First it was Enron …Then Big Banks …. Is the Nonprofit Next?

By Gary R. Pannone

It has been more than a decade since the American Competitiveness and Corporate Accountability Act of 2002 (“Sarbanes-Oxley Act”) was signed into law and we have now had another recession caused in large part by irresponsible lending by banks. It was the same type of actions by Enron, Tyco, WorldCom and others that changed the corporate regulatory landscape forever; however, we seem to continue the trend of pushing the envelope in terms of transparency.

The Sarbanes-Oxley Act was a reaction to corporate and accounting scandals and was essentially a determined albeit, late effort by Congress to rebuild public trust in the corporate sector. As a result of this legislation, governance has been expanded by requiring board members to demonstrate a more comprehensive function as the overseers of financial transactions and auditing procedures. Unfortunately, Sarbanes did not prevent the most recent irresponsible actions by banks that led to another recession, and since Enron, we have experienced a similar set of circumstances in the failure of our financial institutions, all of which has led to further regulations, government intervention and significant corporate failures.

Although the primary target for the increased regulation and oversight was the public company, there have been unintended consequences for the nonprofit sector. Many of the principles enunciated by these new regulations have an indirect impact on governance, financial accountability and transparency, which means that the board members and leadership need to be proactive in developing and maintaining stronger governance policies and procedures that are consistent with the professed intent of Sarbanes as it relates to transparency and accountability.

The term “best practices” has become the standard by which governance principles are measured and it is prudent for the nonprofit organization to take note of such practices and adopt a governance structure that demands the accountability of its leadership and makes the organization transparent to the donor public.

The governing principles of most of the recent legislation and IRS mandates outline a process for electing competent audit committee members by employing a standard designed to ensure that adequate reporting procedures are in place for the public corporation. This legislation also makes it clear that the principles espoused relating to document destruction and whistleblower protection apply to all entities.


The Sarbanes-Oxley Act requires that each member of a company’s audit committee be a member of the board of directors and be independent.

“Independence” in the Act is defined as not being part of the management team and not receiving any compensation (either directly or indirectly) from the company as a consultant for other professional services, though board service may be compensated.

In addition, a company must disclose whether it has at least one “financial expert” serving on its audit committee. If it does not have such an expert, it must disclose the rationale behind that decision. Who qualifies as a “financial expert” is still being debated. The Securities and Exchange Commission (SEC) proposes a definition that relies on an individual’s education and experience as a public accountant, auditor, or principal accounting officer. Nonprofit organizations should heed this mandate in that they are next in line. The audit committee is directly responsible for hiring, setting compensation and overseeing the auditor’s activities. It sets rules and processes for complaints concerning accounting and internal control practices.

advisorypicWhile not all nonprofits conduct outside audits because of the cost, most nonprofit boards have established one or more financial committees (e.g., finance, audit, and/or investment). In those organizations that undertake annual audits, particularly medium to large nonprofit organizations, the board is likely to have a separate audit committee or subcommittee. In California, the Nonprofit Integrity Act of 2004 requires that any charity registered with the attorney general and receiving annual gross revenues of $2 million or more must form an audit committee. Several other states have adopted similar rules, albeit at varying gross revenue thresholds.

It is good practice for nonprofit organizations to take steps to ensure the independence of the audit committee. While most nonprofit board members serve as volunteers without any compensation and staff members do not participate as voting members, all nonprofit organizations should review their practices to ensure the independence of the audit committee. Also, many states provide additional liability protection for volunteer directors that may be lost if the directors are compensated for their service.

Because of recruitment priorities to create a well-balanced and diverse board, finding volunteers with financial savvy may be challenging for boards. Nonprofit organizations should endeavor to ensure that board members of the audit committee have the financial competency to understand financial statements, to evaluate accounting firm bids to undertake auditing, and to make sound financial decisions as part of their fiduciary responsibilities. A nonprofit that has a limited number of financial experts on its board may struggle with filling the treasurer’s position, a finance committee and an audit committee.

