Not-for-profit newsletter | Edition 18

One in five Australian charities and not-for-profits fear that a cyber-security attack would devastate their organisation, according to the Australian Nonprofits State of the Sector 2023 Report by the Charity Research Centre Australia.
The report surveyed 830 organisations registered with the Australian Charities and Not-for-profits Commission on issues ranging from the impact of COVID on fundraising to their level of digital competency and cyber-security training and capabilities.

It also revealed that 8 per cent of survey participants admitted that they had been affected by a cyber-security incident in the past 12 months.
Key findings are:

• More than 80 per cent of survey participants admitted to having had no recent cyber-security training and 88 per cent said they had devoted none of their budget to protecting themselves against cyber threats
• 57 per cent categorised their organisation’s digital competency as ‘average’ while 31 per cent acknowledged that it needed to be improved
• Two out of three NFPs reported a drop in funds raised in FY2022–23 compared with FY2021–22
• Half of the NFPs surveyed said COVID had damaged their fundraising efforts
• Just one in three NFPs said they were compliant with data-privacy regulations, and
•  92 per cent said they did not want to accept cryptocurrency donations.

Pareto Phone, a Brisbane-based telemarketing company that contacts potential donors on behalf of charities, has been hacked by cybercriminals. An estimated 70 Australian and New Zealand charities might be affected.

Pareto Phone has made no public statements nor have relevant regulators. Some of those affected have made public statements.

CPA Australia’s Financial Management and Governance Guide for Not-for-Profit (NFP) Organisations aims to improve financial sustainability and good governance in the NFP sector.

Given the broad range of NFPs and the various skills of those who govern, manage, work within, and consult to the sector, the guide aims to be general and non-technical.

Its focus is the most common and challenging topics of financial management and governance.

It covers:

• Financial risk management
• Policies, procedures, controls, and systems
• Accounting systems and cyber-security
• Operations
• External compliance, and
• Tax and payroll-related obligations (compliance).

Appendices cover ratios and checklists relevant to all NFPs and those that trade in goods and services.

The guide does not seek to address management and governance considerations outside financial matters. NFPs are encouraged to seek professional advice relevant to their specific situation.

The Auditing and Assurance Standards Board has issued What not-for-profit entities need to know about the differences between an audit or review, as part of its series targeted at NFPs.

The bulletin aims to help NFPs better understand the differences between an audit and a review and to help them to decide which might be more appropriate considering their regulatory and legal framework.

The Australian Institute of Company Directors is reviewing its Not-for-profit Governance Principles, which is a key source of publicly available guidance for those involved in NFP governance.

The guide was first published in 2013, an updated and expanded document released in 2019.

The review will examine developments in Australian governance practices and emerging issues (for example climate change and cyber-security), reflect changes in regulatory obligations (reforms arising from aged-care and disability royal commissions) and community expectations applying to NFP organisations and directors.

The AICD aims to release the update in the first quarter of 2024.

The ACNC has released findings from 250 annual information and financial statements submitted for the 2021 reporting period.

Improvements compared with the previous year were:

• 79 per cent of financial statements reviewed correctly identified the ACNC Act as the relevant reporting framework, an increase of 8 per cent compared with the previous year
• 86 per cent of auditor’s or reviewer’s reports made the required reference to the ACNC Act compared with 79 per cent in 2020 and 70 per cent in 2019
• 97 per cent of charities attached a responsible persons’ declaration with their financial statements, a percentage that mirrored 2020 levels
• 74 per cent of 2021 AFRs reviewed contained a complete set of financial statements, an improvement from 66 per cent in 2020, and
• 91 per cent of responsible persons’ declarations attached to AFRs in the 2021 reporting year were correctly signed and dated, compared with 89 per cent in 2020. Of these attachments, 81 per cent of charities mentioned compliance with the ACNC Act, reflecting a significant improvement from 66 per cent in 2020.

In the 2021 review, fewer than 1 per cent of responsible persons’ declarations failed to contain the solvency declaration – an improvement on the 2020 figure of 5 per cent.

Observations over the years:

• The accuracy of the type of financial report selected in annual information statements has continued to decrease. Only 57 per cent of charities correctly selected the type of AFR in 2021, down from 65 per cent in 2020
• In 2021 AISs, 97 per cent of charities correctly identified whether they had provided a consolidated financial report for several entities, a slight drop from 98 per cent in the previous year
• 15 per cent of charities incorrectly reported expenses using a mixture of nature and function in 2021, compared with 23 per cent in 2020 and 16 per cent in 2019
• Like the figures in last year’s reviews, only a small number of charities provided incorrect financial information in AISs from their AFRs. In 2021 the biggest errors were for ‘revenue from government’ and ‘employee expenses’, which were both incorrectly transposed from AFRs to AISs in 4 per cent of reviews completed
• In the 2021 reporting year, 98 per cent of charities attached an auditor’s or reviewer’s report, compared with 91 per cent in the previous year. The figure represents the strongest result since the AFR-review process began. Of the reports, 94 per cent were signed and dated, and 89 per cent complied with new auditing standards, both slightly lower results than 2020
• Most of the common disclosure issues identified in 2020 were also present in the 2021 review, including insufficient or no disclosure about whether the charity was a for-profit or not-for-profit for financial-reporting purposes, the accounting estimates and judgements management had made in the application of a charity’s accounting policies, and the fees paid to auditors/reviewers, and
• 10 per cent of audit reports contained a modified opinion. Of these, 54 per cent did not accurately report the modification in their AIS.

