As a potential incoming board member, I (Tim) wanted to know several things about the organization. I answered “yes” to service because I was interested in the organization's mission and thought I could make a contribution to this mission. I asked to see its bylaws, its latest audit, and the current budget, as well as minutes, a board list, its latest IRS Form 990, and a set of its financial policies. The organization was able to provide all the requested items, except for its financial policies. Apparently the board and management did not have them but did not seem to think that policies were important enough to prioritize creating them. I responded that I would accept the board position only if there was an effort to create board-approved financial policies, and that I would be happy to lead the effort at creating them. Were policies really that important?
We respond in two ways. First, wisdom is enshrined in carefully developed and well-thought-out policies. Second, policies precede practices, just as beliefs lead to behaviors.
Establishing and complying with policy is the fundamental charge of the director, chief financial officer (CFO), or fund manager. Internal policies are your organization's set of policies. External policies are provided by outside organizations and are agreed to as part of the acceptance of their funds.
(a) WHAT IS POLICY? Policies precede procedures, which drive practices. There are two general definitions for policy and procedure, one authoritative and the other practical:
Authoritative
Practical
Policy
A definite course of action adopted as expedient or from other consideration
A set of guidelines or principles defining an organization's philosophy toward how business shall be conducted
Procedure
The act or manner of proceeding in any action or process; conduct
Steps and/or actions to be taken to comply with a specific policy
It is important to distinguish between policies and procedures as well as the difference between procedures and work instructions. After policies, which are more general rules or guidelines, have been established, the procedures for complying with policy can be developed. Procedures are the steps that must be taken to comply appropriately with policy. Make sure that those who are implementing the procedures will easily understand how to comply with the procedures and how this adheres to the overarching policy. Work instructions are the suggested steps that should be taken to comply with procedures. Illustrating, a conflict-of-interest policy (see example later in this chapter) should provide the purpose of the policy and guidelines for knowing when some action or relationship represents a potential conflict of interest, for determining if an actual conflict might occur, for communicating that conflict of interest, and finally the general approach to assist in resolving or avoiding the potential conflict, including the officer, manager, or staff positions that have a role in providing information regarding these conflicts. The procedures to follow might include when and how to contact the officer in the organization who serves as the point person for questions or to report potential conflicts, the time period within which that contact should occur, the different means of contact, information about recusing oneself from deliberations related to the potential conflict if s/he is the party with the potential conflict, and how long is allowed before follow up or resolution of each stage in the process must be completed. Work instructions, if included in this section, might include specific logs or software or portal locations at which reports and status updates are posted and by what time and in what time zone, and how often and to what location backups of the information must be made. Security precautions might be other specifics included in the work instructions.
Essential financial policies include budget policy, fund development policy, investment policies for short-term as well as long-term investments, debt policy, cash reserves or liquidity management policy, banking/cash management policy, internal control and accountability policy, risk management policy, conflict of interest policy, whistleblower policy, and document retention policy. Beyond these financially oriented policies your organization should also have CEO compensation, personnel, accounting and auditing, code of conduct or code of ethics, board compensation/reimbursement, travel expenditure, and fundraising and gift acceptance policies.1
Policy has regrettably been associated with red tape or bureaucracy. Phrases such as “I'm sorry, that's not our policy” as a method of saying no to someone contributes greatly to the perception that policy interferes with productivity, efficiency, and good customer relations. Certainly, in many instances, the negative association with policies is legitimate; many governmental bodies and regulatory agencies are mired in policy that is ineffective and out of date. Also, many policies have become a method of preventing lawsuits rather than what they are intended to be: a set of guidelines (laws, rules) or principles for how day-to-day business should be performed. Negative perceptions might carry some validity but the benefits of well-thought-out and well-communicated policies outweigh the objections. Good policies can lead to more efficiency, not less.
(b) WHY ARE POLICIES REQUIRED? Policy is the rule of law for an organization. Policies establish a common understanding of the overriding principles behind all that we do. Good policies merge all the laws, rules, and regulations from all sources (both internal and external) into a cohesive instrument. Rather than providing new staff members (and board members) with copies of all the various laws, codes, and policies from all of the agencies and organizations that they may work with, policies condense all that information into one set of guidelines, eliminating inconsistencies and redundancies.
