Full Newsletter   Newsletter Archives

  Home    Services    Building Relationships    Industry Focus     About Us    Contact Us



 Glossary:  ABCDEFGHIJKLMNOPQRSTUVWXYZ
Printable version 

The Changing Landscape of Nonprofit Audits


By Christopher Johnson, CPA


New auditing standards are having a significant impact on nonprofit organizations. An informal survey reveals that few, if any, have made progress toward audit readiness and for many, it's already too late.


Having written two prior articles on this topic, it's beginning to sound like a broken record, however, there's no doubt that the new standards, collectively known as "the risk assessment standards," are impacting nonprofit organizations more so than any in recent memory.


To summarize very briefly what the new standards mean in terms of audit procedures, here's what you can expect to see in your next audit: Until now, auditors were required to obtain an understanding of internal controls sufficient to plan an audit. Aside from specific compliance requirements under government or other funding sources, this meant inquiring about existing controls and documenting them, but auditor's were permitted to otherwise pay little attention to them and perform audit steps that placed no reliance on internal controls. There was no requirement to determine if the controls were operating effectively. Beginning effectively with years ending 12/31/07 and later, the process is substantially different. Auditors must now perform a formal risk assessment of significant audit areas, whether deemed as such due to account balance, transaction volume, fraud risk, related financial statement disclosures, or other factors that make a particular aspect of an organization's accounting and reporting process significant. Once that assessment is made, the controls relative to those significant areas must be identified, assessed for reasonableness under specific guidelines, and evaluated to ensure they are effective and actually in place. That's right; the auditor will need to observe documentation showing that each relevant control is being performed. And of course, all of this information must be documented in a way that would allow any qualified individual with no prior knowledge of the organization to fully comprehend it (take note; there's an opportunity here to keep the cost of your audit under control.)


The results of the internal control assessment must also be reported on under new standards that include two categories of findings, one being conditions that might reasonably impact the judgment of users of the financial statements, and the second being the same, but for conditions which also are material to the financial statements under specific guidelines. Impacting someone's judgment could be a rather subjective determination to make...expect a conservative approach by most auditors. Furthermore, the specific audit procedures for each audit area must be tailored based on the results of the internal control assessment to conform to the new standards. At the very least, that adds a degree of uncertainty in the audit plan since the audit procedures may not be known until the audit is well under way. Expect the possibility of adjustments to the plan during your audit.


Government funded organizations will be impacted more than others because funding agencies often react to any reported findings or negative management letter comments by imposing corrective action plans or similar requirements, that is, if your lucky. Here's an example of how this might play out: An Organization has a perfectly valid functional allocation plan that results in well-allocated expenses and the auditors can give a clean opinion on the statements, however, the auditors see no evidence that controls are implemented to ensure ongoing proper allocations. Under the new standards, this would likely become a "material weakness" which would be very likely to give rise to a corrective action plan and all of the painful, resource-consuming tasks to address it. Since most government-funded organizations are on a June fiscal year, five months of activity, potentially lacking evidence of appropriate controls, may have already occurred. In other words, time is running out!


Now is the time to act if you have not already. Your organization should perform an internal assessment of controls and make any necessary changes as soon as practical to avoid the potential for negative impact from these new risk standards.


For more information on this topic, or to discuss an implementation plan, contact Chris Johnson at 508-880-4955 ext. 205 or cjohnson@pmn.com.

 


 Save article  Email Firm  Email to a Friend
Is this item worthy of implementation? Yes No Maybe
Is this item worth sharing with other associates? Yes No Maybe
Did this item present value to you and your business? Yes No Maybe
Comments: