RSS news feed - Sarbanes-Oxley Act The Sarbanes-Oxley Act* The Sarbanes-Oxley Act was signed into law on July 30, 2002. Passed in response to the corporate and accounting scandals of Enron, Tyco, and others of 2001 and 2002, the law's purpose is to rebuild public trust in America's corporate sector. The law requires that publicly traded companies adhere to significant new governance standards that broaden board members' roles in overseeing financial transactions and auditing procedures. While nearly all of the provisions of the Act apply only to publicly traded corporations, the passage of the bill served as a wake-up call to the entire nonprofit community. Indeed, several state legislatures have already passed or are considering legislation containing elements of the Sarbanes-Oxley Act to be applied to nonprofit organizations. In many instances, nonprofit organizations have adopted policies and altered governance practices in response to the Act. Nonprofit leaders should look carefully at the provisions of Sarbanes-Oxley, as well as their state laws, and determine whether their organizations ought to voluntarily adopt governance best practices, even if not mandated by law. This report will review those provisions and assess their relevance to nonprofit organizations. Finally, it is important to note that two provisions of Sarbanes-Oxley apply to all entities, including nonprofit organizations. This report will also review those features of the Act that require immediate nonprofit compliance. MAIN PROVISIONS OF THE SARBANES-OXLEY ACT With two notable exceptions, the Sarbanes-Oxley Act affects only American publicly traded companies and regulates what boards must do to ensure auditors’ independence from their clients. The Act also creates and defines the role of the Public Company Accounting Oversight Board, an entity empowered to enforce standards for audits of public companies. The Act explains processes for electing competent audit committee members and for ensuring that adequate reporting procedures are in place. In addition, it calls for regulations, and closes most of the loopholes, for all enterprises — for-profit and nonprofit — relating to document destruction and whistle-blower protection. The following sections cover each of the major provisions of the law and discuss their relevance to nonprofit organizations. In addition, BoardSource and Independent Sector offer recommendations for how nonprofit leaders should implement various provisions of the law.   For Profit Companies     Not For Profit Companies   INDEPENDENT AND COMPETENT AUDIT COMMITTEE   The Sarbanes-Oxley Act requires that each member of a company’s audit committee be a member of the board of directors and be independent. “Independence” in the Act is defined as not being part of the management team and not receiving any compensation (either directly or indirectly) from the company as a consultant for other professional services, though board service may be compensated. In addition, a company must disclose whether it has at least one “financial expert” serving on its audit committee. If it does not have such an expert, it must disclose the rationale behind that decision. Who qualifies as a “financial expert” is still being debated. The Securities and Exchange Commission (SEC) proposes a definition that relies on an individual’s education and experience as a public accountant, auditor, or principal accounting officer. At present, however, the company’s board seems to retain the final right to establish specific qualifications for a financial expert. The audit committee is directly responsible for hiring, setting compensation, and overseeing the auditor’s activities. It sets rules and processes for complaints concerning accounting and internal control practices.     While not all non profits conduct outside audits, most nonprofit boards have established one or more financial committees (e.g., finance, audit, and/or investment). In those organizations that undertake annual audits, particularly medium to large nonprofit organizations, the board is likely to have a separate audit committee or subcommittee. In California, the Nonprofit Integrity Act of 2004 requires that any charity registered with the attorney general and receiving annual gross revenues of $2 million or more must form an audit committee. Several other states have adopted similar rules, albeit at varying gross revenue thresholds. It is good practice for nonprofit organizations to take steps to ensure the independence of the audit committee. While most nonprofit board members serve as volunteers without any compensation and staff members do not participate as voting members,all nonprofit organizations should review their practices to ensure the independence of the audit committee. Also, many states provide additional liability protection for volunteer directors that may be lost if the directors are compensated for their service. Because of recruitment priorities to create a well-balanced and diverse board, finding people with financial savvy may be challenging for boards. Nonprofit organizations need to ensure that board members of the audit committee have the financial competency to understand financial statements, to evaluate accounting firm bids to undertake auditing, and to make sound financial decisions as part of their fiduciary responsibilities. A nonprofit that has a limited number of financial experts on its board may struggle with filling the treasurer’s position, a finance committee, and an audit committee. RECOMMENDATIONS While it is too onerous to demand that all nonprofit organizations undertake a full audit, the board is responsible for assessing the potential benefits and costs of an independent audit. Non profits that expend more than $500,000 of federal funds are required to conduct an annual audit. In addition, participating in the Combined Federal Campaign requires an audit at $100,000. Any other charitable organization with $1 million or more in total annual revenues (excluding houses of worship or other organizations that are exempt from filing Form 990) should have an audit conducted of their financial statements and consider attaching a copy to their Form 990 or 990-PF. Smaller charities with revenues of at least $250,000 should choose a review or at least have heir financial statements compiled by a professional accountant. The boards of nonprofit organizations that forego an audit should evaluate that decision periodically. All nonprofit organizations that conduct outside audits, particularly medium to large organizations, should consider forming an audit committee and should separate the audit committee from the finance committee. The audit committee should be composed of individuals who are not compensated for their service on this committee and do not have a financial interest in or any other conflict of interest with any entity doing business with the organization. Most nonprofit organizations have volunteer board members. Nonprofit organizations that do compensate board members should not compensate audit committee members for their additional service. In addition, all non profits should ensure that no members of staff, including the chief executive, serve on the audit committee, although it is reasonable to have the chief financial officer provide staff support to the audit committee. The chair of the audit committee should be a board member and it is reasonable to expect that the majority of the committee members are board members. The audit committee should ensure that the auditing firm has the requisite skills and experience to carry out the auditing function for the organization and that its performance is carefully reviewed. The audit committee should meet with the auditor, review the annual audit, and recommend its approval or modification to the full board. The full board should review the annual audit and the audit committee's report and recommendations. Ideally the full board would also desire to meet with the auditor before formally accepting or rejecting the audit. At least one member of the audit committee should meet the criteria of financial expert and have adequate financial savvy to understand, analyze, and reasonably assess the financial statements of the organization and the competency of the auditing firm. This may be a non-director advisory member where permitted by state law. Orientation of board members should include financial literacy training. To support the accounting field and help ensure that nonprofit boards have available financial expertise, professional accreditation and membership organizations of accountants should require CPAs to participate in a pro bono nonprofit board service program. RESPONSIBILITIES OF AUDITORS   The Sarbanes-Oxley Act requires that the lead and reviewing partner of the auditing firm rotate off of the audit every five years. This does not necessarily mean that the auditing firm must be changed, although that may be the most direct way to comply with this requirement. In addition, the Act prohibits the auditing firm from providing most non-audit services to the company concurrent with auditing services. This prohibition applies to bookkeeping, financial information systems, appraisal services, actuarial services, management or human resource services, investment advice, legal services, and other expert services unrelated to the audit. The board's audit committee may, however, pre-approve certain services (not included in the above categories), such as tax preparation, which can then be carried out by the auditing firm. In addition, the pre-approval requirement is waived for non-auditing services if the value of the nonauditing services is less than five percent of the total amount paid by the organization to the auditing firm for auditing services. The Act also requires that the auditing firm report to the audit committee all “critical accounting policies and practices” that are used by the organization, discussed with management, and represent the preferred way management wants these policies and practices treated. These critical accounting practices include methods, assumptions, and judgments underlying the preparation of financial statements according to generally accepted accounting principles (GAAP) and assurance that any results would be disclosed in case of changed assumptions.     Changing auditors (partner or firm) every five years should be considered on a regular basis. The rationale: Auditing firms may grow accustomed to the financial procedures within one organization after a certain number of years, and bringing in a new firm helps ensure that all practices are closely examined. Nonprofit organizations would be well served to adopt the Sarbanes-Oxley rule of preventing auditing firms from providing non-auditing services, as this provision precludes a conflict of interest between the auditing firm and the client. At a minimum, application of the rule should be considered in each case. At the same time, certain services can be pre-approved by the audit committee, and there is no reason why tax services and preparation of the Form 990 or 990- PF (for private foundations), for example, could not and should not be undertaken by a nonprofit's auditing firm. This can also ensure that certain economies are achieved for the client. Finally, the provisions about disclosure to the audit committee of critical accounting policies and discussions with management also seem to follow good practice. Greater disclosure of these internal control practices and management's views on them will foster more informed judgments by the audit committee, enhanced oversight by the board, and greater transparency. The critical accounting practices would include processes for segregation of duties, policies to use restricted funds for intended purposes, processes to review off-balance sheet transactions, and procedures for monitoring inventory fluctuations. In addition, the audit committee may be an effective committee for overseeing implementation and enforcement of the governing body's conflict-of-interest policy. RECOMMENDATIONS Large non profits should consider rotating at least the lead and reviewing partners of the audit firm every five years. Nonprofit organizations should be cautious when using their auditing firms to provide non-auditing services except for tax preparation, which should be approved in advance, while the firm is contracted to provide auditing services. The audit committee should require each auditing firm to disclose to the committee all critical accounting policies and practices used within the organization as well as share with the committee any discussions with management about such policies and practices. CERTIFIED FINANCIAL STATEMENTS   The chief executive and the chief financial officers must certify the appropriateness of financial statements and that they fairly present the financial condition and operations of the company. There are criminal sanctions for false certification, but violations of this statute must be knowing and intentional to give rise to liability. In addition, to avoid conflicts of interest, the CEO, CFO, controller, and chief accounting officer cannot have worked for the auditing firm for one year preceding the audit.     Any CFO who is responsible for generating timely and accurate financial statements for the company or organization should feel comfortable about certifying document integrity. In a for-profit company, a positive bottom line is the CEO’s responsibility. Business acumen, capacity to interpret financial statements in detail, and skillfulness in convincing the board and shareholders that the corporation is meeting all expectations are obvious characteristics in a manager. Likewise, a nonprofit chief executive may be handicapped without adequate financial skills. He or she may be hired, however, primarily for other qualities. Nonprofit CEOs may excel in fundraising, knowledge of the organization’s field of interest, or a variety of other skills. Lack of superior financial prowess must be complemented by a skillful financial officer; without that person, the organization cannot convince donors and funders that their money is properly managed. Nevertheless, it is still the responsibility of the CEO to ensure good stewardship of the organization's resources. Under Sarbanes-Oxley, CEO and CFO certification carries with it the weight of the law, but part of the underlying rationale is to ensure that both the CEO and CFO know and understand the financial statements. For a nonprofit organization, CEO and CFO sign-off on financial statements would not carry the weight of law (although some states are now considering adopting a similar requirement), but it would signal the importance that the CEO, in particular, attaches to understanding the nonprofit's financial condition. For nonprofit organizations, a key financial document is the Form 990 or 990-PF. The form requires a signature from an officer of the organization. Research from a number of studies reveals that the accuracy of these forms leaves much to be desired. Many of the errors in the Form 990 and 990-PF relate to failures to complete all forms, including Schedule A. Other problems include presenting an inaccurate report on fundraising costs, thereby distorting the required financial picture of the organization's operations. Thus, it is critical that nonprofit organizations examine their financial systems, policies, and reporting to help improve the accuracy and completeness of these forms. There is, in all likelihood, considerably less staff movement in the nonprofit world between accounting firms and client organizations than there is in the for-profit world. Furthermore, because nonprofit executives do not receive lucrative stock options, the relevance of possible conflicts of interest from an auditor joining the executive staff of a nonprofit client is correspondingly less. RECOMMENDATIONS CEOs or CFOs, while they need not certify the financial statements of the organization, do need to fully understand such reports and make sure they are accurate and complete. Signing off provides formal assurance that both the CEO and the CFO have reviewed them carefully and stand by them. The CEO and CFO should review the Form 990 or 990-PF before it is submitted to ensure that it is accurate, complete, and filed on time. Regardless of whether the CEO and CFO certify the financial report, the board has the ultimate fiduciary responsibility for approving financial reports. Just as the financial and audit reports are reviewed and approved by the audit committee and the board, the Form 990 or 990-PF should also be reviewed and approved. At a time when the Form 990 and 990-PF are published on the Internet by third parties, it is more important than ever that directors be familiar with the contents of the organization’s 990 each year. INSIDER TRANSACTIONS AND CONFLICTS OF INTEREST   The Act generally prohibits loans to any directors or executives of the company.     Non profits are currently highly regulated with respect to financial transactions that take place within the organization. Private inurement, excessive personal benefit, and selfdealing all cause serious penalties for any nonprofit that steps out of line. “Intermediate sanctions” laws specifically address compensation and excess benefit transactions with “disqualified” individuals, generally board members and executive staff. Providing private loans to insiders — the specific item included in the Sarbanes-Oxley- Act - is not a common practice in the nonprofit sector. However, when it has occurred, it has caused problems either from the perception of a conflict of interest or because it has not been appropriately documented as part of executive compensation. In addition, in some states, nonprofit law expressly prohibits loans to directors and officers. RECOMMENDATIONS Because the practice of providing loans to nonprofit executives has been a source of trouble in the past and because this practice is specifically prohibited under Sarbanes-Oxley and in some states, it is strongly recommended that nonprofit organizations not provide personal loans to directors or executives. If such loans are provided, they should be formally approved by the board, the process for providing the loan should be documented, and the value and terms of the loan should be disclosed. To guide the board and staff in independent decision making, the organization must have a conflict-of-interest policy with board members annually disclosing their potential conflicts of interest, and this policy must be enforced without fail. DISCLOSURE   The Sarbanes-Oxley Act requires a number of disclosures, including information on internal control mechanisms, corrections to past financial statements, and material off balance sheet transactions (adjustments). The Act also requires companies to disclose information on material changes in the operations or financial situation of the company on a rapid and current basis.     