Do You Really Need That Audit?

CCA are using a lot of resources performing reviews or audits for small community organisations.

Such audits or reviews are of little benefit to the organisation or outside stakeholders, who often misunderstand what an audit or review is, or what the report means (see below). At the same time, fees we can charge small organisations for this work do not cover our costs. It is not a service that can be performed by a volunteer or accounting student, as it requires experience and good analytical skill. Even most accountants shy away from offering auditing as a service. To be able to provide the service to small not-for-profits, we have to take money from our charitable funding, or from charges to larger organisations, but in both cases money is being taken away from community purposes.

Funders do generally not require small not-for-profits to be audited or reviewed! There are exceptions to this rule, such as the Mainland Foundation, or the ANZ Staff Foundation. In our conversations with funders, we have been told repeatedly that organisations with audited or reviewed accounts are treated no different from others, and that funders do not want to impose such costs on the organisation unnecessarily.

Why are audits/reviews of little benefit to small not-for-profits?

Auditing standards are designed with investors of commercial entities in mind, for whom even small variations in profits, or analytical ratios, would sway the decision to invest. An auditor’s main job is to consider the possibility that the company is trying to make itself look better than it is, and to prevent that investors are misled through accounting trickery. Not-for-profits do not have investors. They have members, funders and donors, but these have little interest in profit margins. These stakeholders do have an interest that the financial statements they are being given are correct, but not nearly to the degree that an audit or even review is trying to ensure.

We also find that people in not-for-profit organisations often misunderstand what an audit or review actually does, or even that the subject of an audit or review is a financial report. Often they only want to know if the person in charge of the accounts is doing it “right”, or they want to make sure that others know that no-one in the organisation has stolen any money. Neither of this is the subject of an audit or review. Here’s some clarification:

What an audit DOES do:

  • Gives assurance that the information presented in the financial report is correct, within limits, through the audit report.
  • Find accounting errors.
  • If the audit report is ‘qualified‘ it means that there are areas in the financial report where the auditor is unable to give such assurance.

What a review DOES do:

  • Gives assurance, through a review report, that nothing has come to the attention of the reviewer that would indicate the financial reports are significantly incorrect.
  • Usually finds bigger accounting errors.

What an audit or review DOES NOT do:

  • Find if money or other assets have been misappropriated (other than in a very big way).
  • Certify or assure that there are good or even adequate processes.
  • Give any sort of opinion whether the organisation is in a good financial position or not.

CCA is offering its 6PAC service as an alternative: see here


A common misconception is that audits try to discover fraud. But auditors only try to prevent fraudulent financial reporting to outsiders. An audit or review is unlikely to detect the usually small-scale misappropriations that may occur in small not-for-profits through dishonest staff, volunteers, or committee/Board members. This is because in order to detect such fraud, there need to be processes in place that would allow such detection. And if an organisation had such processes, they probably would not need an external person to find fraud. So an auditor gives assurance to outsiders that the organisation has produced an honest report, within the scope of accounting standards, but not about anything untoward happening inside the organisation.

For example, faced with a receipt from PaknSave, it is impossible for an auditor or reviewer to say whether this expenditure really was to feed the support group, or instead to provide dinner for the buyer’s family; whether an Uber receipt really was for a client visit or for a private trip home after a party; whether your admin contractor has really worked the hours they have been charging; whether the recipients of those ‘coach’ payments have in actual fact been coaches, etc. Without numbered tickets, an auditor could not say whether the cash taken from your raffle was the $500 that were banked, or actually $800, with $300 disappearing in someone’s pocket.

Private expenditure passed off as organisational or other small-scale fraud is of interest to an auditor only if it has any impact on the financial statements. It would only have an impact if the fraud is significant and could be proven – if it can’t be proven, the money is not recoverable and has therefore no impact on the financial statements. Without any systems to prove fraud, it is largely irrelevant to the audit process.

Sometimes we do suspect that money has been misappropriated from an analysis of certain patterns, but all we can do is recommend procedures, because we cannot point fingers at someone without hard evidence.

A standard audit or review report actually points out that fraud prevention is the responsibility of the committee or Board – this paragraph is there to alert the reader that the auditor gives no assurance on the absence of fraud within the organisation.