Audits are seldom a pleasant experience. Organizations are no different than most individuals in Canada — given a choice, we would rather not be audited. Nonetheless, random, compliance and forensic audits by regulators are an integral part of public accountability in many sectors, including the charitable and nonprofit sector.
A random audit may go by several names — spot audit, investigative audit, ‘spot check’, or inspection. Whatever it is called, it will usually be financial in nature. It is intended to determine whether or not the financial information is being reported accurately, to assess the financial record-keeping of the organization, and to identify any financial misconduct or potential misconduct. But it is not uncommon for these types of audits to cover non-financial matters, such as compliance with the law or with specified standards.
These types of audits are often called, not surprisingly, compliance audits. The audits could be carried out by or on behalf of a regulator (e.g. Alcohol and Gaming Commission of Ontario or similar regulatory body), Canada Customs and Revenue Agency, a funding agency pursuant to a funding agreement or by order of a court, under the Charities Accounting Act in Ontario.
Random selection, or someone complained
Generally speaking, the organization being audited was either selected on a random basis or somebody complained about it. The audit may also be a follow-up audit to confirm that the organization is now doing what it is supposed to be doing. An organization could also be selected because it is in a high-risk category. Criteria would be developed to identify high-risk organizations.
A forensic audit is a bit further down the audit trail. It is more commonly used where a problem or problems have already been identified, i.e., missing money, and it is necessary to find out how it went missing. A forensic audit is much more thorough and will sometimes involve the gathering, detailed review and cross-checking of all financial records and transactions. As a result, it can be very expensive and time consuming — not only for the auditor but also for the organization and its management.
Don’t panic …
What do you do when the auditor knocks on your door? First, remember that it is part of the process — and one that applies to all organizations involved in the area. It is also a legitimate process that is intended to ensure accountability. Second, do not panic. Review the request for documents and attempt to understand as much as possible what is wanted and needed.
It is important to decide on the approach that you will take during the audit. There are basically two possible approaches:
- recognize that the audit is part of the privilege of being registered as a charity, of having a licence for charitable gaming or of obtaining the grant, and is part of the overall accountability structure. Behave accordingly by being cooperative and helpful, or
- ignore it, do not cooperate and attempt to divert the process.
The first approach will usually result in the audit being completed more quickly, and will establish a level of trust with the auditor that may help address the inevitable problems that will be identified. It may also result in guidance on making the organization better and more efficient, effective and accountable. The second approach will seldom work, and creates needless suspicions. It is more likely to raise additional concerns than to divert attention. If the behaviour becomes obstructionist, it could also lead to charges and prosecutions.
And don’t cave in
Co-operation does not mean, however, caving in. If you believe that you need legal advice — for whatever reasons — obtain it. Seeking legal advice is not tantamount to admitting any impropriety, and at times can help clarify what’s needed and what the process is. Legal advice would be particularly important if the audit is forensic in nature. In that case, a problem has usually already been identified, and the purpose is to find out who did what to whom, when, how and for how much.
The last step in the audit (assuming it did not reveal criminal activities) is to take the results and make the organization better. If the audit identifies deficiencies in record keeping, correct them. If it suggests improvements to program operations, make those improvements whenever possible. Remember: the audit is a tool for management and for the membership to make the organization more effective, efficient and accountable, goals with which most organizations would agree.
Don Bourgeois is an Ontario lawyer who has practiced in the charitable and nonprofit area of law and is an officer and director of several organizations. He is the author of The Law of Charitable and Non-Profit Organizations and The Law of Charitable and Casino Gaming, both published by Butterworths Canada. He can be reached by e-mail at don_bourgeois@hotmail.com.
