Monthly Archives

November 2020

Nov 24
0

Know Your Scammers – Cyber Fraud Signs

By | cyber security, Fraud | No Comments

Many of us grew up with Saturday morning children’s cartoons. Is it me, or did every cartoon villain look the same? They always tiptoed towards their intended target and hoisted big empty sacks over their shoulders (the better to cart away their loot!). Everything about them screamed VILLAIN in all-caps. 

Well, of course, it was easy to identify the bad guys in those old cartoons. After all, they were created for children’s entertainment, and kids like things simple. But don’t we all? We all long for it to be easy to identify the “bad guys” out there, and that includes cyber crooks as well as the classic cartoon crooks.

As organizations struggled to cope with the many changes initiated by the coronavirus pandemic, cyber crooks were already on the hunt for their next victim. Many found easy targets among the small businesses, including nonprofits, in turmoil. Without the routine of daily interactionism among employees, easy access to communications to reach fellow workers to ask questions, and looser security among IT networks to enable workers to work from home, cyber crooks didn’t need to tiptoe around in the dark. They acted boldly, and many succumbed to their lures.

Don’t be caught by cyber crooks this year. Know the signs of cyber fraud and protect your nonprofit from the current scams as well as general scams aimed at stealing your data.

Email Fraud – CDC Fake Emails

It was inevitable that criminals found a way to exploit people’s trust in the CDC. One common cyber fraud scam sent emails purporting to be the CDC to organization owners with a link in the email text encouraging them to click for more information.

Savvy recipients spotted several issues with the “CDC” emails that can help you recognize and avoid such phishing emails in the future.

  • Recipients hadn’t contacted the CDC and wondered how the CDC obtained their email addresses.
  • Sharp-eyed people recognized that when they held their mouse over the CDC link, it pointed to another website. 
  • The wording, spelling, and grammar weren’t quite right in the email. It was as if someone had run the text through Google’s translate feature. (Perhaps they had)
  • The email requested personal information to respond, including the recipient’s email address and corporate login information. The CDC wouldn’t ask for that information.

These are all signs of a typical phishing email. Other signs include a generic salutation, fuzzy logos (because they are cut and pasted from the web), or fonts that look odd compared to actual communication from the company, firm, or government agency.

When in doubt, never click a link. Instead, log into a fresh browser screen and visit the site on your own. If there is no message pertaining to the topic of the email, it’s likely it was a phishing scheme.

Specific Nonprofit Risks

As a nonprofit organization, you’re probably soliciting donations online right now to make up for lost revenues from cancelled in-person events.

However, constituents are bombarded right now with both legitimate and not-so-legitimate requests for funds from charities and fraudsters pretending to be charities.

How can you help them distinguish between actual charitable solicitations and fraudulent ones?

  • Remind constituents that they can always visit your website and donate on their own—they do not need to do so through the link in your email (a cyber crook would never say this).
  • Through your website, continually offer updated information on funding campaigns, progress towards goals, and financial information.
  • Remain transparent with all financial dealings.

The key to helping constituents feel comfortable enough to give online is to maintain clear and honest communications about your nonprofit’s finances. Now is the time to offer great transparency into your organization’s finances and to reassure donors at every step of the way that their money is being put towards the work of the organization.

Mitigating Cyber Security Threats with the Right Technology

Awareness and training go a long way to reduce the risk of cyber fraud, especially phishing schemes like the first one we described. Nonprofits can also reduce their risk by maintaining dedicated VPN lines, special inbound connections with encryption that keep their servers secure.

Overworked IT departments, older software, and similar factors can make your nonprofit vulnerable. Close these gaps now before it’s too late. In 2019, data breaches exposed over 4 billion records, and the companies in the thick of such data breaches found themselves embroiled in months of clean-up work. Not all of these companies were big corporations, either. Small businesses and nonprofits are especially vulnerable because cybercriminals know they don’t have a big team of IT professionals on call to handle cybersecurity.

Take time now to update your systems, review cybersecurity procedures, and work with a company such as Welter Consulting to prevent cyber fraud. Criminals don’t tiptoe through backyards carrying big sacks like in the cartoons. They sneak in through emails, attack vulnerable software, and look for small businesses unable to fight back. The time to shore up your defenses is now.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Nov 17
0

The Paycheck Protection Program and Loan Forgiveness: What You Need to Know

By | Loan | No Comments

The Paycheck Protection Program (PPP), administered by the Small Business Association through the auspices of the federal government, offered relief for organizations and employees hit hard by the coronavirus pandemic. The program was meant to ease the financial shock for many employees who found themselves out of work or working for significantly reduced pay, as businesses adjusted to the new mandates to keep employees, customers, and others safe during the pandemic.

The PPP ended on August 8, 2020. If your organization participated in the program, here’s are four important highlights from the newly released Frequency Asked Questions issued by the SBA.

General Loan Forgiveness

Loan forgiveness was a part of the PPP, and people naturally have questions about it. The FAQs clarified that those who worked as sole proprietors, independent contractors, or self-employed individuals and who had no employees at the time of their PPP loan application (and did not include any employee salaries in the computation of average monthly payroll in the Borrower Application Form) automatically qualify for PPP Loan Forgiveness. But, to receive loan forgiveness, they must complete Form 3508EZ and submit it.

Loan Forgiveness and Payroll Costs

Are you wondering, as the owner of a nonprofit, how to calculate the amount of owner compensation as part of the PPP? It seems that many others had questions about this, too, as it appeared in several of the FAQs in the document.

The confusion stems from the fact that the original wording of the PPP used the term owner but never defined it enough. To ensure clarity, the SBA defined an owner-employee as someone who is both an owner and an employee of a C corporation. They also provided examples for owners of C and S corporations, self-employed Schedule C (or Schedule F) filers, general partners, and LLC owners.

Additionally, further clarification is provided for partial pay periods, group health care benefits, and two questions related to payroll costs that were incurred or paid outside of the eight-week or 24-week covered periods.

Loan Forgiveness and Non-Payroll Costs

Section 6 of the FAQs provide further guidelines on loan forgiveness and non-payroll costs. These refer to payments of transportation utility fees assessed by state and local governments. Also addressed are two questions related to nonpayroll costs that were incurred or paid outside of the eight-week or 24-week covered periods. Lastly,  the Alternative Payroll Covered Period for payroll costs does not apply to nonpayroll costs.

Loan Forgiveness Reductions

Do you have questions about how to calculate the reduction in the loan forgiveness amount arising from reductions in employee salary or hourly wage? If so, section 4 provides three examples to guide you.

The AICPA anticipates providing more guidelines, clarification, and direction to assist with PPP program compliance in its next Town Hall. For more information, visit the AICPA Town Hall Events page.

Will the PPP Ever Be Renewed?

It remains unknown if the PPP will ever be renewed. With this being a presidential election year, Congress may wish to wait until the direction for 2021 is set by the outcome of the election. If it is renewed, we’ll share details here.

Welter Consulting

Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.

Nov 10
0

What Will Auditors Look for This Year?

By | Audit | No Comments

Nonprofits on a calendar-based financial year are already looking ahead to their fiscal year-end and follow-up audit. This year offers numerous challenges for both nonprofits and the auditors who review their data. What will auditors look for this year? What red flags should both nonprofits and auditors look for?

Changing the Way We Work

The coronavirus pandemic arrived in the United States sometime in mid-winter, forcing the closure of many businesses and stay-at-home orders in many states. Nonprofits that did not have work-from-home policies found themselves scrambling to put into place policies and processes that would enable their employees and volunteers to stay safe and healthy while still serving their constituents.

Although everyone hopes for a vaccine or reliable treatment for the novel coronavirus, such things take time.  As the pharmaceutical industry races to find both, we must deal with the reality that social distancing remains the norm for the time being. And how we work, fundraise, and serve constituents has changed too.

Several changes in the way nonprofits work may impact their 2020 audits. Each one has different ramifications and considerations.

Risk of Fraud

Auditors will be especially alert to the risk of fraud this year. For-profit corporations run the risk of fake journal entries to artificially inflate income levels, and nonprofits aren’t immune to such temptations. Some may be tempted to add to their revenues to please boards and members who want to know that their favorite nonprofit is still viable.

Internal Controls

Internal controls that were established pre-COVID 19 focused on office-based controls to manage petty cash, checks, deposits, and similar transactions. With many people working from home and offices maintaining limited in-person staff, such controls may have been ignored or relaxed to keep operations running.

It’s not just lower-level employees who may have been tempted by relaxed internal controls. If accounting staff were unable to access systems remotely, managers may have loosened security settings on various corporate programs. Doing so, they’ve opened the door for themselves or other managers to access what might have formerly been tightly controlled financial data.

Noncompliance

Noncompliance with laws and regulations (NOCLAR) always remains a concern of nonprofit organizations. Many federal and state agencies enacted temporary changes to rules or special stimulus packages to assist organizations during the pandemic. 

But nothing is free, and the money received from stimulus packages and other aid related to the pandemic comes with strings attached. Such programs often require specific documentation to ensure compliance with the rules surrounding them. Now is the time to re-read the fine print on any of the packages or other aid received and ensure that your organization has fulfilled its compliance obligations.

Estimates Associated with Revenue Recognition

Lastly, an area of concern for both auditors and accountants is estimates associated with revenue recognition.  FASB ASC Topic 606, Revenue From Contracts With Customers, is in its first year of implementation and any change to revenue recognition may cause an opportunity for mistakes. With this year being in such turmoil, the risk of mistakes is higher. Accountants must review their revenue recognition approach and policies and correct errors quickly.

Auditors May Work Remotely

Auditors prefer to work on-site but that may not be possible during the next few months as the race for treatment or vaccine continues. Prepare now for your auditors to handle a remote audit  by ensuring that all of the data in your system is updated and accessible with the proper permissions to the auditors.

A cloud-based accounting system such as Abila MIP can make it much easier to work with auditors as well as handle daily accounting and reporting needs for nonprofits. 

Please contact Welter Consulting at 206-605-3113 for more information.