Governance, financial reporting and audit A guide for Oxfam Novib partners Hans Christiaanse Ahmed Kulane Pierena van der Woude Oxfam Novib December 2008
Table of contents 1 Introduction 2 Good reporting guidelines 3 Audit Annex A: Good Practises of annual financial statements 2
1 Introduction Key in the organisational development of Civil Society Organisations is the continuous process of improving and upgrading of their (financial) management capacity. This is necessary in order to be able to realise organisational objectives more effectively and efficiently. Next to this, an adequate level of (financial) management capacity is one of the main conditions for legitimacy, accountability and sustainability of the organisation. Why are (financial) management issues problematic for civil society organisations 1? - The nature of civil society as a sector contributes to questions about legitimacy and accountability in several ways. For example, CSOs often mobilize people and resources through their commitments to social values and missions that enhance the public good. Their reputation as legitimate and accountable stewards of those missions is vital to their ability to recruit staff and allies to their causes. If CSOs leave questions about their legitimacy and accountability unanswered, they risk undermining organisational identities and operational capacities that depend on values and voluntary commitments. - A second common attribute of CSOs is that they have diverse stakeholders that make competing accountability claims. Unlike a corporation or a democratic government, CSOs are not primarily accountable to clearly defined stakeholders. Civil Society Organisations are accountable to donors for their resources, to beneficiaries for delivery of goods and services, to allies for performance of joint activities, to staff and members for meeting their expectations, and to government agencies for complying with regulations. - A third attribute of many CSOs is their predilection for taking up issues on behalf of poor and marginalized groups. This bias is the basis for raising funds and support from charitable donations. This specific role of CSO requires adequate management mechanisms to assure effective changes for the target group. - Issues of civil society legitimacy and accountability have emerged as particularly important in the last five years due to several factors. First, many questions about civil society reflect concerns about the legitimacy and accountability of many institutions. Concerns about corruption in government agencies and unacceptable practices by business organisations are often as urgent as concerns about civil society. Second, some legitimacy and accountability questions grow out of the problematic behaviour on the part of some civil society organisations. Third, some current challenges to CSO legitimacy and accountability come from agencies that have been targets of civil society advocacy activities. When CSOs exert political and social pressure on behalf of marginalized constituencies, for example, they may inspire counterattacks by powerful interests. Government agencies charged with corruption, corporations pressed to change bad business practices, and intergovernmental institutions challenged to alter projects or policies have often questioned the legitimacy and the accountability of their challengers. - All these demands on CSOs have been further complicated by their expanding roles in the sphere of social development and change. Civil society actors in the past have often been seen as gap fillers, providing services not available from the market or the state. However, in recent years they have increasingly taken on capacity building and policy advocacy roles that make them participants in multi-sectoral governance processes. While much civil society work has historically been focused on local problems, CSOs now increasingly work at 1 Source: Civil Society Legitimacy and Accountability: Issues and Challenges. Centre for Youth and Social Development, CIVICUS and Hauser Centre for Nonprofit Organisations Harvard University. March 2006 3
national and transnational levels as well. Their emerging roles in large-scale initiatives require new attention to the issues of legitimacy and accountability. In general the shortcomings within Civil Society Organisations are quite complex and diverse. The consequences of these shortcomings depend between others on the leadership, organisational culture, experience, political and social environment of the organisation. It will not be possible to present a complete overview of all existing weaknesses but the following areas and elements have been mentioned very often: 1. Custodianship and Corporate Governance As a registered organisation with a separate legal identity, an SCO entrusts certain responsibilities to those who govern it, usually a Board of Trustees or Management Committee. The Trustees or members of the Board are collectively responsible for the custodianship of the organisation s resources and have a duty to ensure that they are utilised in accordance with the constitution and any contractual agreements entered into, for example, with donor agencies. Elements for improvement: - Better understanding of the liability and obligations of Board, depending on legal / juridical status - Compliance with National Regulations and Law (e.g. income tax act) - Ownership of assets and investments - Defining and monitoring of the strategic directions. A Board should guard legitimacy of the organisation as per its statutes, structure (including members, supporters and other stakeholders), mission, objectives and range of activities (in relation to reach of beneficiaries). The Board is responsible for the general vision, organisational culture, rules and regulation of the organisation. - Authority of Board and relation to management, independency from management is not always assured. - Capacity of Board to monitor functioning of the management on efficiency and effectiveness. - Availability of tools and compliance of internal checks and balances - General functioning of the Board for appropriateness, specifically considering composition, recruitment, financial management skills, commitment and availability, formal and actual role/tasks/responsibilities and frequency and quality of meetings. 