If the annual audit of your nonprofit organization is approaching, staff and board members alike may be wondering exactly what the purpose of the audit is and what they can expect.
An external audit is performed by an independent CPA. The purpose is to determine, with reasonable assurance, that the financial statements are free of material misstatement.
While the independent auditor is responsible for expressing an opinion, the board of directors is responsible for the financial statements themselves.
Audits generally occur over a period of time in two general phases: interim and year-end. As the names imply, part of the work is performed before year-end, and the remainder after the accounting records for the year have closed, accounts have been reconciled and financial statements prepared.
During the interim or preliminary phase, the auditor obtains and updates his or her understanding of the accounting systems and internal controls.
Auditors will identify and “walk through” key controls, will perform tests of accounting cycles and may identify internal control weaknesses. During this phase, management and staff will provide information as to the day-to-day processing of transactions and activities that support the organization’s financial reporting function.
Some staff and board members are interviewed to allow the auditor to better understand risks associated with the financial reporting process, and the auditor will meet with those charged with governance to discuss the scope and objectives of the audit.
This initial phase allows the auditor to perform a required risk assessment. This simply means looking at an entity and determining the areas where errors, omissions or fraud may occur.
Once this assessment has been established, the audit approach is determined and will include special focus on areas of elevated or high risk. Risk factors include complexity of transactions, knowledge of individuals performing accounting procedures, and ease of misappropriation. Risk factors include human and inherent aspects.
During the final phase of an audit, the auditor completes audit procedures that include tests of balances and financial assertions.
Auditors may perform confirmation of account balances and observation of assets owned, as well as tests and procedures using a sample of transactions. The auditor ultimately renders an opinion on the financial statements.
The auditor will also hold final meetings with those charged with governance – often the finance or audit committee – to discuss the results of the audit, any difficulties or concerns encountered, and the presence of any identified significant deficiencies or material weaknesses.
An auditor may conclude on the financial statements in a number of ways:
- An unqualified opinion indicates the financial statements are free of material misstatement and stated in accordance with Generally Accepted Accounting Principles (GAAP). An unqualified opinion is often referred to as a “clean“ opinion. This is, of course, the standard that all entities strive to meet.
- A qualified opinion indicates the financial statements contain one or more departures from GAAP or components upon which the auditor could not form a clean opinion.
- A disclaimer occurs when the auditor was not able to form an opinion on the financial statements in conformance with GAAP.
A key point to understand in the relationship between the auditor and the organization being audited is the role of the auditor vs. the role of management. It is the auditor’s role to render an opinion on the content of the financial statement. Auditors may not assume a management role. In other words, auditors may not take responsibility for, or make decisions for, management.
Independence is a key concept. The CPA renders an “independent auditor’s report” and must remain independent in fact and appearance. The requirement for independence often precludes auditors from performing consulting services for their audit clients, so do not be surprised when an auditor indicates a particular service is not permissible.
An audit can be likened to an annual checkup for your business – a bit like a visit to your doctor. Just as your physician is not responsible for your physical well-being and good decision making, there are certain things for which an auditor is not responsible.
For example, an audit is not designed to find fraud. Many organizations are not aware of this. Rest assured, however, if material fraud is detected, the auditor is required to report the information to management.
All board members must understand the financial condition of the organization in order to serve and protect it. The independent auditor can be a wealth of information. Board members should be sure to make time for dialogue with the auditor – to understand what the auditor does and how the function helps the organization.
The value derived from clear dialogue and a healthy relationship with the independent auditor is worth its weight in gold.