While it is too onerous to demand that all nonprofit organizations undertake a full audit, the board is responsible for assessing the potential benefits and costs of an independent audit. Nonprofits that expend more than $500,000 of federal funds are required to conduct an annual audit. In addition, participating in the Combined Federal Campaign requires an audit at $100,000.

Any other charitable organization with $1 million or more in total annual revenues (excluding houses of worship or other organizations that are exempt from filing Form 990) should have an audit conducted of their financial statements and consider attaching a copy to their Form 990 or 990-PF. Smaller charities with revenues of at least $250,000 should choose a review or at least have their financial statements compiled by a professional accountant.

The boards of nonprofit organizations that forego an audit should evaluate that decision periodically. All nonprofit organizations that conduct outside audits, particularly medium to large organizations, should consider forming an audit committee and should separate the audit committee from the finance committee.

The audit committee should be composed of individuals who are not compensated for their service on this committee and do not have a financial interest in or any other conflict of interest with any entity doing business with the organization. Most nonprofit organizations have volunteer board members. Nonprofit organizations that do compensate board members should not compensate audit committee members for their additional service. In addition, all nonprofits should ensure that no members of staff, including the chief executive, serve on the audit committee, although it is reasonable to have the chief financial officer provide staff support to the audit committee. The chair of the audit committee should be a board member and it is reasonable to expect that the majority of the committee members are board members, as well.

The audit committee should ensure that the auditing firm has the requisite skills and experience to conduct the auditing function and that its performance is carefully reviewed. This committee should meet with the auditor, review the annual audit, and recommend its approval or modification to the full board. The full board should review the annual audit and the audit committee’s report and recommendations. Ideally, the full board would also desire to meet with the auditor before formally accepting or rejecting the audit.

At least one member of the audit committee should meet the criteria of financial expert and have adequate financial savvy to understand, analyze and reasonably assess the financial statements of the organization and the competency of the auditing firm. This may be a nondirector advisory member where permitted by state law.

Orientation of board members should include financial literacy training. To support the accounting field and help ensure that nonprofit boards have available financial expertise, professional accreditation and membership organizations of accountants should require CPAs to participate in a pro bono nonprofit board service program.


Sarbanes requires that the lead and reviewing partner of the auditing firm rotate off of the audit every five years. This does not necessarily mean that the auditing firm must be changed; although that may be the most direct way to comply with this requirement.

In addition, this onerous legislation prohibits the auditing firm from providing most non-audit services to the company concurrent with auditing services. This prohibition applies to bookkeeping, financial information systems, appraisal services, actuarial services, management or human resource services, investment advice, legal services and other expert services unrelated to the audit. The board’s audit committee may, however, pre-approve certain services (not included in the above categories), such as tax preparation, which can then be carried out by the auditing firm. In addition, the pre-approval requirement is waived for non-auditing services if the value of the non-auditing services is less than five percent of the total amount paid by the organization to the auditing firm for auditing services.

Sarbanes also requires that the auditing firm report to the audit committee all “critical accounting policies and practices” that are used by the organization, discussed with management, and represent the preferred way management wants these policies and practices treated. These critical accounting practices include methods, assumptions and judgments underlying the preparation of financial statements according to generally accepted accounting principles (GAAP) and assurance that any results would be disclosed in case of changed assumptions.

Changing auditors (partner or firm) every five years should be considered on a regular basis. The rationale: Auditing firms may grow accustomed to the financial procedures within one organization after a certain number of years, and bringing in a new firm helps ensure that all practices are closely examined.

Nonprofit organizations would be well served to adopt the Sarbanes-Oxley rule of preventing auditing firms from providing non-auditing services, as this provision precludes a conflict of interest between the auditing firm and the client. At a minimum, application of the rule should be considered in each case. At the same time, certain services can be pre-approved by the audit committee, and there is no reason why tax services and preparation of the Form 990 or 990-PF (for private foundations), for example, could not and should not be undertaken by a nonprofit’s auditing firm. This can also ensure that certain economies are achieved for the client.

