Nonprofit boards need to know how to get a thorough audit
The old adage is true: Those who don’t know history are doomed to repeat it. You will remember that the two largest contributing factors to the collapse of Enron were senior management engaging in bad practices without the knowledgeable approval of the board of directors and the audit firm Arthur Andersen giving clean audits year after year, thereby concealing the fraudulent activities.
As was reported in the Sept. 27 Viewpoint, Wailuku Main Street Association senior management engaged in bad practices without the knowledgeable approval of the board of directors. The article continued that at least one board chairman tried to get knowledge of WMSA’s activities and could not. Thus, the board functioned without enough truthful information to make corrections as needed – just like the Enron board.
And the WMSA board received clean audits year after year, giving the board and the public the certified public accountant’s assurance that the nonprofit organization was operating within its stated purposes, fulfilling its grant requirements and with no internal control weaknesses – just like Enron’s auditors.
But the Viewpoint writer states, “WMSA’s frequent public reliance on clean audits in the face of criticism means very little.” This may have been true of WMSA’s audits, but this is not true of all audits or all external auditors. In fact, good external audits should provide a board of directors with real assurance that the finances are correct, as well as positive feedback of issues to be resolved.
All audits are required to assess management override of internal controls as a high risk, and audit procedures are to be designed and conducted to reduce such risk. This seems to have been the overriding problem at WMSA and should have been reported to the board of directors.
All audits should involve the auditors talking with at least one board member to determine the risk issues and areas of concern the board wants investigated.
All audits require an assessment of key internal controls such as cash handling, payroll processing and expenditure procedures. Any deficiencies are to be reported to management and the board of directors.
All audits require communication to the board of directors of how the audit went. This includes management’s cooperation with the auditor, internal control issues, withheld documentation and even small items for improvement the board may want to consider. This helps the board fulfill its fiduciary responsibility from the auditor’s work performed on its behalf. The auditor works for the board of directors.
The bottom line is that boards of directors are required by law to be the fiduciaries of nonprofit organizations. The board is responsible to assure the organization is operating within its approved charitable purpose, maintaining prudent fiscal practices and reporting to the public as required by law. A well-performed external audit is one of the best tools available to help a board of directors. No audit examines everything. Thus absolute assurance is not attainable from an audit. But some external audits are better than others.
To learn from Enron and WMSA, board members need to remember:
* Management does most of the work but the board is legally responsible for the organization. Thus, the board needs to ask questions, follow up on answers and be actively engaged.
* The auditor works for the board and can be an assurance to help members meet their fiduciary duties. The board needs to know its auditor is competent, thorough and independent. Changing auditors every three years is less important than getting and keeping a good auditor every year.
* The board needs to talk to the auditor every year before the audit begins and after the audit is finished. The board needs to use the auditor to help it fulfill its fiduciary responsibility. Good auditors and good audits will do this.
* John D. Carbonaro, CPA, is senior partner of Carbonaro DeMichele CPAs in Wailuku. He has audited nonprofit companies on Maui for more than 22 years.