As we start 2019 with high hopes and ambitions for a successful year, nonprofits know all too well the difficulties in providing services and serving the community without proper funding. Bad press is the last thing a nonprofit wants to receive especially when asking for government funds or individual donations; and with tight budgets, who really has funds to give back on audit? The OSC recently released two audit reports that impacted two different nonprofit organizations, both reports noting negative findings. We are firm believers that every grey cloud has a silver lining. So what’s the ray of sunshine here? For those organizations that have not yet undergone a government audit should review these reports to get a better understanding of the potential pitfalls and findings that they need to be wary of. This is your chance to tighten your controls and ensure compliance before you win the audit lottery.

The first audit found that the Phoenix House New York claimed for reimbursement of expenses that were not in compliance with the $51 million contract provided by the Office of Alcoholism and Substance Abuse (OASAS). Phoenix House provides outpatient, inpatient, and residential drug and alcohol addiction treatment services at several locations in the New York City area. According to the audit, approximately $3 million of ineligible payments were for unallowable administrative expenses. OASAS is responsible for monitoring compliance with its contract with Phoenix House and the audit noted that for three years, Phoenix House was able to claim and receive reimbursement for approximately $2.9 million in “unallowable” and “unsupported” parent agency administrative expenses. The audit further cited that an additional $851,428 in personal service expenses did not meet the requirements of the contract, the CFR manual, nor fiscal guidelines. The most damaging part of the audit report is the recommendation for OASAS to recover $3.9 million of the unallowable and/or unsupported costs from Phoenix House.

These disallowed costs included:

  • Administrative costs allocated to PHNY in excess of the ratio value amount
  • Certain non-allowable costs (per appendix X of the CFR claiming manual) that were included in parent costs that should have been disallowed
  • Fundraising and lobbying costs included in administration
  • “Merit” bonuses not supported by performance reviews
  • Expenditures for which proper support was not provided
  • Lack of time tracking to support level of effort chargeable to PHNY
  • Deduction of depreciation that is non-allowable pursuant to OASAS guidelines

The second report was an audit of the LIRR’s oversight and monitoring over its homeless outreach services contract which was to be performed by the nonprofit organization Services for the UnderServed (SUS). LIRR entered into the contract with SUS to provide homeless outreach services for a period of five years. The total of the contract for this period totaled approximately $860,000. The audit found that the LIRR did not appropriately establish performance standards so there was no way to ensure that SUS was properly performing appropriate homeless support services. The OSC auditors noted that the SUS outreach team’s “efforts varied greatly depending on whether they knew they were being watched or not.” Specifically, the OSC auditors stated that SUS failed to assist homeless people and data reported by SUS to LIRR contained “inaccuracies and was not complete.” The audit report holds the LIRR responsible for not establishing measures to ensure that SUS was performing the services as outlined in the contract and had several recommendations including establishing internal controls to ensure data provided by SUS is complete and accurate.

No nonprofit wants to receive that letter from their funding source or an oversight agency that they are being audited. But understand, for most organizations, this is an inevitable situation. The key is what you do long before that letter comes to mitigate audit risk. To prepare, organizations should:

  • Ensure that they have in place proper controls which consider such things as cost allocations, proper support, approvals and documentation, oversight, etc.
  • Make sure you understand the compliance aspects and regulations outlined by your funding sources. This includes allowable vs. non-allowable costs, documentation of service delivery, cost allocation methodologies, and other criteria. Failure to comply with regulations, could result in disallowed costs
  • Monitor changes in regulations so you are abreast of modification to ensure you remain compliant
  • Implement a quality assurance and/or an internal audit function. How you approach this will be a function of how you are paid. Fee based programs should be more focused on proper billing procedures, documentation of service delivery, compliance with paperwork requirements (e.g. treatment plans), staff qualifications, etc. Cost based programs should be more focused on expenditures, allocations, documentation and support of charges, etc.
  • Read through government audits (stalk your funders websites, the OMIG, and/or the OSC) to gain insight into what funders are looking for

While audits are never fun and can be disruptive, an organization that has implemented proper controls, procedures, oversight, and internal monitoring will have a much easier and less costly experience than one that hasn’t. Audits will happen, and the results of a bad audit can be devastating. So why leave things to chance?

Shari Diamond, CIA

Shari Diamond, CIA


Shari has been with Cerini & Associates, LLP since 2008 where she works primarily with the firm’s school district clients providing internal audit and claims audit services. She has over twenty years’ experience performing internal audits, risk assessments, and compliance reviews, as well as recommending processes to strengthen the internal controls environment while increasing efficiencies. Her prior experience at PWC and Northrop Grumman included performing Information Technology audits.