While nonprofit organizations do not file most of the reports that publicly traded companies are required to file, they should nevertheless provide their donors, clients, public officials, the media, and others with an accurate picture of their financial condition. Current law already requires tax-exempt organizations to make their Forms 990 or 990-PF freely available to anyone who requests them in writing or in person. These information returns, as mentioned before, need improvements both in accuracy and in timeliness of disclosure. One way to achieve that objective is through electronic filing, something the Internal Revenue Service is currently pursuing and the nonprofit community generally endorses. RECOMMENDATIONS Nonprofit organizations should improve the timeliness, accuracy, and completeness of the Forms 990 or 990-PF by filing electronically when that option is available to them. Non profits should strive for greater disclosure and transparency. Non profits should not rely on automatic extensions for filing Forms 990 and 990-PF without cause. Audited financial statements should be easily accessible for review. Two provisions of the Sarbanes-Oxley Act apply to all entities because they are amendments to the federal criminal code, so all nonprofit organizations need to comply with them. WHISTLE-BLOWER PROTECTION   The Sarbanes-Oxley Act provides protections for whistle-blowers and imposes criminal penalties for actions taken in retaliation against those who risk their careers by reporting suspected illegal activities in the organization. It is illegal for any entity — for-profit and nonprofit alike — to punish the whistle-blower in any manner.     Non profits must start by protecting themselves. They must eliminate careless and irresponsible accounting practices and benefit from an internal audit that brings to light weak spots and installs processes that are not vulnerable to fraud and abuse. Written policies that are vigorously enforced by executive staff and the board send a message that misconduct is not tolerated. These policies should cover any unethical behavior within the organization — including sexual harassment. Each organization must develop procedures for handling employee and volunteer complaints, including the establishment of a confidential and anonymous mechanism to encourage employees and volunteers to report any inappropriateness within the entity's financial management. No punishment for reporting problems — including firing, demotion, suspension, harassment, failure to consider the employee for promotion, or any other kind of discrimination — is allowed. Even if the claims are unfounded, the organization may not reprimand the employee. The law does not force the employee to demonstrate misconduct; a reasonable belief or suspicion that a fraud exists is enough to create a protected status for the employee. RECOMMENDATIONS Non profits must develop, adopt, and disclose a formal process to deal with complaints and prevent retaliation. Nonprofit leaders must take any employee and volunteer complaints seriously, investigate the situation, and fix any problems or justify why corrections are not necessary. DOCUMENT DESTRUCTION   The Sarbanes-Oxley Act addresses destruction of litigation-related documents. The law makes it a crime to alter, cover up, falsify, or destroy any document (or persuade someone else to do so) to prevent its use in an official proceeding (e.g., federal investigation or bankruptcy proceedings). The Act turns intentional document destruction into a process that must be monitored, justified, and carefully administered.     Common sense dictates that individuals, nonprofit organizations, and companies regularly need to shred or otherwise dispose of unnecessary and outdated documents and files. Like their for-profit counterparts, nonprofit organizations need to maintain appropriate records about their operations. For example, financial records, significant contracts, real estate and other major transactions, employment files, and fundraising obligations should be archived according to guidelines established by the organization. Because of current technology, electronic files and voicemail can become complicated as we come to understand the relevance of the delete button as a permanent method of file removal. RECOMMENDATIONS A nonprofit organization should have a written, mandatory document retention and periodic destruction policy. Such a policy also helps limit accidental or innocent destruction. The document retention policy should include guidelines for handling electronic files and voicemail. Electronic documents and voicemail messages have the same status as paper files in litigation-related cases. The policy should also cover back-up procedures, archiving of documents, and regular check-ups of the reliability of the system. If an official investigation is underway or even suspected, nonprofit management must stop any document purging in order to avoid criminal obstruction charges. CONCLUSION The Sarbanes-Oxley Act has now been in force for several years. The legal climate has intensified in the nonprofit sector as Congressional committees and state legislatures are actively proposing new legislation to regulate organizations. Individual non profits have begun to identify loopholes - and figure out how to eliminate them. Watchdog agencies and other nonprofit field-building organizations are reconsidering assumptions and standard operating procedures in an effort to identify guidelines, standards, and best practices in the sector. Regardless of the present scope of existing and potential new legislation at the state and federal level, nonprofit organizations have heard the wake-up call. For all of us in the sector, the Sarbanes-Oxley Act spearheaded a renewed realization that nonprofit organizations rely on - and must protect - the indispensable and unequivocal confidence and trust of our constituents. Self-regulation and proactive behavior will always prove more powerful than compulsory respect of laws. *SOURCE OF MATERIALS BoardSource and Independent Sector wish to thank Dan Moore, Vice President for Public Affairs, GuideStar; Tom Hyatt, Principal, Ober Kaler; and Paul Nelson, President, Evangelical Council for Financial Accountability, for sharing their professional insights and expertise on this document. Information and guidance in this document is provided with the understanding that BoardSource and Independent Sector are not engaged in rendering professional opinions. If such opinions are required, the services of a certified public accountant or an attorney should be sought. This paper was revised in January 2006 to reflect changes in laws relating to, and practices of, nonprofit organizations. [see original document]   Top of page