We provide clients with many professional and technical services. For a detailed description, please select the relevant service.
Welcome to the newest edition of our Not-for-Profit Newsletter. Please feel free to contact us if you have any questions about the content of this Newsletter.
This edition covers some high profile examples of organisations that have been impacted by cyber-attacks, highlighting the need for NFPs to careful manage their cyber security settings. We also highlight a number of charities that have entered enforceable undertakings with the Fair Work Ombudsman in respect to the under payment of wages. This edition also covers recent ACNC activities, several compliance related matters, and ASIC focus areas in respect to the 31 December financial reporting period.
Chartered Accountants Australia and New Zealand has published a guide to help accountants and governance adapt to ‘social-impact’ terminology, frameworks, and models.
Measuring social impact for better reporting – Guidance for the For-Purpose sector: Charities, Not-for-Profits and Social Enterprises provides a glossary, explanations, insights, and practical examples.
Measuring reporting outcomes and impacts can enhance organisations’ effectiveness. Steps towards effective social-impact measurement and reporting include:
Outcomes measurement and evaluation frameworks can contribute to better decision-making. Outcomes-led organisations focus their strategy, goals, and program designs on achieving outcomes that align with purpose. They measure success by evidence-based evaluation.
In New Zealand accounting standards, a Statement of Service Performance communicates an organisation’s value proposition, builds trust, increases engagement, and forms a basis for advocacy to strengthen the sector. There is no Australian equivalent.
The guide provides links to a range of in-depth resources. It includes a step-by-step process towards enhanced reporting, which comprises an introduction to developing a theory of change, tools to assist in identifying outcomes, and tips on measurement and reporting with worked examples.
CPA Australia has released Internal controls for not-for-profit organisations, which urges NFP boards and officers to understand their financial responsibilities.
Aimed at managers, board members, and advisory and management committees, the guide hopes to improve organisations’ financial health.
It counsels that organisations should have policies and procedures resulting in:
The guide contains helpful checklists, titled:
In establishing internal controls, NFPs should consider risk appetites. Each organisation is different and will have varying requirements, so internal controls need to be developed and maintained that best match an organisation’s objectives and resources.
TNFPs’ lack of technical skills meant that they were ill-equipped to respond to increasing service demands, Infoxchange’s 2023 Digital Technology in the Not-for-profit Sector has revealed.
The report aims to help NFPs boost their digital-technology skills.
The survey of more than 1000 NFPs explored topics ranging from cyber security to the use of emerging technologies and working from home.
Consistent with previous years, the report found that the sector’s top technology challenges were funding for digital technology, staff capacity and capability, and access to affordable, skilled technical resources.
The results showed that the adoption of artificial intelligence had doubled since 2022. One in four organisations used generative AI tools such as ChatGPT. Sixty-nine percent of organisations were using or planned to use AI tools in the next 12 months.
While 12 per cent of NFPs experienced a cyber-security incident over the past 12 months, less than 40 per cent had implemented multi-factor authentication for their internet systems that carried sensitive data. Only 13 per cent had a clearly documented plan to improve cyber security.
The data of two in three NFPs was not easy to understand and failed to guide decision-making. Just 22 per cent said that their systems enabled them to understand the impact of their services and outcomes.
Only 39 per cent regularly tracked and reported on the performance of their online presence, a further 21 per cent wanting to, but unsure where to start.
Despite an improvement, fewer than two in five organisations had a digital transformation plan in place. It has been shown that staff satisfaction with technology improves by 24 per cent with a plan.
ASIC has called on organisations to prioritise cyber security after its report into corporate Australia’s cyber situation identified significant gaps. The Australian Cyber Security Centre has estimated that cyber-crime cost Australia $42 billion in 2021.
Spotlight on cyber: Findings and insights from the cyber pulse survey 2023 summarises the commission’s results.
The survey measured participants’ ability to govern and manage organisational-wide cyber risks, identify and protect information assets that supported critical services, and detect, respond to, and recover from cyber-security incidents.
The results have exposed deficiencies in the risk-management of critical cyber capabilities, indicating that organisations are reactive rather than proactive on cyber security.
Survey highlights include:
ASIC chair Joe Longo said, ‘For all organisations, cyber security and cyber resilience must be a top priority. ASIC expects this to include oversight of cyber-security risk throughout the organisation’s supply chain – it was alarming that 44 per cent of participants are not managing third-party or supply-chain risks. Third-party relationships provide threat actors with easy access to an organisation’s systems and networks.’
Participating organisations indicated well-developed capabilities in identity and access management, governance and risk management, and information asset management, big organisations consistently self-reporting more mature cyber capabilities.
Due to competing demands for limited human and financial resources, small organisations lagged in third-party risk management, data security, consequence management, and adoption of industry standards.
ASIC said organisations needed to improve their ability to respond to and recover from an incident. Plans were not enough. They had to be tested regularly. Cyber risks needed constant reassessing.
‘An effective cyber-security strategy and governance and risk framework should help identify, manage, and mitigate cyber risks to a level that is within the risk tolerance of senior leadership and boards’, said Mr Longo.
St Vincent’s Health Australia has reported that cyber criminals had removed data from its network. It was working to determine what data had been removed.
St Vincent’s has engaged external security experts and notified relevant state and federal governments and relevant organisations.
It was securing and containing the incident, understanding what the cyber criminals had done, and identifying the stolen and accessed data.
The incident had failed to affect St Vincent’s services.
Life Saving Victoria has been hacked, a server accessed without permission.
LSV CEO Catherine Greaves said immediate steps were taken to contain the database.
‘We also immediately commenced investigations to determine what information may have been subject to unauthorised access’, she said.
‘The extent of the personal information is limited and does not pose a serious threat to the individuals.’
LSV said it had contacted all those affected by the breach by direct email and provided advice on how to limit the risk of harm.
‘We have also reported the incident to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre’, Ms Greaves said.
Pareto Phone, a telemarketer that was behind a massive data breach affecting more than seventy charities and an estimated 50,000 donors, has been put into external administration less than two months after its biggest clients left.
Before the breach, the telemarketer annually made more than a million calls to potential donors.
The demise of the business coincided with confirmation by the Office of the Australian Information Commissioner that it would launch a formal investigation into the theft of an estimated 320,000 data files from the Brisbane-based business.
Following changes to laws late last year, maximum penalties for serious privacy breaches have risen to $50 million or 30 per cent of a company’s turnover during the relevant period. Further strengthening of the Privacy Act is expected to be rolled out by the federal government in 2024.
Disability support services provider Aruma Services Ltd has back-paid Victorian staff more than $6.5 million, including interest and superannuation, and signed an enforceable undertaking with the Fair Work Ombudsman (FWO).
Under the undertaking, Aruma has committed to implementing stringent measures to ensure that its workers are paid correctly. The measures include commissioning at its own cost an independent audit to check its compliance with workplace laws.
The undertaking also requires Aruma to write to underpaid employees to notify them of the undertaking and run an employee hotline to take questions about employment issues.
The NFP provides home and living support, supported employment, social and community participation and therapeutic services to adults and children with disabilities across NSW, Queensland, Victoria, and the ACT.
Aruma self-reported its breaches to the regulator in June 2021 after identifying underpayments in a self-initiated review. Its enterprise agreement had been interpreted incorrectly and there were deficiencies in Aruma’s payroll system, including that it could not always correctly apply overtime rates.
As a result, Aruma breached clauses of its enterprise agreement and 1,004 employees were underpaid between July 2017 and April 2021.
Many of the underpayments involved Aruma’s failing to provide part-time employees with their minimum agreed hours (and pay for them) and failing to apply overtime rates where an employee worked more than six consecutive days of ordinary duty without a 24-hour break.
Deputy FWO compliance & enforcement Mark Scully said, ‘This matter demonstrates how important it is for employers to place a high priority on their workplace obligations. Fundamental errors were left unchecked by Aruma, which led to long-term breaches of its own enterprise agreement and a substantial back-payment bill.