New observations:

• Of the charities required to disclose related-party transactions, only 3 per cent failed to do so. However, disclosure of key management personnel compensation was not provided in 14 per cent of the applicable charities’ general-purpose financial statements
• 5 per cent of charities prepared GPFSs – simplified disclosure requirements, adopting AASB 1060 General Purpose Financial Statements – Simplified Disclosures for For-Profit and Not-for-Profit Tier 2 Entities before it replaced the General Purpose Financial Statements – Reduced Disclosure Requirements framework for reporting periods from 1 July 2021, and
• Audit reports were provided in a greater number of AFRs examined (98 per cent), indicating a trend away from review reports.

New questions in the recently launched 2023 AIS require charities to disclose their dealings with related parties.

For reporting purposes, an RPT is defined as a transfer of resources, services, or obligations among related parties. It does not have to include financial payment.

RPT reporting is designed to ensure that charities have good governance, and their interests and funds are protected. Related parties, including key management personnel, should not receive significant private benefits from charities.

Charities can manage the risk by recording related-party transactions and having clear conflict-of-interest policies and procedures. A RPT register would also help, the commission advises.

A reportable RPT may include:

• Fees paid to a related party for providing goods or services to the charity
• Loans from/to a related party
• Salary/wages paid to a related party’s relative(s)
• Transfer of charity property or assets to a related party
• Charity goods or services provided at a discount to a related party
• Significant use of charity property by a related party, and
• Investment in a related party.

The 2023 AIS HUB on the ACNC website has guidance on the information that should be provided, based on a charity’s size.

The ACNC has announced that it will enhance monitoring of related-party transactions and key management-personnel disclosures.

Reporting of these elements is set to become mandatory in AISs from 2022 (key management personnel) and 2023 (related-party transactions).

The commission intends to update its reporting guidance, including an AFR checklist to help charities meet their reporting obligations, particularly new key-management-personnel remuneration and related-party transaction reporting requirements, which apply from the 2022 and 2023 AISs respectively.

The federal government has opened public consultations on proposed amendments to secrecy provisions that limit the ACNC’s ability to disclose publicly its investigations.

An exposure draft amends the Australian Charities and Not-for-profits Commission Act 2012 to allow the commission to disclose whether it is investigating alleged misconduct by a charity, subject to a public-harm test.

The test is intended to balance the benefits of enhanced transparency with potential reputational risks to charities and the need to ensure personal and confidential information is handled appropriately.

The commission has published an updated interpretation on public benevolent institutions following extensive consultation with the sector and its advisers.

The interpretation explains the ACNC’s definition of PBIs and how it applies to applications for registration with that particular charity subtype.

The updated statement also considers the recent decision by the Administrative Appeals Tribunal about Equality Australia Ltd’s PBI status.

The updated statement came into force from 31 August.

More than 150 charities are at risk of losing their registrations because they failed to submit two or more annual information statements.

The ACNC has issued a public notice as it has been unable to contact the charities. The charities had until 11 October to submit overdue AISs before registrations are revoked.

ACNC acting assistant commissioner general counsel Natasha Sekulic said that those who run charities must ensure that their organisations comply with obligations to retain registration.

‘Unfortunately, these charities have not met obligations for some time’, Ms Sekulic said.

‘Annual information statements must be submitted by all charities. While we understand many of these organisations have either wound up or merged, it is a requirement that they let us know.

‘Good governance and accountability are critical for the public confidence in the sector. One important way we support that is to ensure data on the charity register is accurate. We urge all charities to keep their reporting up to date to avoid having their registration revoked, losing charity tax concessions and the need to re-register if they are still operating.’

The ACNC has released a record-keeping checklist to promote good record-keeping practice and to support charities in meeting their ACNC obligations.

Two men accused of defrauding National Disability Insurance Scheme participants have been banned from delivering NDIS services and are facing court.

From Adelaide, the men are accused of knowingly submitting false claims from NDIS participants’ plans despite not having delivered supports. It is alleged the pair made false claims totalling more than $465,000.

One man was arrested and later charged with 19 fraud-related offences following a Fraud Fusion Taskforce operation, which focused on an Adelaide-based disability provider. The second man is expected to be summoned by Adelaide magistrates.

The NDIS Quality and Safeguards Commission has issued banning orders against two companies and the alleged offenders linked to the provider, preventing them from being able to deliver NDIS services.

The accusations follow the sentencing of a man in northern Queensland for fraud offences against the NDIS. The man was sentenced to two years’ prison after pleading guilty to dishonestly obtaining a gain.

Fraud-related referrals continue to increase, recent data showing that the National Disability Insurance Agency received 5540 tip-offs in a quarter compared with 2519 for the same period a year earlier.

‘The National Disability Insurance Agency continues to assess every tip-off it receives and will investigate if there’s any indication someone is looking to skim money from the people for whom it is intended’, said NDIS minister Bill Shorten.

Mr Shorten last year vowed to crack down on crooks ripping off the NDIS through fake and vastly inflated invoices.

He said that an estimated $6billion is being pocketed by crooks dipping into the $30billion program.

Ebtesam Fahmy has been accused of running a $2m National Disability Insurance Scheme fraud ring while director of four Western Sydney service providers.

Police allege that she came to the attention of the NDIS’s fraud task force in May after 15 ‘tip-offs’ that included reports of collusion with participants who received kickbacks.

Operation Ivy was set up to investigate four companies under her control, resulting in recent raids across western Sydney. Mobile phones, computers, banking documents, and boxes of paperwork were seized.

The companies, and Fahmy, are subject to an intention to make banning orders.

Ms Fahmy’s case will return to Liverpool Local Court later this year.

Andreas Strepelias has admitted that he dishonestly obtained more than $191,000 from NDIS frauds committed over a months-long period in 2018.

His company, Quality Home Improvements, was approved in 2017 to provide services to NDIS participants. Between May 23 and July 24 of 2018, Mr Strepelias created false requests for payments for services he purportedly provided for 50 NDIS participants. He was paid $191,159.71.

Mr Strepelias’s victims had between $987.50 and $3675.50 claimed against their packages.

One victim had to reduce her support hours because of insufficient funds in her account as a result of Mr Strepelias’s claim. Another recipient had been due to attend a YMCA camp, funded by her NDIS package, but was unable to because of Mr Strepelias’s claim.

Judge Trevor Wraight said that unlike a fraud against Medicare, in which the sole victim is the commonwealth, a fraud against the NDIS affects individuals and their plans.

‘These people had to work out what’s wrong with their package, why is it going down in number and (they’re) not getting the services’, he said.

‘It’s the greatest fear, when you look at your bank account and someone has taken money out of it.

‘I think we’re going to see a lot more of these cases in the next year or so.’

Mr Strepelias will be sentenced shortly.

The Department of Health and Aged Care has released a consultation paper seeking feedback on the proposed foundations of a new Aged Care Act. Feedback will inform the final draft legislation, which will be released at the end of the year for public consultation.

The recent royal commission found that the current Aged Care Act 1997 was no longer fit for purpose.

The new act will:
•    Outline the rights of older Australians who are seeking and accessing aged care services
•    Create a single-system entry point, with clear eligibility requirements
•    Incorporate a fair, culturally safe single-assessment framework
•    Support the delivery of a range of aged-care services, including new in-home care services
•    Establish new system oversight-and-accountability arrangements, and
•    Introduce a new approach to regulating aged care to increase provider accountability and encourage delivery of high-quality and safe aged-care services. The new approach will also strengthen enforcement powers of the aged-care regulator.

The government plans to introduce the new act from 1 July next year, subject to parliamentary passage.

Further consultations will be available on the department’s aged-care engagement hub.

The aged-care department has released Financial Report on the Australian Aged Care Sector 2021–22.

It analyses the financial performance of the sector, including home care, residential care, the Commonwealth Home Support Programme, and future demand for aged care.

The report uses data submitted annually by aged-care providers such as income, expenses, cash-flow statements, and assessments.

The data shows how much is spent on care, nursing, food, maintenance, cleaning, administration, and profits The report provides an insight into the financial performance of the aged care sector, including identifying industry trends.

Proposed amendments to a draft bill are aimed at establishing a new class of deductible-gift recipients for up to 28 organisations affiliated with Community Foundations Australia.

Four deductible-gift-recipient categories have been transferred from government departments to the Australian Taxation Office.

The change comes into effect from 1 January for environmental organisations, harm-prevention charities, cultural organisations, and overseas-aid organisations and funds.

The amendments make all DGR categories consistent in administration and will reduce regulatory burden by streamlining applications for new DGRs and aligning reporting requirements with other categories.

The ATO is working with government departments to develop a smooth transition for DGRs already endorsed under one of the four categories. Over the next six months guidance will be released to support the sector through the transition.