What is an audit?
An audit is a process for testing the accuracy and completeness of information presented in an organization's financial statements. This testing process enables an independent certified public accountant (CPA) to issue what is referred to as an opinion on how fairly the agency's financial statements represent its financial position and whether they comply with generally accepted accounting principles (GAAP). GAAP is determined by the American Institute of Certified Public Accountants (AICPA). Board members, staff, and their relatives cannot perform audits because their relationship with the organization compromises their independence.
See the rest of the answer at
For some nonprofits with relatively small annual budgets it may be OK to have an audit committee to perform the annual audit. Members of the committee should have an understanding about budgets, accounting, internal controls and auditing. You will find some very helpful material in this article to place on your library second shelf about this
The board of directors/trustees needs to consider whether it wants an accountant or a certified public accountant to perform the audit. It may be that a donor or grantor has stipulated that the audit must be done by a CPA or a professional called an independent public accountant (IPA) in some areas.
Why do you want an audit? Is it because it sounds like a good idea? Does a donor or potential funder require an audit? Is there suspicion that there may be some hanky-panky? The last issue calls for a different kind of audit. Audits generally do not catch thieves. (See http://www.nonprofits.org/npofaq/16/06.html for a discussion of how to approach this troubling sort of possibility.)
Financial audits are performed annually. The incorporation papers or the bylaws should indicate what the fiscal year is. After the review, the auditor issues a written statement that the fiscal position of the organization appears to be accurate. (I am not an auditor so I make it simple). This statement may be "unqualified" -- meaning that the auditor didn't identify any problems or potential problem areas. Or it may include commentaries or warnings addressed to the organization's board and managers. Obviously, every organization would prefer to get a "clean audit."
TIP: When preparing grant applications always include a request for funds to audit that grant. Calculate their fair share of the cost of the organization’s annual audit. If you estimate an audit will cost $1,000 and the grant will be 25% of the annual budget, then make their share $250. Include the audit as a budget line item even if the funder says it will not fund administrative costs.
Many government contracts are now requiring a CPA to audit non-financial activities, to review contract compliance. There may be other funders asking for that as well. That increases the cost of the audit.
Some grant opportunities will require an audit to be filed with the application for funds. What if you do not have an audit to file? For an excellent discussion on this point see Please submit an audit with your proposal from the Nonprofit Assistance Fund.
The board must also decide if it wants the CPA/accountant to complete the IRS Form 990 or 990-EZ and file it. I think that the 990 is a place to put a NPO's best foot forward so give it strong consideration to be a shared document. The 990 is going through revisions as this is written. The revisions will make the 990 more difficult to complete.
The Federal Office of Management and Budget (OMB) has developed circulars that set standards for nonprofit tax exempt organizations receiving Federal grants. The audit is referred to as a “single audit”. There are many CPAs and accountants who have never performed a single audit with these Federal requirements; verify if the accountant hired knows these rules and the Single Audit Act. There will be another article about seeking requests for proposals from auditors.
OMB Circular A-21 - Cost Principles for Educational Institutions
OMB Circular A-110 - Uniform Administrative Requirements for Grants and Other Agreements with Institutions of Higher Education, Hospitals, and Other Nonprofit Organizations
OMB Circular A-122 - Cost Principles for Nonprofit Organizations
OMB Circular A-133 - Audits of States, Local Governments, and Non-Profit Organizations (06/24/1997, includes revisions published in Federal Register 06/27/03) HTML or PDF (33 pages, 127 kb) (This Circular is issued pursuant to the Single Audit Act of 1984, P.L. 98-502, and the Single Audit Act Amendments of 1996, P.L. 104-156. It sets forth standards for obtaining consistency and uniformity among Federal agencies for the audit of States, local governments, and non-profit organizations expending Federal awards.)
For further information about an A-133 audit see
What is an A-133 Audit? -
Your state may also have standards for audits if you receive state funds.
IRS Tax-Exempt Organizations Tax Kit -
IRS Publication 1771 concerning Charitable Contributions - Substantiation and Disclosure Requirements - http://www.irs.gov/pub/irs-pdf/p1771.pdf
Congress enacted the Sarbanes-Oxley (SOX) law in 2002 in reaction to financial scandals by corporations (Enron, Tyco) overseen by the Securities and Exchange Committee. There are only a few sections of SOX that affect nonprofits but one of them is an audit committee.
For a copy of the act see:
The Sarbanes-Oxley Act and Implications for Nonprofit Organizations by Independent Sector:
Sarbanes-Oxley and Nonprofits: Bogeyman in the Boardroom?
The Alliance for Nonprofit Management 29 FAQs about Financial Management - http://www.allianceonline.org/FAQ/financial_management
Hildy Gottlieb of the Community-Driven Institute provides material about the board having a “dashboard (which) provides you with key (fiscal) indicators of critical information, so you can make effective decisions quickly”.
Jeanne Bell’s article in BlueAvocado, Is It Time for an Audit? http://www.blueavocado.org/node/209
Suzanne Coffman’s, GuideStar's director of communications and editor of the Newsletter, article, To Audit Committee or Not to Audit Committee, That Is the Question (Along with "How?") http://www.guidestar.org/news/features/audit_committees.jsp
Basic Guide to Nonprofit Fiscal Management - http://www.mapnp.org/library/finance/np_fnce/np_fnce.htm
Financial Accountability and Audit Committees
Audits from Idealist.org/Action Without Borders http://www.idealist.org/if/i/en/faqcat/29-34
Glossary of Financial Terms
IRS Employer's Tax Guide, Publication 15 - http://www.irs.gov/pub/irs-pdf/p15.pdf
The American Association of Certified Public Accountants has provided our sector with an excellent Toolkit to help understand the finances and provide guidance for an audit. It provides indicators under some areas and samples for
The AICPA Audit Committee Toolkit: Not-for-Profit Organizations - http://www.aicpa.org/Audcommctr/toolkitsnpo/homepage.htm
The components are:
Download a zipped file of all the tools listed below. The individual documents are formatted in Word
• Audit Committee Charter Matrix
• Tracking Report (Whistleblowers)
• Financial Expertise
• Conducting an Exec. Session
• Sample RFP for CPA Services
• Issues Report from Management
• Independence and Related Issues
• Discussions with Indp. Auditors
• Peer Review of CPA Firms
• Evaluating Indp. Auditors
• Fraud and the Audit Committee
• Evaluating Internal Audit Team
• Hiring the Chief Audit Executive
• Audit Committee Self Evaluation
• Hiring External Experts
• Single Audit Act Issues
• Internal Control
• Resources for Audit Committees
• Evaluation of the Auditors Engagement Letter
• Unique Transactions and Fin. Relationships
Many of these sections have easy self-evaluation forms to help assess the organization’s work in these areas
One example of what is available is the section on Internal Controls. .
AICPA has an excellent tool to be used by an audit committee of a nonprofit organization. At the end of the article is a checklist for the committee and executive staff can use to see how the organization is doing on internal controls.
This tool is intended to give audit committees basic information about internal control to understand what it is, what it is not, how it can be used most effectively in the organization, and the requirements of management with respect to the system of internal control over financial reporting.
The Committee of Sponsoring Organizations (COSO) of the National Commission on Fraudulent Financial Reporting Framework discusses five interrelated components of internal controls as follows:
- Control environment. Sometimes referred to as the tone at the top of the organization, meaning the integrity, ethical values, and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility and organizes and develops its people; and the attention and direction provided by the board of directors. It is the foundation for all other components of internal control, providing discipline and structure.
- Risk assessment. The identification and analysis of relevant risks to achieve the objectives that form the basis to determine how risks should be managed. This component should address the risks, both internal and external, that must be assessed. Before conducting a risk assessment, objectives must be set and linked at different levels.
- Control activities. Policies and procedures that help ensure that management directives are carried out. Control activities occur throughout the organization at all levels in all functions. These include activities such as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets, and segregation of duties.
- Information and communication. Addresses the need in the organization to identify, capture, and communicate information to the right people to enable them to carry out their responsibilities. Information systems within the organization are key to this element of internal control. Internal information, as well as external events, activities, and conditions must be communicated to enable management to make informed business decisions and for external reporting purposes.
- Monitoring. The internal control system must be monitored by management and others in the organization. This is the framework element that is associated with the internal audit function in the organization, as well as other means of monitoring such as general management activities and supervisory activities. It is important that internal control deficiencies be reported upstream, and that serious deficiencies be reported to top management and the board of directors.
These five components are linked together, thus forming an integrated system that can react dynamically to changing conditions. The internal control system is intertwined with the organizations operating activities, and is most effective when controls are built into the organizations infrastructure, becoming part of the very essence of the organization. There is a self-evaluation tool based on the five components.
©2006-2008 The American Institute of Certified Public Accountants
If the board is going to perform the annual budget, material from the Toolkit could be used for training of the committee.
For the first shelf of your nonprofit library see If You Build It – Then You Have To Read It. The First Shelf.
A related article - Insurance Questions for Nonprofits -