By Walt Derengowski, CPA, CFE, Partner, Audit
Signed into law in 2013, the New York Nonprofit Revitalization Act (NPRA) introduced statutory requirements for nonprofit organizations registered with the Attorney General’s Charities Bureau and those that conduct charitable solicitations in New York, regardless of where they are incorporated. The intent of NPRA is to reduce the burden of the annual audit for smaller nonprofit organizations who may not have the resources for a cumbersome and expensive audit process. Nonprofits operating in New York should be aware of the final increase of the audit threshold.
The first revision to nonprofit laws in New York in 50 years, the NPRA has gone through several updates and clarifications since 2013 meant to refine laws regarding board governance, conflict of interest and whistleblower policy. The requirements can be confusing, but nonprofits should be aware of potential impacts to their legality and industry status with the New York Attorney General’s Office (AG). To avoid the risk of non-compliance (and possible fines), nonprofit leaders should fully understand and implement these governance requirements in 2021.
Revised Audit Requirements
Annual revenue thresholds for audit reporting have been climbing since the NPRA’s enactment in 2013. The organization’s annual revenue is the key to whether an organization files a simple financial report on Form CHAR 500, a Review Report by independent Certified Public Accountant (CPA), or an Audit Report by Independent CPA.
The thresholds, designed to help smaller organizations save time and money on audit related costs, will enter their final phase in July 2021.
Reporting requirements after July 1, 2021:
- Nonprofits with annual gross revenue and support under $250K must file an annual unaudited financial report;
- Those with annual gross revenue and support over $250K but under the current CPA audit threshold must file a “review report” from an independent CPA; and
- Only those organizations with $1M or more in gross revenue are required to file an independent CPA audit report. The current audit threshold stands at revenue greater than $750K.
Nonprofits should note that after reviewing annual filings, the AG might request an independent CPA audit from nonprofits with gross revenue over $250K due within 120 days of the request.
For organizations with gross revenue under $1M, save your organization the headache of having to deal with a spontaneous AG request by preparing in advance. Your organization should still be following the NPRA guidelines even though it is not required to file an independent CPA audit report.
If required to file an independent CPA audit report, a nonprofit shall have either a) a designated Audit Committee consisting entirely of “Independent Directors”; or b) or the Board of Directors (with only Independent Directors participating in the deliberations or voting) to oversee the accounting and financial reporting processes. This includes retaining a CPA to conduct the audit and oversee the audit of the organization’s financial statements.
A nonprofit’s audit review and oversight policy must include provisions for:
- Reviewing the scope and planning of the audit with the auditor prior to commencement;
- Reviewing and discussing upon completion of the audit:
- Any material weaknesses in internal controls identified by the auditor;
- Any restrictions on the scope of the auditor’s work or access to information;
- Any significant disagreements between the auditor and management; and
- The adequacy of the accounting and financial reporting processes;
- Considering the performance and independence of the auditor on an annual basis; and
- Submitting a report of the Audit Committee’s activities (if one is designated) to the Board.
Reduce audit fees by streamlining your audit process. Start with correcting any weaknesses in your internal control systems. With your auditors spending less time assessing your internal controls, your organization will be able to reduce hours and save money. See our presentation, “How to Strengthen Your Nonprofit’s Internal Controls,” for more information.
In order to avoid improper influence, no employee of the nonprofit organization may serve as the chairperson of its Board. Exemptions need approval from the Board by a two-thirds majority vote of the entire Board, and the basis should be documented in writing at the time of the vote.
As significant stakeholders in the organization, employees serving on the Board might make sense. However, if an organization and its Board vote to have an employee serve as the chair of the Board, conflicts of interest are likely to occur. The key to a successful employee Board chair starts with documentation that clearly designates responsibilities, establishes accountability, and outlines policy and procedures.
Conflicts of Interest
Every nonprofit Board must have written conflict of interest policies. These policies govern the identification and assessment of personal conflicts for directors, officers and employees. Additionally, nonprofits must have specific related party transactions laid out in the conflict of interest polices. This would be transactions in which directors, officers, and employees have a personal financial interest.
- Policies must define what constitutes a conflict, stipulate disclosure procedures, mandate annual submission of conflict disclosure statements, require documentation in the minutes of any meeting where a conflict was discussed or acted on, and prohibit any conflicted party from improperly influencing, being present for deliberations concerning or voting to authorize the conflict;
- Signed disclosure statements must be compiled annually by the Secretary (or a designated compliance officer) and be delivered to the Chair of the Audit Committee or, if there is not one, to the Chair of the Board.
- Documentation of any related party transactions between a nonprofit and its directors, officers, and key employees, including their relatives and other organizational affiliations.
- Disclosure of the material facts of any “interested parties” relationship to the transaction to the Board.
- He or she must be absent from board discussions and votes;
- A Board may only approve a financial transaction if it is fair, reasonable, and in the best interests of the nonprofit and consider alternative options; and
- The AG has the authority to bring action to enjoin or rescind any related party transaction which are not approved in accordance required policies and procedures.
Disclosure and regular review of your organization’s conflict of interest policy will support proper implementation and strengthen governance. Keep in mind that if you file an IRS Form 990 (990), the documentation and legitimacy of your conflict of interest policy are on public display. The 990 includes a question regarding the policy’s existence as well as your organization’s process for identifying and managing conflicts.
Nonprofits with 20 or more employees and annual revenue greater than $1M must have a written whistleblower protection policy and “distribution” guidelines.
Essential elements of the whistleblower policy:
- Procedures for reporting suspected violations, preserving confidentiality and protecting whistleblowers from retaliation; and
- An employee, officer or director designated to administer and report to the Audit or other Committee of Independent Directors, or if no committee, to the Board.
In order to be fully compliant, a copy of the policy must be given to all officers, employees, trustees, directors and volunteers once adopted. It should be noted that volunteer distribution policies differ. For a not-for-profit corporation, the policy only needs to be distributed to volunteers who provide substantial services. In contrast, all volunteers must receive the policy at charitable trusts.
Post the organization’s whistleblower policy prominently on your website. Directors, officers, employees and volunteers should be aware of the policy’s location and familiar with its contents. In addition, the policy should be included in the employee handbook and the handbook should be signed annually by employees acknowledging they have read and understand the policies.
The Bottom Line
The ramifications for not complying with the NPRA are at the discretion of the AG who has the authority to enforce penalties, including monetary damages. Working with CPAs and advisors who understand the NPRA’s requirements and can provide proven best practices for implementation is the best way to ensure compliance for nonprofit organizations in New York. For more information on the NPRA including audit and tax requirements, board assessments, proper reporting or transparency and internal controls requirements, contact Walt Derengowski at email@example.com.