By Julleen Snyder, CPA
Nonprofit Boards face many ongoing challenges: monitoring internal controls; avoiding and detecting fraud; responding to whistleblower reports, hiring a nonprofit auditor, to name just a few of the challenges. What actions are your board taking to respond to these challenges? Setting up an effective nonprofit audit committee that are responsible for dealing with challenges such as these, can provide accountability and help instill public confidence.
So what does an effective nonprofit audit committee look like? We recommend that the committee consists of a minimum of three independent members, at least one of which is a “financial expert”. Key qualifications for committee members include risk management expertise, broad business background, and leadership experience.
Many nonprofits, particularly smaller organizations, combine the nonprofit audit and finance committee functions. While combining the two committees is not inherently a bad practice, it is important to understand the roles of each committee so that the key responsibilities of each are not neglected. In general, the finance committee monitors financial transactions whereas the audit committee monitors the processes, making sure things are done according to policy and with adequate controls in place.
A well-crafted committee charter that is reviewed regularly can ensure a properly functioning nonprofit audit committee, whether it stands-alone or is combined with the finance committee. A Charter should include the purpose of the committee, to whom they report, the membership structure, frequency of meetings, and outline of key responsibilities. A sample nonprofit audit committee charter can be found at jjco.com.
Traditionally, the role of the nonprofit audit committee has included oversight of the financial reporting process, internal audit function, ethics and compliance, and the independent audit relationship. As our universe has become more complex, the role of the nonprofit audit committee has expanded to include oversight of the Fraud Prevention Program, Enterprise Risk Management, Cyber Security and Data Privacy and Conflict-of-interest and Related Party Transactions.
Here is a brief summary of the most important responsibilities of the Board of Directors that are generally delegated to a nonprofit audit committee.
Oversight of Internal Control – The Board plays a key role in setting expectations about integrity and ethical values, transparency, and accountability for the performance of internal control responsibilities. The Board is responsible for overseeing the system of internal control. Depending on the size of the organization, this can range from, high-level oversight and inquiry of management, to hands-on activities such as reviewing key controls on a regular basis.
Oversight of External Auditors – It is the Board of Directors who is responsible for hiring and overseeing the external auditors. The nonprofit audit committee should meet with the selected nonprofit auditors prior to the start of the nonprofit audit process to review the scope and planning of the nonprofit audit. They should meet with the auditors at the end of the process to review the results of the nonprofit audit and any related management letter. The nonprofit audit committee should also meet without the auditors present to discuss the performance and independence of the auditors and to discuss any corrective actions needed.
Oversight of Anti-fraud Programs – With respect to fraud, the nonprofit audit committee has a role in the prevention and deterrence of fraud through the implementation and monitoring of internal controls, the discovery or detection of fraud through the establishment of fraud controls such as whistleblower hotlines, and in the investigation of fraud in response to whistleblower complaints and the hiring of investigators, as necessary. According to the Association of Certified Fraud Examiners, US organizations lose an estimated 7% of annual revenue to fraud. Research indicates that fraud in nonprofits may be even higher due to the fact that nonprofit entities are not implementing the most effective fraud controls.
Oversight of Enterprise Risk Management (ERM) – ERM is an attempt to manage risk in a comprehensive manner that is aligned with the strategic direction of the organization and integrated with the everyday management of the business. While there is no regulatory mandate for implementation of enterprise risk management, the audit committee should assume oversight of the process if implemented.
The challenges that nonprofit boards face will continue to increase as new regulations are enacted and increased transparency is sought by the public. The public wants to support organizations that they can see are using their money responsibly. Creating an effective audit committee on your board can produce the confidence and accountably sought by the public.
About the Author
Julleen Snyder, CPA, Partner has been with Jacobson Jarvis since 1995. She has both practical experience working as a controller within a not-for-profit organization, as well as auditing experience with Ernst & Young and Jacobson Jarvis. This multi-disciplinary experience provides her with a unique perspective of the client’s issues combined with the ability to implement timely, appropriate solutions.
Julleen is a member of the AICPA and WSCPA, Treasurer for the Washington CPA Foundation, past member of AICPA Council, a past Chair of the Washington Society of Certified Public Accountants’ Board of Directors, and is a member of the Seattle Rotary.
Julleen can be contacted at Julleen@jjco.com or (206) 812-5474.