2. Accountability and internal control Every organisation must be accountable to someone. A SCO, just like a commercial organisation, has its shareholders and investors - donor agencies, members, beneficiaries, governing body and the general public. Those who have invested not just money but also time, effort and trust in the organisation and are interested to see that the resources of the organisation are used effectively and for the purpose for which they were intended. Elements for improvement: - Competence and independence of accounts department and its role in budget preparation, reporting and financial decisions - Adequacy, efficiency and effectiveness of internal control over payments, expenditure, assets and inventory items. - Compliance with grant agreement terms - Internal control specifically referring to branch offices, field staff, division of responsibilities etc. - Internal auditing (independence, verification of expenditures, reporting, follow-up etc.) - Budgetary control and procedure for periodic monitoring and progress of project 4
- Authorisation of expenses and booking expenses under appropriate account heads and budget head. - Availability of sufficient back-up documents (including bills, vouchers, logbooks etc.) 3. Integrity and ethical values Integrity (honesty or trustworthiness) of an organisation has to be beyond question for proper financial management. To achieve this there must be no doubts about how funds are being utilised and the records must be a true reflection of reality. Managers must protect themselves from any suspicion of mis-handling of affairs by ensuring adequate controls are built in to systems and procedures. The CSO work requires much personal involvement but it must be so done with utmost honesty. The financial management of the organisation must reflect the true picture of the reality. Any kind of window dressing or mis-statement of reality in financial systems can raise the question of integrity. If any change in programmes, activities, or expenditure takes place then it should be reflected in the financial records of the organisation. Integrity is closely related to honesty or trustworthiness or reliability. It should be integrated into projects staff right from selection for employment. Nothing will be entrusted to a management that cannot be trusted. Elements for improvement: - Leadership and organisational culture - Internal and external communication - Monitoring and evaluation methodologies - Cost effectiveness awareness - Policy on staff salaries, staff loans and per-diems - Code of conduct - Fraud policies and procedures 4. Transparency and Disclosure Any good financial management system should disclose all the necessary information. The law prescribes minimum disclosure. SCO have higher involvement of stakeholders and ought to go beyond such minimum legal requirement. Besides legal and voluntary disclosure, stakeholders may at any time ask for specific disclosure. Like Oxfam Novib requests their counterpart organisations to present reports in line with their General Conditions and guidelines for reporting and the Board of a SCO needs quality information for their decision making, monitoring and (financial) management assessment. SCO which receive money with specific objectives of benefiting the masses should always expect disclosure questions from the stakeholders. Elements for improvements: - Accounting standards not fully in line with International Audit Standards, National Accountancy Legislation or General Accepted Accounting Principles - Auditors approach SCO as an enterprise and pay insufficient attention to the specific requirements from the different stakeholders. - Harmonisation of donor requirements - Quality Management Letter and follow up. - Disclosure on accumulation of funds and reserves policy - Methods employed to prepare and present budgets and report. - Accounting systems to provide required information on organisational level - Consistency of information over the years to enable comparative analysis and transparency - Documentation and record keeping. 5
5. Risk Management 2 The underlying premise of risk management is that every SCO exists to provide value for its stakeholders. All organisations face uncertainty and the challenges for management is to determine how much uncertainty to accept as it strives to grow stakeholder s value. Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. Adequate risk management enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks, and efficiently and effectively deploys resources in pursuit of the entity s objectives. Risk management encompasses different elements for improvement: - Aligning risk appetite and strategy Management considers the entity s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks. - Enhancing risk response decisions Risk management provides the rigor to identify and select among alternative risk responses risk avoidance, reduction, sharing, and acceptance. - Reducing operational surprises and losses Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses. - Identifying and managing multiple and cross-organisational risks Every organisation faces a myriad of risks affecting different parts of the organisation, and risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks. - Seizing opportunities By considering a full range of potential events, management is positioned to identify and proactively realize opportunities. These capabilities inherent in risk management help management achieve the entity s performance and objectives and prevent loss of resources. Risk management helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the entity s reputation and associated consequences. In sum, risk management helps an entity get to where it wants to go and avoid pitfalls and surprises along the way. 2 Source: COSO Enterprise Risk Management Integrated Framework Executive Summary. Page 3 6
2 Good reporting guidelines 2.1 Introduction This guideline is developed for assisting your organisation to improve the annual progress financial reports and Audited Annual Financial Statements. As you may know, Annual progress financial reports, Audited Annual Financial Statement and the Auditors report are important sources of information for Board of Directors, donors, staff, beneficiaries and other stakeholders. Therefore these reports should provide sufficient insight of the financial management and the financial performance and position of the SCO. Unfortunately, the reports of many SCOs do not often have the necessary quality and the information to satisfy the needs of those who use them. One of the problems is that the board of directors and the management of the SCOs are not aware that it is their responsible to prepare the annual of the organization and present to the auditor to certify it. Instead they submit a trial balance to the auditors to prepare annual financial statements which they then audit. As result the auditors prepare annual statement that has the minimum necessary information and disclosure to comply with the statutory and annual financial statements reporting requirements. Some of the small SCOs think that the audited annual financial statements report is a donor requirement which they have to comply with in order to access grants. Therefore, the preparation of Annual Financial Statements is not an integral part of their financial accounting and reporting system. A best practice format financial statements is attached to this guide. This format includes the reporting requirements set by Oxfam Novib on the financial statements in the General Conditions. This guide needs to be seen together with Oxfam Novib General Conditions as well as Oxfam Novib Guidelines for Reporting. Compliancy to these conditions and guidelines is essential. 2.2 Guidelines and requirements for the financial statements The following are issues to consider when preparing audited annual financial statements: 1. In most countries the preparation of audited annual financial statements is statutory requirement which the SCO has to comply with. Further, these statements are important part of accounting for the funs of the organization to those provided funds (donors and contributors) and the other stakeholders of the organization. 2. Keep in mind that donors and other stakeholders are interested to get the answer of the following question: Has the organization spent all the received funds from donors and other sources during the past financial year in line with the signed financing agreement in pursuing the goals of the organization? 3. Annual financial statements report usually consists of balance sheet, Income and Expense statement, Cash flow statement and the related notes and schedules. The income and expense statement has to be a consolidated statement presented on the same format as the operational budget and the approved budget. It is helpful if you include the operational budget of the year as comparison to the actual results. International Financial Reporting standards require you to include the actual figures of the previous financial year as a comparison. 7
4. Producing a consolidated expense statement is not equal to the addition of the various budget donors even if they have different formats and use different budget classification for similar programmes and activities. You need to think this in advance when developing the chart of account of the organization. Only when you have an accounting system designed to produce a consolidated expense statement of entire organization and underlying separate donor fund statements, the SCO will be able to prepare a consolidated income and expense statement and comparable individual donor fund statements. 5. When designing such the expense chart of accounts of your financial accounting, think also the link between the financial reports and the progress reports. Only when they correspond well they can form a complete report for accounting for funds and only then you can have a truly integrated progress and financial report. 6. Try to use similar format for presentation for budgets, annual progress financial report and the income and expense statement in the audited annual accounts that also corresponds with the programme proposal and the progress report. 7. Both the eligibility and the quality of the audited annual financial statement are improved significantly by including all the relevant disclosures to give the details or to clarify and explain balance reported on the audited annual financial statement as notes and schedules. 8. In case of under spending and over spending you need to explain the causes of the surplus and deficit. You also need to understand the financial and reporting implication of the surplus and deficit of all funds. 9. Often surplus are considered as general reserve or accumulated fund instead of unspent donor fund that should reported as unused donor fund. Deficit of the year that can be financed from the previous balance will appear as debt on the balance sheet. Large deficit financed from borrowing can lead to liquidity crisis or even to insolvency and bankruptcy. 10. To be able to report the end balance of the donor funds, it is advisable to break down the equity account (financed by) into its different fund sources General fund, Capital grant fund (unamortized capital grant fund), Restricted donor funds and other designated funds. This improves considerably the presentation of the balance sheet and helps the reader to understand well the financing sources of the organization and its relationship with the assets and liabilities. 11. It is also necessary to include restricted donor fund status as a note. You specify there the opening balance, funds received during, fund spent and closing balance per donors whose total is equal to the balance of the restricted donor fund balance reported on the balance sheet. This extremely important to donors as this gives them in one few the status of their fund. It also makes the necessary and often missing link between the balance of Restricted Donor Fund on the balance sheet, the consolidated Income and Expense Statement and the financial report of the individual donor fund. 12. Grant income of the coming years that are received from Donors in advance should not be recognized as income of the financial year received them. This overstates the grant income of the current year and understates the liability of the organization and the income of the following financial years. Hence the correct way to treat advanced grant income for the following financial year is to report them as liability; the portion applicable to the following financial year will be reported as current liabilities and the rest as long-term liabilities. 13. When essential information like the income and expense statements per donor are included in the Audited Annual Accounts, they should be audited to 8
