By Michael Kirby, Principal 8601 Robert Fulton Drive l Suite 210 l Columbia, MD 21046 l 410-423-4800 l Fax 410-381-5538 l www.uhy-us.com UHY LLP pr ovi des sol ut i ons t o nonpr of i t f i r ms i n account i ng, t ax and consul t i ng. Fraud Risk Management Programs Does your organization have one? By Matthew Duvall, Senior Manager O ne of the most damaging ef- fects a fraud can have on a non-profit organization is a tar- nished reputation. Sure, a fraud re- sultingfromanemployee skimming funds certainly has an immediate fi- nancial impact, but the blemish on an organizations reputation can have far worse consequences. Procedures can be implemented by an organization to strengthen in- ternal controls and ultimately re- duce the risk of fraud ... (I say re- duce and not eliminate because as soon as a control is created, someone can start crafting a way to circumvent it). The AICPA 2013 Audit Risk Alert: Not-For-Profit Entities Industry De- velopments included the recom- mendation that an organization develop a formal fraud risk man- agement program, including a fraud risk assessment. The goal of this assessment is to identify cer- tain vulnerabilities and gaps in in- ternal control that could leave the continued on page 2 the next level of service For more information, please contact Jennine Anderson at janderson@uhy-us.com Nonprofit Insider April 2014 Vol. 5 No. 2 to file in the current year as a small plan, which means no audit is re- quired. Once the number of eligible participants as of the beginning of the plan year exceeds 120 then the plan must have an audit. The plan would complete a Schedule H in its form 5500 for the current year as a large plan. Eligible participants as defined by the IRS in its form 5500 instructions, in- clude the following: (1) active partici- pants, who are individuals currently employed by the plan sponsor, covered under the plan, and receiving credited service [this includes those eligi- ble, even if they are not actually participating]; (2) retired or separated participants, who are in- dividuals no longer workingfor the planspon- sor and are either receiving benefits or are entitled to re- ceive benefits and (3) deceased partic- ipants, defined as individuals who have died and have one or more of their beneficiaries either receiving benefits or entitled to receive benefits. Y our com- panys com- pliance with U.S. Department of Labor (DOL) and Internal Revenue Service (IRS) regu- lations is critical, as noncompliance penalties can be severe, and can potentially result in a plan disqualification. Do You Need An Audit? One area where there con- tinues to be confusion among plan sponsors is the question of when a plan audit is required. If a plan has over 100 eligible participants as of the beginning of the plan year, an audit is re- quired. However, there is the 80-120 rule whereby a plan could forego the audit requirement. If the plan filed a Schedule I (eye) the prior year as a small plan, and the number of eligible participants as of the beginning of the current year is under 120, the plan may elect UHY LLP Mid-Atlantic continued on page 2 Our firm provides the information in this newsletter as tax information and general business or economic information or analysis for educational purposes, and none of the information contained herein is intended to serve as a so- licitation of any service or product. This information does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisors. Before making any decision or taking any action, you should consult a professional advisor who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided as is, with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to war- ranties of performance, merchantability, and fitness for a particular purpose. UHY Advisors, Inc. provides tax and business consulting services through wholly owned subsidiary entities that operate under the name of UHY Advisors. UHY Advisors, Inc. and its subsidiary entities are not licensed CPA firms. UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc. and its subsidiary entities. UHY Advisors, Inc. and UHY LLP are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. UHY is the brand name for the UHY international network. Any services de- scribed herein are provided by UHY Advisors and/or UHY LLP (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members. We have seen a number of plan sponsors performing the count of plan participants using only those current employees actually partici- pating in the plan. This is not correct, so be very careful when counting your eligible participants. FollowYour Plan Document Employees at the plan sponsor who are responsible for the plans opera- tions and compliance with the DOL and IRS regulations should maintain a copy of the plan agreement (includ- ing any plan amendments) and be fa- miliar with all the provisions in the agreement. Those individuals in the HR and payroll departments should fully understand the plan provisions, including eligibility, definition of com- pensation, distributions, loans, and so on. The actual operations of the plan need to mirror the provisions spelled out in the plan agreement. If opera- tions do not mirror the provisions, or if any provisions are vague or unclear, we recommend that the plan sponsor consult with an ERISA attorney. What If You Are Noncompliant? If you believe your plan might have operational defects or noncompliance issues, prompt attention is warranted. Our experience with the DOL and IRS is that they expect plan sponsors to be proactive both in identifying opera- tional defects or noncompliance, and then in correcting such occurrences in a timely manner. The IRS offers a system whereby a plan sponsor may voluntarily correct operational de- fects and noncompliance issues. First, under this Employee Plans Com- pliance Resolution System (EPCRS), mistakes can be corrected in the fol- lowing ways: (1) Self-Correction Pro- gram (SCP), which permits a plan sponsor to correct certain plan fail- ures without contacting the IRS; (2) Voluntary Correction Program (VCP), which permits a plan sponsor to, any time before agency audit, pay a limited fee and receive IRS approval for correction of plan failures; and (3) Audit Closing Agreement Pro- gram (Audit CAP), which permits a plan sponsor to pay a sanction and correct a plan failure while the plan is under audit. There are certain eligibility require- ments that have to be met in order to use the SCP, but if you are able to use this program there is no fee. If the plan sponsor enters the VCP, there is a fee and certain documents have to be prepared and submitted to the IRS to obtain IRS approval. The fees vary, but for a plan with plan participants of between 101 and 500, the fee is $5,000. We strongly encourage any plan sponsor that believes it might have operational defects or noncompliance issues to contact an attorney who spe- cializes in retirement plans and ERISA. Additionally, a CPA firm that special- izes in audits of retirement plans should be contacted to assist with ef- forts to determine the extent of any operational defects and noncompli- ance that might have occurred. We here at UHY will be happy to help. organization open to both finan- cial and reputational damage. Since it is in the best interest of everyone to prevent fraud, the AICPA has provided guidance in developing a fraud risk assess- ment. According to the AICPAs Audit Risk Alert, the fraud risk as- sessment developed by your or- ganization should identify: 1. fraud schemes that could po- tentially occur; 2. The possible concealment strate- gies that could be used by the fraudster to avoid detection; 3. The individuals who pose the highest risk of committing fraud; 4. The controls currently in place to deter or detect fraud, and; 5. A list of red flags that can be used to educate the organiza- tion, including employees and board members. Developing a fraud risk manage- ment program can be created us- ing some of your organizations most valuable resources, i.e. your skilled management teamand en- gaged board members. If your organization already has a fraud risk management program, great; youre already one stepahead of a potential fraudster. You should, however, consistently update the programand include the items iden- tified by the AICPA above. If your organization has yet to de- velop a fraud risk management program and a fraud risk assess- ment, it isnt too late to start. Retirement Plans: Are You in Compliance? continued from page 1 Fraud Risk Management Programs continued from page 1 the next level of service