Thinking about an Audit? Read this First

Audits are everywhere these days. Consider:

  • In the wake of corporate accounting scandals, the Sarbanes-Oxley Act was enacted in 2002, imposing corporate governance reforms on public, for-profit companies, including provisions on how financial audits are managed and carried out by auditors.    
  • While nonprofits brace for possible legislative reforms similar to those enacted by Sarbanes-Oxley, California has already enacted legislation. The California Nonprofit Integrity Act of 2004 contains governance rules for nonprofits, including requirements for financial audits and audit committees and public disclosure of audited statements.    
  • The Stewardship Principles for Family and Independent Foundations and Corporate Grantmakers drafted by Council members suggest that those grantmakers voluntarily obtain periodic independent audits as a matter of good practice.

What kinds of grantmakers get audits and how should a foundation choose an auditor if it opts for this process?

What Is an Audit?

In its most general sense, an audit is a process of verification. When applied to an organization's financial statements, the audit tests the accuracy of the financial information presented by that organization's management. Did the foundation actually earn $500,000 in interest income? Did the community foundation really receive that donation as indicated by management?

An audit focuses first on an organization's internal controls. The auditors' first task is to ensure that they can rely on the organization's systems and documents. The auditors then determine what type of testing is appropriate and how much checking will be needed. If the auditor finds that the financial statements are fairly stated in accordance with appropriate accounting standards, the auditor will certify the financial statements and issue an unqualified audit opinion. If changes have to be made, an auditor will work with the organization to recommend and make changes so that an unqualified opinion can be issued.

An article published by the New York State Society of CPAs ("Understanding the Role of the Auditor," Philip Wolitzer) provides a summary of the four types of opinions an auditor can issue. An unqualified opinion means that "no significant limitations affected audit performance and no material deficiencies exist in the financial statements." A qualified opinion means that the "scope of the auditor's work is significantly restricted, or there is a material departure from generally accepted accounting principles." A disclaimer means that "restrictions in the audit's scope are so pervasive that the auditor cannot form an opinion on the fairness of the presentation." An adverse opinion means that "departures from generally accepted accounting principles are so significant that the financial statements do not fairly present the company's financial position." The audit opinion does not certify an organization's internal controls. New rules applicable to for-profit companies, however, do require the auditor to issue an opinion about the effectiveness of internal controls.

Furthermore, although the audit tests for accuracy of financial information, it does not guarantee against fraud. Bank statements, receipts, checks and other products on which an auditor relies may be forged or fabricated.

An important by-product of the audit process is the management letter written by the auditor for the board of directors, which is not made available to the public. During the audit process, the auditor may become aware of problems with internal controls that can affect the financial management of the organization. The management letter allows the auditor to discuss the audit process and findings, including any problems encountered with internal controls. The board must review the management letter to consider implementing any of the auditor's recommendations and to determine whether any problems identified by the auditor require a more comprehensive review and evaluation.

Who's Getting Audits?

Preliminary findings about audits and audit oversight from the Council on Foundations' 2004 Foundation Management Survey indicate that 95 percent of respondents (648 total respondents) engaged an independent accounting firm in 2003, with the same percentage indicating that they engage an accounting firm every year. Most foundations (83 percent) that engaged an accounting firm had them do a financial audit. 

The California Nonprofit Integrity Act of 2004 requires charities and private foundations to prepare annual financial statements audited by an independent certified public accountant. Only charities with gross revenues of $2 million or more in any fiscal year must meet this audit requirement. Grants or contract income from government agencies are excluded from gross revenues, if the charity must account for how those funds were used. For private foundations, gross revenue is defined by the attorney general to mean "total revenue" as it appears on part I, line 12, column A of IRS Form 990-PF (of IRS Form 990 for public charities). Therefore, the audit threshold requirement for private foundations is not (yet) tied to asset size.

The California legislation is in marked contrast to current requirements in most states, which generally require audits only for charities that fundraise, including community foundations that do so. In addition, federal and state government agencies may also require audits of grants they provide to charities.

Checklist

When choosing a firm to hire to conduct an audit, an organization should consider at least five basic points: (1) the firm's qualifications and experience in doing audits for charities similar to the foundation; (2) the firm's quality-control systems; (3) any conflicts that may compromise the firm's independence; (4) the firm's resources to conduct the audit; and (5) the final product that the auditor will provide to the foundation. This information may be obtained by sending out a request for proposals to selected audit firms, conducting interviews and checking with other charities that have used those firms.

Auditor's qualifications and experience

  • What are the firm's qualifications and experience in providing auditing services for nonprofit organizations, including organizations of comparable type and size? Does the firm provide references? What do they say? 
  • Who will be in charge of the auditing services and what are his or her qualifications? Is a firm partner in charge of the project? How much will he or she be involved in the process? What are the qualifications and experience of the more junior staff who may be work on the project?    
  • Will the firm subcontract any of the auditing services? How is the subcontractor selected? What oversight does the firm exercise over the work of the subcontractor?    
  • Are the firm's most recent peer review report, related letter of comments and the firm's response to the letter of comments available for inspection? (Peer review reports are public information, available from the American Institute of Certified Public Accountants' website, www.aicpa.org. In general, most accounting firms are required to undergo peer reviews of their auditing and accounting practices every three years. The reviews are designed to test a firm's practices against AICPA's quality control standards. The review includes a report, related letter of comments and the firm's response to the letter of comments.)    
  • What services does the firm provide besides auditing? (Although it may be useful to take advantage of a firm's tax services, such as preparation of Form 990 or 990-PF, in addition to its auditing services, organizations should be aware that other types of work, such as bookkeeping, appraisal/valuation and consulting services, may be inappropriate because of potential conflicts of interest.)

Auditor's quality controls

 

 

 

 

 

 

 

 

 

 

  • What is the firm's system of internal controls?  

 

 

 

 

 

 

 

 

 

 

Auditor's independence

Auditor's resources for work to be performed

Costs, fees and final product

  • What is the firm's record with respect to restatements and changes to previously issued audit reports to clients? 
  • Is the firm subject to any significant litigation or disciplinary action by federal and/or state regulatory authorities? 
  • What is the firm's policy on audit partner rotation? (Sarbanes-Oxley requires changing the lead audit partner every five years. Corporate governance experts have recommended changing audit firms every seven to ten years. There are advantages and disadvantages to audit partner or audit firm rotation, but ensuring independence is key. Because of the lack of experienced professionals in the field, audit firm or partner rotation may be burdensome, or even prohibitive.)
    • Are there any relationships between the firm and the charity that would undermine the firm's independence? (For example, are there any apparent conflicts of interest among the charity's staff or board members and the audit firm?)
    • If the firm will provide tax services, does the same staff that works on the audit also prepare the tax returns? (Separate staff working on tax and auditing services is likely to increase duplication and costs. On the other hand, independence may be assured. It may be sufficient to have a separate tax partner oversee the work of the staff preparing the audit and the tax returns.)
    • Can the firm meet the charity's timeframe for completing the audit and attending meetings? Can the auditors meet with the board in person and answer questions about the audit? 
    • What are the firm's expectations of the resources the charity will provide in assisting with the audit, including staff time? Discuss the firm's use of technology in the audit. (The audit firm will provide a detailed list of information the charity must provide to begin the audit.)
    • What are the costs and fees charged, itemized by product and by staff and time commitment? Are these fees set out in an agreement between the audit firm and the charity? (The charity may wish to engage the auditor to perform only a financial review or a compilation. A financial review is merely that—a review of financial statements prepared by management—and a compilation only requires the auditor to assemble the financial statements from information provided by management.)  
    • Will the auditor provide a written management letter to the board of directors that discusses the organization's internal controls and recommends improvements?

Questions?

Connect with Council Staff
Share on FacebookShare on TwitterShare on LinkedInShare on all
Finance & Accounting
Frequently asked questions and the basics of internal audits.

Members only

Keep reading with one of these options:

Only Council members can log in to access this resource. If you aren't a member, learn more about the exclusive benefits of Council membership.