Nonprofit Financial Management Resources: 10 Things You Must Know about Internal Controls

No one likes to think about internal controls, but an important component of nonprofit financial management is developing and implementing a strong set of such controls to mitigate risk and prevent fraud.

Make internal control processes easier with Beck & Company’s client accounting services. Contact Beck and Company online or by phone at (703) 834-0776 to learn how quickly you can improve your internal controls.

Nonprofit theft is shockingly common, according to the Boston Globe. Over 1,100 charities reported theft, embezzlement, or another major diversion of assets, according to an IRS report cited in the Globe article. At one nonprofit serving the homeless, the COO brazenly added funds to his own paycheck. These and other examples of nonprofit fraud and theft are unfortunately common.

Why so many problems in the nonprofit world? After all, one would think that people dedicated to serving a particular mission or vision would be scrupulously honest. Every dollar embezzled by the COO previously cited could have been spent to feed, clothe and house homeless families. So why the embezzlement?

People can be tempted to steal no matter where they work. And, unfortunately, nonprofits can be more trusting than other organizations.

The answer for good nonprofit financial management lies in having strong internal controls. Internal controls are the measures you take to ensure rigorous honestly in all your financial dealings. With good internal controls in place, you’ll have a series of checks and balances to protect financial assets.

The 10 Things Nonprofits Should Know About Internal Controls

1. Why are internal controls necessary? Internal controls are more than rules and regulations. They are guidelines for how funds are handled throughout your organization. By establishing a set of clear, unambiguous internal controls, nonprofit financial management is easier for all.
2. Assess your current internal controls and update as necessary. There’s no one-size-fits-all set of internal controls you can put in place that will answer all of your organization’s needs. Instead, assess your current internal controls and note any gaps. Compare them to the three COSO objectives (below) and see how yours measure up. Adjust as necessary.
3. Review internal controls against the three COSO objectives. There are actually five COSO objectives, but three stand out and apply directly to our discussion of internal controls. These include:
1. Risk assessment, especially risk identification and challenges.
2. Control activities, including policies and procedures as well as outsourcing risks, backups and more.
3. Monitoring, which includes both ongoing and periodic monitoring and assessment of internal controls.
4. Evaluate organization level controls. Organization or entity-level controls refer to the most basic level of controls in place to safeguard financial assets. Many organizations have internal controls in place, but are they being followed? An example of an internal control at the organizational level may be a blanket policy that all expense reimbursement requests must be accompanied by an original receipt. This may seem like a simple control, but it can prevent a great deal of fraud across the organization if the policy is carried out.
5. Determine information technology controls. Another area of potential fraud is through information technology resources. The IT department collects and maintains a great deal of valuable data at a typical nonprofit. Donor and member credit card information, for example, can be used to perpetuate fraud. Controls over who can access data are important to safeguard it.
6. Build controls around segregation of duties. It’s unhealthy to have all of the access to financial information in the hands of one or two people. Make sure your internal controls include segregation of duties. For example, the person who reconciles the bank statement isn’t the same person who deposits the money.
7. Put in place fraud prevention controls – and follow them. Fraud prevention controls include things like internal audits, a good component of any nonprofit financial management plan. Other fraud prevention controls include simple things like having someone double-count the cash, ensuring that the bank statements are reconciled promptly and similar actions. But perhaps more important than even having fraud prevention controls is actually following them. Don’t just pay lip service to fraud prevention, but make sure that fraud prevention controls are documented in writing, the staff is taught how to adhere to them, and there’s follow up and accountability to ensure compliance.
8. Document all policies and procedures. It’s easy to talk about fraud prevention and internal controls and then forget about them when you get busy. It’s harder to forget about them when you have everything documented in writing. Write down the policies and ensures the entire team, not just accounting and finance, attends training sessions to understand and follow them.
9. Recognize common procedural gaps. Be sure to look across all areas of your organization so that best practices cover both people at the top and those at the entry-level positions. It’s obvious that controls need to be in place within the finance and accounting department, but often companies forget that other workers have access to sensitive information or financial documents. Annual reviews of existing processes, external audits, and working with a nonprofit accounting audit services can help you recognize and close any gaps in your processes.
10. Address gaps immediately. There are always going to be gaps in any policy – that’s human nature. But don’t let those gaps in your policies remain open. Instead, update policies to ensure gaps are closed as soon as possible.