Finally, the provisions about disclosure to the audit committee of critical accounting policies and discussions with management also seem to follow good practice. Greater disclosure of these internal control practices and management’s views on them will foster more informed judgments by the audit committee, enhanced oversight by the board, and greater transparency. The critical accounting practices would include processes for segregation of duties, policies to use restricted funds for intended purposes, processes to review off-balance sheet transactions, and procedures for monitoring inventory fluctuations. In addition, the audit committee may be an effective committee for overseeing implementation and enforcement of the governing body’s conflict-of-interest policy.

Large nonprofits should consider rotating at least the lead and reviewing partners of the audit firm every five years. Nonprofit organizations should be cautious when using their auditing firms to provide non-auditing services except for tax preparation, which should be approved in advance, while the firm is contracted to provide auditing services.

The audit committee should require each auditing firm to disclose to the committee all critical accounting policies and practices used within the organization, as well as share with the committee any discussions with management about such policies and practices.


The chief executive and chief financial officers must certify the appropriateness of financial statements and that they fairly present the financial condition and operations of the company. There are criminal sanctions for false certification, but violations of this statute must be knowing and intentional to give rise to liability. In addition, to avoid conflicts of interest, the chief executive officer, chief financial officer, controller, and chief accounting officer cannot have worked for the auditing firm for one year preceding the audit. Any chief financial officer who is responsible for generating timely and accurate financial statements for the company or organization should feel comfortable about certifying document integrity.

In a for-profit company, a positive bottom line is the chief executive officer’s responsibility. Business acumen, capacity to interpret financial statements in detail, and skillfulness in convincing the board and shareholders that the corporation is meeting all expectations are obvious characteristics in a manager. Likewise, a nonprofit chief executive may be handicapped without adequate financial skills. He or she may be hired, however, primarily for other qualities. Nonprofit chief executive officers may excel in fundraising, knowledge of the organization’s field of interest, or a variety of other skills. Lack of superior financial prowess must be complemented by a skillful financial officer; without that person, the organization cannot convince donors and funders that their money is properly managed. Nevertheless, it is still the responsibility of the chief executive officer to ensure good stewardship of the organization’s resources.

advisorypicUnder Sarbanes, the chief executive and chief financial officer certification carries with it the weight of the law, but part of the underlying rationale is to ensure that both the chief executive and chief financial officer know and understand the financial statements. For a nonprofit organization, the new requirements relating to the 990 certification require the chief executive and chief financial officers to sign-off on financial statements which, although not carrying the weight of law in most jurisdictions, including Rhode Island, signal the importance that the chief executive officer, in particular, attaches to understanding the nonprofit’s financial condition.

The Form 990 or 990-PF is a significant document for a nonprofit organization and must be taken very seriously by the officer certifying as to its accuracy. Research from a number of studies reveals that the accuracy of these forms leaves much to be desired. Many of the errors in the Form 990 and 990-PF relate to failures to complete all forms, including Schedule A. Other problems include presenting an inaccurate report on fundraising costs, thereby distorting the required financial picture of the organization’s operations. Thus, it is critical that nonprofit organizations examine their financial systems, policies, and reporting to help improve the accuracy and completeness of these forms.

There is, in all likelihood, considerably less staff movement in the nonprofit world between accounting firms and client organizations than there is in the for-profit world.

Furthermore, because nonprofit executives do not receive lucrative stock options, the relevance of possible conflicts of interest from an auditor joining the executive staff of a nonprofit client is correspondingly less. Chief executive officers or chief financial officers, while they need not certify the financial statements of the organization, do need to fully understand such reports and make sure they are accurate and complete. Signing off provides formal assurance that both the chief executive officer and the chief financial officer have reviewed them carefully and stand by them.

