Audit or Review: Which Is Best for Our Nonprofit Organization?

Good question: audit or review?

Now and then, we receive calls from nonprofit organizations that have never had an audit, but think they may need one. Sometimes, the nonprofit has applied for a grant and the grantor organization is requesting the audit. Other times, the board of directors, in fulfilling its fiduciary responsibility, desires the audit to help the organization follow best practices for nonprofits.

Very occasionally (thankfully not too often), we receive a call that goes something like this:

“Hello, Mr. CPA. We have just hired a new person to replace our former accountant who moved away. The new accountant has uncovered some strange accounting entries. Also, the books show that our cash collections this quarter are way up from the last couple of years, when our former accountant was still here…"

As we take this kind of call, our collective hearts say, “Ughh, let’s hope this isn’t yet another small nonprofit that has fallen victim to poor financial controls.” If this is your nonprofit, you’ll want to determine if sufficient predication of a fraud exists to go forward with a criminal or civil case.

Assuming that fraud is not suspected, let’s talk about why you think you need an audit and what, if anything else besides an audit, may meet your needs.

We are a small nonprofit and audits are just so…expensive.

First of all, if your nonprofit has gross revenues under $500,000, we would strongly encourage you to seek a financial statement review, instead of a financial statement audit. Audits are, indeed, very expensive for the smallest of nonprofits.

Whenever a small nonprofit of this size calls us to inquire about the cost and timing of an audit, we almost always talk them down to a review for a first-year engagement, unless an audit simply can’t be avoided. Generally speaking, an audit is twice the cost of a review. Also, with a first-time review, we CPAs do not need to perform attest procedures on the beginning-of-the-year Statement of Financial Position accounts, whereas we do in a first-year audit. For this reason alone, it’s often advantageous to have a review completed in Year 1, then an audit or review completed in Year 2 and afterward.

If your grantor organization is requesting the audit, a CPA can help explain to them the reasons that a first-year review makes sense (and saves the organization necessary funds). Hopefully, your grantors will understand the benefits of allowing you to grow into an audit over time.

So, what do I get with an audit that I don’t get with a review?

An audit provides the highest level of assurance (an opinion) on your financials. A review provides limited assurance (not quite an opinion) on your financials through various inquiries, analytical procedures, and developing expectations of account balances. The financials for an audit and a review look exactly the same. Even the note disclosures look the same. The only visual difference is the type of report (issued by the CPA firm) that accompanies your financial statements.

An audit also includes quite a few other services that are not included in a review. These services can include:

  • Developing an understanding on the internal control environment

  • Performing walkthroughs and conducting tests of the internal control environment

  • Confirmation of balances and transactions with outside parties

  • Physical inspections and observations

  • Other tests of supporting documentation

At the conclusion of the audit, the CPA firm will typically issue a “management letter” that covers noted material weaknesses and significant deficiencies in your internal control environment. This letter is not part of your basic audited financial statements. Sometimes, but not very often, your grantors may be interested in obtaining a copy of this letter.

Our board of directors is very concerned about our controls. They really want to follow best practices.

While a review does not consider your control environment, an audit will include the previously mentioned management letter. This letter will disclose internal control deficiencies that became known to the auditor as part of the audit procedures. However, this is still not a guarantee that fraud will be uncovered or that all control deficiencies will be unearthed. If you need a CPA to dig deep in one particular area (let’s say, disbursements), you may want to have an internal control assessment performed. Such an assessment will allow a CPA to focus on the area(s) of greatest concern to your organization. This assessment may be performed in conjunction with an audit or review, or it may be performed on its own.

So what type of engagement should you choose – audit, review, internal controls assessment? It all depends on the particular needs of your nonprofit organization and what your grantors may or may not require. Size, budget, financial history, and concerns about financial controls are all factors you should consider when determining the type of engagement that will best meet your needs and give you the best value for your dollar.