The document discusses the roles and responsibilities of audit committees for nonprofits. It outlines how nonprofit governance practices have become more formalized with an emphasis on accountability, transparency and compliance. It defines governance and the board's governance role. It then details best practices for audit committees inspired by the Sarbanes-Oxley Act, including establishing a separate audit committee with a financial expert, adopting a charter, overseeing financial reporting and internal controls, and maintaining independence from management. The document provides an overview of an audit committee's functions and limitations.
1. Audit Committees:
Roles and
Responsibilities
Kathy Raffa, Partner, Audit
January 12, 2012
Thrive. Grow. Achieve.
2. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
NONPROFIT GOVERNANCE PRACTICES
• Legislation for public companies
• Even without all the legislation applicable to public companies, practices have
changed for Nonprofits
̵ Higher visibility
̵ More focused accountability and transparency
• Trend toward more regulation and formal oversight
̵ Redesign of the Form 990 in 2008 - emphasis on governance issues as well as
compensation and related party disclosures
Audit Committees/ Page 2
3. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
DEFINITION OF GOVERNANCE
• “At its broadest, corporate governance encompasses the framework of rules,
relationships, systems and processes within and by which fiduciary authority is
exercised and controlled in corporations…
…Key elements of good corporate governance principles include honesty, trust
and integrity, openness, performance orientation, responsibility and
accountability, mutual respect, and commitment to the organization…” (from
Wikipedia)
Audit Committees/ Page 3
4. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
GOVERNANCE ROLE OF THE BOARD
• Preserving and reshaping the mission
• Selection of chief executive
• Ensuring the organization is well managed
• Representing the outside to the organization and the organization to the outside
• Protecting the organization from external threats
• Exercising financial stewardship
• Ensuring the board has the right skills
• Ensuring compliance with laws and regulations
Audit Committees/ Page 4
5. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
RELEVANCE OF SARBANES TO NONPROFITS
• Most provisions of the Act legally apply only to SEC registered companies
• Two provisions apply to all organizations, including nonprofits
̵ Prohibition against retaliating against a whistleblower
̵ Falsification or destruction of documents relevant to a pending or contemplated
regulatory proceeding
Audit Committees/ Page 5
6. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
BOARD GOVERNANCE BEST PRACTICES STEMMING FROM SARBANES
• Adopt Code of Ethics for the Board and the Nonprofit
• Adopt Conflict of Interest for the Board and senior management
• Establish policy prohibiting loans to directors and officers
• Develop whistleblower policies
• Develop document destruction policies
• Establish training for non-financial Board members
• Require management and ED certify financial statements
Audit Committees/ Page 6
7. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
AUDIT COMMITTEE
• Much of the burden of regulatory reform falls on the shoulders of the audit
committee
• Sarbanes definition of an audit committee:
̵ “(A) A committee (or equivalent body) established by and amongst the board of
directors of an issuer [of securities] for the purpose of overseeing the accounting and
financial reporting processes of the issuer and audits of the financial statements of the
issuer, and (B) if no such committee exists with respect to an issuer, the entire board
of directors of the issuer.”
Audit Committees/ Page 7
8. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
AUDIT COMMITTEE BEST PRACTICES INSPIRED BY SARBANES
• Establish a separate audit committee
• Audit committee minimum size of three members (preferably more)
• Members of the audit committee must be financially independent of the
organization (no member of management)
• At least one “financial expert” member, as defined by the SEC
̵ Understanding of GAAP and financial statements
̵ Ability to assess application of GAAP for estimates, accruals and reserves
̵ Understanding of audit committee functions
̵ Experience preparing, auditing, analyzing or evaluating financial statements, or
experience actively supervising persons engaged in such activities
̵ Understanding of internal controls and procedures for financial reporting
Audit Committees/ Page 8
9. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
AUDIT COMMITTEE BEST PRACTICES (CONTINUED)
• Written charter that includes committee’s responsibilities, updated periodically
̵ Mission, purpose and responsibilities
̵ Reporting relationship to the Board
̵ Member qualifications
̵ Structure of committee
̵ Relationship with management, internal and external auditor
̵ Frequency and topics for meetings
̵ Self-evaluation
̵ Orientation and continuing education for members
Audit Committees/ Page 9
10. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
AUDIT COMMITTEE BEST PRACTICES (CONTINUED)
• Typically meet 4 or 5 times per year
• Be responsible for relationship with external auditor
̵ All work (not just the audit) of the outside auditor approved by the audit committee
̵ Responsible for appointment, compensation, retention and oversight
̵ Clear reporting line with external auditor
̵ Set policies on audit partner rotation
̵ Meet in executive session with the auditor
Audit Committees/ Page 10
11. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
AUDIT COMMITTEE BEST PRACTICES (CONTINUED)
• Work closely with internal auditor
̵ Internal auditor periodically reports to the committee about internal controls and risks
• Oversee financial reporting and disclosures
̵ Transparency
̵ Quality of disclosures
• Consider management certification of accuracy and completeness of financial
reports
• Oversee and be well informed about internal controls
̵ Consider process for documenting and assessing key controls
Audit Committees/ Page 11
12. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
AUDIT COMMITTEE BEST PRACTICES (CONTINUED)
• Oversee risk management guidelines and policies
• Oversee compliance with legal and regulatory requirements
̵ IRS, federal, states…
• Ensure there are appropriate whistleblower polices
̵ Toll-free hotline established and communicated
o The Network; Ethicsline; ComplianceLine
• The Network; Ethicsline; ComplianceLine
̵ Ensure it is anonymous
̵ Ensure complaints handled appropriately
• Oversee code of conduct and conflict of interest policy
Audit Committees/ Page 12
13. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
AUDIT COMMITTEE LIMITATIONS
• Committee’s responsibility is one of oversight.
̵ Management is responsible for preparing the organization’s financial statements
̵ Independent auditors are responsible for auditing the organization’s financial statements.
• Committee does not have the duty to:
̵ Plan or conduct audits
̵ Determine that the organization’s financial statements and disclosures are in accordance
with GAAP
̵ Design and implement internal controls
Audit Committees/ Page 13
14. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
AUDIT COMMITTEES AND AUDIT FIRMS
• Rotation of audit firms
̵ Not a requirement
̵ Requirement of Sarbanes (only for public companies) is for the lead engagement partner
on the engagement to rotate every five years
̵ Partner and/or manager rotation has been adopted by some organizations
Audit Committees/ Page 14
15. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
COMMITTEES …WHAT’S CHANGED UNDER THE NEW DC NONPROFIT
LAW? …
• Committees of the Board may carry out the most of the responsibilities of the
Board but may not engage in the following:
̵ Delegate authority to authorize distributions
̵ Fill BoD or committee vacancies
̵ Amend bylaws
̵ Propose matters to be voted on by Members (if the organization is a membership
organization)
• If non-BoD members serve on the committee it is an Advisory Committee or
Designated Body, NOT a committee of the Board
Audit Committees/ Page 15
16. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
TOP CONCERNS FOR AUDIT COMMITTEES 1
• Risk Management and Crisis Response
• Financial Communications/Disclosures and New Accounting Standards
• Legal/regulatory compliance
• Uncertainty: Economy and government regulation
• Leadership/Culture/Tone at the Top
• IT/Emerging Technologies (Cloud Computing)
• Audit Committee Effectiveness
• Globalization
1 FROM THE 7TH ANNUAL AUDIT COMMITTEE ISSUES CONFERENCE
(NOT SPECIFIC TO NONPROFITS)
Audit Committees/ Page 16
17. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
TOP CONCERNS FOR AUDIT COMMITTEES
• October 18, 2011 annual forum of the National Association of Corporate
Directors (NACD) highlighted views from audit chairs on the following for 2012
̵ Compensation
̵ Corporate political contributions
̵ Information technology (IT) and data governance
o Cloud computing
o Cyber security
o Viral social media events
Audit Committees/ Page 17
18. AUDIT COMMITTEES: ROLES AND
RESPONSIBILITIES
TO DO’S FOR AUDIT COMMITTEES 1
• Keep the audit committee focused on financial reporting and internal control risk
• Understand the impact of accounting changes on your organization
• Review the organization’s whistleblower process and compliance program
• Understand the organization’s tax risks and reporting
• Monitor management’s assumptions underlying critical accounting estimates
• Consider whether the organization’s financial statements provide the user of
those financial statements with a good understanding of the organization
• Reassess the quality of business controls around the organization’s key
operational risks
• Set clear expectations for external and, as applicable, internal auditors
• Discuss the audit committee’s role in IT governance
1 AS OUTLINED BY KPMG’S AUDIT COMMITTEE INSTITUTE
Audit Committees/ Page 18