The Gary Sinise Foundation discovered in March of 2021 that it had been the victim of wire fraud, according to a note disclosed in its audited consolidated financial statements for the fiscal year ended 12/31/2020. According to the consolidated audit:
"In March 2021, the Foundation discovered that it had been the victim of wire fraud. Following an extensive review, it was determined that the data breach occurred in late December 2020 but the outlay of cash, totaling $1,150,000, was criminally seized in the first quarter of 2021. As of the date of these consolidated financial statements [November 12, 2021], the Foundation has recovered approximately $355,000 and is currently working with the financial institution and insurance carriers in an attempt to recover more. At this time, there are no assurances that the Foundation will receive additional funds based upon these efforts.
"Subsequent to the discovery, the Foundation has implemented additional internal control measures to prevent any future data breach attempts, moved funds to a more secure financial institution and onboarded a new IT company and a new accounting service provider. In addition, in June 2021, upon the then CEO's retirement, the Foundation appointed a new CEO. Several other changes in management, including the departure of the COO and the appointment of a CFO, have also occurred subsequent to the December 31, 2020 year end."
Significant Diversion of Assets and the Importance of Audited Financial Statements
Gary Sinise Foundation responds "No" to the following question on its 2020 IRS Form 990 (Part VI, Section A, line 5): "Did the organization become aware during the year of a significant diversion of the organization's assets?"
Though the data breach occurred in December of 2020, Gary Sinise Foundation did not become aware of it until March of 2021, according to the audit note. To comply with Generally Accepted Accounting Principles in the United States (GAAP), charities must disclose certain "subsequent events" in their audited financial statements if they are of such nature that omitting them would cause the financial statements to be misleading. The disclosure must include a description of the nature of the event, an estimate of its financial effect, or a statement that an estimate cannot be made (FASB Accounting Standards Codification 855-10-20). However, charities are not required to disclose such information in their tax filings for events that occurred after the end of the tax year, in this case 12/31/2020.
This highlights the importance of analyzing a charity's audited financial statements as part of any meaningful evaluation of its financial operations and governance. Some charity rating websites rely on using software to pull data from specific machine-readable fields of thousands and thousands of charity tax forms. These systems are not designed to catch issues at a charity—even very significant issues—that cannot be caught by automation. A charity rating system that significantly relies on tax form reporting would most likely not discover this charity's diversion of assets until late 2022 or early 2023, based on the lag time between when its fiscal year ends and when it files its Form 990 with the IRS. Gary Sinise Foundation CEO, Mike Thirtle, signed the Foundation's fiscal year ended 12/31/2020 Form 990 on 11/15/2021. If the charity's management similarly signs its fiscal year ended 12/31/2021 Form 990 in November of 2022, automated charity rating websites are unlikely to scan Gary Sinise Foundation's 2021 Form 990 and make potential donors aware of its diversion of assets until November or December of 2022 at the earliest—a full year after CharityWatch was able to report this issue to donors based on our analysis of its audited consolidated financial statements.
Charities' Tax Forms 990 Offer Little Disclosure of Diversions of Assets
Gary Sinise Foundation is sadly far from the first charity to report wire fraud or other diversions of charitable assets. In a 2013 investigative article entitled "Millions missing, little explanation," The Washington Post conducted an analysis during which it uncovered more than 1,000 nonprofit organizations that had reported a significant diversion of assets since 2008. Some instances involved legal exchanges, while most were attributed to theft or embezzlement, sometimes leading to the loss of tens of millions of dollars, according to The Post. The Post's study found that many organizations provided "few or no details" in their tax filings explaining what occurred or the organizations' plans for examining and correcting their failed internal controls over financial assets.
