IN THIS ISSUE

Volume 8 · No. 2 · June 2004

Print Article Print Entire Issue

According to Mike

Michael Pidzamecky, CMA, CFE
Senior Audit Consultant
 Desjardins Financial Security 
Toronto, Canada

As I contemplate the somewhat improved economic business environment, many exchange-listed companies are reporting how well they did — or perhaps did not do — in the last business quarter. But earnings are not the only news stakeholders are keeping their ears open to, as reports about corporate scandals and governance problems remain prominent. While investors are focusing on yet another company with a governance problem that has rocked my part of the world — Canadian-based Nortel Networks Inc. recently terminated three of its top executives for overstating income on its financial statements — I tried to relate this troubling news to a risk assessment workshop I recently attended for not-for-profit (NFP) companies.

I was interested in attending this session — for charitable organizations and non-government agencies (NGOs) — because of my involvement in risk-assessment and risk-management processes. I wanted to see if NFP organizations have the same governance-related risks and issues as for-profit companies. As expected, I found that many of the same risks faced in a for-profit business — regulatory standards, governance oversight, and competitive advantage — are evident in NFP organizations as well. 

So, allow me to compare and contrast. The reality faced by for-profit organizations is that government, investors, and the general public expect the business to develop, promote, and most importantly, use sound business practices of governance, internal control, and risk management. Interestingly, the same for-profit stakeholders are turning their attention to the not-for-profit world. Many are saying that just because a NFP organization has a zero-target net income, they are supported through individual and business donations and receive tax advantages, and therefore, should have the same governance, control, and risk-management responsibilities in their business endeavours as required of for-profit companies.

In the for-profit world, sound governance and risk management programs are well under way in many corporations, thanks to recent regulatory initiatives. These same businesses are reporting to their customers and investors that their improved governance practices help ensure compliance with laws and policies and provide quality, timely goods and services to customers, resulting in sound financial profits.

In contrast, nothing could be worse for a not-for-profit organization than an internal scandal or high-risk incident, such as breaking the law, exposing people to harm, or misrepresenting how funding is used. A prime example is the scandal at the former Canadian Red Cross Blood Services Division in the mid-1990s. Because of the organization's ineffective risk-assessment and risk-mitigation processes, many public individuals became infected with HIV and hepatitis, resulting in legal awards totalling hundreds of millions of dollars. Added to this was a severely tarnished reputation for a noble organization that is slow to be reclaimed.

During the workshop I attended, the participants brainstormed generic risks that face NFPs and NGOs. After matching similar risks, a list of approximately 30 relevant topics was produced, eventually ranked as to the top five:

• Increased competition with sophisticated, aggressive, fund-raising tactics.
• Demographic shifts — including aging population, single versus family, ethnic background — affecting program delivery and fund-raising efforts.
• Uncontrollable external events that affect the organization and donor giving, such as terrorist attacks, and the local SARS disease outbreak.
• Attraction, retention, and training of competent professional staff, senior management, and board members.
• Labor strife due to unsatisfied, underpaid, and undertrained employees.

When working to secure appropriate funding, NFP organizations face similar risks and challenges as for-profit companies face when marketing and selling their services and products. Spending significant time researching available sources of funding, nurturing long-term relationships, and making sure its programs are unique and are needed, above all others, NFP organization's aren't really much different from the for-profit world. 

Regardless of whether an organization is required to comply with governance legislation or not, many internal auditors would agree that risk assessment and risk management is becoming a leading best practice in both private and public corporations around the world. It is important that all sectors — for-profit, not-for-profit, and government and nongovernment agencies — realize the full potential and benefits of risk assessment and risk management processes so investors and stakeholders can concentrate on the potential of their investment, rather than risk-related disasters experienced in organizations such as Nortel and the Canadian Red Cross.

Michael Pidzamecky, CMA, CFE, is a senior consultant, internal audit and security, at Desjardins Financial Security in Toronto, Canada. He also has a private consulting practice. Pidzamecky has developed several self-assessment approaches. He has presented sessions for IIA courses and conferences and has written questions for the CCSA exam.