 I will welcome everyone to joining us for another episode of The Nonprofit Show. We are so glad that you are starting your week with us today and hopefully you'll stay around for us each and every day this week. Our guest today is joining us from your part-time controller, Angela Coaxham. And we are so glad to have you with us, Angela, and to talk to us about how our nonprofits can safeguard our funds. And so we're going to dive into this pretty deep. Angela has five tips that she's going to share with us. But before we do that, we, of course, want to make sure that we know or you know who we are, but we also need to remind us who we are. That is true. William Patrick, CEO of the American Nonprofit Academy. I'm Jarrett Ransom, your nonprofit nerd, CEO of the Raven Group. And I'm so honored and privileged to serve alongside you, Julia, each and every day for The Nonprofit Show. And of course, we are very grateful to our presenting sponsors that keep this going and growing. We will soon be celebrating 500 episodes thanks to these sponsors that you see on the screen and behind us. So please do check them out. These are fantastic companies. Your part-time controller is not only a presenting sponsor, but of course, as I mentioned earlier, our guest today. We are so honored to have you with us, Angela, and welcome. Thank you, Jarrett. It's certainly an honor to be here. I've watched a number of the shows and it's very informative information. So I'm very happy to be a part of it. Well, you know, we, I said this in the green room chatter and we kind of badmouth the concept of having accountants on the show, not going to lie because I was like, they're not going to really, you know, engage our viewers. YPTC has given us some of our best guests. Absolutely. It's been really great. And so I'm no pressure, Angela. No pressure. I'm always, I'm always following someone at YPTC. So I, I understand the concept, but we are, we are accountants. We are absolutely accountants, but we are accountants who like to have fun. So we're probably not your typical accountants. We really enjoy what we do. And working with nonprofits gives us a lot of gratification, but also helps us to stay grounded. So I love that. And I think when you love what you do, it absolutely comes across, you know? And so I think, I think that's wonderful. And you're right, Julia, like we have had so many guests from your part-time controller, Jennifer, Aliva was really like on call throughout the pandemic and was literally breaking news with us on some Friday sharing some of the latest and greatest of some of the regulations and policies that we needed to adhere to. Well, today you're going to share with us five tips. And I, you know, the show goes by very fast. And so it's going to seem like we're merely scratching the surface. And we probably are. But as we talk about, you know, really looking at our fraud or sorry, looking at our funds and making sure we're safeguarding so that we don't have fraud, talk about this number one tip, which you have listed here as an online bill pay platform. Yeah. So thank you, Jared. It's really important. As you said, unfortunately, fraud does happen within nonprofits. We hate to think about that, but it is true. So one and two talk about some things nonprofits can do to prevent that. The first one is the online bill pay platform. So there are a number of them out there. You know, you can literally just Google it and find some that might be worthwhile for the organizations. But what we feel is really important is that they have a workflow process within them. So, you know, it can be, you know, anyone that's out there, it can be one that you get through your bank because they also offer them. But you want to make sure that it has a workflow process so that there is the opportunity to embed some internal controls in that payment process and segregate the duties so that you don't have the person who's inputting the payables is also approving the payables and then effectively signing the check or issuing the disbursement. You want to be able to have those segregation of duties and the bill pay platforms give you that opportunity. So your team has talked to us about the segregation of duties. Before, and I was fascinated by that because there's so few organizations, even if they have large budgets that have that expanded base and that expanded team. So I see this as a technology that allows you to have that. And I think it's really an interesting aspect of it. And it also seems like more and more of these platforms are automatically engaging with accounting software to add add in even another layer. And I'm wondering if you could briefly talk about that. Is that one of those pieces that should be in place? Yeah, yeah. And it's definitely very helpful to have your online bill play platform connecting directly with your accounting software. So a lot of them do it independently. A lot of them, you know, you can build that in when you implement either the platform or the accounting system. So you just want to make sure that that you're getting that done, that you are creating that linkage to pull that information directly. So it's pulling it from your bank to your bill pay platform right into your accounting system. And that way it also creates a lot of efficiencies so that you don't have to redo things. You're not entering information multiple times. You're just entering it in once, but it's available in both systems. So that is a really important component as well. OK, so let's go to tip number two, because when I saw this, I was like, well, wait a minute, isn't this already, you know, aren't our banking systems already secure? What are you talking about here, Angela? You're freaking me out. Sorry about that, Julia. The banks are generally pretty secure and they do their own monitoring. But what we really want to emphasize here is that the organization should set up their own monitoring processes, so making sure that they are looking at their accounts on a daily basis. And that's the bank accounts and their investment accounts that they're checking that activity. The banks do give you some other security options. Of course, everyone has a password. You have a pin to get into your bank account, but you can also set up a two factor authentication for those online banking access and then enabling to make sure that if someone steals your password, they can't then get into your account because they need this additional authorization from you that can either be an email or a text message that you then need to respond to to get into that account just to make them even more secure than your standard bank account. You know, as annoying as those two factor authentications, which is also really hard to say as annoying as they are, I am right there with you as a best practice because it really does safeguard. You know, as we're saying, one of our most critical assets are financials. And one of the things that we've talked about in Julia, maybe you can can help me remember the statistic. But during this time of the pandemic, there have been so many organizations that have either gone under or literally did not have enough cash to stay afloat and to pay the staff and, you know, to get everything going. And so we really need to protect our finances. And if that means a little bit of an extra, you know, two factor step, I think it's, you know, it's time that we get over our frustrations and just. Yeah, I do think it's really important. Some of these things may be a little bit tedious. Like, you know, who wants to check the bank account daily, but checking it daily can really make sure that, you know, there aren't some unknown debit activities that's coming in or credit activities, making sure that you're staying on top of that. Another thing that we recommend is implementing positive pay for both checks and ACH, and that really gives the organization a way to tell the bank, here's what I want you to make payment on. So these are the checks that I've written. These are the amounts and here's who it's paid to. And if it doesn't come through like that, then don't release payment. And that way you're really securing the cash in your account because the bank won't release it unless it meets those parameters. Wow. And can all of this be done set up, I guess, you know, electronically? Or do you need to have a personal relationship with your banker to ensure these steps are taken? Yeah, you do need to have a personal relationship with your banker. You want to, you know, get them on the phone. A lot of this can be done, you know, electronically. Through the, you know, through the Internet, but you need someone on the other end to make sure that it's all going appropriately and that you're getting the services that you need. And they may even have some other suggestions for you when you sit down and talk with them and and talk about what your concerns are specifically. And that efficiency is so important. Well, as you mentioned, many of these items, rather, can be done online and electronically. That takes me to overall cybersecurity, right? And that, I know, has been something that has really come up quite a bit. But you talk about it in a way to include staff training. And I'm really curious to learn from you, Angela, on what this all entails. Sure. Sure. So, like you said, cybersecurity is something, you know, it's getting a lot of talk. There's a lot of fishing scams that are out there. There's what they call spoofing attacks on organizations. You know, staff is really kind of on the front line of some of these things because they're receiving the emails, particularly in a spoofing attack where someone is, you know, maybe spoofing a vendor, there may be spoofing their boss. So someone might get an email from that looks like it's coming from their executive director that says, hey, I need you to pay this bill. I need you to pay it right now. And here's where I want you to send the money. And, you know, you're frantic because it's your boss and you want to make sure you get things done well for your boss. So you're just, you know, dropping everything and taking care of what came across in that email. And lo and behold, the email isn't even from your boss. It's from somebody else trying to, you know, swindle the nonprofit out of their money. So we want to make sure that people are staying on top of that and really realizing, you know, ways that they can combat that. And education of the staff is really the front line for that. So making sure that there's training in place for your staff on how to look at these emails, how to identify what the schemes are and where there might be problems. So, you know, checking the email address, checking the spelling, checking even the grammar. Does it really sound like my boss? Is this how he talks? Never clicking links in, you know, in email or an unsolicited email. Having frequent reminders to staff and then even doing tests. You can send test emails to your staff to make sure that they're actually following the rules that you set up and not responding to something that's inappropriate. Okay. Hair on fire moment. I would have never thought of that. But, you know, I kind of like that because I think