Blog Layout

April 2015 – Non-Profitability

Mar 28, 2015

Building a stronger internal audit function

In recent years, nonprofits have been the target of increased scrutiny over governance, accountability and compliance. Despite this, many organizations dismiss the importance of their internal audit function.

This isn’t a wise move. All nonprofits face heightened expectations from regulators and the public, as well as an ever-expanding field of risks. Even though your budget may be tight, you can’t afford mistakes or fraud incidents as a result of a weak or nonexistent internal audit function.

What are internal audit’s roles?

On its most basic level, the internal audit function provides independent assurance of a not-for-profit’s compliance with its internal controls and their effectiveness in the areas of financial and operational risk. Potential risks include fraud, insufficient funds to support programming, and reputational damage. Such risks are, of course, of concern to all types of organizations, but they’re particularly critical for nonprofits, which are often held to a higher standard of integrity by the public. Moreover, noncompliance with regulations could cost a nonprofit its tax-exempt status.

Internal audit is typically charged with:

  • Identifying risks and prioritizing them from high to low,
  • Assessing the effectiveness of internal controls through testing and other methods,
  • Evaluating compliance with laws, regulations and contracts,
  • Mitigating risks with targeted audit plans that give greater attention to high-risk areas and producing reports with recommendations for improvement,
  • Following up on its own recommendations and management’s remediation actions to eliminate identified risks, and
  • Assisting external auditors.

The overall objective is to help the not-for-profit accomplish its goals through proactive risk management and informed governance.

How do internal auditors work?

Internal auditors typically begin with an overall risk assessment of the nonprofit. Their wide-ranging review will consider everything involved in accomplishing the organization’s objectives, including financial procedures and processes (from cash and banking practices to financial reporting).

When high-risk areas are identified, auditors use various methods, such as testing of transactions, interviews of staff, or electronic data extraction techniques, to assess the strength of internal controls.

Smaller organizations aren’t exempt from the internal audit imperative. Their board and management can oversee internal controls with the assistance of a qualified third party.

What ensures success?

The effectiveness of the internal audit function hinges on several factors, including:

Independence. Internal auditors should be independent from management and other functions they review to avoid bias or a conflict of interest. They should report directly to the board of directors or its audit committee.

Executive support. The board and executive management must provide clear support for the internal audit function and its activities to convey their importance to the full organization. Leadership must indicate its support both verbally and by its actions. For example, the board must meet regularly with internal auditors to discuss their findings and should visibly act on their recommendations.

Resources. Not surprisingly, the quality of the internal audit function’s work is directly related to its capacity, yet one of the major handicaps suffered by many internal audit functions is insufficient resources. Even where the function is manned by individuals with extensive audit expertise, it might lack employees with the requisite knowledge of relevant program areas. For peak performance, internal audit should engage internal or outsourced staff with experience in compliance and controls, program areas, operations, and specialized areas (such as IT), especially those identified as high-risk.

Quality assurance review (QAR). A QAR assesses the overall effectiveness of an internal audit function by applying three criteria: 1) compliance with professional standards; 2) effectiveness and efficiency of function activities, organization, resources and skill capabilities; and 3) evaluation and fulfillment of stakeholder needs. A resulting report includes recommendations for improving and enhancing the internal audit function’s role. The Institute of Internal Auditors suggests that internal auditors conduct QAR self-assessments periodically, with third-party QARs done every five years.

An indispensable function

With proper independence and support, the internal audit function can prove invaluable for nonprofits of all sizes. Proper assessment of risk — whether by an in-house or outsourced internal audit function — is crucial for nonprofits that want to thrive in today’s rigorous environment.

 

 

Sidebar: Beyond compliance: IA as a strategic partner

Although the internal audit function is often viewed mainly through the prism of compliance and internal controls, it has a lot to offer beyond risk assessments and audit plans. Savvy organizations have begun to tap internal audit for strategic purposes.

For these organizations, the internal audit function serves almost as an internal consultant, providing critical insights gathered in the course of compliance and assessment work on issues such as operational efficiencies. For example, in the course of reviewing invoices, internal audit may discover a way to streamline invoice processing.

The internal audit function’s familiarity with the organization’s inner workings also affords it an unusual perspective for evaluating strategic opportunities and investments. For instance, does your not-for-profit have an operational or financial weakness that could undermine plans for a new program? Your internal auditor should know the answer.

© 2014

This material is generic in nature. Before relying on the material in any important matter, users should note date of publication and carefully evaluate its accuracy, currency, completeness, and relevance for their purposes, and should obtain any appropriate professional advice relevant to their particular circumstances.

Share Post:

SECURE 2.0 opportunities : Take advantage of 2024 and 2025 updates

By Sarah Rose Stack 15 Apr, 2024
President Biden signed the Setting Every Community Up for Retirement Enhancement (SECURE) 2.0 Act into law in late 2022, but much of the wide-reaching retirement legislation is being phased in over time. There are some significant changes in 2024 and 2025 that may help nonprofit employers recruit and retain employees. This article presents what organizations need to know. A brief sidebar looks at how SECURE 2.0 boosts the advantages of qualified charitable distributions (QCDs), possibly leading to larger gifts for nonprofits.

Bad Debt Deductions

By Sarah Rose Stack 15 Apr, 2024
The tax code allows an individual to claim a deduction for business debts that have become worthless. But qualifying for the deduction may be more complicated than one would think. In a recent case, the IRS denied more than $17 million in bad debt deductions on the grounds that the advances in question represented equity rather than debt, hitting the taxpayer with millions of dollars in taxes and penalties. This article recounts the U.S. Tax Court case Allen v. Commissioner. Allen v. Commissioner (T.C. Memo 2023-86).

Deducting Business Travel Expenses: A Refresher

By Sarah Rose Stack 01 Apr, 2024
During the COVID-19 pandemic, business travel nearly came to a halt. Today, it’s on the rebound, as “Zoom-fatigued” executives craving face-to-face interaction hit the road again. With more people getting out of their offices, now is a good time for a refresher on the tax deductibility of business travel expenses. This article explores what’s considered one’s tax home and what expenses are deductible. A sidebar explains the deductibility rules when a business trip is mixed with pleasure.
Show More
Share by: