Audit of Nonprofit Organization

Published on June 2016 | Categories: Documents | Downloads: 49 | Comments: 0 | Views: 1179

of 412

Content

NPOT09

SELFSTUDY CONTINUING PROFESSIONAL EDUCATION

Companion to PPC's Guide to

Audits of Nonprofit
Organizations

Fort Worth, Texas
(800) 3238724
trainingcpe.thomson.com

NPOT09

Copyright 2009 Thomson Reuters/PPC
All Rights Reserved

This material, or parts thereof, may not be reproduced in another document or manuscript
in any form without the permission of the publisher.

This publication is designed to provide accurate and authoritative information in regard to the subject
matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal,
accounting, or other professional service. If legal advice or other expert assistance is required, the
services of a competent professional person should be sought. From a Declaration of Principles
jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and
Associations.
The following are registered trademarks filed with the United States Patent and Trademark Office:
PPC's Checkpoint Tools
PPC's Practice Aids
PPC's Workpapers
PPC's Engagement Letter Generator
PPC's Interactive Disclosure Libraries
PPC's SMART Practice Aids
Practitioners Publishing Company is registered with the National
Association of State Boards of Accountancy (NASBA) as a sponsor of
continuing professional education on the National Registry of CPE
Sponsors. State boards of accountancy have final authority on the
acceptance of individual courses for CPE credit. Complaints regarding
registered sponsors may be addressed to the National Registry of CPE
Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN
372192417. Website: www.nasba.org.
Practitioners Publishing Company is registered with the National
Association of State Boards of Accountancy (NASBA) as a sponsor of
continuing professional education on the National Registry of CPE
Sponsors. State boards of accountancy have final authority on the
acceptance of individual courses for CPE credit. Complaints regarding
registered sponsors may be addressed to the National Registry of CPE
Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN
372192417. Website: www.nasba.org.
Registration Numbers
New Jersey
20CE00206800 (CE 2068)
New York
001076
NASBA Registry
103166
NASBA QAS
006

ii

NPOT09

Interactive Selfstudy CPE
Companion to PPC's Guide to
Audits of Nonprofit Organizations
TABLE OF CONTENTS
Page
COURSE 1: RISK ASSESSMENT PROCEDURES AND PLANNING FOR NONPROFIT AUDITS
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1

Lesson 1:

Risk Assessment Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3

Lesson 2:

Planning the Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

59

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

140

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

141

COURSE 2: SUBSTANTIVE PROCEDURES AND SAMPLING
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

143

Lesson 1:

Substantive Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

145

Lesson 2:

Audit Sampling in a Nonprofit Organization Audit Engagement . . . . . . . . . . . . . . . . . . .

197

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

255

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

259

COURSE 3: SPECIAL ACCOUNTING AND AUDITING CONSIDERATIONS
FOR NONPROFIT ORGANIZATIONS
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

261

Lesson 1:

Cash, Investments, and Contributions in the Nonprofit Environment . . . . . . . . . . . . . .

263

Lesson 2:

Other Activities Related to Nonprofits and Their Financials . . . . . . . . . . . . . . . . . . . . . . .

327

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

390

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

391

iii

NPOT09

To enhance your learning experience, the examination questions are located throughout
the course reading materials. Please look for the exam questions following each lesson.
ANSWER SHEETS AND EVALUATIONS
Course 1: Examination for CPE Credit Answer Sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Course 1: Selfstudy Course Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Course 2: Examination for CPE Credit Answer Sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Course 2: Selfstudy Course Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Course 3: Examination for CPE Credit Answer Sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Course 3: Selfstudy Course Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

iv

397
398
401
402
405
406

NPOT09

INTRODUCTION
Audits of Nonprofit Organizations consists of three interactive selfstudy CPE course. These are companion
courses to PPC's Guide to Audits of Nonprofit Organizations designed by our editors to enhance your
understanding of the latest issues in the field. To obtain credit, you must complete the learning process by logging
on to our Online Grading System at OnlineGrading.Thomson.com or by mailing or faxing your completed
Examination for CPE Credit Answer Sheet for print grading by March 31, 2010. Complete instructions are
included below and in the Test Instructions preceding the Examination for CPE Credit Answer Sheet.
Taking the Courses
Each course is divided into lessons. Each lesson addresses an aspect of auditing nonprofit organizations. You are
asked to read the material and, during the course, to test your comprehension of each of the learning objectives by
answering selfstudy quiz questions. After completing each quiz, you can evaluate your progress by comparing
your answers to both the correct and incorrect answers and the reason for each. References are also cited so you
can go back to the text where the topic is discussed in detail. Once you are satisfied that you understand the
material, answer the examination questions which follow each lesson. You may either record your answer
choices on the printed Examination for CPE Credit Answer Sheet or by logging on to our Online Grading System.
Qualifying Credit Hours QAS or Registry
PPC is registered with the National Association of State Boards of Accountancy as a sponsor of continuing
professional education on the National Registry of CPE Sponsors (Registry) and as a Quality Assurance Service
(QAS) sponsor. Part of the requirements for both Registry and QAS membership include conforming to the
Statement on Standards of Continuing Professional Education (CPE) Programs (the standards). The standards were
developed jointly by NASBA and the AICPA. As of this date, not all boards of public accountancy have adopted the
standards. Each course is designed to comply with the standards. For states adopting the standards, recognizing
QAS hours or Registry hours, credit hours are measured in 50minute contact hours. Some states, however, require
100minute contact hours for self study. Your state licensing board has final authority on accepting Registry hours,
QAS hours, or hours under the standards. Check with the state board of accountancy in the state in which you are
licensed to determine if they participate in the QAS program or have adopted the standards and allow QAS CPE
credit hours. Alternatively, you may visit the NASBA website at www.nasba.org for a listing of states that accept
QAS hours or have adopted the standards. Credit hours for CPE courses vary in length. Credit hours for each
course are listed on the Overview" page before each course.
CPE requirements are established by each state. You should check with your state board of accountancy to
determine the acceptability of this course. We have been informed by the North Carolina State Board of Certified
Public Accountant Examiners and the Mississippi State Board of Public Accountancy that they will not allow credit
for courses included in books or periodicals.
Obtaining CPE Credit
Online Grading. Log onto our Online Grading Center at OnlineGrading.Thomson.com to receive instant CPE
credit. Click the purchase link and a list of exams will appear. You may search for the exam using wildcards.
Payment for the exam is accepted over a secure site using your credit card. For further instructions regarding the
Online Grading Center, please refer to the Test Instructions preceding the Examination for CPE Credit Answer
Sheet. A certificate documenting the CPE credits will be issued for each examination score of 70% or higher.
Print Grading. You can receive CPE credit by mailing or faxing your completed Examination for CPE Credit Answer
Sheet to the Tax & Accounting business of Thomson Reuters for grading. Answer sheets are located at the end of
all course materials. Answer sheets may be printed from electronic products. The answer sheet is identified with the
course acronym. Please ensure you use the correct answer sheet for each course. Payment of $75 (by check or
credit card) must accompany each answer sheet submitted. We cannot process answer sheets that do not include
payment. Please take a few minutes to complete the Course Evaluation so that we can provide you with the best
possible CPE.
v

NPOT09

You may fax your completed Examination for CPE Credit Answer Sheet to the Tax & Accounting business of
Thomson Reuters at (817) 2524021, along with your credit card information.
If more than one person wants to complete this selfstudy course, each person should complete a separate
Examination for CPE Credit Answer Sheet. Payment of $75 must accompany each answer sheet submitted. We
would also appreciate a separate Course Evaluation from each person who completes an examination.
Express Grading. An express grading service is available for an additional $24.95 per examination. Course
results will be faxed to you by 5 p.m. CST of the business day following receipt of your Examination for CPE Credit
Answer Sheet. Expedited grading requests will be accepted by fax only if accompanied with credit card
information. Please fax express grading to the Tax & Accounting business of Thomson Reuters at (817) 2524021.
Retaining CPE Records
For all scores of 70% or higher, you will receive a Certificate of Completion. You should retain it and a copy of these
materials for at least five years.
PPC InHouse Training
A number of inhouse training classes are available that provide up to eight hours of CPE credit. Please call our
Sales Department at (800) 3238724 for more information.

vi

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

COMPANION TO PPC'S GUIDE TO AUDITS OF NONPROFIT ORGANIZATIONS

COURSE 1
Risk Assessment Procedures and Planning for Nonprofit Audits (NPOTG091)
OVERVIEW
COURSE DESCRIPTION:

Continuing audit engagements for nonprofit organizations require the auditor to
consider a number of factors. For instance, how much does the auditor understand
about the client entity and its environment? How strong are the entity's internal
controls? What role does IT play concerning the entity's financial data and its
integrity? How much audit risk is acceptable? What is the auditor's responsibility for
detecting fraud during the audit? Fortunately for the auditor, some guidance is
available. This course will discuss that guidance and aspects of the nonprofit audit
from a general planning perspective.

PUBLICATION/REVISION
DATE:

February 2009

RECOMMENDED FOR:

Users of PPC's Guide to Audits of Nonprofit Organizations

PREREQUISITE/ADVANCE
PREPARATION:

Basic knowledge of auditing.

CPE CREDIT:

8 QAS Hours, 8 Registry Hours
Check with the state board of accountancy in the state in which you are licensed to
determine if they participate in the QAS program and allow QAS CPE credit hours.
This course is based on one CPE credit for each 50 minutes of study time in
accordance with standards issued by NASBA. Note that some states require
100minute contact hours for self study. You may also visit the NASBA website at
www.nasba.org for a listing of states that accept QAS hours.

FIELD OF STUDY:

Auditing

EXPIRATION DATE:

Postmark by March 31, 2010

KNOWLEDGE LEVEL:

Basic

Learning Objectives:
Lesson 1 Risk Assessment Procedures
Completion of this lesson will enable you to:
Examine, in general terms, authoritative literature, and various issues related to risk assessment and audit
planning;
Outline the types of risk assessment procedures, describe issues concerning audit inquiries, explain
preliminary analytical procedures to be performed, and discuss other issues related to the risk assessment and
planning process; and
Discuss risk assessment and other issues related to gaining an understanding of the entity under audit.
Lesson 2 Planning the Audit
Completion of this lesson will enable you to:
Examine the various elements and issues concerning internal control including the basic components, the
effect of IT, the control environment, risk assessment, etc.;
Describe setting materiality benchmarks, assessing risk of misstatement at the financial statement level, and
establishing overall audit strategy;
Explain the types of misstatements related to fraud, discuss the auditor's responsibility for fraud detection and
the fraud risk assessment process, etc.; and
1

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Examine various issues concerning substantive procedures including transaction testing, establishing fiscal
cutoffs, etc., summarize general planning procedures, and summarize miscellaneous issues related to
performing the audit, including estimating and managing time.
TO COMPLETE THIS LEARNING PROCESS:
Send your completed Examination for CPE Credit Answer Sheet, Course Evaluation, and payment to:
Thomson Reuters
Tax & Accounting R&G
NPOTG091 Selfstudy CPE
P.O. Box 966
Fort Worth, TX 76101
See the test instructions included with the course materials for more information.
ADMINISTRATIVE POLICIES:
For information regarding refunds and complaint resolutions, dial (800) 3238724 for Customer Service and your
questions or concerns will be promptly addressed.

2

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Lesson 1: RISK ASSESSMENT PROCEDURES
INTRODUCTION
This lesson explains the start of an annual audit in a continuing engagement for a nonprofit organization. The same
suggested approach should be used for a new engagement, with some modification.
The focus of this lesson is general planning decisions. General or preliminary planning should be distinguished
from detailed planning of audit programs. Preliminary planning includes deciding on an overall strategy for the
audit; obtaining an understanding of the entity and its environment, including its internal control; making an initial
assessment of audit risk and materiality; and deciding on the overall timing of the engagement.
Learning Objectives
Completion of this lesson will enable you to:
Examine, in general terms, authoritative literature, and various issues related to risk assessment and audit
planning;
Outline the types of risk assessment procedures, describe issues concerning audit inquiries, explain
preliminary analytical procedures to be performed, and discuss other issues related to the risk assessment and
planning process; and
Discuss risk assessment and other issues related to gaining an understanding of the entity under audit.
Authoritative Literature
The following standards establish key requirements and provide guidance that affect preliminary audit planning as
follows:
a. SAS No. 107 (AU 312), Audit Risk and Materiality in Conducting an Audit, requires auditors to consider audit
risk and determine and document materiality for the financial statements as a whole, as well as tolerable
misstatement, when planning the audit.
b. SAS No. 108 (AU 311), Planning and Supervision, addresses planning the audit, including topics such as
establishing an overall audit strategy, developing the audit plan, determining the extent of involvement of
professionals with specialized skills, supervision of assistants, communication with management and
those charged with governance, and considerations in initial audits.
c. SAS No. 109 (AU 314), Understanding the Entity and Its Environment and Assessing the Risks of Material
Misstatement, establishes the level of understanding of the entity and its environment, including its internal
control, the auditor should obtain for preliminary planning purposes. That standard also addresses risk
assessment procedures and assessing the risks of material misstatement.
d. SAS No. 110 (AU 318), Performing Audit Procedures in Response to Assessed Risks and Evaluating the
Audit Evidence Obtained, explains the requirements for establishing the nature, timing, and extent of further
audit procedures (both tests of controls and substantive procedures) in response to the assessed risks of
material misstatement. For example, the standard explains factors that affect decisions to test controls or
apply substantive procedures before the statement of financial position date.
In addition, aspects of the following standards also affect audit planning:
a. SAS No. 54 (AU 317), Illegal Acts by Clients, indicates that the auditor's responsibility for detecting
misstatements resulting from illegal acts having a direct and material effect on the determination of financial
statement amounts is the same as that for other errors and fraud. For other illegal acts, the auditor, in
conducting the audit, remains aware of their possibility but does not design the audit specifically to detect
them.
b. SAS No. 56 (AU 329), Analytical Procedures, requires the auditor to apply analytical procedures during the
planning stage (and the overall review stage) of the audit.
3

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

c. SAS No. 65 (AU 322), The Auditor's Consideration of the Internal Audit Function in an Audit of Financial
Statements, provides guidance on considering the work of internal auditors and on using internal auditors
to provide direct assistance to the auditor.
d. SAS No. 70 (AU 324), Service Organizations, provides guidance on obtaining an understanding of internal
control of a client that uses a service organization.
e. SAS No. 73 (AU 336), Using the Work of a Specialist, provides guidance when the auditor plans to use the
work of a specialist hired by the client or the auditor. It does not apply to a specialist employed by the
auditor's firm who participates in the audit.
f. SAS No. 74 (AU 801), Compliance Auditing Considerations in Audits of Governmental Entities and
Recipients of Governmental Financial Assistance, requires the auditor to design the audit to provide
reasonable assurance that the financial statements are free of material misstatement resulting from
violations of laws and regulations that have a direct and material effect on the determination of financial
statement amounts.
g. SAS No. 99 (AU 316), Consideration of Fraud in a Financial Statement Audit, requires the auditor to identify
and assess risks of material misstatement due to fraud and to design the audit to provide reasonable
assurance of detecting fraud that results in the financial statements being materially misstated.
h. Government Auditing Standards (Yellow Book), issued by the Comptroller General of the United States,
establishes planning and other field work standards.
i. AICPA Audit Guide, Government Auditing Standards and Circular A133 Audits (GAS/A133 AICPA Audit
Guide), provides guidance on performing Yellow Book audits and Single Audits.
The AICPA Audit and Accounting Guide, NotforProfit Organizations, also provides guidance on audit planning.
These authoritative pronouncements are explained further at the relevant points in the following discussion.
Objectives of Audit Planning
The first standard of fieldwork states that the auditor must adequately plan the work and must properly supervise
any assistants" (AU 150.02). According to SAS No. 108 (AU 311.02), Planning and Supervision, audit planning
involves developing an overall audit strategy for the expected conduct, organization, and staffing of the audit."
Audit strategy is the auditor's operational approach to achieving the objectives of the audit. It is a highlevel
description of the audit scope. It includes matters such as identifying material locations and account balances,
identifying audit areas with a higher risk of material misstatement, the overall responses to those higher risks, and
the planned audit approach by area (for example, substantive procedures or a combined approach of substantive
procedures and tests of controls).
Auditors generally establish a preliminary audit strategy before performing extensive risk assessment procedures
based on knowledge from past experience with the client and the results of preliminary engagement activities. As
auditors gather additional information through the performance of risk assessment procedures, they complete the
overall audit strategy, including overall responses at the financial statement level.
An overriding objective throughout the planning process is the identification of risks that should be considered and
an assessment of whether the risks could result in material misstatement of the financial statements. According to
SAS No. 108, obtaining an understanding of the entity and its environment, including its internal control, is an
essential part of planning the audit. Auditors must plan the audit so that it is responsive to the assessment of the risk
of material misstatement based on the auditors' understanding of the entity and its environment, including its
internal control.
Audit planning also includes development of an audit plan (also called the audit program). The audit plan is more
detailed than the audit strategy and documents the nature, timing, and extent of procedures to be performed to
obtain sufficient appropriate audit evidence.
4

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

The nature, timing and extent of audit planning varies with the size and complexity of the entity and with the
auditor's understanding of the entity and its environment, including internal control. However, audit planning
always includes a risk assessment process.
The Risk Assessment Process
The risk assessment process involves performing procedures, obtaining an understanding of various matters
about the entity and its environment, and making decisions and judgments about assessed risks and other matters
based on the understanding.
Procedures Performed. Risk assessment procedures include inquiry; analytical procedures; inspection; and
observation as well as related planning activities and procedures, including preliminary engagement activities
related to client acceptance and continuance and holding a discussion among the engagement team. The auditor
is required to perform all of these procedures when planning the audit.
The auditor's consideration of fraud required by SAS No. 99, Consideration of Fraud in a Financial Statement Audit,
is not separate from the consideration of audit risk but is integrated into the overall risk assessment process. That
is, the assessment of risks due to error occurs simultaneously with the assessment of risks due to fraud.
Understanding Obtained. Risk assessment procedures are performed to obtain an understanding of the entity
and its environment, including its internal control. The auditor obtains information about the following:
a. Industry, regulatory, and other external factors.
b. Nature of the entity.
c. Objectives and strategies and the related operating risks that may result in a material misstatement of the
financial statements.
d. Measurement and review of the entity's financial performance.
e. Internal control, which includes the selection and application of accounting policies.
f. Fraud risk factors.
Decisions and Judgments Made. The information obtained by applying risk assessment procedures is used to
make the important decisions and judgments that are part of audit planning. These decisions and judgments
include determining materiality levels and assessing risks of material misstatement at the financial statement and
relevant assertion levels.
Summary of Risk Assessment Process. Exhibit 11 summarizes the various elements in the risk assessment
process in the categories of procedures performed, understanding obtained, and decisions and judgments made.

5

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 11
The Risk Assessment Process
Procedures Performed

Understanding Obtained

Preliminary engagement
activities.
Inquiries of management
and others.
Preliminary analytical proce
dures.
Observation and inspection.
Discussion among the
engagement team.

Industry, regulatory, and
other external factors.
Nature of the entity.
Objectives, strategies, and
related operating risks.
Measurement and review of
the entity's financial perfor
mance.
Internal control.
Selection and application of
accounting policies.
Fraud risk factors.

*

*

Decisions and Judgments Made
Decisions at the Financial State
ment Level:
Materiality at the financial
statement level.
Materiality for particular
items of lesser amounts.
Risks of material misstate
ment at the financial state
ment level.
Overall audit strategy.
Decisions at the Account Bal
ance, Transaction Class, and
Relevant Assertion Level:
Tolerable misstatement.
Risks of material misstate
ment at the relevant asser
tion level, including identifi
cation of significant risks.
Nature, timing, and extent of
further audit procedures
(including tests of controls
and substantive proce
dures).

*

The Sequence of Audit Planning
Because an audit of financial statements is an iterative process, audit planning is not a discrete phase of the audit.
Audit planning continues throughout the audit even though many of the planning steps and procedures necessarily
are performed at the beginning of the audit process. Audit planning begins with engagement acceptance and
continues throughout the remainder of the audit. Also, many of the audit planning steps and procedures can be
performed simultaneously and tend to blend together. Nevertheless, having a logical sequence of steps and
procedures provides a useful framework. The suggested approach is presented in Exhibit 12.

6

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Exhibit 12
Steps in the Audit Process Related to Planning
Preliminary Engagement Activities
1. Perform procedures regarding acceptance or continuance of the client relationship and the specific audit
engagement.
2. Evaluate compliance with ethical requirements, including independence.
3. Establish an understanding with the client and communicate in an engagement letter.
General Audit Planning at the Financial Statement Level
4. Establish preliminary audit strategy.
5. Determine the nature, timing, and extent of risk assessment procedures and perform the procedures.
6. Determine the materiality level for the financial statements taken as a whole (preliminary planning materiality)
and materiality for particular items of lesser amounts.
7. Perform preliminary analytical procedures (a risk assessment procedure).
8. Hold a discussion among the engagement team.
9. Identify fraud risk factors, areas where special audit consideration may be necessary, and other areas where
there may be higher risks of material misstatement.
10. Assess audit risk at the overall financial statement level.
11. Complete the overall audit strategy, including overall responses at the financial statement level.
Detailed Audit Planning at the Relevant Assertion Level for Account Balances, Transaction Classes, and
Disclosures
12. Determine tolerable misstatement (often in conjunction with Step 6).
13. Assess audit risk in relation to relevant assertions for transactions classes, account balances, and disclosures.
14. Develop a detailed audit plan for the nature, timing, and extent of further audit procedures.

*

*

*

Depending on the auditor's knowledge and past experience with the client, as well as other factors, certain
planning steps might be performed at differing stages or sequences from one engagement to the next. For
example, the sixth step, determine the materiality level for the financial statements taken as a whole, and the twelfth
step, determine tolerable misstatement, are often performed concurrently. For the eighth step, the discussion
among the engagement team, the precise timing of this meeting can vary with the circumstances, but should occur
relatively early in planning, and it is not required to occur in any particular sequence.
In addition to a GAAS financial statement audit, many nonprofit organizations have a financial audit performed
under Government Auditing Standards and, possibly, a Single Audit. If this is the case, the audit will be subject to
several additional requirements, some of which affect planning and risk assessment activities.
Organization of This Lesson
This lesson focuses on those portions of the risk assessment process relating to general audit planning, the
performance of risk assessment procedures, and the determination of the overall audit strategy. Even though
7

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

tolerable misstatement is applied at the account balance and transaction class level rather than at the financial
statement level, it is also addressed in this lesson because it is often determined concurrently with planning
materiality.
The organization of this lesson is as follows:
Risk assessment and other planning procedures.
The understanding of the nonprofit entity and its environment (excluding internal control).
The general requirements for obtaining an understanding of internal control and a suggested approach.
Obtaining an understanding of entity-level controls, including the control environment, risk assessment,
information and communication (excluding the financial reporting system), and monitoring.
Obtaining an understanding of activity-level controls, including the financial reporting system, IT
environment and general computer controls, and control activities.
The planning decisions and judgments made by the auditor culminating in the overall audit strategy.
The auditor's consideration of fraud and how it integrates with the overall risk assessment process.
The auditor's consideration of whether to perform substantive procedures before the statement of financial
position date.
General planning procedures and forms.
Planning the audit time estimate and documenting the time spent performing the audit.

8

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
1. Which of the following statements is correct concerning audit strategy and audit planning?
a. Audit strategy is a theoretical approach to achieving audit objectives.
b. Preliminary audit strategy is established after risk assessment.
c. Risk assessment is a component of audit planning.
d. The audit strategy is also referred to as the audit plan.
2. Which of the following is part of the decisions made at the financial statement level through the risk assessment
process?
a. Overall audit strategy.
b. Objectives and related operating risks.
c. Selection of accounting policies.
d. Risks of material misstatement at the relevant assertion level.

9

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
1. Which of the following statements is correct concerning audit strategy and audit planning? (Page 4)
a. Audit strategy is a theoretical approach to achieving audit objectives. [This answer is incorrect. Audit
strategy is an auditor's operational approach to achieving audit objectives.]
b. Preliminary audit strategy is established after risk assessment. [This answer is incorrect. Preliminary audit
strategy is generally established before risk assessment procedures are performed.]
c. Risk assessment is a component of audit planning. [This answer is correct. Audit planning always
contains a risk assessment process.]
d. The audit strategy is also referred to as the audit plan. [This answer is incorrect. The audit plan is more
detailed than the audit strategy, documenting the procedures necessary to obtain sufficient audit
evidence.]
2. Which of the following is part of the decisions made at the financial statement level through the risk assessment
process? (Page 6)
a. Overall audit strategy. [This answer is correct. Developing the overall audit strategy is one of the
decisions made at the financial statement level via the risk assessment process.]
b. Objectives and related operating risks. [This answer is incorrect. Objectives, strategies, and related
operating risks are part of the understandings obtained through the risk assessment process.]
c. Selection of accounting policies. [This answer is incorrect. Selection and application of accounting policies
is an element of the understandings obtained through the risk assessment process.]
d. Risks of material misstatement at the relevant assertion level. [This answer is incorrect. The relevant
assertion level is a lower level than the financial statement level. At this level, the auditor is concerned with
account balances and transaction classifications.]

10

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

OTHER PLANNING PROCEDURES AND RISK ASSESSMENT
An overriding objective throughout the planning process is the consideration of risks that should be assessed and
whether they could result in material misstatement of the financial statements. SAS No. 106 (AU 326.21) clearly
indicates the role of the risk assessment procedures within this process as follows:
The auditor must perform risk assessment procedures to provide a satisfactory basis for the
assessment of risks at the financial statement and relevant assertion levels.
Obtaining an understanding of the entity and its environment, including its internal control, is an essential aspect of
the consideration of risk. Thus auditing standards refer to the audit procedures performed to obtain that under
standing as risk assessment procedures because the information obtained by performing those procedures is
used to support the auditor's assessment of the risk of material misstatement. Auditors normally consider the
effectiveness of various types of risk assessment procedures in identifying risks during the planning process. The
risk assessment standards encourage this by requiring the use of a variety of risk assessment procedures when
obtaining an understanding of the entity and its environment. For example, an auditor cannot limit his or her risk
assessment procedures to only inquiry.
In addition to obtaining information about the entity and its environment, including its internal control, the perfor
mance of risk assessment procedures may provide audit evidence about relevant assertions related to account
balances, transaction classes, or disclosures, or about the operating effectiveness of controls. Therefore, risk
assessment procedures may also serve as tests of controls or substantive procedures, or may be performed
concurrently with those procedures.
Types of Risk Assessment Procedures
The risk assessment and other planning procedures required by SAS Nos. 108 and 109 to obtain information about
the entity and its environment, including its internal control, and to assess the risks of material misstatement include
the following:
a. Preliminary engagement activities, including establishing an understanding with the client.
b. Inquiries of management and others.
c. Preliminary analytical procedures.
d. Observation and inspection, such as visits to the entity's premises and tracing transactions through the
information system (that is, walkthroughs).
e. Discussion among the engagement team.
Each of the procedures listed is explicitly required by the risk assessment standards and, except for item d, is also
explicitly enumerated in SAS No. 99, Consideration of Fraud in a Financial Statement Audit, as a source of
information that should be considered when identifying risks of material misstatement due to fraud. SAS No. 109
requires the auditor to perform the procedures specified in items bd when obtaining an understanding of the entity
and its environment. There is no requirement that each of those procedures be performed for every component of
the required level of understanding outlined in the second standard of field work. However, the standards are
explicit in indicating that inquiry alone is not sufficient to evaluate the design and implementation of internal control.
Therefore, observation and inspection will most likely be coupled with inquiry procedures when obtaining the
understanding of internal control.
Nature, Timing, and Extent General Considerations. The nature, timing, and extent of some risk assessment
procedures may be relatively consistent across audit engagements, but some procedures will require tailoring in
response to the information gathered. For example, in all audits the auditor will make inquires of management
responsible for financial reporting about accounting policies and other aspects of the financial reporting process,
inquiries of development personnel concerning restrictions or conditions on contributions, inquiries of program
11

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

directors about terms of government grants and contracts, and may make inquiries of legal counsel of restrictions
imposed by funding sources. However, determining others within the entity to whom related questions may be
directed will depend on the circumstances and the specific information gathered about the entity. Thus, perfor
mance of risk assessment procedures often can begin without extended consideration of their nature, timing, and
extent, but other aspects of the risk assessment procedures can only be determined after some information is
gathered about the entity and its environment.
Gathering Other Information Needed to Identify Fraud Risks. In connection with obtaining an understanding of
the nonprofit organization's environment, auditors may become aware of information that is relevant to identifying
fraud risks. In addition, auditors should perform the following procedures to obtain information that is used to
identify fraud risks:
Inquire of management and others in the nonprofit organization about the risks of fraud and how they are
addressed.
Consider the results of preliminary analytical procedures.
Consider the existence of fraud risk factors.
Consider certain other information such as identified inherent risks and information resulting from the
discussion among engagement team members, client acceptance and continuance procedures, and
reviews of interim financial statements.
Using the Results of Risk Assessment Procedures Performed in Prior Periods. Since professional standards
require the performance of risk assessment procedures to obtain an understanding of the entity and provide a
basis for the assessment of risks, can the auditor use information gathered from procedures performed in a prior
period and limit the extent of current year procedures? The answer is a qualified yes."
The process of understanding the nonprofit organization client's environment and culture is continual. For a new
engagement, a basic level of knowledge is needed to begin preliminary planning. However, a significant amount of
knowledge is gained during the audit. The auditor's previous experience with the entity also contributes to the
understanding of the entity and its environment. Audit procedures performed in previous audits ordinarily provide
useful audit evidence about the following:
The entity's organizational structure, operations, and controls.
Past misstatements and whether they were corrected on a timely basis.
Information about past misstatements assists the auditor in assessing risks of material misstatement in the current
audit. Before using information obtained in prior periods, however, the auditor should determine whether changes
have occurred that may affect its relevance in the current audit. According to SAS No. 109 (AU 314.11), The auditor
should make inquiries and perform other appropriate audit procedures, such as walkthroughs of systems, to
determine whether changes have occurred that may affect the relevance of such information." The typical nonprofit
organization is subject to rapid change, and the auditor should make an annual reassessment of whether changes
may be needed in audit strategy and approach. The auditor can update knowledge of the entity and its environ
ment through discussions with key client personnel, including operating personnel outside the accounting depart
ment combined with inspection of interim financial reports and budgets. The auditor is interested in identifying
changes in personnel; procedures; processes; contracts; funding sources; services; contingencies; facilities;
nature of the activities; management; financial condition; conditions and events or operating results that are
relevant to the going concern assumption; loan covenant compliance; litigation status; control environment or
activities; fraud risks; management attitude toward, or pressures on, the auditors; scope of the engagement; and
any other internal or external conditions that might be of audit significance. These changes may change the client's
activities risk or the auditor's assessment of risks of material misstatement. Therefore, the auditor should perform
some risk assessment procedures in the current audit to determine whether changes have occurred that affect the
relevance of information gathered in previous audits. For example, auditors might perform inquiries of client
management and key client personnel, including accounting personnel outside the accounting department or
other parties, supplemented by observation and inspection (for example, review of interim financial reports and
budgets and walkthroughs) to determine if changes have occurred.
12

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

As a result, although the nature of the auditor's procedures always includes inquiries, observation, and inspection,
it is believed the extent of risk assessment procedures will often be considerably less in continuing engagements
than in initial engagements, consisting primarily of sufficient procedures to identify and evaluate changes. The
extent of current period risk assessment procedures may need to be increased, however, in response to the
following:
The information relates directly to a past misstatement or risk of material misstatement identified in the prior
year.
Other information obtained through risk assessment procedures indicates a possible significant change
in the current year.
There is a greater likelihood that significant changes will occur given the nature of the information.
Specialized Considerations for Nonprofit Organizations. During the process of identifying risks unique to
nonprofit organizations that could affect the financial statements, the auditor should consider questions such as the
following:
If the nonprofit organization is a foundation, are there concerns about jeopardizing the foundation's
charitable purpose due to improper investments for tax purposes?
Are bond rating agencies considering changing the nonprofit organization's bond rating?
Has the organization received unfavorable publicity that could affect its revenue streams?
Is a performing arts organization or museum having trouble filling its event calendar because of dwindling
funding?
Have there been changes in the terms of the nonprofit organization's grants (for example, are the grants
suddenly for shorter terms or are the grants for programs that are being phased out)?
Does the nonprofit organization face issues concerning students or employees with foreign visas?
Have changes in the local economy or fundraising efforts by other nonprofit organizations affected the
client's ability to raise funds for its own activities?
Does the nonprofit organization rely heavily on contributions from a single source and how likely is it that
the source will discontinue contributions (for example, a company will relocate and discontinue local
contributions or a philanthropist will die and no longer contribute annually)?
Has the organization obtained any required indirect cost audits?
Are financial reports prepared and distributed to large funding sources (in addition to government grants)
and do these reports agree to the audited financial statements? Are such reports prepared on a timely
basis?
Past experience with the client is one of the primary ways of identifying the risk of misstatement from error. For
example, does the nonprofit organization's fundraising or development department fail to properly communicate
new pledges or changes in multiyear or existing pledges to the accounting department so that contributions
receivable are not accurately recorded? Or are the contributions receivable only recorded at year end? Does the
organization expense fixed asset purchases during the year to numerous programs and then attempt to capitalize
those expenses at year end? Does the nonprofit organization maintain its daytoday accounting records on a fund
basis and convert the financial statements to net asset classes as required by GAAP only at year end? Often, when
a nonprofit organization does not follow GAAP during the year and attempts to record material correcting entries at
year end, there is an increased risk that the financial statements will be materially misstated.
The competence of accounting personnel and the quality of the accounting and financial reporting system are the
other primary sources of information on the risk of misstatement arising from error. Employee training and skills can
13

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

affect the effectiveness of internal control, particularly for smaller organizations. Accounting is sometimes seen as
less important than the organization's public service purposes. In some instances, limited resources may prevent
the organization from having a sufficient number of employees to permit an adequate segregation of duties. Also,
lower pay scales may result in the organization hiring accounting and bookkeeping personnel with limited account
ing education or experience. Similarly, rapid employee turnover can mean that replacements may not receive
adequate training.
The following paragraphs address the risk assessment procedures and their role in identifying and assessing risk.
Inquiries of Management and Others
Inquiry of management and others is used extensively throughout the audit planning process. In many cases, it
serves as a foundation for the performance of other risk assessment procedures in that the responses obtained
drive the need for additional or corroborating procedures. Inquiry consists of several elements posing a question
or requesting information on a matter, evaluating the response, and following up to obtain additional information as
needed. As such, inquiry can be an extremely effective procedure in identifying risks. For example, an auditor might
ask management about the level of cash contributions that the organization receives as compared to similar
organizations. The auditor would then evaluate the response obtained and determine if a potential risk exists. In this
case, the auditor is concerned about potential misappropriation of cash. If the auditor deems that there is an
indication of this risk, additional inquiries might be posed to further identify the risk and determine whether other
risk assessment procedures are necessary.
Although inquiry is a critical risk assessment procedure, inquiry cannot be used alone when identifying and
assessing risks. Professional standards require the use of inquiry, analytical procedures, and observation and
inspection during the risk assessment process. Furthermore, auditors are prohibited from only using inquiry when
evaluating the design and implementation of internal control.
Matters and Parties of Inquiry. The auditor should inquire of management about the following matters:
a. The aspects of the entity and its environment as enumerated in SAS No. 109 (AU 314.21).
b. The information about fraud, suspected fraud, fraudrelated programs and controls, and risks of fraud as
enumerated in SAS No. 99 (AU 316.20.21).
Examples of the members of management that auditors may consider interviewing include:
The chief executive officer (president or executive director).
The controller.
The chief financial officer.
Director of fundraising or development.
Director of human resources.
Director of information technology.
Some nonprofit organizations rely heavily on volunteers to help carry out the organization's mission, including
volunteer financial management, recordkeeping, or accounting services. In many cases, those volunteers function
like management or employees of the organization, and auditors should consider making the same inquiries of
them as those for management and employees. The terms employee and management in the following paragraphs
would also include volunteers performing employee or management functions.
The auditor might decide that inquiries of others within and outside the entity, in addition to management and those
responsible for financial reporting, would be useful. Examples of other inquiries that might be made include the
following:
a. Others Charged with Governance. Their involvement in the financial reporting process and how financial
statements are used. (SAS No. 99, AU 316.22, requires the auditor to inquire directly of the audit committee,
14

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

or at least its chair, about the risks of fraud and knowledge of fraud or suspected fraud.) If the organization
does not have an audit committee, inquiries should be made of individuals with a level of authority and
responsibility equivalent to an audit committee, such as the board of directors, board of trustees, chair of
the governing board, the budget or finance committees, or others who may have engaged the auditor.
b. Internal Audit. Activities concerning the design and effectiveness of internal control and management's
responses to any findings by the internal audit function. (SAS No. 99, AU 316.23, requires inquiry of internal
audit personnel about risks of fraud, knowledge of fraud or suspected fraud, and activities concerning fraud
detection.)
c. Other Employees. Their role in the financial reporting process and additional or corroborating information
to support management's responses. (SAS No. 99, AU 316.24, requires inquiry of others within the entity,
determined through the auditor's judgment, about the existence or suspicion of fraud.) Auditors may
consider obtaining the perspective of employees from different functional areas and at varying levels of
authority when identifying risks of material misstatement. Examples of inquiries that may be made of other
employees include:
(1) Financial Reporting Personnel. Appropriateness of the selection and application of accounting
policies, including the initiation, authorization, processing, or recording of complex or unusual
transactions. (SAS No. 99, AU 316.58, explicitly requires inquiries about knowledge of inappropriate
or unusual activity relating to the processing of journal entries and other adjustments.)
(2) Inhouse Legal Counsel. Litigation, compliance with laws and regulations, knowledge of fraud or
suspected fraud, restrictions on resources imposed by funding sources and related legal
requirements.
(3) Fundraising or Development Personnel. Changes in fundraising strategies and contributor activity.
(4) IT Systems Users. Their role in identifying changes to IT systems, how frequently changes occur,
effectiveness of application and access controls, and excessive system downtime and other
functional issues.
d. Parties Outside the Entity. Inquiries of parties outside the entity are not required but are procedures that
might be helpful. For example, the auditor might find it useful to make inquiries of external legal counsel
or of valuation experts that management has engaged.
When deciding which individuals within the entity to make inquiries of, it may be helpful to consider
Employees who may have additional knowledge of matters identified in discussions with management or
the audit committee, or during the engagement team discussion.
Employees who may be able to corroborate information received from management or others.
Employees who may offer a unique or different perspective about the risks of material misstatement due
to their background, tenure, etc.
Employees who might provide information about the possibility of management override of controls.
In addition to those parties identified previously, examples of the types of individuals within the entity that auditors
may consider interviewing include
Employees at varying levels of authority within the entity, from lowlevel clerical employees to senior
management, including employees the auditor comes in contact with while obtaining an understanding
of internal control, or obtaining explanations for significant differences or fluctuations arising from analytical
procedures.
Employees outside the accounting department.
15

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Operating personnel.
Employees involved in recording or processing journal entries.
Employees involved in initiating, recording, or processing complex or unusual transactions.
Employees in areas identified as vulnerable to the risk of fraud or error during the engagement team
discussion.
Employees with key roles in internal control.
Employees referred to by other interviewees.
Government Auditing Standards Requirements. Government Auditing Standards require auditors to make inqui
ries about findings and recommendations from previous engagements and evaluate whether appropriate correc
tive actions have been taken to address findings that could have a material effect on the financial statements. The
Yellow Book, at Paragraph 4.09, states that auditors should ask management to identify previous audits, attesta
tion engagements, and other studies that directly relate to the objectives of the audit, including whether related
recommendations have been implemented." Auditors are required to use this information when assessing risk and
determining the nature, timing, and extent of audit work, including the testing of implementation of corrective
actions.
Fraudrelated Inquiries. As part of gathering the information needed to identify fraud risks, SAS No. 99 requires
auditors to inquire of management and others about:
Their knowledge of any actual fraud or suspicions of fraud affecting the organization.
Their awareness of any allegations of fraud or suspected fraud affecting the organization.
Their understanding of the risks of fraud within the organization, including any specific fraud risks the
organization has identified or account balances or transaction classes that may be susceptible to fraud.
How they communicate to employees the importance of ethical behavior and appropriate business
practices.
Programs and controls the organization has implemented to address identified fraud risks or otherwise
help prevent, deter, and detect fraud and how those programs and controls are monitored.
The nature and extent of monitoring multiple locations and whether any of them have a higher level of fraud
risk.
Whether they have reported to the audit committee (or its equivalent) about how the organization's internal
control serves to prevent, deter, and detect material misstatements due to fraud.
The objective of the inquiry includes obtaining different perspectives on financial statement areas and organiza
tional areas and locations with a risk of fraud and identifying whether anyone has suspicions or actual knowledge
of fraud.
Exhibit 13 presents a list of questions the auditor might consider asking management at a nonprofit organization.

16

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Exhibit 13
Inquiries about Fraud Risks for Management
Required Inquiry

Possible Questions

Their knowledge of any actual fraud or suspicions of
fraud affecting the organization.

Are you aware of any actual instances of fraud
within the organization?
Do you have any reason to suspect fraud may be
occurring within the organization? If so, where and
how?
Have you seen any changes in employee
behavior?

Their awareness of any allegations of fraud or
suspected fraud affecting the organization.

Have you received any communications from
employees, former employees, regulators, or oth
ers alleging fraud?

Their understanding of the risks of fraud within the
organization, including any specific fraud risks the
organization has identified or account balances or
transaction classes that may be susceptible to
fraud.

Which types of transactions, account balances,
financial statement classifications, or organization
locations are most at risk for intentional misstate
ment or theft?
Have you identified any specific risks of fraud within
the organization?
What would be the easiest way for someone to
misstate the financial statements or steal assets
without getting caught?
If someone were going to overstate or understate
net income, how would they do it?
If someone were going to steal and cover it up, how
would they do it?
Does the organization use source documents that
could be easily accessed and forged?
How could false entries be made to the accounting
system?
What departures from GAAP are most common in
the sector? What departures from GAAP are most
likely at your organization?
Where are the weaknesses in the organization's
internal controls?
Which controls can be bypassed or overridden?
Are there instances where controls have been
bypassed or overridden in the past?
Have other nonprofit organizations identified any
common frauds?
Have there been any changes within the industry or
the organization that have created or changed risks
of fraud?

How they communicate to employees the impor
tance of ethical behavior and appropriate operating
practices.

What instructions do you give to employees about
how they are expected to behave when conducting
activities?
How do you make it clear to employees that
fraudulent or unethical behavior will not be
tolerated?

17

Companion to PPC's Guide to Audits of Nonprofit Organizations

Required Inquiry

NPOT09

Possible Questions

Programs and controls the organization has
implemented to address identified fraud risks or
otherwise help prevent, deter, and detect fraud and
how those programs and controls are monitored.

What measures have you taken to address specific
risks of fraud within the organization?
What controls have been implemented to prevent
one person from perpetrating and concealing a
fraud when segregation of duties is not possible?
What procedures are in place for initiating, approv
ing, and processing nonroutine transactions?
How have employees been told to communicate
suspected fraud?
Are there any other programs and controls in place
to help prevent, deter, or detect fraud?
How do you monitor the organization's antifraud
programs and controls to make sure they are
working as intended?

The nature and extent of monitoring multiple
locations or programs and whether any of them
have a higher level of fraud risk.

Do fraud risks exist or are they more likely to exist
in particular organization locations or programs?
How do you monitor the organization's operating
locations or programs to reduce the likelihood of
fraud occurring and going undetected?

Whether they have reported to the audit committee
(or its equivalent) about how the organization's
internal control serves to prevent, deter, and detect
material misstatements due to fraud.

Have you reported to the audit committee (or its
equivalent) about how the organization's internal
control serves to prevent, deter, and detect material
misstatements due to fraud?

*

*

*

If applicable, the auditor should also inquire directly of the audit committee (or at least its chair) about the
committee's understanding of the risks of fraud and its knowledge of any actual or suspected instances of fraud. In
addition, the auditor should obtain an understanding of the audit committee's role in overseeing the organization's
fraud risk assessment and monitoring process. If the organization does not have an audit committee, inquiries
should be made of individuals with a level of authority and responsibility equivalent to an audit committee, such as
the governing board, board of trustees, the chair of the governing board, the budget or finance committees, or
others who may have engaged the auditor. Inquiries also should be made of internal auditors if the organization has
an internal audit function.
In addition to inquiries of management, the audit committee, and internal auditors, inquiries should be made of
other employees to determine whether they are aware of fraud that is occurring or have suspicions of fraudulent
activity. Deciding which employees to make inquiries of and the extent of those inquiries is a matter of professional
judgment that depends primarily on whether the auditor believes those employees may provide information that is
relevant to identifying fraud risks. At a minimum, the auditor should ask the following questions:
Are you aware of any actual fraud within the organization?
Do you have any reason to suspect fraud is occurring within the organization? If so, where and how?
Do you have any reason to suspect your superior is committing fraud?
See Exhibit 14 for possible illustrative questions that might be appropriate for employees of different levels and
departments.

18

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Exhibit 14
Possible Inquiries about Fraud Risk for Nonprofit Organization Employees
Suggested Questions

Direct Inquiries to

Do you know of anyone who is stealing from the organization?
All employees selected
Do you suspect that anyone is stealing from the organization?
Do you know of anyone in the organization who is manipulating the accounts
or records?
How could someone steal from the organization without getting caught?
If I were to do [indicate potential fraud], how would I get caught?
How would you describe the organization's (and/or management's) values and
ethics?
What is it like to work here? How is the overall morale?
Are you upset with the organization for any reason? Do you know of anyone who
is?
Have you ever been asked to ignore or override a policy or procedure that is part
of your job? Who asked you?
Have you ever seen another employee circumventing organization policies,
procedures, or controls? What explanation did they give?
Have you noticed any unusual changes in the behavior or lifestyle of
management or any other employees?
Do you know of any employees who are under pressure to make ends meet
financially?
How do you think this organization compares with others in terms of the honesty
of its employees?
Do you think your coworkers are honest?
Has anyone you work with ever asked you to do anything you thought was
illegal or unethical? What would you do if someone asked you?
Have you ever been asked to enter false information in the system or records?
Has anyone you work with ever asked you to withhold information from the
auditors or alter documents or records?
Has the entity communicated how you should report suspected fraud? If so,
would you feel comfortable in reporting suspected fraud in this manner? Do you
believe that reporting suspected fraud would not be held against you by
management or others?
Is there anything else you would like to add, or anyone else we should talk to?
I must ask you one last question. Have you yourself done anything against the
organization that was illegal or unethical?
What factors (such as market competition or changes in technology) may Fundraising, marketing,
threaten the organization's ability to continue operations?
and program managers
How would reporting improved financial results (i.e., increased contribution or
earned revenue, improved expense ratios, projects within budget, etc.) help the
organization?
What pressure is put on employees to achieve the organization's contribution
revenue targets or project or program budgets, and by whom? Are there
compensation incentives for reaching fundraising targets?
Were any unusual contributions or promises to give received at or near the end
of the year?
What types of donor or customer complaints do you typically receive?

19

Companion to PPC's Guide to Audits of Nonprofit Organizations

Suggested Questions

NPOT09

Direct Inquiries to

How is management and/or the board compensated? Are there significant Human resources
fringe benefits such as travel, use of autos, or use of facilities?
Has management exerted any pressure upon you or others to override, modify,
or falsify compensation awards, agreements, or plans without sufficient
justification and approval for the situation?
Are there compensation incentives for reaching fundraising targets?
Has there been any significant turnover in personnel? In what departments?
Are there any recent or planned layoffs or changes in pay rates or benefit plans
that have or could upset the workforce?
Have recent bonuses, raises, and promotions met employee expectations? Is
there anything planned in those areas that could cause resentment among
employees?
Have employees complained about work conditions, management demands
or style, or other matters that could lead to pressures or incentives to commit
fraud?
How active is management in supervising the accounting department?
Accounting and finance
Does management (including senior finance executives) demonstrate an
attitude of shoot the messenger" when learning of unfavorable financial results
or incidents?
What are the weaknesses in the organization's internal controls?
Do any of the organization's accounting policies seem inappropriate or overly
aggressive?
Does management always tend to favor amounts that are on the high (low) side
when developing accounting estimates, such as estimated liabilities and
valuation accounts?
Does management often use materiality to justify questionable accounting
practices?
Does it ever seem like the method of accounting for a transaction is more
important than the transaction itself? Can you give me an example?
Does anyone run personal expenses through the organization?
What aspect of the organization's performance is management most con
cerned about?
Are there any changes in procedures or improvements in controls that could
easily be made, but management has chosen not to?
Have there been any unusual changes in the way transactions are processed?
Have you ever been asked to record any journal entries that seemed unusual
or lacked support?
Have you ever been asked to make false entries in the accounting records?
Has the organization's relationship with particular suppliers significantly Purchasing
changed (improved or deteriorated) in the past year?
What types of vendor complaints do you typically receive?
Do any vendors have a close or unusual relationship with management?
Is there any inventory you have been told not to count?
Production and inventory
Has there been any unusual movement of goods at or near yearend?
Have there been any unusual changes in the way customer shipments are
handled?
Are there any inventories that you suspect are unjustly overvalued or no longer
salable?
Have you been asked to falsify inventory count sheets or records?

