Introduction
Many nonprofit leaders operate under a common misconception: tax-exempt status equals freedom from financial scrutiny. This assumption can prove costly when state revenue thresholds are crossed, federal funding arrives, or a major donor requests audited financials before making a six-figure gift.
A nonprofit audit isn't a tax audit. It's an independent examination of your organization's financial health, designed to build stakeholder trust and strengthen internal systems. This guide covers when audits are required, how the process unfolds, and what it takes to prepare — whether you're facing your first audit or your fifth.
TL;DR
- A nonprofit audit is an independent review of financial statements, controls, and accounting practices by a licensed CPA
- Required triggers include $1M+ in federal spending, state revenue thresholds, and grant or bylaw mandates
- The three-phase process — planning, fieldwork, reporting — runs 8 to 20 weeks
- Year-round readiness matters: reconciled accounts and strong internal controls make the difference
- Clean audits build donor and funder credibility, even when one isn't legally required
What Is a Nonprofit Audit?
A nonprofit audit is a formal, independent examination of your organization's financial statements, transactions, accounting practices, and internal controls conducted by a licensed CPA firm. The auditor issues an opinion on whether your financial statements fairly represent your organization's financial position in accordance with Generally Accepted Accounting Principles (GAAP).
Five Types of Nonprofit Audits
While this guide focuses primarily on independent financial audits, nonprofits may encounter five distinct audit types:
- Independent financial audit — External CPA firm reviews financial statements and issues an opinion
- IRS audit — Tax examination of your Form 990 and supporting documentation
- Internal audit — Your own staff or board committee reviews specific processes or controls
- Compliance audit — Examines adherence to specific grant or contract requirements
- Operational audit — Evaluates efficiency and effectiveness of programs or departments
Each audit type serves a different purpose — but for most nonprofits, the independent financial audit carries the most weight with funders, regulators, and boards.
Four Audit Opinion Types
Auditors issue one of four opinions under AICPA AU-C Sections 700 and 705:
| Opinion Type | What It Means | When It's Issued |
|---|---|---|
| Unmodified (Clean) | Financial statements are fairly presented in all material respects per GAAP | No material misstatements; sufficient evidence obtained |
| Qualified | Statements are fairly presented except for specific matter(s) | Material misstatement or scope limitation that isn't pervasive |
| Adverse | Financial statements do not present fairly | Misstatements are both material and pervasive |
| Disclaimer | Auditor cannot express an opinion | Insufficient evidence; potential misstatements too extensive |
A qualified or adverse opinion signals that specific issues need resolution — funders and boards will want to see a documented corrective action plan. Addressing the identified weaknesses promptly, and showing measurable progress at the next audit cycle, is what preserves stakeholder confidence.
When Does Your Nonprofit Need an Audit?
Five primary triggers can require an independent audit — some legal, some practical:
Federal Requirement: Single Audit
Organizations that spend **$1,000,000 or more in federal awards** during their fiscal year must complete a Single Audit under 2 CFR 200.501. This threshold increased from $750,000 in 2024, effective for fiscal years beginning October 1, 2024 or later.
State Revenue Thresholds
State audit requirements vary widely — from $25,000 to $3,000,000 depending on gross annual revenue or contributions:
- Highest threshold: Washington requires audits at $3,000,000+ in three-year average gross revenue
- Lowest threshold: Illinois requires audits at just $25,000 when using outside fundraisers
- Common thresholds: Many states set requirements between $500,000 and $2,000,000
If you solicit donations across state lines, map requirements for every registration state.
Organizational Bylaws
Your own bylaws may mandate periodic audits regardless of revenue or funding levels — review your governance documents to confirm what's required.
Grant or Funder Requirements
Private foundations and government agencies often require audited financials as a condition of funding, even if you're below the legal thresholds.
Voluntary Audits: Why Conduct One Anyway?
Even when not legally required, voluntary audits deliver value:
- Donor trust — Major donors frequently request audited financials before committing to significant gifts
- Control gaps — An external review surfaces internal weaknesses before they escalate
- Grant readiness — Many funders prefer or require audited statements as part of the application process
- Meet watchdog standards — Charity Navigator expects audits for organizations over $2M in revenue; BBB Wise Giving Alliance requires them above $1M
Audit Alternatives for Smaller Nonprofits
If you don't meet audit thresholds yet, consider:
- Financial review — Provides limited assurance through analytical procedures and inquiries, typically at 40–60% of audit cost
- Financial compilation — A CPA formats your data into GAAP-compliant statements with no assurance provided; the lowest-cost option
Reviews work well for organizations between $250,000–$1,000,000 in revenue. Compilations suit smaller organizations needing CPA-prepared statements without the cost of assurance.