The chief executive and chief financial officers should review the Form 990 or 990-PF before it is submitted to ensure that it is accurate, complete, and filed on time. Regardless of whether the chief executive and chief financial officers certify the financial report, the board has the ultimate fiduciary responsibility for approving financial reports. Just as the financial and audit reports are reviewed and approved by the audit committee and the board, the Form 990 or 990-PF should also be reviewed and approved. At a time when the Form 990 and 990-PF are published on the internet by third parties, it is more important than ever that directors be familiar with the contents of the organization’s Form 990 each year.


Sarbanes generally prohibits loans to any directors or executives of the company. Nonprofits are currently highly regulated with respect to financial transactions that take place within the organization. Private inurement, excessive personal benefit, and self-dealing all cause serious penalties for any nonprofit that steps out of line. “Intermediate sanctions” laws specifically address compensation and excess benefit transactions with “disqualified” individuals, generally board members and executive staff. Providing private loans to insiders – the specific item included in the Sarbanes-Oxley Act – is not a common practice in the nonprofit sector.

advisorypicBecause the practice of providing loans to nonprofit executives has been a source of trouble in the past and because this practice is specifically prohibited under Sarbanes Act and in some states, it is strongly recommended that nonprofit organizations not provide personal loans to directors or executives. If such loans are provided, they should be formally approved by the board, the process for providing the loan should be documented, and the value and terms of the loan should be disclosed. To guide the board and staff in independent decision making, the organization must have a conflict-of-interest policy with board members annually disclosing their potential conflicts of interest, and this policy must be enforced without fail.


Sarbanes also requires a number of disclosures, including information on internal control mechanisms, corrections to past financial statements, and material off balance sheet transactions (adjustments). The Act also requires companies to disclose information on material changes in the operations or financial situation of the company on a rapid and current basis.

While nonprofit organizations do not file most of the reports that publicly traded companies are required to file, they should nevertheless provide their donors, clients, public officials, the media, and others with an accurate picture of their financial condition. Current law already requires tax-exempt organizations to make their Form 990 or 990-PF freely available to anyone who requests them in writing or in person. These information returns, as mentioned before, need improvements both in accuracy and in timeliness of disclosure. One way to achieve that objective is through electronic filing, something the Internal Revenue Service is currently pursuing and the nonprofit community generally endorses.

Nonprofit organizations should improve the timeliness, accuracy, and completeness of the Form 990 or 990-PF by filing electronically when that option is available to them. Nonprofits should strive for greater disclosure and transparency. Nonprofits should not rely on automatic extensions for filing the Form 990 or 990-PF without cause. Audited financial statements should be easily accessible for review.


Sarbanes also provides protections for whistleblowers and imposes criminal penalties for actions taken in retaliation against those who risk their careers by reporting suspected illegal activities in the organization. It is illegal for any entity – for-profit and nonprofit alike – to punish the whistleblower in any manner. Nonprofits must start by protecting themselves. They must eliminate careless and irresponsible accounting practices and benefit from an internal audit that brings to light weak spots and installs processes that are not vulnerable to fraud and abuse. Written policies that are vigorously enforced by executive staff and the board send a message that misconduct is not tolerated. These policies should cover any unethical behavior within the organization, including sexual harassment.

Each organization must have procedures for handling employee and volunteer complaints, including the establishment of a confidential and anonymous mechanism to encourage employees and volunteers to report any inappropriateness within the entity’s financial management. No punishment for reporting problems, including firing, demotion, suspension, harassment, failure to consider the employee for promotion, or any other kind of discrimination, is allowed. Even if the claims are unfounded, the organization may not reprimand the employee. The law does not force the employee to demonstrate misconduct; a reasonable belief or suspicion that a fraud exists is enough to create a protected status for the employee.