so often, and Jared, we've talked a lot about this, you know, in the nonprofit sector, we never have enough time. We're just going as fast as we can. A lot of times we're going from one fire to another fire. I can see how in our sector, we are a lot more vulnerable to this because to your point, you're trying to get your job done. That's really interesting. Yeah. And it's also a trust factor. You know, we're trusting people. And sometimes we shouldn't be. But, you know, again, when you get that email, you're saying, oh, it's from my boss. I see it. It's coming from his name. And you're just responding to it or her name. Sorry. I shouldn't assume there. That's okay. When you said he, I would say, or she. Absolutely. Well, and I'm curious to, and I'm just, you know, totally thinking right now, just, you know, shooting from the cuff. I know many organizations are still working in this remote environment. And I wonder if, you know, one of those best practice extra steps would be, you know, to message your boss, whoever, within the online chat portal. Like I know one of my clients, we're using the office, Microsoft office. And so we can literally just, you know, have these direct conversations. If you see someone online, that's a great time to say, Hey, I just got this from you. I wanted to confirm. And maybe just have a question to ask, you know, of, is it okay if it goes tomorrow? And then if your boss says, if what, if what goes to Yeah, like, Oh, yeah, absolutely. I mean, you know, we always advise people to pick up the phone. You know, I mean, you know, an online chat is, is fine as well. But what you don't want to do is respond to the email. Don't send the email back and say, Hey, are you sure you want me to send this tomorrow? Can it wait? Because you honestly don't know where that email is going to. It's probably not going to the person you intended. So you want to have that direct contact with them. You know, that is so scary, because many of these items, I would not have thought would be something to exist regardless, but let alone within our nonprofit sector. So, you know, it's really something I'm not very aware of, sadly, and I need to better educate myself on items like this. It's stunning. Okay, now tip number four, we got to get into this and spend a little bit more time. Because this is a question, we've actually had this, this discussion that has come into our Friday ask and answer about the use of organizational credit cards and debit cards. And you are saying eliminate. Okay, talk to us about that. Okay, so the first thing I want to say is debit cards. Never ever, ever, ever, ever use a debit card. That's linked to your organization's bank account. You don't even want to get them from the bank. You don't want to use them period. And the reason for that is, again, it's linked directly to your bank account. Those funds are extremely vulnerable. If that card falls into the wrong hands, usually with that, there's only, you know, a pin and you can gain access. So you never want to use a debit card. But getting to the credit card. So in certain situations, it's okay to use a credit card. But for the most part, we advise our clients, don't use a credit card, you know, you can have a corporate credit card that you use for those online transactions that, you know, have to go through a credit card and they're repetitive. And that's all that it's ever used for. But what you don't want at the situation is handing out credit cards to multiple people within the organization, or even having one credit card that sits in a drawer that someone can sign out or, you know, you hand to someone in the program department and they can go use. That's where your, your really, your funds are really vulnerable in those situations, because again, the card can go missing, anyone can, you know, take down those numbers and use them at some future point in time. So you really want to eliminate that. But in order to be able to eliminate that, you really do have to have good controls in place around reimbursements to employees, because we do find that the best way to do that is to have an employee complete an expense report, submit that expense report, and get paid timely, get reimbursed timely for those expenses. And that actually goes back to kind of point number one, if you have those bill pay platforms in place, then you can really turn those payments around quickly. And what does that mean to you? What's quickly? In a matter of a week, I mean, normally our clients are paying, you know, they're paying their accounts payable once a week, once every two weeks at the most. So, you know, if a staff person is using their own personal credit card, you certainly want to turn that around to them within that two week timeframe before they get their bills so they can pay that out. Okay. So, Jared, I'm thinking about, I mean, we've been really focusing, last week was nonprofit power week, we spent with Fundraising Academy just on major giving. A lot of this now not during the pandemic, but a lot of these discussions are happening over meals, or we're taking our donors out. That seems to me a segment of staff that on a daily basis might be having these entertainment aspects or costs. What do you think, Jared? Absolutely. And that has been, you know, my career path really within the fundraising department. And so, whining and dining, right, or coffee and tea has really been the main environment setting for conversations. And so, really just making sure that the individual has enough funds to do that. And so, if we're not using a company credit card, you know, really ensuring