The Nonprofit Audit Process: Phase by Phase
The independent audit runs through three structured phases, typically taking 8-20 weeks from auditor selection through final report delivery.
Two teams drive the process: on your side, the CFO/Finance Director, Executive Director, Board Treasurer, and Audit Committee; on the auditor's side, the Lead Auditor, Audit Manager, and Audit Partner.
Phase 1 – Planning
Planning begins 3-4 months before fiscal year-end with an engagement letter outlining scope, timeline, and fees. Typical audit costs vary by organization size:
| Organization Size | Typical Audit Cost |
|---|---|
| Small (under $1M in expenses) | $4,500–$6,500 |
| Mid-sized (~$7M in expenses) | $19,000–$22,000 |
| Large (Single Audit required) | $22,000–$50,000+ |
The auditor sends a Provided by Client (PBC) list requesting:
Core financial documents:
- Statement of Financial Position
- Statement of Activities
- Statement of Cash Flows
- Statement of Functional Expenses
- Form 990
- Prior year audit report
Supporting documentation:
- Bank statements and reconciliations
- Grant agreements and compliance documentation
- Board meeting minutes
- Payroll records (W-2s, 1099s, 941s)
- Financial policies and procedures handbook
- Donor contribution records, including restricted gift agreements
Phase 2 – Fieldwork
Once planning is complete, the audit moves into fieldwork — typically lasting one to two weeks — which covers three main activities:
- Document review and tracing — Auditors verify financial statements against source documents
- Internal control testing — Examination of segregation of duties, approval workflows, and access controls
- Staff interviews — Verification that written policies match actual practice
Make sure your Finance Director and grant program managers are available throughout this phase. Also provide auditors with view-only access to your accounting system before fieldwork begins — delays here are one of the most common reasons timelines slip.
Phase 3 – Reporting and Exit
With fieldwork complete, the auditor prepares a draft report. The exit conference gives leadership a chance to review findings, clarify misunderstandings, or submit additional documentation before the report is finalized.
The final audit report is presented to the full board and includes:
- Auditor's opinion
- Management letter with findings and recommendations
- Required communications regarding internal controls and compliance
Important: Treat management letter findings as a roadmap for strengthening your financial controls — most stem from common process gaps, not misconduct. Under AU-C Section 265, significant deficiencies and material weaknesses must be communicated in writing within 60 days of report release.
Nonprofit Audit Preparation Checklist
The single biggest factor in a smooth audit is year-round financial discipline, not a last-minute scramble. Use this framework for both ongoing preparation and the 4-8 weeks immediately before your audit begins.
Financial Records to Gather
Have these core documents ready:
- Bank and investment account statements with completed reconciliations
- Grant agreements and related expense documentation
- Payroll records and tax filings (W-2s, 1099s, 941s)
- Board meeting minutes
- Donor contribution records, including restricted gift agreements
- Current fiscal policies and procedures handbook
- Prior year audit report and Form 990
Pre-Audit Action Steps
Complete these tasks before the auditor arrives:
- Reconcile all accounts — Bank accounts, credit cards, investment accounts. Identify and resolve uncleared transactions
- Review your chart of accounts — Remove duplicates and inactive accounts
- Verify fund classifications — Ensure restricted and unrestricted funds are properly documented
- Update asset schedules — Verify capitalization and depreciation schedules for fixed assets
- Review receivables and payables — Confirm accuracy and identify outstanding items
Internal Controls Readiness
Auditors evaluate whether duties are properly segregated. For example, the person receiving cash should not also reconcile bank accounts.
For smaller nonprofits with limited staff, compensating controls are acceptable — but they must be documented in writing. Common examples include:
- Board review of monthly bank statements
- Dual signature requirements on checks above a set threshold
- Surprise cash counts conducted by a board member or senior leader
Organizations that maintain audit-ready financials year-round — rather than scrambling in the weeks before the auditor arrives — consistently see fewer findings and faster close times. A fractional CFO can own this process on an ongoing basis, which is the model One Abacus Advisory uses with clients like the San Diego Food Bank and Philadelphia Zoo.
Common Audit Mistakes to Avoid
Segregation of Duties Weaknesses
Segregation of duties deficiencies are the most frequently cited finding in nonprofit audits, especially in small and mid-sized organizations.
