Nonprofit organizations have much liberty to organize themselves so long as they remain in compliance with laws and regulations. Nonprofit boards have the option of forming an audit committee or handling the duties of an audit committee through the executive committee or the whole board. Ultimately, the board is responsible to ensure that their nonprofit follows through on its audit committee responsibilities.
Since the passage of the Sarbanes-Oxley Act of 2002 (SOX), there’s been a greater focus on sound governance principles for all types of organizations. While SOX doesn’t formally apply to nonprofit organizations, many accounting experts believe that it should. Overall, SOX places a greater focus on fiscal responsibility. Nonprofits are more likely to have weaker internal controls than public or private companies, which, on its face, is a good reason for nonprofit organizations to establish audit committees.
Nonprofit Audit Committee Responsibilities
The type of nonprofit and its size are the main indicators of whether nonprofits establish an audit committee or have their existing staff and volunteers help handle the duties. For nonprofits that choose to form an audit committee, the committee typically hires the external auditor, takes responsibility for the auditing process and determines whether they will use the same auditor in subsequent years. In addition, the audit committee presents the audit results to the board of directors and answers their questions before they accept the final audit report. Audit committees are also responsible for recommending practices and procedures to bring their nonprofit up to best practice standards.
In forming an audit committee, boards should draft an audit committee charter that spells out the duties, authority, membership of the committee and frequency of meetings.
Audit committee responsibilities include appointing, compensating and overseeing the external auditor’s work. Their work also entails asking questions of management and the external auditor to ensure the integrity of the audit process. After the audit, the audit committee should review the external auditor’s reports and consider whether they need to make recommendations to the full board to improve financial reporting practices and management practices.
Board Oversight for Best Practices and Internal Controls
Boards should review the recommendations as stated in the prior years’ audit reports and have discussions with management and the audit committee as necessary to ensure strong internal controls.
The audit committee should look for areas to strengthen internal controls and work with the board to proactively take steps to prevent fraud and financial mismanagement.
Setting Up Internal Controls for Nonprofits of All Sizes
Serving on the board of directors of a very small nonprofit that is all, or nearly all, run on volunteer power isn’t a reason not to have strong internal controls. There are several things that all nonprofits can do to prevent fraud.
First, boards should have clear policies in force and everyone who serves on the board, on a board committee or as a volunteer for the organization should be aware of those policies. The board should ensure that no one, regardless of their stature or position, is allowed to veer from approved policies. All managers should be accountable for turning in receipts, using timesheets to report work hours, getting approval for travel reimbursement and having all expenses reviewed for accuracy. Boards should take a firm stance on emphasizing the importance of ethics and internal controls and set a tone whereby everyone follows all the rules all the time.
Boards should also determine responsibility for who can write checks (at least two people should be on the checking account), who checks invoices and who approves the invoices for payment.
The board should also be familiar with physical controls over money, assets and records. Buildings should be secured, drawers should be locked and computers should be protected with high levels of security. As positions may be filled with different people from time to time, it’s important for boards to continually and regularly review who has access to records and materials.
These are important reasons for nonprofit boards to consider getting a board management software program like BoardEffect that has a high level of security built right into the platform. BoardEffect also has a feature for granular permissions that makes it easy to change restrictions and authorizations for various tasks and areas of responsibility.
After fundraisers, and any time a nonprofit receives large amounts of cash, checks and credit card payments, at least two people should be assigned to count the proceeds.
As part of the audit committee responsibilities, members must be diligent about reconciling the bank statement. This is a simple, but important, step in ensuring that fraud or embezzlement can be detected at the earliest opportunity.
To assist in nonprofit audit committee responsibilities, the National Endowment for the Arts Office of the Inspector General issued a Financial Management Guide for Nonprofit Organizations. This publication offers practical information about the type of information the federal government expects nonprofits to retain related to financial accountability, financial reporting and internal controls.
Nonprofit audit committee responsibilities include having at least one person on the audit committee who is financially literate. This person should be able to understand financial statements, financial risks and the impact of business decisions the board makes regarding financial statements. The financial expert on the audit committee should be able to identify balance sheet risks and understand revenue recognition issues.
Audit Committee Responsibilities Related to Financial Mismanagement
For the sake of accountability, boards need to devise policies about who will receive complaints about financial management. Sometimes, this responsibility is spelled out in the whistleblower policy, and it often falls to the audit committee or the audit committee chair.
When an allegation arises, the responsible person or group should investigate the complaint and take precautions to ensure that there is no retaliation against the employee making the complaint. The results of the investigation, as well as how the situation was resolved, should be reported to the board at the earliest opportunity. These types of situations may not come up often, but when they do, they justify the reason for having independence on the audit committee.
A well-composed audit committee helps boards meet their goals and objectives while ensuring that the good governance principles of transparency and accountability are maintained.