If your organization is the recipient of $750,000 or more of federal financial assistance within the fiscal year, you are likely subject to a single audit to comply with the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, collectively known as the Uniform Guidance.

Being well prepared for the single audit can help the process be more efficient. It’s a great idea to outsource the audit preparation/readiness responsibilities to a firm such as W.A. Anderson CPA. This will ensure that the audit process is stress free and efficient. In the event that your organization decides to undertake the responsibility of preparing for the audit, below are some valuable best practices that can minimize your headaches and put your organization on the road to success:

Offer targeted training to your staff. It is very important that all staff members are properly trained in their areas of responsibility. One key area to train staff in is identifying allowable costs under the grant agreement. This helps to reduce the risk of errors and non compliance with the grant agreement.

Get started on the right foot. The organization should ensure that appropriate internal controls over the relevant compliance requirements are in place. For example, there should be separation of duties/responsibilities between completing grant applications, approving applications and revisions, entering the budgets and approving expenditures to ensure compliance.

Identify and address problem areas in advance. The staff should spend significant time reviewing those areas that have been a source of problems and non compliance in the past, to prevent issues from reoccurring.

Keep up to date on all of the latest guidance and developments. The AICPA’s Governmental Audit Quality Center (GAQC) provides numerous free tools related to the Uniform Guidance to auditees in its Auditee Resource Center. These single audit tools include articles, web events, practice aids and useful links. With the massive outlay of government spending in the wake of the Covid-19 pandemic, there have been numerous changes and developments over the past year. Auditee organizations need to be aware of the changes impacting them and ensure that they are properly accounted for.

The most common reason for business failure is related to poor risk management- failing to see and proactively respond to the signals of disruption right in front of them. Blackberry, Blockbuster and Kodak all come to mind. While no one could have predicted the nature, severity and global reach of the coronavirus , it’s clear that organizations should include such risk scenarios in future strategic planning discussions. To be successful in business, it is not enough to do what you do well, but you have to also be on the look out for potentially disruptive changes and put plans in place to mitigate potential negative impact.

Business risk is defined as any threat or hazard which prevents or disrupts an organization’s ability to achieve its strategic objectives. Risks may come from both external and internal vulnerabilities. One of the upsides is that once risk is identified, it can almost always be mitigated. Proactive organizations that are strategic about risk management can limit their organization’s exposure to a variety of risks.

Risk assessment is a process to identify and evaluate threats and hazards that could potentially harm a business. It involves considering the types of threats that exist, the assets at risk from the threats, and the potential negative impacts. Companies that define and evaluate the potential disasters and emergencies that they might encounter will have situational awareness at the most hazardous and critical times..

Once the organization has identified and evaluated its critical risks, a decision will need to be made whether to accept the risk and do nothing, avoid the risk entirely or take steps to mitigate the damage.

Risk assessment and analysis is not a one time event. Once the assessment and analysis has been completed, it should be updated at a minimum, once a year. Monitor your organization, customers, vendors and the external environment for changes that may create a new risk or change the ranking of an existing threat.

To ensure this process gets the full attention it needs, It is a good idea for organizations to designate a Chief Risk Office(CRO) . This responsibility may be assigned to a full time employee or be outsourced to a firm such as W.A. Anderson CPA if the technical resources are not available internally.

Smart organizations will invest into identifying and evaluating risks that could damage or close them down entirely ( from environmental risks to reputational risks) and develop strategies to limit their exposure and protect their hard-earned success.

Between implementing new accounting standards, keeping up with regulatory changes, and meeting fundraising and program delivery goals, many not-for profits (NFPs) are stretched to their limits. So when it comes to creating or updating policies, it’s easy to push those tasks to the bottom of the list. However, having strong policies in place can protect your NFP from liability, help your organization adopt consistent and clear actions, and help with more efficient usage of limited resources. Sound policies can also help the governing board provide more effective oversight.

The following steps can help your NFP get the ball rolling when it comes to creating or updating policies:

1. Perform an inventory of the policies that are currently in place: This may require some digging if you don’t have a central repository for your organization’s policies. It may also include reviewing past board meeting minutes. As you identify the policies, create an index that lists all of them in one place. Include the date the board originally approved the policy and any subsequent dates they were reviewed and/or updated. The index can help with identification of the policies that have not been reviewed recently and finalize those that were never approved by the board.

2. Consider what policies should be in place and what they should include: Once the policies the organization has in place have been identified, management should consider what might be missing. Policies that a NFP organization may wish to consider having in place include:

   - Designation of Funds Policy

   - Delegation of Authority Policy

   - Conflict of Interest Policy

   - Telecommuting Policy

   - Document Retention Policy

   - Gift Acceptance Policy

   - Information Security Policy

   - Investment Policy

   - Social Media Policy

   - Whistleblower Policy

   - Ethics Policy

   - Travel Policy

3. Create a process for updating policies: Once your NFP has a comprehensive list of policies, it’s important to plan for periodic reviews. The frequency and time frame for review may be different for each policy. For instance, some organizations review their investment policy annually, and review other policies every three years. Establishing a policy review schedule will help to ensure that policies reflect the organization’s core values, mission and vision and are being adhered to by staff. In addition, consider establishing a consistent practice of having the board and/or board committees review and approve policies.