‘We expect all employers to invest the time and resources to ensure they are meeting all their workers’ lawful entitlements.’
Hospital and aged-care businesses operated by St Vincent’s Health Australia Ltd are back-paying staff in NSW and Queensland more than $4.4 million and have signed an enforceable undertaking with the FWO.
St Vincent’s Health Australia, Australia’s largest NFP health and aged-care provider, self-reported to the regulator in July 2021 that the four businesses it operates had underpaid hospital employees in NSW and aged-care workers in Queensland.
St Vincent’s Health Australia identified the underpayments after putting in place new enterprise agreements that had prompted it to conduct an internal review. Poor payroll, human resources, and governance practices led to the businesses failing to provide employees with their full entitlements under applicable enterprise agreements between 2014 and 2020.
More than $3.7 million of the underpayments occurred in NSW. Employees were primarily underpaid an annual-leave-loading entitlement payable to shift-workers and a weekly allowance based on length of service. Some casual nurses were underpaid overtime entitlements.
In total, the four businesses are back-paying more than 2700 current and former employees more than $4.4 million, including $4.02 million in wages and entitlements, $266,731 in superannuation, and $135,666 in interest.
St Vincent’s Care Services Ltd has credited annual leave entitlements worth about $650,000, including super and interest, to affected employees.
FWO Anna Booth said, ‘An EU was appropriate as the businesses cooperated with the FWO’s investigation and demonstrated a strong commitment to rectifying underpayments.’
The undertaking requires the businesses to engage an independent specialist to conduct an audit, operate a telephone hotline for employees until March, and publish notices about the EU and their contraventions on their websites.
Ms Booth said, ‘The matter serves as a warning to all employers that they must place a high priority on ensuring they are meeting all their workers’ lawful entitlements.
‘We expect all employers – including those in the care sector, a FWO priority in 2023-24 – to have governance systems in place to ensure they meet all entitlements.’
Current and former staff of aged-care services provider Calvary Administration Pty Ltd have been back-paid more than $2.1 million, including interest and superannuation, and the company has signed an enforceable undertaking with the FWO.
Calvary Administration has committed to implementing stringent measures to ensure its workers are paid correctly. They include commissioning, at its own cost, independent audits to check its compliance with workplace laws over the next two years.
Under the undertaking, Calvary must make a $120,000 contrition payment to the Commonwealth’s Consolidated Revenue Fund.
The undertaking also requires the business to ensure that relevant staff undertake workplace-relations training. It must also publish notices about its contraventions on its website and run a service desk for a year so that employees may raise queries about their pay and entitlements.
A Catholic NFP health-care organisation bought Japara Administration Pty Ltd in 2021. It was renamed Calvary Administration Pty Ltd.
At the time of the contraventions, Japara Administration was a subsidiary of Japara Healthcare Limited, an ASX-listed company and among the biggest Australian aged-care providers.
Japara Administration self-reported underpayments to the regulator in July 2020.
Underpayments were caused by a payroll error – a Sunday penalty rate that should have been applied under a new agreement failed to get paid between April 2018 and May 2020.
A review also found underpayments of an annual-leave loading under the Victorian enterprise agreement and of lump-sum parental-leave entitlements under five agreements.
Between January 2017 and June 2020, Japara Administration underpaid 2800 current and former employees $1,831,131, excluding superannuation and interest.
Fair Work Ombudsman Anna Booth said, ‘This matter shows how important it is for employers to place a high priority on their obligations, to ensure that their systems provide for full compliance with all entitlements.
‘Shortcomings in the company’s payroll system and broader compliance led to breaches of their own enterprise agreements that left hard-working employees shortchanged.
‘Improving compliance in the care sector is a priority for the Fair Work Ombudsman in 2023-24. In this and other sectors we expect employers to invest the time and resources to regularly review if they are meeting all lawful entitlements and to remedy any issues.’
In 2022–23, the ACNC received 2106 concerns about charities, a decrease of 16 per cent compared with the previous year (2522 concerns).
A total of 490 were about charities engaging in advocacy either for or against a political party or candidate (largely related to the 2022 federal election).
Nearly a third of all concerns related to private benefit (using the charity’s money for personal gain and inappropriate payment for services) and almost a quarter related to the mismanagement of charity funds.
The ACNC reviews charities at risk of failing to meet their obligations under its governance and external-conduct standards. The reviews focus on ‘founder’ syndrome, in which charities’ founders inhibit growth, and those with only one responsible person.
Of the fifty compliance reviews, twenty-two resulted in a ‘satisfactory’ outcome – the commission did not find deficiencies in governance relative to risk. In most of the other cases, the commission helped charities to improve their governance.
The commission recommended that 310 charities complete a self evaluation program. They were identified as being at higher risk of non compliance. They asked them to use an online self evaluation tool to help them assess if they were meeting their obligations.
The commission finalised forty-one self-audit cases. The charities involved were selected based on identified risks of non compliance, and they were requested to provide information about their governance. They were then assessed that information to see if it complied with the ACNC Governance Standards (and, if applicable, the External Conduct Standards) and, where necessary, provided targeted advice to them to improve their governance.
In twenty cases, charities self identified areas for improvement after undertaking the self audit and said how they would improve. The outcome underscored how important it was for charities to consider regularly whether their governance arrangements are sufficient.
The commission provided thirty charities with regulatory advice to help them resolve outstanding governance issues that did not warrant using legislative enforcement.
An ACNC review of annual financial reports by 250 charities assessed compliance with reporting obligations. The commission contacted eighty-four charities to help them rectify material errors.
The commission referred forty-six charities to other government agencies.
In 2022–23, the ACNC revoked the charity registrations of seven organisations following investigations. A further twenty-three deductible-gift-recipient charities were also revoked.
Revoking a charity’s registration is the commission’s most serious disciplinary action. It might affect the NFP’s eligibility for tax concessions and other government benefits and exemptions.
A further 708 double-defaulters were revoked for failing to submit two or more annual information statements.
The Australian Securities & Investments Commission has urged directors, preparers of financial reports and auditors to assess the impact of uncertain market and economic conditions.
Financial-report disclosures about uncertainties are vital for users, the commission stressed.
The focus areas highlight elements of financial reports and audits where ASIC has identified the most significant and common instances of non-compliance with Australian accounting standards or issues with past audits.
Key findings in ASIC’s report 774 Annual financial reporting and audit surveillance report 2022–23 included:
Disclosures in the financial report about uncertainties, key assumptions, and sensitivity analysis were important to investors, the commission said.
Uncertainties may lead to a wider range of judgements on asset values and other estimates. They might change from time to time, and documenting and updating information supporting judgements was expected.
Directors and management should assess how an entity’s current and future performance, the value of its assets and provisions, and business strategies might be affected by changing circumstances, uncertainties, and risks.
ASIC commissioner Kate O’Rourke said, ‘Directors should ensure that company financial reports provide investors with useful and meaningful information on the impact of changing and uncertain economic and market conditions and other developments on their company’s financial position and future performance.
‘Directors should ensure there are adequate resources, skills, and expertise applied to promote quality in the reporting process so that assumptions underlying estimates and assessments for financial reporting purposes are reasonable and supportable.’
See below and the following page for details of ASIC focus areas for 31 December reporting modified for NFPs.
Areas |
Consideration |
Asset values – impairment of non-financial assets |
|
Asset values – property assets |
Factors that could adversely affect commercial and retail property values should be considered such as changes in office space requirements of tenants, on-line shopping trends, future economic or industry impacts on tenants, and the financial condition of tenants. The lease-accounting requirements and the impairment of lessee right-of-use assets. |
Asset values – expected credit losses on loans and receivables |
Whether key assumptions used in determining expected credit losses are reasonable and supportable. |
Asset values – financial asset classification |
Financial assets are appropriately measured at amortised cost, fair value through other comprehensive income or fair value through profit and loss.
|
Value of other assets |
The net realisable value of inventories, including whether all estimated costs of completion and necessary to make the sale have been considered in determining net realisable value. |
Provisions |
The need for and adequacy of provisions for matters such as onerous contracts, leased property make-good, financial guarantees given and restructuring. |
Subsequent events |
Events occurring after year-end and before completing the financial report should be reviewed as to whether they affect assets, liabilities, income, and expenses at year-end or relate to new conditions requiring disclosure. |
Disclosure – general considerations |
When considering the information that should be disclosed in the financial report, directors and preparers should put themselves in the shoes of investors/users and consider what information they would want to know. |
Disclosures in the financial report |
Uncertainties may lead to a wider range of valid judgements on asset values and estimates. The financial report should disclose uncertainties, changing key assumptions, and sensitivities. This will assist investors/users in understanding the approach taken, understanding potential future impacts, and making comparisons among entities. |
Other matters |
Consideration of whether off-balance-sheet exposures should be recognised on the statement of financial position, such as interests in non-consolidated entities. |
ASIC has emphasised that directors were primarily responsible for the quality of a financial report.
This included ensuring that management produced quality and timely financial information for audit that was supported by robust position papers with appropriate analysis and conclusions referencing relevant accounting standards.
Companies must have appropriate processes, records, and analysis to support information, the commission stressed.
Appropriate experience and expertise should be applied to reporting and auditing, particularly in more difficult and complex areas such as asset values, provisions, and other estimates.
The circumstances in which judgements on accounting estimates and forward-looking information were made and their bases should be properly documented and disclosed when appropriate.
Audit fees should be reasonable and have regard to increased auditors’ costs and the extra effort required in judgement areas.
The year-old Fraud Fusion Taskforce says that considerable progress has been made to improve the government’s capability to prevent and respond to fraud against the National Disability Insurance Scheme.
Co-led by the National Disability Insurance Agency (NDIA) and Services Australia, the taskforce consists of sixteen government agencies working together to stop criminals from defrauding a scheme that provides life-changing support to hundreds of thousands of Australians with disabilities.
Recent FFT data reveals that, as of 31 October:
The NDIS Quality and Safeguards Commission took ninety-two compliance actions against providers and individuals, including issuing forty-three banning orders.
Services Australia is investigating thirty-five cases.
‘The Taskforce is achieving encouraging results, investigating more than 100 cases in the past 12 months with over $1 billion of NDIS funding under investigation over that time’, said Bill Shorten, Minister for the NDIS.
‘There has been a significant rise in the number of investigations, prosecutions and providers being banned or issued with compliance notices.’
A total of 17,207 tip-offs were received in the past financial year, up 78 per cent (9673) from the same period in the previous year.
The NDIS Quality and Safeguards Commission’s code of conduct has been updated with new rules on price differentiation.
Price differentiation occurs when a provider charges more to an NDIS participant for something he or she purchases than it would if the person was not a participant.
New NDIS rules are that providers:
The new rules also highlight that key NDIS personnel are bound by the code of conduct. Key personnel include people who make executive decisions for an NDIS provider, such as board members and senior executives.
The NDIS Quality and Safeguards Commission has issued a stern warning to more than 3000 registered providers that use ‘regulated restrictive practices’.
It has reminded them of their legal obligations under the National Disability Insurance Scheme Act 2013 and related rules.
The warning comes after the NDIS Commission issued more than $1.6 million in infringement notices in recent weeks for a range of alleged contraventions and failures concerning the unauthorised use of regulated restrictive practices. (The practices may be of five types, including chemical, mechanical, and physical.)
Acting deputy commissioner, practice quality and clinical advisory, Kenneth Teoh, put providers on notice in October that the NDIS Commission had escalated its compliance and enforcement approach. He urged providers to take ‘immediate action’.
‘To ensure your organisation complies with its obligations … you should take immediate action to review the procedures, systems and controls your organisation has in place to comply with the act and the rules’, Mr Teoh wrote in a letter to providers.
‘You should also review your supports and services to participants to ensure they are delivered in a safe and competent manner, with care and skill, and with the participants’ rights and safety foremost in mind.’
