Archive for June, 2007


Electronic Discovery 2.0

Thursday, June 28th, 2007

Electronic Discovery, or “e-discovery” refers to the discovery of data from electronic storage and other electronic media for example e-mails, Hard Disk Drives, Databases, CAD/CAM files, websites and any other electronically-stored information which can be used as an evidence in a law suit.

Electronic Discovery 2.0, or “e-discovery 2.0” refers to the next generation of processes, technologies, and services that streamline and modernize the traditional e-discovery process as well as allows businesses to manage huge volumes of data, lower costs, and meet tight deadlines. In this Electronic Discovery process civil litigants seek to acquire information from both parties and from third parties.

In the early days Electronic Data & Evidence Recovery meant just handling over a few boxes of paper, but in today’s rapidly growing world where it involves terabytes of electronic data & valuable time, it is a different story. To deal with the increasing volume & complexity of e-discovery issues, companies have to adopt new technologies and processes.

If technology has created problem, then it can also solve it. In recent years lot of new technologies have emerged which enables organizations to store and search through their data to fulfill electronic discovery obligations.

As the cost of disk storage is reducing, people are moving from tapes to disks. This enables them to keep their data online and readily available for e-discovery from basic keyword search to sophisticated analysis tools. That mines all meta data from e-mails and groups them together for relevance and allow users to search thousands of mails and logs in minutes to identify and export the data.

From the company’s perspective Electronic Data Discovery has become a core competency and a part of doing business.

Fore more information Please visit our Electronic Data Recovery services page .

part 4 of the four part series about Electronic data Discovery

Thursday, June 14th, 2007

To do truly useful monitoring and analysis of data access requires understanding who the users are and what permissions they have, Summers says, so he expects electronic data discovery tools to begin monitoring policy servers and directory services in the next year. That requires a cohesive strategy for compliance and security, one that requires coordinating IT, business, security and legal needs. To accomplish that strategy, the CIO needs to ensure that monitoring and analysis is deployed holistically, not by just the security team or the network administration staff. Effective fraud and compliance monitoring requires having the right policies in place to manage data and access, as well as analyzing ongoing events in the network, in key applications and in key data stores.

The new breed of electronic data discovery tools are fairly expensive and difficult to deploy, notes Gartner’s Williams. Costs for a large enterprise start at $300,000 and can rise beyond

(more…)

part 3 Electronic data Discovery

Wednesday, June 13th, 2007

CIOs should be sure they don’t approach ELECTRONIC DATA DISCOVERY solely as an IT issue. “Let your general counsel manage this,” advises Matt Curtin, founder of the forensic computing consultancy Interhack. An attorney can best decide what records would be needed for legal proceedings. And he can set guidelines on cleansing transaction histories: “The longer you keep the data, the more you have to be subpoenaed,” Curtin says, “so you’ll be hit for more [discovery] requests.” That increases the chances that the other party will find your own errors and mistakes, he notes.

Focus on Investigation

While the “forensics” label may be misleading, ELECTRONIC DATA DISCOVERY tools can help the enterprise investigate possible security and compliance breaches to identify where a true forensics investigation should take place or to understand a previous breach as part of an effort to strengthen enterprise defenses.

Curtin advises that enterprises consider ELECTRONIC DATA DISCOVERY tools that provide search and query capabilities that in-house analysts can use to uncover clues about potential problems, not just canned detection rules. Having lots of monitoring systems isn’t that useful if you don’t know where to focus your attentions. ELECTRONIC DATA DISCOVERY tools can help identify the problematic areas, “so you don’t bother with the rest of the data,” he says. (more…)

part two of the four part series Electronic data Discovery

Tuesday, June 12th, 2007

Here is the second post on the four part series Electronic data Discovery

Beware the Forensics Label

Many sales people attach the label “forensics” to their security and compliance analysis tools, and that can be very misleading. In law enforcement circles, “forensics” means a well-defined set of discovery and investigative processes that hold up in court for civil or criminal proceedings. An enterprise that relies on these tools’ records or analysis in, for example, a wrongful termination suit, is probably in for an unpleasant surprise. “It may not hold up in court,” says Schwalm, a former Secret Service agent. (more…)

The Sarbanes-Oxley Act and Implications for Nonprofit Organizations

Monday, June 11th, 2007

The Sarbanes-Oxley Act and Implications for Nonprofit Organizations

A collaboration between BoardSource and independent sector has produced the following report on the effects of the Sarbanes-Oxley Act on nonprofits.

BoardSource and INDEPENDENT SECTOR wish to thank Dan Moore, Vice President for Public Affairs, GuideStar; Tom Hyatt, Principal, Ober Kaler; and Paul Nelson, President, Evangelical Council for Financial Accountability for sharing their professional insights and expertise on this document.

The American Competitiveness and Corporate Accountability Act of 2002, commonly known as the Sarbanes-Oxley Act, was signed into law on July 30, 2002. Passed in response to the corporate and accounting scandals of Enron, Arthur Andersen, and others of 2001 and 2002, the law’s purpose is to rebuild public trust in America’s corporate sector. The law requires that publicly traded companies adhere to significant new governance standards that increase board members’ roles in overseeing financial transactions and auditing procedures.

While nearly all of the provisions of the bill apply only to publicly traded corporations, the passage of this bill should serve as a wake-up call to the entire nonprofit community. If nonprofit leaders do not ensure effective governance of their organizations, the government will step forward and also regulate nonprofit governance. Indeed, some state attorneys general are already proposing that elements of the Sarbanes-Oxley Act be applied to nonprofit organizations.

Nonprofit leaders should look carefully at the provisions of Sarbanes-Oxley and determine whether their organizations ought to voluntarily adopt particular governance practices. This resource will review those provisions and assess their relevance to nonprofit organizations.

Finally, it is important to note that two provisions of Sarbanes-Oxley apply to all corporate entities, including nonprofit organizations. This resource will also review those features of the bill that require immediate nonprofit compliance.

Main Provisions of the Sarbanes-Oxley Act

With two notable exceptions, the Sarbanes-Oxley Act affects only American publicly traded companies and regulates what boards must do to ensure auditors’ independence from their clients. The Act also creates and defines the role of the Public Company Accounting Oversight Board, a new entity empowered to enforce standards for audits of public companies. The Act explains processes for electing competent audit committee members and for ensuring that adequate reporting procedures are in place. In addition, it calls for regulations, and closes most of the loopholes, for all enterprises —for-profit and nonprofit—relating to document destruction and whistle-blower protection.

The following sections cover each of the major provisions of the new law and discuss their relevance to nonprofit organizations. In addition, BoardSource and INDEPENDENT SECTOR offer recommendations for how nonprofit leaders should implement various provisions of the new law.

  1. Independent and Competent Audit Committee

Summary of Sarbanes-Oxley Provision

The Sarbanes-Oxley Act requires that each member of the company’s audit committee be a member of the board of directors and be independent. Independence in the Act is defined as not being part of the management team and not receiving any compensation (either directly or indirectly) from the company for service on the audit committee, though board service may be compensated.

In addition, companies must disclose whether they have at least one “financial expert” serving on the audit committee. If they do not have such an expert, they must disclose the rationale behind that decision. Who qualifies as a “financial expert” is still being debated. The Securities and Exchange Commission (SEC) proposes a definition that relies on an individual’s education and experience as a public accountant, auditor, or principal accounting officer. At present, however, the company’s board seems to retain the final right to establish specific qualifications for a financial expert.

The audit committee is directly responsible for hiring, setting the compensation, and overseeing the auditor’s activities. It sets rules and processes for complaints concerning accounting and internal control practices.

Relevance to Nonprofit Boards

While not all nonprofits conduct outside audits, most nonprofit boards have established one or more financial committees (e.g., finance, audit, and/or investment). In those organizations that undertake annual audits, particularly medium to large nonprofit organizations, the board is likely to have a separate audit committee or subcommittee. It is already good practice for nonprofit organizations to take steps to ensure the independence of the audit committee. While most nonprofit board members already serve as volunteers without any compensation and staff members do not participate as voting members, all nonprofit organizations should review their practices to ensure the independence of the audit committee. Also, many states provide additional liability protection for volunteer directors that may be lost if the directors are compensated for their service.

Because of recruitment priorities to create a well-balanced and diverse board, financial literacy may be more challenging for nonprofit boards. Nonprofit organizations need to ensure that board members of the audit committee have the financial competency to understand financial statements, evaluate accounting company bids to undertake auditing, and make sound financial decisions as part of their fiduciary responsibilities. A nonprofit that has a limited number of financial experts on its board may struggle with filling the treasurer’s position, a finance committee, and an audit committee.

Recommendations

  • While no standard guidelines mandate when a nonprofit organization should undertake a full audit, the board is responsible for assessing the potential benefits and costs of an audit. Generally, nonprofits that have budgets of more than $500,000 and that receive federal funds are required to conduct an annual audit. Some state laws have lower thresholds. In addition, participating in the Combined Federal Campaign requires an audit at $100,000. Smaller nonprofits, for whom an audit would be an unreasonable financial burden, should choose a review or at least have their financial statements compiled by a professional accountant. The boards of nonprofit organizations that forego an audit should evaluate that decision periodically.
  • All nonprofit organizations that conduct outside audits, particularly medium to large organizations, should have an audit committee and should separate the audit committee from the finance committee.
  • The audit committee should be composed of board members who are not compensated for their service and do not have a financial interest in or any other conflict of interest with any entity doing business with the organization. Most nonprofit organizations have volunteer board members. Nonprofit organizations that do compensate board members should not compensate audit committee members for their additional service. In addition, all nonprofits should ensure that no members of staff, including the chief executive, serve on the audit committee, although it is reasonable to have the chief financial officer provide staff support to the audit committee.
  • The audit committee should ensure that the auditing firm has the requisite skills and experience to carry out the auditing function for the organization and that its performance is carefully reviewed.
  • The audit committee should meet with the auditor, review the annual audit and recommend its approval or modification to the full board. The full board should review the annual audit and the audit committee’s report and recommendations. Ideally the full board meets with the auditor before formally accepting or rejecting the audit.
  • At least one member of the audit committee should meet the criteria of financial expert and have adequate financial literacy to understand, analyze, and reasonably assess the financial statements of the organization and the competency of the auditing firm.
  • Orientation of board members should include financial literacy training.
  • To support the accounting field and help ensure that nonprofit boards have available financial expertise, professional accreditation and membership organizations of accountants should require CPAs to participate in a pro bono nonprofit board service program.
  1. Responsibilities of Auditors

Summary of Sarbanes-Oxley Provisions

The Sarbanes-Oxley Act requires that the lead and reviewing partner of the auditing firm rotate off of the audit every five years. This does not necessarily mean that the auditing firm must be changed, although that may be the most direct way to comply with this requirement.

In addition, the Act prohibits the auditing firm from providing any non-audit services to the company concurrent with auditing services. This prohibition applies to bookkeeping, financial information systems, appraisal services, actuarial services, management or human resource services, investment advice, legal services, and other expert services unrelated to the audit. The board’s audit committee may, however, pre-approve certain services (not included in the above categories), such as tax preparation, which can then be carried out by the auditing firm. In addition, the pre-approval requirement is waived for non-auditing services if the value of the non-auditing services is less than five percent of the total amount paid by the organization to the auditing firm for auditing services.

The Act also requires that the auditing firm report to the audit committee all “critical accounting policies and practices” that are used by the organization, discussed with management, and represent the preferred way management wants these policies and practices treated. These critical accounting practices include methods, assumptions, and judgments underlying the preparation of financial statements according to generally accepted accounting principles (GAAP) and assurance that any results would be disclosed in case of changed assumptions.

Relevance to Nonprofit Boards

Changing auditors (partner or firm) every five years is presently considered good practice for all organizations, nonprofit and for-profit alike. The rationale: Auditing firms may grow accustomed to the financial procedures within one organization after a certain number of years, and bringing in a new firm helps ensure that all proper financial practices are closely examined.

Nonprofit organizations would be well served to adopt the Sarbanes-Oxley rule of preventing auditing firms from providing non-auditing services. This provision precludes a conflict of interest between the auditing firm and the client. At a minimum, the application of the rule should be considered in each case. At the same time, certain services can be pre-approved by the audit committee, and there is no reason why tax services and preparation of the Form 990 or 990-PF, for example, could not and should not be undertaken by a nonprofit’s auditing firm. This can also ensure that certain economies are achieved for the nonprofit client organization.

