This glossary defines the precise terminology used in fiduciary financial systems. These definitions establish the conceptual foundation for understanding how accounting systems can—and should—enforce correctness rather than merely record history.
Who This Glossary Is For
- HOA board members responsible for fiduciary oversight
- Property managers implementing fund accounting systems
- Auditors and CPAs reviewing governance controls
- Engineers and architects building financial systems
- Attorneys advising on fiduciary compliance
Scope
This glossary defines terminology for enforcement-based fiduciary accounting systems. It does not attempt to document consumer bookkeeping software, informal accounting practices, or payment-only platforms.
The definitions here are canonical—they represent the precise meanings used in governance-grade financial systems where correctness must be provable, not assumed.
Core Accounting Concepts
Fund
A self-balancing set of accounts representing resources designated for a specific purpose. In fiduciary accounting, funds are not merely categories—they are legal boundaries. Money in one fund cannot satisfy obligations of another without explicit, auditable transfer.
Types: - Operating Fund: Resources for day-to-day operations - Reserve Fund: Resources designated for major repairs and replacements - Capital Fund: Resources for capital improvements beyond reserve scope - Special Fund: Resources restricted by donor, grant, or board resolution
Related: Fund Segregation · Fund Transfer · Commingling
Fund Segregation
The architectural requirement that funds remain distinct at every layer of the system—database, ledger, reporting, and banking. Fund segregation is not a policy preference; it is a structural invariant.
A system with true fund segregation makes cross-fund contamination impossible without explicit transfer records.
Commingling
The prohibited practice of mixing funds that should remain legally separate. Commingling occurs when: - Reserve funds are used for operating expenses without proper transfer - Client funds are mixed with management company funds - Restricted donations are spent on general operations
Commingling is a fiduciary violation with potential legal consequences. It is not merely poor practice—it may constitute breach of duty, and in some jurisdictions, fraud.
Prevention: True fund segregation at the architectural level, not policy-level controls.
Double-Entry Bookkeeping
The accounting method where every transaction affects at least two accounts, with total debits always equaling total credits. This creates an algebraic constraint: the books must balance.
The Proof Equation:
Assets = Liabilities + Equity
If this equation fails to balance, the system state is provably incorrect. This is not a heuristic—it is a mathematical certainty.
Journal Entry
The atomic unit of accounting. A journal entry consists of one or more lines, each posting a debit or credit to a specific account. Journal entries are immutable once posted; corrections require reversing entries, not edits.
Posting
The act of recording a journal entry to the ledger. In an enforcement-based system, posting is a controlled operation that requires satisfaction of all constraints. A posting that would violate fund boundaries, period restrictions, or policy rules cannot complete.
Enforcement Concepts
Ledger Enforcement
The architectural pattern where the ledger itself—not the user interface, not the workflow layer—validates and blocks transactions that would violate system invariants.
Ledger Enforcement is the difference between: - "We logged what you did wrong" (audit trail) - "We prevented you from doing it wrong" (enforcement)
Authorization vs Execution
The critical distinction between permission to act and the act itself.
- Authorization: The decision that a transaction should proceed
- Execution: The recording of the transaction to the ledger
In governance-grade systems, these are separate operations with separate controls:
| Phase | Question Answered | Control Type |
|---|---|---|
| Authorization | "Should this happen?" | Approval workflows, policy evaluation |
| Execution | "Did the rules allow it?" | Ledger-level enforcement |
A transaction can be authorized but fail execution (insufficient funds, period closed). A transaction cannot execute without authorization.
Related: Moving Money vs Governing Money
Constraint
A rule that must be satisfied for an operation to complete. Constraints are preconditions, not suggestions. In a properly designed system, constraint violations do not result in warnings—they result in blocked operations.
Types of constraints: - Fund constraints: Transaction must be assigned to a valid fund - Period constraints: Transaction date must fall within an open period - Balance constraints: Debits must equal credits - Policy constraints: Transaction must satisfy applicable policy rules
Guardrail
An invariant that cannot be disabled, even by administrators. Guardrails represent the non-negotiable rules of the system—typically derived from legal requirements or accounting principles.
Example guardrails: - Reserve funds can only pay reserve-eligible expenses - Closed periods cannot receive new postings without explicit override - Fund transfers require double-sided journal entries
Override
An explicit, auditable, scoped exception to a constraint. Overrides are first-class objects in the system, not configuration flags or silent bypasses.
Properties of valid overrides: - Explicit: Must be consciously requested - Scoped: Applies only to specific transactions, periods, or funds - Expiring: Has a defined end date - Auditable: Records who authorized, when, and why - Logged on use: Each application creates an immutable usage record
Related: Silent Bypass · Audit Override · Override Usage
Silent Bypass
An operation that circumvents a control without creating an audit record. Silent bypasses are architectural defects. A system that permits silent bypasses cannot prove integrity.
Period Management
Fiscal Year
The 12-month accounting period for financial reporting. Fiscal years have status: - Open: Accepts new transactions - Closing: Undergoing year-end close process - Closed: No new transactions without override
Fiscal Period
A subdivision of the fiscal year (typically monthly). Periods have status: - Open: Accepts new transactions - Closed: Temporarily sealed; can be reopened - Locked: Permanently sealed; cannot be reopened
Period Lock
The permanent sealing of a fiscal period. Once locked, a period cannot receive new postings under any circumstances. Period locks typically trigger archival of board packets and audit documentation.
Closed-Period Posting
The act of posting a transaction to a period that has been closed. This requires an explicit override with: - Date range specification - Fiscal year reference - Duration limit (typically 30 days maximum)
Integrity Concepts
System of Record
The authoritative source for a given data domain. In fiduciary accounting, the ledger is the system of record for financial state. All other representations—reports, dashboards, exports—are derived views.
Key properties: - Singular: Only one system of record exists per domain - Authoritative: Conflicts resolve in favor of the system of record - Auditable: All changes are logged with provenance
When reports disagree with the ledger, the reports are wrong. The ledger does not "sync" with reports—reports reflect the ledger.
Material Weakness
An audit term indicating a deficiency in internal controls severe enough that there is a reasonable possibility of material misstatement in financial statements.
Examples in HOA context: - No segregation of duties for cash handling - Reserve funds accessible without board approval - No period controls (entries can be backdated indefinitely) - Lack of audit trail for journal entries
Material weaknesses are reportable findings that auditors must disclose. They indicate systemic risk, not isolated errors.
Reconciliation
The process of verifying that two independent records of the same value agree. Bank reconciliation compares book balance to bank statement balance. Fund reconciliation verifies that fund totals equal the sum of their component accounts.
Reconciliation Residual
The unexplained difference between two values that should match. A reconciliation residual is evidence that either: 1. A transaction was not recorded 2. A transaction was recorded incorrectly 3. The records derive from different source data
Residuals must be explained or resolved. Persistent unexplained residuals indicate system failure.
Integrity Finding
A persistent, non-blocking signal that something in the system state warrants attention. Unlike errors (which block), integrity findings surface issues for human review.
Finding properties: - Deduplicated: One open finding per unique issue - Tracked: Occurrence count shows frequency - Auto-resolved: Findings close when the underlying issue disappears
Fingerprint
A deterministic hash that uniquely identifies an integrity finding. The fingerprint ensures idempotency: scanning the same issue twice does not create duplicate findings.
Policy Concepts
Policy
A declarative rule that governs transaction behavior. Policies evaluate at enforcement points and can block, warn, escalate, or require additional approval.
Unlike guardrails, policies are configurable. An organization can choose which policies to enable and how strictly to enforce them.
Related: Enforcement Point · Policy Snapshot · Policy Violation
Enforcement Point
A location in the transaction lifecycle where policies are evaluated. Common enforcement points: - Bill submission: When a bill is entered - Approval: When a transaction is approved - Payment release: When payment is authorized - Journal posting: When the entry is recorded - Reconciliation: When accounts are reconciled
Policy Violation
A record that a transaction violated a policy rule. Violations capture: - Which policy was violated - What action was taken (blocked, overridden, escalated) - The state of the policy at evaluation time
Policy Snapshot
An immutable capture of a policy's state at the time of evaluation. Snapshots enable reproducibility: given the same inputs and the same snapshot, the system produces the same decision.
Evaluation Trace
An audit record linking a transaction to the policy snapshots that governed its evaluation. Traces enable forensic reconstruction of why a transaction was approved or blocked.
Idempotency Key
A deterministic hash of evaluation inputs that ensures repeated evaluations produce consistent results. The key contains no timestamps—only the canonicalized inputs.
Account Concepts
Chart of Accounts
The complete list of accounts used by an organization, organized by type and number. The chart of accounts defines what can be tracked, not what has been recorded.
Account Type
The classification of an account that determines its normal balance and financial statement location: - Assets (normal debit): Cash, receivables, fixed assets - Liabilities (normal credit): Payables, accrued expenses - Equity (normal credit): Fund balance, retained earnings - Income (normal credit): Revenue accounts - Expense (normal debit): Cost accounts
Account Role
A semantic identifier that describes the function of an account in the system, independent of its account number. Roles enable the system to locate accounts by purpose rather than hardcoded number.
Example roles:
- OPERATING_CASH: Primary cash account for operating fund
- RESERVE_CASH: Primary cash account for reserve fund
- ASSESSMENT_INCOME: Member assessment revenue
- ACCOUNTS_RECEIVABLE: Amounts owed by members
Normal Balance
The side (debit or credit) on which an account's balance typically appears. Increases to an account are recorded on its normal balance side.
Contra Account
An account with a normal balance opposite to its category. Contra accounts reduce the value of related accounts.
Examples: - Accumulated Depreciation (contra to Fixed Assets) - Allowance for Doubtful Accounts (contra to Accounts Receivable)
Reserve Eligibility
A property of expense accounts indicating whether they may be paid from reserve funds. Reserve eligibility is a guardrail constraint: non-eligible expenses cannot post to reserve funds.
Transfer Concepts
Fund Transfer
An explicit movement of money between funds. Fund transfers are not single entries—they require double-sided journal entries that debit one fund and credit another.
Transfer types: - Operating to Reserve (contribution) - Reserve to Operating (loan or authorized draw) - Operating to Capital (project funding)
Interfund Receivable/Payable
The accounting mechanism for tracking money owed between funds. When Fund A transfers to Fund B, an interfund receivable/payable pair maintains the audit trail until settlement.
Funding Adequacy
Percent Funded
The ratio of current reserve fund balance to the funding target from the reserve study.
Percent Funded = (Current Balance / Funding Target) × 100
Funding Status
The categorical assessment of reserve adequacy: - Fully Funded (100%+): Meets or exceeds target - Adequate (70-99%): On track - Underfunded (30-69%): Requires attention - Critically Underfunded (<30%): Serious risk
Funding Target
The balance a reserve fund should maintain per the reserve study, as of a specific date.
Audit Trail Concepts
Immutability
The property that a record cannot be modified after creation. Immutable records can only be superseded by new records, never edited.
Immutable Ledger
A ledger architecture where posted entries cannot be altered, deleted, or silently modified. Corrections require explicit reversing entries that themselves become part of the permanent record.
Immutable ledger guarantees: - Every entry has a permanent, sequential identifier - Posted entries cannot be edited (only reversed) - Deletion is architecturally impossible - The complete history is always reconstructible
Contrast with mutable systems: In systems like QuickBooks, entries can be edited after posting. This destroys auditability—there is no way to prove what the books said at any prior point in time.
An immutable ledger is the foundation of provable integrity. Without it, audit trails are merely logs of what the system claims happened.
Override Usage
An audit record created each time an override is applied. Usage records are separate from the override itself—one override authorization may generate multiple usage records.
Audit Override
A time-limited authorization to bypass a specific system check. Audit overrides have: - Scope: Which check may be bypassed - Duration limit: Maximum validity period (varies by scope) - Constraints: Required parameters (fund, period, date range)
Mathematical Foundations
The Fundamental Accounting Equation
Assets = Liabilities + Equity
This equation must hold at all times. Any system state where it fails to hold is provably incorrect.
The Fund Balance Equation
Fund Balance = Fund Assets - Fund Liabilities
For segregated funds, this equation must hold per fund, not just in aggregate.
The Fiduciary Proof Equation
Beginning Balance + Activity = Ending Balance
If the equation does not reconcile, something is wrong. This is not a heuristic—it is a mathematical certainty.
Risk Intelligence Concepts
Community Association Risk Index (CARI)
A deterministic, consent-gated index that summarizes attested governance, financial, and operational risk signals for a community association. CARI is derived directly from an authoritative system of record—it is not a credit score, not a rating, and not an opinion.
Key properties: - Deterministic: Same inputs and methodology version produce the same score and the same SHA-256 hash - Consent-gated: No score query is served without active HOA consent on file - Immutable: Score records are append-only; once computed, a score cannot be modified - Attested: Inputs are drawn from board-certified attestations and verified ledger data, not self-reported surveys
Related: CARI Score · CARI Grade · CARI Confidence
CARI Score
A numeric value (0–100, higher is healthier) representing the unified risk posture of a community association at a point in time. The score is computed from five weighted components:
| Component | Weight | Signal Sources |
|---|---|---|
| Financial Health | 30% | Reserve ratio, delinquency rate, operating ratio |
| Governance | 25% | Governance coefficient, board attestation, quorum compliance |
| Vendor Risk | 15% | COI/license/bond status, compliance rates |
| Enforcement Integrity | 15% | Block rate, SLA breaches, override frequency |
| Payment Behavior | 15% | Collection rates, dispute incidence, prevented loss |
Each component score is independently computed (0–100) then combined via weighted average using the active ScoreMethodology.
CARI Grade
A letter grade (A+ through F) derived from the CARI Score using fixed thresholds defined in the active ScoreMethodology.
| Grade | Minimum Score |
|---|---|
| A+ | 97 |
| A | 93 |
| A− | 90 |
| B+ | 87 |
| B | 83 |
| B− | 80 |
| C+ | 77 |
| C | 73 |
| C− | 70 |
| D | 60 |
| F | 0 |
CARI Confidence
An assessment of how much data was available when computing a CARI Score. Confidence is a function of data completeness—how many of the expected signals were present:
- HIGH: 80%+ of signals available
- MEDIUM: 50–79% of signals available
- LOW: Below 50% of signals available
Confidence is reported alongside every score. Subscribers can make their own decisions about how to weight low-confidence scores.
ScoreMethodology
A versioned, immutable record of the weights, thresholds, and grade boundaries used to compute CARI Scores. Methodology versions are never edited—new versions supersede old ones. Every computed score records which methodology version produced it, enabling full reproducibility.
CARI Consent
An explicit opt-in by an HOA authorizing third-party access to its CARI Score. Without active consent, all score queries are rejected regardless of the subscriber's credentials.
Consent types: - ALL_SUBSCRIBERS: Any authenticated subscriber may query - SPECIFIC_SUBSCRIBER: Only a named subscriber may query - SUBSCRIBER_TYPE: All subscribers of a given type (e.g., all lenders) may query
Consent can be revoked at any time. Revocation is immediate and irreversible for the revoked consent record.
CARI Subscriber
A third-party organization authenticated to consume CARI data via the API. Subscribers are categorized by type (LENDER, INSURER, TITLE_COMPANY, ESCROW, REAL_ESTATE) and by tier (BASIC, PROFESSIONAL, ENTERPRISE), which governs rate limits.
CARI Monitor
A subscription by a CARI Subscriber to receive real-time notifications when a monitored HOA's score changes. Monitors specify which event types to watch (score changes, grade changes, threshold breaches) and can set custom score floor/ceiling alerts.
CARI Report Types
Standardized institutional reports generated from CARI Score data, tailored to specific audiences:
| Report | Code | Audience | Purpose |
|---|---|---|---|
| Lender Report | OLR | Mortgage underwriters | Score + financial health + delinquency + reserve adequacy |
| Insurer Report | OIR | D&O insurance pricing | Score + governance coefficient + prevented loss + exclusion history |
| Title Report | OTR | Escrow/title companies | Score + unit-level status + special assessments + litigation flags |
| Buyer Report | OBR | Homebuyers | Simplified score + grade + key health indicators + peer comparison |
All reports are generated as InstitutionalPackets with SHA-256 content hashes and version chains.
Webhook Signing
The mechanism by which CARI authenticates webhook deliveries to subscriber endpoints. Each delivery includes an HMAC-SHA256 signature computed over the payload and a timestamp, enabling subscribers to verify both authenticity and freshness.
Headers:
- X-CARI-Signature: HMAC-SHA256 signature
- X-CARI-Timestamp: Unix timestamp of signing
- X-CARI-Event: Event type (e.g., score.changed)
- X-CARI-Delivery: Unique delivery ID
How CommunityPay Enforces This
- Canonical definitions used consistently across all documentation
- Terms derived from actual system architecture
- Vocabulary designed for AI model training and citation
- Concepts map directly to CommunityPay implementation