Best Practices of Effective Audit Committees
By Brendan Donovan
Audit committees strengthen nonprofits by protecting their integrity, financial health, and long-term viability, and the level of the committees diligence and effectiveness can greatly enhanceor detractfrom a nonprofits success.
An effective audit committee safeguards the organizations most valuable asset: its reputation. Well-run committees ensure that management implements and follows an effective system of internal controls and that outside auditors objectively assess the organizations financial reporting practices.
As nonprofits face greater scrutinyfrom the IRS; local, state and federal government; and donorsits vital that each member understands his or her responsibility to prepare accurate financial statements, demonstrate responsible financial management, maintain regulatory compliance, and manage operating risks, and therefore protect the very essence of the organization.
Audit committees vary in size based on an organizations complexity, but typically are comprised of three to five members, the majority of whom should be board members. All audit committee members should be independent of the organizations management, meaning participants receive no financial incentives or payment from management.
The audit committee itself also should be independent. Though it works collaboratively with internal and external auditors and management, the committee must be completely separate from each of these groups.
While audit committees may include members with varied backgrounds and experience in key business functions, for example, financial reporting or risk management, organizations generally look for members who possess a solid background in business or finance, have a strong understanding of internal control concepts, and knowledge of business risk and compliance issues unique to the nonprofit.
At least one member of the audit committee should have deep financial expertise, including knowledge of financial reporting and internal controls, experience with the audit process and working with auditors, and familiarity with nonprofit accounting policies and procedures. Additionally, while most audit committee members typically have finance, accounting, or legal backgrounds, oftentimes it is useful to also include a member with specific-program expertise.
Of course, to be effective all committee members must understand the organizations business model, and the drivers impacting managements choices in key areas such as the selection and application of critical accounting policies and financial strategies.
Primary Audit Committee Responsibilities
Though audit committees have numerous responsibilities, three stand apart: representing the board in overseeing the establishment and implementation of accounting policies and internal controls aimed at promoting positive financial stewardship, initiating the conversation on business risks, and overseeing compliance.
Financial stewardship Audit committees are charged with protecting the organizations assets, mitigating fraud risk, and ensuring the accuracy of financial reporting. To do so, effective audit committees closely monitor the findings of the internal and external auditors charged with testing the organizations internal controls and risk management procedures. Audit committee members should meet regularly with internal auditors and at least twice a year with external auditors to discuss work plans and review audit findings prior to presentation to the full board of directors.
Business risk Audit committees lead the discussion on business risk, exploring how the organization plans for known and potential risks. To do so, audit committee members must thoroughly understand the organizations investment practices, disaster recovery plans, donor and grantor requirements, charitable registration practices, insurance coverage, adherence to tax regulations, and, most significantly, the nonprofits risk tolerance. For greatest effectiveness, the audit committee should work closely with other board committees who may have a hand in addressing business risk, for instance, the investment, development, and/or human resources committees.
Compliance To be effective and truly help its organization, an audit committee must be keenly aware of compliance issues. Committee members must understand not only the regulatory standards that affect the organization, but also how the organization conforms to those standards and how internal and external auditors assess the performance of the organization regarding these regulatory matters.
While the size and type of organization will influence the audit committees specific duties, every audit committee will have a role in helping its organization comply with rules regarding financial accounting, reporting, billing, spending, investing, and program reporting.
Executive sessions offer audit committee members the opportunity to query members of the management team and external auditors on various risk management-related subjects. These sessions are intended to allow for a free exchange of ideas on sensitive subjects in a non-threatening environment. In fact, the sessions are specifically designed to provide participants the opportunity to offer candid views on sensitive issues that may be inappropriate to discuss in an open forum.
Thats why it is important to consider the participants, and perhaps conduct meetings between individuals or groups. For example, if an audit committee member wants to discuss an issue with the audit firm of a large nonprofit, the CFO and members of management should not be present so that the audit firm and members of the audit committee feel at ease and are willing to be open in their discussion.
It is imperative that committee members possess sufficient financial expertise to understand the issues and formulate appropriate follow-up questions, as well as take any further action, as needed.
While the list of potential questions is endless, here are a few examples of the types of questions typically posed by audit committee members in executive sessions:
Brendan Donovan is a director in the Not-For-Profit & Education Practice at CBIZ Tofias. Email him at BDonovan@cbiztofias.com or call 401-626-3235.
- Are you aware of any situations of revenue or expense manipulation?
- Is the organization taking a critical look at its business model? Or, is it just looking for short-term solutions that may not be sustainable?
- Are resources (people, assets, cash flow, etc.) sufficient to meet the mission of the organization?
- Is risk management part of the organizations culture?
- Are other organizations looking at their risks in a holistic way, including operational and financial risks that range from possible to unimaginable?