Finally, the provisions about disclosure to the audit committee of critical accounting policies and discussions with management also seem to fall well within the bounds of good practice. Greater disclosure of these internal control practices and management’s views on them will foster more informed judgments by the audit committee, enhanced oversight by the board, and greater transparency. The critical accounting practices would include, among other things, processes for segregation of duties, policies to use restricted funds for intended purposes, processes to review off-balance sheet transactions, and procedures for monitoring inventory fluctuations. In addition, the audit committee may be an effective committee for overseeing implementation and enforcement of the governing body’s conflict of interest policy.

Recommendations

  • Nonprofits should ensure that the auditor or auditing firm, or at least the lead and reviewing partners, are rotated every five years.
  • Nonprofit organizations should be cautious when using their auditing firms to provide non-auditing services except for tax preparation, which should be approved in advance, while the firm is contracted to provide auditing services.
  • Audit committees should require auditing firms to disclose to the audit committee all critical accounting policies and practices used within the organization as well as share with the audit committee any discussions with management about such policies and practices.
  1. Certified Financial Statements

Summary of Sarbanes-Oxley Provisions

The chief executive and the chief financial officers must certify the appropriateness of financial statements and that they fairly present the financial condition and operations of the company. There are criminal sanctions for false certification, but violations of this statute must be knowing and intentional to give rise to liability.

In addition, to avoid conflicts of interest, the CEO, CFO, controller, and chief accounting officer cannot have worked for the auditing firm for one year preceding the audit.

Relevance to Nonprofit Organizations

Any CFO who is responsible for generating timely and accurate financial statements for the company or organization should feel comfortable about certifying document integrity.

In a for-profit company, a positive bottom line is the CEO’s responsibility. Business acumen, capacity to interpret financial statements in detail, and skillfulness in convincing the board and shareholders that the corporation is meeting all expectations are obvious characteristics in a manager. Likewise, a nonprofit chief executive may be handicapped without adequate financial skills. He or she may be hired, however, primarily for other qualities. Nonprofit CEOs may excel in fundraising, knowledge of the organization’s field of interest, or a variety of other skills. Lack of superior financial prowess must be complemented by a skillful financial officer; without it, the organization cannot convince donors and funders that their money is properly managed. Nevertheless, it is still the responsibility of the CEO to ensure good stewardship of the organization’s resources.

Under Sarbanes-Oxley, CEO and CFO certification carries with it the weight of the law, but part of the underlying rationale is to ensure that both the CEO and CFO know and understand the financial statements. For a nonprofit organization, CEO and CFO sign-off on financial statements would not carry the weight of law, but it would signal the importance that the CEO, in particular, pays to understanding the nonprofit’s financial condition.

For nonprofit organizations, a key financial document is the Form 990 or 990-PF (for private foundations). The form requires a signature from an officer of the organization. Research from a number of studies reveals that the accuracy of these forms leaves much to be desired. Many of the errors in the Form 990 relate to failures to send a complete form, including Schedule A. Other problems include presenting an inaccurate report on fundraising costs, therefore distorting the financial picture of the organization’s operations. Thus, it is critical that nonprofit organizations examine their financial systems, policies, and reporting to help improve the accuracy and completeness of these forms.

There is, in all likelihood, considerably less staff movement in the nonprofit world between accounting firms and client organizations than there is in the for-profit world. Furthermore, because nonprofit executives do not receive lucrative stock options, the relevance of possible conflicts of interest from an auditor joining the executive staff of a nonprofit client is correspondingly less.

Recommendations

  • CEOs and CFOs, while they need not sign off on the financial statements of the organization, do need to fully understand such reports and make sure they are accurate and complete. Signing off on the financial statements provides formal assurance, however, that both the CEO and the CFO have reviewed them carefully and stand by them.
  • The CEO and CFO should review the Form 990 or 990-PF before it is submitted to ensure that it is accurate, complete and filed on time.
  • Regardless of whether the CEO and CFO certify the financial report, the board has the ultimate fiduciary responsibility for approving financial reports. Just as the financial and audit reports are reviewed and approved by the audit committee and the board, the Form 990 or 990-PF should also be reviewed and approved.
  1. Insider Transactions and Conflicts of Interest

Summary of Sarbanes-Oxley Provision

The Act generally prohibits loans to any directors or executives of the company.

Relevance to Nonprofit Organizations

Nonprofits are presently highly regulated with respect to financial transactions that take place within the organization. Private inurement, excessive personal benefit, and self-dealing all cause serious penalties for any nonprofit that steps out of line. “Intermediate sanctions” laws specifically address compensation and excess benefit transactions with “disqualified” individuals, generally meaning board members and executive staff.

Providing private loans to insiders—the specific item included in the Sarbanes-Oxley Act—is not a common practice in the nonprofit sector. However, when it has occurred, it has raised problems either from the perception of a conflict of interest or because it has not been appropriately documented as part of executive compensation. In addition, in some states, nonprofit law expressly prohibits loans to directors and officers.

Recommendation

  • Because the practice of providing loans to nonprofit executives has been a source of trouble in the past and because this practice is specifically prohibited under Sarbanes-Oxley and in some states is prohibited for nonprofit organizations, it is strongly recommended that nonprofit organizations not provide personal loans to directors or executives.
  • If such loans are provided, they should be formally approved by the board, and the process for providing the loan should be documented, and the value and terms of the loan should be disclosed.
  • To guide the board and staff in independent decision making, the organization must have a conflict of interest policy with disclosure and this policy must be enforced without fail.
  1. Disclosure

Summary of Sarbanes-Oxley Provision

The Sarbanes-Oxley Act requires a number of disclosures, including information on internal control mechanisms, corrections to past financial statements, and material off-balance sheet transactions (adjustments). The Act also requires companies to disclose information on material changes in the operations or financial situation of the company on a rapid and current basis.

Relevance to Nonprofit Organizations

While many of the transactions the new law requires publicly traded companies to disclose do not apply to nonprofit organizations, they should nevertheless provide their donors, clients, public officials, media, and others with an accurate picture of their financial condition. Current law already requires tax-exempt organizations to make their Forms 990 or 990-PF freely available to anyone who requests them. These informational reports, as mentioned before, need improvements both in accuracy and in timeliness of disclosure. One way to achieve that objective is through electronic filing, something which the Internal Revenue Service is currently pursuing and which the nonprofit community generally endorses.

Recommendations

  • The Internal Revenue Service should ensure that as planned it is prepared to receive electronically filed Forms 990 and 990-PF by FY2005.
  • Nonprofit organizations should improve the timeliness, accuracy, and completeness of the Forms 990 or 990-PF by filing electronically when that is available to them.
  • Nonprofits should not rely on automatic extensions for filing Forms 990 and 990-PF without cause.
  • Audited financial statements should be easily accessible for review.

Two provisions of the Sarbanes-Oxley Act apply to all corporations be they nonprofit or for-profit. Thus, all nonprofit organizations need to understand these two provisions and comply with them.

  1. Whistle-Blower Protection

Summary of Sarbanes-Oxley Provision

The Sarbanes-Oxley Act provides new protections for whistle blowers and criminal penalties for actions taken in retaliation against whistle blowers. The Act protects whistle blowers who risk their careers by reporting suspected illegal activities in the organization. It is illegal for a corporate entity for-profit and nonprofit alike—to punish the whistle blower in any manner.

Relevance to Nonprofit Organizations

Nonprofits must start by protecting themselves. They must eliminate careless and irresponsible accounting practices. A nonprofit organization would benefit from an internal audit that brings to light weak spots and installs processes that are not vulnerable to fraud and abuse. Written policies that are vigorously enforced by executive staff and the board send a message that misconduct is not tolerated.

An organization must develop procedures for handling employee complaints. A nonprofit must establish a confidential and anonymous mechanism to encourage employees to report any inappropriateness within the entity’s financial management. No punishment—including firing, demotion, suspension, harassment, failure to consider the employee for promotion, or any other kind of discrimination—is allowed. Even if the claims are unfounded, the nonprofit may not reprimand the employee. The law does not force the employee to demonstrate misconduct; a reasonable belief or suspicion that a fraud exists is enough to create a protected status for the employee.

