Nonprofits spend a lot of time and energy reviewing financial data. Accounting departments are staffed, monthly financial statements are generated, Finance Committees meet regularly, annual independent audits of the financial statements are performed, and Audit Committees provide general oversight. In the majority of nonprofits, the accounting function is the most scrutinized area.
Given the amount of effort exerted in tracking financial information, many nonprofits may find that the true risk areas for error or misrepresentation can be found outside of the direct purview of the accountants. Are CFOs and Controllers cognizant of all the data being managed by other departments? Probably not; staying on top of generating accurate financial data can consume the majority of their efforts.
So, what if inaccurate data is being created and distributed by nonaccounting sources? Who is watching them? Quite often, the data being distributed by areas outside of accounting can be critical to the nonprofit’s public image.
Take for example the recent incidents of statistical errors by Bucknell University and George Washington University (GW). In both cases, the universities disclosed that statistical information submitted to U.S. News for use in college rankings was inaccurate. Bucknell was lucky – its errors were small enough that its ranking was unchanged by U.S. News. On the other hand, GW is now categorized by U.S News as “unranked.” GW’s unranked status will last at least until the fall of 2013.
At a minimum, it is an embarrassing situation for two well-regarded institutions.
It certainly doesn’t seem like these situations were caused by a breakdown in financial controls or processes. Rather, it appears that the nonfinancial statistical data was not subject to the numerous layers of control and review that would have been present with published financial statements.
Another example can be found in the story of the Indio Youth Task Force (IYTF). It was discovered that a consultant that was hired by IYTF to apply for a $35 million Federal grant had submitted false and misleading information with the application. The grant consultant was found guilty of fraud and one would imagine that the management of IYTF had to expend significant resources assisting the authorities as they worked through the case.
Do CFOs routinely review grant applications? They might. Or, they may be supplying information to the grant writer without ever seeing the finished product before it is submitted. The auditors might look at a grant application, but likely only to get a sense of the sorts of revenue and expense associated with a grant. The underlying assertions and statistics within the application would probably not be scrutinized by financial statement auditors.
So what does all this mean?
It means that nonprofits need to give consideration to the variety of data they are releasing to the public, members, donors, and other interested parties. Management, Audit Committees, and Boards need to be asking if there are processes in place to verify the accuracy of such information.
For the typical nonprofit, it would be a wise investment of time to take an inventory of the significant types of nonfinancial data that it generates. The inventory should consider things such as:
- Who generates the data?
- How robust is the system that creates the data?
- How is the data internally reviewed?
- Is there independent verification of the data?
- What third-parties are relying on the data?
- What would happen if the data were incorrect?
The information gathered during the inventory process can then be used to assess whether improvements in the procedures surrounding the creation and distribution of nonfinancial data are warranted.
Audit Committees are being increasingly charged with considering a nonprofit’s exposure and response to risk. Therefore, having the Audit Committee annually review the nonfinancial data inventory would be a logical extension of its duties. The Audit Committee could even request that the independent auditors verify particularly critical data or test the functioning of the internal review system. The Audit Committee’s involvement ensures that this issue is considered on a routine basis by both management and the Board. To further enhance the discussion, the independent auditor should be included during the Audit Committee’s consideration of nonfinancial data. In addition to bringing an external perspective to the conversation, the organizational knowledge gained by the auditor can prove useful in helping to plan an efficient and effective financial statement audit.
As the saying goes, “You’re never hit by the freight train you see coming.” Nonprofits have long been aware of the diesel engine named “financial statements.” Putting forth the effort to think about the risk related to errors or fraud in nonfinancial data can go a long way in helping you see another locomotive while it’s still safely down the tracks.
Join Doug September 12-13 in Chicago where he will be presenting at the Nonprofit Finance Summit. Don’t wait to register- seating is limited! Register here.
Doug Boedeker is a partner in Tate & Tryon’s Audit and Assurance Services department and can be reached at firstname.lastname@example.org.