Even if policies are not written down, all organizations have policies. Sometimes, to avoid the negative association with the term, organizations may refer to them as guidelines, work rules, or job instructions. Regardless of what they are called or the form they take, they do exist.
If we did not have policies and procedures, a method or plan would have to be established each time someone needed to do something. If we needed to buy something, we would have to find out what rules applied and what procedural steps or actions needed to be taken every single time. In addition, policies enable us to share information by requiring that certain actions be performed and information be gathered in a consistent manner.
Summarizing, we see four benefits to having policies, preferably written ones:
Policies and procedures communicate and reinforce valued standard operating procedures (SOP) and philosophies to board members, staff, volunteers, and donors or grant agencies.
Policies serve as an orientation tool for new board members and new staff or volunteers. Financial and nonfinancial staff alike benefit from well-crafted policies. One cannot assume that key finance staff have adequate education, training, or background: Zimmerman and Masaoka find in their survey of 906 nonprofit finance professionals that just under one-half of organizations' CFOs have an undergraduate degree in accounting and finance (and we add that an accounting major gets about three weeks of coverage of nonprofit accounting, total), and small organizations' CFOs (annual revenues less than $500,000) indicate their knowledge of nonprofit accounting and finance consists of what they picked up from the board treasurer, articles, books, and technical assistance providers.2 Staff turnover is also high, with as many as one in five staff people leaving in any given year.3 Policies might be most helpful to the many smaller organizations: Three-quarters of U.S. nonprofits have annual budgets of less than $1 million, with most even smaller. These smaller organizations often have the executive director handling finances.4 Policy “knowledge transfer” is also critically important for board members as they generally serve for specific terms and there should be a continual turnover of board members. Without policies, there could be a significant loss of knowledge.
Policies help in the management of the organization, as the executive director (ED)/chief executive officer (CEO) cannot be there for every decision that must be made, and policies are the vehicle through which the board influences and governs the organization. (We often hear that boards are “responsible for policy.”) Good policies may help prevent micromanagement on the part of the board. A board's fiduciary responsibilities can be directly tied to policy development and approval.
Policies build and protect the organization's financial strength, particularly those set for cash reserves or liquidity management, fraud prevention/internal control, risk management, investments, debt, employment (background checks), and employee relations (harassment, confidentiality, discrimination, bonding); as a set, good policies regarding cash reserves or liquidity management, internal control, debt, and investments make an organization more “bankable” as well.
Do your current organizational practices give more or less emphasis to the benefits of policy? Exhibit 5.1 alerts you to 10 board member cautions related to finance. Particularly note items #1, 2, and 9, which touch on liquidity, debt, and spending policies. Your financial control policy might include items #4 and 5. Your conflict of interest policy might embrace items #6–8 and 10. As you read this listing of areas of nonprofit board financial malfeasance (misconduct or wrongdoing) and nonfeasance (failure to perform an official duty), think of how policy could prevent or limit the degree of harm.
Source: Jon Pratt, “Financial Malfeasance and Nonfeasance: Ten Pitfalls Boards Should Avoid,” Board Member (September/October 1996): 3. Used by permission.
Exhibit 5.1 Board Member Cautions Related to Finances
(c) COMPLYING WITH AND ESTABLISHING POLICY AND PROCEDURE. One of the jobs of the CFO, as well as all the leaders in an organization, is to promote and establish a positive attitude toward the compliance with policy, either external or internal. If there is no support at the top, there will be no compliance at the bottom. Before staff and managers will comply with policy, they need to receive a clear message from executive management that the organization supports and actually insists on compliance with policy.
External expectations have been increasing over time. As of the time of this writing, 23 states now require organizations of a certain size or raising a certain amount of donor funds to have an audit.5 Depending on the nature of your organization and the specific policy, internal or external noncompliance can range from fraud to poor business management, from felony to raised eyebrows.
(d) WHO SETS POLICY?
Internal. Internal policies are those that are in effect within your organization. These policies must indicate compliance with external policies. (See Exhibit 5.12 later in the chapter for methods to develop these policies.) The board establishes policy, and each department within the organization develops a set of policies that detail compliance with the policy established by the board.
External. External policies are those that affect day-to-day operations but are in charge of an entity outside the organization, such as the government or other regulatory agency. For financial management, compliance with GAAP standards is necessary and accounting policy and financial policies should reflect this compliance requirement.