that the staff in which you're asking to incur these costs and then get that reimbursement, you know, it's really critical. And so, back to your point, Angela, with having, you know, these online bill systems that helps to expedite the turnaround so that staff is not out, you know, waiting 30 days to receive their payment. That's something, you know, that is definitely just needs needs to happen quickly, I think for our staff. Absolutely. And if the organization is going to use credit cards, you want to make sure that you have the appropriate internal controls in place. So, you want to have good limits, you know, set limits on the credit cards on what they can, you know, how much they can charge on the credit card, making sure that the employee provides proper support. And that's even if they're asking for reimbursement, they should always have support and provide that timely. And then also, with the executive director, you want to have, again, the proper approval limits, approvals in place. And the executive director's credit cards and reimbursement should always be reviewed and approved by a board member, not a subordinate, but always a board member. Interesting. Okay, I never, I've never heard anyone say that. And I think that's really smart. Before we move on to tip number five. How do you feel about gift cards? I mean, I know that, you know, they still have a layer of issue, if you will. But do you have any sense of that? Is that? Yeah, gift cards are problematic, I guess, in a number of ways. One, again, they can be lost. You know, if you drop a gift card on the ground and it's got $250 on it, the organization is out $250. They can be stolen, they can be compromised. And so, you need very, very tight security on them if you are going to use them. But it's much the same as a credit card. Because if you're giving it to an employee to pay for some expense, they still have to come back and give you those supporting documentations. And you still have to make sure that they're using it for the good of the organization and not for personal benefit. Right, interesting. Really interesting. You know, I will, again, never thought of that. And that's why it's so important, Angela, that you love what you do because you're able to really educate and inform us on some of these things that maybe, you know, I can only speak for myself, I've taken for granted to say, I would have never thought about, you know, a gift card being misplaced or, you know, maybe falling out of someone's pocket, you know, just completely uncontrollably. So that's really important. And I think it speaks to it to having our internal policies and procedures in place. And I think that moves us to our fifth and final tip. Again, you've had five amazing, I should say four so far, amazing tips. And this is the fifth one. And you're going to move us into really what does it look like for the tone at the top, going into building those policies and procedures to ensure not only security, but you know, as we've spoken a couple of times to expedite these charges as well. So how do we look at this or how should we look at this by way of policies and procedures? Yeah, so obviously policies and procedures are extremely important internal controls and documenting what those procedures should be. If they're not documented, you can't expect staff to follow them. So you always want to have them documented, and then ensuring that you're checking in and making sure that staff is following them. But the first item there that tone at the top is really kind of where it starts. I mean, it really always starts at the top with the board and with the executive director, with the high level management, making sure that they're following the policies and procedures, because, you know, it obviously everything rolls downhill. If they're not doing what they're supposed to do, others in the organization are going to follow suit. So you really want to set that tone at the top, making sure that they're reviewing, putting the proper approvals in place. As I said before, the ED's expenses should be repealed by a board member. So having those in place and really people can follow on from that. As far as specific policies and procedures, again, you want to make sure that they're reviewed and updated on an annual basis. You want to periodically track that people are following them. Julia, we talked before about segregation of duties. You always want to make sure that, you know, whatever the function, whether it's payroll, accounts payable, accounts receivable, cash receipts, that there is an appropriate segregation of duties. And of course, that's that is difficult in nonprofits, especially when they're small staff. So you really want to take a look at who is doing what and what's the oversight of that. You can you can get around some segregation of duties issues with proper oversight. So making sure that, you know, the executive director is reviewing the payroll register and reviewing the bank reconciliation. Things like that can really help. Another one is mandatory vacations. So you always want to make sure that that staff are taking vacations, especially those folks in roles where they're handling funds, giving an opportunity one to see how things are working. But a lot of frauds can be uncovered in that way, unfortunately. Interesting. Yeah. And again, you know, as we started this episode, we really want to make sure that we are safeguarding our funds. Unfortunately, you know, fraudulent actions do take place in our sector. I don't always, you know, share our love to share. But there was an organization I was helping and I stepped in as their internal or their interim CEO because they had unfortunately uncovered, you know, an embezzlement scenario. And it was so frightful to see that many of these policies and procedures, you know, these two step factor often, that's clearly a word I cannot say. You know, just were not not done. They were taken for granted. And so when I read tone at the top, you know, for me, that's really the board. And having that true fiduciary oversight, because there's so much that can happen and really take down an organization. I agree. The board is ultimately responsible. And you want to have the folks on the board who are really paying attention, reviewing the policies and procedures and asking really good questions of management and understanding what's going on in the organization. And you said that these policies and procedures should be reviewed annually. Is that correct? Yes, they should. You really want to take a look and see because organizations change over time. You know, staff changes one, but also roles and responsibilities within the organization change. So you really want to take a look at them and see if they're still applicable. See, are we doing what we said we would do? And does it still make sense that this is the policy? Let me ask you this. Just I'm fascinated. I've never heard anyone talk about having a board representation in terms of a review of the CEO's, you know, process for the use of these funds. Would it ever be appropriate or possible that you have your accounting firm or your bookkeeping company do that work? Or I mean, do you see that piece or how does that work? Because ultimately, that accounting firm is hired by the CEO. Right. Yeah. So you're talking about the review of the expenses of the executive record. Yeah. So the I mean, the accounting firm, your auditors, they're independent. They need to maintain independence. So they would not be able to review the propriety, at least on an ongoing basis. You know, they're tasked with doing that at your end for the audit and making an opinion at that point. So they would not be able to step in. Your accountants, I mean, you know, if you were hiring YPTC or some other consultant, it's very similar to your staff, you know, again, hired by the CEO, the ED, or engaged by them. So there's really not the ability to make that review. It's just it's a conflict. It's a conflict for any subordinate. So really our recommendation is that somebody on the board, whether it's the board treasurer, the board executive, the board chair, review those monthly, quarterly, but somebody should be reviewing the expenses of the executive director. Wow. Okay, Jared, I got to throw this one back to you before we end. Do you know of any organizations that are doing that? I don't. I do. And not all of them are doing them perfectly. Right. But I do. And then there's the dual signature on, you know, a certain level of purchases and things like that. So I really think as the organization grows and the maturity of the policies come into place, right, there's a lot more just not the software, but having it safeguarded, you know, and putting softwares in place. I just did a board retreat for a very, like, grassroots startup organization. And they were talking about, you know, having debit cards. And I, like you, Angela, I said, never, never, ever, ever, ever, ever, ever, ever, ever, you know, have a debit card linked to the financial account because it was just so dangerous. Yeah, it can go. Hey, you know, Angela, this has been amazing. Jared and I have loved this conversation because you have given us some new ideas and approaches. I think we're going to be talking about this more and more because of the digital nature that the nonprofit sector is really moving into and embracing on so many different management levels. And so this has been amazing. I want to give everyone the chance to see Angela's information again. Your part-time controller is across this country. How many folks do you have working with you now? Over 375 right now and growing, continuing to grow each day. So nonprofits across this great country can tap into the genius of your teams. And you have so many different things that you can offer. But the wisdom that we've been able to get from you has been magical. So thank you for joining us today. You started off the Monday really well, my friend. This has been great. If you'd missed this episode or you want to share this maybe with somebody else on your team, Hentent, a board member who should be reviewing some internal controls, you can get us on Roku, YouTube, Amazon Fire TV, Vimeo, if you're in Europe or the Middle East daily motion. Again, we want to thank all of our presenting sponsors that you, we would not be here having these robust discussions that happen each and every day. And Jared, you are right. We are marching towards the 500th episode. We are quickly. I know. It's been a blast. So thank you again to everyone that supported us, all of our guests that, you know, share their valuable time and expertise with us. It's really been, it's been phenomenal. I've learned a lot throughout each and every episode. Yeah, it's been amazing. Angela, thank you so much for coming on. You reduced some fears and you kind of exploited some others because you gave me some ideas that, frankly, I hadn't really been thinking about. So thank you. Well, that's been my pleasure. Thank you so much for having me. Well, it's been great. Hey, everybody, as we end every episode, we want to remind you and ourselves, I think, stay well so you can do well. See you back here tomorrow, everyone.