Recommendations

  • Nonprofits must develop, adopt, and disclose a formal process to deal with complaints and prevent retaliation.
  • Nonprofit leaders must take any employee complaints seriously, investigate the situation, and fix any problems or justify why corrections are not necessary.
  1. Document Destruction

Summary of Sarbanes-Oxley Provision

The Sarbanes-Oxley Act addresses destruction of litigation-related documents. The law makes it a crime to alter, cover up, falsify, or destroy any document (or persuade someone else to do it) to prevent its use in an official proceeding (e.g., federal investigation or bankruptcy proceedings). The Act turns automatic document destruction into a process that must be monitored, justified, and carefully administered.

Relevance to Nonprofit Organizations

Common sense dictates that individuals, nonprofit organizations, and companies regularly need to shred or otherwise dispose of unnecessary and outdated documents and files. Like their for-profit counterparts, nonprofit organizations need to maintain appropriate records about their operations. For example, financial records, significant contracts, real estate and other major transactions, employment files, and fundraising obligations should be archived according to guidelines established by the organization. Because of current technology, electronic files and voicemail can become complicated as we understand the irrelevance of the delete button in a computer as a permanent method of file removal.

Recommendations

  • A nonprofit organization should have a written, mandatory document retention and periodic destruction policy. Such a policy also helps limit accidental or innocent destruction.
  • The document retention policy should include guidelines for handling electronic files and voicemail. Electronic documents and voicemail messages have the same status as paper files in litigation-related cases. The policy should also cover back-up procedures, archiving of documents, and regular check-ups of the reliability of the system.
  • If an official investigation is underway or even suspected, nonprofit management must stop any document purging in order to avoid criminal obstruction.

Conclusion

The Sarbanes-Oxley Act has now been in force for over a year. During these months of intense corporate governance scrutiny, the Act has also forced the nonprofit sector to analyze its board practices and methods of operation. Individual organizations have begun to identify loopholes—and figure out how to eliminate them. Watch-dog agencies and other nonprofit field-building organizations are reconsidering assumptions and standard operating procedures in an effort to identify guidelines, standards, and best practices in the sector.

Regardless of whether this critical self-analysis is prompted by a set of potential laws ultimately governing the actions of nonprofit organizations, we have heard the wake-up call. For all of us in the sector, the Sarbanes-Oxley Act has caused a renewed realization that nonprofit organizations rely on—and must protect—the indispensable and unequivocal confidence and trust of our constituents. Self-regulation and proactive behavior will always prove more powerful than compulsory respect of laws.

Additional Resources

  • Press Release from the Office of New York State Attorney General http://www.oag.state.ny.us/press/2003/mar/mar12a_03.html.
  • Summary of the Sarbanes-Oxley Act http://www.aicpa.org/sarbanes/index.asp.
  • Recommendations from the National Association of Corporate Directors Concerning Reforms in the Aftermath of the Enron Bankruptcy http://www.nacdonline.org/nacd/enron_recommendations.asp
  • “Corporate Governance. The Wall Street Journal Reports.” Wall Street Journal, February 24, 2003.
  • “Raising the Bar on Governance: Board Committee Performance in the New Era of Accountability.” American Governance & Leadership Group, 2002.
  • Hamel, W. Warren. “What Corporate Governance Legislation Means to You.” Association Management, March 2003.
  • Heinz, Patrice A. “The Financial Reporting Practices of Nonprofits”. Alliance for Children and Families, 2003. http://www.alliance1.org/Home/SOX_final_8-03.pdf
  • Kokourek, Paul F., Christian Burger, and Bill Birchard. “Corporate Governance: Hard Facts about Soft Behaviors: Seven steps to fixing what Sarbanes-Oxley can’t.” strategy + business, Issue 30, Spring 2003.
  • McLaughlin, Thomas A. “For-Profit Spillover: New Regulation of Independence.” NonProfit Times, February, 1, 2003.
  • Michaelson, Martin. “A New Era of Corporate Governance Bears Down on Higher Education.” Trusteeship, January/February 2003.

Article Source : http://www.guidestar.org/DisplayArticle.do?articleId=883