Policies are very similar to laws: They have a hierarchical structure. Your organization has some form of hierarchy. The board of directors sets the mission and goals of the institution; it communicates this mission to the executives who, in turn, communicate it to the units under their jurisdiction, and so on. At each step in the process, policy is being established.
Organizations that are part of the US government, or do business with it, are required to comply with all US government policies. Within the US government, there is a hierarchy of policies. A simplified diagram illustrating this hierarchy is shown in Exhibits 5.2 and 5.3.
Exhibit 5.2 illustrates how the Center for Cancer Research (part of the National Cancer Institute, which in turn is part of the National Institutes of Health) must comply externally with the policies in the Office of Management and Budget (OMB) as well as internally with the policies of the National Institutes of Health (NIH) and the National Cancer Institute (NCI). The Center for Cancer Research also has its own set of policies with which it must comply. Any organization doing business with it must comply with this same set of policies. Let's say your organization is contracting with the Center for Cancer Research. If each time your staff members had to decipher all the policies in the hierarchy, they would be hindered in doing anything productively; however, if your organization had a broad set of policies that included the requirements of the Center for Cancer Research as well as any other agency with which they did business, work could be conducted both efficiently and effectively.
When the NIH developed its policies, it interpreted the policies provided by the OMB. In turn, the NCI developed its policies from the interpretation of the OMB policy produced from the NIH. Each time the OMB makes a policy change, it causes a ripple effect throughout the entire US government as well as in all the organizations that do business with the government. To see more about the OMB's oversight role in this structure, see Exhibit 5.3.
Unfortunately, many organizations within and outside of the US government have not devoted the time and resources to maintaining their policies, revising or eliminating outdated policies, or incorporating new policies. Policies within the US government – or any organization – can proliferate and become meaningless. Policy evaluation should be an integral element in policy development. We elaborate on this in Chapter 15.
(e) WHERE TO START? Since policies are very often an interpretation of another policy, the core meaning of the policy is often lost after multiple iterations – and the original intent may have been largely forgotten.
With the proliferation of policies without proper maintenance, it is important to start with the original policy statement in developing new policies (or updating of existing policies). Only in the original document, not in the interpretations, can the policies and their underlying philosophy be comprehended. If your organization has dealings with the US government, obtaining copies of the OMB publications is one of the best places to start. (See the most recent listing in Exhibit 5.4.) Even if you do not have business dealings with the US government, the policies from the OMB may be a good model for some of the policies you develop, such as your payables policy.
Source: Adapted from “Office of Management and Budget Circulars: OMB Circulars in Numerical Sequence” n.d. Available at: https://www.whitehouse.gov/omb/circulars/. Accessed: 1/10/2018. PDFs of some of the items referenced here are available at that site.
Of particular interest to the CFO or treasurer is the way in which the federal government has codified and implemented the Prompt Payment Act provisions. The details are included as Exhibit 5.5. We include this not as a model example of the level of detail to which your policy should go – yours will be much briefer and simpler – but to reflect the thoughtfulness and care with which some organizations craft financial policy. Notice how the policy writers included such details as defining the invoice receipt dates and whether to consider cash discounts.
Financial issues are among the greatest sources of stress for your organization's CEO/ED. According to an Illinois statewide survey of all types of arts organizations, finances/ fundraising is the single most frustrating aspect of being a CEO/ED, and finances (apart from fundraising) have the most adverse effect on these individuals in their current position, as seen in Exhibit 5.6.6 We cannot help but wonder how many of these organizations are underfunded and possibly understaffed in the finance function, partly due to the lack of appropriate financial policies and financial strategies. Financial policies are absolutely essential to organizational health and well-being in your organization.
Exhibit 5.6 CEO/ED Frustrations with Financial Position of the Organization
(a) ROLES OF BOARD, BOARD TREASURER, AND CEO/ED. The board treasurer is a key resource in enabling your organization as it devises or revises financial policies. The board as a whole is responsible for setting policy. Whether or not your organization has adopted John Carver's policy governance model, an underpinning philosophy for your policies is that the board governs the organization and is the sole voice overseeing the CEO/ED. The key is not to put more authority in the board treasurer than is warranted, as Carver notes:
Board Treasurers, as commonly used, threaten CEO accountability as well as the one voice principle. Treasurers are typically expected to exercise individual judgment about the financial dealings of the organization. But Policy Governance boards do not allow Treasurers to exercise authority over staff. (Rendering an official judgment of performance against one's own individual criteria has the same effect as exercising authority.) By creating a role with supervisory authority over the CEO with respect to financial management, the board cannot then hold the CEO accountable for that topic. The board should accept responsibility for financial governance (setting policy, then comparing performance) and require the CEO to be accountable for managing finances so that performance compares favorably to policy. The typical use of a Treasurer, when a Policy Governance board is required by law to have one, is to assist the board in making financial policy, never to judge CEO compliance against the Treasurer's own expectations.7
Unfortunately, many boards are handicapped when it comes to setting policy. Partly this is due to their limited understanding of the dynamics of the organization and the markets in which it operates – especially donor and grantor markets. However, even in businesses, many of which have compensated boards, key decision-makers may not comprehend the risks. Evidence gathered by consulting agency McKinsey finds that 44 percent of directors only partly understand the main drivers of value for their organizations, and 43 percent cannot state what the organizations' key risks are.8 We project even lower percentages for nonprofit boards based on our field observations and the studies we have read. Accordingly, the template of policies we offer here may serve as a valuable starting point for board members. As their understanding of their organization grows, they can modify and amplify various aspects of these policies.
(b) FINANCIAL POLICIES: PRESCRIPTIVE OR RESTRICTIVE? A natural tendency, but one that must be resisted, is to prescribe what the organizational management can or should do in many conceivable scenarios. This prescriptive approach to policy is doomed to failure for two reasons:
One can never anticipate all the important future scenarios or their probability of occurrence (witness the donation fall-offs in late 2001 and 2002 after 9/11, after the tsunami and after Hurricanes Katrina and Rita in 2005, after the “Great Recession” that began in late 2007, the wealth effect that emerged after the election of Donald Trump to the presidency in 2016, the “Trump Rally” in the stock market, and the major revision to the tax code that affected the relative value of charitable deductions due to the doubling of the personal exemption in late 2017).
One would not wish to limit the flexibility of managers because new solutions become available over time for dealing with given scenarios.
A better approach is to have a restrictive set of policies, limiting to a prudent degree the responses that may be taken for generic events, such as funding shortfalls. Again, the goal is to put some limits on response categories, not prescribe exact measures to take in each future eventuality. This becomes much clearer with an example; Carver offers a good one:
…consider an Executive Limitations policy in which the board is putting certain financial conditions and activities “off limits.” At the broadest level, the board might say: “With respect to actual, ongoing financial condition and activities, the CEO shall not allow the development of fiscal jeopardy or a material deviation of actual expenditures from board priorities established in Ends policies [about the changes for persons to be made outside the organization, along with their cost or priority].” That covers the board's concerns about the organization's current financial condition at any one time, for there is likely nothing else to worry about that isn't included within this “large bowl” proscription.
However, most boards would think such a broad statement leaves more to CEO interpretation – even if reasonable interpretation – than the board wishes to delegate. Hence, the board might add further details, such as saying the CEO shall not:
(1) Expend more funds than have been received in the fiscal year to date except through acceptable debt. (2) Indebt the organization in an amount greater than can be repaid by certain, otherwise unencumbered revenues within 60 days, but in no event more than $200,000. (3) Use any of the long-term [strategic or capital] reserves. (4) Conduct interfund shifting in amounts greater than can be restored to a condition of discrete fund balances by unencumbered revenues within 30 days. (5) Fail to settle payroll and debts in a timely manner. (6) Allow tax payments or other government ordered payments or filings to be overdue or inaccurately filed. (7) Make a single purchase or commitment of greater than $100,000, with no splitting of orders to avoid this limit. (8) Acquire, encumber or dispose of real property. And (9) Fail to aggressively pursue receivables after a reasonable grace period.
A given board might go into less or more detail than in this example.9
We recognize that there are general areas of guidance that are part of policy statements, as we will illustrate when we get into policy specifics. To the extent possible, though, try to state policy statements restrictively, providing needed boundaries and board oversight.
(c) CATEGORIES OF FINANCIAL POLICIES. For organizations not already having policies, we shall provide categories for these policies and some examples. Larger organizations may wish to establish a second level of policies for operating units. Exhibit 5.7 provides a sample of core financial management policies for operating units.
