappropriation or misuse of JIT’s resources, such as funds, in kind donations, petty cash, supplies, Activities that are not in line with JIT’s Code of Ethics policy (Code) Unauthorized alteration or manipulation of computer files Forgery or alteration of documents Activities in violation of JIT’s Conflict of Interest Policy Definitions Harassment or Victimization - Harassment or victimization for reporting concerns under this policy will not be tolerated. Confidentiality - Every effort will be made to treat the reporter’s identity with appropriate regard for confidentiality. Anonymous Allegations - This policy encourages reporters to put their names to allegations because appropriate follow-up questions and investigation may not be possible unless the source of the information is identified. If the reporter wishes to remain anonymous, concerns will be explored appropriately, with consideration given to: * The seriousness of the issue raised; * The credibility of the concern; and * The likelihood of confirming the allegation from attributable sources. Bad Faith or Baseless Allegations - Allegations made bad faith or with reckless disregard for their truth or falsity, may result in disciplinary action by JIT.
39 Internal Controls Audit: Just in Time for Foster Youth
Whistleblower – A board member, employee, consultant or volunteer who informs the executive director or president of the Board of Directors about an activity relating to JIT which that person believes to be fraudulent or dishonest. Procedure: 1. Process for Raising a Concern Reporting - The whistleblowing procedure is intended to be used for serious and sensitive issues. All relevant matters, including suspected but unproved matters, will be reviewed, analyzed and documented. Such concerns, including those relating to financial reporting, unethical or illegal conduct, may be reported directly to the executive director of JIT. If, for any reason, a person finds it difficult to report his or her concerns to the executive director, the person may report concerns directly to a member of the executive committee. If the person wishes to remain anonymous, a written statement may be submitted to one of the executive director or member of the executive committee listed above. Employment related concerns should continue to be reported through your normal channels. Timing - The earlier a concern is expressed, the easier it is to take action. Evidence - Although the reporter is not expected to prove the truth of an allegation, the reporter should be able to demonstrate to the person contacted that the report is being made in good faith. Procedure: 2. How the Report of Concern Will be Handled The action taken by JIT in response to a report of concern under this policy will depend on the nature of the concern. The Executive Committee of the JIT Board of Directors shall receive information on each report of concern and follow-up information on actions taken. Initial Inquiries - Initial inquiries will be made to determine whether an investigation is appropriate, and the form that it should take. Some concerns may be resolved without the need for investigation. However, some investigations may warrant investigation by independent persons such as auditors and/or attorneys. Further Information -The amount of contact between the reporter and the person or persons investigating the concern will depend on the nature of the issue and the clarity of information provided. Further information may be sought from or provided to the person reporting the concern.
40 Internal Controls Audit: Just in Time for Foster Youth
Whistleblower Protection JIT will use its best efforts to protect whistleblowers against retaliation. Whistleblowing complaints will be handled with sensitivity, discretion, and confidentiality to the extent allowed by the circumstances and the law. Employees, board members and volunteers of JIT may not retaliate against a whistleblower for informing management about an activity which that person believes to be fraudulent or dishonest. Whistleblowers must be cautious to avoid baseless allegations (as described earlier in the definitions section of this policy). My signature below indicates my receipt and understanding of this Policy. I also verify that I have been provided with an opportunity to ask questions about the Policy.
Name – Printed
Signature
Date
41 Internal Controls Audit: Just in Time for Foster Youth
Appendix 3: Conflict of Interest Memo & Policy
MEMORANDUM To:
Just In Time for Foster Youth Board of Directors
From:
University of San Diego Consulting Team (D. Black, D. Floyd, M. Praniewicz, B. Sutil, R. Valdez)
CC:
Mr. Don Wells, Executive Director
Date:
5/8/2012
Re:
Modifications for existing Conflict of Interest Policy
A conflict of interest exists when a board member or employee has a personal interest that may influence him or her when making a decision for the organization. Conflicts of interest are not uncommon and not inherently illegal. They do, however, need to be treated carefully and transparently, and require a process for handling them appropriately. Just In Time for Foster Youth (JIT) established the original conflict of interest policy on February 24, 2011. The existing policy is easy to understand and interpret. However, after review, our audit team identified several areas to enhance clarification and improve the overall process for conflict of interest reporting. Those areas are outlined below: 1. Defined procedures for addressing a potential conflict of interest 2. Outlined consequences for violating the conflict of interest policy 3. Clarified that conflict of interest statements are to be reviewed and signed annually; we have provided a disclosure statement for that purpose A draft copy of the recommended conflict of interest policy is included with our internal control audit. If there are additional questions or concerns, please let us know and we can expand on our intent.
42 Internal Controls Audit: Just in Time for Foster Youth
Conflict of Interest Policy May 2012 Purpose The purpose of this policy is to safeguard the integrity of Just In Time for Foster Youth’s (JIT) business decisions by ensuring that they are made solely on the basis of what is best for JIT and not improperly influenced by personal interests. Whenever a director or officer of JIT has a financial or personal interest in any matter coming before the board of directors, the board shall ensure that: 1. The interest of such officer or director is fully disclosed to the Board of Directors. 2. No interested officer or director may vote or lobby on the matter or be counted in determining the existence of a quorum at the meeting of the Board at which such matter is voted upon. 3. Any transaction in which a director or officer has a financial or personal interest shall be duly approved by members of the Board not so interested or connected as being in the best interests of the organization. 4. Payments to the interested officer or director shall be reasonable and shall not exceed fair market value. 5. The minutes of meetings at which such votes are taken shall record such disclosure, abstention, and rationale for approval. For purposes of this provision, the term "interest" shall include personal interest, interest as director, officer, member, stockholder, shareholder, partner, manager, trustee, or beneficiary of any concern and having an immediate family member who holds such an interest in any concern. The term "concern" shall mean any corporation, association, trust, partnership, limited liability entity, firm, person or other entity other than the Just in Time. No director or officer of the JIT shall be disqualified from holding any office in the organization by reason of any interest in any concern. A director or officer of JIT shall not be disqualified from dealing, either as vendor, purchaser or otherwise, or contracting or entering into any other transaction with JIT or with any entity of which the organization is an affiliate. No transaction of JIT shall be voidable by reason of the fact that any director or officer of the organization has an interest in the concern with which such transaction is entered into, provided the above criteria are met.
43 Internal Controls Audit: Just in Time for Foster Youth
Procedures for Addressing the Conflict of Interest 1) An interested person may make a presentation at the governing board or committee meeting, but after the presentation, he or she shall leave the meeting during the discussion of, and the vote on, the transaction or arrangement involving the possible conflict of interest. 2) The chair of the governing board or committee shall, if appropriate, appoint a disinterested person or committee to investigate alternatives to the proposed transaction or arrangement. 3) After exercising due diligence, the governing board or committee shall determine whether JIT can obtain with reasonable efforts a more advantageous transaction or arrangement from a person or entity that would not give rise to a conflict of interest. 4) If a more advantageous transaction or arrangement is not reasonably possible under circumstances not producing a conflict of interest, the governing board or committee shall determine by a majority vote of the disinterested directors whether the transaction or arrangement is in JIT’s best interest, for its own benefit, and whether it is fair and reasonable. In conformity with the above determination, it shall make its decision as to whether to enter into the transaction or arrangement. Annual Statements Each director, principal officer, and member of a committee with governing board– delegated powers shall annually sign a statement that affirms such person: 1) Has received a copy of the conflict-of-interest policy, 2) Has read and understands the policy, 3) Has agreed to comply with the policy, and 4) Understands that JIT is charitable and in order to maintain its federal tax exemption it must engage primarily in activities that accomplish one or more of its tax-exempt purposes. Violations of the Conflicts-of-Interest Policy 1) If the governing board or committee has reasonable cause to believe a member has failed to disclose actual or possible conflicts of interest, it shall inform the member of the basis for such belief and afford the member an opportunity to explain the alleged failure to disclose. 2) If, after hearing the member’s response and after making further investigation as warranted by the circumstances, the governing board or committee determines the member has failed to disclose an actual or possible conflict of interest, it shall take appropriate disciplinary and corrective action.
