Governance is a cornerstone of nonprofit operations. If you lack a means of ensuring accountability and transparency, you can't build trust with donors and potential stakeholders.
Similarly, without established processes for risk management and compliance, you might find yourself running afoul of regulators.
Effective governance also helps your nonprofit not only stay true to its mission, but pursue it more effectively. With the proper frameworks in place, you'll be able to more effectively allocate resources while navigating everything from leadership transitions to changes in legislation. But how do you ensure you've proper governance in place?
Simple — through regular internal audits. Although they can be costly and time-consuming, audits verify that everything looks the way it should from a governance standpoint. They help ensure compliance with laws and regulations, reduce the risk of fraud or other financial irregularities, optimize operations, and keep you prepared for future challenges, opportunities, and bottlenecks.
In this blog, we'll go over what's involved in an internal audit.
External audits are conducted by a third party — either a government agency or an independent auditor. They're typically performed to validate a nonprofit's finances on an annual basis for the sake of stakeholders such as investors and creditors. An external audit may also be required as part of a grant agreement or as a condition for a loan.
Internal audits are an evaluation of an organization's reporting, processes, and controls, including:
Internal audits can be performed on a more recurring basis than external audits, and may be used by management for validation and optimization. There's actually a lot of commonalities between the internal and external auditing process — so running more regular internal audits can help a nonprofit be better-prepared for external audits.
Generally speaking, an internal audit is performed for a few different reasons:
Internal audits are usually carried out by a committee appointed by the organization. Once the audit is complete, management integrates any findings and insights from the audit into the wider organization.
Now that you understand the basics of an internal audit, let's move on to how you can plan and execute one.
Your first step is to appoint an audit committee. This committee, while generally still under board oversight, must be independent of both your organization and the board. Beyond that, what it looks like and who it includes will vary slightly depending on both your industry and your region.
You'll want to look for the following characteristics when appointing committee members:
You might also consider including a chartered professional accountant (CPA) on your committee.
Keep in mind that your audit committee will not be the ones responsible for actually implementing any of its recommendations. Your auditors also will not have any authority over what your organization does with their reports. They will operate largely in an advisory capacity.
Once you've appointed your committee, it's time to decide what and how they'll audit your nonprofit. What sort of time period are you looking at? Are you auditing everything from the past year, or just the past several months?
What about scope? Similarly, are you exclusively focusing on financial details, or do you want your audit to focus more broadly on governance?
Finally, over what timeframe do you want to complete this audit? Do you have a specific start and end date in mind? Make sure you keep your expectations realistic in this regard.
Next, compile all relevant internal documentation. You'll obviously need financial statements, bank reconciliations, payroll documents, and grant information. Beyond that, however, you should also gather any documents related to internal processes or controls.
Other documentation crucial to your audit includes minutes from board meetings, policy manuals, legal contracts, tax returns, and information on completed or ongoing initiatives. Once you've collected all the necessary information, your committee can begin their work.
Using the documentation collected in the previous step, your committee will perform a high-level evaluation of how things currently look for your nonprofit. They'll examine the protocols and internal controls that are in place as well as how they are monitored, looking for any obvious problems. They'll also review whether there have been any significant operational changes since the last audit.
Finally, they'll build a risk profile for your nonprofit based on how well it manages governance, operational, financial, and regulatory risks.
When performing an audit, transparency and communication are essential. The auditing process often brings with it a great deal of stress, and audits themselves tend to carry negative connotations. With that in mind, it's important that you brief everyone involved on what's going to happen, and what they need to do.
For employees, you should make sure they're ready to answer any questions about their roles and responsibilities, including deliverables, established processes, and controls. Management should also schedule regular check-ins with the audit committee, relaying any changes in timing or expectations to the wider organization. The committee, meanwhile, should keep management updated on things like milestones or outstanding terms.
Once you've laid all the groundwork, all that's left is to let the audit committee do their job. They'll interview employees from various departments throughout your nonprofit while also reviewing and testing internal controls. They may also evaluate your technical infrastructure as well as the effectiveness of any fundraising initiatives.
Once they've finished, the committee will prepare a comprehensive audit report that details both the results and their recommendations, then submit that report to management.
Once an audit has concluded, the next step is to schedule two meetings. The first will be with the audit committee, where they'll outline their findings and recommendations to leadership. This meeting will also cover any difficulties the committee encountered during the audit.
After the audit committee meeting, management should then meet with the board of directors to discuss next steps. When relevant, the results of the audit should also be shared with external stakeholders such as major donors. The most important result of this meeting is the preparation of an action plan.
This will serve as a roadmap for implementing the audit committee's recommendations, up to and including defining the timeframe.
Regular audits go hand-in-hand with effective nonprofit governance and financial management. But accessible, accurate, well-organized documentation is the bedrock of all three. That's where Sparkrock 365 comes in.
A cloud-based ERP solution purpose-built for the needs of the nonprofit sector, Sparkrock 365 offers comprehensive, built-in financial reporting and management tools backed by a centralized database that acts as a single source of truth for all information. In addition to ensuring accurate, timely reporting through intelligent automation and data entry, Sparkrock 365 includes a range of controls and utilities designed to help nonprofits easily navigate the complexities of risk, compliance, and grant management.
More importantly, however, is the fact that Sparkrock 365 facilitates seamless collaboration between the audit committee and stakeholders during an audit. Moreover, it equips nonprofits with powerful, intuitive reporting and analytics functionality, offering deep insights to guide decision-makers as they develop and implement their action plan.
Want to see how Sparkrock can streamline audits for your nonprofit? Book a demo and we'll show you.