Saturday, August 23, 2008

Your Nonprofit Library Second Shelf – Considering An Audit

The Alliance for Nonprofit Management asks and answers this question:

What is an audit?


An audit is a process for testing the accuracy and completeness of information presented in an organization's financial statements. This testing process enables an independent certified public accountant (CPA) to issue what is referred to as an opinion on how fairly the agency's financial statements represent its financial position and whether they comply with generally accepted accounting principles (GAAP). GAAP is determined by the American Institute of Certified Public Accountants (AICPA). Board members, staff, and their relatives cannot perform audits because their relationship with the organization compromises their independence.

See the rest of the answer at

For some nonprofits with relatively small annual budgets it may be OK to have an audit committee to perform the annual audit. Members of the committee should have an understanding about budgets, accounting, internal controls and auditing. You will find some very helpful material in this article to place on your library second shelf about this

The board of directors/trustees needs to consider whether it wants an accountant or a certified public accountant to perform the audit. It may be that a donor or grantor has stipulated that the audit must be done by a CPA or a professional called an independent public accountant (IPA) in some areas.

Why do you want an audit? Is it because it sounds like a good idea? Does a donor or potential funder require an audit? Is there suspicion that there may be some hanky-panky? The last issue calls for a different kind of audit. Audits generally do not catch thieves. (See for a discussion of how to approach this troubling sort of possibility.)

Financial audits are performed annually. The incorporation papers or the bylaws should indicate what the fiscal year is. After the review, the auditor issues a written statement that the fiscal position of the organization appears to be accurate. (I am not an auditor so I make it simple). This statement may be "unqualified" -- meaning that the auditor didn't identify any problems or potential problem areas. Or it may include commentaries or warnings addressed to the organization's board and managers. Obviously, every organization would prefer to get a "clean audit."

TIP: When preparing grant applications always include a request for funds to audit that grant. Calculate their fair share of the cost of the organization’s annual audit. If you estimate an audit will cost $1,000 and the grant will be 25% of the annual budget, then make their share $250. Include the audit as a budget line item even if the funder says it will not fund administrative costs.

Many government contracts are now requiring a CPA to audit non-financial activities, to review contract compliance. There may be other funders asking for that as well. That increases the cost of the audit.

Some grant opportunities will require an audit to be filed with the application for funds. What if you do not have an audit to file? For an excellent discussion on this point see Please submit an audit with your proposal from the Nonprofit Assistance Fund.

The board must also decide if it wants the CPA/accountant to complete the IRS Form 990 or 990-EZ and file it. I think that the 990 is a place to put a NPO's best foot forward so give it strong consideration to be a shared document. The 990 is going through revisions as this is written. The revisions will make the 990 more difficult to complete.

The Federal Office of Management and Budget (OMB) has developed circulars that set standards for nonprofit tax exempt organizations receiving Federal grants. The audit is referred to as a “single audit”. There are many CPAs and accountants who have never performed a single audit with these Federal requirements; verify if the accountant hired knows these rules and the Single Audit Act. There will be another article about seeking requests for proposals from auditors.

OMB Circular A-21 - Cost Principles for Educational Institutions

OMB Circular A-110 - Uniform Administrative Requirements for Grants and Other Agreements with Institutions of Higher Education, Hospitals, and Other Nonprofit Organizations

OMB Circular A-122 - Cost Principles for Nonprofit Organizations

OMB Circular A-133 - Audits of States, Local Governments, and Non-Profit Organizations (06/24/1997, includes revisions published in Federal Register 06/27/03) HTML or PDF (33 pages, 127 kb) (This Circular is issued pursuant to the Single Audit Act of 1984, P.L. 98-502, and the Single Audit Act Amendments of 1996, P.L. 104-156. It sets forth standards for obtaining consistency and uniformity among Federal agencies for the audit of States, local governments, and non-profit organizations expending Federal awards.)

For further information about an A-133 audit see

What is an A-133 Audit? -

Your state may also have standards for audits if you receive state funds.

IRS Tax-Exempt Organizations Tax Kit -,,id=96774,00.html

IRS Publication 1771 concerning Charitable Contributions - Substantiation and Disclosure Requirements -

Congress enacted the Sarbanes-Oxley (SOX) law in 2002 in reaction to financial scandals by corporations (Enron, Tyco) overseen by the Securities and Exchange Committee. There are only a few sections of SOX that affect nonprofits but one of them is an audit committee.

For a copy of the act see:

The Sarbanes-Oxley Act and Implications for Nonprofit Organizations by Independent Sector:

Sarbanes-Oxley and Nonprofits: Bogeyman in the Boardroom?

The Alliance for Nonprofit Management 29 FAQs about Financial Management -

Hildy Gottlieb of the Community-Driven Institute provides material about the board having a “dashboard (which) provides you with key (fiscal) indicators of critical information, so you can make effective decisions quickly”.

Jeanne Bell’s article in BlueAvocado, Is It Time for an Audit?

Suzanne Coffman’s, GuideStar's director of communications and editor of the Newsletter, article, To Audit Committee or Not to Audit Committee, That Is the Question (Along with "How?")

Basic Guide to Nonprofit Fiscal Management -

Financial Accountability and Audit Committees

Audits from Without Borders

Glossary of Financial Terms

IRS Employer's Tax Guide, Publication 15 -

The American Association of Certified Public Accountants has provided our sector with an excellent Toolkit to help understand the finances and provide guidance for an audit. It provides indicators under some areas and samples for

The AICPA Audit Committee Toolkit: Not-for-Profit Organizations -

The components are:

Download a zipped file of all the tools listed below. The individual documents are formatted in Word

Audit Committee Charter Matrix
Tracking Report (Whistleblowers)
Financial Expertise
Conducting an Exec. Session
Sample RFP for CPA Services
Issues Report from Management
Independence and Related Issues
Discussions with Indp. Auditors
Peer Review of CPA Firms
Evaluating Indp. Auditors
Fraud and the Audit Committee
Evaluating Internal Audit Team
Hiring the Chief Audit Executive
Audit Committee Self Evaluation
Hiring External Experts
Single Audit Act Issues
Internal Control
Resources for Audit Committees
Evaluation of the Auditors Engagement Letter
Unique Transactions and Fin. Relationships

Many of these sections have easy self-evaluation forms to help assess the organization’s work in these areas

One example of what is available is the section on Internal Controls. .

Internal Controls

AICPA has an excellent tool to be used by an audit committee of a nonprofit organization. At the end of the article is a checklist for the committee and executive staff can use to see how the organization is doing on internal controls.

This tool is intended to give audit committees basic information about internal control to understand what it is, what it is not, how it can be used most effectively in the organization, and the requirements of management with respect to the system of internal control over financial reporting.

The Committee of Sponsoring Organizations (COSO) of the National Commission on Fraudulent Financial Reporting Framework discusses five interrelated components of internal controls as follows:
  1. Control environment. Sometimes referred to as the tone at the top of the organization, meaning the integrity, ethical values, and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility and organizes and develops its people; and the attention and direction provided by the board of directors. It is the foundation for all other components of internal control, providing discipline and structure.

  2. Risk assessment. The identification and analysis of relevant risks to achieve the objectives that form the basis to determine how risks should be managed. This component should address the risks, both internal and external, that must be assessed. Before conducting a risk assessment, objectives must be set and linked at different levels.

  3. Control activities. Policies and procedures that help ensure that management directives are carried out. Control activities occur throughout the organization at all levels in all functions. These include activities such as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets, and segregation of duties.

  4. Information and communication. Addresses the need in the organization to identify, capture, and communicate information to the right people to enable them to carry out their responsibilities. Information systems within the organization are key to this element of internal control. Internal information, as well as external events, activities, and conditions must be communicated to enable management to make informed business decisions and for external reporting purposes.

  5. Monitoring. The internal control system must be monitored by management and others in the organization. This is the framework element that is associated with the internal audit function in the organization, as well as other means of monitoring such as general management activities and supervisory activities. It is important that internal control deficiencies be reported upstream, and that serious deficiencies be reported to top management and the board of directors.

These five components are linked together, thus forming an integrated system that can react dynamically to changing conditions. The internal control system is intertwined with the organizations operating activities, and is most effective when controls are built into the organizations infrastructure, becoming part of the very essence of the organization. There is a self-evaluation tool based on the five components.

©2006-2008 The American Institute of Certified Public Accountants

If the board is going to perform the annual budget, material from the Toolkit could be used for training of the committee.

For the first shelf of your nonprofit library see If You Build It – Then You Have To Read It. The First Shelf.

A related article - Insurance Questions for Nonprofits -

1 comment:

Hildy Gottlieb said...

Thanks for the link, Don! And thanks for the other terrific resources - I will be referring clients to this post, for certain!

Add to Technorati Favorites