44 Internal Controls Audit: Just in Time for Foster Youth
Conflict of Interest Statement Please initial in the space at the end of Item A or complete Item B, whichever is appropriate; complete the balance of the form; sign and date the statement; and return it to the board chair. A. I am not aware of any relationship or interest or situation involving my family or myself that might result in, or give the appearance of being, a conflict of interest between such family member or me on one hand and JIT on the other. Initials: _______ B. The following are relationships, interests, or situations involving me or a member of my family that I consider might result in or appear to be an actual, apparent, or potential conflict of interest between such family members or myself on one hand and JIT on the other. Initials: _______ Corporate (either nonprofit or for-profit) directorships, positions, and employment: ________________________________________________________________________ Memberships in the following organizations: ________________________________________________________________________ Contracts, business activities, and investments with or in the following organizations: ________________________________________________________________________ Other relationships and activities: ________________________________________________________________________ My primary business or occupation at this time: _________________________________________________________________________ I have read and understand JIT’s Conflict-of-Interest Policy and agree to be bound by it. I will promptly inform the board chair of JIT of any material change that develops in the information contained in the foregoing statement. ________________________ Type/Print Name
________________________ Signature
___________________ Date
45 Internal Controls Audit: Just in Time for Foster Youth
Appendix 4: Code of Ethics Memo & Policy
MEMORANDUM To:
Just In Time for Foster Youth Board of Directors
From:
University of San Diego Consulting Team (D. Black, D. Floyd, M. Praniewicz, B. Sutil, R. Valdez)
CC:
Mr. Don Wells, Executive Director
Date:
5/8/2012
Re:
Code of Ethics
The Code of Ethics (the Code) policy provides clear and specific information on the ethical actions and behaviors that define an organization. It establishes the tone for how business practices and procedures will be managed throughout JIT and establishes a framework for the Conflict of Interest and Whistleblower policies. The Code should serve as an overarching statement for other policies that establish standards of integrity and accountability. It should be easy to understand and be general in nature. Issues, such as conflict of interest, are outlined in a separate, more detailed policy. Finally, the policy requires signatures from employees and board members and should be reviewed periodically for revisions. A draft copy of the recommended Code of Ethics policy is included with our internal control audit. If there are additional questions or concerns, please let us know and we can expand on our intent. Reference: Lawrence, B. & Flynn, O. (2006). The Nonprofit Policy Sampler (2nd ed.). Washington, DC: BoardSource.
46 Internal Controls Audit: Just in Time for Foster Youth
Code of Ethics May 2012 Purpose The Just In Time for Foster Youth (JIT) Code of Ethics (the Code) is a demonstration of our commitment to high ethical standards. The Code recognizes that its employees, volunteers, and board members define an organization. JIT promotes honest and ethical conduct, including fair dealing and the ethical handling of conflicts of interest. JIT endorses a work environment that values respect, fairness, and integrity. Introduction This Code of Ethics covers a wide range of business practices and procedures. It does not cover every issue that may arise, but it sets out basic principles to guide all employees, volunteers, and board members of JIT. All of our employees, volunteers, and board members must conduct themselves accordingly and seek to avoid even the appearance of improper behavior. If a law conflicts with a policy in this code, you must comply with the law. If you have any questions about these conflicts, you should ask the head of school how to handle the situation. Those who violate the standards in this code will be subject to disciplinary action, including possible dismissal. If you are in a situation, which you believe may violate or lead to a violation of this code, follow the procedures set out in the Whistleblower Policy. Compliance with law, rules, and regulations All employees, volunteers and board members must respect and obey the laws, rules, and regulations of the cities, states, and countries in which we operate. Although employees and officers are not expected to know the details of each of these laws, rules and regulations, it is important to know enough to determine when to seek advice from supervisors, managers or other appropriate personnel. Conflicts of Interest A “conflict of interest” exists when a person’s private interest interferes in any way, or even appears to interfere, with the interests of JIT. A conflict situation can arise when an employee, director, officer, or member takes actions or has interests that may make it
47 Internal Controls Audit: Just in Time for Foster Youth
difficult to perform his or her JIT work objectively and effectively. Conflicts of interest may also arise when an employee, director, officer, or member receives improper personal benefits as a result of his or her position in the JIT. Loans to, or guarantees of obligations to, employees, directors, officers, or members and their family members by JIT may create conflicts of interest and in certain instances are prohibited by law. Conflicts of interest are prohibited as a matter of JIT policy, except as approved by the board of directors. Conflicts of interest may not always be clear-cut, so if you have a question, you should consult with the executive director or follow the procedures set out in the Whistleblower Policy. Any employee, director, officer, or member who becomes aware of a conflict or potential conflict should bring it to the attention of a supervisor, manager, or other appropriate personnel or consult the procedures provided in the Whistleblower Policy. Discrimination and Harassment JIT is firmly committed to providing equal opportunity in all aspects of employment and will not tolerate any illegal discrimination or harassment based on race, color, religion, sex, national origin or any other protected class. Health and Safety The JIT strives to provide each employee, volunteer, and board member with a safe and healthy work environment. Employees, volunteers, and board members have the responsibility for maintaining a safe and healthy workplace by following environmental, safety, and health rules and practices and by reporting accidents, injuries and unsafe equipment, practices or conditions. Violence and threatening behavior are not permitted. Employees and officers are expected to perform their JIT related work in a safe manner, free of the influences of alcohol, illegal drugs or controlled substances. The use of illegal drugs in the workplace will not be tolerated. Environmental JIT expects its employees and officers to follow all applicable environmental laws and regulations. If you are uncertain about your responsibility or obligation, you should check with the head of school for guidance. Financial reporting and control JIT requires honest, accurate and timely recording and reporting of information in order to make responsible business decisions.
48 Internal Controls Audit: Just in Time for Foster Youth
All business expense accounts must be documented and recorded accurately in a timely manner. If you are not sure whether a certain expense is legitimate, ask the executive director or the chief financial officer. All of JIT’s books, records, accounts and financial statements must be maintained in reasonable detail; must be promptly disclosed in accordance with any applicable laws or regulations; and must conform both to applicable legal requirements and to JIT’s system of internal controls. Business records and communications often become public and we should avoid exaggeration, derogatory remarks, guesswork or inappropriate characterizations of people and companies that may be misunderstood. This applies equally to e-mail, internal memos and formal reports. Records should always be retained or destroyed according to JIT’s document retention policy. JIT ensures that all spending practices and policies are fair, reasonable and appropriate to fulfill the mission of the organization and does not accumulate operating funds excessively. Confidentiality Employees, volunteers and board members must maintain the confidentiality of proprietary information entrusted to them by JIT, except when disclosure is authorized in writing by the head of school or required by laws or regulations. Reporting any illegal or unethical behavior Employees are encouraged to talk to the executive director or other appropriate personnel about observed behavior that they believe may be illegal or a violation of this Code. It is the policy of JIT not to allow retaliation for reports made in good faith by employees of misconduct by others. Employees are expected to cooperate in internal investigations of misconduct. Annual Acknowledgement To help ensure compliance with this Code, JIT requires that all employees and board members review the Code and acknowledge their understanding and adherence in writing on an annual basis on the attached form.