Need more details on implementing Internal Controls for your nonprofit? Download our whitepaper, “A Nonprofit’s Guide to Internal Controls.”
Nonprofit financial management includes strong internal controls that prevent theft, fraud, and embezzlement. With these best practices and diligent training on procedures, you’ll be in a much better position to safeguard your organization against problems.

Beck & Company

At Beck & Company, we work with many nonprofits to help them improve their internal controls. We have extensive experience and a tradition of creative thinking, technical expertise, and a collaborative spirit that can help your nonprofit achieve its goals. Whether you want to increase donor confidence and support through transparent accounting practices or find a partner for your annual audit, we can help. Contact us today or call 703-834-0776.

Is It Time for Nonprofits to Accept Cryptocurrencies Like Bitcoin for Donation and Payments?

Traditional nonprofit financial management may look askance at Bitcoin, Ethereum, LiteCoin, Dash and other cryptocurrencies, but love them or hate them, crypto is here to stay. It provides a secure alternative to traditional currency and can be tracked and monitored in a public, transparent way.

What Is Cryptocurrency?

Cryptocurrency began in 2009 with the release of a white paper that outlined Bitcoin, the very first cryptocurrency. Bitcoin is now just one of hundreds, perhaps thousands, of blockchain-based ‘coins’ that transmit value through proof of work, proof of stake, or other forms of blockchain mining.

Blockchain technology itself is more than cryptocurrency. Blockchain is a continually growing record that consists of blocks of code. Each block, once confirmed, is permanent and unalterable. It is a decentralized record in that the code that powers a blockchain is held on multiple computers worldwide. Most blockchains are public and open for verification and build-outs. One of the most famous blockchains aside from the one that powers Bitcoin is Ethereum. The Ethereum blockchain is used to build something called smart contracts, which are contracts that eliminate the need for third party verification.

If you think this is all just a passing fad, think again. While the run up of Bitcoin prices is reminiscent of other financial bubbles in the past such as the real estate or internet stock bubble, blockchain technology is now being used to test recording real estate deeds and records in Sweden, secure email communications through a company called Envilope, and enable secure, transparent records in many areas including healthcare, real estate, and more.

Cryptocurrencies and Nonprofits: Expanding Donations

Nonprofits can expand their donation avenues by accepting Bitcoin and other cryptocurrencies. To do so, you’ll need to open an account on a recognized cryptocurrency exchange. Since there is no official registration of exchanges akin to the stock exchange, you will need to do additional due diligence to find some of the better-known exchanges.

Legitimate cryptocurrency exchanges have a KYC or know your customer process in place to verify identification. Expect it to take 7 to 10 days to complete the KYC process.

Once your nonprofit is registered with an exchange, it has a wallet address. Wallet addresses are the public code, usually in the form of a QR code graphic or a long string of letters and numbers, that funds are transferred into. Once transferred, the transfer cannot be reversed. The exchange will deduct a percentage of the overall fee once the currency is in your virtual wallet. You can then exchange cryptocurrencies into dollars or other currencies and transfer that amount into your bank account.

For nonprofit financial management, be sure to keep accurate track of all financial transactions on cryptocurrency exchanges. Taxation laws and reporting laws around cryptocurrencies are constantly changing and evolving, and you may need your records handy to comply with the law when it comes time to reporting income. As of 2014, the IRS considered cryptocurrencies as property for tax purposes, but  recent statements make it sound as if they are leaning towards regulating it like a security. Clear guidance is still lacking.

Using Cryptocurrency as a Marketing Tactic

Lastly, consider targeting specific individuals or groups who may wish to donate using Bitcoin. Fortunes have been made over the past decade thanks to the stratospheric rise in BTC value and other currency values. Create and build a list of cryptocurrency leaders and solicit donations through direct, personal outreach.

Millennials and Generation Y and Z individuals are all more comfortable using cryptocurrencies than their older counterparts. These young people may already own Bitcoin or other coins and wish to use them for donations. If your nonprofit accepts cryptocurrencies as donations, you can send specific promotions to this demographic and include that QR code to make donating easy and fast for them.

