All News

The Implications of Sarbanes-Oxley for the Nonprofit Sector

Oct 01 2005

PDF

The American Competitiveness and Corporate Accountability Act of 2002 (also referred to as the “Act,” “Sarbanes-Oxley” or “SOX” and “Sarbox”), adopted on July 30, 2002, is the leading piece of legislation addressing corporate governance. The Act was enacted by Congress to prevent continued erosion of investor confidence in the stock market and to prevent future scandals like those involving Enron, WorldCom, Global Crossing, Adelphia and Tyco among others. The first Sarbox criminal prosecution involved Richard Scrushy, the former CEO of HealthSouth. He was acquitted in June 2005, but the company paid $100 million to settle its part of the lawsuit. In addition, Mr. Scrushy remains the defendant in several civil suits involving private and government plaintiffs.

SOX generally applies only to public companies. However, in response to SOX an expectation has emerged for improved corporate governance, as has a list of “best practices” and governance standards for nonprofit organizations. Some states have already adopted legislation that requires nonprofit companies with threshold revenue levels to comply with some SOX-like principles. These principles are intended to prevent scandals and defend against accusations that the nonprofit organizations are not charitable enough, that they misuse their assets, that they engage in self-dealing with insiders, that they do not manage conflicts of interest and that their executives and insiders are excessively or inappropriately compensated. Notably, the provisions of the Act addressing document destruction and whistle-blower protection applies to all enterprises, including nonprofit companies.

Overview of Sarbanes-Oxley and Application to Nonprofits
The Act, along with other safeguards and rules adopted by national securities exchanges and professional bodies, is intended to protect investors by improving the accuracy and reliability of corporate reporting. It imposes new responsibilities on public companies and their directors, executive officers, audit committees, independent auditors, and legal counsel. For example, the boards of most public companies must be composed of a majority of independent directors, and certain committees of the board (including the audit committee) must be composed entirely of independent directors. Most board committees must adopt written charters that follow guidelines issued by the stock exchange on which the company’s stock is traded. The responsibilities of audit committees have been greatly increased, and many audit committees are meeting more frequently and for much longer periods of time in order to fulfill their duties. Public companies must also include in their annual report filed with the Securities and Exchange Commission an assessment by management of the company’s internal controls over financial reporting, and a conclusion as to whether those internal controls are effective in accurately collecting and reporting financial information. The company’s independent auditors must audit the company’s internal controls over financial reporting and issue an attestation on whether the management’s report is accurate. All of the parties subject to the new rules established pursuant to SOX are subject to civil and criminal liabilities and penalties for violations.

The success of a nonprofit organization hinges on public support, and nonprofits are accountable to bondholders, employees, donors, those who depend on the services they provide, and government regulators who oversee nonprofit companies in an effort to protect their charitable and public assets. Strengthening nonprofit corporate governance standards is an important step in fostering community trust, creating a controlled environment and following sound business practices that are intended to increase cost-effectiveness.

There is a growing expectation that nonprofits should apply at least some of the Sarbanes-Oxley standards to their operations to enhance the mission of the organization and increase the level of trust and accountability they convey to the community. As a result, the SOX concepts and protocols are quickly becoming best practice standards for nonprofits. Compliance with the guidelines is not, in most cases, legally required, and not adhering to the SOX guidelines does not create a breach of fiduciary duty. However, adopting and adhering to corporate governance guidelines may reduce a nonprofit organization’s exposure to state and federal charitable trust or tax challenges, diminish potential liability of nonprofit directors and board members, and reflect good stewardship of assets held in public trust.

Increased Scrutiny of Health Care Nonprofit Organizations
Over the last several years, the Office of the Inspector General (OIG) has developed a series of compliance program guidelines directed at the health care industry, and in 2003, the OIG and the American Health Lawyers Association jointly created Corporate Responsibility and Corporate Compliance: A Guide for Health Care Boards of Directors. The Guide is intended to help health care organization directors secure information and ask appropriate questions related to health care corporate compliance. The Guide also aids corporate directors to establish and demonstrate that they followed a reasonable compliance oversight process. This guidance is generally applicable to all nonprofit corporations and could be integrated into any corporate compliance and integrity policy/program.

The Internal Revenue Service has also begun increased scrutiny of nonprofit entities, in particular, executive compensation. Final IRS regulations that were published in January 2002 define “excess benefit” transactions to “disqualified persons” and discuss the excise taxes that will be imposed on officers and directors of exempt entities who approve or benefit from such transactions. Also in 2002, the IRS announced proposed changes to Form 990 to improve the content and quality of the information provided on the form, including:

  • additional reporting requirements for organizations that engage in fundraising;
  • financial relationships with substantial contributors, officers, directors, and key employees; and
  • whether they have adopted conflict of interest policies or established independent audit committees.

On September 9, 2005, the IRS issued proposed regulations that put tax-exempt organizations on notice that excess benefit transactions put the company’s exempt status at risk. The IRS also recently began a targeted audit program by sending so-called “soft contact” letters to approximately 2,000 nonprofit organizations. The letters ask for a list of all compensation and benefits paid to specific executives, and request information about the decision-making process for executive compensation. Depending on the responses, the IRS may choose to conduct a full-scale audit of the compensation paid to the organization’s executives, and the reporting of that compensation of Forms 990 and W-2.

The U.S. Sentencing Commission is also enhancing accountability of both public and nonprofit companies and providing further incentives to create effective compliance programs. The U.S. Sentencing Guidelines, which were updated in November 2004, shift responsibility to board members to oversee adherence to compliance and ethics programs. The U.S. Sentencing Guidelines require rigorous compliance oversight, leadership responsibilities, training, and ongoing evaluation from senior management and board members alike. In 2004, the U.S. Senate Finance Committee conducted hearings on nonprofit responsibility, and is now considering implementing appropriate measures to raise the bar for accountability.

In addition to possible direct government regulation, litigation and marketplace factors may drive nonprofit organizations to adopt stronger governance practices. For example, in June 2005 Moody’s Investors Service issued a comment entitled “Governance of Not-for-Profit Healthcare Organizations.” It summarizes Moody’s approach to analyzing governance and its importance in determining operating performance and credit quality. On August 9, 2005, a Delaware court ruled in a case in which executive and director decision-making was “on trial” (In re Walt Disney Co. Derivative Litigation). Although the court found that the directors did not act improperly based on their exercise of business judgment, it also noted that the directors’ actions took place ten years ago and strongly indicated that such conduct may not be prudent by today’s standards. The same day as the Disney ruling, Fitch Ratings, a leading bond-rating agency, issued a report stating that it expected nonprofit hospitals to comply with much of Sarbanes Oxley, and that it would review the level of SOX compliance when determining the creditworthiness of nonprofit hospitals. The Fitch report signals that nonprofit organizations that do not follow SOX as best practices may face negative consequences in the future.

Sarbanes-Oxley measures are likely to become new best practice standards, and will likely be incorporated into accounting standards, integrated into state legislative initiatives, demanded by third-party business partners, and expected by nonprofit stakeholders. Based on the attention that the public, Congress and government regulators are placing on both public and nonprofit corporate governance, it is reasonable to conclude that mandatory guidelines are likely to be implemented for nonprofit organizations.

Recommended First Steps
Adopting Sarbanes-Oxley guidelines as a "best practices" model involves providing enhanced information to the board of directors, holding officers accountable, and developing a stronger, more independent, audit system. The following are some recommendations for implementing Sarbanes-Oxley standards in a nonprofit setting:

  • Create a visible code of ethics;
  • Establish an independent audit committee that regularly meets without officers being present;
  • Engage in independent audit review, particularly if annual revenue is over $2 million;
  • Adopt conflict of interest policies;
  • Implement stringent disclosure requirements and internal controls;
  • Develop specific practices to protect whistleblowers and to ensure their anonymity;
  • Establish or improve policies for document retention/destruction;
  • Employ procedures for dealing with complaints received;
  • Hold chief executives responsible for approving financial statements, such as IRS Form 990;
  • Maintain director independence;
  • Educate board members on fiduciary and governance obligations, and;
  • Establish board-level governance committees.

Key to the implementation of the above recommendations is the active participation of the board of directors and the officers of the nonprofit entity in management and accountability. Of utmost importance in any internal control or compliance framework is that the directors and officers establish a strong “tone at the top” in support of the entity’s governance and compliance efforts. One of the main objectives of SOX is to enhance the role of the board of directors in their oversight duties. While there is a continued expectation that the board will delegate day-to-day management responsibility to the company’s executives, there are renewed and heightened expectations of the board to assure that the corporation is being properly managed. These expectations arise from the general consensus that the improper behavior, fraud and mismanagement that has occurred within public companies could have been prevented or alleviated by effective board oversight. To that end, the SOX reforms are expected to put boards of directors in a more active role to exercise their authority and to remove the “rubber stamp” tendencies of boards to follow the advice of the executives without adequate information, knowledge and due diligence.

If a nonprofit decides to move forward with implementing SOX-like reforms, the board’s policies, operations, size, term limits, ex-officio roles and overall composition warrant review. Central to the review is whether the board has a sufficient number of independent and knowledgeable members that are needed to serve as a resource to management and the various committees. Committee structure, compliance programs and internal controls also play an important role in developing a sound governance structure.

Baby Steps
Nonprofit organizations that proactively begin their own review and implementation of “best practices” will enjoy the luxury of time. They may consider what will best serve their organization’s needs, develop an implementation plan and gradually make adjustments. Implementing accountability measures over time is likely to go more smoothly and to cost less. Smaller nonprofit organizations and those without substantial income may not be able to comply with all the provisions listed above, nor may all be necessary. For all organizations it is important to note that the guidelines are not “one size fits all” provisions. The size, location, taxexempt status, and industry that a nonprofit serves are all factors to consider when an organization’s board of directors contemplates adopting some or all of these “best practices.”

Generally, the benefits of early planning and implementation will outweigh the cost of compliance, through increased efficiency, better accounting controls, and ease in reporting. Despite fundamental differences between publicly traded companies and the nonprofit sector, Sarbanes-Oxley has resulted in “best practices” standards that are relevant and timely  in today’s business environment.

von Briesen Legal Update is a periodic publication of von Briesen & Roper, s.c. It is intended for general information purposes for the community and highlights recent changes and developments in the legal area. This publication does not constitute legal advice, and the reader should consult legal counsel to determine how this information applies to any specific situation.