Nonprofits must also develop, adopt, and disclose a formal process to deal with complaints and prevent retaliation. Nonprofit leaders must take any employee and volunteer complaints seriously, investigate the situation, and fix any problems or justify why corrections are not necessary.


The destruction of litigation-related documents presents serious issues. The law makes it a crime to alter, cover up, falsify, or destroy any document (or persuade someone else to do so) to prevent its use in an official proceeding (e.g., federal investigation or bankruptcy proceedings). The Act turns intentional document destruction into a process that must be monitored, justified, and carefully administered.

Common sense dictates that individuals, nonprofit organizations, and companies regularly need to shred or otherwise dispose of unnecessary and outdated documents and files. Like their for-profit counterparts, nonprofit organizations need to maintain appropriate records about their operations. For example, financial records, significant contracts, real estate and other major transactions, employment files, and fundraising obligations should be archived according to guidelines established by the organization. Because of current technology, electronic files and voicemail can become complicated as we come to understand the relevance of the delete button as a permanent method of file removal.

A nonprofit organization should also have a written, mandatory document retention and periodic destruction policy. Such a policy also helps limit accidental or innocent destruction. The document retention policy should include guidelines for handling electronic files and voicemail. Electronic documents and voicemail messages have the same status as paper files in litigation-related cases. The policy should also cover back-up procedures, archiving of documents, and regular check-ups of the reliability of the system.

If an official investigation is underway or even suspected, nonprofit management must stop any document purging in order to avoid criminal obstruction charges.


We have now experienced the impact of Sarbanes for more than a decade and following the most recent banking debacle the legal climate has also intensified in the nonprofit sector as Congressional committees and state legislatures are actively proposing new legislation to regulate organizations. Individual nonprofits have begun to identify loopholes and figure out how to eliminate them. Watchdog agencies and other nonprofit field-building organizations are reconsidering assumptions and standard operating procedures in an effort to identify guidelines, standards, and best practices in the sector.

Regardless of the present scope of existing and potential new legislation at the state and federal level, nonprofit organizations have heard the wake-up call. For all of those in the nonprofit sector, a renewed realization that self-regulation and proactive behavior is critical should be the lesson from what has been experienced in the public sector.


“Strengthening Transparency, Governance, Accountability of Charitable Organizations, a Final Report to Congress and the Nonprofit Sector, June 2005.” Panel on the Nonprofit Sector,

Recommendations from the National Association of Corporate Directors Concerning Reforms in the Aftermath of the Enron Bankruptcy. “Corporate Governance. The Wall Street Journal Reports.” Wall Street Journal, February 24, 2003.

“Raising the Bar on Governance: Board Committee Performance in the New Era of Accountability.” American Governance & Leadership Group, 2002.

Kokourek, Paul F., Christian Burger, and Bill Birchard. “Corporate Governance: Hard Facts about Soft Behaviors: Seven steps to fixing what Sarbanes-Oxley can’t.” Strategy+ Business, Issue 30, Spring 2003

McLaughlin, Thomas A. “For-Profit Spillover: New Regulation of Independence.” Nonprofit Times, February, 1, 2003.

Published by Gary R. Pannone, Managing Principal


Gary R. Pannone

Managing Principal

Gary R. Pannone is the Managing Principal of Pannone Lopes Devereaux & O’Gara LLC. He has been representing closely held business owners for 30 years, specializing in the areas of business formations, corporate restructuring, mergers and acquisitions and corporate compliance. Attorney Pannone’s practice also includes the representation of nonprofit organizations with respect to consolidations and mergers and acquisitions, and he serves on several boards and governance committees of nonprofit agencies. He is a frequent lecturer and published author in the areas of corporate compliance, board governance and best practices.

Knowledge Library

Receive Our E-News

Client Review

What is extremely unique about PLDO is that they are great lawyers who actually care about me and my business. They make me feel as if I am the most important client in the firm and I am certain that all of their clients feel the same way. 

Michael Droitcour
PresidentThe Droitcour Company