Do you know if your nonprofit is required to conduct an audit?
The California Attorney General has stipulated that charitable organizations 
with annual gross revenues of $2 million or more are subject to the audit requirement.
But there are additional considerations. Even if your nonprofit is not required to have an audit, there may be benefits to engaging the services of an auditor for an annual review of your financial practices to assure your donors and board members that your charity has a solid financial foundation.
Consider these three types of audits:
There are three main categories of audit: full audit, review, and compilation. It’s important to understand the difference because each comes with a different price tag and a different level of scrutiny.
>>Full Audit:
Provides the highest level of assurance on an organization’s financial statements. It provides assurance that an organization’s financial statements are free of material misstatement and are fairly presented based upon the application of generally accepted accounting principles.
>>Review:
Provides limited assurance on an organization’s financial statements. During a review, inquiries and analytical procedures present a reasonable basis for expressing limited assurance that no material modifications to the financial statements are necessary; they are in conformity with generally accepted accounting principles.
>>Compilation:
Provides no assurance on an organization’s financial statements. The CPA simply takes the financial data provided by the nonprofit and puts them in a financial statement format that complies with generally accepted accounting principles. There are no testing or analytical procedures performed during a compilation.
In addition, some organizations are required to conduct a single audit.
>>Single Audit:
Is a rigorous, organization-wide examination of an entity that expends $750,000 for more of federal funds received for its operations. This audits objective is to provide assurance to the US federal government as to the management and use of such funds by recipients. This audit is typically performed by an independent CPA and encompasses both financial and compliance components.
When did audits become required?
The Nonprofit Integrity Act (NIA) of 2004 provides some guidance on governance of charitable organizations. It was passed in the wake of corporate scandals like Enron and WorldCom that revealed highly questionable financial practices of some of the nation’s largest corporations.
The NIA followed on the heels of the federal Sarbanes-Oxley Act of 2002, which addresses the financial accountability of for-profit corporations. However, the NIA focuses on the financial practices and governance of nonprofit organizations in an effort to ensure that adequate accountability exists.
Should your nonprofit have an audit committee and who serves on it?
If your charity does conduct a full audit, do you have an audit committee? Is it required? Who should be on the audit committee and what do they do? Questions abound concerning this important topic. While it is not required that your nonprofit have an audit committee, it is recommended as a best practice.
Keep in mind that an audit doesn’t guarantee that everything in your financial statements are correct or even that someone in your organization isn’t embezzling. However, an audit can provide guidance and peace of mind regarding financial practices and procedures.
The audit committee must be appointed by the Board of Directors. Unlike some other committees exercising Board authority under California’s nonprofit corporate law, the audit committee may include non-Board members, and may consist of a single person. While it may include members of the finance committee, the chair of the audit committee may not be a member of the finance committee, and members of the finance committee must constitute less than half of the audit committee.
The audit committee may not include any member of the staff, including top management, whether paid or volunteer, or any person who has a material financial interest in any entity doing business with the organization. Staff members may be invited to attend an audit committee meeting, but may not be members of the committee.
What does an audit committee do?
The NIA spells out five duties of the audit committee. Audit committees: (a) shall recommend to the Board of Directors the retention and termination of the independent auditor; (b) may negotiate the compensation of the auditor on behalf of the Board; (c) shall confer with the auditor to satisfy the committee members that the financial affairs of the charitable organization are in order; (d) shall review and determine whether to accept the audit; and (e) shall approve performance of any non-audit services to be provided by the auditing firm.
The audit committee should ensure that audited statements be made available to the public for a period of three years.
According to BDO Institute for Nonprofit Excellence, the audit committee is also the body that presents the auditors’ findings to the board of directors, making sure that the full board understands any recommendations made by the auditors before formally accepting the audit report. The audit committee recommends changes in practices or reporting in order to maintain or bring the nonprofit into a “best practices” position. In addition, the audit committee should:
- Ensure that the auditing firm has the requisite skills and experience to carry out the auditing function for the organization and that its performance is carefully reviewed.
- Meet with the auditor, review the annual audit and recommend its approval or modification to the full board. The full board should review the annual audit and the audit committee’s report and recommendations. Ideally the full board meets with the auditor before formally accepting or rejecting the audit.
- Have at least one member of the audit committee meet the criteria of financial expert and have adequate financial literacy to understand, analyze, and reasonably assess the financial statements of the organization and the competency of the auditing firm.
- Be sure orientation of board members includes financial literacy training.
Nonprofits must protect themselves.
They must eliminate careless and irresponsible accounting practices. A nonprofit organization would benefit from an internal audit that brings to light weak spots and installs processes that are not vulnerable to fraud and abuse. Written policies that are vigorously enforced by executive staff and the board send a message that misconduct is not tolerated. An organization must develop procedures for handling employee complaints. A nonprofit must establish a confidential and anonymous mechanism to encourage employees to report any inappropriateness within the entity’s financial management.
This is usually spelled out in the organization’s Whistleblower Policy which clarifies that no punishment—including firing, demotion, suspension, harassment, failure to consider the employee for promotion, or any other kind of discrimination—is allowed. Even if the claims are unfounded, the nonprofit may not reprimand the employee. The law does not force the employee to demonstrate misconduct; a reasonable belief or suspicion that a fraud exists is enough to create a protected status for the employee.
Since all employees of a nonprofit report directly to the executive director, it is important to have a policy addressing how an employee can report concerns about inappropriate financial management by the executive director. For example, the Whistleblower Policy may stipulate that employees can take their concerns to the board or perhaps the board’s executive committee. This, of course, should only happen in regard to serious financial concerns.
Changing auditors (partner or firm) every five years is presently considered good practice for all organizations, nonprofit and for-profit alike. The rationale: Auditing firms may grow accustomed to the financial procedures within one organization after a certain number of years, and bringing in a new firm helps ensure that all proper financial practices are closely examined.
Ongoing oversight is important.
As a foundation for its oversight role of the audit process, the audit committee needs to be aware of the overall financial health of the nonprofit. Before the initial audit takes place, committee members should understand the recommendations contained in prior years’ audit reports and should be prepared to work with management and the board of directors throughout the year on any financial practices that the auditors note need attention. During the year after the auditors have conducted the audit, the audit committee members usually arrange to meet with the nonprofit’s management and with the independent auditors to gain a deeper understanding of whether the organization’s financial reporting practices and internal controls are adequate.
Because of recruitment priorities to create a well-balanced and diverse board, financial literacy may be more challenging for nonprofit boards. Nonprofit organizations need to ensure that board members of the audit committee have the financial competency to understand financial statements, evaluate accounting company bids to undertake auditing, and make sound financial decisions as part of their fiduciary responsibilities. A nonprofit that has a limited number of financial experts on its board may struggle with filling the treasurer’s position, a finance committee, and an audit committee.