Accepting cryptocurrency as a donation may seem far-fetched but many nonprofits are experiencing the benefits of this new technology-facilitated money. It’s secure, irreversible from the donor’s side, and fairly easy to set up to accept. Why not give it a try?

Beck & Company

Since 1987, we have helped many nonprofits in the Washington D.C. area and along the Eastern seaboard with their accounting and financial management needs. We provide audit, tax, accounting, and consulting service that addresses all aspects of a small to mid-sized nonprofit organization’s business. Contact us or call 703-834-0776 x8001.

Cultural Intelligence, the New Frontier in Nonprofit Financial Management

First there was intelligence quotient (IQ) then emotional intelligence. Now, there’s cultural intelligence. Nonprofit financial management success must include all three in today’s connected world to be successful.

Different Types of Intelligence

The original IQ tests or intelligence quotient was derived as a test for army soldiers in the early 20th century. The same pioneers who brought you IQ tests developed things like the SAT test and other aptitude tests. These early data scientists believed that nearly every personal characteristic could be measured and quantified.

Peter Salovey and John D. Mayer coined the term ‘emotional intelligence’ in 1990 to describe an individual’s ability to  “monitor one’s own and others’ feelings and emotions, to discriminate among them, and to use this information to guide one’s thinking and action”.  David Goleman, a writer for The New York Times, popularized their work in a book released in the 1990s, and the term became common parlance or shorthand for the ability to read and utilize emotional information in conversation.

Today, add to that a new term: cultural intelligence. Cultural intelligence refers to an individual’s ability to recognize, interact with, and respond appropriately to people of other cultures.

In the world of nonprofit financial management, cultural intelligence is rapidly becoming as important as emotional intelligence. While intellectual giftedness and intelligence is widely recognized as a desirable attribute, without emotional and cultural intelligence, those with high IQs tend to be like Sheldon Cooper on the television show “The Big Bang Theory” – smart, able to do their work easily, but difficult to live, work, and interact with on a daily basis without wanting to tear your hair out.

Examples and Benefits of Cultural Intelligence

Every one of us hails from a unique culture. That culture may be white, suburban, and middle class, Jewish and upper class, or Chinese immigrant. Each culture brings with it a series of cultural norms in dress, behavior and attitude that when understood and respected, can serve as an icebreaker in the business world.

Take the example of two job candidates for a position in nonprofit financial management. Both candidates are white women who hail from middle class backgrounds. But Candidate A has traveled widely during and after her college years, spending time working on volunteer projects in Haiti, the Dominican Republic, and Thailand. Candidate B does not have that richness of cultural exposure or interaction. Which candidate is better for nonprofit financial management in an organization that interacts on a global basis?

If your staff consists primarily of people from a homogenous culture and interacts only with people of the same culture,  Candidate B may be perfectly suitable. Candidate B, to be fair, may have a deep and abiding respect and admiration for other cultures, too. But Candidate A has actually lived, worked, and spent time in other cultures, immersing herself in their traditions and norms. She may more easily fit in a meeting with people from Caribbean, Central American and Asian cultures.

All people can learn to be aware of other cultures and respect their norms. Most people know, for example, that in Jewish culture, men wear yarmulkes inside the synagogue and that Amish people prefer not to have their pictures taken. Respect for each culture means wearing appropriate clothing when entering a house of worship and adhering to the ‘no picture’ rule if you happen to drive by an Amish barn raising on your next trip through Pennsylvania, Indiana, New York or Virginia Amish country.

Practical Application of Cultural Intelligence

Respect is fine and a welcome attribute. But what is the practical application of cultural intelligence?

In some instances, it creates bonds of respect between individuals. Those who demonstrate respect for other cultures, such as dressing conservatively when visiting Middle Eastern countries or not making eye contact in an Asian business meeting, may bridge the gap more easily between colleagues. This creates common ground, shared understanding, and the basis of trust for future business dealings.

Inside your nonprofit organization, you are likely to encounter people from many, diverse cultures. We live in a world where cultural identity and embracement is the norm rather than the exception; we live and work in the United States in an immigrant culture, one that is more likely to find a place for those who dress, look, or behave differently than the standard culture.

Those who possess cultural intelligence will be far better equipped to make business connections and handle themselves gracefully across all cultures. Combine that with high IQ and strong EQ, and you’ve got a winning combination for success.

Beck & Company

Since 1987, we have helped many nonprofits in the Washington D.C. area and along the Eastern seaboard with their accounting and financial management needs. We provide audit, tax, accounting, and consulting service that addresses all aspects of a small to mid-sized nonprofit organization’s business. Contact us or call 703-834-0776 x8001.

Federal Tax Withholding Update

Beck & Company provides accounting and tax service for nonprofits, and as part of our services, we offer informative updates on IRS tax regulations. Updates from the IRS this year include a new W-4 form and a new withholding calculator. It is important for you to investigate these and other IRS updates and inform your nonprofit employees so that they can make informed judgments on their personal withholdings.

Withholding Changes and the New Calculator

The Tax Cuts and Jobs Act made significant changes to tax law including increasing standard deductions, increasing the child tax credit limit, removing personal exemptions, limiting or discontinuing certain deductions and changing the tax rates and brackets.

How do you know if you should double check your withholding? Anytime you have a major life change, such as marriage, divorce, widowhood, new children or similar changes in marital or family status, it is time for a withholding checkup.

Others who should check their withholding amounts by using the new IRS withholding calculator include:

  • Individuals with two or more jobs at the same time or who only work for part of the year.
  • Individuals with children who claim credits such as the Child Tax Credit.
  • Individuals who itemized deductions in 2017.
  • Individuals with high incomes and more complex tax returns.
  • Anyone who works more than one job.

There are certain instances when the withholding calculator may not be adequate to help you assess your taxes. In this case, you should speak with a tax advisor. Situations that may be too complex for the withholding calculator include people with capital gains, those who owe an alternative minimum tax, and self-employed people.

The new withholding calculator asks people to estimate how much they will make in 2018. It also asks questions about other items that may affect taxes. It’s easier to use if you have a recent pay stub handy. The information on your recent pay stub helps you determine how much you are currently withholding and any potential changes you may need to make in the current year.

Of course, the new IRS withholding calculator is only as accurate as the information that you enter. If you enter incorrect information, you won’t get accurate results. Use your best judgment and when in doubt, speak with your tax advisor or an accountant.

W4 Forms

IRS form W-4 helps your employer to withhold the proper amount of taxes from your pay. Nonprofits and those working for nonprofits must withhold and pay proper individual and employment taxes. Being a “not for profit” or having “tax exempt” status does not mean that employees are tax exempt or that an organization is exempt from reporting proper taxes. If a nonprofit has such a designation, it means that the organization does not to pay certain taxes. The people working for the nonprofit must still pay applicable employment taxes.

What to Do if Withhold Information Has Changed

If your withholding information has changed, it is time to update your W-4 information. Human resources managers should be ready to help employees update W-4 information and assist them with any questions they may have regarding the new tax law changes, withholding, and other payroll and personnel requests.

Anytime changes affect income taxes, it’s time to check your withholding. Checking your W4 now may save you from the inconvenience of under or over-paying employment taxes.

Beck & Company

Since 1987, we have helped many nonprofits in the Washington D.C. area and along the Eastern seaboard with their accounting and financial management needs. We provide audit, tax, accounting, and consulting service that addresses all aspects of a small to mid-sized nonprofit organization’s business. Contact us or call 703-834-0776 x8001.

Washington DC Nonprofit Advisor Recommends GDPR Privacy and Data Checkup

As Washington DC nonprofit advisors, we try to help all of our clients nationwide keep up to date with changes in regulations throughout the nonprofit world. One such regulation is GDPR. This European regulation takes effect in May 2018 and will update data and privacy regulations throughout the European Union, the most sweeping changes since 1995.

Although you may be an American-based nonprofit organization, no one is exempt from GDPR. That’s because the rules apply not just to companies and organizations located within the EU but also to any business entity – for profit or not for profit – that interacts with EU citizens. In today’s global, internet-based world, that opens the door for anyone with a website to fall under GDPR’s requirements.

What, you may wonder, would happen if you just ignored it? After all, you’re not an EU citizen, and your organization is licensed and registered in the United States…well, the penalty for not adhering to GDPR is severe ranging from a warning to fines that could range in the six or seven figures.

GDPR looks confusing on the surface and it is indeed complex. Washington DC nonprofit advisors to the rescue! Let’s break it down into the important parts nonprofits need to know, understand, and act upon to comply.

Data Collection, Storage, and Privacy

Most of the GDPR regulations focus on personal data collection, privacy, and storage. Data breaches must be reported within a 72-hour window and people must give explicit consent to data collection. Data that falls under GDPR collection rules includes:

  • Name
  • Photos
  • Email addresses
  • Social media posts
  • Medical information
  • Bank details
  • IP address

As an organization that may interact with EU citizens, you are required to:

  • Obtain consent that is “freely given, specific, informed, and unambiguous” prior to collection of personal information from a data subject
  • Restrict data collection to specific, explicit, and legitimate purposes
  • Limit data retention to requirements for business purposes
  • Provide data processing transparency
  • Maintain data security, confidentiality, and integrity
  • Adhere to breach notification requirements
  • Designate a Data Protection Officer
  • Perform a data protection impact assessment

People whose data you have collected have the right to:

  • Access their data
  • Object to the use of their data
  • Be forgotten (have their data erased)
  • Rectify their data
  • Receive their data and transmit it to another controller

Tips to Help Nonprofits Comply with GDPR

All nonprofit organizations should take GDPR seriously. Although you may not purposely target EU citizens in your marketing efforts, the regulations are so all-encompassing that it is better to be ‘safe rather than sorry’ and take care to adhere to GDPR as best as you can. It’s also just basic smart marketing and good best practices for data security, privacy and control.

You can take the following steps to help meet GDPR regulations:

  1. Identify all interactions and potential interactions with EU citizens. This may include website contacts, email signups, and Eu groups with whom you interact.
  2. Review all places where you collect data. This includes website data, analytics, and even plugins that may collect data from visitors on your website.
  3. Adjust and revise the terms and conditions on your website. Don’t have terms, conditions and privacy policies posted? Now’s the time to add them. Make the navigation to view them prominent and top or at most, second-level, so that anyone seeking them can find them easily.
  4. Review emergency plans and action plans to handle data breaches. Again, if you don’t have such plans in place, now is the time to create them. Data breaches aren’t a question of “if” but “when”; cybercriminals love to target nonprofits and view them as easy targets. Lock the barn door now before the proverbial horse escapes.
  5. Send a permission-reminder email to your email marketing list. This is a notification that you are updating permission and asking once again for explicit permission to send promotional materials to your contact list.

These are small, simple steps to take to comply with the spirit of GDPR. Even if you do not conduct business in the EU and have no intention of doing so, GDPR should be considered best practices for permission-based communications moving forward.

Beck & Company, Washington DC Nonprofit Advisor

Beck & Company are Washington DC nonprofit advisors and consultants. Since 1987, we have helped many nonprofits in the Washington D.C. area and along the Eastern seaboard with their accounting and financial management needs. We provide audit, tax, accounting, and consulting service that addresses all aspects of a small to mid-sized nonprofit organization’s business. Contact us or call 703-834-0776 x8001.

New Tangible Property Regulations: What You Need to Know

It has been a long time coming. In fact, it has taken over ten years, but the tangible property regulations have finally been finalized. Why is this important for you and your business? In short, the new regulations will have a far-reaching impact because they affect every taxpayer whose business uses tangible property. If this applies to you, it is important to understand the new regulations and what they mean for you with regards to implementing them. The reality is that the rules are complex and comprehensive. They will require careful consideration of your circumstances and may necessitate new collection procedures in order to have the necessary data captured to use in implementing the regulations. Let’s take a closer look at the history that got us to where we are today and an overview of the new regulations to help you gain a better understanding of them.

The History of Regulations Past that Led us to Where We are Today:

First, understanding the background of these regulations and their history is essential. These regulations come as a result of a long-standing debate over the distinction between deductible repairs and capital improvement and whether tangible property is deductible or must be capitalized and recovered through depreciation. Until now, the rules were that deductible repairs included expenditures that restore the property to its operating state. On the contrary, capital expenditures were those that provide a more permanent increment in longevity, utility, or worth of the property. The IRS has announced various proposed regulations in the past decade but has turned around and withdrawn those a couple years later time and time again.

Finally, in September of 2013, the IRS issued final regulations for tangible property applicable to tax year 2014 and beyond. Now, the regulations state that all tangible property that is not inventory must be capitalized and depreciated unless there is an exception. Let’s take a closer look at how to understand the new rules.

Understanding the New Tangible Property Rules and Regulations:

-Materials and supplies are an exception if they cost $200 or less or have a life of use less than one year. In this case, the item is considered a deduction not a capitalized cost.

-When acquiring property, taxpayers are required to capitalize the amount paid to acquire or produce tangible property. This includes transaction costs.

-A unit of property is defined by how the final regulations establish a single asset for capitalization purposes. Once established, then the improvement standards are applied to the unit to see if the expenditures improve the property and require capitalization. A unit of property includes all functionally interdependent components.

-In terms of improvements, an expenditure must be capitalized if it results in betterment (B) to the unit of property, adapts (A) the unit of property to a new or different use, or results in a restoration (R) of the unit of property. This is called the “BAR” test. Expenditures on existing assets are deductible repairs only if they do NOT meet the BAR test.

-The rules regarding disposition assets have been expanded. A disposition includes the sale, exchange, retirement, physical abandonment, or destruction of an asset. This also includes when an asset is transferred to a supplies or scrap account including the retirement of building structural components. It is now the case that a gain or loss must be recognized when assets are permanently withdrawn from either use in the business or from the production of income.

-There are variations that depend on the use of a building, but in general, a building is considered a unit of property.

-Routine maintenance is covered through a safe harbor within the new regulations. In this case, expenditures may be able to be deducted for activities that would likely occur more than once during the class life of an asset that don’t result in its betterment.

In summary, the final rules and regulations classify property as deductible materials and supplies and provide guidelines for identifying costs of acquiring tangible property. This includes determinations for what a unit of property is versus what a component is, along with implications for determining depreciation class life. Capitalized improvements to property are now more defined. They include expenditures that result in a betterment of property, adapt the property to a new or different use, or restore it to a like-new or working order state after the end of its deprecation class life.

There is so much more to understand about the rules and regulations of tangible property. They pose considerable risks to your businesses if they are not correctly carried out and thoroughly assessed. Beck and Company Certified Public Accountants and Business Advisors are here to help! Please contact us for more information about your specific business regarding tangible property. We are happy to help your business to be successful on their tax filings. For further information, read this datasheet that summarizes the new and final regulations.


Industry Update: Proposed Rule Changes to A-133

In order to ensure that the public receives the most value for the more than $600 billion tax dollars spent each year, it is essential that Federal grants programs function as effectively and efficiently as possible. To this end President Obama has directed the Office of Management and Budget (OMB) to  work to evaluate potential reforms to Federal grants policies. The OMB has released an Advance Notice of potential reforms and Beck and Company CPA’s is keeping our ear to the wall in order to stay abreast of this process in order to help keep you informed.

The ultimate goals of the reform are to:

  • Strengthen the oversight of Federal grant dollars by aligning existing administrative requirements to better address ongoing and emerging risks to program outcomes and integrity.
  • Increase efficiency and effectiveness of grant programs by eliminating unnecessary and duplicative requirements.
  • Adopt a risk based model for Single Audits, and provide new administrative approaches for determining and monitoring the allocation of Federal funds.
  • Eliminate roadblocks to effective performance in carrying out and completing grants and cooperative agreements and to reduce unnecessary ‘‘red tape’’ that is attached to grant monies.

Section A: Proposed Reforms to Audit Requirements

  1. Concentrating audit and oversight on higher dollar/risk awards.
  2. Streamlining the universal compliance requirements.
  3. Strengthening the guidance on audit follow-up for Federal awarding agencies.
  4. Reducing burdens on pass-through /sub recipients by ensuring cross-agency coordination.
  5. Reducing burdens on pass-through entities and sub recipients from audit follow-up.

Section B: Proposed Reforms to Cost Principles

  1. Using flat rates instead of negotiated rates for indirect (‘‘facilities and administrative’’) costs.
  2. Exploring alternatives to time-and effort reporting requirements for salaries and wages.
  3. Including the cost of certain computing devices as allowable direct cost supplies.
  4. Allowing for the budgeting for contingency funds for certain awards.
  5. Requesting that the (CASB) increase the minimum threshold for disclosure statements.
  6. Providing non-profit organizations an example of the Certificate of Indirect Costs, and Indirect Cost Proposal Documentation Requirements.

