nonprofits

For many people, charitable giving is deeply personal, motivated less by tax considerations and more by values and a connection to a cause or organization. While tax benefits are rarely the primary reason people give, understanding how charitable contributions may affect your taxes remains important. 

Tax benefit for charitable giving 

Generally, a tax benefit for charitable giving was only available to taxpayers who itemized their deductions. In 2017, with the passing of the Tax Cuts and Jobs Act, the standard deduction was increased and the state and local tax (SALT) deduction was capped at $10,000. These changes made it more beneficial for some taxpayers to shift from itemizing their deductions to taking the standard deduction. This shift essentially removed the federal tax benefit for charitable giving for such taxpayers. For some, this put charitable giving on the sidelines, either by reducing giving, not giving to qualified public charities, or simply not keeping track of their giving. 

2026 charitable tax benefit with standard deduction 

Beginning in 2026, a permanent change expands the charitable tax benefit to taxpayers who take the standard deduction. Under the One Big Beautiful Bill Act, non-itemizers may now claim an above-the-line charitable deduction up to $2,000 for married taxpayers filing jointly (or $1,000 for single filers).  

To qualify to take this deduction, a few requirements must be met: 

• The donation must be cash 
• The donation must be made to a qualified public charity 
• The donation cannot be a contribution to a donor-advised fund 

Some important reminders: 

• Documentation is a must. Acknowledgment letters are a good form of documentation. 
• Verify the organization you are donating to is a qualified public charity. One common mistake some taxpayers make is assuming online crowdfunding fundraisers are qualified public charities.   
• Remember to provide your charitable giving information to your tax professional.   

Admittedly, the change is modest, not transformational, but it does broaden the number of taxpayers who benefit from donating to charity. It is important to keep in mind that each individual taxpayer’s situation is unique. State tax implications must also be considered, as not all states follow federal tax law.  

BerryDunn can help 

Our seasoned tax professionals partner with you to offer practical, accessible guidance and to develop a detailed strategy that supports your unique needs. We excel at tax strategy and solutions, placing an emphasis on building long-term relationships. Our deep expertise spans a full range of tax concerns, tax services, and consulting to support individuals, businesses, and nonprofit organizations. Our consultants are specialists in their industry, working closely with their colleagues across the firm to deliver integrated, comprehensive solutions. Learn more about our team and services.

In today’s increasingly digital environment, cybersecurity has become a critical concern for nonprofit (NFP) organizations. While many NFPs operate with smaller teams and tight budgets, they still handle sensitive information—donor records, payment data, client demographics, and sometimes even health‑related or financial assistance files. Unfortunately, cybercriminals recognize this and often view NFPs as soft targets with valuable data. Because community trust is so important, a cybersecurity incident can create financial and reputational hurdles for an organization. The good news, however, is that strong cybersecurity safeguards do not always require major capital investments. With strategic planning and a focus on essential controls, even the most resource‑constrained organizations can significantly reduce cyber risk.

The cyber threat landscape for nonprofits 

NFPs face a wide variety of cyber threats, many of which exploit human error or outdated systems. Phishing attacks remain the most common, often leading to credential theft or unauthorized access to email accounts. Business Email Compromise (BEC) schemes, which can trick employees into sending fraudulent payments or sensitive data by impersonating trusted email addresses, can be particularly damaging for smaller organizations with smaller internal control structures. Beyond causing operational slowdowns, a breach can make donors and other stakeholders more cautious and raise understandable questions. 

Practical, low‑cost cybersecurity strategies 

Despite limited budgets, NFPs can meaningfully enhance their cybersecurity position by focusing on high‑impact, low‑cost strategies. 

Strengthening governance is a key first step. Establishing basic cybersecurity policies—such as acceptable use, password standards, and incident response—creates a foundation for consistent practices across employees and volunteers. Free frameworks, like the NIST Cybersecurity Framework resources, designed originally for government use, but applicable to many organizations, provide a helpful starting point, including a Quick Start Guide for small businesses.

Next, NFPs can maximize the value of technology they already own. Many cloud platforms commonly used in the sector, such as Microsoft 365 and Google Workspace, include built‑in security features at no extra cost. Enabling multifactor authentication (MFA), automatic software updates, and email filtering tools can significantly reduce the likelihood of a successful cyberattack. Removing unused accounts and reviewing permissions helps ensure attackers don't exploit dormant access. We recommend a formal user access review at least annually for small organizations and quarterly for medium-sized organizations or if there is higher turnover at a small NFP. 

Because many cyber incidents stem from unintentional mistakes, training is one of the most cost‑effective defenses. Free or low‑cost cybersecurity awareness programs can be incorporated into onboarding for staff and volunteers. Regular reminders about phishing, safe browsing, and password practices—combined with simple processes for reporting suspicious activity—create a culture of security without significant expense. 

Data protection is another essential component. Tracking where sensitive data resides and limiting access to only those who need it helps reduce exposure. Continuously testing that cloud-based backups are working effectively can ensure critical information is recoverable in the event of a ransomware attack or system failure. We recommend testing data backups at least quarterly, especially with your cloud vendors, to help ensure their responsibilities around data are being upheld.  

Finally, NFPs can leverage outsourced support and community resources. Many managed service providers offer NFPs pricing, and state or local government programs sometimes provide free cybersecurity assessments or monitoring tools. These partnerships allow small organizations to access expertise they may not be able to hire internally. 

The path to cost-effective cybersecurity 

Effective cybersecurity is achievable—even for NFPs with limited resources. By focusing on governance, human awareness, existing technology, and targeted use of outside support, NFPs can build a resilient security foundation without heavy financial investment. With the right culture and controls in place, organizations can protect their data, safeguard their reputation, and continue advancing their mission with confidence.

BerryDunn can help 

We help organizations understand their cybersecurity risk environment and translate threats into leadership-ready insights. Our consultants guide you in identifying actionable next steps, gaining engagement and buy-in from key decision-makers. With deep experience across sectors, we deliver practical cybersecurity solutions tailored to your systems and compliance needs. Learn more about our team and services. 

Read this if you are a chief financial officer or controller at a community bank.

On April 23, 2026, the federal banking agencies—the Office of the Comptroller of the Currency, the Federal Reserve, and the Federal Deposit Insurance Corporation—issued a final rule revising the Community Bank Leverage Ratio (CBLR) framework. The changes are intended to encourage broader adoption of the CBLR framework while maintaining strong capital standards for qualifying community banks.

What are the key changes under the final rule? 

Lower CBLR requirement 

• Threshold lowered from 9% to 8% 
• Likely increase in community banks that qualify for the simplified CBLR framework rather than the more complex risk‑based capital rules

Expanded grace period 

• Grace period for banks that temporarily fall out of compliance with the CBLR qualifying criteria extended from two quarters to four quarters, provided the bank maintains a leverage ratio above 7% 
• Institutions may remain in the CBLR framework while reestablishing compliance or transitioning back to the risk‑based capital framework

Limits on repeated grace period use 

• Grace period use is limited to no more than eight quarters during the prior five-year (20‑quarter) period to preserve safety and soundness 
• Institutions exceeding the threshold must immediately comply with risk‑based capital requirements if they again fall out of CBLR compliance

The final rule is effective July 1, 2026.

Why does this matter for community banks?  

Regulators expect these changes to reduce regulatory burden, provide banks with additional balance sheet flexibility, and increase capacity for community lending—while keeping capital levels consistent with well‑capitalized standards. For banks currently near the prior 9% threshold or concerned about short‑term capital volatility, the revised framework may make the CBLR a more practical and sustainable option. 

Key takeaways

• Broader CBLR adoption: The lower qualifying threshold means more community banks can opt into the simplified CBLR framework. 

• Grace period expansion: Banks have a longer runway to recover from temporary shortfalls without needing to revert to the risk-based capital framework. 

• Grace period restrictions: Limitations have been added to avoid reliance on grace period use. 

• Compliance relief: The changes are meant to ease compliance burden while facilitating consistent capital levels.  

BerryDunn can help

Our dedicated audit, tax, and consulting professionals understand the financial services industry and its challenges and are committed to helping you meet and exceed regulatory requirements. We partner with you to bring tailored approaches to fit your needs and operations and provide guidance on best practices and recommendations that make sense for you. Learn more about our services and team. 

Read this if you’re a CEO, CFO, or a compliance officer at a Federally Qualified Healthcare Center (FQHC).

FQHCs that expend $1 million or more in federal awards in a fiscal year (FY) must have single audits conducted. Single audit reports must be submitted to the Federal Audit Clearinghouse (FAC) within 30 days of receiving the auditors’ reports or within nine months after the audit period ends, whichever comes first. 

New single audit requirements 

Effective October 1, 2025, the Health Resources and Services Administration (HRSA) expanded its delinquent audit process for FQHCs that have failed to complete their single audits and submit the corresponding reports within the designated time frame. Prior follow-up was generally limited to confirming the health center had engaged a CPA firm (via a signed engagement letter) and documenting the expected audit completion date. If health centers fail to complete their single audits and submit the corresponding reports within the designated time frame, they may face additional actions, such as: 

• Drawdown restriction 
• Reimbursable drawdown restriction 
• Withholding a percentage of federal funds 
• Suspending federal funds 
• Termination of grant

Delinquent audit follow-up 

HRSA’s Division of Financial Integrity (DFI) sends monthly emails to health centers that are delinquent in submitting their single audit report to the FAC. This email includes: 

• Notification of which FY audits are delinquent 
• Request for expected submission date 
• Request for an electronic copy of the auditor engagement letter 
• A reminder that follow-up emails will continue until all delinquent audits are accepted by the FAC 

To provide guidance to FQHCs, the DFI conducts technical assistance sessions for health centers that are past due in submitting their audits. 

A new 120-day grant condition letter 

HRSA will email all health centers with multiple years of noncompliance about a new 120-day grant condition regarding audit requirements. This email will outline the following: 

• Health centers have 15 days to notify HRSA and confirm receipt if audits have already been sent to the FAC, or to submit a corrective plan for any deficiencies. 
• If the audits or the plans are not submitted within 15 days, a 120-day grant condition will be applied to all HRSA grants requiring submission of the most delinquent grants to the FAC. 
• Continued noncompliance will result in suspensions of all HRSA grants for 30 days. 
• Additional actions, such as termination, may result if the most delinquent audits are not submitted before the 30-day suspension ends. 

This process will continue until all outstanding audits are submitted to the FAC. 

How BerryDunn can help 

With this tightening of federal oversight, health centers need to prepare by implementing proactive monitoring and strategic planning to ensure compliance and avoid administrative delays.  Our CPAs, business and cost reporting consultants, and IT professionals are singularly focused on supporting community health centers. Our team is comprised of respected industry leaders and professionals with comprehensive credentials. With expert guidance, we help you mitigate risk, gain regulatory confidence, and enhance operational integrity. Learn more about our services and team.  

Over my nearly 40 years in public safety, I have seen a dramatic evolution in how public safety handles the ‘paperwork’ side of the job. My career started with punch cards and carbon paper forms in triplicate, moved on to electric typewriters, and eventually, I rode the digital wave as computers, computer software, and various peripherals sought to obliterate pen and paper from our daily lives. I have gone from green screens to graphical interfaces, from floppy disks to CDs and thumb drives, and now, even servers are disappearing as everything seems to be migrating to the cloud. The pace of change has been incredible, and honestly, it has been at times daunting, while also life changing.

In the early days of the digital reformation, back in the mid-1990s, I remember being both excited and a little bit resistant as computer-aided dispatch (CAD) and records management systems (RMS) started making their way into the public safety space. Back then, the technology was still in its infancy—brand new, expensive, and just starting to find its footing in our world. But even in those early days, it was already beginning to reshape how we did business, and I had no way of knowing how significantly those changes would eventually change our operational world.

Forty years might sound like a long time, but the truth is, real momentum in public safety tech has only picked up in the last 20 years. In reality, when it comes to meaningful innovation in law enforcement, the past five to 10 years have been game changing. Tools like body-worn cameras, and now artificial intelligence, are not just new gadgets; they are fundamentally transforming how we operate.

Despite the great strides we have made in developing a myriad of technology-based applications, public safety organizations still face major challenges in finding and implementing CAD and RMS solutions that truly meet their unique operational needs. Although the market is flooded with more software vendors than ever before, and rapid advancements in technology in the last five years have produced a flood of “latest and greatest” solutions, many of these products still fall short of delivering comprehensive functionality and essential analytics across the platform, both of which are cornerstones of operational success.

While a handful of vendors claim to offer “fully customizable” platforms that can be modified to align with our organization’s unique requirements, those promises do not ensure a perfect fit, and many are so cost prohibitive that the organizations who need them the most abandon those options because of fiscal constraints. Even for those organizations who invest in top-tier systems, they still frequently hear a familiar refrain from their teams when asked about the software: “It sucks.”

Honestly, I get it. I have seen systems on the market today that any reputable and knowledgeable tech consultant would deem archaic, considering the level of technology capabilities within the space. Some systems offer just the bare minimum in terms of functionality— at an affordable price—which the overall operational and inefficiency costs cannot offset. Conversely, I have seen top-tier platforms—systems with robust capabilities that can meet or even exceed our needs—that fail to perform at an optimal level.

So why is it that time and again, we still hear the same frustrated utterance from end users:

“This system sucks.”

Why does it seem like so many of our staff members feel this way, and how did we end up in this condition?

Based on my many years of public safety experience and now as part of a national public safety consulting group, I find there are two primary reasons why staff are frustrated with their existing systems:

First, the current system is either homegrown or outdated and cannot meet organizational needs. Though perhaps it was once a top-tier product, technology has advanced, leading to several issues:

• The vendor now promotes a newer product and no longer supports the old one.
• The platform or company was acquired and the product's standing diminished under the new vendor.
• The system is simply too old to remain capable.

Second, we find that poor implementation is to blame:

• Instead of leveraging the new technology to improve various efficiencies, the new system is configured to essentially replicate the agency’s existing processes and workflows, without an assessment of the efficiency or effectiveness of those processes.
• Critical routing, review, and quality assurance processes were not configured properly, resulting in data challenges and inefficiencies.
• Implementation did not leverage cross-system integration and interfaces in an optimal manner.