Exhibit 5.7 Sample of Core Financial Management Policies for Operating Units
We focus mainly on the first two categories in our presentation of organizational policies, but note that many nonprofits are viewing Sarbanes-Oxley legislation as a good guide for the “Regulatory Compliance” category, even though most of the legislation is nonbinding for nonprofit organizations. Accordingly, we will group “Regulatory Compliance” with “Accountability” in our presentation.
(d) ACCOUNTABILITY AND REGULATORY COMPLIANCE POLICIES. Public perception of nonprofit ethics today requires that your organization works on adopting policies that promote and convey an accountable, ethical organization that merits trust on the part of all stakeholders and complies with appropriate legislation and regulation. A Michigan survey finds that only 75 percent of people agree with the statement “Most charitable organizations are honest and ethical in their use of funds.10 Another nationwide donor survey finds that 49% of donors indicate they do not know how nonprofits use the money they donate, 34% of them feel hassled by the frequency of solicitations, 20% of them are not sure who benefits from the work a nonprofit does, 15% had concerns about “enabling” others, and 13% said both that nonprofits always seem to be in a crisis and that as donors they did not have enough information to make a good decision.11
(i) Accountability Policies. Your policy here may be as simple as “using all appropriate communication media to demonstrate XYZ organization's adherence to mission and efficiency.” For example, this may be evidenced by how well the organization meets “charity watchdog” or charity ratings organizations' standards – although, as suggested in Chapter 2, some of these standards may be dysfunctional for your organization's financial health and development. As an example of an accountability disclosure, Exhibit 5.8 is a screen capture from humanitarian organization Convoy of Hope's website. (To review the financial standards promoted by these charity ratings agencies, refer back to Chapter 2.)
Here are some questions to ask yourself as you and your staff prepare your organization for accountability and for establishing your accountability policies:
Are our Form 990 reports easily available?
Do we publish our annual reports with financial data and outcomes measures?
Do we rely on annual independent audits (if appropriate)?
Do we create necessary policies and enforce them regularly?
Do we avoid and manage conflicts of interest?
Do we understand our board's role and responsibility? Does our board review the Form 990 and financial statements?
Are we familiar with intermediate sanctions, and do we have policy to prevent situations that would cause them to be levied?
Do we keep accurate, timely, and well-organized records?
Do we know applicable federal regulations and our state's laws?12
Conflicts of interest are a huge front-burner issue today; in Exhibit 5.9 we provide an example of a conflict of interest policy.
Source: From “Boardroom Dancing,” a handbook for nonprofit boards written by Jan Masaoka and Jude Kaye of CompassPoint Nonprofit Services (February 2000). Used by permission.
(ii) Regulatory Compliance Policies Some of the items here overlap with accountability, as you will see in the next list of items to consider in your policies:
Form 990 and other financial reports. Although you may not formally address this aspect of your external financial reporting in a policy statement, your organization may show accountability and market itself at the same time through the Form 990. Nonprofit auditing and consulting firm Capin Crouse LLP offers some wise counsel in this regard, which we have included as Exhibit 5.10.
Exhibit 5.10 Marketing Your Organization through Your Form 990
Audits
Outcomes measures (that these will be developed, measured, and managed)
Human resource management policies (see Chapter 14)
IRS tax withholding from wages and salaries.
Hiring policy, including use of background checks (e.g., credit checks or criminal record checks).
Performance review and promotion policy.
Sexual harassment policy.
Nepotism policy.
Diversity and nondiscrimination policy.
Exclusion to discrimination on religious grounds if faith-based organization.
Grievance policy.
Other relevant laws, statutes, guidelines.
Internal control policies and procedures bridge accountability and regulatory compliance, enabling your organization to reduce the potential for fraud. As an illustration, here are the guidelines for internal control for National Endowment for the Arts (NEA) grant recipients:
We recognize that human resource management policies are not financial policies per se, yet they have important financial repercussions, and someone in the organization will have to ensure that these policies are developed, communicated, and enforced.14
(e) FINANCIAL AND FINANCIAL MANAGEMENT POLICIES. We strongly believe that a well-articulated set of financial policies will be your organization's key driver to achieve maintenance of its target financial position – the primary financial objective of a nonprofit, as noted in Chapter 2 – and a contributory driver for mission achievement as well as accountability substantiation.
Here are the areas for which we would like to see policy established. Some of these are board-level policies, others are functional or operating unit policies:
Lower-bound limitation on number of months of expenses held in operating reserves (typically a minimum of three months, but many consider at least six months as prudent)
Limitations on use(s) of cash reserves, including purpose(s) and dollar target and basis for establishing that target (e.g., prefund one-third of the forthcoming church building capital expenditure in a separate building/capital project reserve)
Limitations on use of quasi-endowment (if a board-designated quasi-endowment is held), basis for that quasi-endowment, and how large it should be
Limitation on how depository bank(s) is (are) selected (e.g., competitive bids must be used)
Limitation on maximum number of depository relationships
Limitation on target balance or fee compensation (if any)
Limitation on maximum account balance (usually for FDIC insurance purposes)
Preference for relationship approach or transactional approach
Insurance and risk management policies (see Chapter 14)
Specific identification of all the risks that the organization faces, how these will be monitored, and how a “global” or comprehensive risk profile shall be developed, monitored, and managed
Limitations on types of insurance that will be used or coverages that will be carried
Use of background checks and other pre-screening of potential employees
Use of employee bonding
Use of directors' and officers' liability policies
Use of other liability policies
How volunteer risk exposures will be handled
Use of property and casualty policies
Purchasing policies
Restrictions on minimum number of vendors from which bids must be solicited
For what services will organization use requests for information (RFIs) and requests for proposals (RFPs)
Restrictions on how final vendor decision and pricing may be established
Restrictions on how quickly vendor contracts can be negotiated or renegotiated
Restrictions on how long before a contract must be rebid
Restrictions on board or manager relationships with service providers used
Maximum dollar expenditure that various positions can authorize without higher-level, including board, approval(s)
Budgeting and financial planning policies (see Chapters 8 and 9)
Development of operating budget and frequency of board review of budget versus actual results
Whether and how often will operating budget and cash budget projections be compared
Capital budget development and limitations on evaluation techniques (e.g., must have at least 15 percent return on invested capital for new earned income venture to be approved)
Use of windfalls (e.g., midyear unexpected bequest comes in)
Spontaneous financing (e.g., accounts payable and accrued wages)
Debt reduction policy
Limitation on long-term borrowing
Allowable uses
Disallowable uses
Use of swaps and other derivatives to manage bond principal and interest
Internal controls and reporting policies
Conflict-of-interest policy
Whistleblower policy
Document retention policy
Fraud prevention policy
Audit policy
Others
External reporting policies
Donors
Grantors
Community
Other stakeholders
State attorney general and/or secretary of state
IRS
Other
Fundraising policies
Donation use and receipting
Use of restricted funds for restricted period or restricted purpose
Policy to solicit unrestricted donations
Policy in event donor intent cannot be honored
Gift conversion policy (e.g., will stocks or bonds be sold immediately upon receipt of ownership?)
ECFA (or similar ethical fundraising standards compliance)
Others
For more specifics on a number of these policies, consult the online sources listed in Appendix 5A.
Because the primary financial objective for most nonprofits is achieving an appropriate liquidity target, we provide further guidance on how to do this in Exhibit 5.11. In that exhibit, we clarify the distinctions that we draw between operating cash, operating reserves, cash reserves (which we see as including operating reserves but also incorporating strategic reserves and other reserves), appropriate liquidity target, and your long-term funding targets. While we do not claim to have the last word on these measures, we believe you will find careful study of this exhibit to be helpful. We provide further guidance in our more advanced treatment of different ways to calculate and measure your appropriate liquidity target in Appendix 5B. Finally, you will also find the material presented in Chapters 7 and 8 helpful (as noted earlier, also see Section 2.6 in Chapter 2 and Section 15.8 in Chapter 15).
Exhibit 5.11 Cash Reserves Operating Reserves Strategic Reserves ALT
Reinforcing the importance of a liquidity management policy (or liquid reserve policy), you no doubt hear of the many underfunded organizations and how severe the effects of underfunding are. Related to mission and program, we hear often of service cutbacks due to financial shortfalls. Yet if organizations had sufficient liquid reserves, current-year funding shortfalls would not necessitate service cutbacks. The reality is that many organizations are cutting back on programs and laying off staff due to such shortfalls. Study Exhibit 5.12, noting these effects on New York City nonprofits, and how few of the actions were a matter of strategic choice.
