HOFSTRA UNIVERSITY CONFERENCE ON MONITORING AND AUDITING COMPLIANCE

HOFSTRA UNIVERSITY CONFERENCE ON MONITORING AND AUDITING COMPLIANCE AND ETHICS PROGRAMS OCTOBER 29, 2014 Sofia Blair, Partner BDO USA, LLP

COMPLIANCE FOR REGULATORY PURPOSES What is Compliance and Why is it Important? - Compliance is a state in which someone or something is in accordance with established guidelines, specifications, or legislation. - Compliance in a regulatory context is a prevalent business concern, perhaps because of an ever-increasing number of regulations and a fairly widespread lack of understanding about what is required for a company to be in compliance with new legislation. - In the financial sector, SOX was enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. In the healthcare sector, HIPAA Title II includes an administrative simplification section which mandates standardization of healthcare-related information systems. In the Not-For-Profit sector, NYS enacted the New York Nonprofit Revitalization Act in 2014, as a way to strengthen governance andonaccountability. October 29, 2014 – Hofstra University Conference Monitoring and Auditing Compliance and Ethics Programs Page 2

COMPLIANCE FOR REGULATORY PURPOSES In today’s environment, whether you are a Not-For-Profit Organization or a Fortune 500 Public Company, there are regulators and watchdog organizations holding both the Company and Outside Auditors to a higher standard. Public Companies are subject to the Sarbanes Oxley Act (“SOX”) compliance requirements vs. Not-For-Profit having various government funding agencies as well as private donors. In addition, there is scrutiny over Retirement Plans – ERISA, Department Of Labor as well as Audit Firms increasing procedures over compliance. October 29, 2014 – Hofstra University Conference on Monitoring and Auditing Compliance and Ethics Programs Page 3

COMPLIANCE FOR REGULATORY PURPOSES As an external auditor for Not-For-Profit and Healthcare Organizations as well as Public Filer Employee Benefit Plans, my daily responsibilities consist of ensuring others are following company and regulatory protocols. In the Not-For-Profit environment, several organizations report to various NYS agencies; are subject to funding source audits; and report to the IRS/NYS Charities Bureau. Watchdog agencies, such as Charity Navigator, Better Business Bureau, and GuideStar perform ratings based on the reported information and provide their evaluations to the public. October 29, 2014 – Hofstra University Conference on Monitoring and Auditing Compliance and Ethics Programs Page 4

Ripped from the Headlines American Indian Charter School II Washington Post Three part Diversions Story: American Legacy Foundation’s Relaxed Response to a 3 Million Plus Fraud “Inside the Hidden World of Thefts, Scams and Phantom Purchases at the Nation’s Nonprofits” October 29, 2014 – Hofstra University Conference on Monitoring and Auditing Compliance and Ethics Programs Page 5

ENTERPRISE RISK While something may not be material or significant, it could impact the organization greatly – i.e. misuse of expense reimbursements for something miniscule such as a cup of coffee to something significant such as excessive salary increases/bonuses, extravagant lunches, luxury cars Establishing policies, procedures and programs is extremely important from a perception standpoint and compliance standpoint. Not-For-Profit Organization’s have to now report on their returns filed with the IRS that they have proper governance and that all board members have read and approved the returns. It takes 20 years to build a reputation and 5 minutes to ruin it and if you understand this you will do things differently” - Warren Buffett October 29, 2014 – Hofstra University Conference on Monitoring and Auditing Compliance and Ethics Programs Page 6

Management, including directors and officers need to “set the tone at the top” for ethical behavior Management must set a good example for fair and honest business practices October 29, 2014 – Hofstra University Conference on Monitoring and Auditing Compliance and Ethics Page 7 Programs

SETTING THE TONE AT THE TOP Creating an environment of openness, a culture of integrity and honesty is key to an organizations risk management. Establishing policies, procedures and programs is extremely important from a perception and compliance standpoint. Minimizes the organization’s liability in the event of wrongdoing attributable to the organization Not-For-Profit Organization’s now report on their returns filed with the IRS that they have proper governance and that all board members have read and approved the returns. “Perception is reality” Lee Atwater October 29, 2014 – Hofstra University Conference on Monitoring and Auditing Compliance and Ethics Programs Page 8

MONITORING AND AUDITING Internal Component: Monitoring of compliance programs should be an ongoing activity Can be performed by an internal audit function(including outsourced internal audit functions) and should include: - Interviews with personnel - Questionnaires - Reviews of policies and procedures - Review of documents and records associated with compliance - Review of complaints filed - Include compliance language in job descriptions and performance evaluations - Include compliance questions in exit interviews - Results should be reported to compliance officer and to board of directors October 29, 2014 – Hofstra University Conference on Monitoring and Auditing Compliance and Ethics Programs Page 9

MONITORING AND AUDITING External Audit Component: As external auditors, we perform various levels of fraud inquiries, review policies and procedures established by organizations. We review minutes of Board of Director and Audit Committee meetings to ensure proper governance policies are communicated and followed through on (setting the right tone at the top). There is a greater emphasis on processes and controls over financial reporting. Background checks on new key employees which undisclosed criminal records and prior instances of fraud. can reveal “A lie can travel halfway around the world while the truth is still putting on its October 29, 2014 – Hofstra University Conference on Monitoring and Auditing Compliance and Ethics Programs Page 10 Mark Twain shoes”

“Thoughtfully assessing and addressing enterprise risk and placing a high value on corporate transparency can protect the one thing we cannot afford to lose: trust.” – Dale E. Jones, vice chairman and partner with Heidrick & Struggles October 29, 2014 – Hofstra University Conference on Monitoring and Auditing Compliance and Ethics Programs Page 11

BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, financial advisory and consulting services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced and committed professionals. The firm serves clients through more than 40 offices and over 400 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multinational clients through a global network of 1,204 offices in 138 countries. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. www.bdo.com To ensure compliance with Treasury Department regulations, we wish to inform you that any tax advice that may be contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code or applicable state or local tax or (ii) promoting, marketing or recommending to another party any tax-related matters addressed herein. Material discussed in this publication is meant to provide general information and should not be acted on without professional advice tailored to your individual needs. 2013 BDO USA, LLP. All rights reserved. www.bdo.com