enhance their reliability instead of reporting them as supplementary attachments that are not audited. 14. In summary, SCOs need to consider Audited Annual Financial Accounts as a strategic document for assessing and retaining donor and public financing. Only those that can use funds efficiently and effectively, guarantee its safety and can account for it properly win the trust and confidence of the donors and the public. Thus you need to give the importance it deserves the preparation of such important document for your organisation. 9
3 Audit 3.1 General As indicated, the external audit is for an organisation very important to show transparency and accountability to the different stakeholders of the organisation. Therefore, it is important for the organisation to have an audit process that is of high quality. For an organisation it can be difficult to assess whether the audit process is adequate and of high quality. An auditor works (should work) according to quality levels set by the profession and stipulated by the International Federation of Accountants (IFAC). Because the auditor s activities are bound to the requirements of the profession and normally not explained, highlighted or indicated by the auditor, the whole audit process might be a black box to the organisation, resulting in the fact that audit results are not well enough understood by the organisation, that the organisation doesn t feel responsible for the process because of lack of knowledge and that the auditor will work on an island. Oxfam Novib provides the audit guidelines to your organisation, to assist the organisation in being able to manage the audit process and to be able to understand and act on the audit outcomes. Please keep in mind that even though an auditor is member of IFAC this not always implicates that the audit is of sufficient quality. 3.2 How does the auditor work summary This paragraph explains on how an auditor works (in general and summarized) when performing a general organisational (yearly) audit, resulting in audited financial statements of the organisation. The auditor has to perform his work with in mind preset quality levels and standards by the IFAC. These standards require that he plans and performs the audit to obtain reasonable assurance about whether the financial statements are free of material misstatements. In general the following steps will be part of the audit: 1. The auditor will start the audit with a meeting with key financial staff of your organisation. This meeting has the purpose to provide the auditor s with significant important financial issues that happened last year, to get an idea of changes within your organisation and to discuss with you the work plan of the audit. This meeting will be twice per year, since an audit of the financial statements normally consists of 2 parts: a. Interim audit: this audit is normally done halfway the year and aims to find out how your organisational procedures and internal controls are set up, implemented and how they operate. This interim audit is essential for the auditor, since he has to base the activities for the end of year audit on the results of this interim audit b. Year end audit: the year end audit will be done after the closing of the financial year and will focus on the financial statements of your organisation. To be able to provide an opinion on the figures in the financial statements, the auditor must have done the interim audit. 2. During the interim audit, the auditor will mainly perform interviews with all levels of staff of your organisation and do testing if the procedures that should be active in your organisation really operate. The interim audit will result in a 10
management letter that discusses findings on your organisations administrative procedures and internal controls and will come up with recommendations for improvements. 3. The activities that the auditor performs during the year end audit are based on the outcomes of the interim audit. The auditor identifies risk areas resulting from the interim audit. These risk areas are mainly related to your organisations administrative procedures and internal controls. Based on these risks identified, the auditor decides on the scope of the audit and specifies the audit activities for the year end audit. The scope of the audit means that he decides what kind of year end testing he must do to be able to obtain reasonable assurance whether the financial statements are free of material misstatement. His year end audit will focus on the financial statements of your organisation. To come to a conclusion on these statements (if these statements give a true and fair view), the auditor needs the findings resulting from the interim audit as well as from the year end audit. The year end audit will result in the audited financial statements (including an auditors opinion) as well as an auditor s report. The auditor s report provides some analytical information on the financial performance of your organisation as well as the clarification in the case the auditor s opinion is qualified/ is a reflecting a disclaimer or adverse opinion. Ideally, the auditor s report reflects a risk register, indicating the risks of your organisation. The auditor will start the year end audit with a meeting with key financial staff of your organisation, to