49 Internal Controls Audit: Just in Time for Foster Youth
Appendix 5: Financial Controls Policy
Financial Control Policy Mission: Just In Time for Foster Youth (JIT) provides transitioning foster youth with opportunities for self-sufficiency through emergency support, essential resources, and caring personal guidance at critical junctures on their path to independence. Purpose: This brief policy establishes general guidelines for financial controls at JIT, including, check signing, withdrawal of funds, and deposits. JIT shall maintain its accounts in financial institutions that are federally insured. There are four accounts outlined in this policy. 1. Accounts 1.1. Program Account 1.2. Operating Account 1.3. Financial Fitness Operating Account 1.4. LEAP Account 2. Check-Signing Authority 2.1. Operating Account 2.1.1. Vendor accounts ONLY 2.1.2. Checks up to $1,500 require one signature 2.1.2.1. Primary signature is program director 2.1.3. Checks over $1,500 require two signatures 2.1.3.1. Secondary signature is executive director 2.1.3.2. Secondary 2 signature is board treasurer or board president 2.2. Program Account 2.2.1. Client accounts ONLY 2.2.2. Checks up to $1,000 require one signature 2.2.2.1. Primary signature is executive director or bookkeeper/accountant 2.2.3. Checks over $1,000 require two signatures 2.2.3.1. Secondary signature is executive director or bookkeeper or accountant 2.2.3.2. Secondary 2 signature is development manager 2.3. Financial Fitness Operating Account 2.3.1. Client accounts ONLY 2.3.2. Checks up to $2,000 require one signature 2.3.2.1. Primary signature is executive director or bookkeeper/accountant 2.3.3. Checks over $2,000 require two signatures
50 Internal Controls Audit: Just in Time for Foster Youth
2.3.3.1. Secondary signature is executive director or bookkeeper/accountant 2.3.3.2. Secondary 2 signature is development manager 2.4. LEAP Account 2.4.1. Client account ONLY 2.4.2. Checks up to $500 require one signature 2.4.2.1. Primary signature is executive director or bookkeeper/accountant 2.4.3. Checks over $500 require two signatures 2.4.3.1. Secondary signature is executive director or bookkeeper/accountant 2.4.3.2. Secondary 2 signature is development manager 3. Withdrawal of funds from Basic Needs Program 3.1. An authorized check signer will make disbursements only upon review and approval of the transaction. This will include review for the existence of proper supporting documentation, such as a check request and on-line intake form 3.1.1. Program director must approve funds withdraw from basic needs request. 3.1.2. Program director has ability to generate emergency check. 3.1.3. Authorized check signers are executive director and bookkeeper/accountant 4. Petty Cash 5. Cash and Check Receipts 5.1. Executive director will log all cash and check receipts into givezooks.org (online donation tracking program) 5.2. Development manager will log all cash into cash receipts log 5.3. Development manager will prepare deposit slip and copies of all check receipts 5.4. Bookkeeper/Accountant will enter all cash and check receipts into JIT’s accounting system 5.5. Bookkeeper/Accountant will reconcile givezooks.org, cash receipts log and accounting system 6. Deposits 6.1. All funds received by JIT shall be deposited _____. 6.2. A copy of the deposit slip(s), check(s) and/or cash should be given to the bookkeeper. 6.3. Development manager will make deposit. 7. Gift Cards 7.1. Volunteer coordinator records all gift cards received 7.2. Program coordinators distributes gift cards 7.3. Program director reconciles gift cards
51 Internal Controls Audit: Just in Time for Foster Youth
8. In Kind Donations 8.1. See “Gift Acceptance Policy” 9. Credit Cards 9.1. The board authorizes the executive director to define the processes for credit card business use. However, the board should retain the authority to set appropriate credit limits. 9.2. The board has the authority to approve the establishment of a charge account in JIT’s name, including the credit limit. 9.3. The executive director has the responsibility to establish and enforce written procedures for the use of all open charge accounts and credit cards.
52 Internal Controls Audit: Just in Time for Foster Youth
Appendix 6: Gift Acceptance Memo & Policy
MEMORANDUM To:
Just In Time for Foster Youth Board of Directors
From:
University of San Diego Consulting Team (D. Black, D. Floyd, M. Praniewicz, B. Sutil, R. Valdez)
CC:
Mr. Don Wells, Executive Director
Date:
5/8/2012
Re:
Gift Acceptance Policy
Just in Time for Foster Youth ( JIT) proposed gift acceptance policy to set forth the organization’s position on the planning, promoting, solicitation, receipt, acceptance, management, reporting, use and disposition of gifts. This policy is flexible and realistic in order to accommodate unpredictable situations, as well as donor expectations, as long as such situations and expectations are consistent with Just in Time for Foster Youth’s mission and policies This proposed policy utilized articles and documents from best practices organizations, such as BoardSource and Independent Sector. This policy contains 5 policy statements outlining acceptable and unacceptable gifts, stewardship, conflict of interest and ethics.
53 Internal Controls Audit: Just in Time for Foster Youth
Gift Acceptance May 2012 Purpose The purpose of this gift acceptance policy is to give guidance and counsel to the staff of Just In Time for Foster Youth with the planning, promoting, solicitation, receipt, acceptance, management, reporting, use and disposition of gifts. This policy must be flexible and realistic in order to accommodate unpredictable situations as well as donor expectations, as long as such situations and expectations are consistent with Just in Time for Foster Youth’s mission and policies.
Gift Acceptance Policy Just in Time for Foster Youth solicits and accepts gifts for purposes that will help the organization further and fulfill its mission. Just in Time for Foster Youth urges all prospective donors to seek the assistance of personal legal and financial advisors in matters relating to their gifts, including resulting tax and estate planning concerns. The following policies and guidelines govern acceptance of gifts made to Just in Time for Foster Youth (herein referred to as “Just In Time for Foster Youth,” “JIT,” or “the organization”) for the benefit of any of its operations, programs or services. A. Use of Legal Counsel— Just in Time for Foster Youth will seek the advice of legal counsel in matters relating to acceptance of gifts when appropriate. Review by counsel is recommended for: Gifts of securities that are subject to restrictions or buy-sell agreements. B. Documents naming Just in Time for Foster Youth as trustee or requiring Just in Time for Foster Youth act in any fiduciary capacity. C. Gifts requiring Just in Time for Foster Youth to assume financial or other obligations. D. Transactions with potential conflicts of interest. E. Gifts of property which may be subject to environmental or other regulatory restrictions. Restrictions on Gifts—Just in Time for Foster Youth will not accept gifts that (a) would result in violating its corporate charter, (b) would result in losing its status as an IRS § 501(c)(3) not-for-profit status, (c) are too difficult or too expensive to administer in relation to its value, (d) would result in any unacceptable consequences
54 Internal Controls Audit: Just in Time for Foster Youth
or (e) are for purposes outside the organization’s mission. Decisions on the restrictive nature of a gift, and its acceptance or refusal, shall be made by the staff directors or board members. Gifts Generally Accepted Without Review Cash— Cash gifts are acceptable in any form, including by check, money order, credit card, or on-line payment through Givezooks. Donors wishing to make a gift by credit card must provide the card type (e.g., Visa, MasterCard, American Express), card number, expiration date, and name of the card holder as it appears on the credit card. Marketable Securities— Marketable securities may be transferred electronically to an account maintained at one or more brokerage firms or delivered physically with the transferor's endorsement or signed stock power (with appropriate signature guarantees) attached. All marketable securities will be sold promptly upon receipt unless otherwise directed by the Board of Directors. In some cases marketable securities may be restricted, for example, by applicable securities laws or the terms of the proposed gift; in such instances the decision whether to accept the restricted securities shall be made by the Executive Committee. Bequests and Beneficiary Designations under Revocable Trusts, Life Insurance Policies, Commercial Annuities and Retirement Plans— Donors are encouraged to make bequests under their wills, and to name JIT as the beneficiary under trusts, life insurance policies, commercial annuities and retirement plans. Charitable Remainder Trusts— JIT will accept designation as a remainder beneficiary of charitable remainder trusts. Charitable Lead Trusts— JIT will accept designation as an income beneficiary of charitable lead trusts. In-Kind Donations— In kind donations must be gently used or in new condition. JIT’s mission is to provide participants with opportunities for self-sufficiency through resources and caring adult connections. In kind donations in poor condition such as stained, broken, or overused, do not further JIT’s mission in helping youth on their paths to self-sufficiency. Items not suitable for JIT participants will be donated to another local charity such as Goodwill©, Amvets©, Salvation Army©, or the Humane Society©. Furniture in new or gently used condition Full and Queen beds – excellent condition Dressers Nightstands Sofas and Loveseats (small) Coffee tables/End tables TV stands (small) Kitchen tables with chairs (small) Desks and Chairs Home furnishings Comforters and Blankets – like new, all sizes
55 Internal Controls Audit: Just in Time for Foster Youth
Sheets and Pillows – new, all sizes Lamps – floor and desk Towels – new Cookware and Kitchen appliances – like new Dishware/Glassware sets – like new Silverware – new Cleaning supplies (like new vacuum cleaners, brooms, mops) Discount store gift cards - $25+ (Ralph’s, Albertson’s, Target, Walmart, Kohl’s, Big Lots, Best Buy, Sears, gas cards, etc.) Art, rugs and other modern decorative items Educational Tools Laptop computers with word processing software Subject to review by staff members (based on youth requests) Beds Desktop computers with word processing software Items for babies or children Clothing (clean & pressed professional attire)
Gifts Accepted Subject to Review— Certain forms of gifts or donated properties may be subject to review prior to acceptance. Examples of gifts subject to prior review include, but are not limited to: Tangible Personal Property— The Executive Committee shall review and determine whether to accept any gifts of tangible personal property in consideration of the following: does the property further the organization’s mission? Is the property marketable? Are there any unacceptable restrictions imposed on the property? Are there any carrying costs for the property for which the organization may be responsible? Is the title/provenance of the property clear? Life Insurance— JIT will accept gifts of life insurance where the organization is named as both beneficiary and irrevocable owner of the insurance policy. The donor must agree to pay, before due, any future premium payments owing on the policy. Real Estate. All gifts of real estate are subject to review by the Board of Directors Prior to acceptance of any gift of real estate other than a personal residence, JIT shall require an initial environmental review by a qualified environmental firm. In the event that the initial review reveals a potential problem, the organization may retain a qualified environmental firm to conduct an environmental audit. Criteria for acceptance of gifts of real estate include: Is the property useful for the organization’s purposes? Is the property readily marketable? Are there covenants, conditions, restrictions, reservations, easements, encumbrances or other limitations associated with the property? Are there carrying costs (including insurance, property taxes, mortgages, notes, or the like) or maintenance expenses associated with the property? Does the environmental review or audit reflect that the property is damaged or otherwise requires remediation?
56 Internal Controls Audit: Just in Time for Foster Youth
Unacceptable gifts— Just in Time for Foster Youth reserves the right to refuse any gift that is not consistent with its mission. In addition, to and without limiting the generality of, the following gifts will not be accepted by Just in Time for Foster Youth. Gifts that violate any federal, state, or local statute or ordinance Gifts that contain unreasonable conditions ( e.g., a lien or other encumbrance) or gifts of partial interest and property Gifts that are financially unsound Gifts that could expose the organization to liability In Kind Donations o Items in poor condition (i.e. broken, dingy, stained, or dirty) o Big and heavy items King bed sets Formal dining sets Hutches and china cabinets Entertainment units Big televisions o Glass tables o Refrigerators and Freezers o Washers and Dryer
57 Internal Controls Audit: Just in Time for Foster Youth
Appendix 7: Segregation of Duties Worksheet Recommended
Board Member(s)
Bookkeeper
Chief Financial Officer
Development Manager
Devlopment Officer
Executive Director
Program Director
X X X X
X X
Program Coordinators (2)
VISTAs (3)
Volunteer Coordinator
Accounts Receivable (Vendors) Receive Cash Receive Checks Picks up mail Opens mail
X X
Recording of Checks & Cash In Kind Receive In Kind Donations Recording of IKD Acknowledgem ent letters to Donors
X X
X X Cash Receipts Log
Cash Receipts Log
Online Campaign
X
X
X
Primary
Secondary
Primary
Secondary
Primary
Secondary 2
Secondary
Primary
Secondary
Primary
Quickbooks
X X
X X
Accounts Payable (Vendors) Receive Secondary 2
Approve Check Generation Check Signing Operating Acct (two sign.
Secondary 2
X
X
X
X
58 Internal Controls Audit: Just in Time for Foster Youth
>$1,500) Checks Mailed
X
Accounts Payable (Clients) Gift Cards X (Volunteer Coordinator VISTA)
Gift Card Recording Gift Card Reconciliation
X
Gift Card to Client
Secondary 2
Check request Check Generation Check Signing Program Accts (two sign. >$1,000) Financial Fitness (two sign. >2,000) LEAP (two sign. >$500) Checks Mailed Client follow up (receipts)
X
Banking
Secondary 2
Secondary 2
Primary
Secondary
Primary
X Secondary (by hand)
X (Agency Mapping & Youth Tracking VISTAs) X
Secondary 2
X
Primary
X
X
X
X
X
X
X
X
59 Internal Controls Audit: Just in Time for Foster Youth
Deposits Prepare Deposit Slip (Cash & Checks)
Primary
Secondary
Secondary 2
Deposit to Bank
Primary
Secondary
Secondary 2
Record Deposit Bank Reconciliation Receive Void Checks Receive Stop Payment Notices Orders Blank Checks
X X Primary
Secondary
X X
X
Budget Budget Preparation Budget Review Budget Modifications
X
X
X
X
X
X
X
X
X
X
X
X
X
Staff & Contractors
Program Staff
Employees Payroll Approval Employee Benefits Approval Reimbursements Approval Petty Cash Approval Petty Cash
Executive Director X
X Secondary Primary
Secondary 2
Primary
X
X
X
60 Internal Controls Audit: Just in Time for Foster Youth
Replinish Credit Card Usage Credit Card Statement Review
X
X
X
X
X
Financial Statements Generation of Financial Statements Review of Bank Reconciliation Preparation of 990s with outside firm
Secondary
Primary
Secondary
Primary Primary
Fund Development Grant research & generation Grant reporting & follow-up Donor Engagement & Follow Up Special Events Receive Auction Items Receive Donations Process Credit Card Transactions Distribute Auction Items
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X X
X
X
61 Internal Controls Audit: Just in Time for Foster Youth
Appendix 8: Flow Charts Accounts Receivable (A/R) Vendors Flow Chart
Cash / Checks
In-kind Donations
Receive Cash/Checks Directly: Board Members Executive Director Development Manager Program Director Volunteer Coord. (checks only)
Receives In-kind Donations: Board Members Executive Director Development Manager Program Director VISTAs Program Coordinators Volunteer Coordinator
Picks Up Mail: Executive Director
Record In-kind Donations: CFO Development Manager
Record In Givezooks:
Acknowledgment Letters to Donors:
Executive Director. Then gives to Development Manager.
Development Manager
Creates Deposit Slip & Deposits in Bank: Development Manager. Then gives copies to Bookkeeper.
Enters in Quickbooks: Bookkeeper
62 Internal Controls Audit: Just in Time for Foster Youth
Accounts Payable (A/P) Vendors Flow Chart Receive Invoices: Exec. Dir. & Prog. Dir.
Approval of Invoices: Exec. Dir. – primary Prog. Dir. – secondary CFO – secondary 2
Check Generation: Bookkeeper – primary Prog. Dir. – secondary Exec. Dir. – secondary 2
Check Signing: Operating Acct. 2 signatures over $1,500 Prog. Dir. – primary Exec. Dir. – secondary Board Member – secondary 2
Checks Mailed: Development Manager
63 Internal Controls Audit: Just in Time for Foster Youth
Accounts Payable (A/P) Clients Flow Chart
GIFT CARDS
CHECKS
Gift Card Recording: Volunteer Coordinator or VISTA
Check Request Form: Program Director Program Coordinators VISTAs Volunteer Coordinator
Gift Card Reconciliation: Program Director
Gift Card to Youth: Program Coords. – primary Agency Mapping & Youth Tracking VISTAs – secondary
Check Generation: Program Director – primary Prog. Coords. – secondary by hand Bookkeeper – secondary 2
Check Signing: Program Accts - 2 signatures over $1,000 Financial Fitness -2 sigs. over $,2000 LEAP - 2 sigs. over $500 Bookkeeper – primary Executive Dir. - secondary Board Member – secondary 2
Checks Mailed: VISTAs or Volunteer Coordinator
Client Follow-up/Receipt: Program Director Program Coordinators VISTAs Volunteer Coordinator
64 Internal Controls Audit: Just in Time for Foster Youth
Youth Emergency Services Flow Chart Youth in Crisis Need Emergency $
Must fill out application online.
Youth agree to return receipt. Follow up by ViISTAs/PCs
Request goes to VISTA or Prog. Coord.
N
Can be declined by VISTA/ P.C.
Y Vista/P.C. fill out check request form
VISTA/P.C. give check to youth
Form/app. go to P.D. for approval.
Y Program Dir. generates check.
Signed check returned to VISTA/P.C.
Exec. Dir. or Bookkeeper signs check.
N
End
65 Internal Controls Audit: Just in Time for Foster Youth
Appendix 9: Request Form Program Expense DATE OF REQUEST: SUBMITTED BY: TYPE OF REQUEST: CHECK: ___
TITLE: BUS PASS: ___
AMOUNT OF REQUEST: $
GIFT CARD: ____ VENDOR:
PROGRAM EXPENSE CLASS: Basic Needs: ___ My First Home: ___ College Bound: ___ Career Bound: ___ Financial Fitness: ___ Other:___
EXPENSE ACCOUNT LIST:
_51200 Educational and Vocational
__51300 Food and Groceries __51400 Health __51450 Basic Clothing and Personal Items __51500 Housing __51510 Home Furnishings __51520 Utilities __51600 Investments __51700 Transportation __51800 Other Youth Expenses __55100 Delivery / Storage __55200 Program Related Expenses EXPLANATION OF EXPENSE:
AMOUNT DISTRIBUTED:
DATE:
RECEIVED BY:
SUPERVISOR APPROVAL:
DATE:
ADMIN/FISCAL APPROVAL:
DATE:
Fill out completed form and give to your supervisor with all back-up information (application). Approval must be filled in by your supervisor.
66 Internal Controls Audit: Just in Time for Foster Youth
Petty Cash Expense DATE OF REQUEST: SUBMITTED BY:
TITLE:
AMOUNT OF REQUEST: $
VENDOR:
PROGRAM EXPENSE CLASS: Basic Needs: ___ My First Home: ___ College Bound: ___ Career Bound: ___ Financial Fitness: ___ Other:___
OTHER EXPENSE CLASS: Administrative: ___
Fundraising: ___
Other: ___
EXPLANATION OF EXPENSE:
AMOUNT DISTRIBUTED:
DATE:
RECEIVED BY:
SUPERVISOR APPROVAL:
DATE:
ADMIN/FISCAL APPROVAL:
DATE:
Fill out completed form and give to your supervisor with all back-up information (application). Approval must be filled in by your supervisor.
67 Internal Controls Audit: Just in Time for Foster Youth
Appendix 10: Audit Committee Charter Matrix
PURPOSE OF THIS TOOL: Adopting and maintaining an audit committee charter is a best practice for not-for-profit organizations. It is required by some states for not-for-profit organizations. However, the charter is often adopted and filed away except for its annual review. This tool is designed to help audit committees make the charter a living document and use it to manage the agenda. This tool is meant as a sample of a best practice. Users of the tool should put their own charter in the first column and use this example as a guide for defining the steps to accomplish each objective, the associated performance measure, and the scheduling. This tool is intended to serve not-for-profit organizations of all sizes and organizational structures. For instance, some small not-for-profit organizations cannot justify the expense of an internal auditor, whereas others have very large internal audit departments headed by a senior executive. Simila rly, relatively few not-for-profit organizations employ in-house legal counsel. Instead, most not-for-profit organizations rely on the professional services of outside attorneys engaged on a retainer basis or rely on volunteers’ services. The guidance provided in this tool is applicable whether in-house resources are employed, an outsource arrangement exists, or volunteers provide services.
68 Internal Controls Audit: Just in Time for Foster Youth
Not-for-Profit Audit Committee Charter Matrix For the Year Ending: ____________ I. Audit Committee Charter—General Considerations Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
I-A. Audit Committee Charter Establish an audit committee charter with approval from the board. The charter should set forth audit committee member roles and responsibilities. Review the committee’s charter annually, reassess the adequacy of this charter, and recommend any proposed changes to the board of directors.
Review the charter each year. Assess the appropriateness and completeness of the charter in light of the previous year’s experience, new best practices, and new legal or regulatory requirements.
Report to the board on the appropriateness of the charter and recommend any revisions for approval by the board.
Review annually, unless changes are needed during the course of the year.
Ascertain that the committee has the requisite financial expertise as defined by the organization.
Indicate in audit committee meeting minutes how financial expertise is available to the committee.
Affirm annually and when there is a change in status.
Consider changes that are necessary as a result of new laws, regulations, and best practices. (See the tool “Audit Committee Member Roles and Responsibilities” and appendix C in this toolkit.) I-B. Audit Committee Financial Expertise Considerations The audit committee should have access to financial expertise, whether in the form of a single individual serving on the committee, or collectively among committee members. If the financial expertise is provided by one individual, it is desirable that he or she be a member of the board of directors. When no single member of the board has the requisite skills, other arrangements should be made to ensure that the audit committee has the financial expertise to carry out its duties.
Date Completed
69 Internal Controls Audit: Just in Time for Foster Youth
I. Audit Committee Charter—General Considerations (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
Date Completed
The committee should undertake education initiatives to improve the financial expertise of the committee as a whole, including attendance at seminars and conferences, special speakers at committee educational sessions, and study of analytical tools for audit committees. (See the tool “Audit Committee Financial Expertise Considerations” and appendix B in this toolkit.) I-C. Audit Committee Membership The audit committee shall consist of at least three members, and preferably Test for independence, based on the three, five, or seven members. policies established by the organization. The chair of the audit committee shall be selected from among those members of the audit committee who are also members of the board of directors. All committee members shall be independent in order to serve on this committee. No officer or employee of the organization may serve on the committee. Although not all audit committee members need be members of the board of directors, a majority of the committee members should be members of the board of directors.
Minimal independence standards would prohibit employees of the organization or those with direct financial interests in entities serving the organization from serving on the committee.
Indicate in the committee minutes whenever a new member is appointed. Indicate in the committee minutes whenever a new committee chair is elected.
Affirm annually or whenever a change in status by any committee member occurs.
No employee of the organization’s external auditors should serve on the committee or on the board of directors.
(See the tool “Independence and Related Topics: Conflict of Interest, Related Parties, Inurement, and Other Issues” in this toolkit.) (continued)
70 Internal Controls Audit: Just in Time for Foster Youth
I. Audit Committee Charter—General Considerations (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
I-D. Enterprise Risk Management Inquire of management, the chief audit executive (CAE), and the external auditors about significant risks or exposures facing the organization; assess the steps management has taken or proposes to take to minimize such risks to the organization; and periodically review compliance with such steps.
Document the material risks that the organization faces related to the organizations financial condition and controls and financial reporting.
Submit a risk report to the board and the external auditors including mitigation strategies and quantifiable risks and insurance to cover such risks, like loss of revenue.
Review at least once each year, and more frequently if necessary.
Discuss whether the organization is in compliance with laws and regulations that govern the environment(s) in which it operates, as well as other applicable laws and regulations.
Report to the board that the review has taken place and any matters that need to be brought to its attention.
Review at least annually.
In-person meetings should be held at least once each year. All members are expected to attend each meeting in person, via telephone or video conference.
Prepare minutes that document decisions made and action steps following meetings and review for approval.
Minutes should be distributed as soon as possible but no later than before the next meeting.
Telephone conference meetings may be held more frequently.
Meeting minutes should be filed with the board of directors.
Update as events occur. Review with management and the CAE on a periodic basis. Review with the general counsel, external auditors, external counsel, and the CAE, legal and regulatory matters that, in the opinion of management, may have a material impact on the financial statements, related organization compliance policies, and programs and reports received from regulators. (See tool “Enterprise Risk Management—The COSO Framework: A Primer and Tool for the Audit Committee” in this toolkit.) I-E. Audit Committee Meetings The committee will meet as needed to address matters on its agenda, but not less frequently than twice each year. The committee may ask members of management or others to attend the meeting and provide pertinent information as necessary. The meetings should be scheduled so that the external auditor’s engagement letter is approved at one meeting and the final audited financial statements and report of the external auditors are approved at another meeting.
The agendas for meetings should be prepared and provided to members in advance, along with appropriate briefing Provision for unanimous consent approval of actions should be included in materials. the charter to deal with decisions required between meetings.
Date Completed
71 Internal Controls Audit: Just in Time for Foster Youth
I. Audit Committee Charter—General Considerations (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
Date Completed
I-F. Audit Committee Annual Agenda and Report Create an agenda for the ensuing year, or review and approve the agenda submitted by the CAE.
Use the “Not-for-Profit Audit Committee Charter Matrix” as a sample, and tailor it to your organization.
Oversee the preparation of, or prepare, an audit committee annual report to Review and discuss the annual report with the board of directors. CAE and auditors.
Review before the upcoming year.
Annual report finalized and approved. Present to board.
Review annually upon completion of audited financial statements.
I-G. Conducting an Audit Committee Executive Session Conduct executive sessions with each of the external auditors, the CEO, and the CFO. If the organization has a CAE, general counsel, or outside counsel, executive sessions should be conducted with each of these individuals as well. Circumstances may dictate that additional executive sessions may be needed with the director of financial reporting, controller, or others as deemed appropriate by the committee.
Establish these sessions in conjunction with Develop action steps to be regularly scheduled meetings or as taken, if appropriate. necessary. Minutes should generally only reflect that executive sessions took place. Minutes should not be kept of the sessions themselves.
Review as necessary, but not less frequently than regularly scheduled meetings.
(See the tool “Conducting an Audit Committee Executive Session: Guidelines and Questions” in this toolkit.) I-H. Conducting an Audit Committee Self-Evaluation The committee will review its effectiveness annually. (See the tool “Conducting an Audit Committee Self-Evaluation: Guidelines and Questions” in this toolkit.)
The committee will review its accomplishments and make recommendations for improving its effectiveness.
Discuss recommendations with Review annually. board of directors.
I-I. Other Responsibilities The committee will perform such other functions as assigned by the organization’s charter or bylaws, or the board.
Review new business at all meetings. (continued)
72 Internal Controls Audit: Just in Time for Foster Youth
II. Audit Committee—Management and the Organization Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
II-A. Code of Conduct Periodically review the organization’s code of conduct/ethics to ensure that it is adequate and up-to-date.
Review results with the CAE and general counsel. Consider any adjustments that may be necessary to the organization’s code of conduct/ethics.
Review with the chief audit executive (CAE) and the organization’s Consider steps that may need general counsel the results of their review of the monitoring of compliance to be taken to ensure that compliance is at with the organization’s code of conduct/ethics. the highest possible level.
Report to the board that the review of the code of conduct/ ethics was completed.
Review at least annually.
Recommend changes to the code of conduct/ethics to the board as needed.
Review any significant findings as they arise.
A document retention and destruction policy.
Review the policy annually.
II-B. Document Retention and Destruction Policy Establish a document retention and destruction policy. Review it with the CAE, management, the external auditors, and with the board of directors.
Prepare and approve a policy and review it with the board.
Review the policy annually to ensure compliance with legal, tax, and regulatory requirements.
An annual review of the policy, recommending amendments as required to comply with legal, tax, and regulatory requirements.
(See the tool “Sample Document Retention and Destruction Policy” in this toolkit.) II-C. Unique Transactions and Financial Relationships Review with management and the external auditor the effect of any regulatory and accounting initiatives and unique transactions (including off-balancesheet transactions). Review accounting for such transactions to ensure best practices are applied. Review significant related party transactions. (See the tool “Unique Transactions and Financial Relationships” in this toolkit.)
