required to publicly disclose the organization's annual information returns, social security numbers shouldn't be included on this form. By law, with limited exceptions, neither the organization nor the IRS may remove that information before making the form publicly available. Documents subject to disclosure include statements and attachments filed with the form. For more information, see Appendix D.
Organizations that have $1,000 or more for the tax year of total gross income from all unrelated trades or businesses must file Form 990-T, to report and pay tax on the resulting unrelated business taxable income (UBTI), in addition to any required Form 990, 990-EZ, or 990-N.
An organization may not file a “consolidated” Form 990 to aggregate information from another organization that has a different EIN, unless it is filing a group return and reporting information from a subordinate organization or organizations, reporting information from a joint venture or disregarded entity (see Appendix E, Group Returns—Reporting Information on Behalf of the Group, and Appendix F, Disregarded Entities and Joint Ventures—Inclusion of Activities and Items).
An organization that has filed a letter application for recognition of exemption as a qualified nonprofit health insurance issuer under section 501(c)(29), or plans to do so, but hasn't yet received an IRS determination letter recognizing exempt status, must check the “Application pending” checkbox on the Form 990, Item B, page 1.
Subordinate organizations in a group exemption which are included in a group return filed by the central organization for the tax year shouldn't file a separate Form 990, Form 990-EZ, or Form 990-N for the tax year.
A public charity described in section 170(b)(1)(A)(iv), 170(b)(1)(A)(vi), or 509(a)(2) that isn't within its initial 5 years of existence should first complete Part II or III of Schedule A (Form 990 or 990-EZ) to ensure that it continues to qualify as a public charity for the tax year. If it fails to qualify as a public charity, then it must file Form 990-PF rather than Form 990 or Form 990-EZ, and check the box for “Initial return of a former public charity” on page 1 of Form 990-PF.
Depending on the specific accounting method change being requested, the taxpayer may be able to request “automatic” consent. This means that as long as the taxpayer follows the applicable procedures, the taxpayer does not have to wait for formal approval by the IRS before applying the new accounting method. See Rev. Proc. 2019-43, 2019-48 I.R.B. 1107, or its successor, for a list of accounting method changes that generally qualify for automatic consent.
Generally, a taxpayer, including a tax-exempt entity, will recognize a positive section 481(a) adjustment (such as, an increase to income) ratably over 4 tax years and will recognize a negative section 481(a) adjustment in full in the year of change. See Rev. Proc. 2015-13, or its successor.
See Pub. 538, Accounting Periods and Methods, and the instructions for Forms 1128 and 3115, about reporting changes to accounting periods and methods.
Properly distinguishing between payments to affiliates and grants and allocations is especially important if the organization uses Form 990 for state reporting purposes. If the organization uses Form 990 only for reporting to the IRS, payments to affiliated or national organizations that don't represent membership dues reportable as miscellaneous expenses on line 24 can be reported on either line 21 or line 1.
Business Activity Codes
The codes listed in this section are a selection from the North American Industry Classification System (NAICS) that should be used in completing Form 990, Part VIII, lines 2 and 11. If you don't see a code for the activity you are trying to categorize, select the appropriate code from the NAICS website at 2017 NAICS Census. Select the most specific six-digit code available that describes the activity producing the income being reported. Note that most codes describe more than one type of activity. Avoid using codes that describe the organization rather than the income-producing activity.
Glossary
The glossary has over 65 pages that include tax, accounting, titles and terms on the tax forms, and an amazing long list of items mentioned in the extensive instructions that themselves total 100 pages.
Before diving into new developments to pages of the sixth edition of Tax Compliance for Tax-Exempt Organizations, I'll share an excellent list of suggestions for protecting your data and computer from cyber terrorists.
The following tips were written by AICPA's Not-for-Profit Section:
9 cybersecurity tips for small not-for-profit organizations
Numerous studies have shown that over 90 percent of corporate breaches start with a phishing email. But don't let that statistic lead you to believe that you can strengthen your controls over email and be safe. Recent reports are indicating that fraudsters are now successfully using voice-generating artificial intelligence software to impersonate executives when perpetrating these crimes.
Unfortunately, far too many nonprofits do not have or know of a policy that identifies how their organization handles cybersecurity risk, equipment usage, and data privacy. Cybersecurity is a real concern that all types of organizations, including all types and sizes of not-for-profits, must address.
This article offers tips and best practices related to both the personal and the technical aspects of cybersecurity that even the smallest nonprofits can employ.
Promote organization-wide awareness
It is increasingly important for organizations and users to understand that the cybersecurity adversaries, also known as “bad actors,” are after people. Bruce Schneier, a seasoned cybersecurity professional, said, “Amateurs hack systems, professionals hack people.” Take spear phishing, for example, where bad actors send emails ostensibly from a trusted sender to get recipients to reveal confidential information.
Every member of an organization is responsible for security. Take the time to educate users on this fact and make security part of your culture:
Provide continual training.
Hold lunch and learns.
Post signs in the break room.
Cover a security topic during team meetings.
There are limitless examples of cyber breaches on the Internet that you can discuss. It takes little effort to talk about security and doing so will save headaches in the long run.
Understand the latest social engineering techniques
Bad actors are getting better and better at using social engineering to get us to provide information or click on links to download malware. Phishing is by far the most common method, followed by email, text, and phone. The days of offering money from a bank in Nigeria are over. Bad actors are getting more sophisticated. They