get an idea of changes within your organisation, to get to know about important financial issues and to discuss with you the work plan for the year end audit. An audit on the organisation s yearly financial statements is not the same as the audit of a specific project of your organisation (project audit) or a specific purpose audit. The main differences with a project audit are for instance: - A project audit only provides an auditor s opinion on the specific project. Expenditures not falling within this specific project will not be audited (so will not be provided any assurance on) - A project audit is more detailed than an organisation audit: the auditor always accepts a certain level of possible mistake in any financial report he audits. This level is based on a percentage. Clearly, a percentage of a specific project s expenditures is absolutely seen smaller than a percentage of the total expenditures according to the financial statements. The level of the possible mistake that the auditor accepts with a project audit is thus lower than with the financial statements, meaning that the auditor has to do more work to provide reasonable assurance in his auditor s opinion. 3.3 Guidelines and requirements for the auditing process The guidelines stipulated below specifically aim at providing your organisation tools in managing and being involved in the audit process, to be able to finally look back at a high quality audit. Steps to take: 1. Inform with other CSO s/ NGO s which auditor s are satisfactory 2. Select an auditor that is (in)direct member of IFAC do the selection based on a bidding process. Make sure a board member (with finance responsibility), as well as a finance manager is part of this process 11
3. Discuss with the auditor how they generally do the audit and if there are specific issues they want to take up with your organisation. Manage your expectations regarding the work you expect the auditor to do. Make sure you make explicit what you expect 4. Have a contract (letter of engagement) drafted by the auditor, review it and have it signed by the auditor (and you). An example letter of engagement is annexed to this guide 5. The audit should at least entail the following activities: - An audit on the administrative procedures and internal controls of your organisation, resulting in a risk assessment of the auditor of the organisation. The risk assessment needs to be laid down in the management letter. At minimum should be included: The functioning of the board of directors and its committees; the organisational structure and methods of assigning authority and responsibilities; segregation of duties; all procedures regarding the budget, income and expenditure cycles; risk of organisation not spending their received funds of donors in line with the signed agreements, with special focus on risk of presenting too much cost - Discussion on and clarification of the management letter in a separate meeting attended by auditor, all appropriate finance staff and board responsible - Year end audit of the financial statements. The year end audit should come up with audited financial statements including an auditor s opinion, as well as with an auditor s report. At minimum, the items on the balance sheet and income and expenditure statements are tested on its reliability, acceptability and sufficiency and an assessment is done of the accounting principles applied - Meeting on the auditor s report and audited financial statements, attended by auditor, all appropriate finance staff and board member responsible 6. Yearly review the audit process and decide to continue with auditor yes/ no. The audit process should be reviewed by your finance staff, finance management and those final responsible at board level 3.4 Guidelines and requirements for the auditor s opinion, management letter and auditor s report The guidelines stipulated below specifically aim at providing your organisation tools for assessing the quality of an auditor s opinion and the management letter. Steps to take: 1. The audit opinion should be formulated as indicated in the format included in Annex A. In the case the opinion is formulated differently, advice should be asked from ON. 2. The auditor s opinion should be effective on the financial statements with the minimal requirements as stated in ON s General Conditions 3. A qualified auditor s opinion (or adverse opinion/ disclaimer) should be clearly explained in the auditor s report. For your organisation it is important to know what the reasons are behind a qualified opinion as well as what needs and can be done to prevent a qualification next year. 4. The audited financial statements should be stamped and initialled for identification purposes by auditor at every single page of financial statements. 5. The management letter should reflect the auditor s findings from the audit on the administrative procedures and internal controls of the organisation, as 12
well as recommendations towards improving procedures and controls. It is practically not possible that there will be no findings and recommendations! 6. The auditor s report should reflect the auditor s findings on the year end audit of the financial statements as well as provide a financial analysis of the organisation s financial situation (for instance on viability of organisation resulting f.i. from future secured funding). Ideally, a risk register is included in the auditor s report, indicating the organisation s risks, existing controls on this risk, the strength of this control and the residual risk Make sure you understand what the auditor is stating. In the end, your organisation is final responsible for the audited financial statements and not the auditor as is indicated in the auditor s opinion: Management s Responsibility for the Financial Statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards. This responsibility includes: designing, implementing and maintaining internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; selecting and applying appropriate accounting policies; and making accounting estimates that are reasonable in the circumstances. 13