Fraud, whether reported by a whistle-blower or detected only after a house of cards has crumbled, can be the worst kind of attention getter. When that fraud occurs in a nonprofit, the energy generated by the feeding frenzies on Capitol Hill and among the media could keep the country well lit for a year.
Speaking at the AICPA Not-For-Profit Financial Executive Forum in Anaheim, Greg Coy of Gregory Michael Coy, CPA rehashed some of the familiar answers offered as to why an organization does not need an internal audit function.
One of those answers is “Internal audit is not a full-time job here.” Sounds reasonable, Coy said, but in fact it might be absolutely false.
There is actually more work than one might expect. Consider the following:
- Assistance, guidance, and recommendations to policy and procedures.
- Risk assessment and enterprise risk management.
- Assistance in controls documentation.
- Testing controls and performing walkthroughs – which might help to reduce the amount of testing performed by external auditors (and possibly reduce the cost of your audit).
- Assisting external auditors during field work.
- Providing independent, objective, nonpartisan cross-departmental advice and recommendations.
- Suggesting ways to improve efficiency, effectiveness, reduction of costs or increase of revenue.
- Training senior management and staff.