News and Information about the nonprofit sector in Massachusetts. Check back frequently to keep informed.
October 25, 2020
Best Practices of Effective Audit Committees
By Brendan Donovan

Brendan Donovan
Brendan Donovan
Audit committees strengthen nonprofits by protecting their integrity, financial health, and long-term viability, and the level of the committee’s diligence and effectiveness can greatly enhance—or detract—from a nonprofit’s success.

An effective audit committee safeguards the organization’s most valuable asset: its reputation. Well-run committees ensure that management implements and follows an effective system of internal controls and that outside auditors objectively assess the organization’s financial reporting practices.

As nonprofits face greater scrutiny—from the IRS; local, state and federal government; and donors—it’s vital that each member understands his or her responsibility to prepare accurate financial statements, demonstrate responsible financial management, maintain regulatory compliance, and manage operating risks, and therefore protect the very essence of the organization.

Committee Composition
Audit committees vary in size based on an organization’s complexity, but typically are comprised of three to five members, the majority of whom should be board members. All audit committee members should be independent of the organization’s management, meaning participants receive no financial incentives or payment from management.

The audit committee itself also should be independent. Though it works collaboratively with internal and external auditors and management, the committee must be completely separate from each of these groups.

While audit committees may include members with varied backgrounds and experience in key business functions, for example, financial reporting or risk management, organizations generally look for members who possess a solid background in business or finance, have a strong understanding of internal control concepts, and knowledge of business risk and compliance issues unique to the nonprofit.

At least one member of the audit committee should have deep financial expertise, including knowledge of financial reporting and internal controls, experience with the audit process and working with auditors, and familiarity with nonprofit accounting policies and procedures. Additionally, while most audit committee members typically have finance, accounting, or legal backgrounds, oftentimes it is useful to also include a member with specific-program expertise.

Of course, to be effective all committee members must understand the organization’s business model, and the drivers impacting management’s choices in key areas such as the selection and application of critical accounting policies and financial strategies.

Primary Audit Committee Responsibilities
Though audit committees have numerous responsibilities, three stand apart: representing the board in overseeing the establishment and implementation of accounting policies and internal controls aimed at promoting positive financial stewardship, initiating the conversation on business risks, and overseeing compliance.

Financial stewardship — Audit committees are charged with protecting the organization’s assets, mitigating fraud risk, and ensuring the accuracy of financial reporting. To do so, effective audit committees closely monitor the findings of the internal and external auditors charged with testing the organization’s internal controls and risk management procedures. Audit committee members should meet regularly with internal auditors and at least twice a year with external auditors to discuss work plans and review audit findings prior to presentation to the full board of directors.

Business risk — Audit committees lead the discussion on business risk, exploring how the organization plans for known and potential risks. To do so, audit committee members must thoroughly understand the organization’s investment practices, disaster recovery plans, donor and grantor requirements, charitable registration practices, insurance coverage, adherence to tax regulations, and, most significantly, the nonprofit’s risk tolerance. For greatest effectiveness, the audit committee should work closely with other board committees who may have a hand in addressing business risk, for instance, the investment, development, and/or human resources committees.

Compliance — To be effective and truly help its organization, an audit committee must be keenly aware of compliance issues. Committee members must understand not only the regulatory standards that affect the organization, but also how the organization conforms to those standards and how internal and external auditors assess the performance of the organization regarding these regulatory matters.

While the size and type of organization will influence the audit committee’s specific duties, every audit committee will have a role in helping its organization comply with rules regarding financial accounting, reporting, billing, spending, investing, and program reporting.

Executive Sessions
Executive sessions offer audit committee members the opportunity to query members of the management team and external auditors on various risk management-related subjects. These sessions are intended to allow for a free exchange of ideas on sensitive subjects in a non-threatening environment. In fact, the sessions are specifically designed to provide participants the opportunity to offer candid views on sensitive issues that may be inappropriate to discuss in an open forum.

That’s why it is important to consider the participants, and perhaps conduct meetings between individuals or groups. For example, if an audit committee member wants to discuss an issue with the audit firm of a large nonprofit, the CFO and members of management should not be present so that the audit firm and members of the audit committee feel at ease and are willing to be open in their discussion.

It is imperative that committee members possess sufficient financial expertise to understand the issues and formulate appropriate follow-up questions, as well as take any further action, as needed.

While the list of potential questions is endless, here are a few examples of the types of questions typically posed by audit committee members in executive sessions:
  • Are you aware of any situations of revenue or expense manipulation?
  • Is the organization taking a critical look at its business model? Or, is it just looking for short-term solutions that may not be sustainable?
  • Are resources (people, assets, cash flow, etc.) sufficient to meet the mission of the organization?
  • Is risk management part of the organization’s culture?
  • Are other organizations looking at their risks in a holistic way, including operational and financial risks that range from possible to unimaginable?
Brendan Donovan is a director in the Not-For-Profit & Education Practice at CBIZ Tofias. Email him at or call 401-626-3235.
September 2014
SUBSCRIBE FREE – Keep current with the Wednesday Report emailed to you free each week. Click here.
Got news, advice, resources? Send it to