Are you legally required to have an audit done?
Amongst New Zealand not-for-profits, there are only two types of entities that are required by law to have an audit or similar type of assurance done:
1.) Registered Charities with expenditure of $500,000 or more in both the two preceding years of the year that is being considered for audit; and
2.) Organisations whose own constitution requires them to have an audit or assurance done.
Example 1: A registered Charity had $600,000 of expenditure in the last financial year, $450,000 in the year before, and $550,000 in the year before that. It is not legally required to have an audit done, because it was under the threshold in one of the two preceding years.
Example 2: A small Charitable Trust that is registered as a Charity never has more then $5,000 in expenditure per year. However, this organisation’s Trust Deed states that the Trustees must arrange for an independent audit of the organisation’s accounts every year. Even though there is no law requiring this organisation to have an audit, their constitution (or in this case Deed) has the force of law and must be complied with.
What exactly is an audit?
An audit is a form of assurance: it is intended to give the readers of financial statements reasonable certainty that the statements give an accurate picture of the organisation’s financial standing and performance.
An audit report does not make any statements about the financial health or viability of the organisation, about the organisation’s financial processes and their adequacy, the approval processes, whether expenditure is ‘reasonable’ or not, or whether donor money has been applied correctly, although an auditor may ask to see relevant documentation to ascertain whether any possible liabilities have arisen. However, any of these items can be included in the audit, and then reported on, if the organisation specifically asks for it.
Do you want an audit done?
In a not-for-profit situation, where there are no investors, the level of accuracy in financial reports is not as important as in business. Funders are generally trying to assess whether an organisation has the capability to handle their funds and is financially reasonably stable, but nowadays they rarely ask for an audit. There is also no indication that an organisation supplying audited accounts with a funding application is viewed in a more positive light than an organisation that does not.
Here are some points to consider:
- An audit report is only useful if there are interested readers. An audit may be useful in these situations:
- Membership-based organisations, such as sports clubs: an audit can assure the members that the committee is not trying to hide something or to manipulate financial reports to certain ends.
- Organisations with ‘sole charge’ positions. These are organisations, where the committee or the Board allows a single person, such as a manager or co-ordinator, a lot of freedom in financial decision-making, and where there may not be a lot of oversight by the Board/committee. The manager may perhaps generate the financial reports being presented at Board/committee meetings as well. An audit will give assurance that at least the annual financial report has not been manipulated and gives a true picture.
- Organisations with high dependency on (non-government) grants. Highly grant-dependent organisations tend to have low reserves (‘untagged funds’) and are very vulnerable to becoming insolvent. It is particularly important to get your accounting right in such situations, and an audit may help with that.
- If a group is entirely committee-run, is not membership-based, and does not have any paid or contracted staff, an audit is generally not very useful.
- To do an audit properly is time-intensive and therefore costly. If all you want is someone to check whether all your receipts are there, you do not need an accountant for that.
- You may not need a truly independent audit. Sometimes someone within the organisation can be appointed to keep tabs on those that make all the decisions – as long as they’re not all close mates.
How is it being done?
An audit verifies the claims an organisation makes about its assets and liabilities as well as its financial activity for the year. This includes assessing the possibility that significant assets or liabilities are not being disclosed, or are disclosed at a very misleading value. Today’s audits generally first assess the risk of a significant (‘material’) misstatement in any of the categories given in the Balance Sheet.
Source documents (receipts, invoices, bank statements, contracts etc) are a large part of an audit, and the General Ledger connects those documents to the categories in the Financial Statements. The larger an organisation, however, the more difficult it becomes to take a truly representative sample of all the transactions in order to be fully convinced and give the high level of assurance of a ‘clean’ audit report. For large organisations auditors are looking closely at the organisation’s internal controls, i.e. their processes for avoiding errors and fraud, such as approval, authorisation, access limitations, reporting and others, to see if they can be relied on to give an accurate result. Analytical testing is also done, where an ‘expected’ value is calculated from documents from independent sources (such as IRD, or what usually occurs in organisations of this type) and compared with the actual one. In general, the stronger an organisation’s internal controls are, the cheaper the audit will be as the auditor has to look at fewer individual source documents, which is the most time-consuming part of an audit.
Except for very small organisations, fraud by staff is not usually significant enough to distort the Financial Statements. If detected an auditor will tell the organisation’s governance about it, but an auditor does not specifically look for it. The fraud an auditor is most concerned about is at the highest level: the organisation’s management or governance trying to deliberately paint a financial picture that is inaccurate for a specific purpose. While businesses may try to make themselves look much more solid than they are to assure investors, not-for-profits may try to do the opposite: hide assets to deceive donors about their financial position.
Choosing an Auditor
Your rules or constitution may require you to have an auditor with certain qualifications – you have to comply with what your rules say.
There is a suite of international audit standards, which are binding on members of professional bodies such as a Chartered Accountant. These auditing standards have been developed primarily with large commercial entities in mind. Because non-profit organisations operate very differently from businesses, it is a good idea to have an auditor who understands the non-profit model, has a good grasp of the funding environment and a non-profit’s accountabilities to stakeholders, funders, and beneficiaries of the product or service. It is very important that an auditor understands how the financial performance and position of a non-profit differs from that of a business and does not try to apply business accounting models and/or tax accounting inappropriately.
There is no accounting qualification in New Zealand that requires knowledge of the non-profit model and its implications for accounting and audit, and in choosing an auditor an organisation cannot assume that a higher qualification will provide better quality. Smaller accounting firms with more reasonable rates are may often be more experienced in non-profit accounting than larger ones.
It is perfectly acceptable to ask a prospective auditor about their specific experience and qualifications in performing non-profit audits, and to ask questions about any first-hand experience in financial management of non-profits. If the answer consists only of generalised statements (“The same audit or accounting standards/guidelines can be applied to all types of organisations”, “I am a Chartered Accountant/CPA/Registered Auditor!”), you may want to look elsewhere.
Under New Zealand law, anyone calling themselves an ‘accountant’ or ‘auditor’ must have relevant qualifications and/or experience, but the law does not require membership in a professional body such as the Institute of Chartered Accountants, with some exceptions (‘issuers of securities’, which are mostly companies that trade their shares publicly via the sharemarket, and Charities with annual expenditure of more than $500,000).
An auditor should be independent from the organisation in order to have sufficient ‘professional scepticism’ to make an audit meaningful. See here for CCA’s independence of audit statement.
Audits (or Reviews) by CCA
The audit is sometimes the only time when we see the accounts of an organisation, and we generally use the opportunity to look for any systematic mistakes that could cause problems in the future and help you correct these. We generally follow International Auditing Standards (IAS(NZ)), in as much as they are applicable to often small not-for-profits, but we augment them with tests about expenditure categories and disclosures that would not be important in a business setting.
See here for information about confidentiality issues in audit.
See here for documents we require for audit or review.
We can usually do an audit even if we provide other services to you as well. See here for an explanation.