2018 training seminars

News

2018 training seminars

We specialise in training trustees and staff in charities and social enterprises. Watch out for updates on our 2018 programme of events which will include sessions on:

– Financial sustainability
– USAID funding
– How to be a good trustee
– Tax for fundraisers including Gift Aid and VAT
– Reading charity accounts
– Risk management

The events for next year will be confirmed soon so watch this space and check our events page for the new programme.

Charity Accountants’ Conference

News

Charity Accountants’ Conference

The 26th annual Charity Accountants’ Conference held in Nottingham was a huge success with over 120 attendees and several expert speakers. VWV – charity law specialists sponsored the conference as well as joining us in offering free drop-in sessions for delegates.

Other speakers included Vicky Browning, CEO of ACEVO, Nigel Davies, Head of Accountancy Services at the Charity Commission plus speakers from social finance, Institute of Fundraising and PWC.

Click here to read a short blog by the Head of Finance at Berkshire Community Foundation on her thoughts about the conference.

Award winners

News

Award winners

We love seeing our clients getting recognition for their great work. Congratulations to our clients on their recent awards!

Third Sector Awards:
– Crisis won the award for Fundraising team of the year
– Quaker Social Action’s CEO Judith Moran was highly commended

Charity Times Awards:
– Disasters Emergency Committee were highly commended in the Charity of the Year award category
– Quaker Social Action’s CEO Judith Moran won the Outstanding Individual Achievement Award

Charity Fraud Awareness Week

News

Charity Fraud Awareness Week

23 October sees the start of Charity Fraud Awareness Week. This is an important opportunity for all charities to reflect on ways in which they can reduce their exposure to fraud and to make sure that available funds for charitable work are maximised.

We have been actively advocating a greater awareness of fraud risk over the last 12 months or so. There have been numerous press reports of charity sector fraud – all of which with the benefit of hindsight could have been prevented through a combination of awareness raising and strong controls.

We are proud to have signed up to CFG’s counter fraud campaign and to be a CFG Counter Fraud Champion. During the week, one of our partners – Jonathan Orchard – will be busy advocating counter fraud strategies at CFG’s Fraud Conference in both London (26 Oct) and Bristol (27 Oct). He is also leading a CFG training course on fraud prevention in Birmingham on 31 October. You can still book a place on any of these by visiting the CFG website.

We encourage all of our clients and contacts to use the opportunity of Fraud Awareness Week to build their fraud defences – through internal awareness raising, reviewing controls and/or attending the seminars. Look out for charity fraud related articles and blogs during the week. And you can sign up to the CFG Counter Fraud pledge here.

Charities and cyber security

News

Charities and cyber security

This summary covers the findings from qualitative research with UK registered charities exploring awareness, attitudes and experiences around cyber security. A total of 30 in-depth interviews were undertaken in February and March 2017 with a range of charities by income, location and charitable area. The research was commissioned by Department for Digital, Culture, Media and Sport (DCMS) as part of the National Cyber Security Programme and carried out by Ipsos MORI.

Awareness and attitudes
Pre-existing awareness and knowledge around cyber security varied considerably across the charities interviewed. Those in charge of cyber security, especially in smaller organisations, did not feel well informed about the topic, and several noted that they had not seriously considered it before or proactively sought out any information, often leaving it to an outsourced IT provider to deal with.
In this context, there was often a low awareness of the Government support available on cyber security. This was despite the fact that the Government and other public bodies were considered as trustworthy sources of information. Some participants assumed that if the issue was important enough for them to address, they would hear about it through their established communication channels, via the Charity Commission or voluntary support bodies, such as NCVO.

In some cases, participants assumed cyber security was more of an issue for businesses than for charities. These participant assumed that businesses would be more at risk as they would be more likely to hold customers’ financial details and generally be expected to have more cash in the bank.

On the other hand, there were several instances where charities recognised the relevance of cyber security for their organisations, and this prioritisation of the issue could be traced to many things:
• holding personal data on donors or service users
• having trustees or staff with private sector experience of the issue
• meeting the standards laid out by commissioning organisations (in cases where charities were involved in Government service provision).

Approaches to cyber security
Across the charities interviewed, it was typically the case that organisations did not have internal specialist staff with the technical skills to cover cyber security. Responsibility for cyber security internally was often held by someone with a different core role, or with multiple responsibilities, such as Chief Executives or finance staff. Competing demands on time and resources – with greater focus often given to areas such as fundraising and delivery – meant that cyber security was often deprioritised and could lack investment. As a result, there was often a reliance on outsourced IT providers, as well as informal sources of support such as friends, family or other local charities.