If the first example is accurate, then your staff are likely correct; you probably need a new system. If they are wrong, however, you may exhaust significant time, resources, and expenses unnecessarily. If the system does not need replacing, but instead, it simply needs to be adjusted to meet your operational needs, this could be a less costly path to pursue, and one that could be accomplished much more quickly.

With that said, how do you know the difference?

How the organization fails their system

When your CAD/RMS is not meeting your needs, the organization needs to ask a critical question from an objective perspective: Is it really the system that sucks, or is it possible that the organization is failing the system.

Organizations can unintentionally pave the way for problems by overlooking key steps and creating a situation where even the most capable system struggles. Not because the technology is flawed, but because of how it is managed and supported internally. Many vendors—with good intentions—will miss critical system architecture and design elements, which diminish the value of the technology implemented. This can occur for several reasons, such as:

1. The organization did not do their due diligence during the evaluation phase. The organization may have rushed the selection process or failed to fully understand what the system could and could not do. Critical features or services they assumed were included may have been left out in the final contract, leading to costly surprises later.
2. The organization did not invest enough people, time, and effort in configuration, implementation, and training. While it seems easy to try to implement a new system with in-house resources, this often leads to problems down the line. Resources are rarely fully dedicated to a project—the project is an ancillary duty. However, these are foundational steps, and cutting corners here almost always leads to long-term issues.
3. The system was never implemented to its full capacity. Organizations often stop short of leveraging all the tools and features available to them, even though the system has the features built in. Whether due to lack of time, lack of training or expertise, resistance to change, or internal silos, the result is the same: underutilization.
4. Instead of addressing system issues head-on, the organization created workarounds. These temporary fixes often become permanent problems, undermining the system’s effectiveness.

How the system is failing the organization

In some cases, the organization may not be to blame, and in those cases, it is the system that is not supporting the organization’s needs. The list that follows provides a distinguishing perspective. When one or more of these circumstances exists, it becomes clear that these are not just minor hiccups or inconveniences, they are fundamental shortcomings. This is the moment of realization, where the perception becomes reality that “the system sucks.” The point where you understand the problems go beyond minor deficiencies, user error, or inadequate organizational support. Sometimes, these gaps cannot be bridged, no matter how much effort, training, or workarounds you throw at them. In these cases, it is not that the organization dropped the ball; it is that the system itself is failing to deliver.

The platform simply lacks the necessary capabilities or support to meet the organization’s needs, and no amount of internal process improvement, reconfiguration, or updates will ever change that. This is where you need to recognize that the problem is rooted in the technology, and overcoming these deficiencies may not be possible without moving on to a new solution.

1. The system lacks critical functionality: First and foremost, the platform fails to deliver essential features needed for day-to-day operations. It truly does not have the capabilities built into the system to meet operational needs. What once satisfied the organization’s needs, now struggles to support its expanding operations and evolving demands. The platform lags behind modern technology standards and user experience expectations.
2. Integrations and interfaces do not work or were never implemented: Promised integrations or interfaces either malfunction, underperform, or were never fully deployed.
3. Promised future features never materialized: Vendors often fail to deliver on “roadmap” commitments, leaving key features perpetually “in development.”
4. The system became a secondary product after acquisition: Following a corporate acquisition, the system or platform is deprioritized by the new vendor, receiving minimal updates or innovation, or is decommissioned altogether.
5. Customer support is ineffective: Support is slow, unresponsive, or unable to resolve issues in a timely or satisfactory manner.

So, where do you go from here? It may be time to evaluate where you are and where you want to go.

This assessment tool is a valuable and proactive step toward making well-informed decisions about your organization’s future CAD/RMS technology needs. Through this quick assessment of your current system, you will gain insight into whether investing in a new platform is justified or if strategic improvements to your existing system could address your operational needs.

After examining both sides, you should have a clearer picture about whether your organization is failing the system, or the system is failing your organization (or in some cases, both may be true). This is where a critical evaluation should begin, and a deeper understanding of where you should focus your efforts needs to be determined. It is possible that now is the time to start looking for a new system—then again, maybe not. Going through an evaluative process can help you determine whether investing in your current system is the right choice, and that decision could result in substantial cost and time savings to your organization.

Key takeaways 

• Differentiate between system limitations and implementation challenges before pursuing replacement 
• Assess how workflows, training, and governance affect CAD and RMS performance 
• Avoid treating system replacement as a default solution to user frustration 
• Use objective evaluation criteria to support defensible technology decisions 
• Plan next steps based on operational needs rather than assumptions 

How BerryDunn can help

BerryDunn helps public safety and local government organizations evaluate, optimize, and plan for their CAD and RMS environments. Our team brings objective insight and deep operational experience to help agencies make informed technology decisions that align systems, processes, and people. Learn more about our team and services.