Since the Sarbanes-Oxley Act was passed in 2002 and the Form 990 was redesigned in 2008, there has been an increased focus on the importance of corporate governance within not-for-profit organizations. A not-for-profit’s board of directors is charged with oversight of the organization’s governance and fiscal accountability. A strong audit committee can assist the board in their oversight of these areas.
While a finance committee typically oversees the preparation of the annual budget and reviews the internal financial statements, an audit committee makes sure things are done according to policy and with adequate controls, reviews the annual audited financial statements and other information provided to the public (including Form 990), provides oversight of the system of internal controls and risk management policy, and reviews the organization’s compliance with governance policies.
Many organizations operate with a small number of board members and establishing separate finance and audit committees is not feasible. Although there is no federal requirement that an organization establish separate finance and audit committees, an organization should check their state and any national affiliate for any regulation that may mandate separate committees.
One of the main responsibilities of an audit committee is to oversee the adequacy of the internal controls over the financial reporting process including oversight of the organization’s risk assessment and risk management policies. Typically, the audit committee meets with management and the auditors to gain an understanding of the significant risks and exposures faced by the organization. The committee then proactively works with management and the auditors in creating and reviewing the organization’s fraud prevention and detection program and ensuring that investigations are undertaken when fraud is suspected.
In general, the audit committee should be assessing whether the organization has controls in place, whether the controls are in writing, whether the controls are being followed and how the organization can test or review its compliance with its controls.
Many organizations have engaged in an Enterprise Risk Management process, looking at not only the financial risks of the organization, but also its non-financial risks in the areas of human resources and IT systems, as well as legal, regulatory, political and reputational risks. An organization can manage its risks by establishing an ethics and compliance program, including adopting a whistleblower policy, as well as by maintaining proper levels of insurance. An audit committee can assist management by reviewing the organization’s risk-management procedures and providing oversight in these areas.
If you would like to learn more about audit committees and other important roles and responsibilities of being a not-for-profit board member, ORBA is hosting a seminar with the law firm Chuhak & Tecson this Wednesday, January 16 at the Gleacher Center in Chicago. Click the following link for information and registration information.