Section C: Possible Reforms to Administrative Requirements

  1. Creating a consolidated, uniform set of administrative requirements.
  2. Requiring pre-award consideration of each proposal’s merit and each applicant’s financial risk.
  3. Requiring agencies to provide 90 day notice of funding opportunities.
  4. Providing a standard format for announcements of funding opportunities.
  5. Reiterating that information collections are subject to Paperwork Reduction Act approval.

If you’d like more in-depth information in regards to the proposed rule changes to
A-133, attend our free webinar. Learn more.

6 Tips for Keeping Your Data Secure

Nonprofit organizations and small businesses both handle significant amounts of sensitive information. With cybercriminals on the rise, nonprofits and businesses need to take extra precautions when it comes to securing their data. Cyber thieves target small businesses and nonprofits, knowing that they do not have the resources to invest in expensive security systems and often have older computer systems that make it easier to steal business-critical data.

So what can small businesses and nonprofits do to ensure that their data remains secure? The following tips will ensure that your data is secure from online predators:

1. Create a company-wide security policy. Create policies that specifically state who has access to which resources and be firm in implementing these policies. Access to systems and information should only be granted to people within the organization who need to know the information. Ensure that your systems are only being used for work-related activities. Make sure each user has his or her own credentials and that each system requires a unique password to login. Consider including prohibitions against accessing Facebook, personal email and social networking sites.

2. Store important data in encrypted formats. Donor information, customer details, employee information, financial data and other important documents should be stored in an encrypted format.

3. Run security software on all PCs. This includes antivirus software, firewalls, and antispyware protection. While this may seem obvious, you would be surprised at the number of companies and nonprofits that do not run security software. Also make sure that your security software subscriptions are current. If it’s out of date, it will do you no good.

4. Comply with credit card security rules. Ensure that your company or nonprofit is compliant with credit card security rules and, unless absolutely necessary, do not store credit card information after a transaction is completed. Make sure that you do not store credit card security codes or debit PINS anywhere on your computer.

5. Set up a separate network for visitors. If your company or nonprofit provides wireless Internet access for visitors and guests, protect yourself by implementing a separate network for your guests.

6. Change passwords regularly. As a rule, your passwords should be changed quarterly. Make sure that your passwords avoid personal information and are difficult for outsiders to figure out.

For more information about protecting your company’s important data, read our article about employees and company security.

Does Your Business Have a Disaster-Recovery Plan in Place?

No business is immune to disaster. Whether the disaster comes in the form of a hurricane, cyber attack or power shortage, unexpected disasters can cause considerable amounts of damage to any company. Since companies cannot prevent disasters from occurring, they need to have some sort of plan in place to guarantee that they receive as little damage as possible.

While the idea of implementing a disaster-recovery plan may seem obvious, more than 60% of small businesses do not have a formal emergency plan in place and fail to backup important data off-site, leaving their business susceptible to data loss should a disaster strike.

A recent research study by Sage North America shows that while 94% of small businesses regularly backup their data, most of them do not store their data off-site. Storing data backups on-site puts companies at risk. Should a fire, earthquake, flood or other natural disaster destroy the office building, crucial data backups will also be destroyed, leaving the company without the important data it needs to successfully do business.

Data loss can significantly impact the operations and future of a company. In order to come out of a disaster as quickly as possible, companies need to develop an emergency-response plan that includes solutions for protecting critical data, such as storing backups off-site.

The study also found that 62% of small businesses do not have a formal plan for responding to an emergency or natural disaster. The most commonly cited reason for not having a formal response plan in place was the lack of disasters in the area. If a company is located in an area that is not prone to disasters, companies are less likely to be prepared.

Even if your company is located in a relatively disaster-free area, you still need to be prepared. Guarantee that your data is secure, by making sure that your plan thoroughly covers data backup. Determine how often you will backup your data. Will you backup important data daily, weekly or at least once a month? How long will it take to backup your data? Where will you store your backups? Will you store it both on-site and off-site?

Keep these questions in mind as you are developing your disaster-recovery plan. Make sure that your plan is unique to your business and addresses all of the areas that will make it possible for your company to bounce back from a disaster quickly.