Incompatible functions to separate:
- Receiving donations AND reconciling bank statements
- Approving expenses AND processing payments
- Recording transactions AND reviewing financial reports
- Maintaining vendor files AND issuing payments
When true separation isn't possible, implement board-level compensating controls:
- Board treasurer reviews bank statements monthly
- Multiple signatures required on checks above a set threshold
- Board approval required for budget variances
The Documentation Trap
Auditors regularly flag:
- Expenses without proper supporting documentation
- Grant costs without documented authorization
- Donor restrictions not clearly recorded in the accounting system
Prevention: Build consistent filing habits throughout the year. Attach backup documentation to every transaction when entered. Maintain a restrictions log for all donor-designated gifts.
Those documentation habits also directly affect how and when revenue gets recorded.
Revenue Recognition Timing Errors
Recording grant or pledge revenue in the wrong period creates material misstatements. Three distinctions matter most:
- Conditional grants — revenue recognized only when conditions are met
- Unconditional grants — revenue recognized when awarded
- Exchange transactions — revenue recognized when services are provided
Functional Expense Misallocation
FASB ASU 2016-14 requires all nonprofits to report expenses by both function (program, management/general, fundraising) and nature (salaries, rent, supplies).
Incorrect allocation affects:
- Form 990 accuracy
- Donor perception of program efficiency
- Grant budget alignment
Make sure your chart of accounts supports dual classification, and put your allocation methodology in writing before the audit begins — not after the auditor asks for it.
How One Abacus Advisory Can Help
One Abacus Advisory works directly with nonprofits to keep financials audit-ready year-round—not just in the weeks before the auditor arrives. With over 25 years of finance and accounting experience, founder Lorin Port brings focused nonprofit expertise through fractional CFO services that cover the full audit lifecycle.
Practical value across the audit lifecycle:
- Manages the PBC list, documentation, and coordination with external audit firms
- Strengthens segregation of duties, financial policies, and compensating controls for small-staff organizations
- Ensures grant expenses are properly documented and aligned with funder requirements
- Translates audit findings into concrete action plans for boards and leadership teams
Whether your nonprofit is preparing for its first audit, recovering from a qualified opinion, or building a stronger financial foundation, One Abacus adapts its support to fit your organization's size, complexity, and goals. Their clients—including San Diego Food Bank, Philadelphia Zoo, and Laguna Playhouse—have moved through audit cycles with cleaner documentation, faster response times, and clearer communication for boards and funders.
Frequently Asked Questions
How much does a nonprofit financial audit cost?
Audit costs vary based on organizational size and complexity. Small nonprofits (under $1M revenue) typically pay $4,500–$6,500; mid-sized organizations (approximately $7M expenses) pay $19,000–$22,000; large organizations requiring Single Audits pay $22,000–$50,000+. Financial reviews and compilations offer lower-cost alternatives for smaller organizations.
What are the steps in a nonprofit financial audit?
The audit follows three core phases: planning (engagement letter, PBC list preparation), fieldwork (document review, internal control testing, staff interviews), and reporting (exit conference, final opinion, management letter). Total elapsed time runs from auditor selection through final board presentation.
How long should a nonprofit audit take?
Total elapsed time ranges from 8 to 20 weeks: auditor selection (4–12 weeks), preparation (2–4 weeks), fieldwork (1–2 weeks), and report delivery. Timeline depends on organizational complexity, staff availability, and quality of financial records.
How do you get a nonprofit audited?
Start by identifying CPA firms that specialize in nonprofit audits through peer referrals and state CPA society directories. Issue a Request for Proposals to top candidates, evaluating based on nonprofit experience, fees, and references. Select the firm that best understands your mission and operational complexity.
What are the different types of financial audits for nonprofits?
Five audit types apply to nonprofits:
- Independent financial audit — external CPA opinion on financial statements
- IRS audit — federal tax examination
- Internal audit — internal review of processes and controls
- Compliance audit — adherence to grant or contract terms
- Operational audit — program efficiency evaluation
For most nonprofits, the independent financial audit is the one that matters most.
What are examples of internal controls for nonprofits?
Common examples include:
- Requiring two signatures on checks above $5,000
- Separating cash receipt duties from bank reconciliation
- Requiring board approval for budget variances above 10%
- Conducting periodic surprise cash counts
- Having the board treasurer independently review monthly bank statements
