Start with a clear picture of its roles and responsibilities
Public companies have been required to have an audit committee for about a decade now (due to the Sarbanes-Oxley Act of 2002), and many nonprofits have started their own such committees during that time. The result? Some organizations have learned the hard way that good intentions aren’t enough to ensure an effective audit committee — both the nonprofit and committee members must fully understand the committee’s role and responsibilities.
Understanding the mission
An audit committee should operate as the arm of the board of directors that assures proper financial management. As such, it’s an integral part of good governance, making it relevant for nonprofits of all sizes. After all, poor governance and accountability can cost any organization support, financial and otherwise.
The committee’s job largely comes down to oversight, which is usually focused on financial reporting, external and internal audit functions, compliance with legal and regulatory requirements and the internal controls over these areas. An effective audit committee can lead to improved financial practices and reporting, reduced fraud and enhanced internal and external audits.
Overseeing financial reporting
The audit committee should take a much broader view, overseeing the conduct and integrity of financial reporting, including establishing and implementing accounting policies and internal controls to promote good financial stewardship. The goal is to protect the nonprofit’s assets, strengthen the reliability and accuracy of financial reporting, and reduce the risk of fraud.
On a practical level, financial reporting oversight translates to, among other things:
- Reviewing Forms 990 and reporting to regulatory agencies,
- Looking for red flags in financial statements that might signal improper revenue recognition or other kinds of fraud (for example, unexplained fluctuations in revenues or expenses),
- Reviewing audit results, the nonprofit’s responses and follow-up actions, and
- Evaluating the appropriateness of getting a second opinion on auditing issues.
Ultimately, the audit committee should ensure that all financial reports are accurate and transparently portray the organization’s performance.
The committee must understand the nonprofit’s overall risk profile (as determined by a comprehensive risk assessment). The risk profile considers, among other things, investment practices, disaster recovery plans, insurance coverage, and compliance with laws, regulations and donor and grantor requirements. It also looks at internal policies and procedures. The organization’s risks are evaluated in light of its “appetite for risk.” The committee should assess internal controls over those risks and, if necessary, see that remedial measures are effectively implemented.
Interacting with auditors
The audit committee is responsible for hiring, compensating and overseeing external auditors and is therefore considered the auditors’ client. It should have regular communications with the auditors, including meetings to discuss a workplan before the audit and to review any findings before they’re presented to the board.
Besides the roles and responsibilities described above, the committee must maintain its independence. That means audit committee members can’t accept any consulting, advisory or other compensatory fee from the organization.
Independence from management also is critical. Committee members shouldn’t have been an officer or employee of the nonprofit in the prior three years, or the immediate family member of such a person.
The American Institute of Certified Public Accountants recommends that some audit committee members also be members of the board of directors. But some states limit the number of audit committee members who also are on the finance committee.
Better safe than sorry
Audit committees may seem like just one more layer of bureaucracy, but they’re rapidly becoming a nonprofit “best practice.” Your CPA can help you establish a new committee or make sure that your existing committee is operating as it should be.