Source: New York City Nonprofit Executive Outlook Survey. Baruch College, Spring 2005. Used by permission.
This survey was conducted by Jack Krauskopf and Gregg Van Ryzin at Baruch College, and co-sponsored by the Nonprofit Group and Survey Research Unit in the Baruch College School of Public Affairs, Human Services Council of New York City, Federation of Protestant Welfare Agencies, UJA-Federation of New York, and United Neighborhood Houses of New York.
Exhibit 5.12 Results of Inadequate Liquid Reserve Policy for New York City Nonprofits
(f) DATA INTEGRITY POLICIES. Areas that you may wish to cover in your policies related to data and data integrity include:
Privacy
Confidentiality
Records (document) retention
E-mail
Access and sharing limitations
Cybersecurity (also known as information technology security)
Appendix 5B also provides guidance on crafting your organization's liquidity target.
Financial policies are not a one-size-fits-all concept; each organization will have different needs at different times and as these needs change, policy updates are essential in order to maintain relevance.
5.3 PUTTING POLICIES INTO PLACE
After collecting required copies of external policies, such as those imposed by grant agencies or governmental agencies, we must determine which internal policies will be developed or modified. Then the process of developing internal policies can begin, as we detail in Exhibit 5.13. In cases involving high-level policies, which are largely our focus in this chapter, the committee (step 1) would be either a board committee or an advisory committee, and the approval would come from the entire board (step 4), not organizational management. Clearly, the board would want to gather input on proposed policies from some managers before voting new policy into place, but it should be clear that this is just that – input – and the board is the body making high-level policy decisions.
Exhibit 5.13 Steps to Develop and Introduce New Policies
For policies that are not high-level in nature but address accountability and financial management for monies that have been allocated to operating units, an internal committee of management and staff can work on policy review. At one university, a policy review committee was established to produce a new streamlined set of policies as well as to reconcile the inconsistencies and redundancies in their existing policies. The charge of the review committee was to develop policies that were true to the original spirit of the policies established at the OMB and to comply with all of the various agencies within the government and nongovernmental organizations. After several months, the committee found that these departmental/program financial management policies could be divided into four main categories, as shown earlier in Exhibit 5.7.
5.4 ESTABLISHING PROCEDURES
The purpose of policies is to combine all rules (external and internal) into one set of rules that do not conflict with one another. After policies have been established, the procedures for complying with policy can be developed.
It is important to distinguish between policies and procedures as well as the difference between procedures and work instructions. Procedures are the steps that must be taken to comply appropriately with policy. Work instructions are the suggested steps that should be taken to comply with procedures.
Very often, individuals feel constricted by procedures because they confuse the literal procedure with the work instructions they have been taught. They are unable to respond dynamically to changes within the organization or special needs of constituents because they are attempting to comply with outdated job instructions.
At one nonprofit institution, a seminar was presented in contract and grant accounting. One of the attendees had been performing her duties in the same manner for more than 20 years. She had always saved a copy of each invoice and packing slip she received and filed it with the original purchase order documents. During the delivery of the course, the use of a new technology was introduced that would allow her to maintain a checklist of this same information, allowing her to throw the invoices and packing slips away. Visibly upset, she confronted the instructor, claiming that this change was not appropriate and violated policy. What had happened was this:
The institution had a procedure that specified that all invoices, prior to payment, must be reconciled to the original purchase order. In addition, the merchandise must be received in good condition and as ordered (reconciling the packing slip to the order).
Her department had complied with this procedure by saving a copy of the invoice and packing slip. The stapling of the documents indicated that they had been reconciled.
The woman had confused the procedure with the steps with which she had been taught to comply; therefore, she refused to believe that a log would suffice as a method of complying with the procedure. This example illustrates how staff may interpret work rules as procedure and also how careful an institution must be about mandating how work should be performed.
Procedures should contain only those steps that are required by policy. If work rules or job aids are produced, staff members need to understand that those rules or aids are not policy or procedure, but only a method of compliance. Refer to Exhibit 5.14 for the steps to develop procedures.
Exhibit 5.14 Developing and Maintaining Procedures
5.5 FINANCIAL POLICIES AND PROCEDURES IN PRACTICE
The Johns Hopkins Listening Post Project, which is regrettably no longer active, served as a good source for current practice in relation to policies and procedures. Over 200 respondents provided evidence of fairly widespread implementation of board-level oversight and policy making. “Highly” or “significantly” involved boards were found engaged in these practices:
Board roles.