4. Establish a means of effectively communicating policies: For board members to comply with organizational policies, they need to be provided with the policies. Board members should not be placed in a position where they need to ask for them. They also need to understand them. It’s not enough to distribute the policies to the board members and ask them to sign a statement saying that they have reviewed and understand them. Formal training on the policies is necessary for board members to fully understand the need for the policies and the ramifications of not following them. The organization should consider offering comprehensive training on policies as part of the board orientation, augmented by an abbreviated policy training at each board meeting.

5. Ensure that policies are consistently enforced: The quickest way for policies to lose their effectiveness is to enforce them inconsistently or not at all. It is therefore important to make sure that management and the board take consistent action. Like the board, organizational staff need to understand the policies in order to comply with them. Formal policy training for staff is recommended during new hire orientation, augmented by abbreviated policy training during staff meetings.

On Tuesday, May 4th, the US Small Business Administration (SBA) informed lenders that the Paycheck Protection Program (PPP) was out of money and that the only remaining funds available for new applications are $8 billion set aside for community financial institutions (CFIs), which typically work with businesses in underserved communities. The agency has also set aside $6 billion for PPP applications still in review status or needing more information due to error codes.

In late March of this year, Congress extended the PPP applications deadline to May 31, in part to give the SBA and lenders time to resolve error codes that were holding up nearly 200,000 applications in the SBA’s PPP platform. The error codes were due to validation checks implemented by the SBA to prevent fraudulent applications from being funded.

The PPP Extension Act of 2021 did not include any additional funding over and above the $292 billion that was approved for the current round of the PPP .

Research has shown that several areas of fraud risk have increased in the wake of the COVID-19 pandemic. Business Managers should know what types of fraud pose the greatest threat to the organization and develop appropriate internal controls to address these threats. If the company has recently updated its fraud risk assessment, use the results to guide your decision making. If the company has not updated its fraud risk assessment or has never performed one, this would be a good time to do so.

Fraud losses can be significant, and at times of financial stress, losses need to be kept to an absolute minimum. An investment in proper controls could save a lot more down the line.

Below are two potential fraud risk areas along with advice on controls that can be implemented to address those risks:

VENDOR FRAUD RISK

Purchasing departments might be inclined to skip some of the regular vendor checks in situations where a regular vendor cannot deliver on time and a substitute supplier is needed immediately.. In these high time and delivery situations, there may be a temptation to shorten the usual vendor screening process by cutting out some critical controls. Fraudulent vendors may approach the purchasing department requesting prepayments in advance of delivery of the goods or services, and then disappear without providing the agreed upon goods and services. Also, employees working in the purchasing department under financial stress may become susceptible to bribery.

Companies should strengthen the controls relating to the screening of new vendors. Organizations should increase scrutiny of vendors requesting significant prepayments ahead of providing any service or delivery of goods. Particular attention should be paid to new vendors without significant business relationships. and conduct open source research to ensure that the vendor is not a known fraudster.

INTERNAL FRAUD RISKS

In difficult economic times, management may decide to cut spending on its hotline or other controls to detect fraud. An effective reporting mechanism is one of the best anti-fraud measures a company may have. Tips are the most common way that fraud is detected.. Management should avoid the temptation to cut spending in these much needed areas. To get the most out of a hotline, revisit the company’s anti-fraud training for all levels of staff.

The COVID-19 pandemic has increased the incentive and opportunity for fraud in many areas of business. Proper internal controls need to be at the forefront of combatting this.

On April 27, 2021, the U.S. Small Business Administration (SBA) announced that it will begin registrations on Friday, April 30, 2021 and open applications on Monday, May 3, 2021 for the Restaurant Revitalization Fund.

Established under the American Rescue Plan , and signed into law by President Joe Biden on March 11, 2021, the Restaurant Revitalization Fund provides a total of $28.6 billion in direct relief funds to restaurants and other hard-hit food establishments that have experienced economic distress and significant operational losses due to the COVID-19 pandemic. This program will provide restaurants with funding equal to their pandemic-related revenue loss up to $10 million per business and no more than $5 million per physical location. Funds must be used for allowable expenses by March 11, 2023.

“ Restaurants are the core of our neighborhoods and propel economic activity on main streets across the nation. They are among the businesses that have been hardest hit and need support to survive this pandemic. We want restaurants to know that help is here” said SBA Administrator Guzman.

In preparation, the SBA recommends qualifying applicants familiarize themselves with the application process in advance to ensure a smooth and efficient application experience.

For the first 21 days that the program is open, the SBA will prioritize funding applications from businesses owned and controlled by women, veterans, socially and economically disadvantaged individuals.