Independently, through professional reading and continuing education, keep up-to-date on new developments related to the not-for-profit industry, the organization’s specific sector, and the environment in which the organization operates, including any regulatory requirements it may be subject to. Discuss with management and the external auditors in meetings.
Record discussion and any action steps in committee meeting minutes.
Review as necessary.
Date Completed
73 Internal Controls Audit: Just in Time for Foster Youth
II. Audit Committee—Management and the Organization (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
Discuss the financial statements with emphasis on changes in reporting, new and unusual transactions, and financial trends.
Record discussion and any action steps in audit committee meeting minutes.
Review as necessary.
Discuss each matter, and related matters that may come to the attention of the audit committee or the external auditor, or both through this process.
Submit reports and documentation of discussions and resolution of disagreements.
Review, at least annually/or in conjunction with the year-end audit.
Date Completed
II-D. Review of Interim Financial Reports Review with management and the CAE, any interim financial reports issued since the last meeting. II-E. Issues Report From Management Review the following with each public accounting firm that performs an audit: All critical accounting policies and practices used by the organization. All alternative treatments of financial information within generally accepted accounting principles that have been discussed with management of the organization, the ramifications of each alternative, and the treatment preferred by the organization.
Create an action plan and follow-up plan as Report to the board on necessary. significant issues, findings, and actions taken as a result of these reviews.
Any consultation with audit firms other than the external auditors, including reasons for and results of the consultation. (See the tool “Significant Issues, Estimates, and Judgments: Management’s Report to the Audit Committee” in this toolkit.) (continued)
74 Internal Controls Audit: Just in Time for Foster Youth
III. Audit Committee—Internal Control and Internal Audit Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
III-A. Internal Control: A Tool for the Audit Committee Review the following with the external auditors and the chief audit executive (CAE): The adequacy of the organization’s internal controls, including computerized information system controls and security Any related significant findings and recommendations of the external auditors and internal audit services, together with management’s responses thereto (See the tools “Internal Control: A Tool for the Audit Committee” and “Fraud and the Responsibility of the Audit Committee: An Overview” in this toolkit.)
Review the reports of the internal audit team for all audits completed since the prior audit committee meeting.
Report to the board on issues relating to internal controls, with emphasis on management’s Review key internal controls with the CAE, ability to override controls and and understand how these controls will be the monitoring and testing tested during the year. relating to this capacity. Review these plans with the external auditor to understand their scope with respect to key controls.
Submit a comprehensive report to the board at a specified meeting each year. Update on anything new, or any changes to the internal control system, at every meeting.
Review with the CAE the plans for audits of other elements of the control environment. Determine that all internal control weaknesses are quantified, reviewed, and addressed.
III-B. Internal Control: Accounting Policies and Procedures Ensure that accounting policies and procedures and related controls are documented and reviewed with the committee.
Ensure written policies and procedures exist.
Review accounting controls on an annual basis.
Discuss with the CAE, or equivalent, the need for testing by either the internal auditors, external auditors, or other parties.
Review with management the policies and procedures with respect to officers, key employees (CEO, CFO, chief operating officer), disqualified persons as defined by the IRS (under Internal Revenue Code Section 4958), expense accounts and perks, including excess benefit transactions, consider the results of any review of these areas by the internal auditor or the external auditors.
Report issues, if any, to the board.
Review policies and procedures annually. Review any significant findings as they arise.
Date Completed
75 Internal Controls Audit: Just in Time for Foster Youth
III. Audit Committee—Internal Control and Internal Audit (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
III-C. Internal Control: Continuous Monitoring Inquire of the CEO and CFO regarding the sources of Discuss sources of support and support and revenue of the organization from a subjective revenue with the CEO, CFO, as well as an objective standpoint. and other executives. Identify any issues addressed, and their (See the tools “Internal Control: A Tool for the Audit resolution. Committee” and “Conducting an Audit Committee Executive Session: Guidelines and Questions” in this Establish a standing agenda for toolkit.) executive sessions.
Review, as necessary, but at least annually.
III-D. Fraud and the Responsibility of the Audit Committee The committee should review the organization’s antifraud programs and controls and aid in its discovery and remedy if it does occur. The committee helps prevent and discover fraud by monitoring the financial reporting process. overseeing the internal control system. overseeing the internal audit and independent public accounting functions. reporting findings to the board of directors. monitoring and overseeing the whistle-blower policy and hotline (See the tool “Fraud and the Responsibilities of the Audit Committee: An Overview” in this toolkit.) III-E. Whistle-Blower Tracking
On a periodic basis, the committee should review the major risk exposures of the organization to fraud and the programs and controls to aid in its prevention and discovery. The committee should review all instances of fraud to determine enhancements to antifraud programs and controls.
Report to the board on a periodic basis on the condition of the organization’s risk exposure to fraud and the organization’s antifraud programs and controls.
Date Completed
76 Internal Controls Audit: Just in Time for Foster Youth
Review the procedures for the receipt, retention, and treatment of complaints received by the organization regarding accounting, internal accounting controls, or auditing matters that may be submitted by any party internal or external to the organization. Review any complaints that might have been received, current status, and resolution if one has been reached. (See tool “Sample Whistle-Blower Tracking Report” in this toolkit.)
Review procedures with CAE, external auditors, and the general counsel.
Review an original of each complaint received no matter the media used to submit.
Review all complaints that have been received and the status of resolution.
Discuss the status of resolution of each complaint.
Review at least annually.
Review a cumulative list of Ensure that proper steps are taken to complaints submitted to date investigate complaints and resolve to review for patterns or other them in a timely fashion. observations. (continued)
III. Audit Committee—Internal Control and Internal Audit (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
III-F. The Chief Audit Executive The committee is responsible for guiding, reviewing, and Meet in executive session at approving the appointment, replacement, reassignment, or each meeting with the CAE. dismissal of the CAE. Hold special meetings as The CAE should report functionally to the audit may be necessary to address committee and administratively to a senior executive of appointment, reassignment, or the organization, typically the CEO or the CFO. dismissal of CAE. The committee chair should meet with the CAE between meetings either in person or by telephone. The committee should evaluate the performance of the CAE annually. (See the tool “Guidelines for Hiring the Chief Audit Executive” in this toolkit.)
III-G. Internal Audit Scope and Plan
The committee chair should be available if any unforeseen issues arise between meetings relating to the CAE. Meet at least once annually with other members of executive management and the external auditors to discuss the performance of CAE. Discuss job satisfaction and other employment issues with the CAE.
Report to the full board on the performance of the CAE, including the effectiveness of the internal audit function.
Conduct ongoing reviews, as changes can be made at any time during the year.
Date Completed
77 Internal Controls Audit: Just in Time for Foster Youth
Review with the external auditor, CFO, controller, and CAE the audit scope and plan of the internal auditors.
Meet with external audit partner, Document the meeting in CFO, controller, and CAE to discuss the audit committee meeting minutes. scope of the previous year’s audit, and lessons learned.
Address the coordination of audit efforts to assure the completeness of coverage, reduction of redundant efforts, and the effective use of audit resources. Later, discuss planned scope for audit of current year and the The committee should discuss with the CAE and the standard of work to be followed. external auditors opportunities for reliance by the external auditors on the audit activities of internal audit. In addition, discuss the timing of progress reports, to be provided by the external auditors, and the communications process to be followed in the event of deviations from the plan.