Reviewing auditing and accounting policies and practices (83 percent).
Financial disclosure. The overwhelming majority (97 percent) of sampled organizations have undergone an independent audit within the past two years and comparable proportions (95 percent) regularly distribute their financial reports to their boards.
Ethics protections. The overwhelming majority of responding organizations also already have other policies and procedures in place to promote accountability and ethical behavior. This includes:
Internal controls on finances and financial accounting (98 percent);
Records retention policies (84 percent);
Conflict of interest policies (83 percent);
Travel expense policies (81 percent);
Compliance programs for regulation (81 percent); and
Codes of ethics for board and staff (73 percent).
Even among smaller organizations, a majority have such policies in place.15
We offer a caution regarding interpreting some other results from this survey. The study noted that 83 percent of the boards were heavily involved in reviewing auditing and accounting policies and practices, and we would surmise that accounting policies and practices would include many of the policies addressed in this chapter. No doubt, respondents were not entirely sure about what is meant by “basic management policies”; some respondents would interpret this as program-level or unit-level policy. As a result, only 40.5 percent of all organizations reported having boards “highly” or “significantly” involved in setting basic management policies. Here are several other pertinent findings about the differences seen in board practices at large organizations versus small organizations:
Boards at large organizations (expenditures over $3 million) were more involved in organizational finances than those at small organizations (expenditures under $500,000). Included here were functions such as establishing, reviewing, and approving compensation for the executive director (96 percent of large organization boards highly involved vs. 72 percent of small organization boards); and approving significant financial transactions (81 percent vs. 60 percent).
On the other hand, the boards of the smaller organizations tended to be more heavily involved in some of the more detailed managerial functions, such as setting basic management policies (72 percent of small organization boards highly or significantly involved vs. 42 percent of large organization boards); setting program objectives (56 percent vs. 38 percent); setting program performance measures (56 percent vs. 34 percent); setting compensation for staff other than the CEO (48 percent vs. 23 percent). Clearly, as organizations grow in size and complexity the capacity of the board to remain intimately involved in organizational management declines.16
Significantly, one of the main conclusions from the University of Wisconsin-Milwaukee study of Milwaukee-area nonprofits is that boards limit their policy-making prerogative mainly to auditor engagement and conflicts of interest. Although those two items constitute a good start, the study advocates that boards go beyond these areas to construct policies in other areas. The authors' findings are insightful:
Setting policy has long been associated with good governance, and the majority of local Boards have determined that policies are critical with regard to engaging an external auditor and protecting against conflict of interest. Yet, many other aspects of risk management or protecting the public's interest should also be addressed with guidance from policies. Recommendation: Produce templates and offer consultation to assist Boards in developing policies suitable to their level of sophistication.17
Finally, Melanie Lockwood Herman, executive director of the Nonprofit Risk Management Center, offers the following “best practices” advice for you and your executive team and board as they are confronted with governance issues:18
Ask questions such as, What's the purpose? What does it mean? How does it work? What is my responsibility?
Always listen to the small voice saying to speak up.
Keep in mind that it's okay to change an answer. [We would add here, do so openly and explicitly, and give the reason for the change.]
Have the courage to ask tough questions, rather than boasting about having all the answers.
We have endeavored to help your organization to construct a useful set of policies to better enable it to achieve its mission. By restricting management's actions appropriately and establishing an adequate liquidity reserve, your organization will be well on its way to achieving financial management proficiency. Consider the guidance in Appendix 5B as you craft or refine your organization's liquidity management/cash reserves policy.
5.6 ADDITIONAL RESOURCES
The development of effective policies and procedures is not a simple task. If you do not have the resources to devote to this effort, networking with other similar organizations may yield a solid set of policies that can be modified.19 In addition, government institutions must provide copies of their policies. Many policies of government and private organizations may be found in your local library and on the Internet. Appendix 5A lists some of the best policy Websites available at the time of this writing. If you are crafting a target liquidity policy, have a look at Appendix 5B. We provide guidance on various ways you might express your organization's Appropriate Liquidity Target. In our book's companion website, we provide Tim's complete set of sample financial policies.