Sarbanes-Oxley and Nonprofits: Bogeyman in the Boardroom?

Although Sarbanes-Oxley wasn’t aimed at nonprofits, some saw the law’s passage as a wake-up call for nonprofits.

Sarbanes-Oxley and Nonprofits: Bogeyman in the Boardroom?
5 mins read

Exploring two aspects of Sarbanes-Oxley that apply to nonprofits.

Somehow, all the publicity about Sarbanes-Oxley made it seem as if this legislation applied to nonprofits, too. But contrary to what is frequently thought (and said in nonprofit boardrooms!), Sarbanes-Oxley is not applicable to nonprofits, albeit with just a couple of exceptions. In other words, there are a couple of small points to note (templates later in this article), a lot to relax about, and a lesson to be learned in nonprofit leadership.

You may remember that this multi-component legislation (nicknamed SOX) was passed by the U.S. Congress in 2002 in response to a large number of for-profit scandals involving Enron, Tyco, WorldCom, Arthur Anderson, and others. Extreme fraud, conflicts of interest on boards, unethical executive compensation practices, and improper auditing led to the failure of these mega-companies and deep, negative impacts on consumers, shareholders, employees, and many other individuals and institutions.

In response, Sarbanes-Oxley set in place a number of required processes for publicly held corporations (corporations that issue stock to the public), of which the best known may be the requirement that the CEO personally vouch for the accuracy of financial statements and that the external audit firm be different from the firm providing financial consulting.

There are only two aspects of Sarbanes-Oxley that are applicable to nonprofits:

  • Strengthened whistleblower protection and
  • Retention of documents related to lawsuits

The new Form 990 also asks whether you have policies related to these two areas, making it more important to get them adopted. To make it easy, nationally recognized attorney Tom Silk of Silk Nonprofit Law has created model policies in each of these areas, and made them available at no charge to the nonprofit community through CompassPoint Nonprofit Services. Blue Avocado is pleased as well to be able to present these for use by nonprofits. See the end of this article for links to these templates.

Perhaps the most intriguing aspect of Sarbanes-Oxley is that many of the provisions it mandated for for-profit businesses were already common, nearly universal practices in nonprofits, including:

  • Requirement that the audit committee be comprised of board members
  • Requirement that audit committee members not be on staff, and
  • Prohibition of loans from the organization to board members.

Although Sarbanes-Oxley was not aimed at nonprofits and its key provisions are already widely practiced in nonprofits, some voices in the nonprofit sector saw the law’s passage as a wake-up call for nonprofits to adopt a variety of governance and financial practices.

For example, Independent Sector, the national coalition that proposes standards for nonprofit governance, now suggests that nonprofit boards include at least one “financial expert,” and provide “financial literacy training” to all board members. While such practices may be good ideas for some organizations, turning them into requirements would be, for most organizations, defensive, unnecessary moves. (Two whitepapers that explore possible implications are The Sarbanes-Oxley Act and Implications for Nonprofit Organizations from BoardSource and Ten Emerging Principles of Governance of Nonprofit Corporations and Guides to a Safe Harbor by Tom Silk.)

The bottom line for nonprofits and Sarbanes-Oxley?

  • A. Adopt and implement a whistleblower policy.
  • B. Adopt and implement a document retention policy
  • C. Consider formalizing such non-required practices such as:
    • If you have an audit committee, have it comprised of board members who are not also on staff, and if you are audited but don’t have an audit committee, consider forming such a committee or task force
    • Prohibit loans from the organization to board members (some states’ corporate laws prohibit this)
    • If you have a financial consulting firm, choose one that is different from your auditing firm
    • Have the full board approve compensation for the executive director and the top staff financial officer
    • Adopt an Ethics or Conflict of Interest Policy

Upcoming issues of Blue Avocado will discuss Ethics and Conflict of Interest Policies and include Model Policies. See also:

Special thanks to attorney Michael Schley and CPA Steve Zimmerman for assistance on this article as well as to the brilliant and generous Tom Silk. This article is adapted from The Best of the Board Cafe, Second Edition, published by Fieldstone Alliance in the fall of 2009. Click here to order.

About the Author

More Posts

Jan is a former editor of Blue Avocado, former executive director of CompassPoint Nonprofit Services, and has sat in on dozens of budget discussions as a board member of several nonprofits. With Jeanne Bell and Steve Zimmerman, she co-authored Nonprofit Sustainability: Making Strategic Decisions for Financial Viability, which looks at nonprofit business models.

Articles on Blue Avocado do not provide legal representation or legal advice and should not be used as a substitute for advice or legal counsel. Blue Avocado provides space for the nonprofit sector to express new ideas. Views represented in Blue Avocado do not necessarily express the opinion of the publication or its publisher.

17 thoughts on “Sarbanes-Oxley and Nonprofits: Bogeyman in the Boardroom?

  1. Let’s set the record straight: Arthur Andersen was cleared of charges. The government overstepped their authority and destroyed a great company.

  2. Interesting article. However, I think that you missed the biggest effect that SOX has had on NPOs: the procedures that SOX requires for publicly traded corporation have been into the Generally Accepted Accounting Principles that are used by CPAs to conduct audits. So, even tho’ our NPO has a budget of only $250K and only 2 full-time employees, we have to separate duties just like Exxon / Mobile, etc.

    1. First off, you mixed up generally accepted accounting principles (GAAP) and generally accepted auditing standards (GAAS). Second off, you mixed up sound internal control procedures (such as segregating record keeping from custody of the assets, known as segregation of duties) and GAAS. If you do not have effective segregation of duties, and your comment sounds as if you did not, you leave your not for profit entity vulnerable to fraud, theft, and embezzlement.
      Effective internal controls including segregation of duties is an auditing concept that pre-dates SOX by many decades. All SOX did, in regards to this, is hold publicly held corporations responsible for having effective internal controls. As a Board member, it is and has been your fiduciary responsibility to have effective internal controls.

  3. Andersen was not cleared of any charges. The conviction was overturned because of the way the judge instructed the jury, and not because of errors by prosecutors. This "great company" was Enron’s auditor and certainly should be seen as involved in the Enron mess. (Not that the many Andersen people uninvolved with that account deserve direct blame.)

    The facts are that, by the 1990s, the big audit firms were more interested in management consulting fees than doing scrupulous audits. I think government was correct in seeking the end of that era, and in prosecuting Andersen when it suddenly decided to destroy tons of documents relating to the work it did for Enron.

    Anyone who wants to read some coverage of what happened in that Andersen court case:
    http://www.washingtonpost.com/wp-dyn/content/article/2005/05/31/AR2005053100491_2.html

  4. It has been my experience as a consulting auditor that since SOX all audits are now fraud audits. Gary Pigg, MBA

  5. As the manager of a small nonprofit (annual budget under $300K, 2 full-time staff) I cannot begin to tell you how frustrating and disruptive it is to the organization, not to mention the outrageous cost…we pay 6K per annual audit. It is the single biggest threat to our well-being.

  6. I’m looking for information regarding a non-profits’ use of donor funds for non-mission related activities. Do you have any articles like this in your archive?

  7. I have read mixed messages about Whistleblower provisions and their applicability to non-profits. Can anyone clarify this for me?

  8. We are a small nonprofit start-up in Michigan. We have no paid employees, this is an all volunteer organization. Would the whistleblower policy be required or necessary?

    1. If your nonprofit is incorporated, then yes, you must establish a whistleblower policy.  If you are not incorporated, it is not required. 

  9. Could someone please provide the specific legal cite for the proposition that a whistleblower policy is required for an incorporated nonprofit? Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *