Not-for-profit organizations (NFPs) have always been adept at achieving great outcomes with few resources. This strength was put to the test even more in the past year. In many parts of the country, organizations were asked to do more with less, and in an uncertain environment. Whether an organization received extra funding or not, proper governance and fiscal oversight are more important than ever.

Top Financial Risks to Not-for-Profits

Not-for-profit financial risk management might sound like an unpleasant topic at first, but its objective is decidedly positive: safeguard assets.

Even before the pandemic, fraud, poor investments, and fund misuse were the top financial risks facing NFPs. Theft of physical assets has always been a concern. Tax liabilities – like payroll tax or the Unrelated Business Income Tax (UBIT) – can devastate an NFP’s finances if paying for them is a surprise.

Post-COVID, NFPs face increased risks and compliance requirements. Fraud is more rampant and the number of entities subject to Single Audits will rise.

Preventing either of these scenarios falls to the audit committee – or, lacking the audit committee, those charged with governance. Following best practices for governance over audits and financial management is the best way to mitigate potential loss.

Is an Audit Committee Needed?

All not-for-profits are different. Some will be run by a few dedicated staff and many volunteers. Others will have numerous committees to help the Board of Directors and management achieve their mission. Every nonprofit should have some kind of finance expert involved, whether employed, outsourced, volunteering, or serving as an officer. While every not-for-profit needs expert guidance in overseeing an audit (if they are getting an audit), not every organization needs an audit committee.

The executive committee or finance committee can absorb some or all of a typical audit committee’s responsibilities and oversee the independent audit process. While technically the entire Board can be assigned to manage the external audit process, it’s most effective if that process is streamlined and only managed by a few people. In some smaller organizations, an “audit task force” might be convened twice a year to meet with external auditors and communicate back to the Board.

Regardless, every Board does need at least one person who is a subject matter expert and familiar with audits. This person can be on the Board or an external resource, like a CPA or commercial lender.

All too often nonprofits are confused about what an audit is, who or what is mandating an audit, and what is needed to successfully go through an audit. Without having some expertise involved at the outset you could risk putting your NFP through an audit that isn’t needed, that is too extensive or that isn’t the appropriate type of engagement resulting in an unnecessary use of Board and staff time and a waste of your organization’s resources.

When an Audit Committee is Recommended

Though not every NFP needs a separate audit committee, there are some situations where establishing one is a good idea. For instance:

  • Larger, more complex NFPs, to oversee internal controls, safeguard financial information, and work with outside auditors.
  • Growing NFPs, to provide guidance on evolving financial risk and regulatory requirements.
  • NFPs that want to enhance their reputation with nonprofit ratings agencies, lending institutions, and funders.

In these situations, it is important to have an audit committee comprised of experienced and knowledgeable individuals that can add value to the independent audit process, understand the audit findings and decide how to respond to the findings and strengthen the NFP’s control environment as a result of the audit.

Members of an audit committee need not be Board members, and it is possible that an audit committee only has one member, so long as they are independent of the organization. The NFP management team, should not serve on the audit committee, nor should anyone with a material interest in the organization. Staff are permitted to attend audit committee meetings but should not be members.

States can also have different rules; for example, some states stipulate that the finance committee chair may not also be the audit committee chair. California has a rule that any organization that solicits donations from within the state must have an audit committee.

The best audit committee members will be those with expert-level knowledge of Generally Accepted Accounting Principles (GAAP) (or relevant accounting standards) and Generally Accepted Auditing Standards (GAAS). They should understand how to prepare and analyze financial statements and evaluate the adequacy of internal controls. They should have a solid foundation of issues facing the not-for-profit sector as a whole and the organization specifically. Simply reviewing the books and records won’t be enough to properly shield the NFP from undue risk and financial mismanagement.

Audit committee chairs must be great communicators and leaders, as they will be responsible for directing the committee’s activities and explaining financial concepts to the Board and management.

Best Practices for High-Performing Audit Committees

When an NFP decides to establish a formal audit committee, or if one is already in place, it should adopt guidelines that will help the organization create more effective policies. Audit committees should operate using a written charter and meet periodically throughout the year, especially outside of executive Board sessions.

Committee scope and size will vary, but every audit committee will be involved at some level with the following three responsibilities: Financial management, Compliance, and Business Risks.

Financial Management
The core duties of financial management are to mitigate fraud and implement internal controls. Other areas of risk management protocol include ensuring accuracy of financial reporting, meeting with internal auditors (if applicable) regularly, and external auditors at least twice a year, and presenting audit findings to the Board.

Among the biggest compliance responsibilities of an audit committee is hiring and managing external auditors, and overseeing the financial statement audit process. To that end, committees should understand regulatory and governmental rules and standards, how the organization meets or exceeds those standards, and how internal and external auditors assess organizational compliance.

Business Risks
The audit committee will lead the conversation on business risk management and prevention. Though these conversations will involve other committees, the audit committee will help decide what internal controls are necessary. They should also understand the organization’s risk tolerance level. Areas of business risks include but aren’t limited to investment practices, disaster recovery plans, donor and grantor restrictions, insurance plans, tax regulatory compliance, cybersecurity, and charitable registration practices.

Ensuring Not-for-Profit Governance

Whether an NFP currently has an audit committee or is considering establishing one, adhering to best practices will help to make sure that funds are maximized and risk is minimized. Governance policies and practices will look different from one organization to the next but they should always be overseen by a financial expert.

Have questions about NFP audit guidance and audit committee management? Contact Bo Garner, CPA, MBA, Partner and Team Leader of PBMares’ Not-for-Profit practice.