Difficulty Obtaining Gary Sinise Foundation's 2020 Financial Data
CharityWatch contacted Gary Sinise Foundation by phone on November 11, 2021 to request copies of the charity's 2020 IRS Form 990 and audited financial statements. We were directed to email a staff member who has an educational background in corporate communications and works in a marketing capacity for the Foundation. We did so that day and received an email response nine days later stating that the organization should have its tax filings finalized "by the end of this month." The staff member then communicated that they would "be happy to share with you as soon as I receive." CharityWatch responded to the email on November 22nd reiterating that we would need a copy of the charity's audit, in addition to any tax filings, in order to update its rating. When we received no response, we contacted the charity via email again on December 7, 2021. As of the date this article was published (December 14, 2021), Gary Sinise Foundation has not responded to our email or provided a copy of its tax form or audit to CharityWatch.
Gary Sinise Foundation's audit report letter was signed on November 12, 2021, but based on CharityWatch's research and monitoring, the audit did not become available in certain online searchable Secretary of State or State or Attorneys General charity registration websites until around December 9, 2021. CharityWatch obtained copies of Gary Sinise Foundation's fiscal 2020 consolidated audit and IRS Form 990 from one such database and completed its rating using these materials. The Gary Sinise Foundation has not posted its 2020 audit or Form 990 on its website (as of December 14, 2021). Due to these governance and transparency concerns, CharityWatch has suspended Gary Sinise Foundation's Top-Rated charity status for its fiscal year 2020.
Best Practices for Preventing "Internal Fraud and Theft of Charitable Assets"
The California Department of Justice Charitable Trusts Section, in Gary Sinise Foundation's home state, publishes the Attorney General's Guide for Charities containing best practices for nonprofits that operate or fundraise in California. The chapter on exercising fiscal management describes how such diversions can sometimes occur and what internal controls nonprofits should have in place to prevent them.
Diversion of assets can occur at either the receipt or disbursement phase, according to the Guide. Without proper controls on the receipt side, for example, funds can be rerouted to outside bank accounts. On the disbursement side, a lack of internal controls, or a lack of enforcement of internal controls, could mean that a charity is not ensuring it has adequate documentation, such as receipts, invoices, and other payment justification documents, prior to issuing payments and other disbursements. Prevention measures described in the Guide include things like adopting controls to monitor invoices; ensuring credit card charges are made for the charity's business and not personal expenses; reconciling the charity's bank accounts periodically to ensure that disbursements match entries made in the books; and putting bank account safeguards in place by a charity's board of directors, such as limiting the number of signatories on the bank accounts.
Gary Sinise Foundation does not disclose in its 2020 audited financial statements additional details about the wire fraud indicating the specific parties involved or whether or not the data breach involved its staff members or outside parties. CharityWatch reached out to the Foundation on December 13, 2021 for additional details but has not received a response as of the publication of this article (December 14, 2021).
Gary Sinise Foundation's Financial Efficiency
Though the Gary Sinise Foundation lost its CharityWatch Top-Rated status due to the described governance and transparency issues, it operated with overall high efficiency in 2020, spending 87% of its cash expenses on program services, and spending only $4 to raise each $100 in cash support, earning it an "A" rating on CharityWatch's "A+" to "F" rating scale.
Regarding the $1,150,000 wire fraud that occurred in December 2020, support from the charity's founder from a five-year pledge of $1,500,000 (or $300,000 per year) made in 2018 exceeds the reported amount that was "criminally seized" in the first quarter of 2021. Given this $1,500,000 pledged by its founder, in the big picture, it could be said that the $795,000 that Gary Sinise Foundation has been unable to recover from the wire fraud (as of 11/12/2021) has not diminished the total donations contributed to the charity by members of the general public. That said, money is fungible, and $795,000 that could have been used by the Gary Sinise Foundation to help veterans has been lost to fraud, with no guarantee that it will ever be recovered. (The reported present value of the remaining portion of the founder's five-year pledge that had not yet been received by the charity as of 12/31/2020 is $649,669, according to Note 6 of its 2020 consolidated audit.)
CharityWatch's investigative work and in-depth financial analysis of charity audited financial statements, tax filings, fundraising contracts, legal filings, and other data used in our evaluations of charities is funded by donations from the general public. We hope you will consider supporting us by making a donation today. We also welcome support from foundation and corporate donors.