On an annual basis, review the scope of the previous year’s audit, and the inter-relationship between the internal and external auditors with respect to the scope of the external auditors’ work. At another of the meetings each year, review the plans of internal audit for audits in the current year, if applicable.
78 Internal Controls Audit: Just in Time for Foster Youth
III. Audit Committee—Internal Control and Internal Audit (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
Date Completed
III-H. Review of Internal Audits Consider reviewing the following with management and the CAE: Significant findings on internal audits during the year and management’s responses thereto Whether internal audit encountered any difficulties in the course of its audits, such as any restrictions on the scope of its work or access to required information Any changes required in the scope of its internal audit The internal audit department’s budget and staffing The internal audit department’s charter
Review reports of all internal audits issued since the previous meeting and planned for the upcoming year along with the status of each planned audit. Review and discuss the findings for each audit completed since the prior meeting, and management’s response to the report.
Report on the status of all internal audits planned for the next quarter or year, or both.
Review at each meeting.
Internal audit should provide a summary of findings for completed audits, including management’s plan to address findings and weaknesses identified.
Discuss internal audit department budget and staffing with the CAE.
Internal Audit’s compliance with the Institute of Internal Auditors’ (IIA’s) Standards for the Professional Practice of Internal Auditing (standards), if applicable.
Discuss internal audit’s compliance with IIA standards, if applicable, including the requirement for a peer review once every five years. If the organization Internal audit should meet separately with the external receives federal funds, internal audit auditors to coordinate audit plans to optimize the ability of the external auditor to rely upon the results the internal is required to have a peer review once audit team. every three years if the external auditors plan to rely on their work to reduce the external audit scope. Review the internal audit charter periodically and update, if necessary. (continued)
79 Internal Controls Audit: Just in Time for Foster Youth
III. Audit Committee—Internal Control and Internal Audit (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
Submit recommendations for change in process and procedures.
Review after completion of the annual audit.
III-I. Evaluating the Internal Audit Team: Guidelines and Questions Evaluate the performance of internal audit annually, if applicable, including the adequacy of the audit plan, the management of the execution of the audit plan, the adequacy of the human and other resources available to execute the plan, the ability of the external auditors to rely upon the internal audit work product in its annual audit, and the nature of the findings/results of the internal audits.
Use information from executive sessions conducted throughout the year. Use a formal assessment tool for each group.
(See the tool “Evaluating the Internal Audit Team: Guidelines and Questions” in this toolkit.) IV. Audit Committee—External Auditors and Resources IV-A. External Auditors Subject to approval by the board of directors, the committee selects and appoints the external auditors to be engaged by the organization. The committee will approve the audit plan, establish the audit fees of the external auditors, and preapprove any nonaudit services provided by the external auditors, including tax services, before the services are rendered. Review with management the significance of bidding out audit services. Evaluate the performance of the external auditors on an annual basis. Ensure that single audit obligations are incorporated into the annual audit plan.
At least once each year, discuss each Document these discussions of these items with management, the in the audit committee meeting chief audit executive (CAE), and the minutes. board of directors. Report on findings and provide Review total audit fee in relation to recommendations to the board any nonaudit services being as considered necessary. provided by the external auditor. Review and evaluate the professional relationship with the auditors, including continuity of partner, manager, and staff; and level of service provided by auditors.
Review soon after the audit has been approved by the board, so the recommendation for the appointment of the outside auditor in the next fiscal year can be documented in the board minutes.
Date Completed
80 Internal Controls Audit: Just in Time for Foster Youth
IV. Audit Committee—External Auditors and Resources (continued) Audit Committee Charter General Considerations (See the tools “Sample Request for Qualifications and Request for Proposal Letter for CPA Services,” “Evaluating the Auditor’s Engagement Letter: Questions to Consider,” “Peer Review of CPA Firms: An Overview,” and “Single Audits—Office of Management and Budget Circular No. A-133: Audits of States, Local Governments, and Non-Profit Organizations” in this toolkit.)
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
Date Completed
Review the scope of all services provided by the audit firm throughout the organization.
IV-B. Discussions With the External Auditors Review all material written communications between the external auditors and management, such as any management letter or schedule of unadjusted differences. (See the tool “Required Communications with the External Auditors—What to Expect” in this toolkit.)
Discuss each item with the external auditors and management (including the CAE) and conclude on the appropriateness of the proposed resolution.
Submit reports and documentation of discussions, resolution of issues, and the action plan for any items requiring follow-up and monitoring.
Review at the completion of the external audit.
Submit recommendations for change in process and procedures.
Review after completion of the annual audit.
IV-C. Evaluating the External Auditors: Questions to Consider The committee will annually evaluate the external auditors.
Use information from executive sessions conducted throughout the year.
Communications with the external auditors in the Use a formal assessment tool. evaluation should respect the need to maintain the open flow of communication between the external auditors and the committee.
Request proposals if changes are being considered.
(See the tool “Evaluating the External Auditors: Questions to Consider” in this toolkit.) (continued)
81 Internal Controls Audit: Just in Time for Foster Youth
IV. Audit Committee—External Auditors and Resources (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
Deliverable
When to Achieve (Frequency/Due Date)
IV-D. Annual Audit—Review Review the following with management and the external auditors: The organization’s annual financial statements and related footnotes The external auditors’ audit of the financial statements and their report thereon
Discuss each matter, and others that may come to the attention of the audit committee through this process, with management (including the CAE) and the external auditors.
Review with management the course The external auditors’ judgments about the quality, not of action to be taken for any action just the acceptability, of the organization’s accounting requiring follow-up. principles as applied in its financial reporting Monitor any follow-up action that requires continued audit Any significant changes required in the external committee intervention. auditors’ audit plan Any serious difficulties or disputes with management encountered during the audit Matters required to be discussed by Statement of Auditing Standards No. 114, The Auditor’s Communication With Those Charged With Governance (AICPA, Professional Standards, vol. 1, AU sec. 380), as amended, related to the conduct of the audit. (See the tool “Required Communications with the External Auditors—What to Expect” in this toolkit.)
Submit reports and Review at the completion ofthe documentation of discussions, annual external audit. resolution of disagreements, or action plan for any item requiring follow-up.
Date Completed
82 Internal Controls Audit: Just in Time for Foster Youth
IV. Audit Committee—External Auditors and Resources (continued) Audit Committee Charter General Considerations
Steps to Accomplish Objective (Checklist)
The audit committee shall be authorized to hire external auditors, counsel, or other consultants as necessary. (This may take place any time during the year.)
Establish a policy for the audit committee to preapprove engaging external auditors and other experts.
In particular, this may be required to fully explore any issues arising through the whistle-blower procedure.
Discuss whether a standing budget should be established for this purpose.
Many organizations receive funding support from governmental and other regulated agencies that may require Requests for proposals should be statutory or contractual procedures when engaging used if time permits. external resources. (See the tools “Points to Consider When Engaging External Experts and Advisors” and “Sample Request for Qualifications and Request for Proposal Letter for CPA Services” and appendix A in this toolkit.)
Deliverable Prepare an engagement letter for each engagement. Report submitted by external accountant, counsel, or consultant.
When to Achieve (Frequency/Due Date) Continually review the policy and compliance with it as needed.
Date Completed