Internal audits in nonprofits involve staying on top of governance and embracing technology to boost accuracy and effectively manage risk.
Internal audits in nonprofits should address evolving challenges and focus on supporting governance, compliance, financial accuracy, and security.
Staying proactive in these areas can help your organization reduce risks and effectively leverage emerging technologies.
Top priorities and growing trends internal auditors should focus on
1. Nonprofit-specific risks
Governance remains a cornerstone for nonprofit organizations — it’s vital for the board of directors to fully understand their positions and responsibilities. This includes having clear policies and procedures, a well-defined mission and purpose, and strategic planning. Regular board evaluations and addressing conflicts of interest are also essential components of good governance.
Compliance requirements are another critical area. Nonprofits must adhere to grant and contract compliance, including the identification, writing, processing, and maintenance of grants. Performance reports must align with grant terms and proposals, and expenditures should be allowable under grant terms. Compliance with funding agreements and the General Data Protection Regulation (GDPR) is also paramount.
Donation tracking is a significant aspect of nonprofit operations. It's important to document and follow donor restrictions, review acknowledgment letters and receipts for compliance, and keep the donor database secure and regularly updated. Auditing fundraising event revenue and expense tracking is also necessary.
2. Financial management
Accuracy in financial statements and donor reports is non-negotiable. Proper classification of restricted vs. unrestricted funds, reconciliation of bank accounts and petty cash, and timely recording of donations and grants are all critical tasks.
3. Staff and volunteer management
The safety and security of staff and volunteers is a top priority. This includes providing adequate training and education, clearly defining job roles and responsibilities, and enabling compliance with legal requirements.
4. Business process specific risks
Financial statement controls, reconciliations, segregation of duties, and journal entries are fundamental to maintaining financial integrity. Budgeting and forecasting, accruals, financial consolidation and close, and chart of account maintenance are also key areas to monitor.
5. Data privacy and confidentiality
Assessing data privacy and confidentiality life cycles is crucial. This involves defining what is sensitive or confidential to the organization, understanding where information resides, and implementing security controls for information at rest and in transit.
6. Artificial intelligence (AI)
AI is becoming increasingly important in the nonprofit sector. Establishing AI governance, policies, and procedures, understanding AI capabilities and benchmarks, and mapping the risks and benefits of AI components are essential steps. Documentation and monitoring of AI risk treatments are also necessary.
7. Cybersecurity
Cybersecurity remains a top concern. Regular assessments, penetration testing, vulnerability assessments, and incident response assessments are critical. Information technology and security risk assessments, control development, and effectiveness testing are also necessary.
How CLA can help with internal audits
Internal audit functions require an understanding of interdependencies among the various governance, risk, and compliance activities required to support your organization.
Whether you’re developing a new business model or starting a digital transformation journey, CLA can provide the financial, operational, IT, and risk resources you need.