Working together to deliver the NDIS by the scheme’s independent reviewer maps out recommendations to help to restore trust, ensure the scheme’s sustainability, and deliver a better experience for participants.
The report includes twenty-six recommendations and 139 ‘supporting actions’.
National cabinet has agreed to implement legislative changes to the scheme to improve the experience of participants and restore its original intent to support people with permanent and significant disabilities.
A government response to the review will be released later in the year.
Access the report at https://www.ndisreview.gov.au
The Australian Institute of Company Director’s Governing for quality aged care – A director’s guide provides practical guidance to Australian directors to meet new governance obligations in aged care.
Whilst the guide is aimed at helping aged-care directors and their boards, it also provides useful guidance for directors in other care sectors.
Recent legislative changes in response to the Royal Commission into Aged Care Quality and Safety have ushered in a new era for aged-care directors. Changes have significant implications for boards, requiring more than incremental improvement. A reset of governance is needed.
Legislated governance changes applying from 1 December require that:
To support directors to meet new governance obligations, the guide covers obligations, practical guidance to equip boards with suggested steps to navigate the new challenges, and key questions for boards and management to be asking themselves.
The guide updates and consolidates two earlier AICD tools – Board governance in the aged care sector and Clinical governance for boards in the aged care sector.
The Productivity Commission has released a draft of Future Foundations for Giving, a review of philanthropic giving in Australia.
The review’s goal is to boost donations to charities and meet the federal government’s goal of doubling them by 2030.
‘Australia is a generous nation’, said Productivity Commission deputy chair Dr Alex Robson.
‘We donated more than $13 billion to charities in 2021 and over six million of us volunteered in 2022. Our draft recommendations would strengthen the foundations for philanthropy so that the benefits of giving can be realised into the future.’
The report analyses trends in giving and shows that while the overall amount donated to charities has been increasing, fewer people are donating. Volunteering is widespread in Australia, but the rate has declined over the past decade.
The report explores the foundations for giving, focusing on three pillars needing reform. They were tax-deductible gifts and donations, the regulatory system, and public information on charities and giving.
The commission found that the ‘deductible gift recipient’ system, which determines the charities that are eligible for tax-deductible donations, is not fit-for-purpose.
‘Tax incentives influence giving but the DGR system is poorly designed, overly complex, and excludes many causes without a coherent policy rationale’, said associate commissioner Krystian Seibert.
The report proposes a simpler, fairer, and more transparent process for determining which charities should receive tax-deductible donations.
Given a lack of accurate and comparable information on corporate giving in Australia, the report also proposes that listed companies be required to report publicly information on their donations of money, goods, and time to charities with DGR status.
The report also recommended reforms that would improve the regulatory framework for charities, supporting the role of the ACNC charity register in providing further useful information for donors.
‘The regulatory and information-sharing role of the ACNC can be strengthened, including through enhanced collaboration and cooperation with state and territory regulators, so that Australians can continue to donate with confidence’, said commissioner Julie Abramson.
You may read the report and provide a comment or submission at www.pc.gov.au. Submissions close on 9 February. The final report will be tabled in the first half of 2024.
The Australian Taxation Office has begun a review of the DGR status of 234 organisations specifically listed in the tax law.
It aims to identify potential risks and will prioritise organisations into three groups:
A small number of organisations has already thrown up potential issues, including change of purpose and no longer operational.
The ATO will write to some organisations, and DGRs can prepare for the engagement with good governance. It is important to review:
The ACNC has reviewed 480 DGR endorsed charities to ensure that they remain entitled to subtype and charity registration.
In 2022–23 the commission investigated not only public benevolent institutions but also DGR recipients in categories such as school-building funds, public libraries, and animal-welfare charities.
Other selection criteria included whether the charity was registered prior to 3 December 2012 (ACNC’s establishment) and indicators of heightened risk, such as a lack of responsible people or a missing governing document.
Review results included:
The material contained in this publication is for general information purposes only and does not constitute professional advice or recommendation from Nexia Edwards Marshall. Regarding any situation or circumstance, specific professional advice should be sought on any particular matter by contacting your Nexia Edwards Marshall Adviser.