Although the very word “committee” can send people running for the exits, they are necessary in many areas of nonprofit operations. One such area is audits.
During the AICPA Not-for-Profit Industry Conference, Frank Kurre, New York office managing partner for Grant Thornton LLP, and Donna O’Brien, president of Community Healthcare Strategies, presented a list of the responsibilities of audit committees.
Those responsibilities cover several areas, including external audit and business risk assessment mitigation.
When it comes to external audit:
- Recommending and appointing an independent audit firm;
- Confirming the propriety of financial statement presentation and the adequacy of footnote disclosures;
- Facilitating clear and appropriate communication of financial information;
- Reviewing the scope of and work plan for the independent audit;
- Receiving and acting upon the results of the external audit;
- Reporting the results of the external audit to the board;
- Reviewing and approving the contract for any non-audit services provided by the external auditors; and,
- Resolving disagreements between the external auditors and management.
Business risk assessment and mitigation covers:
- Overseeing a comprehensive assessment of the business of reputational risks faced by the organization and assessing the internal controls over those risks.
- Holding management — including the CEO — responsible for an effective internal control structure;
- Providing open access to the audit committee by the internal auditor and the external auditor to discuss issues, concerns and the scope of work;
- Approving the annual internal audit plan and reviewing the reports prepared by the internal auditors; and,
- Confirming that employees have a confidential way to report concerns regarding funds.