Various participants highlighted that more could be done to raise basic awareness of cyber security among staff and trustees. However, it was uncommon to find charities that had provided cyber security training to any of their staff or volunteers. This reflected the various barriers that charities faced to providing training. Many assumed training would be expensive, and did not prioritise spending on training above other areas that might need funding, such as IT equipment upgrades. Charities also lacked the expertise to put on training by themselves – those that had done so had typically worked with outsourced providers to run training. Smaller charities also found training hard in general given that many of their trustees and staff tended to work remotely. In this context, some were interested in free or low-cost online training options.

Cyber insurance was similarly often seen as too expensive to consider. Some charities noted that they had wider insurance policies such as public liability insurance or business continuity insurance, but were not clear on whether these would cover them in the result of a cyber attack.

Perceptions and experiences of breaches
Charities were often highly concerned with potential loss of funds or of personal data on donors or service users, and these were typically seen as existential threats that helped heighten the importance of being cyber secure. By contrast, the loss of day-to-day (non-personal data) files was less of a concern, with some charities not realising the potential implications for business continuity from losing non-personal data.

Indeed, the research came across examples of charities that had incurred cyber security breaches where non-personal data were lost, and where organisations spent considerable time getting their data restored. There were also examples where charities had incurred a sizable financial cost from a cyber security breach. In these cases, it is worth noting that the experiences of breaches often spurred charities into taking action and protecting themselves against further attacks.

Finally, the research also explored reporting of cyber security breaches. While participants were confident that they would report serious breaches with a financial impact internally to trustees and to any outsourced IT providers, they were less certain of where and when they might be required to report breaches outside of this. Some mentioned reporting breaches with a financial impact to organisations such as the Information Commissioner’s Office (highlighting again the importance placed on data protection). However, none of those interviewed had heard of the cyber crime body, Action Fraud.

Conclusions
This research has highlighted that charities often see cyber security as important, and are as susceptible to indiscriminate cyber attacks as businesses. These attacks can have serious implications for charity finances and for business or organisational continuity. However, the research also flags the many barriers that charities face when it comes to engaging with the issue, including competing priorities for time and resources, and staff not necessarily equipped with the knowledge and skills to deal with the issue.

There is a need for basic awareness raising among staff and trustees, and upskilling of those responsible for cyber security – so they know the basic technical controls they can put in place. It may also help to disseminate Government information and support via the organisations with which charities already have established relationships, such as the Charity Commission. Finally, making use of private sector expertise among trustees may also help individuals within charities to champion the issue.

New Charity Commission guidance on grant funding non-charities

News

New Charity Commission guidance on grant funding non-charities

Charities can fund private entities with grants, however doing so must further the charity’s objectives, and the CC expects the charity to have appropriate processes in place for awarding and monitoring grants. The revised guidance was originally published in draft in February 2016 and has been modified in a number of areas, including the removal of a statement that non-charity core costs cannot be met by charities.

Grant-funding can create opportunities for charities to further their purposes by reaching individuals or communities that they might not otherwise be able to reach. It can benefit causes or groups which may otherwise struggle to obtain the support they need.

This can include making grants to:
• other charities with similar or overlapping purposes
• organisations that aren’t charities including social enterprises, campaigning organisations, commercial companies or public sector bodies
• organisations based overseas

Making grants to organisations that aren’t charities may present new opportunities to further your charity’s purposes. Grants can be for specific activities or services or, in some cases, to develop the organisation’s capacity to deliver activities or outcomes that will further the charity’s own purposes. Remember though, that organisations which aren’t charities don’t have to deliver public benefit or comply with charitable purposes, and may be unfamiliar with charity law requirements.

You need to understand the relevant risks and boundaries, as well as the opportunities, before you start. Any grant your charity makes must only be used to further or support your charity’s purposes, and for no other purpose. This means there will always be limits and conditions on what you can fund.

Before you decide to make any grants, you should:
• make sure you understand your own charity’s purposes
• make sure you understand and follow trustee decision-making principles
• put in place appropriate systems and procedures for making decisions about grants

Before deciding to make a grant to a particular organisation, you should:
• consider whether that organisation is a charity or not
• take reasonable steps to assess risks and carry out appropriate checks on the organisation to ensure that it is suitable for your charity to work with
• be aware that trustees remain responsible for grant decisions even if decisions are delegated, and understand where extra care may be needed

When giving a grant to another organisation, you should:
• write appropriate terms and conditions to ensure that the grant can only be used in line with your charity’s purposes, and ensure that the organisation understands and accepts them
• put appropriate monitoring arrangements in place
• know what to do if things go wrong

Find out more in this guide to decision making.