Mar 06, 2023 / News

Audit and Assurance / Not for Profit

Not-For-Profit Newsletter - Edition 15

Welcome to the newest edition of our Not-for-Profit Newsletter. Please feel free to contact us if you have any questions about the content of this Newsletter.

In this edition

This edition covers several governance and compliance considerations including self-assessing income tax exemptions, deductible gift recipient registration requirements, and cybersecurity matters. In respect to financial reporting, we have included details of the latest ASIC focus areas and updates to accounting standards. There are also a number of items relating to ACNC and government activities.

Click on one of the Newsletter sections below to Scroll to the Section:

Governance
Compliance
ACNC Activities
Financial Reporting
Deductible-Gift Recipients
Governments

Digital skills need boosting

Infoxchange’s Technology in the Not-for-Profit Sector provides a comprehensive overview of how the sector has used technology over the past 12 months.

More than 600 not-for-profit and charitable organisations across Australia and New Zealand took part in a survey that is the basis of the report. Improving staff digital skills was the participants’ first priority.

The report is an annual research project that aims to recognise areas of growth and improvement by understanding how NFPs across Australia and New Zealand use technology.

Now in its seventh year, it provides a benchmark for NFPs’ technology use.

The report’s key findings include:

Building staff digital skills is NFPs’ top priority

• 78 per cent plan to shift information to the cloud (or have done so)
• 59 per cent don’t have the systems they need to understand technology’s impact
• 53 per cent of respondents don’t provide cyber-security awareness training to staff, placing data at greater risk of a security breach
• 51 per cent don’t have an information-security policy
• 45 per cent don’t have a data-breach response plan
• 44 per cent lack confidence with IT and technology
• 43 per cent don’t have the infrastructure they need to support remote work, despite 83 per cent of NFPs allowing staff to work outside the office
• More than one in three organisations are yet to implement multi-factor authentication, a simple step to significantly improve information security, and
• Australian NFPs spent 30 per cent more on technology infrastructure than in 2021.

The report can be accessed at https://www.infoxchange.org.

Smith Family reports major cyber-attack

The Smith Family, one of Australia’s longest-running children’s charities, has announced a major cyber-attack that might have exposed the details of some 80,000 donors.

The NFP initially took to Twitter to report that ‘a team member’s email account was temporarily accessed in an attempt to steal funds’.

While the attempted financial theft was reportedly unsuccessful, a follow-up investigation revealed that personal information might have been accessed during the attack.

Among the information that might have been accessed was a mixture of supporters’ names, addresses, phone numbers, email addresses, and donation amounts.

‘While there is no current evidence of misuse of any individual’s personal information, we are informing individuals about the incident and providing simple steps to protect their information and avoid any potential scams,’ the charity said.

The organisation said it was contacting its donors and sponsors about the incident regardless of whether their information had been accessed or not.

Both the Australian Cyber Security Centre and the Office of the Australian Information Commissioner have been notified.

Better data-breach responses needed

The big impact on millions of Australians of recent data breaches and the findings of the Notifiable Data Breaches Report: January to June 2022 stresses a need for organisations to have robust information-handling practices and an up-to-date data-breach response plan.

Top sectors to notify data breaches were health-service providers, finance (including superannuation), education, professional-services firms (legal, accounting, and management services), and recruitment agencies.

The Office of the Australian Information Commissioner’s report shows that human error was behind 63 per cent of breaches in the education sector and nearly 50 per cent of charity breaches. The counterpart figure for all Australian organisations is 33 per cent.

According to the report, 54 per cent of human-error breaches involved personal information being sent to the wrong recipient by various methods, including unintended publication, email, post, and data-storage devices.

More than half of charity breaches and 27 per cent of education breaches were malicious or criminal attacks.

The Privacy Act 1988 requires entities to take reasonable steps to conduct a data-breach assessment within 30 days of becoming aware that there are grounds to suspect that a breach has occurred. Once the entity forms a reasonable belief that there has been an eligible data breach, they must notify the OAIC and affected individuals as soon as practicable.

In the reporting period, 71 per cent (75 per cent in the previous period) of entities notified the OAIC within 30 days of becoming aware of an incident.

‘A key focus for the OAIC is the time taken by entities to identify, assess and notify us and affected individuals of data breaches,’ commissioner Angelene Falk said.

Commissioner Falk welcomed measures in the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 before Parliament, which gave the commissioner stronger information-gathering powers to ensure that entities are reporting breaches and notifying individuals when they need to and increase penalties for serious or repeated privacy breaches.

The report can be accessed at https://www.oaic.gov.au.

New paid violence entitlements

Employees will soon be able to access 10 days of paid family and domestic-violence leave in a 12-month period.

Full-time, part-time, and casual employees will all be able to access the leave, which will not accumulate if unused.

The leave will be available from:

• 1 February for employees of non-small-business entities (employers with 15 or more employees on 1 February), and
• 1 August for employees of small-business entities (employers with fewer than 15 employees on 1 February). When counting the number of employees, those in entities are included. Casual employees are not included unless engaged on a regular and systematic basis.

From 1 February, employers are prohibited from including certain information about paid family and domestic-violence leave on an employee’s pay slip.

Employees will continue to be entitled to five days of unpaid family and domestic-violence leave until they can access the new entitlement.

The new arrangements will be independently reviewed after 12 months to consider impacts on small businesses, sole traders, and people experiencing family and domestic violence.

Tax office’s searching look at NFPs

The Australian Taxation Office is increasing its focus on NFPs that use financial vehicles to avoid tax or obtain a benefit without entitlement.

The office recently revealed that key areas of investigation were operating for purpose, self-assessing income-tax exemption, ancillary funds, and emerging risks.

The tax office uses intelligence from many sources, including media reports, information from the public, and referrals from other government agencies to assess issues and risks.

If it believes that individuals or entities are failing to act in accordance with their obligations, it may take appropriate action, including a review or audit.

The ATO may revoke entitlement to tax concessions, including deductible-gift-recipient endorsement, if it believes that an entity has breached tax law.

It is good practice for NFPs to review their purposes and governance at least annually, as the results are tabled at relevant board and committee meetings. Understanding and addressing what attracts the ATO’s attention is part of good governance.

Back to Top

RSL LifeCare backpays millions

Aged and veteran-services organisation RSL LifeCare Ltd has back-paid staff in NSW and the ACT more than $5.25 million and entered into an enforceable undertaking with the Fair Work Ombudsman.

The NFP self-reported its non-compliance to the FWO in 2021 after becoming aware of underpayments following an internal review during its transition to a new human-resources and payroll system.

Underpaid employees were engaged in nursing and management roles at aged-care facilities and in home-care programs. They included full-time, part-time, and casual employees based in Sydney, Canberra, and regional NSW.

The underpayments were caused by LifeCare making fundamental payroll and rostering errors, including an incorrect set-up of a pay system and incorrect pay rules being entered.

As a result, between 2010 and 2021, employees were underpaid entitlements set out in the RSL LifeCare NSWNMA and HSU NSW Enterprise Agreement 2017-2020 and the RSL LifeCare (ACT) Enterprise Agreement 2019-2020 (and the predecessor Enterprise Agreements).

Most of the underpayments were failures to pay overtime, often when employees got insufficient breaks between shifts and parttime employees worked on rostered days off but had worked fewer than 76 hours in a fortnight.

Another significant cause of the underpayments was RSL LifeCare’s failure to provide shift workers with an extra week of annual leave that they were entitled to. Some employees were also underpaid weekend penalty rates.

The company has back-paid more than $5.1 million to more than 3591 current and former employees, including superannuation and interest. Individual back-payments range from less than $1 to more than $76,000.

FWO Sandra Parker said that an enforceable undertaking was appropriate because RSL LifeCare had cooperated, demonstrating a strong commitment to rectifying underpayments, including devoting significant resources to engaging independent experts to oversee the corrections.

‘Under the enforceable undertaking, RSL LifeCare has committed to implementing stringent measures to ensure workers are paid correctly. These measures include engaging, at the company’s own cost, audits of its compliance with workplace laws over the next two years,’ Ms Parker said.

‘This matter demonstrates how important it is for employers to place a high priority on their workplace obligations and ensure that their systems and processes support full compliance. In this matter, fundamental shortcomings in RSL LifeCare’s payroll and rostering system led to long-term breaches of its own enterprise agreements and a substantial back-payment bill.’

The company is also required to provide FWO with evidence of systems and processes it has put in place to ensure future compliance, commission an independent organisation to operate a hotline for employees to enquire about their wages and entitlements, and commission workplace-relations training for human resources, payroll, and rostering staff.

Prepare to self-review tax exemption

From 1 July, NFPs that self-assess income-tax exemption and have an active Australian business number will be required to lodge an annual self-review return.

The return contains the information ordinarily used for self-assessing eligibility for income-tax exemption.

A first return must be lodged for the 2023–24 income year, which means the earliest date for submitting a return is 1 July 2024.

The tax office continues to work with the NFP sector to design the form. At a minimum, it will need to satisfy three elements:

• Entitlement to income-tax exemption
• Basis for entitlement (category), and
• Whether all requirements are being met.

There are three things NFPs may do to prepare:

• Update their contact details with the ATO. ABN registration requires contact details to be up-to-date. Important information about tax and super obligations will go to the right address
• Use ATO worksheets to review their eligibility for income-tax exemption, and
• Stay informed.

Back to Top

Consider crypto-assets risk

Australian Charities and Not-for-profits Commission boss Sue Woodward has urged charities to fully consider the risks and benefits of accepting donations of crypto-assets and investing in them.

The commission’s new guide Charities and Crypto Assets deals with crypto-asset definitions, crypto-assets and charities, accepting crypto-assets as donations, investing in crypto-assets, recording and reporting crypto-donations in annual information statements, and regulation of crypto-assets.

Crypto-assets are digital representations of value that may be transferred, stored, and traded electronically using blockchain technology. They include cryptocurrency and non-fungible tokens. They can be highly volatile and may experience significant value fluctuations.

‘As charities look for new and innovative ways to raise funds, they may consider either accepting donations of crypto-assets or investing in crypto-assets,’ Ms Woodward said.

‘In general, the risks connected with a charity investing in crypto-assets are greater and harder to manage than the risks connected with accepting [other] donations […].

‘It is critical that those who run charities develop their understanding or seek advice to ensure they are making the right decision for their charity. They need to understand the opportunities and risks. Managing a charity’s financial affairs responsibly is a key requirement under Governance Standard 5,’ she said.

Charities’ responsible people must ensure that appropriate and lawful processes manage assets. They must also ensure that they understand how crypto-assets work, as well as their potential benefits and risks, including legal and tax implications.

Charities should seek financial advice about investments. In the case of cryptocurrency assets, they should document:

• Decision-making processes
• Risk-management processes, and
• Policies and procedures for acceptance and transfer of the assets.

Registered charities should also consider how crypto-assets might affect their governance and registration obligations, including compliance with:

• ACNC Governance Standards, particularly Governance Standard 5, which includes the duty for responsible people to take reasonable steps to ensure their charity’s financial affairs are managed responsibly, and
• ACNC External Conduct Standards, which may apply in circumstances where charities invest in cryptocurrencies outside Australia.

Your ACNC obligations in a nutshell

Charities must meet ACNC obligations to remain registered. Here they are:

Election catalyses complaints

The ACNC received 2522 concerns about charities in 2021-22, a 26 per cent rise on the previous year.

The increase was attributed to the 2022 federal election. The commission received 490 complaints about charities engaging in advocacy for or against a political party or candidate. This contrasts with 51 such complaints in 2020–21.

Nineteen charities were at risk of non-compliance and were told that they could advocate for or against a policy in line with their charitable purposes but need to ensure that they did not promote or oppose a political party or candidate.

More than 55 per cent of concerns were received from members of the public. Common concerns included individuals obtaining private benefits from charities (24 per cent), disqualifying political purposes (19 per cent) and mismanagement of funds (18 per cent).

The commission used new ways to support charities to meet their obligations and to address possible non compliance.

They included:

• Education – where specific regulatory advice was provided
• Self-evaluations (introduced in 2021–22) – where the commission asked charities to evaluate their compliance against the governance standards. In 2021–22, the commission recommended that 316 charities, which had been identified as being at risk of non-compliance, complete a self-evaluation. Thirty-seven cases were finalised in 2021–22. Charities were required to provide information about their governance, which was assessed for compliance against the governance standards (and, if applicable, external-conduct standards). Typically, after completing each assessment, targeted education was provided
• Self-audits (introduced in 2020–21) – where the commission required charities to return a survey that allowed it to conduct a high-level assessment of their compliance and provide advice. In 20 cases charities identified areas for improvement and told the commission how they would improve. This outcome underscored how important it is for charities to consider regularly whether their governance arrangements are sufficient, as well as the value of ACNC programs that prompt them to do so
• Reviews (introduced in 2020–21) – where the commission assessed a charity’s compliance on a particular issue. The commission received extra government funding to conduct compliance reviews focused on specific issues and risks in the sector. In 2021–22, the commission finalised 55 reviews. It looked at charities that were involved in the 2020 bushfire response, had large boards, or provided support to vulnerable children overseas, and
• Investigations – where the commission investigated significant breaches of obligations. Ninety-six investigations were finalised, resulting in a range of outcomes, including the revocation of 15 charities’ registration for serious and continual non-compliance.

In 2021–22, the commission referred 41 charities to other government agencies that it thought might be able to act.

Hundreds of charities deregistered

The ACNC has revoked the registration of more than 550 charities because they failed over successive years to complete their annual reporting.

Acting ACNC commissioner Deborah Jenkins said that while many of the charities might have wound up or merged with another organisation they still had an obligation to notify the commission.

‘It is the responsibility of those who lead charities to comply with their obligations,’ Ms Jenkins said.

‘To maintain registration, annual information statements must be submitted each reporting period, and if [a charity] winds up or merges, [it] must submit a form to let us know.’

Charities must meet certain obligations to maintain registration. These include reporting to the ACNC annually, notifying certain changes and ensuring activities are in line with stated purposes. If it is no longer operating or has wound up, it should request that its registration be revoked via the charity portal.

Charities that have been revoked can apply to be re-registered once they provide the commission with their outstanding reports. The ACNC strongly encourages charities to keep their annual reporting up to date to avoid revocation, loss of charity tax concessions, and having to re-register.

Back to Top

ASIC highlights key reporting areas

The Australian Securities & Investments Commission is urging directors, report preparers, and auditors to assess whether financial reports provide useful and meaningful information. The commission has highlighted key areas for companies to get right for the 31 December year-end.

While NFPs have not been specifically mentioned, many of the focus areas are relevant. Among them are asset values, provisions, solvency, going-concern assessments and events occurring after year-end and before completing reports. Disclosures in financial reports about uncertainties, key assumptions, and sensitivity analysis are also important.

ASIC stated that appropriate experience and expertise should be applied in reports and audits, particularly in more difficult and complex areas such as asset values and other estimates.

Directors and auditors should be given sufficient time to consider reporting issues and to challenge assumptions, estimates, and assessments.

They should make appropriate enquiries of management to ensure that key processes and internal controls have operated effectively during periods of remote work.

The circumstances in which judgements on accounting estimates and forward-looking information were made and the basis for those judgements should be properly documented at the time and disclosed if appropriate.

AASB issues four amending standards

The Australian Accounting Standards Board has issued four amending standards with a range of application dates. They address leases, non-current liabilities with covenants, editorial corrections and repeals of standards, and fair-value measurements of non-financial assets of not-for-profit public-sector entities not held primarily for their ability to generate net cash inflows.

AASB seeks feedback on six standards

The AASB is seeking feedback on its assessment of whether certain requirements in standards applying to NFP public and private-sector entities continue to meet their original objectives.

Invitation to Comment 50 Post-implementation Review – Income of Not-for-profit Entities considers the accounting for income of NFP entities set out in AASB 1058 Income of Not-for-Profit Entities and appendix F of AASB 15 Revenue from Contracts with Customers.

ITC 51 Post-implementation Review of Not-for-Profit Topics– Control, Structured Entities, Related party Disclosures and Basis of Preparation of Special Purpose Financial Statements considers appendix E of AASB 10 Consolidated Financial Statements, appendix E of AASB 12 Disclosure of Interests in Other Entities, AASB 124 Related Party Disclosures by NFP public-sector entities, and AASB 1054 Australian Additional Disclosures relating to special-purpose financial statements.

Extending KAMs?

When the Auditing and Assurance Standards Board issued ASA 701 Communicating Key Audit Matters in the Independent Auditor’s Report it committed to reconsidering the standard’s scope.

The board has subsequently issued Discussion Paper – Expanding Key Audit Matters beyond listed entities seeking feedback from stakeholders on whether the communication of KAMs should be expanded.

Three options are proposed. Do you support requiring the communication of KAMs in auditors’ reports for:

• Listed entities only (that is, no amendment to ASA 701)
• Listed entities and certain other types of entities, or
• All audited financial reports?

Option 2 ‘certain other types of entities’ includes the following NFPs:

• NFP private-sector entities can be segmented based on existing tiers and reporting obligations by the ACNC. For example, this might result in the communication of KAMs for large not-for-profit entities that are required to prepare and lodge audited financial reports with the commission, and
• Registrable superannuation funds, consistent with current legislation aligning super funds’ financial and accounting reporting obligations with those of public companies.

Comments close on 31 March.

Back to Top

Losing deductible-gift recipient status

Time is running out to avoid losing deductible-gift-recipient status. Most non-government DGR organisations needed to be registered as charities before 14 December or they risked losing DGR status.

A DGR must:

• Meet the definition of an Australian government agency, or
• Be a registered charity, or
• Be operated by a registered charity or an Australian government agency, or
• Be an ancillary fund or a DGR that is specifically listed by name in tax legislation.

The ACNC website details charity-registration eligibility requirements and ongoing obligations. Online applications may be made via the portal.

Eligible organisations needing more time to meet requirements may apply for a three-year extension, even if they have already requested registration, which is being considered.

Three-year extension applications had a deadline of 14 December. Approved applications have until 14 December 2025 to meet new eligibility requirements.

Back to Top

ROC to be abolished

From no later than 6 June, the Registered Organisations Commissioner’s regulatory powers and functions will transfer to the general manager of the Fair Work Ombudsman. ROC will be abolished.

New enforcement options will regulate registered organisations, including infringement notices and enforceable undertakings.

Registered organisations will continue to have the same reporting and compliance obligations under the Fair Work (Registered Organisations) Act 2009.

NSW local-government-integrity measures proposed

NSW Minister for Local Government Wendy Tuckerman has released an independent review into councillor misconduct in NSW. The review proposes the biggest changes to local-government integrity measures in more than 30 years.

Undertaken by Gary Kellar, the review has 49 recommendations aimed at improving the integrity, transparency, and accountability of the state’s more than 1200 councillors.

Mrs Tuckerman said that it was clear from recent ICAC public inquiries and the number of council interventions that changes were needed to build community trust in local government.

‘Mr Kellar’s recommendations include harsher penalties for councillor misconduct and ensures the framework for dealing with misconduct is more independent, effective, and efficient,’ she said.

Review of the Councillor Misconduct Framework – Consultation Guide on the recommendations of the Kellar Report and potential changes to the NSW councillor misconduct framework, was published by the NSW Department of Planning and Environment. Its recommendations included:

• A new, independent framework for dealing with councillor misconduct
• The establishment of an independent Councillor Conduct Commission to oversee independent councillor-conduct review panels
• Mandatory councillor training, including pre-nomination training of candidates for election, and
• Tougher penalties and sections to deal with misconduct, including the ability to impose monetary penalties on individuals.

The material contained in this publication is for general information purposes only and does not constitute professional advice or recommendation from Nexia Edwards Marshall. Regarding any situation or circumstance, specific professional advice should be sought on any particular matter by contacting your Nexia Edwards Marshall Adviser.