*

*
20

*

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Making inquiries of employees outside the accounting department or those at varying levels of authority may be
useful in providing a different perspective about the risks of fraud. Their responses may corroborate responses
received from management, or may provide information about the possibility of management override of controls.
For example, an employee may indicate there has been an unusual change in the way transactions are processed.
Inquiries of employees outside the accounting department may also provide information about the effectiveness of
management's communication and support of the organization's values or ethics throughout the organization.
Because management is often in the best position to perpetrate and conceal fraud, the need for professional
skepticism in making the auditor's inquiries of management cannot be overemphasized. Generally, it is necessary
to corroborate responses, especially those of management. Additional audit evidence should be obtained to
resolve any inconsistencies among responses.
Documentation. SAS No. 109 (AU 314.122) requires documentation of risk assessment procedures performed in
obtaining an understanding of the entity and its environment. When documenting inquiry procedures, SAS No. 103,
Audit Documentation (AU 339.21), provides the following guidance:
Audit documentation of procedures performed, including tests of operating effectiveness of
controls and substantive tests of details that involve inspection of documents or confirmation,
should include the identifying characteristics of the specific items tested.
In conjunction with this requirement, the standard provides an example for documenting inquiries of specific entity
personnel indicating that auditors may document the date of the inquiry, name and job description of the individual
queried, and the nature of the inquiry. Documenting these identifying characteristics when performing risk assess
ment inquiry procedures is recommended.
Preliminary Analytical Procedures
SAS No. 56 (AU 329.04) states that analytical procedures should be applied to some extent in all audits of financial
statements to assist the auditor in planning the nature, timing, and extent of other auditing procedures. To
accomplish this, SAS No. 56 (AU 329.06) indicates that analytical procedures used in planning the audit should
focus on
a. Enhancing the auditor's understanding of the client's activities and the transactions and events that have
occurred since the last audit date.
b. Identifying areas that may represent specific risks relevant to the audit.
Knowledge of the client and the activity or activities in which it operates is interrelated with the use of analytical
procedures in audit planning. Performing effective preliminary analytical procedures requires the auditor to under
stand the entity's activities to know what relationships would be expected to exist, what relationships would be
considered unusual or unlikely, and what plausible explanations might exist for observed relationships. That
knowledge is also important in assessing the significance of differences from expected relationships. For that
reason, the auditor generally needs an understanding of the entity's activities before performing preliminary
analytical procedures.
SAS No. 56 does not require the use of any particular analytical procedures. It recognizes that the sophistication,
extent, and timing of analytical procedures may vary widely, depending on the size and complexity of the client.
SAS No. 56 (AU 329.07) states:
For some entities, the procedures may consist of reviewing changes in account balances from
the prior to the current year using the general ledger or the auditor's preliminary or unadjusted
working trial balance.
For a nonprofit organization, other preliminary analytical procedures may consist primarily of analysis of ratios or
trends related to liquidity, solvency, and activity combined with inquiries of financial and operating management.
For example, comparing support and revenue by source for the past five years improves understanding of the
nonprofit organization's operations and may identify a revenue source that requires increased attention in the
current audit.
21

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Other than the analytical procedures performed to comply with SAS No. 99, analytical procedures used in the
planning stage only need to be designed to point out audit areas that may be indicative of potential risks and, thus,
need special emphasis. In the audit of a small nonprofit organization, simple comparisons and ratios are ordinarily
effective, and the auditor normally need not make use of complex mathematical or statistical models. Depending
on the facts and circumstances, analytical procedures may be limited to comparing the major account balances
shown in the unadjusted general ledger with the financial statements for the prior year. For example, information
acquired in prior audits may enable the auditor to make preliminary judgments about the inherent and control risks
for assertions about material accounts and about the substantive procedures that would reduce detection risk to
the desired low level. In that situation, the auditor would compare the unadjusted balances for this year with the
adjusted balances for last year to identify assertions that may require altering the planned substantive procedures.
For larger or more complex entities, however, more sophisticated preliminary analytical procedures, such as ratio
or trend analysis, may be used.
If ratio analysis is used, the auditor should focus on a few key relationships that provide an improved understanding
of the financial statements and significant operating or financial changes. For example, it might be possible to
compare receipts from annual fundraising drives to total support to detect improper revenue recognition. Another
example of a ratio that may detect improper revenue recognition for a nonprofit organization is the ratio of
fundraising expenses to contribution revenue. A recorded amount of expense that is significantly lower than the
amount needed to produce the recorded amount of revenue might indicate overreporting of revenue. On the other
hand, nonprofit organizations that report contribution revenue with little or no fundraising expenses may have
underreported expenses in order to maintain favorable expense ratios. The auditor's discussions with management
should identify the ratios and relationships that management considers important in running the business.
When using interim financial information in the analytical review, the auditor should be aware of factors, such as
seasonal trends, that should be considered in making comparisons. For example, if the auditor is using information
as of the end of November and the client's activities are highly seasonal with substantial activity in December
(frequently the case for nonprofit contributions received), a straight annualization of interim information will not
provide a meaningful comparison.
The auditor should avoid merely making mechanical computations and comparisons. The auditor should bring as
much creativity and insight to the review as possible. Auditors should consider tailoring the procedures to the
individual client by determining which trends, ratios, and relationships are most relevant.
In the audits of most small nonprofit organizations, the auditor normally has a sufficient understanding of the client
and its operations to judgmentally consider the expected relationships. A precise quantification of these relation
ships is not required and is often not a costeffective approach. No matter which financial relationships are selected
for comparison purposes, the analytical review should include a knowledgeable scanning of the financial informa
tion to identify unusual changes and unexpected relationships that indicate specific areas of risk of material
misstatement.
Using Analytical Procedures When Large Audit Adjustments Are Expected. Analytical procedures may not be
very useful in audit planning when several large audit adjustments are expected. In that case, auditors should
consider limiting the analytical procedures used for audit planning as follows:
a. Look at Major Fluctuations in Financial Statement Line Items or Large Account Balances. This procedure
can identify areas that may require additional audit attention. For example, large increases in a notes
payable account may mean there are new loans. Also, the auditor may identify large other income accounts
that require detail testing. Auditors should concentrate on fluctuations in accounts that have not typically
needed adjustments in the past.
b. Look at Changes in Bottom Line Numbers. Fluctuations in bottom line numbers such as change in total net
assets or changes in net assets by class (unrestricted, temporarily restricted, permanently restricted) can
identify unfavorable trends and going concern problems.
c. Look at Ratios That Should Not Change. Examine areas where major adjustments are not expected. For
example, if the auditor does not expect major adjustments to contributions receivable, then aging statistics
22

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

and other ratios can be calculated in the planning phase to help determine the nature and extent of testing
of the allowance.
Auditors should remember that analytical procedures should be used to understand important relationships in the
client's financial and nonfinancial data. They should not be simply a mechanical exercise. Also, audit planning is
not confined to the start of the engagement. SAS No. 108 (AU 311.03) states that audit planning continues
throughout the audit. So analytical procedures also can be used for planning during fieldwork.
The Value of Preliminary Analytical Procedures in Risk Identification. To be effective in identifying potential
risks of material misstatement, analytical procedures should be designed to identify the absence of an expected
relationship or the presence of an unexpected relationship. For example, there should be a predictable relationship
among contributions, promises to give, and fundraising expenses based on historical patterns of the organization.
Also, the auditor would expect the relationship to change in predictable ways in response to known changes in
programs, contributor composition, fundraising methods, and the local economy. Therefore, a key element in the
performance of preliminary analytical procedures for the purpose of identifying potential risks of material misstate
ment is the auditor's development of expectations about plausible relationships that are reasonably expected to
exist. The expectations serve as the benchmark when comparing recorded amounts or ratios to determine unusual
or unexpected changes or the absence of expected changes that might be the result of misstatements.
Unusual or unexpected relationships can be anything out of the ordinary. They are relationships, account balances,
or transaction amounts that do not make sense. They may include trends and relationships that are at odds with
comparable industry data. Ratios may be too unusual or too unrealistic to be believable even if the client appears
to have a logical explanation. Account balances and transaction amounts may be too large or small, too high or
low, or result in too much or too little of something.
Welldesigned preliminary analytical procedures based on appropriate expectations of plausible relationships can
by very effective in identifying risks of material misstatement during the risk assessment stage of audit planning.
However, because preliminary analytical procedures are ideally performed early in the planning process, the
analytical procedures use information that is aggregated at a relatively high level (for example, recent interim
financial statements or, if financial statements are not available, a general ledger trial balance). Information aggre
gated at a relatively high level is appropriate at this stage because the auditor is attempting to identify potential
audit problems, not to reach a conclusion on the reasonableness of a specific balance. (However, the same
analytical procedures might be appropriate for both purposes.) When analytical procedures use data aggregated
at high level, SAS No. 109 states that the results of those analytical procedures provide only broad initial indications
about whether a material misstatement may exist. Accordingly, SAS No. 109 states that auditors should consider
the results of preliminary analytical procedures along with other information gathered in identifying the risks of
material misstatement.
In addition, although the preliminary analytical review serves broader purposes, the analytical procedures per
formed may identify declining trends in operations or significantly reduced liquidity or solvency that raise the issue
of whether the client can continue as a going concern in the foreseeable future. If there is substantial doubt about
the client's ability to continue as a going concern, the auditor should determine an appropriate audit response.
Normally, the auditor will obtain additional information about management plans and other potential mitigating
factors in the course of the audit. The auditor should also consider whether the potential goingconcern problem
creates an increased risk of management intentionally misstating the financial statements.
Specialized Considerations for Nonprofit Organizations. Nonprofit organizations have some unique considerations
as part of the auditors' process of updating knowledge of the entity and its environment. The auditor is interested
in identifying changes in the following:
programs,
nature of the organization's activities,
grantors,
fundraising events,
23

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

fundraising constraints,
the political environment,
impact of the economy on collection of promises to give, and
grant and Single Audit compliance.
In regard to performing preliminary analytical procedures, industry statistics are helpful for comparison purposes.
Many nonprofit organizations know the comparable nonprofit organizations in their local area and may already
perform comparisons with those organizations as part of their own strategic planning. Also, nonprofit organizations
may report to either a national umbrella organization (such as the national office of United Way) or to an industry
specific national organization (such as the American Symphony Orchestra League) that can provide relevant
statistical information. The auditor should ask the nonprofit organization whether such statistical information is
available.
When using interim financial information, the auditor should also consider the ending dates for significant grants.
Nonprofit organizations frequently spend significant amounts of grant expenditures towards the end of the grant
period rather than expending amounts evenly over the grant period. Also, the auditor should be aware of the timing
of significant special events that would affect contribution revenue and whether the nonprofit organization is
beginning, in the midst of, or ending a capital campaign. Any of these items may make it difficult to calculate a
straight annualization of interim amounts.
The client may not prepare its interim financial statements in accordance with GAAP. For example, if the client has
numerous grants that require reporting that is not in accordance with GAAP, the client may maintain its accounting
records during the year to facilitate the preparation of grant reports. Then, at year end, the client may make
adjusting entries to the accounting records so that they are in accordance with GAAP. If that is the case, it may be
difficult to compare interim financial statements to GAAP financial statements of a prior period.
Some common ratios that are generally useful in performing a preliminary analytical review for a nonprofit organiza
tion are as follows:
Accounts receivable turnover

NetRelatedRevenue
AverageAccountsReceivable

Current ratio (for organizations with a classi
fied statement of financial position)

CurrentAssets
CurrentLiabilities
LongtermDebt
UnrestrictedNetAssets
ProgramExpenses
TotalExpenses
ContributionRevenue
TotalRevenue
FundraisingExpenses
TotalExpenses
FixedAssets
TotalUnrestrictedNetAssets
UnrestrictedNetAssets
TotalNetAssets

Debt to unrestricted net assets ratio
Program expenses to total expenses ratio
Contribution revenue ratio
Fundraising expense ratio
Fixed assets ratio
Unrestricted net assets ratio

There are also some additional ratios that may be useful depending on the specific nonprofit organization. For
example, the promises to give receivable ratio would generally only be useful if the nonprofit organization had
similar types of fundraising events each year that would lead the auditor to expect a similar ratio from year to year.
Some of the more specialized ratios are as follows:
24

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Promises to give receivable turnover

Contribution Revenue
Average Promises to Give Receivable
Federal Grant Revenue
Total Revenue Federal Grant Revenue
Scholarship Expense
Tuition Revenue

Federal to nonfederal funds ratio
Scholarship ratio

When performing the required analytical procedures relating to revenue per SAS No. 99, the auditor of a nonprofit
organization might consider comparing contribution revenue by month and by fundraising event. Additionally, the
auditor could consider if the increase in contribution receivable is unexpected in relationship to the decrease in
contribution revenue.
Analytical Procedures Related to Revenue. In addition to the requirement for preliminary analytical procedures
in SAS No. 56, SAS No. 99 specifically requires auditors to perform preliminary analytical procedures related to
revenue to identify unusual or unexpected relationships that may indicate fraudulent financial reporting. Ordinarily,
comparison of current and priorperiod account balances for revenue accounts will not be sufficient to achieve that
objective, and other types of analytical procedures should be used. Other analytical procedures that may be useful
in identifying unusual or unexpected relationships related to revenue include the following:
Analysis of Relationships between Financial and Nonfinancial Amounts. When comparing financial and
nonfinancial amounts, it may be most effective to use a base that (a) would be expected to have a
reasonable relationship to revenue and (b) could not easily be manipulated by management. For example,
the auditor could analyze the number of service units provided by the organization and compare that to
the revenue associated with those service units. For example, the auditor could compare (a) the number
of members and membership dues, (b) the number of students and tuition revenue, (c) the number of
tickets sold and admissions revenue, or (d) attendance at a church and contribution revenue.
Trend Analysis. Auditors may analyze trends in the components of revenue accounts or transaction types.
It may be helpful to look at several trends or relationships to identify inconsistencies or unusual patterns.
For example, a trend analysis of annual fundraising campaigns or special events by year might indicate
inconsistencies or unusual patterns that might be the result of fraudulent financial activity.
Ratio Analysis. Ratio analysis is the analysis of relationships between financial statement items by
computing the ratio of one financial statement amount to another. The ratio may be compared to the same
ratio for a prior period (or several prior periods) to identify unusual or significant variations. For example,
it may be possible to compare cost amounts, such as the ratio of fundraising expenses to contribution
revenue. Ratios that use information management generally is unable to manipulate, such as cash flows,
may be most effective in revealing indications of fraudulent financial reporting.
Budgetary Comparison. Comparison of actual amounts with budgets may also indicate unusual variations.
For example, revenue might significantly exceed budget because of improper revenue recognition.
The analytical procedures related to revenue should be updated in the final review stage of the audit.
Documentation. Documentation of preliminary analytical procedures can be limited, but it should be sufficient to
provide support for the auditor's risk assessment. The results of the preliminary analytical review ordinarily are
documented using a narrative memorandum, comparative carryforward schedule, or other form of workpaper.
Documentation may also include the effect on the audit plan or indicate that the results should be considered when
identifying fraud risks.
Observation and Inspection
Observation and inspection procedures are required when obtaining an understanding of the entity and its
environment, including its internal control, to assess risk. There are a number of ways to use observation and
inspection when assessing risk. When obtaining an understanding of the entity and its environment, observation or
inspection might be the key procedure that enables the auditor to fully obtain pertinent information and identify
25

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

related risks. For example, in order to gain an understanding of the client's financing arrangements and underlying
covenants, the auditor might decide to review the client's loan agreements and other related documents. That
procedure, coupled with a review of the client's financial statements, might be the key procedure that helps the
auditor identify risks related to potential noncompliance with loan covenants. For nonprofit organizations, the
auditor may decide to review the organization's Form 990 and Form 1023 to obtain an understanding of some of
the entity's activities and potential risks.
More frequently, observation and inspection are used to corroborate or followup on the results of inquires made of
management and others. For example, when evaluating the design and implementation of the entity's system of
internal control, members of management might tell the auditor that they communicate the importance of ethical
values to employees through a written code of conduct and by example. The auditor might wish to corroborate this
response by examining the written code. In addition, the auditor may determine that a risk exists based on
observation of management's current and past interactions with employees that contradict the behavior standards
in the written code.
Other than the requirement to perform some observation and inspection procedures related to internal control,
however, determining when to use observation and inspection, as opposed to other risk assessment procedures,
is generally a matter that is left to the auditor's judgment. Ordinarily, it is believed that observation and inspection
procedures are effective in the following situations when obtaining an understanding of the entity:
To understand the design of controls related to the audit.
To verify that controls have been implemented, for example, as part of a walkthrough.
When responses to inquiries indicate a potential risk for a significant account.
When responses to inquiries are inconclusive, conflicting, or prove to be incorrect.
In combination with inquiry to fully understand a matter.
When required information can only or best be obtained through observation or inspection (for example,
understanding the client's fundraising activities might best be done through observation.)
When the evidence gathered through observation and inspection can also be used for a substantive
procedure.
In recurring engagements, to determine whether changes have occurred that affect the continued
relevance of the information gathered in a prior period.
Examples of how and when observation and inspection procedures might be used to identify risks are included in
Exhibit 15.

26

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Exhibit 15
Using Observation and Inspection Procedures in Risk Assessment

Audit Procedure

Example of When Used and
Procedure Performed

Observation of entity activi
ties and operations.

Understanding the nature
of the client's public fund
raising activities.
Observe client's public
fundraising activities.
Understanding the client's
objectives and strategies
and related operating risks.
Review
the
most
recent operating plan.

Inspection of operating plans
and strategies, internal con
trol manuals, and similar
documents and records.

Reading governing board
meeting minutes.

Understanding the partici
pation of those charged
with governance.
Read minutes of the
governing board dur
ing the year.

Visits to the entity's premises,
branches, or chapters.

Understanding the nature
of the client's operations.
Tour client's key facili
ties.

Walkthroughs (tracing trans
actions through the informa
tion system to confirm the
auditor's understanding of
design and determine that
procedures and controls
have been implemented).

Understanding the client's
financial reporting system,
including its design and
implementation.
Select a contribution
and trace it through the
system.

*

*

Example of How a Potential Risk
Is Identified
Auditor observes that admis
sion screening at the public
event is lax which indicates
potential misstatement of
admission fees.
The plan reveals a shift in
strategy during the year to
emphasize donations of assets
rather than cash, which indi
cates increased risk related to
valuation of assets.
Minutes indicate that the board
rubberstamps" all of man
agement's decisions and,
therefore, is deemed to be
ineffective, which indicates
overall risk due to weaknesses
in the control environment.
During the tour of client's facili
ties, the auditor observes sig
nificant damage to uninsured
machinery and equipment due
to a recent storm, which indi
cates an increased risk of
impairment.
During the walkthrough, the
auditor determines that control
procedures to followup on
meeting conditional promises
to give have not been imple
mented, which indicates an
increased risk of unrecorded
revenues.

*

Documentation. SAS No. 109 requires documentation of risk assessment procedures performed in obtaining an
understanding of the entity and its environment. SAS No. 103, Audit Documentation, requires documentation of the
identifying characteristics of specific items tested and provides examples for documenting the identifying charac
teristics of observation and inspection procedures. Based on that guidance, documenting the following is recom
mended:
For an inspection of documents, identify the item inspected, for example, by indicating the title and date
of the report or the document name and number. (To facilitate inquiring about or requesting copies of the
report or document at a later time, the authors recommend referring to the report or document by the same
name that the client uses to refer to it.)
27

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

For an observation procedure, document the process or subject matter observed, individuals involved and
their titles, and where and when the observation was carried out.
Discussion among the Engagement Team
SAS No. 109 (AU 314.14) requires the members of the audit team to discuss the susceptibility of the entity's
financial statements to material misstatements. SAS No. 99 (AU 316.14) requires an exchange of ideas, or brain
storming" among audit team members about how and where they believe the entity's financial statements might be
susceptible to material misstatement due to fraud, how management could perpetrate and conceal fraudulent
financial reporting, and how assets of the entity could be misappropriated. These discussions can be held
concurrently, that is, one meeting can cover the susceptibility of the financial statements to material misstatements
from both error and fraud. However, it is important that the auditor consider the susceptibility to fraud as a distinct
part of this combined discussion to avoid the potential dilution of this critical consideration.
The focus of the audit team discussion should be on the individual members gaining a better understanding of the
potential for material misstatements resulting from error or fraud in the specific areas assigned to them, and
understanding how the results of audit procedures they perform affect other aspects of the audit. In this discussion,
the more experienced members of the audit team can share their insights based on their cumulative knowledge of
the entity and its environment.
Matters to be Discussed. This discussion is aimed at the susceptibility of the financial statements to material
misstatement, that is, the areas of vulnerability. The discussion is one of the sources of information used to assess
the risks of material misstatement. Thus, the discussion should not be a narrow one focused on risks already
identified, but one that opens the minds of members of the audit team to potential material misstatements from
error and, particularly, from fraud. Any high risk areas that have already been identified, however, should be
communicated to the team members. Among other matters, SAS No. 109 indicates that the discussion should
include the following:
a. Critical issues and areas of significant audit risk.
b. Areas susceptible to management override of controls.
c. Unusual accounting practices used by the client.
d. Application of GAAP to the entity's facts and circumstances in light of its accounting policies.
e. Important control systems.
f. Materiality at the financial statement level (planning materiality) and at the account level (tolerable
misstatement).
g. How materiality will be used to determine the extent of testing.
h. The need to exercise professional skepticism throughout the engagement, to be alert for information or
other conditions that indicate that a material misstatement due to fraud or error may have occurred, and
to be rigorous in following up on such indications.
It is believed the discussion also should address how the operating risks facing the client could result in a material
misstatement of the financial statements, focusing especially on changes from the prior year and new develop
ments.
Examples of other factors the engagement team might discuss that affect the likelihood of material misstatements
caused by error include the following:
Past experience with the client.
Changes in the client's organization (for example, changes in personnel or accounting systems).
28

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

The nature and complexity of transactions.
Known accounting and auditing issues.
In addition to discussing important control systems, it may be appropriate to discuss potential risks that may exist
due to limitations in the client's personnel and assignment of responsibilities. For some smaller entities, the
engagement team might consider issues regarding the background and competence of individuals in key process
ing and financial decisionmaking roles, especially if concerns had been noted in previous audits.
SAS No. 99 indicates that the discussion should also include the following fraudrelated matters:
How and where the entity's financial statements (for example, which accounts or transaction classes) might
be susceptible to material misstatement due to fraud.
How management could perpetrate and conceal fraudulent financial reporting.
How the entity's assets could be stolen.
External and internal factors that might create incentives/pressures, provide opportunities, or enable
rationalization of fraud.
The fraud aspect of the discussion should give appropriate consideration to financial statement misstatement from
both fraudulent financial reporting (i.e., cooking the books") and stealing. A key consideration when assessing
fraud risk is what motivations may exist for management to intentionally misstate the financial statements or what
controls may be lacking that could result in theft. By identifying the motives and opportunities for fraud, the auditor
should be able to assess the direction of the risk. For example, if the auditor identifies an unusual motivation for
management to maximize investment earnings to compensate for reduced contributions, the auditor would be alert
to misstatements related to the valuation of investments.
The discussion should also include the appropriate audit response to the areas identified as susceptible to material
misstatement due to error or fraud (for example, by identifying the accounts that would be affected and the nature
of procedures that could be performed to address the risks).
The discussion should include an open exchange of ideas. Participants should maintain an attitude of professional
skepticism throughout the discussion. Both SAS No. 99 and SAS No. 109 refer to a discussion; therefore, one
sided communication, such as a memo from the engagement partner, is not appropriate. (However, when the entire
engagement is performed by a single auditor, SAS No. 109 notes that the auditor can simply consider and
document the susceptibility of the entity's financial statements to material misstatements.) The medium for discus
sion (for example, a meeting or a conference call) should encourage interaction and an appropriate exchange of
ideas. Although SAS Nos. 99 and 109 both require the engagement team to have a specific discussion, commu
nication about the risks of material misstatement is not limited to that discussion, but should occur throughout the
audit.
The discussion should not be influenced by past favorable experience with the integrity of management. In fact,
SAS No. 99 states that the engagement team should abandon neutrality and any preconceptions about manage
ment's and employees' honesty, but instead presume the possibility of dishonesty at various levels of manage
ment. Thus, for example, auditors may use what if" scenarios that focus on the financial statement areas
vulnerable to fraud with the presumption that management or employees are inclined (either because of incentives/
pressures or attitudes/rationalizations) to perpetrate fraud. Engagement team members should not rely on less
than persuasive audit evidence because of a belief that management or employees are honest.
Impact on Significant Audit Areas. After discussing the risks that could result in a material misstatement of the
financial statements and determining how those risks affect specific audit areas, it is recommended that the
engagement team then discuss each significant audit area. The team should discuss the real risks affecting each
area and determine the most effective and efficient audit procedures that address those risks. Members of the audit
team should avoid relying on what procedures were performed during the prior year audit when discussing what
procedures to perform in the current year. In fact, it may be best to ignore the prior year workpapers when initially
29

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

discussing each significant area. That way, the audit team starts with a clean slate when developing the audit
approach and avoids the temptation to just rely on what we did last year." The result is usually a more effective and
efficient audit approach. However, after the team has discussed each significant area, the prior year workpapers
should be reviewed to make sure there are not any issues that were overlooked.
Who Should Attend the Discussion? Both SAS No. 99 and SAS No. 109 require auditors to exercise judgment in
determining who should attend the discussion among the engagement team, but they indicate that the discussion
should include the auditor with final responsibility for the audit (generally the audit partner) and ordinarily should
comprise key members of the engagement team. Also, it may be appropriate to include specialists, such as IT
specialists, assigned to the engagement team. Executive level team members generally are aware of significant
accounting and auditing issues that could affect the audit, while staff members or specialists may be more familiar
with the client's accounting systems and controls. Both perspectives are important in considering the susceptibility
of the financial statement to material misstatements from error or fraud. It is recommended that all members of the
engagement team, including specialists with an ongoing role in the engagement, participate in the discussion.
When Should the Discussion Occur? Before holding the discussion with the engagement team, it is recom
mended that the incharge auditor and/or engagement partner have preliminary planning discussions with the
client. Issues to discuss with the client include the services to be provided, scheduling, and other administrative
matters. In addition, the auditor should discuss the client's operating environment (particularly changes from the
prior year), the client's view of the operating risks that the client is addressing, and other specific issues facing the
client. The auditor should also obtain additional information to be used in the planning process prior to meeting
with the engagement team. Specific information to obtain includes the following:
a. Interim financial information.
b. Client budgets and any related operating and strategic planning documents.
c. Minutes of the governing board meetings.
d. Copies of new debt or other significant agreements, contributions, grants, or contracts.
e. Significant internal audit reports.
f. Significant grantor agency audit reports.
Also, if an engagement summary memo was prepared for the prior year audit, it should be reviewed before the
engagement team discussion to identify risk areas identified in the prior audit.
The timing of the engagement team discussion and other logistics depend on the circumstances and are not
addressed in SAS No. 109, other than to note that for audits involving multiple locations, there may be discussions
involving engagement team members in those locations. SAS No. 99 states only that the engagement team
discussion may occur before or while obtaining an understanding of the client's business and industry and
gathering the information needed to identify fraud risks. Holding the discussion prior to performing the information
gathering procedures is recommended. It is believed important to set the proper tone of professional skepticism
and to inform less experienced staff members about the risks of material misstatement before performing those
procedures. However, nothing prevents the firm from holding discussions both before and during the information
gathering process. These decisions are normally made by the auditor with final responsibility for the audit, and
firms should exercise professional judgment to determine what works best in their particular audit process. In any
case, engagement team members should communicate and share information obtained throughout the audit
about the risks of material misstatement due to error or fraud.
Other Matters That May Be Discussed. While not a requirement of SAS No. 99 or SAS No. 109, the auditor might
also use the engagement team discussion as an opportunity to consider other planning matters related to the audit.
Those items could include, but are not to limited to, the following:
a. Critical dates and other timing considerations.
30

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

b. Engagement budgets.
c. Key client contacts for assigned areas.
d. Other engagement administrative matters.
e. Other services that will be provided.
The engagement team discussion also provides an opportunity for the incharge auditor or partner to remind the
audit team members of the audit documentation requirements of SAS No. 103, Audit Documentation, that they
should observe while performing audit procedures, including the following:
a. Inclusion of abstracts or copies of significant contracts or agreements examined to evaluate the accounting
for significant transactions.
b. Identification of items tested in tests of operating effectiveness of controls.
c. Identification of documents inspected or items confirmed in substantive procedures.
d. Documentation relating to substantive analytical procedures used as the principal substantive test of
significant financial statement assertions.
e. Documentation relating to consideration of the entity's ability to continue as a going concern.
f. Documentation of the nature and effect of aggregated misstatements and the conclusion as to whether they
cause material misstatement of the financial statements.
g. Documentation of who performed and reviewed the audit work and the date the work was performed and
reviewed.
Documentation. SAS No. 109 requires that the following items be documented regarding the discussion among
the audit team:
How and when the discussion occurred.
Subject matter discussed.
Participating audit team members.
Significant decisions reached concerning planned responses at the financial statement and relevant
assertion levels.

31

Companion to PPC's Guide to Audits of Nonprofit Organizations

32

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
3. Which types of risk assessment procedures are most likely coupled by the auditor when obtaining an under
standing of the client's internal control?
a. Preliminary engagement activities coupled with preliminary analytical procedures.
b. Observation and inspection, with inquiry procedures.
c. Preliminary analytical procedures and engagement team discussion.
d. Walkthroughs with observation and inspection.
4. Which of the following statements is correct concerning the risk assessment process and procedures?
a. To be consistent, risk assessment procedures should not vary between clients or years.
b. The client's financial partners should be consulted to help identify fraud risks.
c. Results of prior audit procedures should not limit the extent of current procedures.
d. Risk assessment procedures will often be more extensive in the initial engagement.
5. Which of the following is correct concerning audits of nonprofit organizations?
a. They may involve risks unique from other organizations that can affect financials.
b. Past experience with the client is less important than with other organizations.
c. Volunteers may be excluded from risk assessment procedures.
d. Under SAS No. 99, assessment of fraud risk is unnecessary.
6. SAS No. 99 requires the auditor to make fraudrelated inquiries of management and others. According to the
text, what is the objective of such a requirement?
a. To determine if management understands the risks of fraud in the organization.
b. To obtain different perspectives on financial statement and organizational areas.
c. To permit employees a safe haven for admitting commission of fraud.
d. To prevent claims that the employee did not know the entity's ethical expectations.
7. According to the text, who is often in the best position to perpetrate fraud?
a. Purchasing personnel
b. Human resources personnel
c. General accounting personnel
d. Management personnel
33

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

8. Preliminary analytical procedures used in audits of nonprofit organizations in compliance with SAS No. 56 and
99 have what goal or attribute in common?
a. A detailed ratio analysis
b. Trend analysis and exceptions detection
c. Complex mathematical and statistical analysis
d. Straight annualization of interim information for comparisons
9. Analytical procedures performed by George Patterson during preliminary analytical review in an audit con
ducted for Iglesia Worldwide indicate questions concerning the ability of the organization to continue as a going
concern. What should Patterson do in response?
a. Consider the risk of intentional misstatements in the financials.
b. Withdraw from the engagement to limit his exposure.
c. Prepare to issue a qualified opinion.
d. Notify management and offer to perform management consultation services.
10. Which of the following is not an analytical procedure related to revenue mentioned by the text as complying with
the requirements of SAS No. 99?
a. Analysis of relationships between financial and nonfinancial amounts
b. Trend analysis
c. BlackScholes analysis
d. Budgetary comparison
11. According to the text, the auditor might read governing board minutes as an observation and inspection proce
dure for what purpose?
a. To understand the nature of the organization's operations
b. To look for rubberstamping" of management decisions
c. Understanding the organization's objectives and strategies
d. Understanding the nature of the organizations public fundraising operations
12. Which of the following statements is correct concerning the audit team discussion prescribed by SAS No. 99
and, where applicable, SAS No. 109?
a. Onesided communications are encouraged.
b. An air of neutrality concerning management should be maintained.
c. The discussion may be eliminated where the audit is conducted by a single auditor.
d. Discussion of misstatement from error must be separated from that concerning fraud.

34

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
3. Which types of risk assessment procedures are most likely coupled by the auditor when obtaining an under
standing of the client's internal control? (Page 11)
a. Preliminary engagement activities coupled with preliminary analytical procedures. [This answer is
incorrect. These procedures are required by SAS Nos. 108 and 109, but this would not be the most likely
coupling to obtain an understanding of internal control.]
b. Observation and inspection, with inquiry procedures. [This answer is correct. The combination of
types of risk assessment procedures can vary based on the auditor's judgment of the situation at
hand, but the standards are explicit that inquiry alone is insufficient to obtain an understanding of
the client's internal control. Inquiry will therefore most likely be coupled with observation and
inspection concerning internal control.]
c. Preliminary analytical procedures and engagement team discussion. [This answer is incorrect.
Engagement team discussion is a part of general audit planning at the financial statement level, and would
not necessarily be part of a coupling to obtain an understanding of internal control.]
d. Walkthroughs with observation and inspection. [This answer is incorrect. Walkthroughs are used to obtain
an understanding of internal control, but they are part of observation and inspection and therefore could
not be coupled as a separate procedure.]
4. Which of the following statements is correct concerning the risk assessment process and procedures? (Page
13)
a. To be consistent, risk assessment procedures should not vary between clients or years. [This answer is
incorrect. Risk assessment procedures may be fairly consistent across audit engagements, but the
procedures used may be affected by the client's particular circumstance and by factors affecting the
particular period under audit.]
b. The client's financial partners should be consulted to help identify fraud risks. [This answer is incorrect.
The auditor should consult management and others inside the client organization concerning fraud risk,
detection, and response. Inquiries of parties outside the entity are not required, though they may be useful
in some situations.]
c. Results of prior audit procedures should not limit the extent of current procedures. [This answer is
incorrect. The understanding of the client entity and its environment is ongoing. The results of prior audits
can be used to limit procedures performed in the current audit so long as the auditor believes this to be
a proper response to the client's current situation. Changing circumstances may render previous results
irrelevant to the present situation. On the other hand, prior results may justify revisiting a particular area
and increasing the extent of current period risk assessment procedures performed to ensure that problems
resolved in the previous audit continue to be handled appropriately in the period currently under audit.]
d. Risk assessment procedures will often be more extensive in the initial engagement. [This answer
is correct. Many factors can affect the auditor's decision to limit or increase the extent of risk
assessment procedures performed, but the extent of such procedures will often be less in
subsequent audits because of the ongoing nature of the understanding of the client entity and its
environment.]
5. Which of the following is correct concerning audits of nonprofit organizations? (Page 13)
a. They may involve risks unique from other organizations that can affect financials. [This answer is
correct. When auditing a nonprofit, the auditor must consider questions such as whether the entity
35

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

has suffered unfavorable publicity that could affect donations and grants, whether the entity's
taxexempt status is jeopardized, etc.]
b. Past experience with the client is less important than with other organizations. [This answer is incorrect.
Past experience with the client helps build an understanding of the entity and its environment.]
c. Volunteers may be excluded from risk assessment procedures. [This answer is incorrect. Volunteers may
play an important part in the nonprofit organization, functioning in roles from governance to clerical. The
auditor should consider personnel from all levels as valid information resources, whether or not they are
volunteers.]
d. Under SAS No. 99, assessment of fraud risk is unnecessary. [This answer is incorrect. Indeed, SAS No.
99 is entitled Consideration of Fraud in a Financial Statement Audit, and prescribes procedures for
assessment of fraud risk.]
6. SAS No. 99 requires the auditor to make fraudrelated inquiries of management and others. According to the
text, what is the objective of such a requirement? (Page 16)
a. To determine if management understands the risks of fraud in the organization. [This answer is incorrect.
This is a required inquiry, but it is not the objective.]
b. To obtain different perspectives on financial statement and organizational areas. [This answer is
correct. SAS No. 99 requires the auditor to make inquiries concerning fraud in order obtain the
different perspectives noted and to determine if anyone suspected, or has actual knowledge, that
a fraud could have occurred.]
c. To permit employees a safe haven for admitting commission of fraud. [This answer is incorrect. Certain
inquiries concern the employee's knowledge of actual fraud, but the issue of safe haven is not relevant to
the auditor's inquiries.]
d. To prevent claims that the employee did not know the entity's ethical expectations. [This answer is
incorrect. Management is responsible for communicating the organizations ethical expectations to
employees. The auditor's question of how this is communicated, though required, does not relieve
management of that responsibility.]
7. According to the text, who is often in the best position to perpetrate fraud? (Page 21)
a. Purchasing personnel [This answer is incorrect. Purchasing and inventory are areas at risk for fraud, but
purchasing personnel were not the group specifically noted in the text.]
b. Human resources personnel [This answer is incorrect. Fictitious employees and unauthorized pay
increases are just two of the ways fraud can be perpetrated via human resources, but human resources
personnel were not the group specifically noted in the text.]
c. General accounting personnel [This answer is incorrect. General accounting personnel certainly have
access to journal entries and source documents, along with varying degrees of access to other data entry
points such as accounts payable and accounts receivable, but they were not the group specifically noted
in the text.]
d. Management personnel [This answer is correct. As a result, management assertions and responses
to fraudrelated inquiries should be treated with professional skepticism by the auditor.]
8. Preliminary analytical procedures used in audits of nonprofit organizations in compliance with SAS No. 56 and
99 have what goal or attribute in common? (Page 21)
a. A detailed ratio analysis [This answer is incorrect. Generally, the auditor should focus on a few key
relationships that contribute to improved understanding of the financial statements and significant
operational or financial changes.]
36

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

b. Trend analysis and exceptions detection [This answer is correct. The analysis may be simple or
complex, depending on the size and complexity of the organization and the auditor's professional
judgment of the approach to be used.]
c. Complex mathematical and statistical analysis [This answer is incorrect. Such analysis may be
unnecessary in audits of smaller nonprofit organizations.]
d. Straight annualization of interim information for comparisons [This answer is incorrect. The seasonal
nature of some operations may cause straight annualizations to be of little use for comparisons.]
9. Analytical procedures performed by George Patterson during preliminary analytical review in an audit con
ducted for Iglesia Worldwide indicate questions concerning the ability of the organization to continue as a going
concern. What should Patterson do in response? (Page 23)
a. Consider the risk of intentional misstatements in the financials. [This answer is correct. During the
audit, the auditor should attempt to obtain information concerning mitigating factors such as
management plans to overcome the problems, but the potentially increased risk of intentional
financial statement misstatements cannot be ignored.]
b. Withdraw from the engagement to limit his exposure. [This answer is incorrect. Patterson should attempt
to obtain information concerning mitigating factors such as management plans to overcome the
problems.]
c. Prepare to issue a qualified opinion. [This answer is incorrect. There is no indication of a scope limitation
or other reason to issue a qualified opinion.]
d. Notify management and offer to perform management consultation services. [This answer is incorrect.
Management probably already knows of the problem. Patterson should attempt to obtain information
concerning mitigating factors such as management plans to overcome the problems.]
10. Which of the following is not an analytical procedure related to revenue mentioned by the text as complying with
the requirements of SAS No. 99? (Page 25)
a. Analysis of relationships between financial and nonfinancial amounts [This answer is incorrect. Such
analysis seeks a base that has a reasonable relationship to revenue and cannot be easily manipulated by
management. An example might be the ratio of ticket revenue to tickets sold compared to the price of an
individual ticket.]
b. Trend analysis [This answer is incorrect. Trend analysis is used to help spot inconsistencies or unusual
patterns in the client's data.]
c. BlackScholes analysis [This answer is correct. BlackScholes refers to mathematical calculations
and modeling related to equities and options pricing.]
d. Budgetary comparison [This answer is incorrect. Comparisons of budgeted and actual amounts may help
detect unusual variations cause by improper booking of transactions.]
11. According to the text, the auditor might read governing board minutes as an observation and inspection proce
dure for what purpose? (Page 27)
a. To understand the nature of the organization's operations [This answer is incorrect. Onsite visits and
physical tours would be a better way to understand the nature of the client's operations.]
b. To look for rubberstamping" of management decisions [This answer is correct. The auditor might
read board minutes to discover the level of involvement and participation by those charged with
governance of the organization.]
37

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

c. Understanding the organization's objectives and strategies [This answer is incorrect. Inspecting the
strategic plan, internal control manuals, and similar documentation would be a better way to understand
the organization's objectives and strategies.]
d. Understanding the nature of the organizations public fundraising operations [This answer is incorrect.
Onsite observation of such activities would be a better way to achieve this understanding.]
12. Which of the following statements is correct concerning the audit team discussion prescribed by SAS No. 99
and, where applicable, SAS No. 109? (Page 28)
a. Onesided communications are encouraged. [This answer is incorrect. Both SAS No. 99 and SAS No. 109
encourage discussion, not onesided memos or edicts.]
b. An air of neutrality concerning management should be maintained. [This answer in incorrect. An air of
professional skepticism should be maintained concerning management and its representations.]
c. The discussion may be eliminated where the audit is conducted by a single auditor. [This answer is
incorrect. In such situations, the auditor should consider and document the entity's susceptibility to
material misstatements on the financials, in accordance with SAS No. 109.]
d. Discussion of misstatement from error must be separated from that concerning fraud. [This answer
is correct. Consideration of the potential for fraud should not be diluted by other considerations.]

38

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

THE SECOND STANDARD OF FIELD WORK UNDERSTANDING THE
ENTITY AND ITS ENVIRONMENT
The second standard of field work requires an understanding of the entity and its environment, including its
internal control" (AU 150.02). Requiring an understanding of the entity and its environment focuses the auditor's
attention on the fact that the understanding establishes a frame of reference within which the auditor assesses the
risks of material misstatement and plans the audit in response to those risks. The auditor's focus in obtaining the
required level of understanding should be on attaining a knowledge level sufficient to identify the risks of material
misstatement of the financial statements and to design the nature, timing and extent of further audit procedures.
However, the understanding is a purposedriven audit focus and not a general knowledge level that might be
appropriate for some other purpose such as managing the entity.
Obtaining a solid indepth understanding of the client's activities and how it operates is fundamental to both audit
efficiency and effectiveness. Understanding the activities is the key to knowing what the risks are and where to look
to see if the risks have resulted in a material misstatement of the financial statements. Understanding the client's
activities includes not only understanding the risks the client faces in performing activities, but ideally, understand
ing what management's response is to those risks, and, consequently, what residual risk of material misstatement
of the financial statements remains. The auditor's process in obtaining this understanding should be focused on
those matters that could cause material misstatements in the financial statements, including potential goingcon
cern problems, fraud risk factors, undisclosed relatedparty transactions, illegal acts, or uncertainties.
The auditor's understanding of the entity also assists in:
Establishing planning materiality and evaluating whether such judgments remain appropriate throughout
the audit.
Evaluating whether certain observed conditions, such as unusual or unexpected relationships from
preliminary analytical procedures, do not make sense and indicate possible risk considerations.
Considering fraud risk factors, for example, the existence of significant or complex relatedparty
transactions. Knowledge of the entity's contributors, grantors, and suppliers and other similar nonprofit
organizations might help the auditor consider possible collaborators in certain types of frauds, such as
kickback schemes. Knowledge of key personnel might help the auditor identify employees who could
provide relevant information in response to fraud risk inquiries.
Evaluating the appropriateness and sufficiency of audit evidence.
The audit personnel working on the engagement must understand the client's activities sufficiently to effectively
analyze the risks and plan and perform an efficient and effective audit in response to those risks. The level of
understanding that is attainable by individual members of the audit team will vary with the experience, training, and
assigned engagement duties of the personnel, but the partner and manager should spend sufficient time in audit
team meetings or onthejob supervision to convey to the assigned staff the insight needed for effective perfor
mance of the audit.
The process of understanding the client's activities is continual. For a new engagement, a basic level of knowledge
is needed to begin preliminary planning. However, a significant amount of knowledge is gained during the audit.
Also, something changes each year. There are always important new developments with the client and within its
environment. For this reason, it is advisable for each member of the audit team to continually try to improve client
knowledge by such measures as reading trade publications, taking selfstudy courses, and above all, talking to
client personnel, including operating personnel outside the accounting department.
In a continuing engagement, the auditor should update knowledge of the entity and its environment focusing on
identifying changes from the prior year in internal or external conditions that might be of audit significance and
affect the client's operating risk or the auditor's assessment of audit risk.

39

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Specialized Considerations for Nonprofit Organizations
Obtaining information as part of obtaining an understanding of the entity and its environment, may often include
scrutiny of other information unique to nonprofit organizations such as the following:
Reading any thirdparty reviews of grant programs, including federal award programs.
Reviewing any publications or applications prepared by the nonprofit organization [such as its newsletters,
alumni newsletters, school catalogs, or grant applications (for foundations)].
Review trade publications, internal communications, etc., that provide information on the organization's
activities, programs, and services.
In addition, the economy has continued to impact many nonprofit organizations. Accordingly, when gathering
information on the client's organization and the environment, the auditor should consider whether the client was
impacted by factors such as the following:
Many organizations have experienced revenue shortfalls due to changes in corporate grantmaking and
a less stable government grant environment.
Many nonprofit organizations are facing increased scrutiny from donors and other outside parties related
to governance, financial reporting, and compliance with restricted donations.
Components of the Understanding
The auditor's understanding of the entity and its environment consists of an understanding of the following items:
a. Activity, regulatory, and other external factors.
b. Nature of the entity.
c. Objectives, strategies, and related operating risks.
d. Measurement and review of the entity's financial performance.
e. Internal control.
As part of understanding the entity and its environment, the auditor obtains an understanding of the entity's
selection and application of accounting policies. The selection and application of accounting policies is considered
an aspect of internal control, but is presented separately in this discussion because of its significance to the
auditor's assessment of the risks of material misstatement. The selection and application of accounting policies is
an integral part of the control environment component of internal control, but merits separate and focused atten
tion. Similarly, the consideration of fraud risk factors is an important objective of performing risk assessment
procedures. Although considering the presence of fraud risk factors occurs simultaneously with obtaining informa
tion about the entity and its environment, it merits separate and focused attention. Items ad are discussed below.
Item e, internal control, is discussed later.
Documentation. SAS No. 109 (AU 314.122) indicates that auditors should document:
Key elements of the understanding obtained for each of the aspects of the entity and its environment to
assess the risks of material misstatement in the financial statements.
Sources of the information from which the understanding was obtained.
Risk assessment procedures that were performed.
SAS No. 99 (AU 316) requires auditors to document their consideration of fraud risk factors.
40

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Purpose of This Section. The following paragraphs provide a detailed discussion of each of the aspects of the
entity and its environment that the auditor is required to understand, procedures the auditor may perform to gain
that understanding, and the types of risks the auditor may identify throughout that process.
Activity, Regulatory, and Other External Factors
The auditor should obtain an understanding of activity, regulatory, and other external factors relevant to the audit.
The objective of the auditor's understanding is to evaluate whether the entity is subject to specific risks of material
misstatement arising from the nature of the industry, the degree of regulation, or other external forces, such as
political, economic, social, technological, or competitive forces.
Matters the auditor might consider when obtaining an understanding of activity, regulatory, or other external factors
include the following:
a. Activity conditions, including factors that influence the revenue and expense transactions unique to the
nonprofit sector.
b. Regulatory environment, including relevant legislation and regulation, specific regulatory requirements (for
example, health issues, Medicare, or Medicaid), direct supervisory activities, and taxexempt status.
c. Government policies, including monetary, fiscal, financial incentives, and any restrictions.
d. Other external factors, including the general level of economic activity, interest rates, availability of credit,
and inflation.
Possible Risk Assessment Procedures and Factors to Consider. It is believed, in most situations, auditors will
initially gather information and identify risks related to industry, regulatory, and other external factors through
inquiry procedures. Many of the matters to be addressed are best approached through inquiry of appropriate client
management and other employees. The auditor may need to expand his or her inquiries based on the client's
responses to more fully understand the area and follow up on information that may be indicative of a potential risk.
AICPA Audit Risk Alert. The current financial and economic crisis may affect the entity's operations, risks, and
financial reporting. This in turn may affect the auditor's responsibilities in providing auditing services. The AICPA
issued an Audit Risk Alert, Current Economic Crisis Accounting and Auditing Considerations (AICPA Alert), to help
identify and respond to accounting and audit issues related to the current economic environment. The AICPA Alert
notes audit risks that may have been identified previously may become more significant or new risks may exist due
to current events, such as those affecting the economy, credit, and liquidity.
Two characteristics of the current environment are the high volatility and rapidness of changing conditions. The
AICPA Alert notes that the rapidly changing economic environment complicates the auditor's responsibility to
obtain sufficient understanding of the entity and its environment (including the industry, regulatory, and other
external factors) to assess the risks of material misstatement of the financial statements and design responsive
audit procedures. Changed conditions may require the auditor to update the understanding of how the current
economic environment affects the entity, reassess audit risks, and modify planned audit procedures as the audit
progresses.
The AICPA Alert provides an extensive review of the economic and financial events that led to the financial crisis and
resultant legislative and regulatory actions. The AICPA Alert covers issues arising from the economic crisis includ
ing
Fair value accounting,
Other than temporary impairment issues,

Tax exempt debt issues,

Auditing accounting estimates,
41

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Liquidity considerations,
Going concern considerations, and
Fraud considerations.
AICPA Financial Reporting Alert. The AICPA issued a Financial Reporting Alert titled, NotforProfit Organizations
Accounting Issues and Risks 2008: Strengthening Financial Management and Reporting. The Financial Reporting
Alert is intended to be used by members of an organization's financial management and audit committee to identify
and understand current accounting and regulatory developments affecting the organization's financial reporting.
This alert is intended to help the reader achieve a better understanding of the economic and business environment
in which the nonprofit organization operates and also to help identify the significant risks that may result in the
material misstatement of the organization's financial statements.
The Financial Reporting Alert contains information on recent issues affecting nonprofit organizations, including the
following:
The state of the economy and its affect on nonprofit organizations.
IRS activities that impact tax-exempt organizations.

The hierarchy of Generally Accepted Accounting Principles (SFAS No. 162).

Disclosures about derivative instruments and hedging activities (SFAS No. 161).
Business combinations [SFAS Nos. 160 and 141(R)].
Fair value accounting standards (SFAS Nos. 157 and 159).
Accounting for defined benefit pension and other postretirement pension plans (SFAS No. 158).
Income tax accruals and deferred income taxes under FIN 48.
Audit and attestation developments affecting the financial statements of nonprofit organizations.
The Financial Reporting Alert also contains information on emerging issues such as the following:
Convergence with International Financial Reporting Standards.
The FASB codification project.

The FASB Staff Position on UPMIFA.

Understanding the Industry or Regulatory Environment. The auditor might supplement inquiry procedures with
inspection or other risk assessment procedures. For example, when obtaining an understanding of the industry, the
auditor might read AICPA accounting and auditing guides, financial statements of similar entities in the industry,
textbooks, or trade journals or might subscribe to services that provide an indepth analysis of the client's industry.
Regarding the regulatory environment, the auditor might read correspondence from regulatory authorities, applica
ble regulations that were recently enacted, or proposed legislation that may affect the industry.
Funding Source and Legal Requirements. There are certain differences between nonprofit organizations and
business enterprises that have an effect on the audit. One of the most significant differences is the importance of
restrictions on resources imposed by funding sources and related legal requirements, including, particularly, audit
requirements of government agencies that provide financial assistance or that regulate charitable activities. Audit
requirements of a typical small nonprofit organization are usually more stringent than for a business enterprise of
similar size. For example, a nonprofit organization that receives as little as $500,000 in support from funding
sources may be under the scrutiny of a number of different funding sources. A nonpublic business enterprise with
42

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

the same amount of annual revenue may not have any reason to submit financial statements to outside parties or
may be able to meet a lender's requirements by a compilation or review engagement rather than an audit. Funding
source and legal requirements can affect the nature and extent of auditing procedures considered necessary. This
is a particularly important consideration for a nonprofit organization because there may be several funding sources
with possibly overlapping or conflicting requirements. The auditor needs to understand any restrictions on the use
of resources and test compliance with those restrictions.
Economic and Political Considerations. Nonprofit organizations are often very sensitive to political and eco
nomic changes. A nonprofit organization has a continuing need for community support from business and govern
ment. Unfavorable economic conditions or disasters that draw large numbers of donations to relief efforts may
cause a reduction of funding from both private and government funding sources. Changes in tax laws or IRS
enforcement of existing laws may have a dramatic effect on the sources of revenue and types of expenditures of
nonprofit organizations. Because these changes may occur quickly, the auditor needs to reassess the economic
and political climate and the likely effect on the nonprofit organization annually. However, nonprofit organizations
seem to react to economic downturns more slowly than business enterprises. For instance, assistance from
governmental entities may continue for a while because grants are usually on an annual basis. This knowledge can
assist the auditor in his or her consideration of going concern matters. A discussion of the implications of current
economic conditions can be found in the AICPA's annual Audit Risk Alert titled NotforProfit Organizations Industry
Developments.
Nature of the Entity
The auditor should obtain an understanding of the nature of the entity relevant to the audit. The nature of the entity
includes its operations; its structure, and governance; the types of its investments; and its financing. Among other
things, the understanding of the nature of the entity helps the auditor to understand the classes of transactions,
account balances, and disclosures that would be expected in the financial statements.
Matters that the auditor might consider about the entity's operations and its structure, and governance include the
following:
a. Revenue sources.
b. Key contributors or grantors.
c. Involvement in ecommerce.
d. Major expenditures.
e. Conduct of operations, such as methods of operation or delivery of products or services.
f. Important suppliers.
g. Major assets and liabilities.
h. Major investment activities.
i. Employment and human resource matters, including compensation methods and employee benefits.
j. Research and development activities, grants, and expenditures.
k. Related parties and transactions with them.
l. Location of facilities.
m. Types of investments.
n. Financing activities.
43

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Depending on the type of nonprofit organization, contributions, membership dues, or program service fees are
generally a significant class of transactions; therefore, the auditor will normally place emphasis on understanding
matters related to the major source of revenue and revenue recognition.
Risk Assessment Procedures and Factors to Consider. Similar to the understanding of industry, regulatory and
other external factors, the auditor often initially makes inquiries of appropriate client personnel about matters
pertaining to the nature of the entity. To make effective riskbased inquiries, it is critical that the auditor identify the
right person within the entity that possesses not only the requisite knowledge about the matter queried, but also
about the nature of risks, how the entity has addressed them, and what the remaining risk is to the entity. In a small
entity, the executive director may be able to answer most inquiries while in a larger entity there may be several
individuals that the auditor should query.
The auditor's inquiries may be supplemented by additional inquiries and other risk assessment procedures as
deemed necessary to fully understand the entity, its operations, structure, governance, investments, and financing
so that related risks can be identified. The understanding also provides the auditor with an expectation of what
classes of transactions, account balances, and disclosures will be present in the financial statements. The auditor
may need to expand inquiries based on the client's responses to more fully understand the area and follow up on
information that may be indicative of a potential risk. For example, the sources of support and revenue and the
types of expenditures of the nonprofit organization can have a critical effect on the nature, extent, and timing of
audit procedures and the overall audit approach. An organization that derives revenue primarily from service fees
(such as ticket sales) might be audited in essentially the same manner as a business enterprise providing the same
services. An organization that depends on service fees may have to change its marketing approach if its customer
base changes significantly (for example, a nonprofit daycare center in an area with a declining population). This
could cause problems with the collectibility of revenue. An organization that depends primarily on contributions
may require a much different audit approach. An organization that depends primarily on general public contribu
tions generally has a higher risk of material misstatement of revenue than an organization that receives all of its
support from one or a few funding sources. Also, organizations soliciting significant contributions may be tempted
to present functional expenses on the statement of activities that show a favorable allocation between programs
and support service activities.
Objectives, Strategies, and Related Operating Risks
The auditor should obtain an understanding of the entity's objectives, strategies, and related operating risks. The
basic concept here is that most operating risks eventually have financial consequences and, thus, an effect on the
financial statements. Not all operating risks create risks of material misstatement, so the auditor needs to focus on
risks that have financial reporting implications in the entity's particular circumstances.
The auditor obtains an understanding of management's objectives and strategies to identify the related operating
risks. Management and directors determine the entity's objectives which are the overall plans for the entity.
Management's strategies are the operational approaches adopted to achieve the objectives. The related operating
risks are the significant conditions, events, circumstances, actions, or inactions that could adversely affect the
entity's ability to achieve its objectives or implement its strategies. When obtaining an understanding of the entity's
objectives and strategies, it is often helpful to consider whether strategies align with objectives and if strategies
have been implemented. By doing so, the auditor may become aware of heightened or additional business risks
and potential risks of material misstatement.
Risk Assessment Procedures and Factors to Consider. When obtaining an understanding of management's
objectives and strategies to identify the related operating risks, the risk assessment procedures employed by the
auditor may be influenced by the size and sophistication of the client. Smaller entities generally do not have formal
plans or processes that are documented, which forces the auditor to rely primarily on inquiries. In contrast, some
larger or more sophisticated entities may have written strategic plans that provide a road map for the objectives,
strategies, and associated operating risks that have been selected and identified by the management team.
When making inquiries, the auditor will generally restrict questioning to upper management of the entity given the
subject matter and the level of knowledge that is needed to sufficiently address it. These inquiries would prompt
management to describe the entity's future trends, expectations, objectives, and strategies. For example, a down
turn in the local economy can put nonprofit organizations under severe financial pressure. Not only may it be
44

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

difficult to obtain new contributions, it may also be difficult to collect promises to give received in previous years.
Management's response may vary considerably, and the auditor should inquire about management's plans.
Management may cut costs and reduce activities or may attempt to develop new funding sources or engage in
aggressive investment strategies. These various responses can affect the audit areas considered to be key areas
as well as the risk of particular types of misstatements. Scrutiny by outside parties and externally imposed audit and
compliance requirements may influence management control consciousness and result in better or more extensive
administrative, accounting, and control policies or procedures than typically found in a similar size private busi
ness. On the other hand, the combination of a volunteer governing board and high personnel turnover may result
in a poor control environment and increased risk of material misstatement. Also, the organization's service orienta
tion may result in a lack of sound operating practices and the absence of clear lines of authority and responsibility.
The relative effect of these conflicting characteristics must be considered for the particular organization in assess
ing the risk of material misstatement. The governing board can be a positive control feature for a nonprofit
organization if the board is properly structured and functions effectively. The board should have at least some
members that are not members of management. In addition, the board members should also have a good
reputation for integrity. Also, the board can be more effective if it has a regular schedule for evaluating how the
organization is functioning and how management is carrying out the organization's mission. It is helpful if board
members selected to serve on the audit committee or its equivalent include outside members that have experience
in accounting, finance, or auditing.
Measurement and Review of the Entity's Financial Performance
The auditor should obtain an understanding of the measurement and review of the entity's financial performance
made by management and external parties. Information used by management for measurement and review might
include the following:
a. Key performance indicators (KPI), both financial and nonfinancial.
b. Trends.
c. Key ratios and other operating and financial statistics.
d. Forecasts, budgets, and variance analyses.
e. Periodonperiod financial performance.
f. Employee performance measures.
g. Program, grant, or other performance reports.
Information prepared by external parties might include grantor reports, charity watchdog group reports, and credit
rating agency reports.
Performance measures can affect the audit and the auditor's assessment of the risks of material misstatement in
several ways, including the following:
a. The pressure to meet performance targets, such as the ratio of program expenses to total expenses, could
motivate management actions, including intentional misstatements, such as misallocation of costs
between supporting activities and program services, and, thus, affect the auditor's risk assessment.
b. Use of performance measures might highlight unexpected results or trends such as unusually rapid
growth, which upon investigation result in detection of misstatements.
c. The auditor might be able to use key performance indicators or other measures used by management when
performing analytical procedures. However, the auditor should consider whether the information used by
management is reliable and provides the degree of precision that is needed for the analytical procedures.
As noted in item a, management may be motivated to manipulate account balances that affect key performance
indicators. For example, in a situation where management has guaranteed the debt of the organization, if the ratio
45

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

of a key expense to revenue is an important metric, management might have an incentive to improperly capitalize
a portion of that expense. A small nonprofit entity might not have a formal process to measure and review financial
performance, but management will still likely be aware of key performance indicators that it uses and that can be
helpful to the auditor.
Risk Assessment Procedures and Factors to Consider. The procedures used by the auditor for understanding
the measurement and review of the entity's financial performance will often be driven by the size and sophistication
of the entity. For example, a sophisticated entity may have developed a dashboard" reporting system that
incorporates carefully selected key performance indicators that management has deemed to be the primary
metrics in achieving its goals and objectives. In that case, the auditor could inspect and review these measures
along with any accompanying analyses in order to identify risks that may be indicative of material misstatement.
In a smaller entity, management may have identified key financial performance indicators that it uses when
managing the organization, but it prepares no formal reporting or analyses. Instead, as management reviews
financial or other operating reports, a determination is made whether the organization has achieved the targets that
management has established for these indicators. For these situations, the auditor would likely use inquiry to
determine what indicators management believes are important in managing and measuring the entity's results and
inspect the reports that are used to monitor performance.
For all situations, the auditor should consider inquiring whether there is any external measurement of the entity's
performance such as by charity watchdog groups or grantors. If so, the auditor may review available reports to
identify potential risks.
Selection and Application of Accounting Policies
The auditor should obtain an understanding of management's selection and application of accounting policies and
evaluate whether the policies are appropriate for the entity's activities and consistent with policies used in the
relevant industry. This understanding is important for considering the risks of material misstatement at both the
financial statement and relevant assertion levels, including both misstatements due to fraud and those due to error.
The auditor's assessment of the appropriateness of the accounting policies that management has selected and
applied is an important element in determining what can go wrong in the preparation of financial statements and,
hence, in assessing risks of material misstatement.
APB Opinion No. 22, Disclosure of Accounting Policies (FASB ASC 23510053), explains that the accounting
policies of an entity are the specific accounting principles and the methods of applying those principles that are
judged by management of the entity as the most appropriate in the circumstance to present fairly financial position,
activities, and cash flows in conformity with GAAP (or an OCBOA). Thus, accounting policies include the account
ing principles as prescribed by relevant accounting pronouncements as well as the methods adopted to apply
those principles in the circumstances. When an accounting pronouncement permits an alternative in the way an
accounting principle is applied or does not dictate a specific method of application, management has to adopt a
method that is most appropriate in the circumstances. For example, SFAS No. 5, Accounting for Contingencies,
provides some guidance on estimating the loss for uncollectible receivables, but does not mandate a particular
method of estimation. Management needs to develop an accounting policy to determine when it is probable the
contractual amount of a receivable will not be collected and what the amount of the loss will be. The auditor needs
to obtain an understanding of the accounting policy and its application and evaluate the appropriateness in the
circumstances.
The auditor's understanding of management's selection and application of accounting policies includes the
following:
a. Relevant accounting pronouncements and industry specific practices.
b. The methods the entity uses to account for significant and unusual transactions.
c. The effect of significant accounting policies in controversial or emerging areas for which there is a lack of
authoritative guidance or consensus.
46

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

d. Changes in the entity's policies, including the reasons for the change and whether the change is
appropriate and consistent with GAAP (or an OCBOA).
e. Financial reporting standards and regulations that are new to the entity and management's plans to adopt
such requirements, including new accounting pronouncements.
f. The process used by management in formulating particularly sensitive accounting estimates.
g. The methods used to identify matters for disclosure and how the entity achieves clarity in disclosure.
The auditor uses the understanding of these aspects of management's selection and application of accounting
policies to identify audit areas of higher risk and to identify what could go wrong at the relevant assertion level. For
example, if the entity has to apply a relatively complex accounting pronouncement to a new type of significant
transaction, there ordinarily is a higher risk of material misstatement for the account balance affected, such as
properly valuing donated noncash assets or use of facilities. For items of disclosure, many auditors of smaller
entities assist management in preparing the financial statements. In those cases, identification and clarity of
required disclosures are often heavily influenced by the auditor. Therefore, the potential for risk may be mitigated
with respect to disclosure.
The auditor should use the understanding of management's selection and application of accounting policies along
with the identification of fraud risk factors to evaluate whether an overall response is necessary. SAS No. 99 (AU
316.50) notes that one of the ways in which judgments about the risk of material misstatement due to fraud have an
overall effect relates to accounting principles:
The auditor should consider management's selection and application of accounting principles,
particularly those related to subjective measurements and complex transactions.
In establishing the overall audit strategy, the auditor focuses on whether the accounting principles selected and
policies adopted are being applied in an inappropriate manner. If the auditor identifies a risk in this area, it is often
addressed by an overall response, such as the assignment of more experienced personnel and a higher level of
supervision, as well as by the selection of specific further audit procedures.
Risk Assessment Procedures. The nature and extent of the risk assessment procedures to obtain an understand
ing of the selection and application of accounting policies normally depend on factors such as:
The auditor's knowledge and experience with the client's industry.
The auditor's past experience with the client.
The degree of financial reporting sophistication of the client.
The extent of new accounting standards that are recently effective for the client.
The auditor's participation in assisting the client with the selection of accounting policies and the
preparation of the financial statements.
For many small nonprofit organization clients, the auditor is instrumental in both selecting accounting principles
and choosing the methods by which they are applied. Consideration of accounting policies for those clients
ordinarily will not be a timeconsuming process since the auditor already possesses much of the requisite knowl
edge. The auditor in those cases can generally confine inquiries of the client to matters such as the manner and
consistency of application.
For other situations where the auditor is not involved in the selection of accounting policies or has limited experi
ence with the client, the auditor may inquire about the matters discussed earlier. Also, the auditor may supplement
inquiries with a review of interim or prior year financial statements and supporting disclosures (for initial audits)
coupled with a thorough review and understanding of relevant accounting standards that are either new or
specifically applicable to the client's industry or its transactions.
47

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Fraud Risk Factors
When obtaining information about the entity and its environment, the auditor should consider whether the informa
tion indicates that fraud risk factors are present. That is, the auditor considers the existence of fraud risk factors
while performing other audit planning procedures. Auditors are not specifically required to look for fraud risk factors
during planning, but are required to consider, based on their knowledge of the entity and its environment, whether
fraud risk factors exist. Fraud risk factors are conditions or events that indicate incentives/pressure to perpetuate
fraud, opportunities to carry out the fraud, or attitudes/rationalizations to justify a fraudulent action. Fraud risk
factors may be related to fraudulent financial reporting or misappropriation of assets.
The identification of fraud risk factors is a natural byproduct of performing risk assessment procedures. Along with
the other information obtained about the entity and its environment, the fraud risk factors are an important
component in identifying the risks of material misstatement at the financial statement and relevant assertion levels.
The auditor's primary concern in considering fraud risk factors is to identify whether a risk factor is present and
should be considered in identifying and assessing risks of material misstatement due to fraud. The presence of a
particular fraud risk factor does not necessarily indicate the existence of fraud. Whether a risk factor is present and
should be considered in identifying and assessing the risks of material misstatement due to fraud is a matter of
professional judgment.
Examples of Fraud Risk Factors. SAS No. 99 provides examples of fraud risk factors that may be considered
when identifying and assessing the risks of material misstatement due to fraud. The risk factors presented in SAS
No. 99 are classified into factors related to fraudulent financial reporting and factors related to misappropriation of
assets. Because it may be helpful to consider fraud risk factors in the context of the conditions generally present
when fraud occurs, the standard further classifies the illustrative risk factors into conditions relating to incentives/
pressures, opportunities, and attitudes/rationalizations. It is important to note that these are only examples and the
auditor also may consider other risk factors not specifically listed in the standard. In fact, SAS No. 99 (AU 316.33)
states:
Although the risk factors cover a broad range of situations, they are only examples and,
accordingly, the auditor may wish to consider additional or different risk factors. Not all of these
examples are relevant in all circumstances, and some may be of greater or lesser significance in
entities of different size or with different ownership characteristics or circumstances.
Auditor's Considerations of Fraud Risk Factors. For misappropriation of assets, the consideration of fraud risk
factors is influenced by the degree to which assets susceptible to misappropriation are present. However, some
consideration should be given to risk factors related to incentives/pressures, opportunities arising from control
deficiencies, and attitudes/rationalizations for misappropriation, even if assets susceptible to misappropriation are
not material. One of the primary fraud risks in small nonprofit organizations is fraudulent cash disbursements, in
which case there is always an asset subject to misappropriation. Similarly, securities in the custody of a broker may
be susceptible to misappropriation through unauthorized trading. Therefore, there should always be some consid
eration of fraud risk factors related to misappropriation. In addition, when considering risk factors for misappropri
ation, the auditor may identify risk factors related to inadequate monitoring and weaknesses in internal control that
could also be present when fraudulent financial reporting occurs.
The presence of risk factors related to financial stress or dissatisfaction among employees is particularly important
when considering the risk of misappropriation of assets because those conditions often provide both incentive and
rationalization for theft. The auditor, during the course of the audit, may become aware of information that indicates
potential financial stress or dissatisfaction of employees with access to assets susceptible to misappropriation.
Examples include:
Anticipated layoffs that are known to employees.
Unfavorable changes in employee compensation or benefit plans.
Failure to receive promotions or other expected rewards.
Abusive or overbearing management coupled with unreasonable expectations.
48

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Known unusual changes in behavior or lifestyle.
Employees that are known to be experiencing significant personal financial obligations.
Behavior indicating dissatisfaction with the entity, including disregard for organization policies and
procedures.
If the auditor becomes aware of the presence of these or similar risk factors, he or she should consider them when
identifying the risks of material misstatement due to fraud.
One of the fraud risk factors related to fraudulent financial reporting states, Management is dominated by a single
individual (such as the executive director, development director, or program director) or small group without
compensating controls such as effective oversight by a board of directors or audit committee." What about
management dominance, then, in the nonprofit organization? It is believed domination of management by a single
individual does not, in and of itself, indicate a failure by management to display and communicate an appropriate
attitude regarding internal control and the financial reporting process. In fact, in many small entities, strong
management involvement actually can be a control strength in that there is a great deal of oversight of employees
throughout the process.
Auditors should consider the importance of the modifying language in the risk factors (such as inappropriate
means, unduly aggressive, etc.). For example, one such factor is: There is an excessive interest by management
in manipulating the organization's trends in contribution revenue, the change in net assets, or expense allocations
through the use of unusually aggressive accounting practices." Many nonprofit organizations have an interest in
reporting positive trends in contributions revenue and in minimizing supporting services expenses. The key
consideration, however, is whether management has shown an interest in manipulating the financial statements
through unusually aggressive accounting practices. This situation would likely be considered a fraud risk factor.
However, if management is interested in minimizing supporting services expenses through legitimate means, such
as allocations based on detailed time and use studies, then the auditor most likely would not consider this to be a
fraud risk factor.
If fraud risks are present, SAS No. 109 (AU 314.12) requires that the auditor should consider whether the
assessment of the risk of material misstatement due to fraud calls for an overall response, one that is specific to a
particular account balance, class of transaction, or disclosure at the relevant assertion level, or both." An overall
response is considered in establishing the overall audit strategy and a specific response is considered in develop
ing the detailed audit plan.

49

Companion to PPC's Guide to Audits of Nonprofit Organizations

50

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
13. Which auditing standard requires an understanding of the entity's internal control?
a. The second general standard
b. The third general standard
c. The second standard of fieldwork
d. The third standard of fieldwork
14. Which of the following statements is correct concerning understanding an entity and its environment?
a. SAS No. 109 is topically limited to fraud risk as it relates to the entity audited.
b. SAS No. 109 requires auditors to document their understanding of external factors.
c. Initial data concerning external factors will be obtained via analytical procedures.
d. Differences between forprofit and nonprofit entities should not affect the audit.
15. Which of the following statements is correct concerning measurement and review of the entity's financial perfor
mance?
a. The auditor should calculate key performance measures rather than relying on calculation results supplied
by management.
b. External party statistics are only as good as the information supplied by the client entity.
c. Performance measures can increase the risk of material misstatement in the client's financial statements.
d. The sophistication of the entity has no bearing on the procedures used by the auditor concerning measure
ment and review of the entity's financial performance.
16. Which of the following statements is correct concerning fraud risk factors?
a. Auditors consider fraud risk factors as a separate procedure.
b. Auditors must look for fraud risk factors during planning.
c. Fraud risk factors may relate to fraudulent financial reporting or defalcation.
d. Events, opportunities, and attitudes must all be present to form a fraud risk factor.

51

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
13. Which auditing standard requires an understanding of the entity's internal control? (Page 39)
a. The second general standard [This answer is incorrect. The second general standard requires the auditor
to maintain an attitude of independence.]
b. The third general standard [This answer is incorrect. The third general standard requires the auditor to
exercise due professional care.]
c. The second standard of fieldwork [This answer is correct. The second standard of fieldwork
requires the auditor to understand the entity and its environment, including its internal control,
sufficiently to assess the risk of material misstatement of the financials caused by error or fraud.]
d. The third standard of fieldwork [This answer is incorrect. The third standard of fieldwork concerns obtaining
sufficient audit evidence to afford a basis for an opinion regarding the financial statements being audited.]
14. Which of the following statements is correct concerning understanding an entity and its environment? (Page
40)
a. SAS No. 109 is topically limited to fraud risk as it relates to the entity audited. [This answer is incorrect. SAS
No. 99 is topically limited to fraud risk. SAS No. 109 concerns the risk of material misstatement of the
financial statements, whether from error or fraud.]
b. SAS No. 109 requires auditors to document their understanding of external factors. [This answer
is correct. SAS No. 109 requires auditors to document key elements of the understanding obtained
for each of the aspects of the entity and its environment. An understanding of external factors that
may affect the entity, its environment, and its performance is one such aspect.]
c. Initial data concerning external factors will be obtained via analytical procedures. [This answer is incorrect.
Normally, auditors will use inquiry procedures to gather initial information concerning external factors that
may affect the entity.]
d. Differences between forprofit and nonprofit entities should not affect the audit. [This answer is incorrect.
Differences such as donor and grant restrictions and legal requirements can create audit requirements for
a nonprofit that are more stringent than those for a forprofit enterprise of similar size.]
15. Which of the following statements is correct concerning measurement and review of the entity's financial perfor
mance? (Page 45)
a. The auditor should calculate key performance measures rather than relying on calculation results supplied
by management. [This answer is incorrect. The auditor should consider whether the information supplied
by management is reliable and suitable for the auditor's needs.]
b. External party statistics are only as good as the information supplied by the client entity. [This answer is
incorrect. External party information can include information concerning the industry as a whole, and
information from other third parties such as credit reports and reports of vendors and creditors.]
c. Performance measures can increase the risk of material misstatement in the client's financial
statements. [This answer is correct. Pressures and incentives resulting from the use of performance
measures may induce management to manipulate financial results in order to achieve the desired
target or stay within the desired parameters.]
d. The sophistication of the entity has no bearing on the procedures used by the auditor concerning
measurement and review of the entity's financial performance. [This answer is incorrect. Size and
52

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

sophistication of the entity are often a factor in the procedures chosen by the auditor concerning
measurement and review of the client entity's financial performance. For instance, a small entity may not
prepare formal analysis and reports. In such a case, the auditor would begin with inquiry to determine the
indicators considered important and used by management.]
16. Which of the following statements is correct concerning fraud risk factors? (Page 48)
a. Auditors consider fraud risk factors as a separate procedure. [This answer is incorrect. Fraud risk factors
are considered during planning.]
b. Auditors must look for fraud risk factors during planning. [This answer is incorrect. Auditors are not
required to look for fraud risk factors during planning, but must consider whether such factors exist.]
c. Fraud risk factors may relate to fraudulent financial reporting or defalcation. [This answer is correct.
Fraud risk factors can relate to misappropriation of assets as well as to fraudulent financial
reporting.]
d. Events, opportunities, and attitudes must all be present to form a fraud risk factor. [This answer is incorrect.
Any combination of these factors should be taken into account as the auditor assesses fraud risk.]

53

Companion to PPC's Guide to Audits of Nonprofit Organizations

54

NPOT09

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

EXAMINATION FOR CPE CREDIT
Lesson 1 (NPOTG091)
Determine the best answer for each question below. Then mark your answer choice on the Examination for CPE
Credit Answer Sheet located in the back of this workbook.
1. Which of these standards establishes key requirements and provides guidance affecting preliminary audit
planning?
a. SAS No. 56, Analytical Procedures
b. SAS No. 110, Performing Audit Procedures in Response to Assessed Risks…
c. SAS No. 65, The Auditor's Consideration of the Internal Audit Function…
d. SAS No. 99, Consideration of Fraud in a Financial Statement Audit
2. Which of the following is a preliminary engagement activity?
a. Establish preliminary audit strategy
b. Perform preliminary analytical procedures
c. Engagement team discussion
d. Issue an engagement letter
3. Which of the risk assessment procedures explicitly required by SAS Nos. 108 and 109 is not also required by
SAS 99?
a. Inquiries of management
b. Preliminary engagement activities
c. Observation and inspection
d. Engagement team discussion
4. Richard Jeffries, CPA, has been engaged by Kenco LTD to conduct an audit of the fiscal year just ended. This
is Jeffries third consecutive engagement for Kenco. During the previous year, Kenco paid off its line of credit
and ended the receivables assignment and lockbox arrangement with its bank; all receivable receipts are now
being handled inhouse. What should Jeffries do concerning risk assessment procedures in this area?
a. Increase the extent of the procedures and include walkthroughs
b. Contact bank management concerning the arrangement
c. Rely on previous audits to limit analytical procedures
d. Rely on management responses to auditor inquiries concerning the change

55

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

5. The Yellow Book is an authoritative resource for audits of governmental entities.
a. True
b. False
c. Do not select this answer choice.
d. Do not select this answer choice.
6. Concerning fraudrelated inquiries, the auditor is not required to ask which of the following questions?
a. Are you aware of actual fraud within your organization?
b. Do you have reason to suspect fraud is occurring?
c. Are you now committing, or have you ever committed, fraud?
d. Do you have reason to suspect your superior of committing fraud now or in the past?
7. When documenting risk assessment procedures in compliance with SAS Nos. 109 and 103, documenting
which of the following characteristics is recommended?
a. The name and job title of the person suspected of fraud
b. The date of the inquiry
c. The nature of the infraction
d. The date the person was first suspected
8. Which of the following statements is correct concerning analytical procedures?
a. Analytical procedures should be completed prior to the beginning of fieldwork.
b. To be effective, there must be plausible relationships and reasonable expectations.
c. Benchmarks are unnecessary for analysis concerning small nonprofit organizations.
d. Such analysis normally uses information aggregated at a relatively low level.
9. Which of the following is one of the specialized ratios mentioned in the text for ratio analysis of a specific
nonprofit?
a. Federal to nonfederal funds ratio
b. Fundraising expense ratio
c. Contribution revenue ratio
d. Program expenses to total expenses ratio

56

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

10. The auditor can limit documentation of preliminary analytical procedures.
a. True
b. False
c. Do not select this answer choice.
d. Do not select this answer choice.
11. SAS No. 99 indicates that which of the following should be discussed by the audit team as a specifically
fraudrelated matter?
a. Personnel changes in the client's organization
b. Complexity of transactions
c. Decisions concerning planning materiality and tolerable misstatement
d. Internal and external pressures
12. Which of the following is not one of the items required to be documented by SAS No. 109 regarding audit team
discussion?
a. When the discussion occurred
b. Subject matter discussed
c. Names and job titles of client management
d. Significant decisions concerning planned responses at the relevant assertion level
13. Which of the following statements is correct concerning the audit team's understanding of the entity and its
environment?
a. The process of understanding the client's activities should be completed by the end of the planning
process.
b. Each member of the audit team must fully understand the client's activities in order to properly assess risk.
c. The audit team should establish planning materiality that will remain appropriate throughout the audit.
d. Understanding regulatory factors is important to the audit team's understanding of the client entity.
14. Which of the following statements is correct concerning the nature of a nonprofit entity and risk assessment
factors to be considered by the auditor?
a. Program service fees are generally not material as a class of transactions concerning client revenue
sources.
b. A ratio of the number of contributors to the average contribution could indicate the level of risk of material
misstatement of revenue.
c. Determining whether strategies align with objectives is an issue for a management audit, and is outside
the scope of a financial statement audit.
d. The governing board for a nonprofit organization should not contain members of management.
57

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

15. Which of the following statements is correct concerning the entity's selection, application, and disclosure of
accounting policies?
a. Risk of misstatement with respect to disclosure may actually increase if the auditor has helped prepare the
client's financial statements and items of disclosure.
b. According to APB Opinion No. 22, the entity's accounting policies are both the specific accounting
principles and the methods of applying them.
c. The auditor's understanding of the entity's selection, application, and disclosure of accounting policies is
limited to GAAP.
d. Consideration of the application and disclosure of accounting policies at the relevant assertion level
negates the need for financial statement level consideration.
16. Jason Malone, CPA, is conducting the annual audit of the financial statements of Gregory Inc. Malone is
determined that a risk of fraud exists. What should Malone do next?
a. Notify management immediately and prepare to issue a disclaimer
b. Notify the authorities
c. Consider this factor in risk assessment
d. Consult legal counsel

58

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Lesson 2: PLANNING THE AUDIT
INTRODUCTION
When planning the audit, knowledge and understanding of the client entity's internal controls is essential to
assessing risk and determining the audit procedures to be performed; this includes consideration of the role IT
plays in processing and securing the client's data, and how this may impact the audit. The auditor must also set
materiality benchmarks and develop an overall audit strategy. These issues, as well as the auditor's responsibility
related to fraud detection are discussed in this lesson.
Learning Objectives:
Completion of this lesson will enable you to:
Examine the various elements and issues concerning internal control including the basic components, the
effect of IT, the control environment, risk assessment, etc.;
Describe setting materiality benchmarks, assessing risk of misstatement at the financial statement level, and
establishing overall audit strategy;
Explain the types of misstatements related to fraud, discuss the auditor's responsibility for fraud detection and
the fraud risk assessment process, etc.; and
Examine various issues concerning substantive procedures including transaction testing, establishing fiscal
cutoffs, etc., summarize general planning procedures, and summarize miscellaneous issues related to
performing the audit, including estimating and managing time.

UNDERSTANDING INTERNAL CONTROL
SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement,
provides guidance to auditors related to consideration of internal control as part of an audit. It also provides
guidance about how the entity's use of information technology (IT) affects the auditor's consideration of internal
control in planning the audit. SAS No. 109 (AU 314.40) requires auditors to obtain an understanding of internal
control that is sufficient to assess the risk of material misstatement of the financial statements due to error or fraud
and design the nature, timing, and extent of further audit procedures. This section provides an overview of the
general requirements of SAS No. 109 related to obtaining an understanding of internal control. Guidance is
provided on the nature and extent of the auditor's understanding, the requirement to understand controls related to
significant risks and risks for which substantive procedures alone are not sufficient, and the effect of information
technology on internal control. This course also provides a practical stepbystep approach for obtaining an
understanding of internal control, which involves focusing on key controls and control objectives to effectively and
efficiently evaluate the design and implementation of controls relevant to the audit. Detailed guidance on evaluating
the design and implementation of entitylevel controls is provided. Detailed guidance on evaluating the design and
implementation of activitylevel controls is provided.
Components of Internal Control
SAS No. 109 requires an understanding of five interrelated components of internal control defined and described
in COSO's Internal Control Integrated Framework. Those components are as follows:
a. Control environment.
b. Risk assessment.
c. Information and communication.
d. Monitoring.
e. Control activities.
59

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

In assessing the risk of material misstatement of the financial statements to develop an overall audit strategy,
auditors generally focus on obtaining an understanding of the control environment, risk assessment, information
and communication, and monitoring components, typically obtaining an understanding of the control environment
first. The understanding of control activities is not needed until planning the nature, timing, and extent of further
audit procedures at the assertion level. As a practical matter, however, auditors often obtain an understanding of
control activities while obtaining an understanding of the other control components. As an entity's operations and
systems become more complex, auditors often need to increase their understanding of the internal control
components to obtain a sufficient understanding to assess the risk of material misstatement of the financial
statements and to plan the nature, timing, and extent of further audit procedures.
Throughout this discussion, this course refers to the internal control components of control environment, risk
assessment, information and communication (excluding the financial reporting system), and monitoring as entity
level" controls. Those controls typically have a pervasive effect on the entity's system of internal control and can,
therefore, potentially influence the design and operating effectiveness of other controls. This course refers to the
financial reporting system (along with the IT environment and general computer controls) and the control activities
component of internal control as activitylevel" controls.
Nature of the Auditor's Understanding
SAS No. 109 requires auditors to obtain a sufficient understanding of the five components of internal control to
assess risk and design the nature, timing, and extent of further audit procedures. To obtain that understanding, the
SAS requires auditors to perform risk assessment procedures to (a) evaluate the design of controls that are relevant
to the audit and (b) determine if they have been implemented. A key consideration is whether and how the entity's
internal control prevents, or detects and corrects, material misstatements in relevant assertions related to transac
tion classes, account balances, or disclosures.
Thus, an understanding of internal controls incorporates two primary elements the evaluation of the design of the
control and a determination of whether it has been implemented. Evaluation of design considers whether the
control, individually or in combination with other controls, is capable of effectively preventing or detecting and
correcting material misstatements. In other words, the auditor considers the effectiveness of the control in achiev
ing its objective. If a control is improperly designed, a control deficiency may exist that needs to be communicated
to management and those charged with governance as more fully described in SAS No. 115, Communicating
Internal Control Related Matters Identified in an Audit (AU 325).
It is not enough to simply determine whether a control as described or documented is effective in design. Many
sophisticated entities have extensive policies and procedures manuals that provide intricate descriptions of con
trols, their objectives, and the procedures that should be followed to achieve the objectives. The documentation of
a control procedure, however, does not demonstrate that the control is actually being used. The auditor, therefore,
should also determine if the control, as documented or described, actually exists and the entity is using it. In other
words, the auditor should use risk assessment procedures to obtain audit evidence that the control has been
implemented. Generally, the auditor uses procedures such as observation or inspection, along with inquiries, to
verify implementation. Inquiry alone is not sufficient to evaluate the design of a control and determine if it has been
implemented.
Extent of the Auditor's Understanding
The overriding requirement for the understanding of internal control is that it should be sufficient to assess the risk
of material misstatement of the financial statements due to error or fraud and to design the nature, timing, and
extent of further audit procedures. Obtaining an understanding that is sufficient to assess the risks of material
misstatement requires the auditor to develop a fairly thorough and robust knowledge of the components of internal
control. That is primarily because the auditor is required to have, and document, the basis for his or her risk
assessment. Under the risk assessment standards, the auditor is not permitted to simply default to high control risk.
However, SAS No. 109 (AU 314.48) clearly indicates that the extent of the understanding of internal controls that is
sufficient is a matter of professional judgment.
In most cases, the auditor's understanding of internal control will be more comprehensive than the understanding
of the other aspects of the entity and its environment, and obtaining it will require more time. In addition, for initial
60

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

audit engagements, the effort and time to gather information on the components of internal control that is sufficient
to assess risk will most likely exceed that necessary for engagements in following years. However, in general terms,
the extent of the understanding, along with the nature, timing, and extent of the risk assessment procedures
performed to obtain the understanding, are affected by factors such as the following:
The auditor's prior experience with the client.
Materiality and tolerable misstatement.
Size of the entity.
Organization and ownership (such as country club membership) characteristics.
Number and nature of operating locations and subsidiaries.
Degree of diversity of systems within the organization, including the use of service organizations.
Nature of the client's industry.
Applicable legal and regulatory requirements.
Level of activity and financial sophistication of the client.
The results of preliminary engagement activities and the auditor's understanding of the entity and its environment
other than internal control generally influence the extent of the understanding of internal control components. Most
of the factors noted in the preceding paragraph are determined to a major degree when the auditor performs risk
assessment procedures to understand the entity and its environment. Furthermore, that understanding often
results in the identification of risks of material misstatement that further shape the direction, extent, and depth of the
auditor's understanding of internal control. (However, the auditor should be aware that additional risks of material
misstatement may be identified when obtaining an understanding of internal control and by performing further audit
procedures.) Therefore, it is recommended that the auditor perform risk assessment procedures related to the
understanding of the entity and its environment prior to obtaining an understanding of internal control.
Because the extent of understanding of internal control is a matter of professional judgment, auditors will often
struggle over what controls or combinations of controls to assess. The auditor should remember that it is not
necessary to obtain an understanding of every control at the client. To do so would be cost prohibitive and simply
unnecessary for most audit engagements. Rather, the auditor's focus should be on those key controls that are
relevant to the audit. As indicated previously, the auditor must make an informed judgment as to the controls or
combination of controls to assess. Although the extent of the auditor's understanding is a matter of professional
judgment, SAS No. 109 provides certain specific requirements related to the understanding of internal control
components. In addition, according to SAS No. 109, the auditor should understand and evaluate the following
matters, which may relate to any of the five components:
The design and implementation of controls, including relevant control activities, related to significant risks
(AU 314.115).
The design and implementation of controls, including relevant control activities, related to risks for which
substantive procedures alone are not sufficient (i.e., risks requiring tests of controls to obtain sufficient audit
evidence) (AU 314.117).
The effect of IT on internal control, specifically how IT affects control activities that are relevant to the audit
(AU 314.92).
Understanding Controls Related to Significant Risks and Risks for Which Substantive Procedures Alone
are Not Sufficient
The auditor's understanding of internal control should include the entity's programs and controls that address risks
of material misstatement that are considered significant risks. Fraud risks are always considered to be significant
61

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

risks. Therefore, after completing his or her risk assessment procedures to evaluate internal control design and
implementation, the auditor should consider whether a sufficient understanding has been obtained of controls that
would prevent, or detect and correct, material misstatements related to fraud risks or other significant risks. If not,
the auditor should perform additional risk assessment procedures directed at gaining an understanding of controls
relating to those risks.
Programs and controls addressing fraud risks or other significant risks may relate to any of the five components of
internal control; thus, the auditor should use care not to isolate the understanding to only the control activities
component. The auditor should be alert to the fact that fraud risks or other significant risks may not be subject to
routine controls given the nature of the risk. Also, the auditor's understanding should extend to whether and how
management responds to those risks.
Controls that address fraud risks frequently relate to the following:
a. Control Environment. Fraud programs designed to prevent, deter, and detect fraud. For example, programs
to promote a culture of honesty and ethical behavior.
b. Control Activities. Specific controls designed to mitigate specific risks of fraud. For example, controls to
address specific assets susceptible to misappropriation.
As with other controls, the auditor should evaluate whether the programs and controls that relate to significant risks
are suitably designed and implemented and assess the risks of material misstatement due to error or fraud in light
of this evaluation. The existence (or lack of) these programs and controls might either mitigate or increase the risks
of material misstatement. The auditor should be sure to consider the control activities that are relevant to account
balances with a significant inherent risk of misappropriation of assets. The risk of misstatement due to fraud for
misappropriation of assets always depends on whether there are controls to prevent or detect concealment or theft
in the accounting records.
In addition to understanding and evaluating controls related to significant risks, auditors are required to understand
and evaluate controls related to risks for which substantive procedures alone are not sufficient. For those risks, the
auditor will have to perform tests of the operating effectiveness of controls to obtain sufficient audit evidence.
Therefore, the auditor needs an understanding of the design of relevant controls and confirmation that they have
been implemented before he or she can design and perform appropriate control tests.
Effect of Information Technology (IT) on Internal Control
SAS No. 109 does not address IT as a separate component of internal control it discusses how IT fits into internal
control. While the SAS does not require that auditors take a different approach in considering internal control when
an entity uses IT, it indicates that auditors should consider how IT affects an entity's internal controls because IT
affects the way transactions are initiated, authorized, recorded, processed, and reported. The effect on the client's
internal control is related more to the nature and complexity of the system than to the client's size. Many small and
midsize nonprofit organizations have simple computer operations. Typically, they use personal computers, which
may be linked in a local area network (LAN), and purchased software packages for specific applications, such as
accounts receivable. However, some entities may have internal control that is heavily dependent on information
technology. Use of the Internet or any other information technology does not necessarily mean that an entity's
internal control is heavily dependent on IT.
An entity with a simple computer system may use primarily paperbased manual procedures to enter contributions,
and maintain accounts receivable. The client may also use manual controls, such as approvals, reconciliations,
reviews, and followup of exceptions. In a system that uses automated procedures to initiate, record, process, and
report transactions, electronic records replace many of the paper forms. Controls in that environment generally
consist of a combination of automated and manual controls. Automated controls include processes such as edit
and validation routines embedded in computer programs. In addition, the nature of the manual controls may be
different. Manual controls in an automated system may be independent of the computer system, may use informa
tion produced by the system, or may be limited to monitoring the automated controls and handling exceptions. The
mix of manual and automated controls varies with the nature and complexity of the client's system.
62

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

As noted in SAS No. 109 (AU 314.62), the use of manual controls is often more effective when judgment and
discretion are needed. For example, manual controls would generally be more appropriate in the following
situations:
Large, unusual, or nonrecurring transactions.
When monitoring the effectiveness of automated controls.
In changing circumstances where a control response may be needed outside of the scope of an automated
control.
In circumstances where misstatements are difficult to anticipate, define, or predict.
However, automated controls may be more effective than manual control in other circumstances. Since manual
controls are performed by humans, they may be subject to override, misinterpretation, errors, or bypass. As a
result, automated controls may be more suitable in the following circumstances:
Recurring transactions or high volume.
Situations where errors can be anticipated or predicted and prevented or detected by control parameters
subject to automation.
Control activities where their nature allows the use of properly designed automated control processes.
Benefits and Risks of IT. The use of computers may enhance the effectiveness and efficiency of the client's
internal control because of the consistency, timeliness, and accuracy inherent in automated systems. Use of
computers also offers benefits in terms of data analysis, monitoring entity performance, reduced risk of override,
and systems and data security. For example, in a computerized system, security controls can help achieve
segregation of duties. However, the use of computers also poses certain risks to a client's internal control, such as:
Reliance on systems or programs that are inaccurately processing data or processing inaccurate data.
Unauthorized access to data that may result in destruction of data or improper changes to data.
Unauthorized changes to master file data.
Unauthorized changes to systems or programs.
Failure to change systems or programs when necessary.
Inappropriate manual intervention.
Loss or inability to access data.
The extent and nature of those risks depends on the nature and characteristics of the client's system. In many
systems, users can access a common database of information that affects financial reporting. A lack of control at
a single user entry point could compromise the security of the database and result in improper changes to or
destruction of data. For example, if there are improper controls over the rights and functions of a database
administrator, there may be a risk of error or fraud due to unauthorized data manipulation. Similarly, risks may be
higher if the client uses an integrated system where various software applications share data. If the applications
were provided by different vendors or their integration was not subject to proper controls, the entity may have a
higher risk of material misstatements.
In many IT environments, the processing of information is decentralized. For example, in a serverclient" arrange
ment, a central server hosts various clients and processing occurs both centrally on the server and remotely by
various clients. As a result, the IT environment is much more open than in the days when all IT processing was
confined to a mainframe computer. These environments can present a higher element of risk given a wider range
63

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

of access to data and processing by a variety of users. The range of threats to data and financial reporting may
range from unauthorized access to data and processing to the introduction of computer viruses.
In today's IT computing environments, the processing of financial data often is not confined within formally
developed or vendor supplied software applications. In many cases, users may access a database warehouse and
import data into a spreadsheet program for processing outside of a formal" application. Among other things, the
output of the spreadsheet application might be used as input for a standard software application, support for
journal entries, or support for disclosure information. However, in many cases, unlike the controls over the develop
ment or integration of standard software applications, spreadsheet applications developed by users might not be
subject to any formalized controls. For example, spreadsheet results may not be subjected to formalized testing or
there may be no controls over access, modification, or the use of multiple versions of a spreadsheet application.
Considering IT Risks. SAS No. 109 (AU 314.96) notes that the auditor should consider whether the entity has
established effective controls that adequately respond to the risks that arise from IT. Such controls not only include
properly designed and implemented application controls, but the general controls upon which application controls
depend. The AICPA Risk Assessment Audit Guide (paragraph 4.63) notes that the auditor should evaluate the
design of IT general controls and determine whether they have been implemented when assessing the risks of
material misstatement. The auditor should consider testing general controls when they plan to rely on IT application
controls to modify the nature, timing, and extent of substantive tests.
Other Considerations. In addition to the risks of material misstatement due to error or fraud that IT may introduce,
the auditor should be aware that the use of IT may affect the availability of information needed for the audit.
Furthermore, in certain situations the auditor may be precluded from using only substantive procedures when the
role of IT is significant to the processing of transactions. For example, in highly automated processing with little or
no manual intervention where information is initiated, authorized, recorded, processed, or reported electronically,
the auditor may determine that detection risk cannot be adequately reduced without testing the operating effective
ness of controls.
Considering Whether Specialized IT Skills Are Needed to Understand Internal Control. Auditors should
consider whether specialized IT skills are needed to determine the effect of IT on the audit, understand the IT
controls, or design and perform tests of IT controls or substantive procedures. The decision to use an IT specialist
is a matter of auditor judgment. SAS No. 108 (AU 311.23) states that auditors should consider the following factors
in determining whether the audit team should include individuals that possess specialized IT skills:
The complexity of the entity's systems and IT controls and the manner in which they are used in conducting
the entity's activities.
The significance of changes made to existing systems or the implementation of new systems.
The extent to which data is shared among systems.
The extent of the entity's participation in electronic commerce.
The entity's use of emerging technologies.
The significance of audit evidence that is available only in electronic form.
An IT specialist may be either a member of the auditor's firm or an outside professional.
If the auditor uses an IT specialist on the engagement team, the auditor should be knowledgeable enough to
communicate the audit objectives to the specialist, evaluate whether the procedures performed by the specialist
meet the auditor's objectives, and determine the effects of the procedures on the nature, timing, and extent of other
planned procedures. That does not mean auditors have to be experts in information technology. The auditor's
responsibility when using a computer specialist is the same as for other members of the engagement team, as
provided by SAS No. 108, Planning and Supervision (AU 311). To effectively supervise an IT specialist, auditors
need a basic understanding of computer applications and controls, especially those most relevant to particular
client systems. That understanding can be gained from experience with the client or from attending training classes
64

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

or seminars. The extent of the understanding will vary with the nature of the entity's IT environment. If the firm uses
an outside professional, the guidance in SAS No. 73 (AU 336) should be considered.
Government Auditing Standards Requirements. When specialists are used on Yellow Book audits, the auditor has
additional matters to consider. Those matters relate to independence, technical knowledge, and continuing profes
sional education.
How Are the Results of the Understanding Used?
The understanding of internal control should be sufficient to assess the risks of material misstatement and to design
the nature, timing, and extent of further audit procedures. Specifically, the understanding is used to:
Identify types of potential misstatements.
Consider factors that affect the risks of material misstatement.
Design tests of controls, when applicable, and substantive procedures.
In addition, the understanding provides audit evidence that contributes to the auditors planned responses to
assessed risks and the performance of further audit procedures. This evidence is an element of the auditor's
cumulative audit evidence that ultimately supports the opinion on the financial statements. The auditor should be
alert for risks that may be identified during the process of obtaining an understanding of internal controls.
Normally, the auditor's understanding of internal control design and implementation is not sufficient to serve as
testing the operating effectiveness of controls. The same types of procedures performed to determine if a control
has been implemented (e.g., observation, inspection of documents, reperformance, and walkthroughs) are also
used when testing controls for operating effectiveness. However, the extent of the procedures to determine
implementation may fall short of what is needed to determine operating effectiveness because tests of operating
effectiveness need to provide audit evidence about how controls were applied throughout the period under audit
and the consistency with which they were applied. However, in some cases, the auditor's procedures may serve
both purposes. For example, a walkthrough can serve as a test of operating effectiveness and in some cases, along
with other procedures that test operating effectiveness, can provide a valid basis for assessing control risk at less
than high. In addition, for an automated control where consistency of application would normally occur assuming
the existence of effective IT general controls, the auditor may be able to determine operating effectiveness based
on procedures performed to establish that the control has been implemented and the auditor's assessment and
testing of the related general controls.

65

Companion to PPC's Guide to Audits of Nonprofit Organizations

66

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
17. Which of the following items is considered an entitylevel control by the text?
a. Control environment
b. Risk tolerance
c. Information technology
d. Control activities
18. Which of the following IT environments has the lowest degree of risk to the client's internal control?
a. A dedicated data processing department entering accounting data received from other departments into a
mainframe computer.
b. A peertopeer network with one user PC designated to receive data entry and store accounting data for the
entity as a whole.
c. A clientserver LAN with a dedicated server, a robust server operating system, userlevel network security,
and secure, distributed processing of accounting data.
d. A wireless network storing accounting data on a multiuser filesharing networked hard drive, with client
processing via multiple offtheshelf software packages.

67

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
17. Which of the following items is considered an entitylevel control by the text? (Page 60)
a. Control environment [This answer is correct. Control environment, risk assessment, information
and communication, and monitoring are all considered entitylevel controls.]
b. Risk tolerance [This answer is incorrect. Risk assessment is considered an entitylevel control.]
c. Information technology [This answer is incorrect. Information and communication is considered an
entitylevel control.]
d. Control activities [This answer is incorrect. Control activities are a component of internal control, but are
not considered an entitylevel control.]
18. Which of the following IT environments has the lowest degree of risk to the client's internal control? (Page 63)
a. A dedicated data processing department entering accounting data received from other departments
into a mainframe computer. [This answer is correct. This type of system is less prevalent in today's
PCdominated environment, but it is generally much more secure than peertopeer networks or a
LAN particularly one using multiple canned software packages that share a common database.]
b. A peertopeer network with one user PC designated to receive data entry and store accounting data for
the entity as a whole. [This answer is incorrect. The designated PC can serve as an access point for
unauthorized entry and data alteration. This PC can also crash while in use, leaving data in an unstable,
and perhaps unusable, state. The fact that the PC is also being used as a workstation also increases the
possibility of viruses being introduced from the Internet or from removable media.]
c. A clientserver LAN with a dedicated server, a robust server operating system, userlevel network security,
and secure, distributed processing of accounting data. [This answer is incorrect. Distributed processing
can be good for minimizing network traffic and server load, but bad for data integrity. Poor version control
can result in multiple versions of software being used to update the same data fields and databases. Client
computer problems involving the CPU, memory utilization, background services, registry problems, and
a host of other issues can cause the client to crash. Lack of rollback ability in the database software can
mean incomplete records or weak data bits reside in the database that can cause loss of data integrity.]
d. A wireless network storing accounting data on a multiuser filesharing networked hard drive, with client
processing via multiple offtheshelf software packages. [This answer is incorrect. Multiple offtheshelf
packages could mean that data can be adversely affected by the unintended consequences of such
canned software packages being improperly designed to share the same databases. It could also mean
manual points of entry are available to override or alter data. The wireless network can also be more
susceptible to hacking than a wired network via the broadcast signal.]

68

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

UNDERSTANDING ENTITYLEVEL CONTROLS
This course refers to the internal control components of the control environment, risk assessment, information and
communication (excluding the financial reporting system), and monitoring as entitylevel" controls. These controls
typically have a pervasive effect on the entity's system of internal control and can, therefore, potentially influence
the design and operating effectiveness of other controls. Also, the auditor generally accumulates a significant
amount of knowledge about activitylevel controls, through the understanding of entitylevel controls. As a result,
the authors recommend that auditors obtain an understanding of the entitylevel control components first, begin
ning with the control environment.
Control Environment
What Is the Control Environment? The control environment sets the tone of an entity and influences the control
consciousness of its people. The control environment is the foundation for all other components of internal control
and provides structure and discipline. Among the important elements of the control environment are the attitude,
awareness, and actions of management, as well as those charged with governance, concerning internal control.
The control environment of an organization includes the following elements:
Participation of those charged with governance.
Communication and enforcement of integrity and ethical values.
Management's philosophy and operating style.
Organizational structure.
Human resource policies and procedures.
Assignment of authority and responsibility.
Commitment to competence.
An entity's control environment is a significant factor when considering the risks of material misstatement due to
error or fraud. The integrity of management often plays a significant role in establishing a strong control environ
ment. For example, although an entity might not have a written code of conduct, it might still have a culture that
emphasizes the importance of integrity and ethical behavior. That culture will be instilled through the visibility and
direct involvement of top management. Obtaining an understanding of the control environment of a small or
midsize nonprofit organization need not be a complex process. The term is more formal and imposing than the idea
behind it. The control environment is simply the conditions and circumstances that exist within the entity that
demonstrate management's attitude about controls and other indicators of management's integrity and motivation.
The auditor should obtain a sufficient knowledge of the control environment as a result of performing risk assess
ment procedures to understand the attitudes, awareness, and actions of management and those charged with
governance concerning internal control and its importance in achieving reliable financial reporting. The responsibi
lities assumed by management and those charged with governance related to financial reporting are particularly
important. For example, the auditor should identify the members of management, and directors if any, who are
expected to understand the entity's operating transactions and to evaluate whether they are appropriately reflected
in the financial statements. The auditor considers both (a) the aspects of the control environment that help insure
the integrity of financial reporting (that is, the key control environment controls) and (b) any control environment
weaknesses that could have a pervasive effect on the financial statements.
Characteristics of Nonprofit Organizations That Affect Internal Control. The Audit Guide, Paragraphs 2.47.48,
describes characteristics that make nonprofit organizations different from other entities. A nonprofit organization
typically:
Uses organization resources to accomplish its mission rather than to generate net income.
69

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Must comply with provisions of statutes, contractual agreements, terms of grants and trust agreements,
or similar limitations.
Is eligible for taxexempt status under Section 501 of the IRC, but may be subject to tax on income from
activities not related to its taxexempt purpose.
Also, the following general characteristics of nonprofit organizations usually affect internal control:
A volunteer governing board, many of whose members serve for limited terms.
A limited number of staff personnel, sometimes too few to provide the appropriate segregation of duties.
A mixture of volunteers and employees participating in operations. Depending on the size and other
features of the organization, daytoday operations sometimes are conducted by volunteers instead of
employees. The manner in which responsibility and authority are delegated varies among organizations.
This may affect control over financial transactions, particularly with respect to authorization.
A budget approved by the governing board. The budget may serve as authorization for the activities to be
carried out by management in attaining the organization's program objectives. Many nonprofit
organizations prepare budgets for both operating and capital expenditures.
The presence of scrutiny by outside parties and externally imposed audit and compliance requirements may have
a positive influence on control consciousness; however, the first three characteristics above may result in a poor
control environment in the typical nonprofit organization. This observation is not meant to impugn the integrity or
motivation of nonprofit management, but when these characteristics are present, the auditor usually must assess
control risk as high and take a primarily substantive approach to the audit in some key areas. The fourth character
istic of budgets approved by the governing board for operating and capital expenditures may provide a basis for
assessing control risk at less than high for some or all major classes of expense transactions. However, nonprofit
management must monitor variations from budget closely and follow up on significant variations promptly for this
characteristic to have any effect on the auditor's assessment of control risk.
Control Objectives. When obtaining an understanding of internal control, many auditors consider control objec
tives during the process of identifying controls and evaluating their design and implementation. Controls are
properly designed and implemented if (a) they achieve the control objectives and (b) the entity is using them.
Exhibit 21 provides a list of control objectives for each of the elements discussed above.
Exhibit 21
Control Objectives Control Environment
Control Environment Element

Control Objective

Participation of those charged with governance.

Those charged with governance are actively
involved and have significant influence over the
entity's internal control environment and its finan
cial reporting.

Communication and enforcement of integrity and
ethical values.

Management, through its attitudes and actions,
demonstrates character, integrity, and ethical val
ues. Sound integrity and ethical values, particularly
of top management, are developed and set the
standard of conduct for the organization and
financial reporting.

70

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Control Environment Element

Control Objective

Management's philosophy and operating style.

Management's philosophy and operating style are
consistent with a sound control environment and
have a pervasive effect on the entity. Management
analyzes the risks and benefits of new ventures,
assesses turnover among employees, investigates
and resolves improper business practices, views
accounting as a means to monitor and control the
various activities of the organization, and adopts
accounting policies that reflect the economic reali
ties of the organization.

Organizational structure.

The organizational structure of the entity is appro
priately designed to promote a sound control
environment. Authority and responsibility, appropri
ate reporting lines, and free flow of information
across the organization provide unfettered influ
ence to effectively run the entity and support
effective financial reporting.

Human resource policies and procedures.

Human resource policies and procedures send
messages to employees regarding expected levels
of integrity, ethical behavior, and competence.

Assignment of authority and responsibility.

The entity assigns authority and responsibility to
provide a basis for accountability and control.

Commitment to competence.

The entity is committed to competence in the
requirements of particular jobs and in translating
those requirements into knowledge and skills.

*

*

*

Risk Assessment Procedures and Factors to Consider. When obtaining an understanding of the control
environment, the auditor should concentrate on the implementation of control environment elements. The risk
assessment standards do not change the elements that comprise the control environment, but they place more
emphasis on corroborating management's and employees' responses to inquiries through observation or inspec
tion. For example, through inquiries of management and employees, the auditor obtains an understanding of
management's commitment to ethical values and competence. The auditor should follow through with observation
of the behavior and attitude demonstrated by management in managing the organization.
The Audit Guide, Paragraph 2.58, specifically notes the importance of obtaining an understanding of the following
characteristics of a nonprofit organization's control environment:
The governing board, including its role, the frequency of its meetings, the qualifications of the members
and their involvement in the organization's activities.
Management, including its role and its qualifications.
The organizational structure.
A nonprofit organization's control environment is a significant factor when considering the risks of material mis
statement due to fraud. In a nonprofit organization, the integrity of management will often play a significant role in
establishing a strong control environment. For example, although a small nonprofit organization might not have a
written code of conduct, it might still have a culture that emphasizes the importance of integrity and ethical
behavior. That culture will be instilled through the visibility and direct involvement of management. Similarly, human
71

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

resource policies may not be formally documented as they would in a larger entity. Even so, policies and practices
can still exist and be communicated orally. While formal documentation may be preferable and may be required for
entities receiving federal awards, it is not always necessary for a policy to be in place and operating effectively. This
is emphasized in a nonauthoritative AICPA Technical Practice Aid, Obtaining an Understanding of the Control
Environment, (TIS 8200.08). TIS 8200.08 notes that if an auditor decides to rely on these controls (whether
documented or not), they are required to test the controls.
Considering Management Control Consciousness. Management has to take the lead in creating an atmosphere
of control consciousness. If management has a high regard for maintaining reliable accounting records and
adhering to established policies and procedures, then employees are likely to be more conscientious in performing
their duties. Similarly, if management's attitude is cavalier and conveys a disregard for sound practices, then
employees are likely to be careless in discharging their responsibilities. In extreme cases of lack of control
consciousness, accounting records may be so undependable that the organization is unauditable. The control
consciousness of management can have an important influence on the extent of detailed testing of the accounting
records that is necessary.
Impact of the Control Environment in Assessing Risk. The existence of a satisfactory control environment, or the
lack of such an environment, is an important factor in assessing the risks of material misstatement at the financial
statement level. For this purpose, the auditor should concentrate on the collective effect of the strengths and
weaknesses in the various control environment elements on the risks of material misstatement. This assessment
usually affects decisions and judgments made in establishing the overall audit strategy. For example, weaknesses
in the control environment might cause the auditor to perform more substantive procedures as of the statement of
financial position date rather than at an interim date or to use only substantive procedures in more audit areas. Also,
while a strong control environment may not completely eliminate the risk of fraud due to the limitations of internal
control, it may help reduce the risks of fraud.
The auditor should normally obtain an understanding of the control environment prior to other components of
internal control. The reason for this is fairly straightforward the strengths or weaknesses in the control environ
ment (an entitylevel control) normally have a permeating effect on the remainder of the control components. For
example, if management demonstrates a poor attitude toward the need for a strong accounting and reporting
function, the chances of the nonprofit organization having robust risk assessment, information and communication,
monitoring, and control activities are significantly reduced.
Due to the role of the control environment, the auditor's understanding of this area may influence how the auditor
approaches obtaining an understanding of other areas of internal control, as well as the ultimate assessment of risk
at the overall financial statement level.
Risk Assessment
Risk assessment is the process of setting objectives; prioritizing and linking those objectives; and identifying,
analyzing, and managing risks relevant to achieving those objectives. With respect to the objective of reliable
financial reporting, the entitys risk assessment process involves the identification, analysis, and management of
the risks of material misstatement of the financial statements. An entity's risk assessment process includes the
following elements:
Financial reporting objectives.
Management of financial reporting risks.
Consideration of fraud risk.
The auditor should obtain sufficient knowledge of management's risk assessment process as a result of applying
risk assessment procedures to understand how management considers risks relevant to reliable financial reporting
objectives and decides about actions to address those risks. In some cases there will be a formal risk assessment
process, but a formal process is not essential. The auditor should focus on the following issues:
a. How does management identify operating risks relevant to financial reporting?
b. How does management estimate the significance of the risks?
72

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

c. How does management assess the likelihood of their occurrence?
d. How does management decide on actions to manage the risks?
The auditor should concentrate on the effectiveness of management's efforts to identify and deal with the risks of
material misstatements in financial reporting. The auditor considers both (a) the aspects of the entity's risk
assessment process that enable management to identify, analyze, and address operating risks and (b) any
difficulties in identifying and addressing those risks.
Risks relevant to material misstatements in financial reporting include internal and external events and circum
stances that adversely affect an entity's ability to appropriately initiate, authorize, record, process, and report
financial data. Risks are affected by events and circumstances such as the following:
a. Changes in operations.
b. New personnel.
c. New or revised information systems.
d. Rapid growth.
e. New technology.
f. Restructurings.
g. New accounting pronouncements.
Note that risk assessment as defined in SAS No. 109 is not the same as an auditor's consideration of audit risk
(inherent risk, control risk, and detection risk) in a financial statement audit discussed in SAS No. 107, Audit Risk
and Materiality in Conducting an Audit. In accordance with SAS No. 107, an auditor assesses inherent and control
risks to evaluate the likelihood that the financial statements could be materially misstated. An entity's risk assess
ment, on the other hand, is the process of identifying, analyzing, and managing risks that affect the entity's
objectives. However, the authors believe management's risk assessment process, as it relates to financial report
ing, is somewhat similar to the auditor's assessment of inherent risk. That is, it involves management identifying
potential areas of misstatement in the financial statements, including misstatements due to fraud. Management
then implements control activities or takes other steps as necessary to prevent or detect such misstatements.
Auditors may be able to leverage the client's documentation when obtaining and documenting their understanding
of the client's risk assessment process. However, even when the client has adequate documentation of its risk
assessment process, the auditor still must apply risk assessment procedures to the extent deemed necessary to
confirm the understanding.
The Entity's Fraud Risk Assessment and Monitoring. All entities should be proactive in reducing fraud opportu
nities by identifying and measuring fraud risks, taking steps to mitigate identified risks, and implementing and
monitoring appropriate preventive and detective controls and other antifraud measures. However, the nature and
extent of these risk assessment and monitoring activities should be commensurate with the size and complexity of
the entity. It is important for management to understand its responsibility for establishing and monitoring the entity's
fraud risk assessment process. That process is likely to be less formal and structured in a smaller entity than in a
larger entity, but should include a sufficient degree of fraud awareness on the part of management, and appropriate
fraud risk management activities, with oversight from those charged with governance. The fraud risk assessment
and monitoring process for a typical small to midsize nonprofit organization may include:
a. Communicating to employees management's views on operating practices and ethical behavior, either
orally or by example.
b. Thoroughly investigating any incidents of alleged fraud, taking appropriate and consistent actions against
violators, assessing how relevant controls could be improved, correcting any effects on the financial
statements, and reinforcing the entity's values and expectations through appropriate communication.
73

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

c. Considering standards of ethical behavior and appropriate business practices in the entity's employee
training and evaluation procedures.
d. Identifying fraud risks and taking appropriate action to reduce or eliminate the risks.
e. Exercising appropriate oversight of the entity's fraud risk assessment and monitoring activities by means
of a board of directors or audit committee.
Control Objectives. When obtaining an understanding of internal control, many auditors consider control objec
tives during the process of identifying controls and evaluating their design and implementation. Controls are
properly designed and implemented if (a) they achieve the control objectives and (b) the entity is using them.
Exhibit 22 provides a list of control objectives for each of the risk assessment elements discussed previously.
Exhibit 22
Control Objectives Risk Assessment
Risk Assessment

Control Objectives

Financial reporting objectives.

Entity and financial reporting objectives are
established, documented, and communicated.
Accounting principles are properly applied in the
preparation of the financial statements.

Management of financial reporting risks.

Management has established practices for the
identification of risks affecting the entity.
Management considers the entire organization
as well as its extended relationships in its risk
assessment process.
Management has implemented mechanisms to
anticipate, identify, and react to changes.
Management evaluates and mitigates risk
appropriately.

Consideration of fraud risk.

Management has developed an appropriate
fraud risk assessment and monitoring process.

*

*

*

Risk Assessment Procedures and Factors to Consider. The auditor should tailor risk assessment procedures
based on factors such as the size and complexity of the entity. The authors believe, however, that in most situations,
documented evidence of the entity's risk assessment process will be minimal and the auditor will rely heavily on
inquires of management about how risks are identified and addressed. For most small and midsize nonprofit
organizations, gaining an understanding of management's risk assessment process will not be a complex process.
It will be based on experience with the client, general observations of entity operations, and discussions with
management. Specifically, if the events or circumstances noted previously have occurred, the auditor should
consider asking management about the associated risks and what actions were taken to address them. Those
inquiries may be corroborated by inquiries of accounting and other personnel, as well as by inspecting any other
supporting written evidence or by determining if risks occurred that were not identified by management, as
illustrated in the following example:

74

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Example 21:

Evaluating the entity's risk assessment process.

During the audit planning process of Big Canyon Academy, the auditor learns that a new general
ledger system was implemented during the year. When making inquiries about the entity's risk assess
ment process, the auditor asks the executive director and controller what implementation risks were
identified and how they were addressed. Management indicates that they spent weeks" planning for
the implementation. They identified the following key risks:
Posting from accounting transaction modules would not properly integrate with the new general
ledger system.
The monthly close and financial reporting processes would be interrupted due to training issues,
changes in system performance, and modification in the timing of journal entry processing and
edits.
The controller indicates that they addressed these risks by thoroughly testing the system prior to
implementation and ensuring that all staff were properly trained and understood the processing
changes required by the new system.
Later, as the auditor begins to obtain an understanding of Big Canyons' financial reporting system, one
of the general ledger supervisors complains that the new system does not provide a history of general
ledger transactions prior to the implementation date and that some historical information can no longer
be obtained since the old system was decommissioned immediately after the implementation. The
auditor considers such facts when evaluating the overall effectiveness of the entity's risk assessment
process.

75

Companion to PPC's Guide to Audits of Nonprofit Organizations

76

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
19. The control environment is the foundation for all other elements of internal control.
a. True
b. False
20. The organization hires new employees only after performing due diligence such as background checks and
skills assessment. Employee skills are reassessed semiannually, and employees are involved in training and
crosstraining exercises inhouse. They are also encouraged to take advantage of employermatching educa
tional assistance. What control environment element does the foregoing illustrate?
a. Management's philosophy
b. Assignment of responsibility
c. Commitment to competence
d. Human resource policies
21. Which of the following statements is correct concerning the entity's risk and risk assessment?
a. Risk assessment and consideration of audit risk are different concepts.
b. Expecting employee integrity should be sufficient to manage fraud risk.
c. Management of financial reporting risk includes only internal events.
d. Risk assessment activities should not be affected by entity complexity.
22. Which of the following is not an element of the risk assessment control objective?
a. Financial reporting objectives
b. Governance participation
c. Financial reporting risks management
d. Consideration of fraud risk

77

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
19. The control environment is the foundation for all other elements of internal control. (Page 69)
a. True [This answer is correct. The control environment sets the tone of an entity and provides
structure and discipline.]
b. False [This answer is incorrect. The control environment provides structure and discipline within the entity.]
20. The organization hires new employees only after performing due diligence such as background checks and
skills assessment. Employee skills are reassessed semiannually, and employees are involved in training and
crosstraining exercises inhouse. They are also encouraged to take advantage of employermatching educa
tional assistance. What control environment element does the foregoing illustrate? (Page 71)
a. Management's philosophy [This answer is incorrect. Management's philosophy and operating style have
more to do with business and accounting practice and philosophy than with the employees per se.]
b. Assignment of responsibility [This answer is incorrect. This is more about accountability and control than
about employee training and advancement per se.]
c. Commitment to competence [This answer is correct. The entity adequately illustrates its
commitment to competent, welltrained employees.]
d. Human resource policies [This answer is incorrect. Certain human resource policies are evident, but there
is a better answer.]
21. Which of the following statements is correct concerning the entity's risk and risk assessment? (Page 73)
a. Risk assessment and consideration of audit risk are different concepts. [This answer is correct. Risk
assessment pertains to risks that affect the entity's objectives. Consideration of audit risk pertains
to the auditor's assessment of the likelihood that the financial statements could be materially
misstated.]
b. Expecting employee integrity should be sufficient to manage fraud risk. [This answer is incorrect. Entities
should be proactive in identifying and managing fraud risk.]
c. Management of financial reporting risk includes only internal events. [This answer is incorrect. Such risks
include both internal and external events.]
d. Risk assessment activities should not be affected by entity complexity. [This answer is incorrect. The nature
and extent of such activities should vary with entity size and complexity.]
22. Which of the following is not an element of the risk assessment control objective? (Page 70)
a. Financial reporting objectives [This answer is incorrect. These objectives must be properly documented
and communicated, and accounting principles are properly applied.]
b. Governance participation [This answer is correct. This is a control environment control objective
element.]
c. Financial reporting risks management [This answer is incorrect. This pertains to management's ability and
commitment to respond to factors that could adversely impact the representational faithfulness of the
information presented in the financial statements.]
d. Consideration of fraud risk [This answer is incorrect. This pertains to management's fraud risk assessment
and monitoring process.]
78

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Information and Communication
Information refers to the financial reporting system, which includes the accounting system, and encompasses the
procedures and records established to initiate, authorize, record, process, and report the entity's transactions. It
also includes the accountability over assets, liabilities, and net assets. An information system may be computer
ized, manual, or a combination of the two depending on the size and complexity of the entity. Communication is the
process of providing an understanding of roles and responsibilities to individuals within the organization regarding
internal control over financial reporting.
The quality of information generated by the financial reporting system has significant implications for the audit
because it affects management's ability to control the entity's activities and prepare reliable financial statements.
However, auditors should not lose sight of the importance of the communication of accounting and financial
reporting roles within the net assets. Achievement of the objectives of a welldesigned financial reporting system
can easily fail if accounting personnel do not fully understand their roles and how proper performance mitigates the
risks of material misstatement. Although part of the same internal control component, the authors discuss the
information and communication processes separately in the following paragraphs.
Information. In applying the topdown" approach the evaluation of the entity's information process is divided into
two parts: (a) entitylevel considerations that affect the auditor's risk assessment at the financial statement level and
the overall audit strategy and (b) activitylevel considerations that affect the risk assessment at the account balance,
transaction class, and disclosure level. The auditor's consideration of the information process at the entity level
focuses on making an overall evaluation of the use and flow of information relevant to reliable financial reporting
rather than on obtaining an understanding of specific processes related to account balances, transaction classes,
and disclosures. For example, the auditor considers whether the client has entitylevel controls in place to effec
tively support it in identifying, capturing, and using all of the information needed to prepare reliable financial
statements, including disclosures. The auditor's understanding is at a high level but sufficiently detailed to identify
the significant accounting applications, how the computer is used in those applications, and the relative complexity
and importance of use of the computer. The auditor also should consider the qualifications of accounting personnel
and the time pressure they face. Inexperienced or harried accounting personnel make more errors. At the entity
level, the auditor evaluates whether the design and implementation of the financial reporting system has implica
tions for the assessment of risks at the financial statement level (that is, pervasive risks) or the overall audit strategy.
The risk assessment standards also impose specific requirements related to obtaining an understanding of the
financial reporting system at the account balance, transaction class, and disclosure level. That understanding often
directly provides information regarding the entity's control activities as well. Because the audit is an iterative
process, information obtained when evaluating the design and implementation of the financial reporting system at
the account balance, transaction class, and disclosure level may confirm or change the auditor's overall conclusion
about design and implementation of the information process at the entity level.
Control Objectives for Information. When obtaining an understanding of internal control, many auditors consider
control objectives during the process of identifying controls and evaluating their design and implementation.
Controls are properly designed and implemented if (a) they achieve the control objectives and (b) the entity is using
them. Exhibit 23 provides a list of entitylevel control objectives for the information process.

79

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 23
Control Objectives Information Process
Control Objectives

Internal Control Area
Information

Information is identified, captured, and used at
all levels of the entity to support the achieve
ment of financial reporting objectives.
Information relevant to financial reporting is
identified, captured, processed, and distrib
uted within the parameters established by the
entity's control processes to support the
achievement of financial reporting objectives.

*

*

*

Risk Assessment Procedures and Factors to Consider. For most small and midsize nonprofit organizations, gaining
an entitylevel understanding of the entity's information process will not be complex. It will be based on experience
with the client; general observations of how financial information is identified, captured, and used within the entity;
and discussions with management.
Communication. The auditor should obtain a sufficient understanding of how management communicates finan
cial reporting roles and responsibilities and other significant matters. The communication process includes both
internal and external elements. For example, it includes communications between management and employees,
those charged with governance, and regulatory authorities. Communication may take the form of policy manuals,
memorandums, oral or electronic communications, etc. This will depend on the size and organizational structure of
the entity. Auditors consider both:
The aspects of the communication process that help to ensure employees and those charged with
governance understand their jobs and responsibilities within the financial reporting system and are
encouraged to report any exceptions.
Any areas where communication does not occur.
Communication is another way that management conveys the tone at the top. Management should communicate
the information necessary for employees to perform their assigned tasks, for managers to supervise, and for
responsible parties to make key operating and financial decisions. Communication also relates to the flow of
information upstream in an entity. For upstream communication to occur, there must be open channels of commu
nication and a willingness on the part of management to deal with problems. For control activities to be effective,
individuals should be able to report exceptions or fraud to the appropriate levels of management.
When considering whether an entity has communication controls in place, auditors consider whether management
has clearly communicated the following:
That internal control responsibilities are a critical part of employee job duties.
The role and responsibilities that each employee has in the internal control system.
That unexpected events should be investigated, including determining the cause of the event.
How job activities relate to the work of others.
That communication from employees to management regarding problems, controls, potential fraud, or
other issues is welcomed and expected. One way management might encourage such communication is
80

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

to establish a fraud hotline so that employees can report unethical behavior or fraud suspicions without fear
of retribution or exposure. In addition to serving as a fraud detection mechanism, the very existence of a
fraud hotline can serve as a deterrent to misconduct by creating among employees a perception that fraud
will be detected and reported. It also demonstrates management's serious intent to prevent and detect
fraud.
That, should an employee feel that taking an issue through the normal upstream communication methods
would not be effective, alternative channels of communication are available (such as a direct
communication to senior management).
Control Objectives for Communication. When obtaining an understanding of internal control, many auditors
consider control objectives during the process of identifying controls and evaluating their design and implementa
tion. Controls are properly designed and implemented if (a) they achieve the control objectives and (b) the entity is
using them. Exhibit 24 provides a list of control objectives for the communication process.
Exhibit 24
Control Objectives Communication Process
Internal Control Area

Control Objectives

Communication

Communication exists between management
and those charged with governance so that
both have relevant information to fulfill their
roles with respect to governance and to finan
cial reporting objectives.
All personnel, particularly those in roles affect
ing financial reporting, receive a clear message
from top management that both internal con
trol over financial reporting and individual
control responsibilities must be taken seri
ously.
Personnel have an effective and nonretributive
method to communicate significant informa
tion upstream in the entity.

*

*

*

Risk Assessment Procedures and Factors to Consider. Communication may be written, electronic, oral, or through
the direct actions and involvement of management. As a result, auditors often use a combination of risk assessment
procedures to understand the communication process. In addition to inquiries of management, the auditor may
consider the following types of procedures to corroborate management's responses and determine if the commu
nication process as designed has been implemented:
Inquire of employees regarding the communication that they have received regarding their duties and
management's expectations as they relate to financial reporting.
Review policy and procedures manuals or similar documents that have been provided to employees
regarding their duties.
Review for the existence of training materials or programs on job functions and responsibilities.
Discuss with human resources personnel the evaluation process and how job knowledge and the
performance of responsibilities are incorporated into personnel reviews.
81

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Inquire of the audit committee and review minutes of meetings regarding the communication between
management and others charged with governance.
Inquire of employees regarding how upstream financial communication is received and implemented by
management.
Review whistleblower policies and inspect documentation regarding reported instances of suspected
financial improprieties.
Inquire and review related documentation of how communication from external parties is processed.
Gaining an understanding of the client's communication processes should not be a complex process for auditors.
The auditor does not need to spend much time reviewing client accounting manuals, policies, or memoranda.
Ordinarily, the auditor can gain this understanding based on his or her experience with the client, general observa
tions of organization operations, and discussions with management.
Monitoring
Monitoring is a process by which an entity assesses the quality of its internal control over time. Monitoring involves
assessing the design and operation of controls on a timely basis, capturing and reporting identified control
deficiencies, and taking actions as necessary. Monitoring activities can also reveal evidence or symptoms of fraud.
Effective monitoring ensures that internal controls are modified as changes in conditions occur in the organization.
As a result, poor monitoring controls can allow error or fraud to remain undetected. The elements of an entity's
monitoring process include (a) ongoing internal evaluation and (b) reporting of internal control deficiencies. The
control objective for monitoring can be described as follows:
Management monitors controls over financial reporting through ongoing monitoring, indepen
dent evaluations, and remediation of identified deficiencies.
Monitoring can be accomplished through ongoing activities, separate evaluations, or a combination of the two.
Ongoing monitoring includes management and supervisory activities and other actions that personnel take in
performing their duties, such as performing comparisons, reconciliations, and other routine activities. For example,
management may question reports that differ significantly from his or her knowledge of operations. Because these
activities are performed in the normal course of business, ongoing monitoring procedures usually adapt to
changing conditions and may be timely in detecting problems. Separate evaluations may involve any aspect of the
entity's system of internal control such as management's review of a component (e.g., the control environment), an
element within a component, or the control activities associated with a specific class of transactions or processing
function. Regardless of the manner in which monitoring is accomplished, identified deficiencies should be reported
to the individuals responsible for taking corrective action and to management and those charged with governance,
as appropriate.
The auditor should obtain an understanding of the major types of activities that management uses to monitor
internal control over financial reporting. The auditor's understanding should include the sources of information
related to monitoring and the basis on which management considers information to be sufficiently reliable for that
purpose. The auditor considers both (a) the aspects of the monitoring process that enable management to
appropriately identify and correct control procedures that are not operating as intended and (b) any circumstances
that indicate management has failed to appropriately identify and correct such deficiencies.
Monitoring can be virtually any activity that ensures that controls are operating as intended and continue to be
properly designed. Monitoring may include activities such as the following:
Review of whether bank reconciliations are prepared on a timely basis.
Review of contributor complaints.
Review of a reporting system that tracks timely followup on promises to give.
82

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Analysis of reported disbursement errors.
Legal department review of compliance with donor restrictions.
Frequently, a key difference between nonprofit organizations and forprofit entities is the active involvement of the
governing board in the daytoday activities of the nonprofit organization. When the governing board provides
significant oversight, it can help mitigate the risk of fraudulent financial reporting and possibly detect misappropri
ation of assets. However, nonprofit organizations frequently have turnover in their governing boards. Thus, the
auditor must continuously assess the impact that the governing board has on the nonprofit organization's internal
control.
Risk Assessment Procedures and Factors to Consider. An understanding of an entity's monitoring activities
may be obtained through the performance of risk assessment procedures such as direct inquiries of management,
review of entity policies and procedures manuals to determine monitoring functions, or procedures performed to
obtain an understanding of other components of the entity's internal control system. For example, when performing
a walkthrough of the cash receipts transaction processing system, upon inspection of the monthly bank reconcilia
tion, the auditor notices the reconciliation has been initialed. Upon inquiry of the bookkeeper, the auditor learns that
the initials were placed there by the manager to evidence his or her review of the reconciliation process. In this way,
the auditor obtains an understanding of both the design of the monitoring controls as well as their implementation.
For audits of small and midsize nonprofit organizations, the auditor should not have to spend a great deal of time
gaining an understanding of the client's monitoring process. Normally, the auditor can gain this understanding
based on his or her experience with the client, general observations of organization operations, and discussions
with management.
Consideration of Internal Audit Function. One method some entities use to monitor internal control is through
separate evaluations by internal auditors. Most small and midsize nonprofit organizations do not have internal
auditors. However, if there is a designated internal audit function, the auditor should obtain an understanding of that
function during audit planning. SAS Nos. 65 and 99 provide requirements for inquiries related to the internal audit
function.

UNDERSTANDING ACTIVITYLEVEL CONTROLS
The authors refer to the internal control component of control activities, along with the detailed aspects of the
financial reporting system, as activitylevel" controls. Activitylevel controls and processes operate at the assertion
level rather than at the overall financial statement level. Activitylevel controls are directly related to initiating,
authorizing, recording, processing, and reporting the entity's transactions. Consequently, the understanding of
activitylevel controls directly supports the auditor's risk assessment at the relevant assertion level for account
balances, transaction classes, and disclosures.
The auditor ordinarily obtains an understanding of entitylevel controls first because those controls have a perva
sive effect on the entity's financial statements. Also, the auditor generally accumulates a significant amount of
knowledge about activitylevel controls through the understanding of entitylevel controls. After obtaining an
understanding of entitylevel controls, the auditor focuses on obtaining an understanding of the financial reporting
system, which is part of the information and communication component of internal control. Obtaining an under
standing about how the entity initiates, authorizes, records, processes, and reports transactions through the
financial reporting system typically also provides a significant amount of information about control activities.
Controls throughout the system may be either manual or automated and may be significantly affected by IT.
Therefore, the auditor should also obtain an understanding of the entity's IT environment and general computer
controls. After obtaining an understanding of those aspects of transaction processing, the auditor considers
whether it is necessary to devote additional attention to obtaining an understanding of control activities.
This section discusses the understanding of the financial reporting system along with the risk assessment proce
dures auditors use to obtain that understanding. This section also discusses the understanding of the IT environ
ment and general computer controls since the auditor's consideration of IT often occurs as part of understanding
the financial reporting system, which includes how IT is used in various processes and applications. Finally, this
83

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

section discusses when it might be necessary to obtain an additional understanding of control activities. Through
out the process of obtaining an understanding of activitylevel controls, the auditor should be aware of the
requirements to:
Obtain an understanding of controls related to significant or fraud risks.
Obtain an understanding of controls related to risks for which substantive procedures alone are not
adequate.
Understand the effects of IT on the entity's control activities.
Financial Reporting System
The financial reporting system is part of the information and communication component of internal control. The
financial reporting system includes the accounting system and encompasses the procedures and records estab
lished to initiate, authorize, record, process, and report the entity's transactions. It also includes the accountability
over assets, liabilities, and net assets. Auditors are typically very familiar with the process of understanding the
financial reporting system. When obtaining an understanding of the entity's internal control, auditors often spend
most of their time in this area since it provides the auditor with other key information needed for the audit. For
example, the understanding of the financial reporting system contributes to the auditor's ability to design and
conduct efficient and effective substantive procedures because the auditor gains knowledge of the types, sources,
and locations of documents and other evidence and the individuals responsible for processing them.
During the process of obtaining an understanding about the financial reporting system, auditors typically gain
some knowledge about various monitoring controls or control activities that relate to the processing of transactions
and the financial reporting process. In other words, as the auditor learns about how transactions flow through the
accounting system and how those transactions are reported in the financial statements, a byproduct of that
knowledge is an understanding of how management monitors internal control and how certain control activities are
applied to achieve accuracy, completeness, cutoff, and other relevant assertions. As a result, many auditors find
that it is efficient to gain an understanding of the financial reporting system, internal control monitoring, and control
activities components of internal control at the same time. In fact, after the auditor obtains an understanding of the
control environment, risk assessment, information and communication, and monitoring, it may not be necessary to
devote additional attention to obtaining an understanding of control activities.
The auditor should obtain sufficient knowledge of the financial reporting system, including related business
processes, as a result of applying risk assessment procedures to understand the following:
Classes of Transactions. The classes of transactions in the entity's operations that are significant to the
financial statements.
Accounting Procedures. The procedures, within both automated and manual systems, by which those
transactions are initiated, authorized, recorded, processed, and reported in the financial statements.
Accounting Records. The related accounting records, whether electronic or manual, supporting
information, and specific accounts in the financial statements involved in initiating, authorizing, recording,
processing, and reporting transactions.
Other Events and Conditions. The methods used to capture events and conditions, other than classes of
transactions, that are significant to the financial statements. Examples include commitments and
contingencies, concentrations, subsequent events, compliance with debt covenants, related party
transactions, going concern uncertainties, and fair values of financial instruments.
Financial Reporting Process. The financial reporting process (including the closing process) used to
prepare the entity's financial statements, including significant accounting estimates and disclosures.
A financial reporting system includes methods and records that:
Identify and record all valid transactions.
84

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Provide, on a timely basis, sufficient detailed information about transactions to permit proper classification
for financial reporting.
Allow for the recording of transactions at their proper monetary value in the financial statements.
Provide sufficient information to permit recording of transactions in the proper accounting period.
Properly present the transactions and related disclosures in the financial statements.
Essentially, auditors need to be satisfied that they have a sufficient understanding of the entity's financial reporting
system to understand how material misstatements might occur anywhere in the cycle from the occurrence of
transactions to the final presentation of the entity's financial position and changes in net assets in the financial
statements. In a simple financial reporting system, where the auditor assists with the preparation of financial
statements and disclosures, it is believed that will generally involve:
a. Identifying the entity's significant transaction classes.
b. Understanding the flow of information through the financial reporting system for significant transaction
classes.
c. Understanding the financial close and reporting process, including how information about other events and
conditions (that is, other than items included in the entity's significant transaction classes) is captured for
inclusion in the general ledger and financial statements.
d. Understanding the extent to which IT is used in the entity's financial reporting system.
The following paragraphs provide additional guidance on the first three steps in understanding the financial
reporting system. Guidance is also provided on control objectives for the financial reporting system, risk assess
ment procedures auditors might use to obtain a sufficient understanding, including walkthroughs, and documenta
tion of the auditor's understanding. The fourth step in understanding the financial reporting system, that is,
understanding the extent to which IT affects financial reporting.
Identifying Significant Transaction Classes. The auditor should identify significant classes of transactions and
obtain an understanding of the flow of information (including electronic information) through the entity's financial
reporting system for each of those classes. Significant transaction classes are those classes of transactions in the
entity's operations that are significant to the financial statements, generally because of the volume or risk character
istics of transactions processed. When selecting significant transaction classes, the auditor should focus on those
that present a reasonable possibility of material misstatement of the financial statements or disclosures, including
those that involve significant or fraud risks. Qualitative and quantitative factors such as the following should be
considered:
Volume of activity.
Size and composition of the related accounts.
Susceptibility to misstatement due to errors or fraud.
Nature of the transactions, related account balances, or disclosures.
Accounting and reporting complexities.
Exposure to losses in the related accounts.
Possibility of significant contingent liabilities arising from the activities being processed.
Existence of related party transactions.
85

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Changes from the prior period in the characteristics of the transactions, related account balances, or
disclosures.
Exhibit 25 provides examples of transaction classes for specified audit areas.
Exhibit 25
Examples of Transactions Classes for Specified Audit Areas
Financial Close and Reporting
Defining the financial closing and reporting processa
Performing the accounting period closea
Capturing and processing other nonroutine information requiring significant estimates and judgments from
managementa
Preparing and reviewing financial statement disclosuresa
Reviewing and approving the financial statementsa
Other (specify)
Cash
Processing cash receiptsa
Processing disbursementsa
Other (specify)
Investments and Derivatives
Managing investments
Managing derivatives
Assessing assets for impairment
Other (specify)
Support, Receivables, and Receipts
Processing cash contributionsa
Initially recording promises to givea
Subsequently adjusting promises to givea
Estimating the allowance for uncollectible promises to give and bad debt expense
Other (specify)
Program Service Fees, Revenue, and Receivables
Processing billingsa
Shipping and invoicing sales ordersa
Processing sales adjustments and product returns
Processing cash collectionsa
Estimating the allowance for doubtful accounts receivable and bad debt expense
Tracking accounts receivable
Maintaining the customer master file
Other (specify)
Donated Materials, Facilities, and Services
Receiving and safeguarding donated materials, facilities, and services
Valuing donated assets and services
Recording expenses related to donated materials, facilities, and services
Processing dispositions or other adjustments
Other (specify)
Expenses for Program and Supporting Services and Accounts Payable and Other Liabilities
Recording purchasesa
Processing accounts payable and accrualsa
Processing disbursementsa
86

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Maintaining the supplier master file
Other (specify)
Payroll and Related Liabilities
Processing payrolla
Maintaining the employee database master file
Other (specify)
Inventories
Recording purchases
Receiving and storing inventory
Costing inventory
Managing inventory
Estimating excess and obsolete inventory reserves
Other (specify)
Property and Equipment
Acquiring and safeguarding property and equipment
Depreciating property and equipment
Disposing of property and equipment (sales and retirements)
Maintaining the property and equipment subledger
Assessing assets for impairment
Other (specify)
Other Assets
Recording purchases of other assets
Amortizing assets
Other (specify)
Debt and Other Liabilities
Managing borrowings
Other (specify)
Net Assets
Recording net asset transactions
Other (specify)
Grant and Similar Programs
Recording grants and similar programsa
Processing program receiptsa
Processing program expendituresa
Reporting for grants and similar programsa
Other (specify)
Note:
a

For many nonprofit organization audits, this will be considered a significant transaction class.

*

*

*

Understanding the Flow of Information for Significant Transaction Classes. When understanding the flow of
information through the entity's financial reporting system for significant transaction classes, the auditor should
focus on the entity's procedures for the following aspects of transaction processing:
a. Initiating and Authorizing.
(1) How and by whom are transactions initiated and authorized?
87

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

(2) What source documents (or electronic means) are used to capture information for entry in the
accounting system?
(3) How and by whom are transactions originally entered in the accounting system for processing?
b. Recording and Processing.
(1) Is fund accounting used for internal record keeping? (If so, what fund types are used?)
(2) What are the accounting processing steps, both automated and manual, from original entry to
inclusion in the general ledger and who performs them? (Processing includes functions such as edit
and validation, calculation, measurement, valuation, summarization, and reconciliation.)
(3) What accounting records and supporting documents are used or created when processing
transactions?
(4) What subsidiary journals or ledgers are involved?
(5) How is the incorrect processing of transactions resolved?
c. Reconciling and Reporting.
(1) What procedures are used to enter transaction totals into the general ledger?
(2) What is the entity's process for reconciling account detail to the general ledger for material accounts?
(3) What management reports or other information are generated from the system and how are they used
by management or the owner/manager in managing and controlling the entity's activities?
(4) What types of financial reports are prepared and distributed to funding sources?
Throughout the process of obtaining the understanding, the auditor considers the effect of IT on the way the entity's
control activities are designed and implemented. The auditor also identifies and evaluates the controls, if any, the
entity has implemented to prevent or detect and correct material misstatements related to fraud risks or other
significant risks. And the auditor is alert for areas where controls must be tested because substantive procedures
alone will not be sufficient to address the assessed risks.
As indicated in item b(4), the auditor should obtain an understanding of how the incorrect processing of transac
tions is resolved. That is a specific requirement of the risk assessment standards. For example, some systems use
suspense accounts or files to capture failed transactions. For such situations, the auditor would understand the
procedures for suspense accounting including how such transactions are researched and cleared.
In connection with understanding significant classes of transactions, the auditor should identify the related
accounts that are material to the financial statements. As indicated in item c(2), for material accounts, the auditor
should understand the process for reconciling detail records to the general ledger. That is another specific
requirement of the risk assessment standards. For example, for the promises to give general ledger account, the
auditor should understand the process of reconciling the account to the subsidiary accounts receivable ledger.
While reconciling procedures are technically a control activity, the understanding is typically obtained when
developing a knowledge of the flow of transactions.
Understanding the Financial Close and Reporting Process. Events and conditions other than transaction
classes (that is, other than items processed through the entity's significant transaction processing systems) are
often material to the preparation of financial statements. Examples include the fair value of financial instruments,
accruals for contingencies, commitments, and related party transactions. Therefore, it is not enough for the auditor
to understand the flow of transactions through the financial reporting system for significant transaction classes. The
auditor should also understand how information about other significant events and conditions is captured. There
fore, for any accounts where material amounts enter the general ledger or financial statements from sources other
88

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

than the entity's significant transaction processing systems, the auditor needs to understand how information
about those events and conditions is captured for inclusion in the general ledger and financial statements and how
material accounts are reconciled to the general ledger. Also, for audit areas that require significant disclosure
information that is not available from the entity's general ledger or related supporting documents and records, the
auditor needs an understanding of how information for disclosures is captured for inclusion in the financial
statements. For most nonprofit organizations, the authors believe that understanding is generally obtained as part
of the financial close and reporting process.
The financial close and reporting process is particularly important to achieving reliable financial reporting. Weak
nesses in the financial reporting process can create risks of material misstatement. The auditor should obtain an
understanding of how automated and manual procedures are used to accomplish the following:
a. Develop significant accounting estimates (for example, the allowance for uncollectible promises to give,
allocation of expenses to functional categories, and measurements of noncash contributions other than
marketable securities).
b. Initiate, authorize, record, and process standard and nonstandard journal entries in the general ledger.
c. Initiate and record recurring and nonrecurring adjustments to the financial statements that are not reflected
in formal journal entries.
d. Combine and consolidate general ledger data.
e. Prepare financial statements and disclosures.
The auditor should be aware that nonstandard journal entries and other topside adjustments made directly to the
financial statements have been used in numerous instances of fraudulent financial reporting.
Control Objectives. When obtaining an understanding of internal control, many auditors consider control objec
tives during the process of identifying controls and evaluating their design and implementation. Controls are
properly designed and implemented if (a) they achieve the control objectives and (b) the entity is using them.
Risk Assessment Procedures. Risk assessment procedures that are ordinarily performed to understand the
financial reporting system include inquiries of management and others, observation of entity procedures and
controls, inspection of documents and records, and tracing transactions through the system (i.e., walkthroughs).
The nature and extent of the procedures performed are affected by factors such as the size of the entity, its
complexity, and most certainly, the number of significant transaction classes that exist within the entity.
The existence of any internal documentation that describes classes of transactions and the transaction flow in the
accounting system is a key factor that may influence the risk assessment procedures used when obtaining an
understanding of the financial reporting system. Typically, such documentation exists for larger and more complex
entities and may consist of the following:
Training manuals for employees.
Policy and procedure manuals.
Formal memoranda and flowcharts.
Internal audit analyses.
When such documentation exists, the auditor's risk assessment procedures typically include inspection and review
of this documentation, corroborated by inquires of various personnel to determine if the information is current, and
observation to verify that procedures are being followed. While the client's internal control documentation is an
excellent source for understanding and evaluating the design of the financial reporting system, risk assessment
procedures consisting of inquiry, observation, and inspection are necessary to ensure that the system has been
implemented as designed.
89

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

However, for many small entities, the range of control and daytoday involvement of management makes written
documentation of the processing systems unnecessary. For those entities the auditor often relies on inquiries of
management and accounting personnel to understand the design of the financial reporting system. The auditor
determines that the system as described has been implemented by performing observation and inspection
procedures, such as walkthroughs.
Walkthroughs. A common method of obtaining an understanding of the design and implementation of the
financial reporting system for a significant transaction class is to trace a transaction through the various processing
steps from initiation to inclusion in the general ledger and the financial statements. This is commonly referred to as
a walkthrough" or cradletograve" procedure. Walkthroughs may be used to confirm information obtained by
inquiry or from prior years' audits. Walkthroughs are also commonly used in gaining an understanding of related
control activities. The AICPA Audit and Accounting Guide, Audit Sampling, notes in paragraph 3.25 that a walkth
rough may be designed to include procedures that are also tests of the operating effectiveness of controls.
Walkthroughs of transactions usually involve document inspection, inquiry, and observation. The auditor judgmen
tally selects one or a few transactions from each of the major classes of transactions and walks those transactions
and related controls through the system from cradle to grave, that is, from initial creation of a source document to
final posting in the general ledger and inclusion in the financial statements. The auditor inspects the documents
and accounting records used in processing, talks to the personnel involved, and observes the handling of records
and related assets. At each step, the auditor does the following:
Observes the demonstration of, or reperforms, the prescribed manual and automated processing
procedure or control.
Identifies and examines the documents and IT involved.
Identifies the name and position of the person who performs the procedure or control and considers the
competence and understanding of the person performing the procedure or control.
Determines whether the procedure is performed as prescribed and on a timely basis.
Identifies the kinds of errors found by the client and the client's responses to correct them.
Determines whether the person has been asked to override the procedure or control.
Identifies exceptions to the prescribed procedure or control.
Some auditors also query individuals about the preceding or succeeding processing step or control activity as a
means of obtaining corroborating information about each step in the process.
In performing a walkthrough, the auditor should follow the transaction through all of the processing steps in the
system. A walkthrough may not be effective if a different transaction is used to test each control separately rather
than walking a single transaction through the entire process or if the auditor does not use the same documents and
IT that client personnel use.
How Often Should Walkthroughs Occur? A nonauthoritative AICPA Technical Practice Aid, Use of Walkthroughs
(TIS 8200.12) discusses how often an auditor might perform walkthroughs. The use of walkthroughs is a common
practice for obtaining an understanding of the design and implementation of the financial reporting system. The TIS
notes, therefore, that auditors might perform walkthroughs every year for significant accounting cycles. Even
though SAS No. 109 (AU 314) allows the auditor to rely on audit evidence obtained in prior periods in certain
situations, the auditor is still required to perform audit procedures to determine the continued relevance of that
evidence. In many cases, the auditor can establish this relevance through the performance of a walkthrough. Thus,
walkthroughs are ordinarily performed in each audit period for significant transaction classes.
IT Environment and General Computer Controls
IT Environment. Auditors typically learn about the client's IT environment while obtaining an understanding of the
financial reporting system. They should consider what procedures the computer performs and what data is stored
90

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

in electronic files. For example, some nonprofit organizations receive online contributions and maintain electronic
fund raising records that integrate with the accounting system.
In connection with the financial reporting system, the auditor should understand the extent to which IT is used for
significant transaction classes. Typically, the following matters relating to IT are determined:
Automated applications and the software that is used.
Whether software is internally or externally developed and if the client has access to the source code.
Use of service organizations and whether it is necessary to obtain information about a service
organization's controls. That may occur, for example, when a bank provides deposit services, data
processing bureau provides payroll services, or brokerdealer provides securities services.
Hardware, networks, and other aspects of the entity's computer system.
Also, as required by SAS No. 109, the auditor should obtain an understanding of how IT affects control activities
that are relevant to planning the audit. This typically means that when obtaining an understanding of the financial
reporting system, the auditor should obtain knowledge of relevant computer application controls.
As part of obtaining an understanding of the entity's IT environment, the auditor should consider whether the
client's use of IT is extensive and complex enough to require the involvement of an IT specialist. That determination
should be made relatively early in the planning process to assure that the necessary resources are available on a
timely basis.
General Computer Controls. The auditor is required to obtain an understanding of how IT affects control activities
that are relevant to planning the audit. SAS No. 109 (AU 314.96) further states that the auditor should consider
whether the entity has established effective controls to adequately respond to the risks that arise from IT. Such
controls not only include properly designed and implemented application controls, but the general controls upon
which those application controls depend.
General controls are policies and procedures that relate to many applications and support the effective functioning
of application controls. General controls ordinarily include controls related to:
IT strategic planning and risk management.
Data center and network operations.
Physical security and access to programs and data.
Program changes and systems acquisition and development.
General computer controls relate to all automated applications, including userdeveloped spreadsheet applica
tions.
The AICPA Risk Assessment Audit Guide (paragraph 4.63) notes that the auditor should evaluate the design of IT
general controls and determine whether they have been implemented when assessing the risks of material
misstatement. Poorly designed general controls do not by themselves cause misstatements in the financial
statements. However, deficient general controls may allow application controls to operate improperly which, in turn,
can result in material misstatements in the financial statements. SAS No. 109 (AU 314.95) indicates that general
controls should be assessed in relation to their effect on applications and data that become part of the financial
statements.
In some cases, certain general controls may not be relevant for the period under audit. For example, if the client has
an IT environment where application software is obtained from outside vendors with no modification and client
personnel do not have access to source code, general controls over the modification of software might not be
relevant. Similarly, if no new systems are implemented during the period of the financial statements, weaknesses in
91

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

the general controls over systems acquisition and development may not be relevant to the financial statements
being audited. For smaller entities that use prepackaged software and do not have access to source code, relevant
general controls ordinarily include controls over access to critical hardware, software, and data; controls over
upgrades to the entity's operating system and significant prepackaged applications; systems and data backup
and recovery procedures; and controls over the creation, use, and maintenance of critical spreadsheet applica
tions.
When obtaining an understanding of internal control, many auditors consider control objectives during the process
of identifying controls and evaluating their design and implementation. Controls are properly designed and imple
mented if (a) they achieve the control objectives and (b) the entity is using them. Exhibit 26 presents a list of control
objectives for general computer controls.
Exhibit 26
Control Objectives General Computer Controls
The entity has an IT strategic planning and risk management process in place to support its financial reporting
requirements.
The entity maintains reliable systems that include appropriate data backup and recovery processes.
Physical security and access to programs and data are appropriately controlled to prevent unauthorized use,
disclosure, modification, damage, or loss of data.
Program changes and systems acquisition and development are appropriately managed to ensure that the
application software adequately supports financial reporting objectives.

*

*

*

The auditor's risk assessment procedures to obtain an understanding of general computer controls typically
include inquiry of client personnel; inspection of systems documentation, written policies and procedures, incident
reports or logs, etc.; and observation of facilities and equipment, the operation of access controls, the performance
of backup routines, etc., to understand how general computer control objectives are achieved.
Control Activities
Control activities are the policies and procedures that help ensure that management directives are carried out. That
is, control activities are those actions that are taken to address risks that threaten the entity's ability to achieve its
objectives, one of which is reliable financial reporting. Control activities usually involve two elements: (a) a policy
that establishes what should be done and (b) the procedure that implements the policy. The auditor's understand
ing of the other components of internal control, including the control environment, risk assessment, information
and communication, and monitoring, is used in assessing the risks of material misstatement at both the financial
statement and relevant assertion levels. Certain components, such as the control environment, are more important
for developing the overall audit strategy. In contrast, control activities are important at the relevant assertion level for
detailed planning of the nature, timing, and extent of further audit procedures.
Control activities, which can be either automated or manual, are performed at various levels within the entity. The
auditor should obtain an understanding of those control activities relevant to the audit. According to SAS No. 109
(AU 314.91), control activities relevant to the audit are those for which the auditor considers it necessary to obtain
an understanding in order to assess risks of material misstatement at the assertion level and to design and perform
further audit procedures responsive to the assessed risks." This seems a bit circular, but it essentially means that
the auditor should focus on identifying and obtaining an understanding of control activities that address areas in
which the auditor considers material misstatements more likely to occur. The auditor should concentrate on
whether and how a specific control activity, individually or in combination with others, prevents, or detects and
corrects material misstatements in the classes of transactions, accounts balances, or disclosures that are signifi
92

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

cant to the financial statements. Specifically, the auditor is required to understand the entity's controls related to
significant and fraud risks and also the controls related to risks for which substantive procedures alone will not be
adequate. In addition, the auditor is required by SAS No. 109 (AU 314.92) to understand how IT affects control
activities that are relevant to planning the audit.
Control activities that are relevant to the audit are policies and procedures that pertain to the following:
Performance Reviews. Comparisons of current financial reports to other information.
Information Processing. Control activities that are performed to check the accuracy, completeness, and
authorization of transactions. For information processing systems, there are two broad categories of
control activities application controls and general controls. General controls are discussed beginning in
paragraph.
Physical Controls. Controls that pertain to the physical security of assets, including adequate safeguards
that limit access to assets, authorization safeguards for access to computer programs and files, and
periodic counting and comparison of assets to control records.
Segregation of Duties. The assignment of different people to authorize transactions, record transactions,
and maintain custody of assets.
Asset Accountability. Controls relating to reconciliations of the detailed records to the general ledger.
Control policies may be communicated either orally or in writing. This depends to a great extent on the size of the
organization and the channels of communication within the entity. Also critical to control activities are the followup
actions taken in response to identified discrepancies (for example, investigation by management of unexpected
variances noted while comparing actual contributions to budgeted contributions). The risk assessment standards
specifically require the auditor to obtain an understanding of how the incorrect processing of transaction is
resolved. The risk assessment standards also specifically require the auditor to obtain an understanding of the
process of reconciling detail to the general ledger for material accounts.
The risk assessment standards carry forward the notions from prior standards that an audit of financial statements
does not require an understanding of all control activities related to each class of transactions, account balance,
and disclosure or to every relevant assertion, and that the auditor should first consider the knowledge about control
activities obtained from the understanding of the other components of internal control before devoting additional
attention to obtaining an understanding of control activities. (SAS No. 109, AU 314.90)
The Audit Guide, Paragraph 2.58, addresses some areas concerning internal control that are unique to nonprofit
organizations. The Audit Guide notes that the auditor should obtain an understanding of how the nonprofit
organization:
Identifies, accepts, and evaluates donorrestricted contributions.
Values and records promises to give.
Values and records contributions of noncash assets (such as donated goods, services, utilities, facilities
and use of longlived assets).
Monitors compliance with donor restrictions and board designations.
Meets thirdparty reporting requirements (such as reporting to donors, grantors, contractors, and
regulators).
Meets accounting presentation and disclosure requirements, including those related to functional and
natural expense recording and allocation of joint cost.
Identifies and accounts for new programs.
93

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

These matters are affected particularly by control activities, but might also involve other components of internal
control.
Obtaining an Understanding of Control Activities. As indicated previously, the auditor should first consider
knowledge about control activities obtained through the understanding of other components of internal control,
including the financial reporting system, before investing additional efforts. Generally, the auditor accumulates a
significant amount of knowledge about control activities through the process of obtaining an understanding of the
other components. Exhibit 27 illustrates situations where an auditor might learn of control activities when obtaining
an understanding of other components.
Exhibit 27
Examples of Control Activities Identified through Other Components
Control Component

Example of Control Activity Identified

Control Environment

When obtaining an understanding of management's
philosophy and operating style regarding internal controls,
the auditor learns of control activities relating to significant
estimates which the auditor had identified as a risk area.
When obtaining an understanding of the control environ
ment, the auditor learns about the assignment of authority
and responsibility, including whether there is a basic
segregation of duties related to assets subject to misap
propriation, such as cash, and whether there are effective
reconciliation procedures that systematically compare
assets with the accounting records.

Risk Assessment Process

Management has identified and assessed inventory theft
risks associated with a new product line with a high cost per
unit that was introduced during the year. Management
describes the control activities that were developed to
safeguard inventory in response to this risk.

Monitoring

When responding to monitoring queries, management
describes how the controller reviews sensitive valuation
procedures relating to the valuation of promises to give
noncash assets.

Information and Communication
(including the Financial Reporting
System)

When performing the walkthrough of the billing process, the
auditor learns of a review activity by the revenue accounting
manager to ensure that components of complex contract
billings are properly recognized or deferred based on
relevant accounting standards.
When obtaining an understanding of the accounting
processing and records for cash, the auditor learns about
the client's process for reconciling bank accounts.

*

*

*

The auditor may also learn of control activities while performing risk assessment procedures to obtain the under
standing of the entity and its environment. Most frequently, however, the auditor learns of control activities while
obtaining an understanding of the financial reporting system. A natural byproduct of the understanding of how
transactions are initiated, authorized, processed and recorded is knowledge of how control activities ensure that
relevant assertions are achieved.
When is an Additional Understanding of Control Activities Necessary? The risk assessment standards do not
require an understanding of all of the control activities related to each class of transactions, account balance, and
94

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

disclosure in the financial statements or to every assertion. The auditor's emphasis under professional standards is
on understanding control activities that allow the auditor to assess risks of material misstatement at the relevant
assertion level and to design and perform further audit procedures that are responsive to those risks. Thus, after
considering the control activities previously identified, the auditor should evaluate whether a sufficient understand
ing of control activities has been obtained for those areas where the auditor considers material misstatements more
likely to occur. The auditor may need to devote additional attention to obtaining an understanding of control
activities in certain circumstances. For example, it is necessary to obtain an additional understanding if:
The auditor does not understand what controls, if any, the entity has implemented to prevent or detect and
correct material misstatements in specific assertions related to fraud risks or other significant risks.
The auditor plans or is required to test controls for one or more assertions but has not identified which
controls to test (that is, which manual or automated controls are most likely to prevent or detect and correct
material misstatements in that assertion).
Thus, even if the auditor concludes additional attention to control activities is necessary, the auditor can focus on
controls related to specific transactions, account balances, or assertions. The practical implication of this selective
approach is that it is not necessary to complete an internal control questionnaire or prepare additional documenta
tion to describe the control activities for all material account balances and transaction classes. The auditor may
identify key balances, classes, or assertions and conclude that a further understanding of control activities is
necessary only for those selected areas (such as completeness of cash contributions). Control activities that are
particularly important to a nonprofit organization are explained in the following paragraphs.
Control Activities for Contributions. If a nonprofit organization collects cash contributions, it will ordinarily be
necessary for the auditor to obtain an understanding of the relevant control activities (including controls to prevent,
deter, and detect fraud). Cash contributions include both cash received in the mail and cash received in direct
contact solicitations, but it is generally more difficult to establish effective controls over direct contact solicitation
such as doortodoor solicitation and street solicitation. The auditor's objective in auditing cash contributions is to
achieve reasonable assurance that such contributions are recorded correctly as to account, amount, and period.
Generally, the auditor's primary concern is the completeness of recorded cash contributions. Unless the nonprofit
organization has effective controls in this area, it is unlikely that the auditor will be able to design substantive tests
to provide the necessary assurance.
The Audit Guide, Paragraph 5.84, makes the following observation with respect to accounting systems and
controls for contributions:
In order to have an effective system of internal control, a notforprofit organization that receives
significant amounts of contributions should have an internal control system, that provide effective
controls to assure that all contributions received are recorded and that suitable collection efforts
are pursued for unconditional promises to give. The internal control system also should provide
effective controls to ensure that revenues arising from conditional promises to give are
recognized when the conditions have been substantially met and that restrictions on
contributions are recognized in the appropriate net asset class.
Control Activities for Governmental Financial Assistance Programs. If the nonprofit organization receives a
material amount of financial assistance from federal, state, or local government agencies, it is usually efficient and
effective to obtain a more detailed understanding of control activities and test controls in areas relevant to the
governmental assistance programs. The audit requirements of governmental grantor agencies often require
reports on internal control and compliance with laws and regulations. These requirements, plus the inherent
relation between the effectiveness of internal control and the likelihood of noncompliance with laws and regulations
that would have a material effect on the financial statements, necessitate greater attention to control procedures in
this area.
Control Activities for Other Areas. The need to obtain an understanding of control activities to design effective
substantive tests can vary considerably with the circumstances. Payroll is often a key audit area because a
substantial portion of the operating expenses of a nonprofit organization may be attributable to payroll. However,
the auditor may sometimes plan effective substantive tests without a detailed knowledge of payrollrelated control
95

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

activities. If employee turnover is high because there are many new programs or program changes, there is an
increased need to obtain a greater understanding of control activities related to payroll.

96

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
23. Relevant to information and communication, information refers to providing understanding of roles and respon
sibilities to individuals in the entity.
a. True
b. False
24. Which of the following is correct concerning monitoring?
a. Monitoring ensures that internal control is an adaptive process.
b. Monitoring must be accomplished through ongoing activities.
c. Understanding the client's monitoring process requires substantial time.
d. Risk assessment procedures are not helpful to understanding these activities.
25. The level of governing board involvement in daytoday activities is frequently a key difference between forprofit
and nonprofit entities.
a. True
b. False
26. In understanding the effect of IT, which is not one of the matters typically determined by the auditor?
a. The software used
b. The software and hardware vendor
c. Whether the client has access to source code
d. The hardware used
27. Which of the following statements is correct concerning control activities?
a. Control activities involve automated processes only.
b. Performance reviews are controls performed to check transactional accuracy.
c. Control activities relate to the relevant assertion level.
d. Physical controls pertain to asset accountability.
28. Control policies must be communicated in writing.
a. True
b. False

97

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
23. Relevant to information and communication, information refers to providing understanding of roles and respon
sibilities to individuals in the entity. (Page 79)
a. True [This answer is incorrect. Communication refers to providing understanding of roles and
responsibilities to individuals in the entity related to internal control over financial reporting.]
b. False [This answer is correct. Information refers to the financial reporting system, which includes
the accounting system.]
24. Which of the following is correct concerning monitoring? (Page 82)
a. Monitoring ensures that internal control is an adaptive process. [This answer is correct. Internal
controls must be monitored for effectiveness, and changed to respond to changing conditions.]
b. Monitoring must be accomplished through ongoing activities. [This answer is incorrect. Monitoring may
also be accomplished by separate evaluations.]
c. Understanding the client's monitoring process requires substantial time [This answer in incorrect. The
amount of time spent varies with the size and complexity of the organization.]
d. Risk assessment procedures are not helpful to understanding these activities. [This answer is incorrect.
Inquiry and observation can help the auditor understand entity monitoring activities.]
25. The level of governing board involvement in daytoday activities is frequently a key difference between forprofit
and nonprofit entities. (Page 83)
a. True [This answer is correct. Active boards can help mitigate fraud, but frequent turnovers can limit
that effectiveness.]
b. False [This answer is incorrect. The auditor must constantly assess the governing board's impact on the
nonprofit entity's internal control.]
26. In understanding the effect of IT, which is not one of the matters typically determined by the auditor? (Page 91)
a. The software used [This answer is incorrect. Automated applications and the software used are among
the matters typically determined by the auditor.]
b. The software and hardware vendor [This answer is correct. Typically, the auditor determines the
automated applications and software used, aspects of the computer system such as hardware and
networks, etc.]
c. Whether the client has access to source code [This answer is incorrect. The auditor should determine
whether the software was developed internally or externally, and whether the client has access to the
source code.]
d. The hardware used [This answer is incorrect. The auditor typically should determine aspects of the
computer system such as hardware and networks.]

98

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

27. Which of the following statements is correct concerning control activities? (Page 92)
a. Control activities involve automated processes only. [This answer is incorrect. Control activities also
involve manual processes.]
b. Performance reviews are controls performed to check transactional accuracy. [This answer is incorrect.
Performance reviews are comparisons between current financials and other information.]
c. Control activities relate to the relevant assertion level. [This answer is correct. This is in contrast
to the control environment which relates to the overall audit strategy.]
d. Physical controls pertain to asset accountability. [This answer is incorrect. Physical controls pertain to the
physical security of assets. Asset accountability pertains to reconciliation of subledgers to the general
ledger.]
28. Control policies must be communicated in writing. (Page 93)
a. True [This answer is incorrect. They may also be communicated orally.]
b. False [This answer is correct. Control policies may be communicated either in written or oral form.
The decision of which format to use may depend on the size of the entity and the channels of
communication available.]

99

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

IMPORTANT PLANNING DECISIONS AND JUDGMENTS
The information the auditor obtains about the entity and its environment by performing risk assessment procedures
is used to make several important planning decisions and judgments. The primary planning decisions and
judgments based on this information are as follows:
a. The materiality level for the financial statements taken as a whole (preliminary planning materiality).
b. Materiality for particular items of lesser amounts than planning materiality.
c. The risks of material misstatement at the financial statement level.
d. The overall audit strategy (a collective group of judgments about the audit approach, including overall
responses to risks).
e. Tolerable misstatement at the individual class of transactions, account balance, or disclosure level.
f. Risks of material misstatement at the relevant assertion level related to classes of transactions, account
balances, and disclosures.
g. The specific nature, timing, and extent of further audit procedures.
The audit planning process is iterative and continuous. Some risk assessment procedures are performed to
consider audit risk and materiality at the financial statement level and the judgments about those matters in turn
affect the considerations at the relevant assertion level for account balances, transaction classes, and disclosures.
Determining Materiality at the Financial Statement Level
According to SAS No. 107, Audit Risk and Materiality (AU 312.27), the auditor should determine a materiality level
for the financial statements taken as a whole when establishing the overall strategy for the audit. The preliminary
judgment about materiality at the financial statement level is generally referred to as planning materiality. SAS No.
107 (AU 312.69) states that the auditor should document the levels of materiality, including any changes thereto,
used in the audit and the basis on which those levels were determined. The need to establish planning materiality
is directly related to the auditor's objective of obtaining reasonable assurance of detecting misstatements that the
auditor believes could be large enough, individually or in the aggregate, to be quantitatively material to the financial
statements. According to SAS No. 107 (AU 312.36), the auditor should be alert for misstatements that could be
qualitatively material, but it ordinarily is not practical to design audit procedures to detect them.
Quantifying Planning Materiality. Materiality is determined based on the auditor's understanding of the needs
and expectations of users of financial statements, but this is a conceptual view. In other words, the auditor
considers the needs and expectations of hypothetical general users and does not survey the actual users. The
conceptual touchstone for determining materiality is the following definition from FASB Statement of Financial
Accounting Concepts No. 2, Qualitative Characteristics of Accounting Information:
The magnitude of an omission or misstatement of accounting information that, in light of
surrounding circumstances, makes it probable that the judgment of a reasonable person relying
on the information would have been changed or influenced by the omission or misstatement.
The reference to in light of surrounding circumstances" in that definition recognizes that both quantitative and
qualitative factors influence materiality judgments. As previously mentioned, however, in determining planning
materiality the focus is generally on quantitative factors. For this reason, auditors have historically used some
common rules of thumb in establishing planning materiality.

100

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

These rules of thumb generally apply a percentage to a benchmark amount from the financial statements. SAS No.
107 (AU 312.28) acknowledges the appropriateness of this approach and suggests the following factors to
consider in selecting a benchmark:
Elements of financial statements (for example, assets, liabilities, net assets, support, revenue, and
expenses) and GAAP financial statement measures (for example, financial position, financial performance,
and cash flows).
Nature of the entity and the sector in which it operates.
Size of the entity and the way it is financed.
Focus of users' attention for the particular entity on particular financial statement items (for example, for
nonprofit organizations, users have tended to focus more on total support and revenues than net assets).
In addition, many nonprofit organizations must consider the needs of their funders (grantors and donors)
when preparing financial statements.
SAS No. 107 (AU 312.28) provides the following examples of benchmarks that might be appropriate depending on
the nature and circumstances of the entity:
Total revenue.
Gross profit.
Profit from continuing operations before tax.
Other categories of reported income.
Net assets.
The appropriate benchmark and the related percentage applied to it can vary with the circumstances.
Desirability of a Single Benchmark. The desirability of a single benchmark arises from the practical requirements
of audit planning. To understand the use of materiality in planning, it is helpful to contrast planning with evaluation.
When the auditor is evaluating the materiality of misstatements at the conclusion of the audit, different materiality
levels may be used for different financial statements. In planning, the auditor does not know in advance whether the
misstatements that will be detected by a particular audit test will affect the statement of financial position only, the
statement of activities only, or both statements. Thus, using several levels of materiality is impractical in planning.
Also, the auditor should use a specific amount in making decisions about the scope of a test, for example, examine
all cash disbursements in the subsequent period or all additions to property above a specific dollar amount. A
range is not useful for making scope decisions but may be helpful in evaluation, for example, deciding that in
particular circumstances an error over $10,000 is material, an error under $5,000 is immaterial, and an error
between $5,000 and $10,000 may be material. That type of guide can be useful in evaluation, but it does not work
well in planning. The auditor needs to decide whether an audit test must be extensive enough to detect misstate
ments over $5,000 or over $10,000. A range is not useful for this purpose.
Benchmarks. Conceptually, materiality should be established based on the auditor's understanding of users'
needs and expectations. However, the nature and size of the entity are also important factors to consider in
selecting benchmarks to establish planning materiality. For many nonprofit organizations, total assets or total
support and revenue often provides a sound benchmark. Using either total assets or total revenue as a benchmark
has the advantages of relative stability, predictability, and representativeness of entity size.
Regardless of the benchmark the auditor uses for planning the extent of audit testing, he or she should be satisfied
that the combined effects of the nature, timing, and extent of planned procedures will be adequate to provide
reasonable assurance that the financial statements are free from material misstatement, even if a different material
ity benchmark is used for evaluation of audit differences.
101

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

It is important to note that a planning materiality benchmark is used primarily to plan the extent of audit testing, but
does not purport to provide a basis for determining the adequacy of other aspects of audit planning, namely, the
nature and timing of procedures. Also, the choice of a benchmark for planning purposes does not predetermine
what will be relevant in evaluating detected misstatements at the conclusion of the audit. The auditor may use a
sizeofentity" benchmark such as assets or support and revenues to plan the scope of audit testing, but still use
a percentageofchange in net assets" benchmark for the evaluation of audit findings. Thus, if assets or support
and revenue are used to determine planning materiality, the auditor nonetheless probably would use a change in
net assets benchmark to determine materiality for evaluating audit differences affecting the statement of activities.
Government Auditing Standards Requirements. The Yellow Book, Paragraph 4.26, explains that additional material
ity considerations might apply when the audit is conducted under Government Auditing Standards. In Yellow Book
financial audits, it may be appropriate to use lower materiality levels than in a GAAS audit because of the public
accountability of governmental entities and entities receiving government funding, various legal or regulatory
requirements, and the sensitivity of government programs.
Selecting a Percentage. There are no authoritative percentage guides for materiality. SAS No. 107 contains no
guidance on selecting a percentage. Again, for intuitive reasons, many auditors believe that the materiality percent
age should be adjusted in relation to the size of an entity. They believe the percentage should be larger for a very
small entity to recognize the practical limits on the effectiveness of audit procedures, and smaller for a very large
entity to recognize the increased risks that usually accompany bigness" and the fact that a large enough absolute
amount may be considered material.
Adapting the Approach to Nonprofit Organizations. Given the variations possible in the financial statement
presentations of nonprofit organizations, what should an auditor use as the benchmark for the preliminary judg
ment about materiality? The Audit Guide, Paragraph2.16, provides a number of alternatives:
Total net assets or various net asset classes.
Changes in net assets or net asset classes.
Total revenues.
Revenues of each net asset class.
Total expenses.
Other measures, such as total unrestricted contributions, total program expenses, the ratio of program
expenses to total expenses, or the ratio of fundraising expenses to contributions.
Generally, it is believed that assets or support and revenue would be a more relevant benchmark for a nonprofit
organization than changes in net assets because most nonprofit organizations closely match revenue and
expenses and operate on small margins. However, the auditor must consider whether any adjustments should be
made to the benchmark because of the characteristics of nonprofit accounting. Experience has shown that the
approach recommended usually produces a preliminary judgment about materiality that is relevant to users,
sensible, and realistic. However, the experience supporting this approach uses financial statement amounts for
business enterprises. Certain adaptations are necessary to recognize the unique characteristics of nonprofit
accounting.
If total assets are to be used as the base, some auditors choose to reduce the amount in the financial statements
for interfund receivables, assets held on behalf of others, and any fixed assets not subject to depreciation. These
items should be removed because they cause a nonprofit organization's assets to be larger than the total assets of
a comparable business enterprise. Interfund receivables are not assets of the organization as a whole and are
required by footnote 8 to SFAS No.117 (FASB ASC 958210452) to be presented in the statement of financial
position in such a way that they are eliminated when displaying total assets of the organization. Assets held on
behalf of others do not belong to the entity (for example, amounts from agency transactions to be remitted to others
or assets held under splitinterest agreements where a thirdparty beneficiary will ultimately receive the assets).
Assets that are not being depreciated (such as capitalized collection items) overstate total assets. For convenience,
102

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

the auditor may reduce the benchmark for the entire amount of the assets not being depreciated rather than
attempting to compute the depreciation that would have otherwise been taken.
If total support and revenue is to be used as the benchmark, auditors may exclude the amount of additions for
assets not subject to depreciation (such as donated land recognized as support) for the same reason that such
assets are excluded from the total asset benchmark. When using interim financial statements prepared by the client
to calculate planning materiality, the auditor should be aware of how the organization records revenue to determine
if it is consistent with GAAP. For example, if the organization has special events revenue, the auditor should make
sure such revenue is recorded gross and not net in the interim financial statements and should consider the timing
of significant fundraising events. Consideration should also be given to adjusting interim results if significant
onetime transactions have already occurred or are expected after the interim date.
Some nonprofit organizations have large investment portfolios in relation to the entity's total assets, liabilities,
support and revenue, and expenses. Some auditors choose to remove the amount of such investments from the
total asset benchmark, and investment income from the total revenue benchmark when calculating planning
materiality, while other auditors choose not to remove the amounts. Removing such amounts from the benchmarks
will result in a lower planning materiality. The decision is based on the auditor's determination of what planning
materiality is appropriate in order to detect material misstatements for a particular audit client. The Audit Guide,
paragraphs 2.142.16 discusses planning materiality in a financial statement audit and gives examples of appropri
ate benchmarks for nonprofit organizations. Regardless of how the auditor chooses to calculate planning material
ity, the auditor should document his or her decision process.
Planning materiality judgments should be reconsidered as the audit progresses. Because the calculation made
during initial planning often uses annualized interim financial information, the base amounts in the annual audited
financial statements might differ. If the auditor becomes aware of changes that would have affected the determina
tion of planning materiality, adjustments should made. At the conclusion of the audit, the auditor should consider
whether the scope of the audit has been adequate in the circumstances. If planning materiality based on interim
amounts is too large, then audit scope might not have been sufficient. If planning materiality based on interim
amounts was too small, then the audit would be less efficient than would have been possible because the auditor
may have done more audit work than was necessary.
Determining Materiality for Particular Items of Lesser Amounts
In addition to determining a planning materiality amount for the financial statements taken as a whole, the auditor
should consider whether, in the specific circumstances of the entity, misstatements of particular items of lesser
amounts than planning materiality could be expected to influence economic decisions of users. According to SAS
No. 107 (AU 312.31), any such amounts determined represent lower materiality levels to be considered in relation
to the particular items in the financial statements" for audit planning purposes. In other words, in addition to
determining materiality at the financial statement level, the auditor should determine whether there are particular
financial statement items for which a lower planning materiality amount is appropriate based on user perceptions
of the particular items.
SAS No. 107 (AU 312.32) provides the following factors to consider and related examples in making this planning
decision:
a. Whether accounting standards, laws, or regulations affect users' expectations regarding the measurement
or disclosure of certain items (for example, related party transactions and the remuneration of management
and those charged with governance).
b. The key disclosures in relation to the industry and the environment in which the entity operates (for
example, research and development costs for a pharmaceutical company).
c. Whether attention is focused on the financial performance of a particular subsidiary or division that is
separately disclosed in the consolidating financial statements (for example, a newly acquired business).
The auditor should consider consulting with management and those charged with governance about whether there
are particular financial statement items of lesser amounts than planning materiality that users would regard as
material.
103

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Another way of looking at this requirement is that it is an exception to the general notion that planning materiality is
a primarily quantitative determination and opens the determination to a limited group of qualitative factors, but only
for particular classes of transactions, account balances, or disclosures specified by the auditor.
Certain significant audit planning issues in the nonprofit audit environment normally require determining materiality
for particular items of lesser amounts. Auditors should use their judgment and determine a lower materiality
threshold for these items. For example, if the nonprofit organization is funded by governmental grant monies,
materiality takes on a whole new focus. Spending more governmental money than is specified in the contract
probably will create a budget overrun requiring funding from other sources. Spending money for ineligible recipi
ents could require that the organization refund to the funding sources all funds spent improperly. Other examples
are loans to board members by a nonprofit organization which are prohibited by state law in some states.
Similar considerations apply to private grants made by individuals or corporations. For example, money given by
a donor for a new building or athletic field must be used for expenditures related to that activity. If the money is
designated for use in a future year, then that time restriction must be honored by the organization and reviewed by
the auditor. Some grants are really donations, with no restrictions on their usage other than the monies are to be
used for charitable purposes in accordance with IRS guidelines. On the other hand, some grants have specific
requirements in the grant document. For example, those grants may require that a certain number of people have
counseling sessions take place, or that a certain class of people be served based on economic or other specifica
tions. An auditor could conceivably find a pristine set of accounting records. Yet, if the monies in a grant were not
used as specified by the grant contract, then in reality all the money was improperly spent and should be reported
not as grant expenditure, but as a payable back to the grantor. In a number of states, a law has been violated if a
donor makes a contribution to an endowment fund and the money is diverted to operations. Pennsylvania filed
criminal charges against board members and the executive staff of a nonprofit organization that used over fifty
million dollars of endowment funds for operations.
Another reason for establishing a lower materiality amount relates to the concept that the auditor is rendering an
opinion on a client that is a taxexempt organization. If the organization has failed to operate in accordance with IRC
regulations, then the client may no longer be tax exempt. If that is the case, then the auditor could issue an
erroneous opinion because corporate income taxes, penalties, and interest could be due. In addition, the auditee
might be misleading donors by making them think they are making donations that are tax deductible, when in
reality they are not.
Another example arises when the auditor is specifically engaged to audit and express an opinion on individual
programs, components, or branches. In that case, a separate preliminary judgment about materiality should be
determined for each program, component, or branch using the total assets or total support and revenue for that
program, component, or branch.
Determining Tolerable Misstatement
The auditor must perform the audit to obtain reasonable assurance of detecting misstatements that the auditor
believes could be large enough, individually or in the aggregate, to be quantitatively material to the financial
statements. For this purpose, the auditor needs to establish a tolerable misstatement at the individual account
balance, class of transaction, or disclosure level. SAS No. 107 (AU 312.34) defines tolerable misstatement as the
maximum error in a population (for example, the class of transactions or account balance) that the auditor is willing
to accept." SAS No. 107 (AU 312.69) requires documentation of the level of tolerable misstatement, the basis on
which it was determined, and any changes thereto as the audit progresses.
Guidance on determining tolerable misstatement is provided in SAS No. 107 (AU 312.35), which indicates, the
auditor should determine one or more levels of tolerable misstatement," and such levels are normally lower than
the materiality levels." In other words, tolerable misstatement should be lower than the materiality level for the
financial statements taken as a whole. Also, for particular items in the financial statements for which a lesser amount
than financial statement materiality has been determined the tolerable misstatement should be commensurately
lower as well. Therefore, the auditor may determine and document more than one level of planning materiality and
more than one level of tolerable misstatement.

104

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

SAS No. 39, Audit Sampling (AU 350.18), as amended by SAS No. 111, provides the following additional guidance
on tolerable misstatement:
This maximum monetary misstatement that the auditor is willing to accept for the balance or class
is called tolerable misstatement for the sample. Tolerable misstatement is a planning concept and
is related to the auditor's determination of materiality for planning the financial statement audit in
such a way that tolerable misstatement, combined for all of the tests in the entire audit, does not
exceed materiality for the financial statements. This means that auditors should normally set
tolerable misstatement for a specific audit procedure at less than financial statement materiality
so that when the results of the audit procedures are aggregated, the required overall assurance
is attained.
Although this guidance appears in relation to audit sampling, it is applicable to all further audit procedures not just
those involving sampling.
A Practical Approach to Determining Tolerable Misstatement. Professional standards do not discuss how
tolerable misstatement should be calculated or any rules of thumb that have been used in practice to calculate
tolerable misstatement. SAS No. 107 (AU 312.50) explains that in evaluating audit findings, the auditor must
consider the effects, both individually and in the aggregate, of misstatements (known and likely) that are not
corrected by the entity.
This means that conceptually the combination of the (a) uncorrected known misstatement, (b) projected or
estimated misstatement from the application of audit sampling and analytical procedures, and (c) tolerable mis
statement for all account balances or transaction classes should be equal to or less than the amount the auditor
considers material to the financial statements taken as a whole. The implication is that total tolerable misstatement
could be calculated by deducting the auditor's estimate of total known and likely misstatement from planning
materiality.
At the planning stage, the auditor cannot know the amounts of known misstatements that will be detected and that
the client will not correct, or the projected or estimated misstatements that will result from the application of audit
procedures using audit sampling or analytical procedures. However, the auditor may be able to make reasonable
estimates of those amounts. In that case, the auditor could deduct the sum of those estimates from planning
materiality to calculate total tolerable misstatement. However, because of the difficulty of making these estimates,
many auditors prefer to use a rule of thumb approach that produces satisfactory results in most circumstances as
discussed in the following paragraph.
The approach suggested is to determine tolerable misstatement as a percentage of the auditor's judgment about
the amount material to the financial statements taken as a whole. The percentage used is based on the auditor's
expectation of uncorrected detected misstatements. Using this approach, a common rule of thumb is to calculate
tolerable misstatement as a fraction between 50% and 75% of materiality at the financial statement level (and
materiality for items of lesser amounts, if applicable) with the percentage being increased from 50% as the
likelihood of uncorrected detected misstatements decreases.
The 50% adjustment is based on the maximum adjustment normally made in monetary unit (MUS)probability
proportional to size (PPS) sampling applications to allow for the projected, or likely, misstatements expected in
sample results. Usually this 50% adjustment is very conservative, that is, larger sample sizes than necessary will be
used. Typically, for most entities it is believed that the larger adjustment of 75% will normally be satisfactory. When
the auditor expects a relatively large amount of known misstatements to remain uncorrected or relatively large likely
misstatements, an adjustment closer to 50% should be used.
The rule of thumb of calculating tolerable misstatement as 75% of planning materiality is appropriate when the
auditor uses MUS (PPS) sampling or an approximation of MUS (PPS) sampling for all audit sampling applications.
The approach to audit sampling recommended is an approximation of MUS (PPS) sampling. With this approach,
the same amount of tolerable misstatement can be used in all sampling applications. This is possible because MUS
(PPS) sampling views the financial statements taken as a whole as a pool of dollars. The tolerable misstatement for
the financial statements is applicable to all the account balances and transaction classes included within the
105

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

financial statements. The materiality worksheet calculates tolerable misstatement as 75% of planning materiality.
This amount can also be used to compute individually significant items.
When the auditor uses a statistical sampling approach to substantive tests other than either MUS (PPS) sampling
or a nonstatistical approximation of MUS (PPS) sampling, another approach to computing tolerable misstatement
should be used. This approach is explained in articles and books on use of variables sampling in auditing and is not
discussed here. However, the auditor should be aware that when using statistical sampling for variables, the
planning materiality amount needs to be allocated to sampling applications for specific account balances or
transaction classes. This allocation process is necessary only when classical variables sampling is used.
Caution on Use of Planning Materiality for Evaluation. It is critically important to recognize that the planning
materiality amount calculated using the worksheet is the combined amount of misstatement. During the audit, an
auditor may detect some misstatements in an account balance and may need to decide whether to apply additional
procedures. In these circumstances, the auditor should not compare the potential misstatement to planning
materiality or to tolerable misstatement. The appropriate comparison for this purpose is to the calculated individu
ally significant amount.
Relating Planning Materiality and Tolerable Misstatement to Accounts and Transactions
The scope of audit procedures for specific account balances and transaction classes should be related to the
amount the auditor considers material to the financial statements. SAS No. 107 (AU 312.18) explains this point as
follows:
In determining the nature, timing, and extent of auditing procedures to be applied to a specific
account balance, class of transactions, or disclosure the auditor should design audit procedures
to obtain reasonable assurance of detecting misstatements that the auditor believes, based on
the judgment about materiality, could be material, when aggregated with misstatements in other
balances, classes, or disclosures to the financial statements taken as a whole.
Using an explicit amount for tolerable misstatement permits the auditor's decisions about the quality and extent of
evidence necessary to be influenced specifically by the size of a misstatement that would be material to the account
balance or transaction class.
Some consideration of the relationship between tolerable misstatement and individual accounts is obviously
necessary because it is not efficient or effective to apply a percentage guide to each account. For example, in
applying audit procedures to prepaid expense, it would not be reasonable to regard 10% of the amount as material
if the total amount of prepaid expense was immaterial to the financial statements. For some accounts and transac
tions, consideration of tolerable misstatement is unnecessary because the nature of the item and cost of possible
audit procedures is such that the account can be audited to very close tolerances. For example, longterm debt and
property, plant, and equipment can usually be examined to such close tolerances. For other accounts, such as
shortterm assets and liabilities, consideration of the tolerable misstatement for the account balance will be useful
in making planning decisions. An auditor, for example, might use the tolerable misstatement amount in deciding:
a. which items in a balance to examine 100%,
b. whether it is necessary to sample the remaining items, or
c. whether to apply analytical procedures instead of tests of details.
Trivial Misstatements
Some auditors set an amount below which detected misstatements need not be accumulated on the summary of
audit differences (often referred to as adjustments passed at the workpaper level). SAS No. 107 (AU 312.42) states
that the auditor must accumulate all known and likely misstatements identified during the audit, other than those
that the auditor believes are trivial." (Emphasis added.) Footnote 17 to AU 312.42 states that trivial matters are
amounts designated by the auditor below which misstatements need not be accumulated. This amount is set so
that any such misstatements either individually or when aggregated with other such misstatements, would not be
material to the financial statements, after the possibility of further undetected misstatements is considered."
106

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

When determining whether the amount of a misstatement is below the amount that should be accumulated on the
summary of audit differences, the auditor should be careful not to net purposed adjustments at the workpaper level.
For example, assume the auditor has determined that only misstatements greater than $500 need to be accumu
lated on the summary or audit differences. If the auditor has a known misstatement that overstates income by
$10,000 and a likely misstatement that understates income by $10,500, both misstatements should be included on
the summary of audit differences.
Single Audit Materiality
In a Single Audit, the auditor should plan the audit of federal award programs so that there is only a relatively low
risk of failing to detect noncompliance with requirements governing each major program that, when taken together,
would be material to the program. For the Single Audit, the auditor's consideration of materiality for federal award
programs differs from that in the audit of financial statements. In the audit of financial statements, the auditor
considers materiality in relation to the financial statements being audited. However, when auditing compliance with
requirements governing federal award programs, the auditor must also consider materiality at the major program
level. The auditor's assessment of materiality for a specific instance of noncompliance will depend on the particular
compliance requirement that is being evaluated.
Materiality for Purposes of Compliance Testing and Reporting. OMB Circular A133 requires the auditor to test
and report on the nonprofit organization's compliance with compliance requirements governing major programs.
When testing compliance with compliance requirements governing major programs, the auditor should consider
materiality in relation to each major program being audited. OMB Circular A133, Section 510 requires auditors to
report material noncompliance with the provisions of laws, regulations, contracts, or grant agreements related to a
major program in a schedule of findings and questioned costs. OMB Circular A133, states:
The auditor's determination of whether an instance of noncompliance with the provisions of laws,
regulations, contracts, or grant agreements is material for the purpose of reporting an audit
finding is in relation to a type of compliance requirement. . . for a major program or an audit
objective identified in the. . . Compliance Supplement.
In determining whether a compliance finding is material, the auditor should give consideration to both qualitative
and quantitative factors.
OMB Circular A133 requires the auditor to consider a lower level of materiality for purposes of reporting audit
findings in the schedule of findings and questioned costs than for other purposes. The materiality level for reporting
an audit finding in a single audit is generally lower than (a) the materiality used for planning and performing the
single audit, (b) the materiality used for planning, performing, evaluating the results of, and reporting on the
financial statement audit, and (c) the materiality used for expressing an opinion on compliance with requirements
having a direct and material effect on each major program.
Because OMB Circular A133 requires an opinion on compliance for each major program, when considering
whether instances of noncompliance are material to a major program, the auditor should consider the type and
nature of each instance of noncompliance, as well as the actual and projected effect of noncompliance, on each
major program in which noncompliance was detected. The concept of materiality should be applied to each major
program taken as a whole, rather than to each individual compliance requirement. An amount that is material to one
major program may be considered immaterial to another major program. If the tests of compliance reveal material
noncompliance at the program level, the auditor should consider the effect of this noncompliance on the financial
statements.
Guidance on Determining Materiality for Compliance Testing and Reporting. As a rule of thumb, it is believed
that, in most situations, using 5% of total program awards expended will result in an appropriate materiality amount.
However, other factors may effect this decision, and the auditor should use professional judgment in making this
determination.
Assessing Risks of Material Misstatement at the Financial Statement Level
Audit risk is the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial
statements that are materially misstated. It is a function of the risk that the financial statements are materially
107

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

misstated and the risk that the auditor will not detect such material misstatement. In this sense, audit risk is the risk
of material misstatement remaining in the financial statements after the audit. Audit risk cannot be precisely
measured as a percentage; thus, consideration of audit risk is necessarily judgmental, not mathematical.
The auditor must consider audit risk for the financial statements taken as a whole. When considering audit risk at
the overall financial statement level, the auditor should consider risks of material misstatement that relate perva
sively to the financial statements taken as a whole and potentially affect many relevant assertions. (These risks are
also referred to as overall risks.)
Professional standards establish a presumptively mandatory requirement for the auditor to assess and document
the risks of material misstatement at the financial statement level (SAS No. 107, AU 312.12 and SAS No. 109, AU
314.122). Risks of material misstatement at the financial statement level often relate to the entity's control environ
ment and are not necessarily identifiable with specific relevant assertions at the class of transactions, account
balance, or disclosure level. These overall risks are often especially relevant to the auditor's consideration of the
risks of material misstatement arising from fraud, for example, through management override of internal control.
At the individual account balance, class of transaction, or disclosure level, the risk of material misstatement
consists of inherent risk and control risk. Some auditors have questioned whether these risk model components
also need to be considered at the financial statement level. The answer is, No." It is believed the risk assessment
at the financial statement level is directed to an overall or combined assessment of the risk of material misstate
ment. There is no requirement to separately assess inherent risk and control risk at the financial statement level.
The overall assessment of risk of material misstatement at the financial statement level is made relatively early in
audit planning, based on information such as the effectiveness of the entity's control environment and identification
of fraud risk factors.
Responding to Risks at the Financial Statement Level. SAS No. 110 provides guidance to auditors when
determining overall responses to address risks of material misstatement at the financial statement level. These
responses may include:
Emphasis to the audit team to use professional skepticism.
Assigning staff with higher experience levels or specialized skills.
Increasing the level of supervision.
Using a greater degree of unpredictability in selecting audit procedures.
Changing the nature, timing, and extent of substantive procedures (e.g., instead of interim testing shift
testing to period end or modify the nature of audit procedures to obtain more persuasive evidence).
In addition, the auditor should consider any specific relevant assertions that might be affected by the overall risks
and develop responses at that level when designing the nature, timing, and extent of further audit procedures.
Exhibit 28 provides examples of overall risks and potential responses.

108

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Exhibit 28
Examples of Overall Risks and Responses
Overall Risk

Example Responses

No communication of ethical values. Manage
ment exhibits behavior that occasionally reflects
a loose regard for ethical operating practices.
(The auditor assumes a risk of management
override of controls. This also assumes that the
auditor does not perceive the risk to be so great
to either decline or withdraw from the engage
ment.)

Place higher emphasis on the use of professional
skepticism.
Assign staff with higher experience levels.
Review accounting estimates for bias.
Evaluate operating rationale for unusual transac
tions.
Examine journal entries.
Make greater use of unpredictability in audit
procedures.
Increase the extent of fraudrelated inquiries.

Turnover in key management during the year.

Increase the level of supervision.
Review accounting estimates for bias.
Evaluate operating rationale for unusual transac
tions.

Going concern considerations that may impact
future financing, investment, or other operating
opportunities.

Increase the level of supervision or assign more
experienced staff.
Shift substantive procedures to year end.
Review accounting estimates for bias.
Emphasize the use of professional skepticism.

A minimal degree of compliance with restrictive
loan covenants containing various required
operating ratios for significant financing agree
ments.

Shift substantive procedures to year end.
Review accounting estimates for bias.

Management exhibits a low regard for hiring
competent finance personnel.

Increase the level of supervision or assign more
experienced staff.
Shift substantive procedures to year end.

*

*

*

Because there is always at least one identified fraud risk (a risk of management override of controls), certain overall
responses are required in every audit, as follows:
Auditors should consider whether the personnel assigned to the engagement possess the necessary
knowledge and skills.
Auditors should consider whether the extent of supervision of personnel is appropriate.
Auditors should consider the client's selection and application of accounting principles, especially in
subjective areas.
Auditors should incorporate an element of unpredictability in the selection of audit procedures from year
to year.
Other overall responses may also be appropriate to address identified fraud risks. Exhibit 29 provides examples of
overall responses to fraud risks.

109

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 29
Overall Responses to Fraud Risks
Staffing and Supervision:
Assignment of more experienced audit personnel to the engagement or increased supervision of
engagement personnel.
Assignment of personnel with industry or functional expertise.
Involvement of specialists.
Selection and Application of Accounting Principles:
Increased scrutiny of the client's selection and application of significant accounting policies, particularly
those that deal with revenue recognition, asset valuation, or capitalizing versus expensing.
Incorporating an Element of Unpredictability:
Altering the timing of tests.
Changing sampling methods.
Performing procedures at different locations or on an unannounced basis.
Performing a different combination of analytical procedures and substantive tests of details.
Testing account balances and assertions otherwise considered immaterial or low risk.
Other Overall Responses:
Increased sensitivity to the nature, timing, and extent of documentation examined in support of material
transactions.
Increased recognition of the need to corroborate client explanations or representations concerning
material matters, such as through additional analytical procedures, examination of documentation, or
corroboration with others within or outside the organization.
Further consideration of the auditor's control risk assessment (if control risk has been assessed at less
than a high level) if identified fraud risks have control implications.
Increased scrutiny of the nature and business reasons for unusual and/or overly complex transactions.

*

*

*

Documentation. SAS No. 109 requires the auditor to document the assessment of risks of material misstatement
at the financial statement level and the basis for the assessment. The auditor is also required by SAS No. 110 to
document overall responses to such risks.(Note that the assessment of risks at the financial statements level is
really an acknowledgment that there are risks at the financial statement level. The auditor needs to document those
identified risks and their response.)
Establishing an Overall Audit Strategy
The auditor should establish an overall strategy for the audit. The audit strategy is the auditor's operational
approach to achieving the objectives of the audit. It is a high level determination of the audit approach. It includes
the identification of overall risks, the overall responses to those risks, and the general approach to each audit area
as being substantive procedures or a combination of substantive procedures and tests of controls.
SAS No. 108 (AU 311.14) provides that in establishing the overall audit strategy the auditor should do the following:
a. Determine the characteristics of the engagement that define its scope.
b. Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of
communications required.
c. Consider the important factors that will determine the focus of the audit team's efforts.
110

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Steps a and b are relatively straightforward factual determinations of the information to be audited, reporting
objectives, the overall timing of the audit, and the written and other communications that will be required. Step b is
particularly important in an engagement for a nonprofit organization. The type of financial statements to be reported
on, special audit or reporting requirements of a funding source or regulatory agency, tax forms to be filed, and the
reporting deadlines for all of these matters can have a significant effect on the scope and sequence of audit
procedures. Step c is the heart of determining the nature, timing, and extent of audit procedures that will be
necessary. In establishing audit strategy, these matters are dealt with at a high level rather than at the detailed audit
plan level, which describes the nature, timing, and extent of procedures at the relevant assertion level.
The overall audit strategy includes and is significantly influenced by the auditor's judgments about materiality and
the risks of material misstatement at the financial statement level. Important aspects of overall audit strategy that
determine the focus of the audit team's efforts generally include the following:
Materiality considerations, including:
Planning materiality.
Materiality for auditors of other locations, if any.
Preliminary identification of material locations and account balances.
Preliminary identification of areas where there may be higher risks of material misstatement, including
those due to fraud.
Effect of assessed risk of material misstatement at the overall financial statement level.
Evaluation by audit area of whether the auditor plans to obtain evidence regarding the operating
effectiveness of internal control, i.e., whether the auditor plans to use substantive procedures alone or a
combination of substantive procedures and tests of controls.
Determination of the composition and deployment of the audit team (and if necessary, the engagement
quality control reviewer), including the assignment of audit work to team members, especially the
assignment of appropriately experienced team members to areas identified as having a higher risk of
material misstatement.
Determination of the extent of involvement of professionals possessing specialized skills.
Additional emphasis on the use of professional skepticism.
Determination of general aspects of the nature, timing, and extent of further audit procedures, such as
performing testing at the statement of financial position date rather than at an interim date.
Identification of recent significant developments affecting the entity, its industry, its financial reporting, or
its legal or economic environment.
Determination of areas where client assistance is expected to be minimal.
In developing the overall audit strategy the auditor should incorporate decisions and judgments about overall
responses to the risks of material misstatement at the financial statement level. A key outcome of developing the
strategy is the determination of resources necessary to perform the engagement including:
Personnel Resources for Specific Audit Areas. This includes the assignment of experienced team members
or the involvement of experts for high risk or complex areas as well as the amount of resources for specific
audit areas, including the timing of the deployment of such resources.
Management and Supervision of Personnel. This includes management and supervision considerations
such as team briefing meetings, reviews by the partner and manager, and quality control reviews.
111

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Effect of Information Technology (IT) on Audit Strategy. A client's computer system also can affect the audit
strategy because it can affect the risk of material misstatement, which influences the auditor's substantive proce
dures, and also can affect the availability and sufficiency of audit evidence, including the audit trail. In computerized
financial reporting systems, much of the client's data is processed and stored only in electronic form. Thus, errors
and fraud involving computer programs and files may be less obvious than misstatements in manual records. Also,
data processing duties are often concentrated in one or two employees. Those factors can create a higher risk of
material misstatement. However, that risk may be reduced if the client uses only purchased software and simple
applications.
In addition, when information is available only in electronic form, its competence and sufficiency as audit evidence
usually depend on the effectiveness of controls over its accuracy and completeness. Accordingly, the risk of
improper initiation or alteration of information may be greater if the information is available only in electronic form
and controls are not operating effectively. For example, automated controls and processes may be overridden
leaving little or no visible evidence of the intervention. In that case, the auditor should perform tests of controls to
gather evidence for use in assessing control risk.
Before designing the audit plan, auditors should consider whether the client's computer system provides a clear
audit trail. If the system does not provide a clear trail for posting transactions to the general ledger, including journal
entries, the auditor may need to change the nature of planned substantive procedures, such as testing items
comprising yearend balances instead of testing transaction activity for the period.
Auditors also should consider the amount and type of available data when designing audit procedures. They may
need to time their tests based on when the accounting data is available. Data availability can be affected by both the
computer system and the client's data retention policies.
The impact of IT on an entity's internal control is generally related more to the nature and complexity of the entity's
systems than to the entity's size. However, before deciding not to test controls, auditors need to be satisfied that
performing only substantive procedures will be effective in reducing detection risk to an acceptable level. For
example, SAS No. 109 indicates that the auditor may find it impossible to design effective substantive procedures
that by themselves provide sufficient appropriate audit evidence at the relevant assertion level when an entity
conducts its activities using information technology (IT) and no documentation of transactions is produced or
maintained, other than through the IT system.
Timing of Developing the Audit Strategy. In some cases, the auditor may have sufficient information to establish
a preliminary audit strategy prior to performing extensive risk assessment procedures based on knowledge from
past experience with the client and the results of preliminary engagement activities. For example, in a continuing
engagement, the auditor may be able to establish a preliminary audit strategy after completing the client continu
ance procedures based on knowledge from the previous engagements and discussions with the client regarding
any new issues or changes in client circumstances.
For new engagements, the auditor may have gained sufficient information while performing client acceptance
procedures and gathering information for the fee proposal that would allow the development of a preliminary audit
strategy. In fact, many auditors collect enough information during this process to make preliminary decisions on the
assessment of overall risks, the determination of personnel requirements, use of specialists or other auditors, and
other overall strategy matters. In these situations, the auditor simply needs to gather additional information
throughout the performance of the risk assessment procedures to complete the overall audit strategy.
Communicating with Those Charged with Governance. The auditor may discuss elements of the overall audit
strategy with those charged with governance. SAS No. 114 requires the auditor to communicate with those
charged with governance about the planned scope and timing of the audit. When these discussions occur, the
auditor should be careful not to compromise the effectiveness of the audit, for example, by discussing the detailed
nature and timing of audit procedures.
Although professional standards do not require documentation of the audit strategy itself, they do require docu
mentation of any significant revisions to the overall audit strategy to respond to changes in circumstances.
However, SAS No. 108 (AU 311.18) observes that a brief memorandum prepared at the conclusion of the previous
audit, based on a review of audit documentation and highlighting issues identified in the audit just completed, can
112

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

be updated and changed in the current period to provide a basis for planning the current audit. The update can be
based on discussions with management of the entity. As a practical matter, some auditors frequently prepare an
audit summary memo" as part of their engagement completion procedures to provide a convenient method of
establishing a basis for planning the following year's audit engagement. Exhibit 210 provides a list of suggested
content that might be contained in such a memo.
Exhibit 210
Suggested Content for an Audit Summary Memo
A brief background of the nonprofit organization and a description of its operations.
A brief recap of the results of the auditor's risk assessments and identification of areas, if any, designated as
high risk.
A summary of the nonprofit organization's financial position, activities, and cash flows.
Relevant information related to the Single Audit, if applicable.
A discussion of significant accounting and auditing issues, including matters that require significant
professional judgment.
An indication of the review performed by the engagement partner.
A summary of audit differences.
Overall opinion.
Documentation of the report release date and the documentation completion date.
Other matters, such as identification of engagement team members, summary of the closing meeting held with
the client, issues for inclusion in a management letter, known changes or efficiency considerations for
consideration when planning the subsequent year's engagement, and client service opportunities.

*

*

*

Documentation of Communications with Other Entities in a Single Audit. The auditor might communicate with
grantor agencies (including pass-through entities) or federal or state auditors or other oversight entities to aid in
planning the audit. The GAS/A-133 AICPA Audit Guide, paragraph 2.48, explains that as part of establishing the
overall audit strategy, the auditor should document such communications and any decisions reached as a result.

113

Companion to PPC's Guide to Audits of Nonprofit Organizations

114

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
29. Which of the following statements is correct concerning planning materiality?
a. Planning materiality concerns preliminary judgments at the relevant assertion level.
b. Planning materiality decisions are based on the needs of actual users.
c. The focus is generally on qualitative factors.
d. SFAC No. 2 applies a reasonable person" standard to determining materiality.
30. Which of the following statements is correct concerning the use of benchmarks?
a. Planning materiality benchmarks consider the nature but not the size of the entity.
b. Planning materiality benchmarks determine adequacy of the nature of procedures.
c. Planning materiality is established by applying a percentage to a benchmark.
d. Once a benchmark is chosen, it remains throughout the audit.
31. Which of the following statements is correct concerning tolerable misstatement?
a. Just as there is only one planning materiality level, there should be only one tolerable misstatement level.
b. Tolerable misstatement can exceed the level of materiality for the financial statements.
c. Tolerable misstatement is a monetary concept, used to set the maximum acceptable error in a population.
d. Professional standards are quite explicit concerning calculation of tolerable error.
32. OMB Circular A133 requires the auditor to provide an opinion on compliance for each major program.
a. True
b. False
33. According to the text, what is the correct auditor response when there has been a turnover in key management
during the year?
a. Shift substantive procedures to year end.
b. Review accounting estimates for bias.
c. Examine journal entries.
d. Increase unpredictability in audit procedures.
34. Which of the following statements is correct concerning risk and the financial statements?
a. Audit risk can be mathematically determined by the use of PPS or classical sampling means.
b. Risk of material misstatement applies to both the financial statement level and the relevant assertion level.
c. There is always at least one identified fraud risk.
d. A key outcome of identifying overall risks and developing an overall strategy is the determination of poten
tial auditor liability.
115

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
29. Which of the following statements is correct concerning planning materiality? (Page 100)
a. Planning materiality concerns preliminary judgments at the relevant assertion level. [This answer is
incorrect. These judgments are made at the financial statement level.]
b. Planning materiality decisions are based on the needs of actual users. [This answer is incorrect. Such
decisions are based on a conceptual view. Actual users are not surveyed.]
c. The focus is generally on qualitative factors. [This answer is incorrect. The focus is on quantitative factors.]
d. SFAC No. 2 applies a reasonable person" standard to determining materiality. [This answer is
correct. SFAC No. 2 considers whether the judgments of a reasonable person would be affected by
the information presented.]
30. Which of the following statements is correct concerning the use of benchmarks? (Page 101)
a. Planning materiality benchmarks consider the nature but not the size of the entity. [This answer is incorrect.
Both factors are considered in the development of benchmarks for planning materiality.]
b. Planning materiality benchmarks determine adequacy of the nature of procedures. [This answer is
incorrect. Planning materiality benchmarks should not be used to determine the adequacy of the nature
and timing of procedures.]
c. Planning materiality is established by applying a percentage to a benchmark. [This answer is
correct. This approach is supported by SAS No. 107.]
d. Once a benchmark is chosen, it remains throughout the audit. [This answer is incorrect. Choice of
benchmarks may change as the auditor moves from planning to evaluation.]
31. Which of the following statements is correct concerning tolerable misstatement? (Page 105)
a. Just as there is only one planning materiality level, there should be only one tolerable misstatement level.
[This answer is incorrect. SAS No. 107 allows for multiple levels.]
b. Tolerable misstatement can exceed the level of materiality for the financial statements. [This answer is
incorrect. SAS No. 39 specifically rules out such an occurrence.]
c. Tolerable misstatement is a monetary concept, used to set the maximum acceptable error in a
population. [This answer is correct. Tolerable error is specifically addressed by SAS No. 39.]
d. Professional standards are quite explicit concerning calculation of tolerable error. [This answer is incorrect.
Professional standards do not address such calculations, nor do they address the rules of thumb used in
practice to make such calculations.]
32. OMB Circular A133 requires the auditor to provide an opinion on compliance for each major program. (Page
107)
a. True [This answer is correct. The concept of materiality should be applied to each major program
taken as a whole.]
b. False [This answer is incorrect. When considering whether instances of noncompliance are material to a
major program, OMB Circular A133 imposes such a requirement.]
116

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

33. According to the text, what is the correct auditor response when there has been a turnover in key management
during the year? (Page 109)
a. Shift substantive procedures to year end. [This answer is incorrect. This is an appropriate response in
certain cases, such as when there are going concern considerations that may impact future financing.]
b. Review accounting estimates for bias. [This answer is correct. This is also an appropriate response
in certain cases involving restrictive loan covenants where a minimal degree of compliance is
considered an overall risk.]
c. Examine journal entries. [This answer is incorrect. This is an appropriate response when an overall risk is
no communication of ethical values.]
d. Increase unpredictability in audit procedures. [This answer is incorrect. This is an appropriate response
when an overall risk is no communication of ethical values.]
34. Which of the following statements is correct concerning risk and the financial statements? (Page 109)
a. Audit risk can be mathematically determined by the use of PPS or classical sampling means. [This answer
is incorrect. Audit risk is subjective, not mathematical.]
b. Risk of material misstatement applies to both the financial statement level and the relevant assertion level.
[This answer is incorrect. Risk of material misstatement is not necessarily identifiable with specific relevant
assertions.]
c. There is always at least one identified fraud risk. [This answer is correct. That being a risk of
management override of controls.]
d. A key outcome of identifying overall risks and developing an overall strategy is the determination of
potential auditor liability. [This answer is incorrect. A key outcome is the determination of resources
necessary to complete the audit.]

117

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

FRAUD CONSIDERATIONS
SAS No. 99, Consideration of Fraud in a Financial Statement Audit, establishes standards and provides guidance on
the auditor's responsibility to consider the risks of fraud and to design the audit to provide reasonable assurance
of detecting fraud that results in the financial statements being materially misstated. This course discusses the
auditor's assessment of audit risk at the financial statement level and the account balance or transaction class
levels. The auditor's consideration of fraud is not separate from consideration of risk at those levels, but is
integrated into the overall risk assessment process. Therefore, this course integrates the requirements of SAS No.
99 within the overall risk assessment process by addressing those requirements at relevant points throughout the
course. This section, like SAS No. 99, provides more specific guidance on assessing the risk of material misstate
ment due to fraud when assessing the risk of material misstatement. Although the requirements and guidance
presented in this section may suggest a sequential process, the audit is a continuous process of gathering,
updating, and analyzing information about the fairness of presentation of amounts and disclosures in the financial
statements in conformity with GAAP (or an OCBOA). Therefore, the procedures outlined in this section may be
performed concurrently with other procedures, and the evaluation of fraud risks should occur continuously
throughout the audit.
Special Considerations for a Nonprofit Organization When Performing a Single Audit
A riskbased approach should be used when determining major programs. Adoption of a riskbased approach
shifts the audit away from traditional major programs (that is,those with large dollar expenditures) to an emphasis
on programs that show signs of managerial weakness or that by their nature are inherently risky. The approach
includes consideration of the following:
Current and prior audit experience.
Oversight by federal agencies and passthrough entities.
Inherent risk of the program.
Section 525(a) of OMB Circular A133 indicates the auditor's determination [of federal program risk] should be
based on an overall evaluation of the risk of noncompliance occurring which could be material to the Federal
program." OMB Circular A133 describes a fourstep process to determine major programs. If major programs are
determined and documented in accordance with OMB Circular A133, Section 520(h) states the auditor's judg
ment in applying the riskbased approach to determine major programs shall be presumed correct."
Types of Misstatements Caused by Fraud
SAS No. 99 (AU 316.05) defines fraud as an intentional act that results in a material misstatement in financial
statements that are the subject of an audit." The SAS outlines three conditions that generally are present when
fraud occurs:
Incentive/Pressure. Management or other employees have a reason to commit fraud.
Opportunity. Circumstances, such as ineffective controls, the absence of controls, or the ability to override
controls, enable management or other employees to commit fraud.
Attitude/Rationalization. Management or other employees are able to justify the acceptability of committing
fraud.
SAS No. 99 addresses two types of misstatements that are relevant to the auditor's consideration of fraud in a
financial statement audit:
Misstatements resulting from fraudulent financial reporting (sometimes called cooking the books).
Misstatements resulting from misappropriation of assets (sometimes called stealing).
118

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Misstatements Resulting from Fraudulent Financial Reporting. Misstatements resulting from fraudulent finan
cial reporting (often referred to as management fraud or cooking the books) are intentional misstatements, or
omissions, of amounts or disclosures from the financial statements with the intent of deceiving financial statement
users. The effect of those misstatements causes the financial statements not to be presented, in all material
respects, in conformity with GAAP (or an OCBOA). Examples that may be encountered with nonprofit organizations
include
Overstating program accomplishments to earn higher bonuses or to mislead grantors about the success
of the program in order to ensure future funding.
Understating unrestricted net assets to avoid potentially negative effects on fundraising.
Understating unrelated business income to minimize income taxes.
Management may be under pressure to report certain financial results to bond reporting agencies in order to
maintain the organization's bond rating and to lenders to meet bond covenant requirements. Similarly, a nonprofit
organization may have a promise to give conditioned on receiving matching funds. Management of the organiza
tion may be under pressure to overstate promises to give receivable and contribution revenue to meet the matching
requirement. Another comparable situation may result if the nonprofit organization has a federal award with a
matching requirement. If the nonprofit organization has received a material grant, management of the organization
may be under pressure to keep recorded expenses within the grant budget limits. This could result in either an
understatement of total expenses and liabilities or the misclassification of expenses to functional areas other than
the appropriate grant. Conversely, a nonprofit organization may record fraudulent expenses under a specific grant
with excess funds in order to record related grant revenue. This could result in an overstatement of both expenses
and grant revenue.
Nonprofit organizations that face cash flow problems may face pressure to misclassify donorrestricted contribu
tions as unrestricted to free up cash for the organization's operations. This could result in an overstatement of
unrestricted net assets and an understatement of temporarily or permanently restricted net assets. However, for
other nonprofit organizations, the risk may run in the opposite direction. For example, nonprofit organizations
experiencing difficulty with fundraising due to large balances of unrestricted net assets may attempt to record
unrestricted contributions as restricted in order to lower the percentage of total net assets that is reflected as
unrestricted in the financial statements.
A nonprofit organization's financial statements may be reviewed by a national oversight organization or industry
watchdog group and are frequently available to the public over the Internet. As a result, the organization may be
under pressure to report certain financial results, such as fundraising expenses below certain percentages of
contribution revenue and total expenses. The auditor has to draw on knowledge of the nonprofit organization to
evaluate where in the financial statements material misstatement due to fraud would be likely to exist.
Many nonprofit organizations have an interest in reporting positive trends in contributions revenue and in minimiz
ing supporting services expenses. The key consideration, however, is whether management has shown an interest
in manipulating the financial statements through unusually aggressive accounting practices. The auditor may have
knowledge from prior audits of management trying to allocate supporting services to programs in an effort to
minimize the supporting services reported in the financial statements. This situation would most likely increase the
risk of material misstatement due to fraud. However, if management is interested in minimizing supporting services
expenses through legitimate means, such as allocations based on detailed time and use studies, then the auditor
most likely would not consider this to be an area of increased risk. Those practices are not the same as fraudulent
actions such as skimming revenue and falsifying documents. The independent auditor's focus is on whether the
financial statements are materially misstated.
In general terms, financial statements are fraudulently misstated through use of the following methods:
Intentional misapplication of GAAP (or an OCBOA) involving measurement, and resulting misstatement of
amounts.
Intentional omission or misrepresentation of information about transactions or events (or intentional
misapplication of GAAP involving disclosure).
119

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Recording fictitious transactions.
Recording sham transactions (transactions without economic substance, usually involving related parties).
These methods may be facilitated by the creation, falsification, alteration, or other manipulation of accounting
records or source documents. Misstatements resulting from fraudulent financial reporting are frequently perpe
trated by management through override of internal controls over financial reporting.
Misstatements Resulting from Misappropriation of Assets. Misstatements resulting from misappropriation of
assets (often referred to as defalcation, embezzlement, theft, or simply stealing) involve theft of the company's
assets that results in the financial statements not being presented, in all material respects, in conformity with GAAP
(or an OCBOA). Misappropriation of assets can be committed in many ways, including embezzlement of cash
receipts, stealing assets, or causing the entity to pay for goods and services not received (or paying inflated prices
for goods and services received). This type of fraud may be facilitated by the falsification, alteration, or other
manipulation of accounting records or source documents, possibly by circumventing controls. Misappropriation
may be committed by one or more individuals in management, by employees, or by third parties.
The Auditor's Responsibility for Fraud Detection
SAS No. 107 (AU 312.03) states: The auditor's responsibility is to plan and perform the audit to obtain reasonable
assurance that material misstatements whether caused by errors or fraud, are detected." SAS No. 99 does not
increase the auditor's responsibility for the detection of material misstatement due to fraud. However, SAS No. 99
does require the auditor to specifically identify and assess risks that may result in material misstatement of the
financial statements due to fraud and to respond to the results of the assessment when gathering and evaluating
audit evidence.
SAS No. 99 requires the auditor to make an assessment of the risk of material misstatement arising from both
fraudulent financial reporting and misappropriation of assets. When assessing the risk of material misstatement
due to fraud, the auditor should consider the type of risk, that is, whether it relates to cooking the books or stealing;
the significance of the risk, that is, whether it could result in material misstatement of the financial statements; the
likelihood of fraud occurring; and the pervasiveness of the risk, that is, whether it relates to the financial statements
as a whole or to specific areas of the financial statements. This analysis should also include consideration of the
direction of the risk for the area of the financial statements that would be affected. Is the risk of potential misstate
ment a risk of overstatement or a risk of understatement?
The auditor should consider who would have the motivation or incentive to intentionally misstate the financial
statements and the form the fraud would be likely to take. As explained previously, this is a consideration that
should be discussed among the engagement team members in a planning meeting. That way, team members can
exchange ideas about where the audited entity's financial statements might be susceptible to misstatement due to
fraud and the more experienced members can share their insights based on their knowledge of the entity. SAS No.
99 (AU 316.14.18) requires that key members of the audit engagement team have, and document, a brainstorm
ing discussion early in the audit about the potential for fraud.
SAS No. 99 (AU 316.20.27) requires specific fraudrelated inquiries of management, employees, internal auditors,
and the audit committee. The auditor should inquire of management about its understanding of the risks of fraud,
programs and controls in place to lessen fraud risks, and whether management knows of any actual fraud or is
aware of any alleged fraud in the entity. Similar inquiries should be made of others within the entity who the auditor
believes may be able to provide useful information (such as operating personnel not directly involved in financial
reporting and other employees at various levels of authority or involved in complex or unusual transactions),
internal auditors, and the audit committee, if there is one.
SAS No. 99 requires the auditor to specifically identify and assess risks that may result in material misstatement of
the financial statements due to fraud and to respond to the results of the assessment when gathering and
evaluating audit evidence. However, SAS No. 99 states that an auditor cannot obtain absolute assurance that the
financial statements are free of material misstatements caused by fraud. Because of the nature of audit evidence
and the characteristics of fraud, even a properly planned and performed audit may not detect a material misstate
ment resulting from fraud. Fraudulent activity often involves collusion, misrepresentation, or falsified documents. In
120

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

addition, fraudulent financial reporting frequently involves management override of controls that in some cases
might appear to be operating effectively. As a result, auditors may unknowingly rely on audit evidence that appears
to be valid but is, in fact, fraudulent. In addition, audit procedures that are effective for detecting errors may not be
effective for detecting fraud.
Immaterial Misstatements Caused by Fraud. AU 110.02 states:
The auditor has no responsibility to plan and perform the audit to obtain reasonable assurance
that misstatements, whether caused by errors or fraud, that are not material to the financial
statements are detected.
However, many frauds may not result in the financial statements being materially misstated for any individual
period, but may be perceived to be material, especially if the amounts involved accumulate over time.
For example, assume that a bookkeeper in a small nonprofit organization embezzles $5,000 per year for several
years and hides the fraud by inflating expenses each year. That amount is immaterial to each year. After several
years, the fraud is detected and the amounts stolen aggregate $30,000, which might be considered material if the
financial statements for any individual period were misstated by this amount. Because the financial statements are
not materially misstated in any given period, the auditor is not responsible under professional standards for
detecting such a fraud. This situation does result in a business risk for the auditor because many clients may have
the expectation that the auditor should detect all cases of fraud, whether the financial statements are materially
misstated or not. This perception of the auditor's responsibility goes beyond what is required by professional
standards. To eliminate this expectation gap, it is important for auditors to inform their clients about the auditor's
responsibility under professional standards.
The Importance of Exercising Professional Skepticism
GAAS requires the auditor to exercise due professional care in planning and performing the audit. SAS No. 1 at AU
230.07 states that due professional care requires the auditor to exercise professional skepticism. Professional
skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence." Because the
characteristics of fraud include concealment, misrepresentation, falsified documents, and collusion, the need for
professional skepticism is especially important when considering the risks of material misstatement due to fraud.
When exercising professional skepticism, auditors should suspend any belief in management's honesty and
integrity and approach the audit with a questioning mind. Regardless of past experience with the client, auditors
acknowledge and remain open and alert to the possibility that material misstatement due to fraud may exist. All of
the information and evidence gathered by the auditor is critically evaluated and an ongoing assessment is made of
whether the evidence suggests that the financial statements are materially misstated due to fraud. The auditor
should not be willing to accept less than persuasive evidence based on a belief that management or key
employees are honest.
The Auditor's Fraud Risk Assessment Process
SAS No. 99 requires auditors to assess identified risks of material misstatement due to fraud. However, although the
SAS uses the term assess, this is not intended to require a separate, specific conclusion on the level of risk such as
high, moderate, or low. The SAS indicates that such an assessment is not useful in developing appropriate
responses. Rather, the assessment referred to in SAS No. 99 involves determining whether identified risks of
material misstatement due to fraud are mitigated by antifraud programs and controls, and the effect of those
considerations on the auditor's response.
SAS No. 99 outlines the following fraud risk assessment process (however, as discussed in paragraph [OLDREF],
the process is not necessarily sequential):
a. Hold a discussion among engagement team members to consider the susceptibility of the client's financial
statements to material misstatement due to fraud and to reinforce the importance of professional
skepticism.
b. Obtain other information needed to identify risks of material misstatement due to fraud.
121

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

c. Identify risks that may result in material misstatement of the financial statements due to fraud.
d. Assess the identified risks after taking into account an evaluation of the entity's antifraud programs and
internal controls.
e. Respond to the results of the risk assessment.
Auditors gather other information that may be relevant to identifying risks of material misstatement due to fraud
while obtaining an understanding of the entity and its environment, its internal control, and its fraud risk factors, and
from the performance of preliminary analytical procedures. Other information auditors should consider in identify
ing risks of material misstatement due to fraud includes the discussion among engagement team members,
information from client acceptance and continuance procedures, the auditor's inherent risk assessment and, if
applicable, reviews of interim financial statements.
If the auditor identifies risks of material misstatement due to fraud, the audit response may be overall or specific,
and may include substantive procedures or tests of controls. (However, substantive analytical procedures alone are
not a sufficient response.) Specific responses are addressed in individual audit programs. Overall responses have
an overall effect on how the audit is conducted. Certain overall responses, such as the consideration of staffing and
supervision, scrutiny of the selection and application of accounting principles, and incorporating an element of
unpredictability in audit procedures, are considered in every audit and are incorporated into the audit programs in
this course. In addition, certain required responses to address the risk of management override of controls are
incorporated in the audit programs in this course.
Documenting the Fraud Risk Assessment. Although SAS No. 99 defines a fraud risk assessment process that
results in identifying and documenting risks of material misstatement due to fraud and the auditor's responses to
those risks, it does not change the overall audit risk assessment process in SAS No. 107. SAS No. 107 defines audit
risk at the account balance or transaction class level as consisting of three components: inherent risk, control risk,
and detection risk. SAS No. 99 requires the auditor to assess the identified risks of material misstatement due to
fraud, but it does not add another component to the audit risk model. This is because fraud risks encompass both
inherent and control risk attributes. Under the audit approach in this course, the auditor makes separate assess
ments of inherent and control risk (including the risks of fraud) and uses those assessments to determine the risk
of material misstatement. In addition, the auditor considers whether the audit programs are appropriate in light of
the assessed risk of material misstatement.
SAS No. 99 (AU 316.83) requires the auditor to document evidence that he or she assessed the risks of material
misstatement due to fraud. The auditor is required to document the following:
The discussion among engagement team members in planning the audit.
The procedures performed to gather information needed to identify and assess fraud risks.
Fraud risks identified.
The response to those risks.
If applicable, how the auditor overcame the presumption that improper revenue recognition is a fraud risk.
The results of procedures to address the risk of management override of controls.
Additional conditions, if any, requiring a response and the response(s) to those conditions.
The nature of communications about fraud.
A practical approach has been developed to fraud risk assessment that addresses the requirements in SAS No. 99.
This course includes audit program steps designed to assist auditors in meeting those requirements. Exhibit 211
illustrates how the approach in this course accomplishes the requirements outlined earlier.
122

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 211
Practice Aids for Documenting the Fraud Risk Assessment
PPC Approach to Fraud Risk
Assessment

SAS No. 99 Requirements
Hold a discussion among engagement team members to consider the
susceptibility of the client's financial statements to material misstate
ment due to fraud and to reinforce the importance of professional
skepticism.

Step 1. Gather information about the
entity and its environment that may be
relevant in identifying risks of material
misstatement of the financial state
ments due to fraud:
Discussion among engagement
team members.

Obtain other information needed to identify risks of material misstate
ment due to fraud.

Identify risks that may result in material misstatement of the financial
statements due to fraud.

Inquiries of management and
others.
Considering whether fraud risk
factors are present.
Preliminary analytical procedures.
Other procedures.
Step 2. Identify risks that could result
in material misstatement of the
financial statements due to fraud.

Assess the identified risks after taking into account an evaluation of the Step 3. Assess the identified risks:
entity's antifraud programs and internal controls.
Evaluate programs and controls.
Assess fraud risks.
Respond to the results of the risk assessment.

*

Step 4. Develop appropriate
responses to risks of material mis
statement of the financial statements
due to fraud:
Overall responses.
Specific responses.
Responses to further address the
risk of management override of
controls.

*

*

Detection of Illegal Acts
SAS No. 54 (AU 317), Illegal Acts by Clients, indicates that the auditor's responsibility for detecting misstatements
resulting from illegal acts having a direct and material effect on the determination of financial statement lineitem
amounts is the same as that for other errors and fraud. For indirecteffect illegal acts, the auditor, in conducting the
audit, remains aware of their possibility but does not design the audit specifically to detect them. As part of audit
planning, the auditor should make inquiries of management or the owner/manager concerning the client's com
pliance with laws and regulations. Where applicable, the auditor should also inquire about (a) the client's policies
related to the prevention of illegal acts and (b) the use of directives (for example, a code of ethics) and periodic
representations obtained from managementlevel employees concerning compliance with laws and regulations. If
an illegal act is detected during the audit, SAS No. 54 requires that it be communicated to those charged with
governance, unless clearly inconsequential. (Auditors should be familiar with any applicable state statutes regard
ing communication to outside parties and should consider consulting with legal counsel.) Also, a representation
from management regarding the absence of violations of laws or regulations is ordinarily included in the manage
ment representation letter.
123

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Compliance Auditing and Illegal Acts. Nonprofit organizations often receive financial assistance from govern
mental entities and, as a result, become subject to laws and regulations that may have a direct and material effect
on financial statement amounts. The Audit Guide, Paragraph 2.26, addresses the auditor's planning responsibilities
related to laws and regulations in a GAAS audit as follows:
Some laws and regulations...may have a direct and material effect on the determination of
financial statement amounts. The auditor's responsibility to detect misstatements resulting from
directeffect illegal acts is the same as for errors and fraud. Accordingly, management generally
should identify federal, state, and local laws and regulations that may have a direct and material
effect on the determination of financial statement amounts. The auditor should assess the
appropriateness of that identification and obtain an understanding of the possible effects of those
laws and regulations on the financial statements.
If an auditor performs an audit in accordance with Government Auditing Standards (a Yellow Book audit), he or she
accepts additional responsibilities beyond GAAS.
Other Considerations for Fraud, Illegal Acts, Noncompliance, and Abuse
GAAS Requirements Related to Compliance with Laws and Regulations. In the audit of a nonprofit organiza
tion, substantial attention is given to compliance with laws and regulations. SAS No. 74 (AU 801) provides guidance
on applying this GAAS requirement when the auditor is engaged to audit a nonprofit organization under GAAS and
is engaged to test and report on compliance with laws and regulations under Government Auditing Standards, or in
certain other circumstances involving governmental financial assistance, such as Single Audits.
Specifically, AU 801 provides guidance to the auditor on:
Applying the provisions of AU 317, Illegal Acts by Clients, relative to detecting misstatements resulting from
illegal acts related to laws and regulations that have a direct and material effect on financial statement
amounts in audits of nonprofit organizations and other recipients of governmental financial assistance.
Performing a financial audit in accordance with Government Auditing Standards.
Performing a Single Audit in accordance with federal audit requirements.
Communicating with management if the auditor becomes aware that the entity is subject to an audit
requirement that may not be encompassed in the terms of the engagement.
Although management is responsible for ensuring that the nonprofit organization complies with laws and regula
tions applicable to its activities, the auditor is responsible for considering laws and regulations and how they affect
the audit. The GAS/A133 AICPA Audit Guide, paragraph 2.44, states that the auditor should obtain an understand
ing of the possible effects on financial statements of laws and regulations that will have a direct and material effect
on the determination of amounts in the entity's financial statements. The auditor should also assess whether
management has identified all the laws and regulations that have a direct and material effect on the financial
statements." Thus, the auditor has to design the audit to provide reasonable assurance that the financial state
ments are free of material misstatements resulting from violations of laws and regulations that have a direct and
material effect on the determination of financial statement amounts. In addition, the auditor should document the
procedures performed to evaluate compliance with laws and regulations (including violations of provisions of
contracts and grant agreements) that have a direct and material effect on the determination of financial statement
amounts.
Government Auditing Standards Requirements. Government Auditing Standards establish additional require
ments related to (a) noncompliance with contracts and grant agreements; (b) abuse; (c) ongoing investigations or
legal proceedings; and (d) communication of fraud, illegal acts, noncompliance, and abuse. The audit programs in
this course include procedures that might be performed to address these requirements, which are discussed in the
following paragraphs.
124

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Government Auditing Standards require auditors to design their audits to provide reasonable assurance of detect
ing misstatements resulting from noncompliance with the provisions of contracts or grant agreements that could
have a direct and material effect on financial statement amounts or other financial data significant to the audit
objectives. The Yellow Book also establishes requirements related to noncompliance that might have material
indirect effects. The 2007 Yellow Book, Paragraph 4.11, states that if information comes to the auditor's attention
about possible violations of provisions of contracts or grant agreements that could have a material indirect effect,
the auditor should perform procedures specifically to determine whether such violations have occurred. If the
auditor concludes that a violation has occurred or is likely to have occurred, the auditor has to determine the effect
on the financial statements and the implications for other aspects of the audit.
Requirements Related to Abuse. Government Auditing Standards also establish requirements related to abuse. The
concept of abuse is different from that of fraud, illegal acts, or noncompliance. The Yellow Book indicates that
abuse involves behavior that is deficient or improper when compared with behavior that a prudent person would
consider reasonable and necessary business practice given the facts and circumstances. Abuse also includes
misuse of authority or position for personal financial interests or those of an immediate or close family member or
business associate." It may or may not involve fraud, illegal acts, or noncompliance with contracts or grant
agreements.
The determination of abuse is subjective. Thus, auditors are not required to provide reasonable assurance of
detecting abuse. Instead, Paragraph 4.13 of the Yellow Book states that if auditors become aware of abuse that
could be material (either quantitatively or qualitatively) to the financial statements, they should perform additional
procedures to determine its potential effect on the financial statements or other financial data significant to the audit
objectives. These additional procedures involve (a) evaluating whether the situation or transaction meets the
definition of abuse or whether it also involves fraud or illegal acts and (b) evaluating whether the situation or
transaction involves behavior that is deficient or improper when compared with behavior that a prudent person
would consider reasonable and necessary business practice given the facts and circumstances. Section 1112
discusses considerations for evaluating abuse.
Requirements Related to Ongoing Investigations or Legal Proceedings. The Yellow Book clearly states that it is
important for auditors to avoid interfering with ongoing investigations or legal proceedings. Paragraph 4.29 of the
2007 Yellow Book explains that when investigations or legal proceedings have been initiated or are in process, the
auditor should evaluate the impact on the audit. It may be necessary for the auditor to work with investigators or
legal authorities, to withdraw from the engagement, or to defer further work on the engagement, or a portion
thereof, to avoid interfering with the process.
Developing Elements of a Finding. If the auditor finds fraud, illegal acts, noncompliance, abuse, or internal control
deficiencies, the auditor is required to plan and perform additional procedures to develop the elements of the
findings that are relevant and necessary to achieve the audit objectives. The Yellow Book, explains that these
elements are criteria, condition, cause, and effect or potential effect.
Communication Requirements. The Yellow Book establishes specific requirements for auditors to communicate
fraud, illegal acts, noncompliance, and abuse, including requirements for reporting to outside parties in certain
situations.
Applicability of SAS No. 99 to a Single Audit
SAS No. 99 establishes standards for financial statement audits. Paragraph 6.25 of the GAS/A133 AICPA Audit
Guide notes that SAS No. 99 only applies to an audit of financial statements and not to a compliance audit.
However, that guide also requires that the auditor specifically assess the risk of material noncompliance with a
major program's compliance requirements due to fraud in a Single Audit. The auditor should consider that
assessment in designing the audit procedures to be performed. Although SAS No. 99 applies only to an audit
of financial statements, the auditor may want to consider its guidance when planning and performing an audit of an
entity's compliance with specified requirements applicable to its major programs. Therefore, it is recommended
that the auditor assess the risk of major program material noncompliance as part of the financial statement fraud
risk assessment process required by SAS No. 99. The results of such assessment may affect which audit proce
dures are performed. However, while SAS No. 99 fraud risk factors relating to major programs should be consid
ered, the formal fraud risk assessment process and documentation requirements are not applicable to the federal
125

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

award part of the audit. In many instances, however, it is believed that including the assessment of fraud risks
relating to major programs as part of the assessment of fraud risks in the financial statements will be effective and
efficient.
Fraud Consulting Services
If clients become aware that employees have committed fraud or suspect that fraud may be taking place, they may
attempt to engage the auditor to perform fraud investigation consulting services. Such an engagement can take
various forms. Before accepting such engagements for audit clients, auditors should assess the potential liability
associated with their services particularly if the alleged fraud, due to collusion or concealment, was not detected
during the firm's audit. To avoid any appearance of a conflict of interest, as required by Statement on Standards for
Consulting Services No. 1, the fraud investigation services should ordinarily be performed by someone other than
the personnel involved in the audit. If such an engagement is accepted, all communications and documentation
should be carefully considered to ensure that the firm's selfinterest is not abandoned. The firm needs to consider
whether it can be objective in the forensic investigation given the selfinterest created by its audit responsibilities.
The firm should also consider consulting legal counsel. In addition, the auditor's understanding with the client
regarding the performance of these nonattest services should be documented.

126

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
35. Which of the following is not noted by SAS No. 99 as a condition generally present when fraud occurs?
a. Pressure
b. Incompetence
c. Opportunity
d. Attitude
36. The text gives several examples of fraudulent misstatement of nonprofit financial statements. Which of the fol
lowing is not among them?
a. Overstating program accomplishments
b. Understating unrestricted net assets
c. Overstating restricted net assets
d. Understating unrelated business income
37. Which of the following statements is correct concerning the auditor and fraud detection?
a. SAS No. 99 does not require the auditor to assess fraud likelihood, only the possibility.
b. SAS No. 99 requires the auditor to obtain absolute assurance that financials are free of misstatements
related to fraud.
c. SAS No 99 does not require the auditor to obtain reasonable assurance concerning immaterial fraud
related misstatements.
38. Which of the following is not one of the authoritative resources mentioned in the text that provides guidance for
the auditor concerning detection of illegal acts?
a. SAS No. 54
b. The Audit Guide
c. SAS No. 74
d. SAS No. 99

127

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
35. Which of the following is not noted by SAS No. 99 as a condition generally present when fraud occurs? (Page
118)
a. Pressure [This answer is incorrect. Incentives and pressures are noted as generally present when fraud
occurs.]
b. Incompetence [This answer is correct. This is not to say that management has not placed a low value
on hiring and maintaining a competent staff, but this is not one of the elements specifically
mentioned by SAS No. 99.]
c. Opportunity [This answer is incorrect. Opportunity, such as management's ability to override controls, is
often present when fraud occurs.]
d. Attitude [This answer is incorrect. The ability to rationalize and justify fraudulent actions is generally present
when fraud occurs.]
36. The text gives several examples of fraudulent misstatement of nonprofit financial statements. Which of the fol
lowing is not among them? (Page 119)
a. Overstating program accomplishments [This answer is incorrect. This has implications for bonuses and
inducements for future funding.]
b. Understating unrestricted net assets [This answer is incorrect. This can avoid potentially negative
fundraising implications.]
c. Overstating restricted net assets [This answer is correct. The examples given are overstating
program accomplishments, understating unrelated business income, and understating unre
stricted net assets.]
d. Understating unrelated business income. [This answer is incorrect. This may be related to income tax
evasion on nonprofit income that is deemed taxable.]
37. Which of the following statements is correct concerning the auditor and fraud detection? (Page 121)
a. SAS No. 99 does not require the auditor to assess fraud likelihood, only the possibility. [This answer is
incorrect. SAS No. 99 requires the auditor to assess the likelihood of fraud and the pervasiveness of the
risk.]
b. SAS No. 99 requires the auditor to obtain absolute assurance that financials are free of misstatements
related to fraud. [This answer is incorrect. SAS No. 99 acknowledges that such assurances are not
possible.]
c. SAS No 99 does not require the auditor to obtain reasonable assurance concerning immaterial
fraudrelated misstatements [This answer is correct. The auditor is not required to obtain
reasonable assurance concerning immaterial misstatements caused by fraud or error.]

128

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

38. Which of the following is not one of the authoritative resources mentioned in the text that provides guidance for
the auditor concerning detection of illegal acts? (Page 123)
a. SAS No. 54 [This answer is incorrect. SAS No. 54 specifically addresses the auditor's responsibility where
illegal acts are concerned.]
b. The Audit Guide [This answer is incorrect. The Audit Guide indicates a shared responsibility between
management and the auditor for the identification of laws and the understanding of their effects on the
financial statements.]
c. SAS No. 74 [This answer is incorrect. SAS No. 74 provides guidance on application of provisions of other
standards related to illegal acts and the auditor's responsibility.]
d. SAS No. 99 [This answer is correct. SAS No. 99 specifically addresses fraudrelated misstatement
risks.]

129

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SUBSTANTIVE PROCEDURES AND TIMING
As part of audit planning, an auditor considers whether to apply any substantive procedures or tests of controls
before the statement of financial position date. In an initial engagement for the audit of a nonprofit organization, it
is not unusual for the auditor to be engaged on or after the fiscal year end. This eliminates the opportunity to even
consider spreading work during the year by interim testing. In a continuing engagement, there are opportunities to
spread work over the fiscal period. This may be desirable if the auditor has several nonprofit clients with identical
fiscal year ends. Because of the characteristics of nonprofit organizations that affect internal control, it is seldom
appropriate or desirable to perform substantive procedures for asset, liability, or net asset account balances prior
to the statement of financial position date, but transaction testing can be done at an interim date.
Tests of Transactions
Testing expenditure transactions for coding and classification may be performed in the audit of a nonprofit
organization. In testing transactions, the auditor should normally select transactions from the entire period under
audit. If the auditor can obtain reasonably accurate estimates of the number and total dollar amount of the
transactions for the fiscal period under audit, a portion of this work can be done at any convenient interim date. The
remainder of the testing would then be completed as part of yearend procedures.
Fiscal Year Cutoffs
The nonprofit organization may be subject to the requirements of differing regulatory bodies and funding sources
that have differing fiscal years. Financial reports may be required for a fiscal year, calendar year, or program year
different than the fiscal year of the nonprofit organization used for preparing annual financial statements. In that
case, the auditor will have to plan cutoff tests for each of the periods involved. Also,nonprofit organizations are
more likely to change fiscal years than commercial businesses. The auditor should consult with the nonprofit
organization if such a change in yearend occurs, as it may alter the timing of the audit and require additional
procedures to ensure that there is a proper cutoff for the new fiscal period. Auditing and accounting literature does
not specifically address changes in fiscal years. However, TIS 1800.03 notes that it is usually necessary to disclose
the change in fiscal year in the organization's financial statements.
Public Fundraising Events
When a nonprofit organization's major source of revenue is public fundraising events such as membership drives
or special events, the auditor may need to be present during the events to adequately test revenue. In some cases,
the auditor cannot obtain sufficient competent evidential matter for recorded revenue unless the organization has
effective controls. In those cases, the auditor usually must test controls during the operation of those controls at the
fundraising events. Thus, the auditor needs to obtain a schedule of events and arrange to be present at those
interim dates to apply the appropriate audit procedures.
Organizations Dependent on Cash Contributions
Some nonprofit organizations (such as churches) regularly collect significant cash contributions. Those nonprofit
organizations must have adequate controls in place to determine that all cash contributions are properly recorded.
The auditor may need to perform tests of those controls in order to test the completeness of cash contributions
adequately. Such tests may include observation of the organization's controls in operation. The observations may
need to be scheduled at various times throughout the year for the auditor to perform the appropriate audit
procedures.

GENERAL PLANNING PROCEDURES AND FORMS
Most CPA firms develop an overall administrative audit program, commonly referred to as the general program, to
document the technical and administrative matters needed to plan and complete an engagement. The important
consideration is the auditor's knowledge and understanding of these matters rather than the extent of the docu
mentation. However, auditors are required to document the (a) understanding of the entity, its environment and its
internal control, including the sources of the information from which the understanding was obtained and the risk
130

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

assessment procedures that were performed, and (b) assessment of the risks of material misstatement both at the
financial statement level and the relevant assertion level and the basis for the assessment. In addition, SAS No. 99
requires auditors to document the specific risks of material misstatement due to fraud that are identified and, if
auditors do not identify improper revenue recognition as a fraud risk, the reasons supporting that conclusion.

THE AUDIT TIME BUDGET
Authoritative literature does not require the preparation of a time estimate or the documentation of the actual time
spent in performing an audit. However, common sense suggests that an auditor is more likely to be efficient and
effective working under a time budget. Also, as a minimum, an auditor should have some estimate of audit time to
arrive at a fee estimate. Keeping track of the time spent as the audit progresses is important for billing the client and
for assessing whether adjustments are necessary to stay within the budget for the engagement.
Methods used in practice to budget and control time range from elaborate systems that budget time by each
program step to a single total time estimate for the entire audit. Neither extreme is likely to be effective. A system
that accounts for time by each major audit program area is recommended, i.e., total time for cash, total time for
contributions, etc. Other major engagement processes outside of audit program areas should also be considered
such as planning activities, review and supervision, and drafting financial statements and other reports. This
provides enough detail to highlight major areas of time commitment, monitor workinprogress, and arrive at a
reasonable fee estimate. Using this budget technique, the auditor is not required to post time to audit programs;
instead, time is posted to a summary schedule by major program area that is normally filed with the general or
administrative workpapers.
It should be emphasized that the final audit time estimate should be completed after the planning stage, i.e., after
the audit programs are developed and the auditor has a general feel for the extent of testing. This may not coincide
with the date that the auditor must present a fee estimate to a client, especially to a prospective client. However,
auditors should avoid the temptation to develop the audit time estimate based solely on the fee estimate, especially
if it is an extremely competitive fee estimate that is not representative of standard billing rates times realistic total
audit hours.
Managing Client Assistance to Improve Efficiency
Clients can have a significant effect on how efficiently an audit is completed. It is not unusual for the explanation of
audit budget overages to be the client did not prepare requested schedules" or requested schedules were
prepared incorrectly by the client." In some cases, audit inefficiencies result from the client not being available to
answer the auditor's questions or to retrieve needed information once fieldwork has begun. While it is often the
case that some audit budget overages caused by the client are beyond the auditor's control, in many cases the
auditor can improve the efficiency of the audit by effectively managing client assistance.
Schedules Prepared by the Client. In order to save audit fees, most clients are willing to prepare needed
schedules for the auditor. In fact, to be efficient, the auditor should try to get the client to prepare as many of the
necessary schedules as possible. However, many inefficiencies can result from the process of obtaining schedules
from the client. For example, schedules may not be prepared by the time the auditor needs them so that the auditor
ends up spending time preparing the schedules and exceeding the budget for the area. Or in other cases, the
schedules are prepared on a timely basis, but incorrectly; so the auditor spends additional time revising the
schedules to make them useable. The following paragraphs discuss steps the auditor can take to minimize the
inefficiencies often experienced when requesting schedules from the client.
List Everything Needed. When preparing a list of schedules to be prepared by the client (the PBC list"), the auditor
should make sure that the list is complete. Inefficiencies result from asking for more information after fieldwork has
begun because the auditor often must wait for the client to prepare the schedule. If a complete PBC list is provided
to the client before fieldwork begins, the client is more likely to have the schedules completed before the audit
starts. As a result, client personnel should have more time to answer the auditor's questions if they are not busy
trying to complete additional schedules. To make sure the PBC list is complete, the auditor should review it carefully
(and avoid just changing the dates on the prior year's PBC list) before sending it to the client. The interim general
ledger or trial balance requested during the planning process can be used to identify new accounts for which
schedules may be needed.
131

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Make Sure the Client Understands What Information Is Being Requested. When making requests for information
from the client, the auditor should be specific about what is needed. For example, the auditor should avoid making
requests such as provide an analysis of activity in the deferred revenue account." The client should be given an
example of the format in which the information should be provided. If requesting a spreadsheet or another type of
schedule, efficiencies may be gained by providing the client with an electronic template. As a result, the auditor will
receive the information in the requested format. The client can slot in the requested information and the auditor can
save time testing the mechanical accuracy of the schedule by reviewing the spreadsheet formulas. In any case, the
auditor should go over the PBC list in detail with the client to ensure that the client understands what information is
being requested.
Do Not Ask for Unneeded Information. The auditor should not be spending much (if any) time on insignificant
accounts. Therefore, the auditor should review the PBC list to make sure the client is not being asked to prepare
schedules for insignificant accounts or those that can be tested analytically. By eliminating the unnecessary
schedules, the client will have more time to focus on the schedules for the important areas.
Prioritize Requests for Information. One way to improve audit efficiency is for the auditor to work on the riskier, more
complex areas first. As a result, if the auditor identifies problems in the complex areas, the client has more time to
correct or research the problems. Efficiency can be improved because the auditor can work on other areas while
the client is correcting or researching the problems in the complex areas. To facilitate this approach, the auditor
should request that the client prepare the schedules for the more complicated areas first.
Stagger Due Dates for Requested Information. Ideally, the client should have all requested schedules prepared
when fieldwork begins. However, because there may be a tight deadline between year end and the due date of the
auditor's report, it may not be feasible for the client to have all information prepared before the beginning of
fieldwork. If this is the case, the auditor should be realistic when setting the due dates for requested information and
not ask for everything to be prepared at once. Information for the critical areas should be requested first.
Provide Adequate Notice. Although this seems obvious, many auditors are inefficient because they do not provide
the client with enough time to prepare for the audit before fieldwork begins. Early preparation of the PBC list is an
important step in the planning process and should not be a difficult task because the auditor generally spends time
in up front planning before fieldwork begins. The auditor should ask the client how much lead time is needed to
adequately prepare for the audit.
Work with the Client. In many cases, the auditor can use the client's existing internal reports to achieve the same
objectives as by using a schedule prepared solely for the audit. The auditor should work with the client to identify
reports or schedules already being prepared by client personnel before adding additional schedules to the client's
workload. However, if the auditor will spend time reworking the data to be in a useable format, the auditor should
attempt to get the client to do this task.
Return Incorrect Schedules to the Client. If the client provides the auditor with schedules that are prepared
incorrectly, the auditor should return them to the client for corrections. Staff auditors can spend many hours trying
to correct the schedules when the client may be able to obtain the correct information much more efficiently. If the
client does not have the time to revise the schedules, the auditor should discuss the resulting additional audit fees
with the client before the auditor incurs the additional time to correct the schedules.
Keep in Touch with the Client. Before the beginning of fieldwork, it is important for the auditor to keep in contact with
the client to determine whether the client will have the necessary schedules prepared before fieldwork begins. In
order to be effective, this communication requires more than a phone call the day before fieldwork begins to see if
the client is ready. Such communication should be made well enough in advance so that the auditor can resched
ule fieldwork if necessary. Many auditors use email to keep in contact with the client prior to fieldwork to check the
status of schedule preparation and to answer questions the client may have. If the client is preparing spreadsheets
for the auditor, email can be used to transfer the file to the auditor if the client has questions about how the schedule
should be prepared.

132

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
39. Which of the following is correct concerning the auditor's performance of substantive procedures?
a. Both substantive procedures and transaction testing should be begun prior to the statement of financial
position date for an audit of a nonprofit.
b. Testing of expenditure transactions can begin at an interim date that is convenient for the client entity.
c. A common fiscalyear cutoff can be established in situations where the nonprofit's funding sources have
different fiscal yearends.
d. Auditing literature specifically addresses changes in fiscal years for a nonprofit client entity.
40. Authoritative literature requires preparation of an estimate of the time necessary to perform an audit.
a. True
b. False

133

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
39. Which of the following is correct concerning the auditor's performance of substantive procedures? (Page 130)
a. Both substantive procedures and transaction testing should be begun prior to the statement of financial
position date for an audit of a nonprofit. [This answer is incorrect. Transaction testing is okay, but
performance of substantive procedures before the financial position date may not be appropriate.]
b. Testing of expenditure transactions can begin at an interim date that is convenient for the client
entity. [This answer is correct. Testing would be completed as part of yearend procedures.]
c. A common fiscalyear cutoff can be established in situations where the nonprofit's funding sources have
different fiscal yearends. [This answer is incorrect. The auditor will have to plan cutoff tests for each of the
fiscal periods involved.]
d. Auditing literature specifically addresses changes in fiscal years for a nonprofit client entity. [This answer
is incorrect. Accounting and auditing literature do not specifically address such changes.]
40. Authoritative literature requires preparation of an estimate of the time necessary to perform an audit. (Page 131)
a. True [This answer is not correct. A time budget is advisable, however.]
b. False [This answer is correct. Neither a time estimate nor documentation of actual time spent is
required.]

134

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT
Lesson 2 (NPOTG091)
Determine the best answer for each question below. Then mark your answer choice on the Examination for CPE
Credit Answer Sheet located in the back of this workbook.
17. In assessing risk to develop an overall audit strategy, auditors typically obtain an understanding of which of
these items first?
a. Risk assessment
b. Control environment
c. Monitoring
d. Control activities
18. Which of the following IT environments has the highest degree of internal control risk?
a. IT processing confined to a mainframe computer.
b. Central server hosting various clients with processing occurring both centrally and remotely.
c. Do not select this answer choice.
d. Do not select this answer choice.
19. Which of the following items is an important element of the control environment?
a. Vendor attitude
b. Customer goodwill
c. Financial partner structure
d. Organizational structure
20. A hierarchy of authority and responsibility, with appropriate communications and reporting lines, best exhibits
which control environment element?
a. Authority and responsibility
b. Human resource procedures
c. Management's operating style
d. Organizational structure
21. Which of the following items is included in SAS No. 109 risk assessment?
a. Inherent Risk
b. Objectives Risk
c. Control Risk
d. Detection Risk
135

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

22. The quality of risk assessment corresponds to the size of the organization.
a. True
b. False
c. Do not select this answer choice.
d. Do not select this answer choice.
23. Which of the following statements is correct concerning the communication aspect of Information and
Communication?
a. Oneway memos are not considered.
b. Upstream communication alternatives are a bad idea because they violate hierachy.
c. Communication is an internal process, independent of the size of the entity.
d. Upstream communication relies on management openness.
24. Which of the following statements is correct concerning monitoring?
a. The auditor's focus is on management failures to correct deficiencies.
b. Monitoring involves a prescribed set of activities, adjusted for entity size.
c. Monitoring controls can be weakened by nonprofit board turnover.
d. Monitoring is static process, occurring at set points in time.
25. SAS No. 65 relates to auditor inquiries concerning the internal audit function.
a. True
b. False
c. Do not select this answer choice.
d. Do not select this answer choice.
26. Helen is auditing a nonprofit organization. She is selecting significant transaction classes. She should be
focusing on those presenting a ___________________ possibility of material misstatement of financial
statements or disclosures.
a. Low
b. Medium
c. Medium
d. High
27. Control activities usually involve how many elements?
a. 2
b. 3
c. 4
d. 5
136

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

28. Where do control activities rank in terms of components of internal control for which the auditor should obtain
an understanding?
a. Second
b. Third
c. Fourth
d. Fifth
29. Which of the following statements is correct concerning planning materiality?
a. SAS No. 99 suggests factors to consider when selecting a materiality benchmark.
b. In practice, rules of thumb are used to establish planning materiality.
c. Using a single benchmark is impractical in planning.
d. A range is useful when making decisions about the scope of a test.
30. Which of the following is not one of the benchmarks mentioned in the text as being provided by the Audit Guide?
a. Total net assets
b. Total liabilities
c. Total revenues
d. Total expenses
31. According to the text, the implications of SAS No. 107 concerning tolerable misstatement are such that it equals
planning materiality minus the auditor's estimate of total known and likely misstatement.
a. True
b. False
c. Do not select this answer choice.
d. Do not select this answer choice.
32. Under OMB Circular A133, materiality of compliance findings should normally be considered in relation to
quantitative factors alone.
a. True
b. False
c. Do not select this answer choice.
d. Do not select this answer choice.
33. According to the text, what is the correct auditor response where management's attitude toward hiring
competent personnel is considered an overall risk?
a. Shift substantive procedures to year end.
137

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

b. Examine journal entries.
c. Increase the extent of inquiries related to fraud risk.
d. Increase unpredictability in audit procedures.
34. One of the key outcomes of identifying overall risk and developing an overall strategy is:
a. the determination of personnel resources necessary to complete the audit.
b. the determination of material resources necessary to complete the audit.
c. the determination of capital outlay necessary to complete the audit.
d. the determination of computer mainframe time necessary to complete the audit.
35. OMB Circular A133 requires a riskbased approach to determining major programs, describing a process with
how many steps?
a. 2
b. 3
c. 4
d. 5
36. Which is not one of the methods noted in the text to fraudulently misstate financial statements?
a. Intentional misapplication of GAAP
b. Intentional omission
c. Sham transactions
d. Recording error
37. Which of the following is correct concerning the auditor and fraud risk?
a. SAS No. 99 requires a separate, specific conclusion on the level of risk.
b. Substantive analytical procedures are sufficient to satisfy SAS No. 99 requirements.
c. SAS No. 99 adds a fourth element to the audit risk model.
d. SAS No. 99 requires documentation of fraudrelated material misstatement risk.
38. Which of the following is not one of the elements defined in the Yellow Book for further testing if the auditor finds
evidence of illegal acts?
a. Opportunity
b. Criteria
c. Cause
d. Effect
138

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

39. Most CPA firms develop an overall administrative audit program.
a. True
b. False
c. Do not select this answer choice.
d. Do not select this answer choice.
40. The acronym PBC" stands for prepared by client."
a. True
b. False
c. Do not select this answer choice.
d. Do not select this answer choice.

139

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

GLOSSARY
Audit Guide: AICPA Audit Guide, Government Auditing Standards and Circular A133 Audits, provides guidance on
performing Yellow Book audits and Single Audits.
Control Activities: Control activities are the policies and procedures that help ensure that management directives
are carried out.
Control Environment: The control environment is the foundation for all other components of internal control and
provides structure and discipline.
Information and Communication: Information refers to the financial reporting system; communication is the
process of providing an understanding of roles and responsibilities to individuals within the organization regarding
internal control over financial reporting.
Monitoring: Monitoring is a process by which an entity assess the quality of its internal control over time.
PBC: This is an acronym referring to schedules prepared by client" at the auditors request.
Risk Assessment Process: The risk assessment process involves performing procedures, obtaining an
understanding of various matters about the entity and its environment, and making decisions and judgments about
assessed risks and other matters based on the understanding.
SAS No. 54: Illegal Acts by Clients.
SAS No. 56: Analytical Procedures.
SAS No. 65: The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements.
SAS No. 99: Consideration of Fraud in a Financial Statement Audit.
SAS No. 103: Audit Documentation.
SAS No. 107: Audit Risk and Materiality in Conducting an Audit.
SAS No. 108: Planning and Supervision
SAS No. 109: Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement.
SAS No. 110: Performing Audit Procedures in Response to Audit Risks and Evaluating the Audit Evidence Obtained.
Yellow Book: Government Auditing Standards, issued by the Comptroller General of the United States, establishes
planning and other field work standards.
Yellow Book Audit: An audit performed in accordance with Government Auditing Standards.

140

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

INDEX
A

I

ADMINISTRATION OF THE AUDIT
Controlling time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

ILLEGAL ACTS
Other considerations for fraud, illegal acts,
noncompliance, and abuse
GAAS requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Government auditing standards requirements . . . . . . . . . 124

ANALYTICAL PROCEDURES
Preliminary analytical procedures
Common ratios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
AUDIT PLANNING
Fraud, responsibility for . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
General planning considerations . . . . . . . . . . . . . . . . . . . . . . . .
Single Audit materiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Time estimate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Timing of substantive tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

INTERIM TESTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

M

118
130
107
131
130

MATERIALITY
Determining planning materiality . . . . . . . . . . . . . . . . . . . . . . . .
Benchmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Desirability of a single benchmark . . . . . . . . . . . . . . . . . . . .
Quantifying planning materiality . . . . . . . . . . . . . . . . . . . . . .
Selecting a percentage . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Relating materiality to accounts . . . . . . . . . . . . . . . . . . . . . . . . .
Single Audit materiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

AUDIT PROCEDURES
Basic substantive audit procedures
General program procedures . . . . . . . . . . . . . . . . . . . . . . . . 130
AUDIT STRATEGY
Timing of the audit strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

P

AUDIT TIME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

PLANNING DECISIONS AND JUDGMENTS See also AUDIT
PLANNING
Assessing risks of material misstatement at the financial
statement level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107, 110
Materiality for particular items of lesser amounts . . . . . . . . . . 103
Timing of the audit strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Tolerable misstatements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Trivial Misstatements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

C
CHANGES IN AUDIT REQUIREMENTS
Planning decisions and judgments . . . . . . . . . . . . . . . . . . . . . . 100
CLIENT ASSISTANCE
Schedules prepared by the client . . . . . . . . . . . . . . . . . . . . . . .
Do not ask for unneeded information . . . . . . . . . . . . . . . . .
Keep in touch with the client . . . . . . . . . . . . . . . . . . . . . . . . .
List everything needed . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Make sure the client understands what information
is being requested . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Prioritize requests for information . . . . . . . . . . . . . . . . . . . .
Provide adequate notice . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Return incorrect schedules to the client . . . . . . . . . . . . . . .
Stagger due dates for requested information . . . . . . . . . .
Work with the client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

100
101
101
100
102
106
106
107

131
132
132
131

R
RISK
Risk of material misstatement due to fraud . . . . . . . . . . . . . . . 118

132
132
132
132
132
132

RISK ASSESSMENT PROCEDURES
Observation and inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Preliminary analytical procedures . . . . . . . . . . . . . . . . . . . . . . . . 21
Sequence of audit planning from the risk assessment
perspective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
The distinction among procedures, understanding, and
decisions and judgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Types of risk assessment procedures . . . . . . . . . . . . . . . . . . . . . 11

D
DOCUMENTATION
Planning decisions and judgments . . . . . . . . . . . . . . . . . 107, 110
Preparing the detailed audit plan . . . . . . . . . . . . . . . . . . . . . . . . . 40
Understanding the entity and its environment . . . . . . . . . . . . . . 40

S

E

SINGLE AUDIT
Materiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

EVALUATION OF AUDIT RESULTS
Materiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

STATEMENTS ON AUDITING STANDARDS SAS
SAS No. 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
SAS No. 31 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
SAS No. 47 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106, 120
SAS No. 99 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118, 130

F
FRAUD
Auditor's responsibility for fraud detection . . . . . . . . . . . . . . . . 120
Immaterial misstatements . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Fraud risk assessment
Fraud risk factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Inquiries of management and others . . . . . . . . . . . . . . . . . . 16
Required procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Types of misstatements caused by fraud . . . . . . . . . . . . . . . . . 118
Fraudulent financial reporting . . . . . . . . . . . . . . . . . . . . . . . . 119
Misappropriation of assets . . . . . . . . . . . . . . . . . . . . . . . . . . 120

T
TOLERABLE MISSTATEMENT
Relating to accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

U
UNDERSTANDING ABOUT THE ENTITY AND ITS
ENVIRONMENT
Components of the understanding . . . . . . . . . . . . . . . . . . . . . . .
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Fraud risk factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Industry, regulatory, and other external factors . . . . . . . . . . . . .
Measurement and review of the entity's financial
performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

G
GAO GOVERNMENT AUDITING STANDARDS
Requirements for fraud, illegal acts, noncompliance,
and abuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

141

40
40
48
41
45

Companion to PPC's Guide to Audits of Nonprofit Organizations
Nature of the entity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Objectives, strategies, and related business risks . . . . . . . . . . 44
Selection and application of accounting policies . . . . . . . . . . . 46
UNDERSTANDING OF THE CLIENT
Determining planning materiality
Desirability of benchmark . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Quantifying planning materiality . . . . . . . . . . . . . . . . . . . . . . 100
Recommended benchmark . . . . . . . . . . . . . . . . . . . . . . . . . 101

142

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

COMPANION TO PPC'S GUIDE TO AUDITS OF NONPROFIT ORGANIZATIONS

COURSE 2
SUBSTANTIVE PROCEDURES AND SAMPLING (NPOTG092)
OVERVIEW
COURSE DESCRIPTION:

This interactive selfstudy course covers the basics of performing substantive
procedures and audit sampling procedures in an audit of a nonprofit organization.
Lesson 1 discusses various aspects of substantive procedures, such as when they
are required, designing them, performing them at an interim date, and fraud risks.
Lesson 2 goes into more detail on audit sampling, including basic requirements and
using sampling for substantive procedures, tests of details, and tests of controls.

PUBLICATION/REVISION
DATE:

February 2009

RECOMMENDED FOR:

Users of PPC's Guide to Audits of Nonprofit Organizations

PREREQUISITE/ADVANCE
PREPARATION:

Basic knowledge of auditing.

CPE CREDIT:

8 QAS Hours, 8 Registry Hours
Check with the state board of accountancy in the state in which you are licensed to
determine if they participate in the QAS program and allow QAS CPE credit hours.
This course is based on one CPE credit for each 50 minutes of study time in
accordance with standards issued by NASBA. Note that some states require
100minute contact hours for self study. You may also visit the NASBA website at
www.nasba.org for a listing of states that accept QAS hours.

FIELD OF STUDY:

Auditing

EXPIRATION DATE:

Postmark by March 31, 2010

KNOWLEDGE LEVEL:

Basic

Learning Objectives:
Lesson 1 Substantive Procedures
Completion of this lesson will enable you to:
Identify the substantive procedures required for every audit and determine when additional substantive
procedures might be necessary.
Design substantive analytical procedures including specialized considerations for nonprofit organizations.
Assess other issues related to substantive procedures, such as responding to fraud risks.
Describe interim audit procedures and related issues.
Lesson 2 Audit Sampling in a Nonprofit Organization Audit Engagement
Completion of this lesson will enable you to:
Describe the authoritative literature and general considerations related to sampling in an audit engagement.
Plan the extent of substantive procedures needed for an audit.
Summarize the requirements of substantive samples.
Describe sampling for substantive tests of details.
Assess tests of controls that use audit sampling, and assess tests of compliance with laws and regulations.

143

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

TO COMPLETE THIS LEARNING PROCESS:
Send your completed Examination for CPE Credit Answer Sheet, Course Evaluation, and payment to:
Thomson Reuters
Tax & Accounting R&G
NPOTG092 Selfstudy CPE
P.O. Box 966
Fort Worth, TX 76101
See the test instructions included with the course materials for more information.
ADMINISTRATIVE POLICIES:
For information regarding refunds and complaint resolutions, dial (800) 3238724 for Customer Service and your
questions or concerns will be promptly addressed.

144

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Lesson 1:SUBSTANTIVE PROCEDURES
INTRODUCTION
Further audit procedures performed for the purpose of detecting material misstatements at the relevant assertion
level are referred to as substantive procedures. For each relevant assertion within an account balance, class of
transactions, or disclosure, the auditor needs to determine the nature, timing, and extent of substantive procedures
necessary to obtain sufficient, appropriate audit evidence to express an opinion on the financial statements.
Substantive procedures consist of tests of details and substantive analytical procedures. Tests of details and
substantive analytical procedures are discussed in this course.
Learning Objectives:
Completion of this lesson will enable you to:
Identify the substantive procedures required for every audit and determine when additional substantive
procedures might be necessary.
Design substantive analytical procedures including specialized considerations for nonprofit organizations.
Assess other issues related to substantive procedures, such as responding to fraud risks.
Describe interim audit procedures and related issues.
Authoritative Literature
The authoritative pronouncements establishing requirements that most directly affect designing substantive proce
dures are as follows:
a. SAS No. 56 (AU 329), Analytical Procedures, explains the use of analytical procedures as substantive tests
to obtain sufficient appropriate audit evidence.
b. SAS No. 99 (AU 316), Consideration of Fraud in a Financial Statement Audit, requires the auditor to identify
and assess risks of material misstatement due to fraud, and to design the audit to provide reasonable
assurance of detecting fraud that results in the financial statements being materially misstated.
c. SAS No. 103 (AU 339), Audit Documentation, requires the auditor to document the work performed, the
audit evidence obtained and its source, and the conclusions reached. In addition, it establishes other
documentation requirements that need to be considered when designing audit programs and substantive
procedures.
d. SAS No. 106 (AU 326), Audit Evidence, describes audit procedures used to obtain audit evidence.
e. SAS No. 110 (AU 318), Performing Audit Procedures in Response to Assessed Risks and Evaluating the
Audit Evidence Obtained, addresses audit procedures that are responsive to risks at the relevant assertion
level.

SUBSTANTIVE PROCEDURES THAT ARE REQUIRED FOR EVERY AUDIT
Because of the judgmental nature of the auditor's risk assessments and the inherent limitations of internal control,
particularly the risk of management override, the auditing standards prescribe certain substantive procedures that
should be performed in every audit. The additional substantive procedures that are needed in particular circum
stances depend on the auditor's judgment about the sufficiency and appropriateness of audit evidence in the
circumstances.
Material Account Balance, Transaction Class, or Disclosure
Risk assessment procedures and tests of controls contribute to the formation of the auditor's opinion, but do not by
themselves provide sufficient, appropriate audit evidence. According to SAS No. 110 (AU 318.51), regardless of
the assessed risk of material misstatement, the auditor should design and perform substantive procedures for all
145

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

relevant assertions related to each material class of transactions, account balance, and disclosure." The reasons
for this requirement are as follows:
The auditor's assessment of risk is judgmental and might not be sufficiently precise to identify all risks of
material misstatement.
There are inherent limitations to internal control, including management override, and even effective
internal controls generally reduce but do not eliminate, the risk of material misstatement.
In other words, even if the auditor concludes that the risk of material misstatement is low for a particular assertion
related to a material account balance, transaction class, or disclosure based on performing risk assessment
procedures and tests of controls, some substantive procedures are still required.
Financial Statement Reporting System. SAS No. 110 (AU 318.52) requires that the auditor perform the following
substantive procedures in every audit:
Agree the financial statements, including the accompanying notes, to the underlying accounting records.
Examine material journal entries and other adjustments made during the course of preparing the financial
statements.
Those requirements are related to the financial reporting process.
SAS No. 99 also requires certain substantive procedures in all audits to address the risk of management override
of controls. These required procedures are as follows:
Examining journal entries and other adjustments for evidence of possible material misstatement due to
fraud (AU 316.58.62).
Reviewing accounting estimates for biases that could result in material misstatement due to fraud (AU
316.63.65).
Evaluating the business rationale for significant unusual transactions (AU 316.66).
Both SAS No. 110 and No. 99 require examining journal entries and other adjustments, but the requirement of SAS
No. 99 is focused on identifying fraudulent journal entries. As discussed in paragraph 6.69 of the AICPA Audit
Guide, Assessing and Responding to Audit Risk in a Financial Statement Audit (Audit Risk Audit Guide), the nature,
timing, and extent of procedures required by SAS No. 99 are different from those required by SAS No. 110. SAS No.
110 focuses on journal entries made during the course of preparing the financial statements and SAS No. 99
requires the auditor to consider reviewing journal entries made throughout the year. This distinction is also
emphasized in a nonauthoritative AICPA Technical Practice Aid, Examining Journal Entries (TIS 8200.16). Auditors
should ensure that their audit procedures satisfy both requirements.
Significant Risks. Significant risks are risks that require special audit attention. When the audit approach to
significant risks consists only of substantive procedures (that is, the auditor does not plan to rely on controls), the
substantive procedures should be tests of details only or a combination of tests of details and substantive analytical
procedures. The use of only substantive analytical procedures is not permitted. (AU 318.54)
Other Required Audit Procedures. There are also other SASs that impose presumptively mandatory require
ments for substantive procedures for particular account balances (for example, confirmation of accounts receivable
and other specific requirements to perform procedures, typically called general procedures, that do not relate to
particular account balances, such as sending a letter of audit inquiry to the client's lawyer and reading minutes of
meetings of the governing board.)

146

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

WHEN TO CHOOSE SUBSTANTIVE PROCEDURES
Considering the Sufficiency and Appropriateness of Audit Evidence
The additional substantive procedures that are needed in particular circumstances depend on the auditor's
judgment about the sufficiency and appropriateness of audit evidence in the circumstances. Therefore, the auditor
should consider the sufficiency and appropriateness of audit evidence to be obtained when assessing risks and
designing further audit procedures. SAS No. 106 (AU 326.06) describes these characteristics of audit evidence as
follows:
Sufficiency is the measure of the quantity of audit evidence.
Appropriateness is the measure of the quality of audit evidence, that is, its relevance and its reliability in
providing support for, or detecting misstatements in, the classes of transactions, account balances, and
disclosures and related assertions.
The quantity and quality of audit evidence needed are interrelated and are dependent on the risk of material
misstatement.
The auditor performs risk assessment procedures to obtain an understanding of the entity and its environment,
including its internal control, to assess the risks of material misstatement. This assessment includes consideration
of the effectiveness of management's responses and controls to address risks. The auditor evaluates the quality
and quantity of the evidence obtained from the risk assessment procedures and, if applicable, tests of controls to
determine the further audit procedures necessary to obtain sufficient, appropriate evidence to afford a reasonable
basis for an opinion of the financial statements under audit.
An important quality of audit evidence is its reliability, which is affected by both the nature and source of the
evidence. SAS No. 106 (AU 326.08) provides the following generalizations about the reliability of audit evidence:
a. Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the
entity.
b. Audit evidence that is generated internally is more reliable when the related controls imposed by the entity
are effective.
c. Audit evidence obtained directly by the auditor (for example, observation of the application of a control)
is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the
application of a control).
d. Audit evidence is more reliable when it exists in documentary form, whether paper, electronic, or other
medium. For example, a contemporaneously written record of a meeting is more reliable than a subsequent
oral representation of the matters discussed.
e. Audit evidence provided by original documents is more reliable than audit evidence provided by
photocopies or faxes.
Authoritative literature views audit evidence as being obtained from a variety of sources, including the auditor's
assessment of risk. SAS No. 106 (AU 326.02) defines audit evidence as all the information used by the auditor in
arriving at the conclusions on which the audit opinion is based and includes the information contained in the
accounting records underlying the financial statements and other information." Audit evidence includes evidence
obtained from procedures performed during the current audit as well as previous audits. Use of audit evidence from
previous audits is discussed later in this course, but one common form of such evidence is experience gained in
previous audits with respect to potential misstatements. Misstatements detected in previous audits are an impor
tant indicator of likely misstatements in the current audit. Generally, however, previous misstatements are a more
reliable indicator of error than fraud.
SAS No. 106, on audit evidence, notes that audit evidence includes the information contained in the accounting
records underlying the financial statements and other information. SAS No. 109 (AU 314.90) observes that control
activities relevant to the audit include reconciliation of the general ledger to the detailed records" and state that
147

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

the auditor should obtain an understanding of the process of reconciling detail to the general ledger for significant
accounts." Further agreeing the financial statements to the underlying accounting records is now a required
procedure in every audit. Thus, without adequate attention to the propriety and accuracy of underlying accounting
data, an opinion on the financial statements is not warranted.
Nature, Timing, and Extent of Substantive Procedures
As the residual risk of material misstatement increases, the quantity and quality of necessary audit evidence from
substantive procedures should increase. SAS No. 110 (AU 318.12) states that the higher the auditor's assessment
of risk, the more reliable and relevant is the audit evidence sought by the auditor from substantive procedures. This
may affect both the types of audit procedures to be performed and their combination."
Generally, the auditor will have decided whether audit procedures will be performed at an interim date or at period
end as part of establishing the overall audit strategy. Therefore, in designing further audit procedures, the focus will
be on the nature and extent of substantive procedures rather than their timing. SAS No. 110 (AU 318.07) states that
the nature of audit procedures is of most importance in responding to the assessed risks." SAS No. 110 (AU
318.19) explains that increasing the extent of an audit procedure is effective only if the audit procedure itself is
relevant to the specific risk and reliable; therefore, the nature of the audit procedure is the most important
consideration."
Selecting Appropriate Substantive Procedures
The selection of specific substantive procedures needed to respond to the risk assessment is a matter of auditor
judgment. This involves consideration of all the relevant factors, including the following:
Characteristics of the related account (or transaction class).
Financial statement assertion(s) being tested.
Nature of risks identified.
Degree of the risk involved.
Type and persuasiveness of the available audit evidence.
Efficiency and effectiveness of the substantive procedures.
Considering the Account Being Tested. Some types of accounts lend themselves better to particular procedures.
For example, some accounts, such as receivables, can generally be tested by applying procedures to balances.
Other accounts, such as property accounts, are often tested most effectively by examining transactions during the
period. As another example, many types of accrued liabilities are based on financial relationships that can be
effectively tested through properly designed analytical procedures.
Considering the Financial Statement Assertion. Similarly, the financial statement assertion being tested can also
significantly affect the choice of procedures. For example, tests of existence are generally aimed at examining the
items comprising the account balance. Tests of completeness often involve (a) performing predictive tests of
account balances or (b) identifying items that should be included in the account and determining whether they are
included. Tests of valuation normally relate to assessing the reasonableness of computed or estimated amounts.
The financial statement assertion being considered can also provide indications of the types of misstatements that
might occur in the financial statements. For example, misstatements of the existence assertion result in overstate
ment of the account balance, and misstatements of the completeness assertion result in understatement.
Considering the Nature of Risks Identified. The auditor needs to document specific risks relating to each
significant audit area and related assertion, including fraud risks and other significant risks. Sometimes, the
identified risk will suggest the appropriate further audit procedures needed. For example, if the risk for receivables
is that sales cutoff errors are likely to occur, the auditor may simply choose to apply more procedures to test sales
cutoff. However, in other cases, the appropriate procedure may be less clear. In those cases, the auditor should
148

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

consider the risks in terms of the types or direction and causes of potential misstatements to decide what steps may
be appropriate.
Determining the type, or direction, of misstatement can help the auditor determine the direction of the testing
procedures. To illustrate this process, consider how types of misstatement could affect the testing of supply
inventory quantities. If the auditor is concerned about understatement of supply inventory quantities, the focus
should be on tracing from external documents (purchase records, physical inventory counts, etc.) to the inventory
records and testing to assure that all supplies were counted. On the other hand, if the auditor is concerned about
overstatement of quantities, the focus would be on (a) vouching recorded quantities to physical count sheets or
other relevant documentation, (b) testing to assure that inventory counts were not duplicated, and (c) determining
whether items in transit were recorded in the proper period.
The auditor should also consider whether the likely cause of misstatements will tend to result in understatement or
overstatement of the account balance and design procedures accordingly. Consideration of the cause of misstate
ments becomes especially important if the auditor believes there is a significant risk of material misstatement due
to fraud. In that case, the auditor should carefully consider how fraud might result in misstatement of the financial
statements and then design appropriate procedures to detect those misstatements.
Considering the Degree of Risk. The auditor also needs to document the assessment of the risk of material
misstatement for each significant audit area or assertion. Generally, the higher the risk, the greater the degree of
assurance needed from substantive procedures. Even without testing controls, the degree of assurance can be
increased through one or more of the following means:
Nature. The auditor can change the nature of the procedures. This normally involves adding more
procedures or choosing more persuasive procedures; that is, using more precise procedures, performing
more independent verifications, etc. (As indicated previously, generally the nature of procedures is the
most important consideration.)
Extent. The auditor can increase the extent of testing. This can be done by testing more items or changing
the design of the test to focus on more items that are prone to misstatement. Lesson 2 discusses extent
of tests.
Timing. The auditor can change the timing of the procedures to do more work as of year end.
Because audit programs deal primarily with the nature of procedures, an auditor's first response to a high risk of
material misstatement will normally be to consider adding more procedures. Before doing so, the auditor should
consider whether he or she is performing the most effective or the correct procedures. Then, the auditor should
consider whether changing the extent or timing of the procedures might be as effective as, and more efficient than,
adding more audit procedures. If the auditor responds to a high risk of material misstatement by altering the extent
or timing of the procedures, he or she can document that response as a comment next to the documented
assessment of risk.
Considering the Available Evidence. When planning the audit, the auditor should consider the audit evidence
needed and the evidence available. The evidence sought should be commensurate with the assessed level of risk.
Generally, the higher the assessed risk of material misstatement for an area or assertion, the more reliable the
evidence needs to be. The reliability of audit evidence was discussed previously in this lesson.
Considering the Effectiveness and Efficiency of Substantive Procedures. As previously noted, the auditor
should consider the degree of assurance needed from substantive procedures and select procedures that are
sufficiently effective. To be costeffective, the auditor should also consider the efficiency of the substantive proce
dures.
Substantive procedures include tests of details and substantive analytical procedures. Therefore, designing the
nature of substantive procedures involves deciding between the two. In some cases, substantive procedures might
be limited to substantive analytical procedures. Substantive analytical procedures alone are more likely to be
appropriate in the following circumstances:
The risks of material misstatement, including particular risks due to fraud, are relatively low.
149

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

The account balance, transaction class, or disclosure relates to large volumes of transactions that tend to
be predictable over time.
The account balance, transaction class, or disclosure is not affected by a significant degree of subjectivity.
A more detailed discussion of choosing between analytical procedures and tests of details is presented below.
Choosing between Analytical Procedures and Substantive Tests of Details
The authoritative literature does not explain how to apportion reliance on substantive procedures between tests of
details and analytical procedures except when testing significant risks. Analytical procedures may be used to
reinforce conclusions based on the results of other substantive procedures or as the sole source of evidence. That
decision is primarily based on the effectiveness of the procedures. Efficiency also may be a factor in deciding
between analytical procedures and substantive tests of details. That is, given two procedures of equal effective
ness, the auditor chooses the one that is most efficient. Therefore, the auditor would ordinarily use an analytical
procedure rather than a test of details if the analytical procedure is at least as effective in reducing detection risk to
the desired level as the test of details and is easier to apply.
Generally, the higher the assessed risk of material misstatement, the more effective analytical procedures need to
be before they can be relied on instead of tests of details. Accordingly, auditors tend to use tests of details more
extensively in high risk audit areas (such as areas containing fraud risks or other significant risks) and analytical
procedures more often in low risk areas or as secondary rather than primary auditing procedures. However, if the
auditor has highly effective analytical procedures, it may be possible to reduce the extent of detail testing needed
even in areas where significant risks exist. The effectiveness of analytical procedures in reducing detection risk in
comparison with the effectiveness of tests of details generally depends on the facts and circumstances. However,
the following are some general observations:
a. Analytical procedures are generally not effective in testing assertions about rights or obligations or
assertions related to presentation and disclosure because those assertions do not lend themselves to
testing through comparisons with expectations. Therefore, analytical procedures would not be effective
responses for risks related to matters such as parties to transactions lacking in economic substance or
intentional ambiguity in financial statement disclosures.
b. Relationships involving transactions over a period of time (that is, statement of activities accounts) tend to
be more predictable than relationships at a point in time (that is, statement of financial position accounts).
Because of the difficulty in developing expectations about a balance at a point in time with sufficient
precision, analytical procedures are often not as effective as tests of details for assertions about the
existence of assets and liabilities. Therefore, analytical procedures would not be as effective as tests of
details when responding to risks such as recording false receivables.
c. Analytical procedures are often equally or more effective than tests of details for assertions about the
completeness of assets, liabilities, revenues, and expenses. When testing for completeness, misstate
ments would often not be apparent from inspecting detailed evidence in the accounting records.
d. Analytical procedures are often equally or more effective than tests of details for assertions about the
occurrence of revenues. For example, comparing recorded service fee revenue with the amount expected,
based on a reliable record of units of service and average fees, may be as likely to detect a material
misstatement of assertions about the occurrence of revenues as inspecting supporting documentation.
Analytical procedures are more reliable if they are based on reliable data produced outside the accounting
system (for example, operating data used to manage the entity).
e. Analytical procedures are often equally or more effective than tests of details for assertions about the
occurrence of certain expenses. For example, comparing recorded labor costs with the amount expected,
based on the number of people required for the volume of activity during the year, may be as likely to detect
a material misstatement resulting from errors as looking at supporting documentation for a sample of
recorded compensation expense. However, if fraud is a concern, analytical procedures may not be
effective. For example, if management is able to manipulate expense accounts so that ratios appear
150

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

reasonable, ratio analysis would not be an effective analytical procedure for detecting material
misstatements.
f. Analytical procedures may be as effective as tests of details for assertions about the valuation of some
assets and liabilities but not for others. Generally, whether an analytical procedure is as effective as a test
of details for a valuation assertion depends on whether an expectation can be developed.
g. Substantive tests of details may be more effective for valuation assertions in an unstable environment. The
ability to develop an expectation that approximates the recorded amount is greater when the environment
is stable. For example, when interest rates are fluctuating widely, it is difficult to develop a precise
expectation about interest expense. Similarly, when transactions involve management discretion, such as
the choice of repairing versus replacing existing assets, there is also less predictability in expected
relationships.

151

Companion to PPC's Guide to Audits of Nonprofit Organizations

152

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
1. To satisfy the requirements of SAS No. 110 and SAS No. 99, Michael must examine journal entries and other
adjustments during the course of his audit. Which of the following best illustrates how he should perform these
substantive procedures?
a. Michael can satisfy both SASs with one examination of journal entries and other adjustments focusing on
the same area.
b. To satisfy the requirements of SAS No. 110, Michael must examine journal entries performed during
financial statement preparation, and the requirements of SAS No. 99 include the examination of journal
entries made all year.
c. Michael is prohibited from using only substantive analytical procedures to satisfy these requirements, so
he must also perform tests of details.
2. Which of the following would be considered a general procedure?
a. Agreeing financial statements to underlying accounting records.
b. Evaluating business rationale for significant unusual transactions.
c. Sending a letter of audit inquiry to the client's lawyer.
d. Confirming accounts receivable.
3. Based on the guidance in SAS No. 106, which of the following sources of audit evidence is the most reliable?
a. Audit evidence obtained from sources within the entity.
b. Audit evidence generated under effective controls.
c. Audit evidence obtained indirectly.
d. Audit evidence provided by photocopies or faxes.
4. Margaret discovers information that increases the risk of material misstatement during her audit. To
compensate, she decides to change the nature of her substantive procedures. Which of the following actions
allows Margaret to change the nature of her substantive procedures?
a. She adds more procedures and chooses more persuasive procedures.
b. She tests more items and changes test design to focus more on items prone to misstatement.
c. She does more work at the balancesheet date than originally planned.
d. She designs procedures to detect material misstatement due to fraud.
5. Under which circumstances could substantive analytical procedures be used instead of tests of details?
a. Bob needs to test the completeness of assets to detect any material misappropriation of cash sales
receipts.
b. George needs to develop a plan for dealing with ambiguity in Clark, Jacobs, & Millhouse's financial
statement disclosures.
c. Fred needs to test the existence of assets and liabilities on HarrisonTaylor's statement of financial position
accounts for information on relationships of transactions at a moment in time.
d. Joe needs to test Sew Time's labor costs as related to its employees, but has reason to believe
management could manipulate the expense accounts.
153

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
1. To satisfy the requirements of SAS No. 110 and SAS No. 99, Michael must examine journal entries and other
adjustments during the course of his audit. Which of the following best illustrates how he should perform these
substantive procedures? (Page 146)
a. Michael can satisfy both SASs with one examination of journal entries and other adjustments focusing on
the same area. [This answer is incorrect. Michael cannot satisfy the requirements of both SASs by focusing
his examination of the journal entries on one area. He will have to do more.]
b. To satisfy the requirements of SAS No. 110, Michael must examine journal entries performed during
financial statement preparation, and the requirements of SAS No. 99 include the examination of
journal entries made all year. [This answer is correct. SAS No. 99 focuses on finding fraudulent
journal entries, and SAS No. 110 is focused on the financial reporting process. Even though both
SASs require the same action (examining journal entries and other adjustments), that action must
be performed over different time periods to satisfy their individual requirements.]
c. Michael is prohibited from using only substantive analytical procedures to satisfy these requirements, so
he must also perform tests of details. [This answer is incorrect. This would be true of Michael were dealing
with significant risks (risks requiring special audit attention). It is not applicable to the situation in this
scenario.]
2. Which of the following would be considered a general procedure? (Page 146)
a. Agreeing financial statements to underlying accounting records. [This answer is incorrect. This
requirement of SAS No. 110 is related to the financial reporting process.]
b. Evaluating business rationale for significant unusual transactions. [This answer is incorrect. This
requirement of SAS No. 99 relates to the risk of management override of controls.]
c. Sending a letter of audit inquiry to the client's lawyer. [This answer is correct. Such general
procedures do not relate to specific account balances. Another example would be reading the
minutes of meetings of directors.]
d. Confirming accounts receivable. [This answer is incorrect. This is another required audit procedure that
relates to a particular account balance (required by SAS No. 67).]
3. Based on the guidance in SAS No. 106, which of the following sources of audit evidence is the most reliable?
(Page 147)
a. Audit evidence obtained from sources within the entity. [This answer is incorrect. Such evidence would be
more reliable if it were obtained from a knowledgeable independent source outside of the entity being
audited.]
b. Audit evidence generated under effective controls. [This answer is correct. If controls related to the
evidence that are imposed by the entity are effective, the internally generated audit evidence would
be considered more reliable.]
c. Audit evidence obtained indirectly. [This answer is incorrect. Evidence that the auditor obtains himself (or
herself) would be more reliable than evidence obtained by inference or indirectly.]
d. Audit evidence provided by photocopies or faxes. [This answer is incorrect. Audit evidence that is
documented (on paper, electronically, etc.) is more reliable than oral reports, and that provided by original
documents is considered more reliable than photocopies or faxes.]
154

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

4. Margaret discovers information that increases the risk of material misstatement during her audit. To
compensate, she decides to change the nature of her substantive procedures. Which of the following actions
allows Margaret to change the nature of her substantive procedures? (Page 149)
a. She adds more procedures and chooses more persuasive procedures. [This answer is correct. By
doing this, Margaret has changed the nature of her substantive procedures. Usually, the nature of
the procedures is the auditor's most important consideration. More persuasive procedures entail
performing more precise procedures (such as, more independent verifications).]
b. She tests more items and changes test design to focus more on items prone to misstatement. [This answer
is incorrect. If Margaret makes this change, she has changed the extent, not the nature, of her substantive
procedures.]
c. She does more work at the balancesheet date than originally planned. [This answer is incorrect. If
Margaret wanted to change the timing of her procedures instead of their nature, she could make this
change.]
d. She designs procedures to detect material misstatement due to fraud. [This answer is incorrect. If the
information Margaret discovered had to do with significant risk of material misstatement due to fraud (one
of the three causes of misstatement), this might be the focus of her changes; however, that might not be
the case in this scenario.]
5. Under which circumstances could substantive analytical procedures be used instead of tests of details?
(Page 150)
a. Bob needs to test the completeness of assets to detect any material misappropriation of cash sales
receipts. [This answer is correct. Analytical procedures can be equally or more effective than tests
of details for an auditor who must make an assertion about the completeness of assets, liabilities,
revenues, and expenses, as Bob must do in this scenario.]
b. George needs to develop a plan for dealing with ambiguity in Clark, Jacobs, & Millhouse's financial
statement disclosures. [This answer is incorrect. Generally, assertions related to presentation or
disclosure, rights, or obligations do not lend themselves to testing through comparisons with expectations;
therefore, analytical procedures would not be as effective of a response for risks such as the one George
has encountered in this scenario.]
c. Fred needs to test the existence of assets and liabilities on HarrisonTaylor's statement of financial position
accounts for information on relationships of transactions at a moment in time. [This answer is incorrect.
Analytical procedures would not be most effective at testing assets and liabilities in this scenario because
of the difficulty Fred would have developing the expectation of a balance at a point in time with sufficient
precision. Instead, Fred should use tests of details.]
d. Joe needs to test Sew Time's labor costs as related to its employees, but has reason to believe
management could manipulate the expense accounts. [This answer is incorrect. If management can
manipulate Sew Time's expense accounts, ratio analysis would not be an effective analytical procedure
for Joe to use in this scenario. Because fraud is involved, he should use tests of details.]

155

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

TESTS OF DETAILS REQUIREMENTS
Tests of details may be applied to transactions or to balances. Those tests can be described as follows:
a. Tests of Transactions. These are tests of the processing of individual transactions by inspection of the
documents and accounting records involved in processing (e.g., inspecting support documents for a cash
disbursement).
b. Tests of Balances. These are tests applied directly to the details of balances in general ledger accounts
(e.g., confirming an investment in securities with the custodian).
Tests of transactions and tests of balances are related because each class of transactions affects a related account
balance. For example, purchase transactions affect the accounts payable balance. An auditor may test the
transactions that enter an account balance, the individual items included in the ending balance, or both. Generally,
tests of balances are more efficient and effective than tests of transactions because transaction tests are applied to
individual transactions and may be more timeconsuming than direct tests of a balance that results from many
transactions. However, in the audit of a nonprofit organization, transaction testing is relatively more common than
it is for a business enterprise of comparable size. Substantive tests of expense transactions may be necessary
because of the use of complex coding and classification systems to identify costs by object, program, budget
category, etc. The audit approach to revenue transactions is more varied. Service fee revenue is often susceptible
to analytical testing or confirmation of billing. However, when classification of revenue by donor restrictions is
important, substantive tests of transactions may be an effective approach.
Confusion about Tests of Details of Transactions
Inspection of documents and accounting records may be involved in both tests of controls directed toward
operating effectiveness (if controls leave a documentary trail) and tests of details of transactions. For this reason,
some auditors have equated tests of details of transactions and tests of controls. The difference is in the objective
of the test. The mere fact that a transaction or balance is being tested does not make the test a test of controls. For
example, the inspection of invoices in support of additions to property, plant, and equipment is a substantive
procedure. The objective of the test is to substantiate the balance by testing the transactions, i.e., the additions. The
same principle applies to other types of transactions or balances. For example, individual revenue transactions
may be tested to substantiate total revenue without being concerned with the effectiveness of control policies and
procedure for processing revenue transactions. It is the objective of the test and not whether it is applied to a class
of transactions or a balance that determines whether the test is a test of controls or a substantive procedure.
Substantive procedures, including tests of details, are normally applied after the auditor has obtained an under
standing of internal control, but substantive tests of details in the current period may contribute to the auditor's
understanding in subsequent periods. Tests of details can be performed concurrently with tests of controls.
Required Documentation
For substantive tests of details involving inspection of documents or confirmation, SAS No. 103, Audit Documenta
tion, requires documentation to include identifying characteristics of the items tested. The authors believe items
tested can be identified by listing the items; by including a detail schedule in the workpapers, on which the items
are identified; or by documenting in the workpapers the source and selection criteria. For example:
For tests of significant items, documentation may describe the auditor's scope and the source of the items
(for example, all cash disbursements greater than $5,000 from the January to March cash disbursements
journal).
For haphazard or random samples, documentation may identify items by their dates and specific
document numbers, check numbers, etc.
For systematic samples, documentation may indicate the source, starting point, and sampling interval (for
example, a selection of checks from the cash disbursements journal for the period 1/1/X2 to 12/31/X2,
starting with check number 2150 and selecting every 100th check thereafter).
In some cases, more than one file of the same documents may be maintained in different locations. The auditor
should document who maintains the file from which items were selected and where it is maintained.
156

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

SUBSTANTIVE ANALYTICAL PROCEDURES
Types and Purposes of Analytical Procedures
What Are Analytical Procedures? Analytical procedures are evaluations of financial information made by a study
and comparison of plausible relationships among both financial and nonfinancial data. Analytical procedures
include trend analysis, ratio analysis, and predictive or reasonableness tests. Using analytical procedures generally
involves:
a. developing an expectation of what an account balance should be,
b. comparing the expected amount with the recorded amount,
c. determining whether any difference between the recorded and expected amount is significant,
d. investigating the cause of any unexpected significant difference,
e. evaluating the likelihood of material misstatement, and
f. documenting the analytical procedures.
As indicated by items a. and b., analytical procedures should involve comparisons of recorded amounts, or ratios
of recorded amounts, to expectations developed by the auditor. These expectations can be developed from a
variety of sources of financial and nonfinancial information, but the most important aspect of developing expecta
tions is having a thorough knowledge and understanding of the client and its industry and the risks the client faces
in doing business.
Analytical procedures include trend analysis, ratio analysis, and predictive or reasonableness tests. Analytical
procedures may consist of simple comparisons or complex models. For example, the following are analytical
procedures
a. Comparison of an account balance with the balance of the prior period or with a budgeted amount.
b. Computation of the ratio of one financial statement account balance to the balance in another account that
would be expected to have a predictable relationship to each other, such as computation of the ratio of
interest expense to debt and comparison of the resulting ratio to the known interest rate on that debt.
c. Estimation of investment income by considering the amount invested and the average earnings rate.
Most explanations of analytical procedures focus on the steps involved in comparing the recorded amount to the
expectation, but best practices think of analytical procedures as a coordinated family of procedures that include
scanning and inquiry as well as computations and comparisons.
Purposes of Analytical Procedures. SAS No. 56 identifies the following three categories of analytical procedures
based on the purpose of the procedures:
Preliminary (Planning) Analytical Procedures. Used to enhance the auditor's understanding of the client's
business and assist in assessing areas of specific risk of misstatement by identifying unexpected
relationships among account balances or the absence of expected relationships.
Substantive Analytical Procedures. Used to obtain audit evidence about potential misstatements.
Overall Review Analytical Procedures. Used in the final review stage of the audit.
Both preliminary and overall review analytical procedures are required in an audit of financial statements, but use
of substantive analytical procedures is discretionary. Preliminary analytical procedures are an important step in
audit planning. Overall review analytical procedures are part of the final review of the financial statements to assure
157

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

that the numbers make sense. This final step in the audit is made to be sure the auditor has obtained a sufficient
understanding of the financial statements during the audit. Substantive analytical procedures are explained below.
What Distinguishes Substantive Analytical Procedures? The purpose of the analytical procedures and the level
of assurance desired are what distinguish substantive analytical procedures from preliminary and overall review
analytical procedures. No particular types of analytical procedures are exclusively substantive procedures. The
same procedures, ratios, or relationships might be used for more than one of the three purposes of analytical
procedures. For example, comparing salaries and wages to budgeted amounts by function or department might be
used in planning or final review at an aggregate level or as a substantive analytical procedure at a more detailed
level.
Substantive analytical procedures are focused on particular account balances, and the auditor will have already
assessed the risk of misstatement of the account balance, including the likely direction of the misstatement, i.e.,
overstatement or understatement. The auditor will have decided that the performance of analytical procedures
alone or in combination with tests of details is likely to provide reasonable assurance that the account balance is
not materially misstated in relation to the overall financial statements. To accomplish this, the auditor will have
concluded that a sufficiently precise expectation of the recorded amount being tested can be developed from
reliable financial or nonfinancial data.
Substantive analytical procedures will either be the primary test of the account balance or will be used in combina
tion with tests of details. Essential features of substantive analytical procedures are developing expectations by
identifying plausibly related and reliable data, and identifying whether there are differences from those expectations
that require investigation. If the differences from expectations are sufficiently small, the auditor can conclude that
there is reasonable assurance the account balance is not misstated. Larger differences have to be investigated by
obtaining and corroborating explanations.
Consider the features of analytical procedures. When performing an audit for a nonprofit organization, the auditor
might use an analytic comparison of expense to budget for all three categories of analytical procedures. However,
those analytical procedures would more likely be applied at a more detailed level, by fundraising event or
program, when performed as a substantive analytical procedure.
How to Design Effective Substantive Analytical Procedures
Analytical procedures have been described as a natural extension of the process of understanding the client's
activities. Substantive analytical procedures are a focused way of translating this understanding into reasonable
assurance that a particular account balance is not materially misstated.
First Ask Management. A productive initial step in designing effective substantive analytical procedures is to first
ask management what ratios, relationships, and internal or external data management finds particularly useful in
identifying and monitoring risks. This also helps the auditor to get a better feeling for how the nonprofit organization
really works. What are the key factors that management monitors to stay on top of operations? Are there industry
or trade publications that provide particularly useful information? Do any published statistics on the economy or the
industry help management to be aware of important trends or patterns? In some cases, management may have
prepared reports with ratio analyses and comparisons the auditor can use. The auditor may have gained this
knowledge from management while performing risk assessment procedures.
Nonprofit organizations are often very sensitive to political and economic changes. Unfavorable economic condi
tions may cause a reduction of funding from both private and government funding sources. A downturn in the
economy makes it difficult for a nonprofit organization to obtain new contributions and collect promises to give
pledged in previous years. Many nonprofit organizations are experiencing revenue shortfalls due to losses on
investment portfolios caused by market declines, lower investment returns caused by decreasing interest rates,
reduced personal contributions, and a less stable government grant environment.
Consider the Budgetary Process. The auditor should review prior budgets and inquire about management's
followup of variances to assess the reliability and effectiveness of the budgetary process. If there is an effective
budgetary process, the budget data can be a good source of auditor expectations. In other words, the auditor can
use the budgeted amount for an account balance as the auditor's expectation of the recorded amount. However,
the auditor should consider using the original budget to determine variances from actual. The auditor should
158

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

determine why actual amounts changed from the original estimate, especially if the entity amends the budget to
mirror actual activity. As a minimum, the inquiries about budget preparation and inspection of budgets and variance
reports should provide the auditor with a good working knowledge of the key factors that affect particular account
balances and the stability of plausible relationships. For example, is payroll expense driven by the number of
employees? How closely do property additions track the capital budget? What operating data are most useful for
predicting expense levels? The auditor could use such information in deciding what ratios to compute or predictive
tests to design.
Budgetary control is crucial to many nonprofit organizations because of the restricted nature of much of their
resources. This means many nonprofit organizations must prepare and closely adhere to detailed budgets for
specific programs or functions. Because of funding source constraints on revenue and expenditures, budgets in
the nonprofit sector are often a contractual agreement subject to limited flexibility. For many organizations, each
budget is a plan for spending specific amounts of money in specific cost categories by line item to achieve specific
goals within a set period of time. When a nonprofit organization wishes to modify a program budget, specific
funding source guidelines and procedures may have to be followed, which often include gaining written permission
from the funding source.
Additional questions an auditor might ask about an organization's budgetary process include
Is a specific program over budget and are other programs under budget?
Did the nonprofit organization raise the anticipated amount from its special event?
Identify Comparables. For years, there have been suggestions that auditors should make greater use of industry
statistics as a source of data for comparisons in performing analytical procedures. These comparisons provide
insight on how the client's performance compares to that of other nonprofit organizations of similar size, geo
graphic location, and demographic makeup. A significant variation from revenues and expenditures of comparable
nonprofits indicates a risk of potential misstatement and should be investigated.
If the client belongs to a trade organization, it might have access to financial trend information of the other members
accumulated by the trade organization. Industry statistics are, however, generally underused by auditors for a
variety of reasons. There might be no industry group that accumulates statistics. There might be no NAICS or SIC
code that corresponds sufficiently to the client's operations. Use of NAICS or SIC codes can also result in
comparing a client in a single industry with more diversified companies. Industry statistics blur differences caused
by different accounting methods or differences in operations related to class of customer, geographic location,
organizational or financial structure, or product quality. Also, industry statistics may be skewed because one or a
few major companies dominate the industry. The NAICS, which was developed in 1997 by the governments of
Canada, Mexico, and the United States, uses a six digit numerical code to categorize industry groups. The NAICS
codes will replace SIC codes, but the transition is taking time. In the meantime, some data bases still utilize SIC
codes, some have moved to NAICS, and many use both codes. During the transition from SIC codes to NAICS
codes, the CPA may wish to use the database that maps SIC codes to NAICS codes at www.naics.com/
search.htm.
Talk to Operating Personnel. The auditor should get outside the accounting department and talk to other than
financial management personnel when designing and performing analytical procedures. Discussions with operat
ing management and personnel can be invaluable in learning enough about the client's operations and risks to
design effective analytical procedures. For instance, in a nonprofit organization, discussions with the director of
fundraising or development can provide insight to develop a more reliable expectation of contributions.
Generally, operating departments can be a source of reliable data outside the influence of accounting personnel
who record transactions related to those operating functions. The auditor should consider whether the data in the
operating department is independent of the accounting department. The auditor should also consider whether the
preparation of the operating data is subject to manipulation by senior management in a manner that would permit
management to alter both the operating and related accounting data. For example, the auditor could compare (a)
the number of members and membership dues, (b) the number of students and tuition revenue, (c) the number of
tickets sold and admissions revenue, or (d) attendance at a church and contribution revenue.
159

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Discussions with operating personnel should at a minimum enhance the auditor's understanding of the significant
transactions and events that have affected the financial statements and might corroborate the auditor's riskassess
ment conclusions. The enhanced understanding can lead to improvements in the development of expectations of
recorded amounts as well as a more insightful evaluation of differences from those expectations.
Consider the development of reliable data. The auditor could interview the director of development to better
understand the process of setting the budget for special events. Additionally, the auditor could determine if there is
reliable data maintained in the development department for the number and unit prices of tickets sold that can be
used to analytically test revenue from special events. The director of development could also assist the auditor in
developing a reliable expectation for contribution revenue and fundraising expenses. The program directors could
assist in developing expectations of program revenue and expenses.
Consider Whether Circumstances Are Favorable to Substantive Analytical Procedures
Audit Area or Type of Account. Certain circumstances are favorable to the use of substantive analytical proce
dures as the primary, or an important, source of assurance on an account balance. Generally, relationships among
statement of activity account balances, or statement of activity and certain statement of financial position account
balances are more predictable than relationships only among statement of financial position items.
Generally, the higher the assessed risk of material misstatement, the more effective analytical procedures need to
be before they can be relied on instead of tests of details. Accordingly, auditors tend to use tests of details more
extensively in high risk audit areas and analytical procedures more often in low risk areas. However, if the auditor
has highly effective analytical procedures, it may be possible to reduce the extent of detail testing needed even in
high risk areas.
Likely Cause of Potential Misstatements. Substantive analytical procedures tend to be more useful as the
primary substantive procedure when the risk of misstatement has been assessed as being primarily from error. This
is because errors are random and are as likely to be understatements as overstatements. Generally, a substantive
analytical procedure is effective for simultaneously testing for both overstatements and understatements. Tests of
details tend to be directed to either overstatement or understatement. For example, a predictive test of revenue
developed from operating data should be effective for detecting either overstatement or understatement of
recorded revenue. In contrast, tests of details usually focus on a single direction. Detection of understatement, for
example, is the focus of tracing from records of service provided to recorded service revenue, while overstatement
is more likely to be detected by inspecting supporting documents or confirming balances. Also, errors are random
and no one is attempting to conceal them. For example, an executive director who has intentionally understated
fundraising expenses by improper capitalization of special event costs might reclassify other expenses as fund
raising expenses to maintain a normal fundraising efficiency ratio. This does not mean, however, that analytical
procedures are useless as tools in fraud detection. Analytical procedures are an important aid in detecting fraud.
Use of analytical procedures when the general risk analysis indicates a greater risk of fraud is explained later in this
lesson.
Availability of Reliable Data. Because substantive analytical procedures involve developing an expectation of a
recorded amount based on a plausible relationship between that amount and financial or nonfinancial data,
another circumstance that favors use of these procedures is the availability of reliable data to develop expectations.
Generally, data obtained from an independent outside source are better than internal data. Nonfinancial data from
an independent operating department tend to be more reliable than data under the influence and control of the
accounting department when there are effective controls over collection of the operating data. Data from the
accounting department are more reliable when controls over the accounting system are effective. Audited data are
more reliable than unaudited data. The data might be audited by the auditor or by internal auditors judged to be
objective and competent. Generally, the auditor should exercise professional skepticism in evaluating the reliability
of available data and seek more reliable data to achieve greater precision.
Precision of Expectation. Another related consideration is whether the expectation can be developed with
reasonable precision. Precision is the term used to describe the degree of accuracy of the expectation developed
by the auditor to the actual amount. Other things remaining equal, the larger the recorded amount, the more difficult
it is to develop a precise expectation. This is because a small percentage of a very large recorded amount can be
material to the financial statements taken as a whole. For example, the planning materiality amount calculated
160

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

using total support and revenue as the benchmark might range from .5% to 1% of total support and revenue, and
tolerable misstatement would be less than planning materiality. This means that an expectation developed of
recorded total annual support and revenue would need to be within less than 1% of the recorded amount to be
used as the primary substantive test of total annual support and revenue without additional evidence. In some
cases, the data might be reliable enough to develop such a precise expectation; but, in other cases, the auditor
might need to break the recorded amount down into more predictable components. Expectations developed at a
more detailed level have a greater chance of detecting a misstatement of a given amount. For example, expecta
tions developed concerning monthly amounts are generally more precise than annual amounts. Comparisons by
program, location, or department are generally more precise than entitywide comparisons. Sometimes, an
account balance can be separated into different categories of transactions. For example, payroll expense might be
separated into salaried and hourly employees.
Efficiency. Another consideration that affects a primarily substantive analytical procedures approach is the relative
efficiency of tests of details for the account balance. Other things remaining equal, an account balance composed
of a small number of large items can be tested more efficiently and effectively using tests of details. If an account
balance has a large number of small items, efficiency can usually be improved by using substantive analytical
procedures to test the total recorded amount. Analytical procedures are also more efficient and effective when the
relationship between available data has proven to be relatively predictable and stable in the past. For example, the
precision of analytical procedures using trend analysis and ratio analysis is improved when the underlying relation
ships are known to be reasonably predictable and the business environment is relatively stable.
Specialized Considerations for Nonprofit Organizations. Many nonprofit organizations are well suited to the
application of analytical procedures. Account balances that are more susceptible to the use of substantive analyti
cal procedures were discussed previously. For nonprofit organizations, there is usually a predictable relationship
between contribution revenue and the related fundraising expense. Also, there may be a persistent pattern in the
investment income accounts and investment account balances (if the organization's investments would be
expected to earn a fairly constant rate of return).
Likely causes of potential misstatements were discussed previously. For nonprofit organizations, a predictive test
of contributions developed from operating data should be effective for detecting either overstatement or under
statement of recorded contributions. In contrast, tests of details usually focus on a single direction. For example,
detection of understatement is the focus of tracing from contribution records to recorded contributions. Overstate
ment of contributions is more likely to be detected by confirming promises to give or tracing from recorded
promises to give to contribution records.
An example of the precision of expectation for an organization with $3.5 million of adjusted total support and
revenue (which are larger than total adjusted assets), the planning materiality amount calculated would be rounded
to $39,000 and tolerable misstatement would be $30,000. This means that an expectation developed of recorded
total annual support and revenue would need to be within just over 1% of the recorded amount to be used as the
primary substantive test of total annual support and revenue without additional evidence.
As for an example for a nonprofit organization on how disaggregation can improve precision, assume that an
auditor is analytically testing the revenue earned by an organization's special event. The organization sponsors a
marathon in different cities around the country. The proceeds are used to support research. The direct benefits
provided to marathon participants are nominal in value. The auditor's expectation is that the entrance fee revenue
will vary according to the number of entrants in the races.
After interviewing the development department and reviewing supporting documentation, the auditor noted that
there were approximately 18,225 entrants in 17 marathons in the current year. There were no entry fees collected
in one fiscal year for a race held in another fiscal year. The entry fee for all of the races was $15 if paid in advance
and $20 if paid on the day of the race. Approximately 85% of the entrants paid their entry fees in advance. The
revenue recorded from the special event was $290,150. The first analytical procedure performed by the auditor
follows:
Total marathon revenue
Number of entrants

$ 290,150
18,225

Average price per entrant

$
161

15.92

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

If the auditor assessed the risk of material misstatement as low and/or the auditor performed other substantive
procedures with respect to the marathon special event revenue, the auditor might conclude that the average price
per entrant calculated in the previous paragraph appears reasonable and perform no additional testwork. However,
if the auditor assessed the risk of material misstatement as high and/or had performed no other substantive
procedures, the auditor might refine the test performed as follows:
Total marathon entrants
Percentage of entrants that paid in advance
Number of entrants that paid in advance
Fee paid in advance
Revenue paid in advance

18,225
.85
15,491

$15

$ 232,365

Total marathon entrants
Percentage of entrants that paid the day of the race
Number of entrants that paid the day of the race
Fee paid the day of the race

18,225
.15
2,734

$20

Revenue paid the day of the race

$

54,680

Revenue paid in advance
Revenue paid the day of the race

$ 232,365
+ 54,680
$ 287,045

Depending upon materiality for the organization, the auditor might conclude that revenue from that special event is
materially correct and no further testing would be considered necessary. If the auditor decided to further expand
testing, revenue per marathon (the amount earned per city) could be calculated or reviewed.
Analytical Procedures and Fraud Detection
An important factor behind the decision to require analytical procedures in all audits of financial statements was
research that indicated that use of analytical procedures was a frequent factor leading to detection of management
fraud or cooking the books. Analytical procedures are required in the planning stage of the audit to make sure the
auditor looks at the big picture first and recognizes areas where fraud risk is greater. Likewise, professional
standards require analytical procedures in the final review stage of the audit to make sure the auditor looks at the
financial statements in total at the end to see that they make sense based on the auditor's understanding of the
business obtained during the audit. More detailed preliminary analytical procedures or substantive analytical
procedures used during the audit can also be helpful in detecting whether the books have been cooked. SAS No.
99 (AU 316.69) requires that the auditor evaluate whether analytical procedures performed as substantive proce
dures or in the overall review stage of the audit indicate a previously unrecognized risk of material misstatement
due to fraud. (SAS No. 99 also requires analytical procedures relating to revenue in planning the audit.) For
example, significant and unusual relationships related to yearend revenue, such as unusually large amounts of
revenue or gains near the end of the reporting period from unusual transactions, might be indicative of fraud. Also,
the auditor should reflect on whether responses to inquiries about analytical relationships have been vague,
implausible, or inconsistent with the auditor's knowledge or other audit evidence. The auditor of a nonprofit
organization might also consider the following:
a. Trend analysis of annual fundraising campaigns or special events by year indicates unusual patterns.
b. Unexpected or unexplained relationships between recorded contribution revenue and statistics
maintained by the development department.
A word of caution on analytical procedures and fraud detection is necessary. Analytical procedures can be very
effective in identifying audit areas with an increased risk of fraudulent financial reporting, but the absence of
significant fluctuations is not reliable evidence of the absence of a risk of material misstatement due to fraud.
Management can manipulate recorded amounts to make relationships appear normal to conceal fraud.
162

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Generally, analytical procedures are useful for identifying audit areas in which there is an increased risk of material
misstatement from cooking the books. Analytical procedures usually do not provide sufficient evidence to resolve
whether a potential material misstatement is caused by fraud, but are efficient and effective for directing the
auditor's attention to account balances that require investigation of a potential fraud. In this area, particularly, it is
important to recognize that there are no magic ratios or relationships that work for all clients. Also, a solid
understanding of the client's activities is even more critical in designing effective analytical procedures in this area.
The auditor cannot recognize unusual relationships, the absence of expected relationships, or other anomalies in
the financial statements unless the auditor has a good sense of what the financial statements should look like in the
client's circumstances. In other words, the auditor needs to know what is usual what should be there before the
unusual can be recognized.
When there is a greater than normal risk of cooking the books, finding at least one comparable entity for analytical
comparisons as recommended previously can be extremely helpful and provide needed insight to what relation
ships are anomalous. By comparing the activity of the client to a comparable entity, the auditor can more readily
identify unexpected relationships or the absence of expected relationships as well as develop better expectations
of recorded amounts.
Substantive analytical procedures focused on particular recorded amounts are useful in refining the assessment of
the risk of misstatement from cooking the books. When the primary risk is cooking the books, the focus of analytical
procedures is generally on the revenues and expenses that might be misstated. For example, it might be possible
to compare receipts from annual fundraising drives to total support to detect improper revenue recognition.
Another example that may detect improper revenue recognition for a nonprofit organization is the relation of
fundraising expenses to contribution revenue. A recorded amount of expense that is significantly lower than the
amount needed to produce the recorded amount of revenue might indicate overreporting of revenue.
The particular analytical procedures have to be designed to fit the specialized circumstances of the client and its
industry. However, comparisons of actual cash flow with recorded accrued amounts and comparisons of the total
recorded amount with the portion that is dependent on a subjective estimate are generally useful. For example,
some nonprofit organizations may be motivated to understate the change in unrestricted net assets to make the
organization look more needy" to potential contributors while other organizations may be motivated to overstate
the change in unrestricted net assets to meet certain funding requirements. However, comparisons of actual cash
flow with recorded accrued amounts and comparisons of the total recorded amount with the portion that is
dependent on a subjective estimate are generally useful.
Whether the assessed risk is of stealing or cooking the books, imaginative use of analytical procedures can be
useful in refining the risk assessment for detecting the misstatement. If the auditor focuses on trends that are
difficult or impossible to manipulate by the perpetrator, analytical procedures will generally be more effective.
Volume data trends should follow reported amounts. For a nonprofit organization, the auditor could analyze the
number of service units provided by the organization and compare that to the revenue associated with those
service units. If service units are increasing, the auditor would anticipate that revenue would also increase. This
same type of analysis could be performed for the following:
The number of members and membership dues.
The number of students and tuition revenue.
The number of tickets sold and admissions revenue.
Attendance at a church and contribution revenue.
By comparing the trends of operating volume measures to recorded amounts, the auditor can identify account
balances with a risk of misstatement due to fraud. Generally, this approach is equally effective for stealing and
cooking the books.
Corroboration of Explanations. An important consideration related to fraud detection (as well as error detection)
is the evaluation and corroboration of management's explanations for significant differences from the auditor's
expectations. In this area, the main ingredients for effectiveness are healthy doses of common sense and profes
sional skepticism. An attitude that includes a questioning mind and a critical assessment of audit evidence is
163

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

necessary to exercise professional skepticism. The auditor should adopt a show me" attitude and not accept
explanations that are contrary to common sense or that conflict with the auditor's understanding of the client's
circumstance.
Analytical Procedures and Interim Testing
As explained in more detail later in this lesson, audit efficiency and effectiveness can often be improved by shifting
more audit work to interim dates. This can permit earlier identification of issues and problems and allow corrective
action to be implemented before final work starts. Also, there are advantages to spreading out the audit work over
a longer period of time. This makes it easier for client personnel because their time preparing for the audit is also
spread out. Client personnel have more time to prepare schedules and answer questions. Also, because the audit
work is spread out, the engagement team can usually be smaller. This not only has budget advantages, but the
longer exposure to the client also can improve everyone's understanding of the client's activities.
When tests of details are performed at an interim date, the auditor may need to perform rollforward procedures for
the period between the interim date and the statement of financial position date. Analytical procedures are usually
an important part of rollforward procedures. SAS No. 110 (AU 318.62) on substantive tests prior to the statement
of financial position date states that these procedures may include comparison of information concerning the
balance at the statement of financial position date with comparable information at the interim date. This is an
analytical procedure to identify amounts that appear unusual and that therefore should be investigated. These
analytical procedures can be combined with other analytical procedures or tests of details. Substantive analytical
procedures are an efficient way to extend the audit conclusion from the interim date to the statement of financial
position date.
Analytical procedures are particularly useful because the auditor's objective in performing rollforward procedures
is to evaluate whether the recorded amount of transactions between the interim date and the statement of financial
position date is reasonable in relation to the auditor's expectation. Because the time period is much shorter than the
annual period, the auditor's expectations can generally be developed with more precision. The period may be only
one or two months. For example, if the auditor confirms promises to give for a June 30 yearend nonprofit
organization as of May 31, analytical procedures might be an effective method of extending the auditor's conclu
sion through year end. Examples of analytical procedures that might be used as rollforward procedures in this
circumstance follow:
Compare currentyear June promises to give with prioryear June promises to give.
Compare the actual currentyear June promises to give to the budget.
Compare the currentyear June promises to give to the amount recorded in July of the next fiscal year.
Review a monthbymonth comparison of contributions for the current year.
Analyze the planned fundraising events or activities that generated the promises to give for June.
The auditor might also scan credit entries to promises to give for June and July of the next fiscal year. The scanning
and comparisons of ratios and amounts should be supplemented by inquiries of development department person
nel about significant or unusual promises to give pledged close to year end.
Analytical Procedures and Accounting Estimates
The auditor should identify and evaluate significant accounting estimates made by management. Analytical proce
dures can be used in evaluating the reasonableness of estimates by developing the auditor's own expectation of
the estimate and as basis for assessing the overall reasonableness of the estimate.
Tests of the reasonableness of an accounting estimate often include a combination of tests of details and analytical
procedures. Supporting data are tested for reliability using tests of details and analytical procedures are used to
assess the reasonableness of the estimate. For example, the auditor might test the aging of accounts receivable for
accuracy and then use the analytical procedures of scanning the aging, considering the historical trends of
chargeoffs per age category, and computing the ratio of days sales in receivables and comparing to the prior year.
The auditor might also scan the results of collection activity in the subsequent period.
164

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

How to Identify and Evaluate Significant Differences
After the auditor has developed an expectation of a recorded amount or ratio of recorded amounts from reliable
data and compared the expectation to the recorded amount, the next step is to determine whether there is a
significant difference. Authoritative literature does not define significant differences. SAS No. 56 (AU 329.20) states
only that the criteria for a significant difference should be consistent with the level of assurance desired from the
analytical procedure. Evaluation of the significance of differences is discussed in the next paragraph. Consider
ations before posting differences to the summary of audit differences are discussed in the following paragraphs.
Evaluation of the Significance of Differences. The quantification of the significance of the difference should be
related to what is material to the financial statements, by financial statement line as well as in the aggregate, rather
than being evaluated in terms of the percentage of the account balance. In some cases, a 2% difference in total
annual revenue would be very material to the financial statements, but a 20% difference in miscellaneous expenses
would be immaterial.
There are complex mathematical models that can be used to compute the dividing line for significance of differ
ences in particular circumstances. However, this degree of complexity is not necessary if a conservative rule of
thumb is adopted. It is believed that the range of 10% to onethird (or 331/3%) of tolerable misstatement generally
provides a workable rule of thumb for the significance of a difference. Differences larger than the designated
percentage would be considered significant and require investigation and corroboration of explanations. This
guideline is based on the same framework that is used in many nonstatistical audit sampling plans. The choice of
a percentage within this range depends on the level of assurance desired from the substantive analytical proce
dure, which in turn depends on the auditor's risk assessment. If the substantive analytical procedure is the primary
source of assurance, the percentage should be toward the low end of the range, say 10% or 15%. If the substantive
analytical procedure is being used in combination with tests of details, then onethird of tolerable misstatement
might be used. If the substantive analytical procedure is only a supplement to a primary test of details, then a
slightly higher amount might be used.
Corroboration of the Explanation of the Difference. The auditor's expectation developed in performing substan
tive analytical procedures is an estimate or prediction of what should be the amount of an account balance. The
evaluation of the significance of the difference between the account balance and the expectation determines
whether the account balance can be accepted as not misstated without performing additional audit work. If the
auditor decides that the expectation is not effective enough (for example, based on reliable enough data, a precise
enough expectation, etc.), then the test should be refined (such as computed in more detail), or the degree of
assurance from the analytical procedure should be reduced and additional procedures should be applied.
If the auditor evaluates the difference as significant and concludes that the expectation is sufficiently effective (that
is, the expectation is precise enough), the auditor generally performs additional inquiry and analysis. The additional
inquiry and analysis might result in a conclusion that the risk of misstatement of the account balance is acceptable,
or alternatively, the quantification of a misstatement that will be proposed as an audit adjustment. Only the
quantified estimate of misstatement determined by investigation should be accumulated and posted to the sum
mary of audit differences. A difference should not be treated as a misstatement before investigating it. Although the
difference may indicate one side of the entry needed to adjust the financial statements, it may not indicate the other
side. For example, a difference that indicates that contribution revenue is overstated typically implies that promises
to give receivable also are overstated. However, if detection risk for the existence assertion about promises to give
receivable has already been reduced to an appropriate level, then the offset to the difference in contribution
revenue cannot be to promises to give receivable.
For significant differences, the auditor should obtain an explanation of the difference and corroborate the explana
tion. The auditor should avoid the temptation of first asking those responsible for preparing financial statements to
explain differences. The auditor should obtain an explanation from a knowledgeable person who is preferably
unrelated to financial statement preparation and analyze the support for that explanation. Explanations about the
reasons for differences might be obtained from accounting department personnel, but should be pursued with
operating personnel and, in some cases, outside parties. For example, in an audit of a community theatre, suppose
the auditor identifies an unexpected increase in contribution revenue and inventory. The organization's accounting
personnel explain that the local university donated lighting equipment and costumes to the theatre to be used in its
next production. The theatre valued the lighting equipment and costumes based on discounting quotes received
165

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

on new equipment and costumes. The auditor might investigate the explanation by inspecting documentation of
the contribution, inspecting the donated items, and discussing the donation with the development department and
the executive producer of the theatre. When significant fraud risk factors are present, the auditor may consider
interviewing the donor to corroborate the explanation.
How to Document Substantive Analytical Procedures
Documentation of Principal Substantive Tests of a Significant Financial Statement Assertion. When an
analytical procedure is used as the principal substantive test of a significant financial statement assertion, SAS No.
56 (AU 329.22) requires the auditor to document the following:
the expectation and the factors used in its development (unless readily determinable from the work
performed),
the results of comparing recorded amounts to the expectation, and
any additional procedures performed to address significant unexplained differences, and the results of
those procedures (for example, the amount of any misstatement quantified as a result of the analytical
procedures performed).
An analytical procedure is the principal substantive test of a significant financial statement assertion when it
provides the primary audit evidence. For example, an analytical procedure for revenue may provide the primary
audit evidence related to the occurrence and completeness assertions for revenue. Generally, for this purpose,
comparisons need to be made on a more detailed basis (for example, actual salaries and wages compared to
budgeted amounts by function or department) or need to be based on an expected total for a transaction class or
account balance (such as comparing recorded cash contributions in the current period with amounts received in
prior periods or budgeted amounts or predicting the revenue of a thrift shop based on its square footage).
Exhibit 11 illustrates documentation of a substantive analytical procedure for a nonprofit organization.
Exhibit 11
Documentation of a Substantive Analytical Procedure
The Primary Test of an Account Balance
630X1
Personnel expense

$

630X0

673,554

$

593,003

Change
$

80,551+

+ We noted during our discussions with the client regarding its operations that during the year
ended June 30, 20X0, the organization utilized the donated services of volunteers to perform
fundraising activities and various other administrative duties. During the year ended June 30,
20X1, the organization decided to hire employees to replace the volunteers in order to
increase the amounts raised from the fundraising efforts and to provide better administrative
support to the organization's other staff. Therefore, our expectation is that personnel expense
would increase from prior year. We noted during our review of the board of directors' minutes
that the total annual salaries for the new employees would approximate $65,000 per year. We
also noted per the minutes that the new employees started work on October 1, 20X0.
Additionally, the board minutes noted that raises for existing employees averaged 5% and
were effective July 1, 20X0. Therefore, our expectation of the current year personnel expense
is as follows:
Prior year expense
Current year raises

$

Total expense for new employees
Number of months employed in 20X1

$

166

65,000
9/12

593,003
1.05
622,653
48,750

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Expectation Expense for 20X1
Actual expense for 20X1

671,403
673,554

Difference

$

2,151

Based on the above, personnel expense appears reasonable and no further work is consid
ered necessary.

*

*

*

Documentation of the expectation and the factors considered in its development is required if not apparent from the
work performed. When prior year balances or budgeted amounts are used for comparative purposes, those
amounts implicitly represent the auditor's expectation. In that case, if the workpapers include a comparative
schedule showing the prior year or budgeted amounts and indicating the source of those amounts (for example,
prioryear workpapers or the 20X2 budget), it is believed that the expectation is apparent and that no additional
documentation of the expectation is required. For an expectation developed based on the key factors affecting an
account, such as an expectation of compensation expense developed using information about the number of
employees and pay rates, auditors should document the factors used in its development and the source of
information about those factors. The results of comparing the expectation with recorded amounts may be docu
mented by including a variance column on the auditor's comparative schedule or by documenting the comparison
of the expected amount and the recorded amount on the face of the auditor's calculation. Although not required by
authoritative literature, documentation might also include information about the auditor's approach to evaluating
the significance of the difference between the recorded amount and the expectation (for example, a percentage of
tolerable misstatement rule of thumb).
Documentation of Other Types of Analytical Procedures. When an auditor performs an analytical procedure that
is not a principal substantive test of a significant financial statement assertion, professional standards do not
specify the form or content of documentation other than to state that audit documentation should include identify
ing characteristics of any specific items tested. For example, assume that an auditor's principal substantive test of
the valuation/allocation assertion for interest expense is an analytical procedure that consists of analyzing recorded
interest expense to isolate amounts recorded for the notes with the largest principal balances and comparing those
amounts with the amount calculated by applying rates for the individual notes to average principal balances
outstanding. Assume further that the auditor believes the expectation underlying the analytical procedure has most
of the required precision, and to provide additional assurance about the valuation/allocation assertion for interest
expense, the auditor computes an overall effective interest rate and compares it with the prioryear overall effective
interest rate, with the expectation that the two rates will not differ significantly. The auditor has therefore used two
analytical procedures as substantive tests of the valuation/allocation assertion for interest expense. However, the
first analytical procedure provides most of the assurance and is therefore the primary substantive test of the
assertion. In this case, the second test would not be a principal substantive test and would not be subject to the
same documentation requirements as the first one. In those instances, the detail of documentation will vary with the
circumstances, including the materiality of the recorded amount, the assessed risk of material misstatement, and
the level of assurance desired from the analytical procedure.
Documentation Required
The auditor needs to document the performance of analytical procedures that involve the development of an
expected amount. The auditor needs to document calculations of ratios. Some auditors may prefer to use elec
tronic spreadsheets. By using such a spreadsheet, once the information is captured, all computations and compar
isons can be automated. PPC's Workpapers includes a set of automated spreadsheet templates. These templates
include a number of the analytical ratios. PPC's Workpapers can be ordered by calling your Thomson Reuters
representative at (800) 3238724.

167

Companion to PPC's Guide to Audits of Nonprofit Organizations

168

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
6. As part of her audit, Joan inspects documents supporting cash disbursements to determine if they were
recorded properly. What type of test of details has she performed?
a. Test of transactions.
b. Test of balances
c. Test of controls.
7. Which of these statements best describes substantive analytical procedures?
a. They are required in all audits of financial statements.
b. They are made up of a finite set of ratios and procedures
c. They are focused on particular account balances.
d. They are part of the final review of the financial statements.
8. When devising substantive analytical procedures, what information should auditors gain from talking with their
clients' operating personnel?
a. A comparison of how a client's performance compares to that of other similar nonprofit organizations.
b. An enhanced understanding of significant transactions and events that affect the financial statements.
c. A working knowledge of key factors affecting the client's account balances and the stability of plausible
relationships.
d. A feel for how the nonprofit organization really works and an understanding of the information
management uses when running operations.
9. Which auditor dealt with his scenario in the most appropriate way?
a. Dave assesses the risk of material misstatement as high for his audit; accordingly, he relies exclusively on
substantive analytical procedures to provide his audit evidence.
b. Greg uses nonfinancial data obtained from an independent outside source as audit evidence as opposed
to using the internal data supplied by management.
c. An account balance for Jim's audit consists of a small number of large items, so Jim relies primarily on
substantive analytical procedures for his audit evidence.
d. In an audit that requires a precise expectation, Karl performs substantive analytical procedures on annual
support and revenue instead of breaking it down into monthly amounts.
10. Which statement below indicates a valid analytical procedure applied to a nonprofit organization?
a. Understatement of contributions would best be detected by confirming promises to give.
b. Tracing from contribution records to recorded contributions is a good test for detecting overstatement of
contributions
c. Testing the relationship of contribution revenue to fundraising expenses.
169

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

11. Ethel determines during the course of her audit that there is a risk that management has cooked the books.
How could she proceed?
a. She could devise substantive analytical procedures that prove whether potential misstatements were
caused by fraud.
b. She could use certain specific ratios developed by her firm that will catch fraud in any client's financial
statements.
c. She could find a comparable entity to make analytical comparisons with client data to help her identify any
unexpected relationships.
d. The substantive analytical procedures she needs to devise are those that compare actual cash flow with
recorded accrued amounts.
12. Canyon Ranch Church is the largest growing church in the state of Montana. Two Sunday morning services
and one Saturday evening service were added in 2007 as well as ten new support groups or church programs.
When Kelly audits Canyon Ranch Church, what substantive analytical procedure would give her the best
information about fraud or cooking the books related to the organization's annual contribution revenue?
a. Studying the number of Sunday School students and resources provided for classes.
b. Studying trends of congregation growth in other churches in the area.
c. Studying the number of employees and the hours worked.
d. Studying the attendance at each service.
13. While auditing Healthy Lives Org, Cindy must identify and evaluate significant accounting estimates made by
management. Which substantive analytical procedure would be appropriate in this instance?
a. Scanning the aging, considering the historical trends of chargeoffs related to the age category, and then
computing the ratio of days sales in receivables and comparing it to the prior year.
b. Scanning credit entries to promises to give for June and July of the next fiscal year and supplementing
ratios and amounts with inquiries of development department personnel about unusual promises to give
pledged close to year end.
c. Performing a comparison of the actual currentyear June promises to give to the budget.
d. Analyzing recorded interest expense to isolate amounts with the largest principal balances that were
recorded in the notes and comparing them with an amount calculated by applying rates to each note.
14. During the course of her audit, Rachel discovers a significant difference between her expectation and the
amount of an account balance, but upon further examination of the analytical procedures Rachel determines
that her expectation is precise enough. Which of the following best illustrates how she should proceed?
a. She should reduce the degree of assurance from her analytical procedures and apply additional
procedures.
b. She should perform additional inquiry and analysis to determine if there is a risk of misstatement due to
the difference.
c. She should request an explanation of the difference from her client's management or the accounting
department.
d. She should begin treating the difference as a misstatement and post it to the summary of audit differences.
170

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
6. As part of her audit, Joan inspects documents supporting cash disbursements to determine if they were
recorded properly. What type of test of details has she performed? (Page 156)
a. Test of transactions. [This answer is correct. Like Joan does in the example above, tests of
transactions test the processing of individual transactions.]
b. Test of balances. [This answer is incorrect. Tests of balances are applied directly to balance details in the
general ledger accounts. An example of this kind of test would be if Joan confirmed an investment in
securities with the custodian.]
c. Test of controls. [This answer is incorrect. Though some auditors equate tests of controls with tests of
details, the difference is the objective of the test. Merely because a transaction or balance is tested does
not mean a test is a test of controls; however tests of controls can be performed at the same time as tests
of details.]
7. Which of these statements best describes substantive analytical procedures? (Page 158)
a. They are required in all audits of financial statements. [This answer is incorrect. Preliminary and overall
review analytical procedures are both required parts of an audit, but the use of substantive analytical
procedures is up to the discretion of the auditor.]
b. They are made up of a finite set of ratios and procedures. [This answer is incorrect. No analytical
procedures are considered exclusively substantive analytical procedures. The same ratios, procedures,
and relationships can be used as preliminary, substantive, and overall review analytical procedures.]
c. They are focused on particular account balances. [This answer is correct. The auditor should have
already assessed the risk of misstatement with respect to a particular account balance and then
decided that the substantive analytical procedures are likely to provide reasonable assurance that
the balance is not materially misstated.]
d. They are part of the final review of the financial statements. [This answer is incorrect. Overall review
analytical procedures, not substantive analytical procedures, are part of the final review of the financial
statements. They help the auditor ensure that the numbers make sense.]
8. When devising substantive analytical procedures, what information should auditors gain from talking with their
clients' operating personnel? (Page 160)
a. A comparison of how a client's performance compares to that of other similar nonprofit organizations. [This
answer is incorrect. Auditors can determine this information by identifying comparables between their
client and other nonprofits of similar size, geographic location, and demographic makeup.]
b. An enhanced understanding of significant transactions and events that affect the financial
statements. [This answer is correct. Such conversations might also corroborate any riskassess
ment conclusions made by the auditor, lead to improvements developing expectations of recorded
amounts, and more insightful evaluations of any differences from those expectations.]
c. A working knowledge of key factors affecting the client's account balances and the stability of plausible
relationships. [This answer is incorrect. Auditors will find out this information by considering their clients'
budgetary processes.]
d. A feel for how the nonprofit organization really works and an understanding of the information
management uses when running operations. [This answer is incorrect. Auditors can get this information
by asking management about the relationships, ratios, and external and internal data it finds useful in
identifying and monitoring risks.]
171

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

9. Which auditor dealt with his scenario in the most appropriate way? (Page 160)
a. Dave assesses the risk of material misstatement as high for his audit; accordingly, he relies exclusively on
substantive analytical procedures to provide his audit evidence. [This answer is incorrect. Generally, when
risk of misstatement is assessed at a higher level, substantive analytical procedures must be more effective
to be relied on; therefore, in this situation, unless he has very highly effective analytical procedures, Dave
should rely on tests of details instead.]
b. Greg uses nonfinancial data obtained from an independent outside source as audit evidence as
opposed to using the internal data supplied by management. [This answer is correct. Greg has
properly used his professional skepticism by seeking more reliable data, which will allow him to
achieve greater precision in his audit. Data from an independent source outside of the client is more
reliable than internal data.]
c. An account balance for Jim's audit consists of a small number of large items, so Jim relies primarily on
substantive analytical procedures for his audit evidence. [This answer is incorrect. If the account balance
consisted of a large number of small items, substantive analytical procedures would be more helpful, all
other things being equal. In this instance, Jim would generally be better off using tests of details.]
d. In an audit that requires a precise expectation, Karl performs substantive analytical procedures on annual
support and revenue instead of breaking it down into monthly amounts. [This answer is incorrect.
Generally, breaking the recorded amount down into more predictive components would make it easier for
an auditor in Karl's position to develop a more precise expectation.]
10. Which statement below indicates a valid analytical procedure applied to a nonprofit organization? (Page 161)
a. Understatement of contributions would best be detected by confirming promises to give. [This answer is
incorrect. This test would be used to detect overstatements of contributions. Another test for overstatement
of contributions would be to trace from recorded promises to give to the contribution records.]
b. Tracing from contribution records to recorded contributions is a good test for detecting overstatement of
contributions. [This answer is incorrect. This test would be used to detect understatements of
contributions.]
c. Testing the relationship of contribution revenue to fundraising expenses. [This answer is correct.
The predictable relationship between these accounts makes this a good analytical procedure.]
11. Ethel determines during the course of her audit that there is a risk that management has cooked the books.
How could she proceed? (Page 163)
a. She could devise substantive analytical procedures that prove whether potential misstatements were
caused by fraud. [This answer is incorrect. Generally, substantive analytical procedures will not provide
enough evidence to resolve the issue of potential material misstatement; however, they are both efficient
and effective means of directing an auditor's attention to account balances that require more
investigation.]
b. She could use certain specific ratios developed by her firm that will catch fraud in any client's financial
statements. [This answer is incorrect. There are no ratios or relationships that will magically work for all
clients. Ethyl will have to devise her own substantive analytical procedures that will be effective in the
context of her client and her client's industry.]
c. She could find a comparable entity to make analytical comparisons with client data to help her
identify any unexpected relationships. [This answer is correct. Because Ethyl has determined there
is a greater than normal risk of cooking the books, finding a comparable entity could be extremely
helpful. She also must make sure she has a solid understanding of her client's operations so she
can recognize anything unusual.]
172

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

d. The substantive analytical procedures she needs to devise are those that compare actual cash flow with
recorded accrued amounts. [This answer is incorrect. Such procedures would generally be useful, as
would comparisons of the total recorded amount with the portion dependent on a subjective estimate;
however, to ensure the most effectiveness, Ethyl will need to design substantive analytical procedures that
are specific to her client and her client's industry.]
12. Canyon Ranch Church is the largest growing church in the state of Montana. Two Sunday morning services
and one Saturday evening service were added in 2007 as well as ten new support groups or church programs.
When Kelly audits Canyon Ranch Church, what substantive analytical procedure would give her the best
information about fraud or cooking the books related to the organization's annual contribution revenue?
(Page 163)
a. Studying the number of Sunday School students and resources provided for classes. [This answer is
incorrect. This could be used for analysis of expenses. It would not be an effective procedure in Kelly's
situation.]
b. Studying trends of congregation growth in other churches in the area. [This answer is incorrect. Studying
trends related to congregation growth would not help discover fraud in Canyon Ranch Church's audit
related to contribution revenue.]
c. Studying the number of employees and the hours worked. [This answer is incorrect. This could be a valid
analytical procedure in some instances, but labor comparisons would not be helpful in the Canyon Ranch
Church audit.]
d. Studying the attendance at each service. [This answer is correct. Because the church is growing,
attendance is increasing. By comparing the trend in attendance growth to recorded contribution
revenue, Kelly can identify account balances with a risk of misstatement due to fraud.]
13. While auditing Healthy Lives Org, Cindy must identify and evaluate significant accounting estimates made by
management. Which substantive analytical procedure would be appropriate in this instance? (Page 164)
a. Scanning the aging, considering the historical trends of chargeoffs related to the age category, and
then computing the ratio of days sales in receivables and comparing it to the prior year. [This answer
is correct. Testing the reasonableness of an accounting estimate will often include a combination
of tests such at those listed here.]
b. Scanning credit entries to promises to give for June and July of the next fiscal year and supplementing
ratios and amounts with inquiries of development department personnel about unusual promises to give
pledged close to year end. [This answer is incorrect. This is an example of analytical procedures that could
be used as rollforward procedures when the auditor performed work at an interim date. Since Cindy is
trying to verify the accounting estimate in this scenario, these procedures would not be helpful.]
c. Performing a comparison of the actual currentyear June promises to give to the budget. [This answer is
incorrect. If Cindy performed work at an interim date and needed rollforward procedures to complete her
audit of Healthy Lives Org, these procedures would be options; however, they are not applicable to
verification of the accounting estimate.]
d. Analyzing recorded interest expense to isolate amounts with the largest principal balances that were
recorded in the notes and comparing them with an amount calculated by applying rates to each note. [This
answer is incorrect. This would give Cindy the average principal balances outstanding and would be of
use if he were testing the valuation/allocation assertion for interest expense. It would not be useful in
Cindy's current situation.]

173

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

14. During the course of her audit, Rachel discovers a significant difference between her expectation and the
amount of an account balance, but upon further examination of the analytical procedures Rachel determines
that her expectation is precise enough. Which of the following best illustrates how she should proceed?
(Page 165)
a. She should reduce the degree of assurance from her analytical procedures and apply additional
procedures. [This answer is incorrect. This would be an option for Rachel if she determined that her
expectation was not effective enough and needed to be refined.]
b. She should perform additional inquiry and analysis to determine if there is a risk of misstatement
due to the difference. [This answer is correct. This additional inquiry and analysis should allow
Rachel to determine if the risk of misstatement based on the difference is acceptable or not.]
c. She should request an explanation of the difference from her client's management or the accounting
department. [This answer is incorrect. If the difference is deemed significant, Rachel would need to find
an explanation; however, if an explanation is needed, she should try to obtain it from someone unrelated
to the financial statement preparation.]
d. She should begin treating the difference as a misstatement and post it to the summary of audit differences.
[This answer is incorrect. A difference should not be treated as a misstatement immediately. There are
steps Rachel must complete before she can decide whether the difference is an actual misstatement.]

174

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

OTHER SUBSTANTIVE PROCEDURES RELATED ISSUES
The Use of Audit Evidence from Prior Periods
The ability to use audit evidence from the performance of substantive procedures in a prior audit is highly restricted.
SAS No. 110 (AU 318.64) states that this evidence is not sufficient to reduce detection risk to an acceptably low
level in the current period" and observes that in most cases it provides little or no evidence for the current period."
SAS No. 110 provides one example of an instance in which audit evidence obtained from the performance of
substantive procedures in a prior period may be relevant in the current period: prior audit evidence substantiating
the purchase cost of a building or building addition. This example is the common audit approach to auditing
property and equipment by substantiating the changes to the beginning balance additions and retirements to
reach a conclusion about the ending balance. Before using audit evidence obtained from the performance of
substantive procedures in a prior audit, the auditor should perform audit procedures during the current period to
establish the continuing relevance of the audit evidence. (SAS No. 106, AU 326.24)
Responding to Fraud Risks
The auditor is responsible for designing the audit to detect material misstatements, whether caused by error or
fraud. The auditor does not routinely select procedures designed solely to detect fraud in ordinary circumstances.
However, SAS No. 99, Consideration of Fraud in a Financial Statement Audit (AU 316), requires the auditor to
specifically identify and assess risks of material misstatement due to fraud and develop an appropriate response.
Based on the auditor's assessment of fraud risks, he or she may alter the nature of procedures performed (that is,
apply additional procedures designed to detect fraud), or alter the timing or extent of procedures performed. The
auditor may also require more or different evidence to support material transactions or balances than would be the
case if the auditor did not identify any specific fraud risks. In addition, SAS No. 99 also requires auditors to perform
certain specific procedures to address the risk of management override of controls, including examining the entity's
journal entries and other adjustments, reviewing accounting estimates for bias, and evaluating the business
rationale for significant unusual transactions.
Overall Responses. Auditors generally use overall responses to address fraud risks that are pervasive to the
financial statements. Overall responses affect the audit strategy (that is, the way the audit is conducted). Because
there is always at least one identified fraud risk (the risk of management override of controls), certain overall
responses are required in every audit.
Specific Responses. Specific responses to fraud risks involve the nature, timing, and extent of auditing proce
dures. Specific responses at the account balance, transaction class, or financial statement assertion level will vary
depending on the types and combinations of fraud risks identified and the account balances, classes of transac
tions, or assertions that may be affected. Responses may involve both substantive procedures and tests of
controls. However, tests of controls alone generally will not reduce audit risk to an appropriately low level because
of the risk that management may override controls; therefore, tests of controls alone are generally not sufficient to
respond to fraud risks.
When responding to fraud risks, the auditor may need to modify the nature, timing, and extent of audit procedures
in the following ways:
The nature of audit procedures may be modified to obtain more reliable evidence (such as evidence from
independent sources outside the entity or evidence from tests of details rather than analytical procedures)
or additional corroboration.
The timing of audit procedures may be modified to perform more substantive procedures at yearend (for
example, if interim audit procedures are planned, but there are unusual incentives for management to
engage in fraudulent financial reporting). Also, substantive tests of transactions throughout the year may
be performed to respond to the risk of fraud perpetrated during the period.
The extent of audit procedures may be modified through larger sample sizes or by performing analytical
procedures at a more detailed level to achieve a higher degree of precision.
175

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

If inherent risk is assessed at high because of the presence of fraud risks, the auditor might decide to increase the
extent of procedures (for example, by performing analytical procedures at a more detailed level, obtaining a higher
percentage of coverage when performing scope testing, or increasing sample sizes). A more likely response,
however, might be to modify the nature of audit procedures in the area of concern rather than the extent. Examples
of specific responses affecting the nature, timing, and extent of procedures are included in Exhibit 12.
Exhibit 12
Examples of Specific Responses to Fraud Risks
Nature of Audit Procedures
Obtain evidence from more independent sources.
Perform more physical observation and inspection procedures.
Contact major suppliers, donors, or contributors orally.
Review of correspondence with donor.
Send confirmation requests to a specific party in an organization.
Confirm additional information from donors such as restrictions on donations.
Seek more or different information.
Use computerassisted audit techniques to gather more extensive evidence or perform different types of tests.
Perform a different combination of tests of details and analytical procedures, using more focused analytical
procedures, such as using programspecific budgets.
Interview personnel involved in areas where identified fraud risks exist to obtain their insights about the risk and
whether or how controls address the risk.
If the work of specialists is especially significant to the financial statements, engage another specialist or perform
additional procedures on the assumptions, methods, and findings.
Confirm with donors or grantors relevant grant or contract terms and the absence of side agreements. (Possibly
confirm both orally and in writing.)
Apply additional procedures during inventory observation, such as more rigorously examining product
contents or quality, or the way boxes are stacked.
Apply additional procedures to inventory tags, count sheets, etc.
Obtain a further understanding of and test controls over assets that are highly prone to misappropriation, the
receipt of noncash asset contributions, or direct contact solicitations.
Timing of Audit Procedures
Confirm promises to give at year end rather than at interim.
Perform certain procedures on a surprise or unannounced basis.
Observe inventory at all locations at once.
Request physical inventories to be taken at or near year end.
Apply substantive procedures to transactions occurring throughout the period under audit.
Extent of Audit Procedures
Increase sample sizes.
Obtain a higher percentage of coverage when performing scope testing, for example, by reducing the scope
for detail tests of expense accounts.
Observe inventory at special locations or all locations.
When using the work of other auditors, discuss with them the extent of work needed to address identified fraud
risks resulting from transactions and activities involving the two entities or components.
Additional testing of inventory tags, count sheets, etc.
Performing more analysis and testing the support for all assumptions underlying allocation or costs to a
program.
Perform substantive analytical procedures, including the development of an expected dollar amount, using
disaggregated data to achieve a high level of precision.
Use computerassisted audit techniques to test an entire population instead of a sample.

*

*
176

*

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Professional Skepticism. When gathering and evaluating audit evidence in response to identified fraud risks,
auditors must maintain an appropriate degree of professional skepticism. Examples of applying professional
skepticism in response to risks of material misstatement due to fraud include:
An increased recognition of the need to corroborate client explanations or representations (for example,
through further analytical procedures, thirdparty confirmation, examination of independent documenta
tion, or discussions with others within or outside the entity).
Performing additional or different auditing procedures to obtain more reliable evidence in support of the
auditor's objectives.
Responding to the Risk of Misappropriation of Assets. Auditors may be faced with unique considerations when
determining how to respond to the risk of material misstatement due to misappropriation of assets. The auditor's
response most likely will be directed at a specific account balance or transaction class. Responding to an apparent
risk of misappropriation can be challenging. Misappropriation of immaterial amounts may be relatively common,
but it is less common for misappropriation to occur in amounts considered material to financial statements.
When a client has assets that are particularly susceptible to misappropriation (such as large amounts of cash on
hand or other assets that are valuable and easily stolen) and the auditor has concluded there is a risk of material
misstatement of the financial statements due to misappropriation, an appropriate audit response generally would
be to perform extensive substantive testing of the balance recorded in the financial statements. That may include
physically inspecting the assets at or near year end. The auditor also might want to examine accounts in which
misappropriation could be concealed, such as accounts with a large number of small debit transactions. Substan
tive analytical procedures using expectations developed with a high degree of precision also may be effective. In
some cases, the auditor might decide it is necessary to test the effectiveness of controls designed to prevent or
detect such misappropriation. Deciding which procedures are necessary is left to the judgment of the auditor. SAS
No. 99 (AU 316.56) states that the scope of work should be linked to the specific information about the misappropri
ation risk that has been identified.
In many entities, one of the primary fraud risks is fraudulent, unauthorized disbursements (for example, bookkeep
ers writing checks to themselves). Many small nonprofit organizations are particularly susceptible to such fraud
because of a lack of segregation of duties. If the auditor concludes there is a risk that such disbursements may
occur in amounts that could result in material misstatement of the financial statements, an audit response is
required. Substantive tests of the cash balance recorded in the financial statements may not be sufficient to
respond to a material risk of fraudulent cash disbursements. However, in some cases, when such fraud occurs, it
does not involve amounts material to the financial statements. In addition, practitioners disagree on whether
financial statements actually are misstated if such disbursements are recorded as expenses.
Generally, the auditor will consider the client's controls over disbursements, such as the following:
Segregation of duties and effective management oversight (for example, a senior officer or volunteer board
treasurer receives the bank statement unopened).
Authorization and approval of transactions (for example, in purchasing or payroll disbursements).
If, after considering controls and the risk that fraudulent disbursements could be material to the financial state
ments, the auditor determines that an additional audit response is necessary, the following procedures might be
considered:
Reviewing selected disbursements for unusual payees, signatures, or endorsements.
Reviewing vendor lists for unusual patterns.
Performing analytical procedures to determine the propriety of functional expense allocations (such as
comparisons of current year allocations to prior year allocations and to budgeted amounts).
Reviewing payroll registers for unusual items.
177

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Performing paymaster procedures (that is, distributing payroll checks or observing their distribution).
Proof of cash.
As previously noted, deciding which procedures are necessary is left to the judgment of the auditor.
Regardless of the auditor's judgments about whether the risk of material, fraudulent disbursements is an identified
fraud risk, the auditor should communicate significant deficiencies in accordance with professional standards. In
addition, the auditor should consider working with the client, when necessary, to establish effective controls over
disbursements.
Responses to Further Address the Risk of Management Override of Controls. Because management has the
ability to override controls that may otherwise appear to be operating effectively, and because that occurrence is
unpredictable, SAS No. 99 requires auditors to address that risk. In addition to the auditor's overall and specific
responses to identified fraud risks, SAS No.99 requires auditors to perform the following procedures to further
address the risk of management override of controls:
Examine the entity's journal entries and other adjustments.
Review accounting estimates for bias.
Evaluate the business rationale for significant unusual transactions.
Examining Journal Entries. Auditors should examine both journal entries recorded in the general ledger and other
adjustments (such as postclosing or reclassifying entries) made in preparing the financial statements. Practice
Alert 200302, Journal Entries and Other Adjustments," provides guidance on the design and performance of audit
procedures to meet the requirements in SAS No. 99 for tests of journal entries and other adjustments. Examining
the entity's journal entries involves obtaining an understanding of the entity's financial reporting process and the
controls over journal entries and other adjustments, selecting entries for testing, and determining the nature and
timing of tests. Auditors should also make inquiries of employees involved in financial reporting about the possibil
ity of unusual or improper journal entry activity, including unsupported entries, and specifically whether they have
been asked to make such entries. Tests ordinarily should focus on entries made at or near year end. Auditors also
may consider scanning the general ledger immediately following year end for unusual entries, including entries that
were reversed at the beginning of the subsequent period. Auditors should consider placing greater emphasis on
entries not subject to the entity's normal internal controls (such as nonrecurring and postclosing entries).
Exhibit 13
Indications of Unusual Journal Entries in General Ledger Accounts
Unusual Condition

Examples

Unexpected posting source.

Postings to revenue accounts from
unusual sources.
Postings to accounts payable from
other than purchases and cash dis
bursements.

Unexpected debits or credits.

Credit postings in expense accounts.
Debit postings in revenue accounts.

Unexpected combination of accounts.

Debit to a reserve and credit to
revenue.
Debit to longterm debt and credit to
interest income.
Debit to depreciation and credit to
revenue.

178

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Unusual Condition

Examples

Unusually large or small dollar amounts
based on normal activity in an account.

Large credits to contribution revenue
accounts when only small donations
are normal.
Numerous small debit adjustments
to expense accounts.

Unusually large or small numbers of
entries based on normal activity in an
account.

Expected entries are missing.
Large numbers of journal entries in
accounts with very little transaction
activity.

Dollar amounts appear suspicious.

Entries containing rounded num
bers.
Entries containing consistent ending
numbers.

*

*

*

Another procedure that is important in detecting unusual changes in account balances that may reflect inappropri
ate journal entries is to ensure that the trial balance provided to the auditor agrees with the entity's general ledger.
If the client prepares the financial statements, the auditor should reconcile the trial balance with the financial
statements.
Auditors can document the review of journal entries by (a) describing the procedures used to establish the
population of journal entries was complete, (b) describing the method used to select journal entries for examina
tion, and (c) identifying the specific journal entries examined.
Reviewing Accounting Estimates. SAS No. 107 (AU 312.58) suggests that the auditor consider the possibility of
management bias in the development of accounting estimates. In other words, an auditor should consider whether
differences between estimates best supported by the audit evidence, and the estimates included in the financial
statements that are individually reasonable, indicate (in the aggregate) a possible bias on the part of management.
In that case, the auditor should consider whether other recorded estimates reflect a similar bias and perform
additional procedures to address those estimates. For example, do the allowance for uncollectible promises to
give, present value calculation for such promises, and measurement of noncash contributions all indicate a similar
bias?
SAS No. 99 further requires auditors to perform a retrospective review of significant prioryear accounting esti
mates. The intent of the review is not to question the client's or the auditor's judgment in the prior year, but to
determine, with the benefit of hindsight, whether the underlying assumptions in the prior year might indicate
possible bias on the part of management. The review may provide additional information about whether the current
year's estimates could be biased.
Evaluating Significant Unusual Transactions. SAS No. 99 requires auditors to gain an understanding of the
business rationale for significant unusual transactions. Understanding the rationale (or lack thereof) for transac
tions outside the normal course of operations may provide an indication that transactions were entered into for the
purpose of engaging in fraudulent financial reporting or to conceal misappropriation. In evaluating business
rationale, auditors should consider whether:
The transaction is overly complex in relation to its stated purpose.
Management is overly concerned that the transaction receives a particular accounting treatment.
The transaction involves previously unidentified related parties.
179

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

The parties to the transaction lack economic substance.
The transaction and the manner of accounting have been reviewed and approved at an appropriate level,
such as by the governing board or audit committee (if the organization has one).
The transaction makes business sense from the perspective of the other party.
Effect on Audit Programs. The auditor may respond to fraud risks using basic procedures; however, consider
ation should be given to increasing the extent of those procedures. If the auditor chooses to respond to fraud risks
by changing the nature of his or her auditing procedures, the additional procedures to many of the core audit
programs include procedures the auditor may consider performing in response to his or her assessment of fraud
risks.
Auditors use professional judgment in determining the nature, timing, and extent of the procedures that should be
performed to respond to identified fraud risks. Due to the nature of fraud and the methods in which it may be
committed, it is not possible to develop a comprehensive set of standardized procedures that should be performed
in response to an auditor's assessment of fraud risks. In some cases, the auditor may need to develop his or her
own procedures in response to specific facts and circumstances of the engagement.
Documenting Fraud Risk Responses. SAS No. 99 (AU 316.83) requires the auditor to document responses to
risks of material misstatement due to fraud. The auditor is required to document the following:
The responses to identified fraud risks.
The results of procedures to address the risk of management override of controls.
Additional conditions, if any, requiring a response and the response(s) to those conditions.
The SAS does not require a onetoone correlation between risks and responses. That is, one response may
address several fraud risks, and one risk may require several responses. The responses to identified fraud risks
may be documented individually or in combination.
Completeness the Elusive Assertion
Another relatively complex and somewhat controversial issue is how to test the completeness assertion. Some
auditors believe that sufficient audit evidence about completeness cannot be obtained without some tests of
controls because substantive procedures are not very effective in testing completeness. In particular, they believe
that controls are needed to assure the recording of all transactions that should be recorded. In a small nonprofit
organization, lack of segregation of duties may preclude testable completeness controls. Does that mean that such
a small nonprofit organization is unauditable? Not necessarily. An AICPA auditing interpretation (AU 326.24.27)
states that a reduced assessment of control risk is not required to satisfy audit objectives about the completeness
assertion (except for some transactions, such as cash revenues of a retailer, casino, or charitable organization,
where it may be difficult to limit audit risk without relying on the operating effectiveness of controls).
The auditing interpretation states that if the auditor believes there is a risk that transactions have been improperly
omitted from the financial statements, the auditor should restrict that risk by performing some substantive proce
dures to obtain evidence about the completeness assertion. The substantive procedures will be either analytical
procedures or tests of related populations. (A related population is an account balance or transaction class other
than the one being assessed for completeness that would be expected to contain evidence of whether all transac
tions are included in the balance or class being assessed.) The following paragraphs discuss procedures that are
ordinarily effective.
Procedures Related to Completeness. A variety of procedures are available that provide evidence relevant to
completeness. Some provide direct evidence that for a particular account balance or class of transactions there is
reasonable assurance of completeness. Others are less direct but increase an auditor's confidence that the
financial reporting system has captured all transactions. These procedures are as follows:
a. Observation and Inquiry. To obtain information about the control consciousness of management, the
competence and integrity of employees, and the condition of the accounting records and operation of the
financial reporting system.
180

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

b. Analytical Procedures. To obtain information about the reasonableness and completeness of account
balances and the totals of classes of transactions.
c. Tests of Details of Transactions. To obtain direct evidence that a population of accounting data is complete.
d. Management Representations. To obtain corroboration from management on the completeness of
recorded transactions and other relevant representations. Although management representations are not
a substitute for other audit procedures and, according to the audit interpretation, may not be solely relied
on, the representations can complement other procedures.
Use of these procedures is explained in the following discussion.
Observation and Inquiry. By touring a client's facilities and observing it in operation, an auditor can gain a general
impression of operating efficiency and effectiveness. An auditor can see whether the level of activity observed is
what would generally be expected for the activity shown in the accounting records. Assets on hand can be
inspected and compared to recorded amounts. Also, an auditor can, by observing and asking questions, gain an
impression of the control consciousness of management and the general level of competence and integrity of
employees. Does management demonstrate a concern for control by performing important approval and checking
functions? Do accounting personnel understand their duties and appear mindful of controlling the quality of their
work? Is there a formal accounting system with a chart of accounts and clear lines of responsibility for accounting
personnel? These procedures are tests of controls. However, observation and inquiry usually provide evidence that
controls were in operation only during the period observed, not the entire audit period. Thus, these procedures
alone are not usually sufficient to support an assessment of control risk at moderate or low.
Analytical Procedures. In some cases, operating data independent of the accounting records may be used to test
completeness. An account balance, in some cases, might be sufficiently tested by computation. A comparison of
investment income to average investments tests whether all income earned on investments is recorded, and
average pay times the number of employees may substantiate that all salaries are recorded. Membership fee
revenue can be related to total members; also if available, industry averages for expense to sales ratios might
detect unrecorded sales.
Tests of Details of Transactions. A basic condition for effective tests of transactions is some type of formal
financial reporting system. Documents that are the initial record of transactions should be sequentially numbered
as soon as possible; the documents should preferably be prenumbered, and all numbers should be accounted for
after processing. Control totals and transaction logs or registers also contribute to assuring completeness if totals
are reconciled at various stages in processing. An auditor can inspect the client's use of those means of assuring
completeness or make independent tests of the sequence of prenumbered documents and reconciliation of totals.
Files of open items, such as open purchase orders and open sales orders, provide some assurance of complete
ness if the open items are periodically matched with transactions and deleted when processing is done.
Unmatched items could indicate uncompleted transactions or unrecorded transactions. An auditor can also
perform tests to reconcile recorded transactions with the record of physical movement to test completeness. For
example, an auditor can trace records of goods received to amounts recorded as purchase transactions. Note that
the direction of testing is from the independent evidence of the transaction to the accounting record.
Management Representations. In every audit of financial statements, an auditor is required by SAS No.85 to
obtain certain written representations from management. Those representations cannot substitute for audit proce
dures necessary to obtain sufficient audit evidence, but they can complement those procedures. A written repre
sentation on the availability of all financial records and related data is ordinarily included and, for a small nonprofit
organization, the authors believe it is generally advisable to obtain a representation that there are no undisclosed
liabilities or transactions. In some cases, representations on specific transactions may be advisable.

181

Companion to PPC's Guide to Audits of Nonprofit Organizations

182

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
15. Which of the following statements best illustrates a strategy auditors can use when responding to fraud risks?
a. Overall responses are only necessary if fraud risk is deemed high.
b. Tests of controls alone can reduce fraud risk to acceptably low levels.
c. Specific responses vary based on the types of fraud risk identified and what they affect.
d. Increasing the extent of procedures is the most likely response to high fraud risk.
16. Which of the following specific responses to fraud risk changes the timing of the audit procedures?
a. Observe inventory at all locations at once.
b. Send confirmation requests to a specific party in an organization.
c. Contact major suppliers, donors, or contributors orally.
d. Use computerassisted audit techniques to test the entire population.
17. As part of her audit, Tabitha must examine her client's journal entries. In which of the following instances has
she acted appropriately?
a. Tabitha focuses her examination solely on journal entries that occur in the general ledger.
b. Tabitha focuses her tests on journal entries made during the entity's highest grossing quarter.
c. Tabitha places the greatest emphasis on entries subject to the client's normal internal controls.
d. Tabitha obtains an understanding of the financial reporting process and related controls.
18. During her examination of the general ledger accounts, Kim notices credit postings in expense accounts. What
unusual condition could these credits indicate?
a. Unexpected credits or debits.
b. Dollar amounts appear suspicious.
c. Unexpected posting source.
d. Unexpected combination of accounts.
19. Jordan must test the completeness assertion during his audit. What type of procedure would best allow him
to obtain direct evidence that the population of accounting data is complete?
a. Observation and inquiry.
b. Analytical procedures.
c. Tests of details of transactions.
d. Management representations.
183

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
15. Which of the following statements best illustrates a strategy auditors can use when responding to fraud risks?
(Page 175)
a. Overall responses are only necessary if fraud risk is deemed high. [This answer is incorrect. Generally,
overall procedures are used to address fraud risks that are pervasive to the financial statements. Certain
overall responses will be required in every audit, as there will always be at least one identified fraud
risk risk of management override of controls.]
b. Tests of controls alone can reduce fraud risk to acceptably low levels. [This answer is incorrect. Generally,
this will not be the case, as management could override controls. Substantive procedures should be used
in addition to tests of controls.]
c. Specific responses vary based on the types of fraud risk identified and what they affect. [This
answer is correct. The combinations and types of fraud risk and the account balances, transaction
classes, and assertions that the fraud risk may affect can vary, so the specific responses will also
vary. Specific responses involve the nature, extent, and timing of auditing procedures.]
d. Increasing the extent of procedures is the most likely response to high fraud risk. [This answer is incorrect.
The more likely response might be to modify the nature of the audit procedures in the area of concern
instead of modifying the extent of the procedures.]
16. Which of the following specific responses to fraud risk changes the timing of the audit procedures? (Page 176)
a. Observe inventory at all locations at once. [This answer is correct. This response changes the timing
of the audit procedures. Another example would be to confirm receivables at year end instead of
at an interim date.]
b. Send confirmation requests to a specific party in an organization. [This answer is incorrect. This response
to fraud risk affects the nature of the audit procedure.]
c. Contact major suppliers, donors, or contributors orally. [This answer is incorrect. The nature of the audit
procedure would be changed if the auditor chose to use this specific response to fraud risk.]
d. Use computerassisted audit techniques to test the entire population. [This answer is incorrect. This
response would affect the extent if the audit procedure, not the timing.]
17. As part of her audit, Tabitha must examine her client's journal entries. In which of the following instances has
she acted appropriately? (Page 178)
a. Tabitha focuses her examination solely on journal entries that occur in the general ledger. [This answer is
incorrect. She should also study other adjustments, such as reclassifying or postclosing entries.]
b. Tabitha focuses her tests on journal entries made during the entity's highest grossing quarter. [This answer
is incorrect. Ordinarily, Tabitha should focus on entries made at year end or immediately following year
end.]
c. Tabitha places the greatest emphasis on entries subject to the client's normal internal controls. [This
answer is incorrect. She should put a greater emphasis on entries that are not subject to the client's normal
internal control process (e.g., postclosing or nonrecurring entries).]
d. Tabitha obtains an understanding of the financial reporting process and related controls. [This
answer is correct. Tabitha must have this understanding to accurately examine the journal entries.
184

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

The process of examining journal entries also includes selecting entries for testing and determining
the nature, timing, and extent she should use for the tests.]
18. During her examination of the general ledger accounts, Kim notices credit postings in expense accounts. What
unusual condition could these credits indicate? (Page 178)
a. Unexpected credits or debits. [This answer is correct. Another example of this unusual condition
would be debit postings in revenue accounts. Such unexpected credits or debits should alert Kim
that further investigation is warranted.]
b. Dollar amounts appear suspicious. [This answer is incorrect. An example of this condition would be entries
containing rounded numbers or numbers that end consistently.]
c. Unexpected posting source. [This answer is incorrect. Postings to revenue accounts from unusual sources
would be an example of this unusual condition.]
d. Unexpected combination of accounts. [This answer is incorrect. If Kim noticed a debit to a reserve and a
credit to revenue, she would have noticed an unexpected combination of accounts.]
19. Jordan must test the completeness assertion during his audit. What type of procedure would best allow him
to obtain direct evidence that the population of accounting data is complete? (Page 180)
a. Observation and inquiry. [This answer is incorrect. These procedures will give Jordan information about
the competence and integrity of employees, the control consciousness of management, and the condition
of the financial reporting system and the accounting records.]
b. Analytical procedures. [This answer is incorrect. Performing analytical procedures will give Jordan
information about the completeness and reasonableness of account balances and the totals of classes
of transactions.]
c. Tests of details of transactions. [This answer is correct. By performing tests of details of
transactions, Jordan can find direct evidence that a population of accounting data is complete. A
basic condition for performing effective tests of transactions is for the client to have some form of
formal financial reporting system.]
d. Management representations. [This answer is incorrect. These are not a substitute for other procedures,
but getting corroboration on the completeness of recorded transactions from management could
compliment Jordan's other audit procedures.]

185

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

TIMING OF SUBSTANTIVE PROCEDURES
As part of audit planning, an auditor can consider whether any substantive procedures should be applied before
the financial statement date. Generally, the most efficient approach for audits of small and midsize nonprofit
organizations is to perform the audit tests as of the financial statement date. However, the auditor may wish to
perform audit procedures before the financial statement date in the following situations:
Convenience. If the auditor has several clients with the same year end, interim procedures may be used
to spread the auditor's workload more evenly.
Deadline. If the client has a tight deadline for issuing its financial statements, the auditor may need to
perform some procedures at an interim date to meet that deadline.
Issue Identification. Interim audit work allows the auditor to identify and address critical audit issues as soon
in the engagement as possible. Then the auditor and client can more easily deal with issues without
deadline pressures arising near year end, which in turn can enhance audit efficiency and client relations.
Assessed Risks of Material Misstatement. Modifying the timing of substantive procedures is one response
to the assessed risks of material misstatement due to error or fraud. In general terms, the higher the
assessed risk of material misstatement, the more likely it is that the auditor will determine that it is more
effective (or necessary due to certain fraud risks) to perform substantive procedures near the period end.
However, as the assessed risks diminish, the auditor may determine that an appropriate response would
include the performance of certain substantive procedures at an interim date. Also, as SAS No. 99 points
out (AU 316.52), a response to some identified fraud risks, such as fraudulent revenue recognition, might
be to apply substantive procedures to transactions occurring earlier in or throughout the reporting period.
SAS Nos. 99 and 110 also suggests that an overall response to identified risks might be to add an element
of unpredictability in the timing of audit procedures from year to year, such as by performing tests at a time
other than that expected.
Many auditors find that the benefits of interim audit procedures outweigh the disadvantages. In many cases, there
is simply no way to meet the audit firm's and clients' needs without some interim work. Thus, the issue often
becomes not whether to do interim work but how to do it to maximize audit efficiency and effectiveness.
There are generally two types of substantive procedures that may be performed before the statement of financial
position date
a. Flexible Timing Procedures. Flexible timing substantive procedures can be applied at any time, including
an interim date. These procedures generally consist of examining transactions or gathering information
without attempting to reach a conclusion about an entire account balance as of an interim date. The
procedures can be performed through an interim date and later extended to the statement of financial
position date. The auditor can then reach one conclusion covering the balance for the entire year. Examples
of such procedures include:
(1) Tests of transactions in statement of financial position accounts with a low turnover or activity rate,
such as property, longterm debt, lease obligations, or investments.
(2) Tests of transactions that affect revenues and expenses.
(3) Analytical procedures for revenues and expenses.
b. Interim Audit Procedures. Interim audit procedures are performed to arrive at a conclusion about an
account balance as of an interim date. Additional procedures are then performed to extend the interim
conclusion to the statement of financial position date.
Interim audit procedures involve additional considerations, which are discussed in the following paragraphs.
Interim Audit Procedures
Evaluating the Practicality of Performing Interim Audit Procedures. When evaluating whether it is practical to
perform interim audit procedures, the auditor should consider the following factors:
a. Feasibility. SAS No. 110 (AU 318.17) lists several factors that should be considered before applying
substantive procedures at an interim date. Also, there are practical considerations such as the availability
186

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

of sufficient information to effectively test the remaining period (that is, the period from the interim date to
the statement of financial position date).
b. Efficiency. Interim tests of details of asset and liability account balances may not be costeffective unless
substantive procedures covering the remaining period can be restricted. If testing of the remaining period
cannot be restricted, the auditor may have to reperform the interim procedures as of the statement of
financial position date, which could result in a substantial increase in audit time and cost.
Choosing an Interim Date. When interim audit procedures are performed, the risk that misstatement may exist in
the related audit area and not be detected by the auditor generally increases as the length of the remaining period
increases. Thus, the selection of an interim date (which determines the length of the remaining period) can
significantly affect the nature and extent of audit procedures for the remaining period. SAS No. 110 does not
specifically address selection of interim audit dates. Many auditors believe that the interim date should not be more
than three months before the statement of financial position date. Generally, an interim date of one month before
the statement of financial position date is preferable. However, the ultimate choice of interim dates is a matter of
auditor judgment based on the circumstances.
Audit Risk Considerations. When interim audit procedures are performed, there is a risk that the conclusions
reached at the interim date are not extended properly to the statement of financial position date. This remaining
period risk tends to rise with increases in the following factors:
Assessed risk of material misstatement from either error or fraud.
Length of the remaining period (that is, the period from the interim date to the statement of financial position
date).
Generally, the greater the remaining period risk, the greater the assurance needed from tests of the remaining
period. For example, if the remaining period risk is low, the auditor can generally test the remaining period through
limited analytical procedures. However, if the remaining period risk is high, the auditor would generally need to
apply more reliable procedures, such as tests of details. In some highrisk cases, the auditor might even need to
reapply some of the interim procedures to yearend balances. When deciding whether to perform substantive
procedures at an interim period, the auditor should consider whether the tests that would be performed for the
remaining period will adequately reduce the risk that misstatements that exist at period end are not detected.
Account Considerations. The characteristics of the accounts should be considered in deciding whether it is
practical to audit an area or assertion at an interim date. For some account assertions, it may be more effective
and/or efficient to perform the substantive testing at period end. In many cases, especially when substantive
analytical procedures will be applied for the remaining period, the accounts that are best suited to interim testing
have predictable balances and consistent activity levels. This makes it easier to develop more precise estimates of
ending balances. Also, the accounts should be regularly analyzed and adjusted and subjected to appropriate
cutoff procedures. It is inefficient to test an account before the client has attempted to accurately determine what
the balance should be.
Financial Reporting System Considerations. The auditor should also consider the financial reporting system
when selecting audit areas for interim testing. The system for the area to be tested should be capable of generating
sufficient reliable data to allow the auditor to apply the planned procedures.
Testing the Remaining Period. The auditor should perform sufficient tests of the remaining period to extend the
conclusion from the interim date to the statement of financial position date. SAS No. 110 (AU 318.59) states that
although the auditor is not required to test controls to have a reasonable basis for extending audit conclusions from
an interim date to the period end, the auditor should consider whether performing only substantive procedures to
cover the remaining period is sufficient. If the auditor concludes that substantive procedures alone would not be
sufficient to cover the remaining period, the auditor should perform tests of controls or should perform substantive
procedures as of the period end. If, on the other hand, the auditor decides that substantive procedures for the
remaining period will be sufficient, SAS No. 110 states that those tests should include
a. Comparison or reconciliation of information regarding the balance at the interim date with corresponding
information at the statement of financial position date (and investigation of unusual amounts).
b. Analytical procedures and/or tests of details.
187

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

The auditor should determine the specific procedures to be performed based on the assessed risk associated with
the remaining period. Tests of details should be used instead of (or in addition to) analytical procedures as
considered necessary to obtain sufficient audit evidence.
Procedures performed to test the remaining period should be documented in the workpapers. For example, if
performing a test of details for activity in accounts payable between the interim date and the yearend date, the
workpapers should describe the procedures performed to test purchases, cash disbursements, and other transac
tions during the rollforward period.
Evaluating Audit Results. As discussed previously, when interim audit procedures are performed, the auditor
forms a conclusion at an interim date and then extends that conclusion to the statement of financial position date.
If interim procedures reveal misstatements, SAS No. 110 indicates that the auditor should assess the risk of
misstatement related to those classes of transactions or account balances. Depending on that assessment, the
auditor may be required to either (a) modify the nature, timing, or extent of tests of the remaining period or (b)
reperform or extend the interim procedures at year end. The assessment should be based on consideration of the
following factors:
The possible implications of the nature and cause of the misstatements detected at the interim date.
The possible relationship to other areas of the audit.
The correcting entries subsequently recorded by the client.
The results of audit procedures relating to the remaining period, especially those that might provide
evidence regarding possible misstatements.

RISK ASSESSMENT STANDARDS SUBSTANTIVE PROCEDURES
REQUIREMENTS
The risk assessment standards made sweeping changes to generally accepted auditing standards. The following
are new requirements under the risk assessment standards related to substantive procedures:
Regardless of the assessed risk of material misstatement, the auditor should perform substantive
procedures for all relevant assertions related to each material class of transactions, account balance, and
disclosure.
The following substantive procedures should be performed in every audit:
Agree the financial statements, including the accompanying notes, to the underlying accounting
records.
Examine material journal entries and other adjustments made during the course of preparing the
financial statements.
When an assessed risk of material misstatement at the relevant assertion level is a significant risk, the
auditor should perform substantive procedures that are specifically responsive to that risk.
When the audit approach to significant risks consists only of substantive procedures (the auditor does not
plan to rely on controls), the substantive procedures should be tests of details only or a combination of tests
of details and substantive analytical procedures, that is, the use of only substantive analytical procedures
is not permitted.
The auditor should document:
The nature, timing, and extent of substantive procedures.
The linkage of substantive procedures with the assessed risks at the relevant assertion level.
The results of substantive procedures.

188

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
20. Joseph must evaluate whether it is practical for him to perform interim audit procedures rather than to perform
all procedures at year end. What two factors are the most important to evaluate?
a. Feasibility and efficiency.
b. Convenience and issue identification.
c. Deadline and risk of material misstatement.
d. The interim date and the nature of audit procedures.
21. After evaluating the situation and determining that it is practical, Andrea decides to perform some of her auditing
procedures at an interim date. What must she do after she has completed the interim audit procedures?
a. Consider her client's financial reporting system.
b. Determine if any flexible timing procedures are also necessary.
c. Form a conclusion that will be extended to the statement of financial position date.

189

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
20. Joseph must evaluate whether it is practical for him to perform interim audit procedures rather than to perform
all procedures at year end. What two factors are the most important to evaluate? (Page 186)
a. Feasibility and efficiency. [This answer is correct. To evaluate the feasibility of using interim
procedures, Joseph must look at several factors listed in SAS No. 110, as well as practical
considerations, such as availability of information in the remaining period. To evaluate efficiency,
Joseph must determine if substantive procedures covering the remaining period can be restricted,
because performing audit procedures again at the statement of financial position date increases
audit time and cost.]
b. Convenience and issue identification. [This answer is incorrect. These are two situations in which
performing interim audit procedures could be desirable. If Joseph has several clients with the same year
end or would like to be able to identify and address critical audit issues as soon as possible, he might wish
to perform interim audit procedures.]
c. Deadline and risk of material misstatement. [This answer is incorrect. In these two situations, performing
interim audit procedures could be desirable. For example, if Joseph's audit client has a tight deadline for
issuing its financial statements or if the risks of material misstatement are deemed low, interim audit
procedures could be desirable.]
d. The interim date and the nature of audit procedures. [This answer is incorrect. These are not the factors
Joseph must evaluate before deciding to perform interim audit procedures. However, choosing an interim
audit date is important once Joseph has decided to perform the interim audit procedures, as the interim
date determines the length of the remaining period and will affect the nature and extent of audit procedures
for the remaining period.]
21. After evaluating the situation and determining that it is practical, Andrea decides to perform some of her auditing
procedures at an interim date. What must she do after she has completed the interim audit procedures?
(Page 188)
a. Consider her client's financial reporting system. [This answer is incorrect. Andrea should have done this
before she performed her interim audit procedures.]
b. Determine if any flexible timing procedures are also necessary. [This answer is incorrect. Flexible timing
procedures can be performed at any time, including an interim date. They are not required to be performed
after interim audit procedures.]
c. Form a conclusion that will be extended to the statement of financial position date. [This answer is
correct. Andrea must evaluate the audit results of her interim procedures by forming a conclusion
at the interim date and then extending that conclusion to the statement of financial position date.
Additional procedures may be necessary if Andrea's interim procedures revealed any misstate
ments.]

190

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT
Lesson 1 (NPOTG092)
Determine the best answer for each question below. Then mark your answer choice on the Examination for CPE
Credit Answer Sheet located in the back of this workbook or by logging onto the Online Grading System.
1. After performing risk assessment procedures and tests of controls on an assertion related to her nonprofit audit
client's accounts receivable balance, Mary concludes that risk of material misstatement is low. How should
Mary proceed with this audit?
a. Because the risk of material misstatement is low, Mary can choose to proceed with the audit without
performing substantive procedures.
b. If management agrees with Mary's assessment that risk of material misstatement is low, Mary can choose
to proceed with the audit without performing substantive procedures.
c. Because the risk of material misstatement is low, authoritative literature states that Mary is required to
continue with the audit without performing substantive procedures.
d. Despite Mary's judgment on the risk of material misstatement, authoritative literature requires her to
perform certain substantive procedures in every audit.
2. Match the following required substantive procedures with the relevant piece of authoritative literature.
1. Agree financial statements to underlying
accounting records.

i. SAS No. 99

2. Review accounting estimates for biases
that could result in material misstatement
due to fraud.

ii. SAS No. 110

3. Examine journal entries and other adjust
ments for evidence of possible material
misstatement due to fraud.
4. Examine material journal entries and other
adjustments made during financial state
ment preparation.
a. 1 ii; 2 i; 3 i; 4 ii.
b. 1 i; 2 ii; 3 i; 4 ii.
c. 1 i; 2 i; 3 ii; 4 i.
d. 1 ii; 2 i; 3 ii; 4 ii.
3. In the context of SAS No. 106, what is the sufficiency of audit evidence that an auditor must consider when
choosing additional substantive procedures?
a. Quality.
b. Quantity.
c. Appropriateness.
d. Reliability.
191

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

4. In which of the following scenarios has the auditor dealt with additional substantive procedures in the best way?
a. Leo tests his client's property accounts by applying procedures to the account balances.
b. Carlos focuses his planning of additional substantive procedures on the timing.
c. Mick performs predictive tests to test the completeness of a financial statement assertion.
d. Howie assesses estimated amounts for inventory costing to test existence.
5. When would substantive analytical procedures alone (without tests of details) be most appropriate for the
audit?
a. The risk of material misstatement due to fraud is high.
b. The account balance is affected by a significant degree of subjectivity.
c. The disclosure relates to a large volume of predictable transactions.
d. Substantive analytical procedures are more cost effective than tests of details.
6. Which of the following statements correctly describes tests of details?
a. Tests of details can only be applied to transactions or balances, but not both.
b. Tests of balances are usually more efficient and effective than tests of transactions.
c. Documentation for tests of significant items should identify items by date and specific number.
d. Performing tests of controls eliminates the need for tests of details.
7. Tom needs to enhance his understanding of his audit client's business and identify unexpected relationships
(or the absence of expected relationships) among account balances. What type of analytical procedures
should he use?
a. Preliminary.
b. Substantive.
c. Overall review.
d. Tom can use professional judgment to select analytical procedures from all three types.
8. Sandy accepts an audit engagement and determines that substantive analytical procedures are necessary.
What would be the most productive first step for Sandy to take toward designing those procedures?
a. Compare her client to other similar nonprofits to see if the client has any significant variations from the
industry average.
b. Talk to operating personnel outside the accounting department, such as the director of fundraising.
c. Review prior budgets and find information about how management follows up on variances from the plan.
d. Ask her client's management what ratios, relationships, and data it finds useful in identifying and
monitoring risk.

192

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

9. Which of the following best describes substantive analytical procedures?
a. They can be used to test for overstatements and understatements simultaneously.
b. They cannot be used for fraud detection.
c. They are less useful when misstatement risk is primarily from error.
d. They focus on a single direction overstatement or understatement.
10. Jules Lynn is auditing the special event revenue of Best Life Org (BLO). BLO sponsors a blue grass contest
somewhere in the tricounty area every 3rd Sunday of every month. The participants receive a tshirt and the
winners receive inexpensive trophies. All funds raised are used to sponsor special needs kids' summer camp
fees. In 2009 there were approximately 365 entries. Entry fees were $250 if paid 30 days in advance, $275 if
paid 2 weeks in advance and $300 if paid the day of the contest. Approximately 30% of the entrants paid their
fees 30 days in advance; and 55% paid their fees 2 weeks in advance. The annual revenue recorded from this
special event was $105,050. Total 2009 BLO revenue was approximately $5,000,000. Due to the high turnover
in the accounting department, Jules assessed the risk of material misstatement with this special event as high.
Which of the tests below would Jules find most reasonable?
a. Total blue grass contest revenue of $105,050 divided by 365 entries = $287.81.
b. (Total blue grass entrants of 365 times 30% times $250) plus (365 times 55% times $275) plus (365 times
15% times $300) = $99,006.25.
c. Revenue from each of the twelve contests should be calculated and reviewed.
d. Even though special event revenue is deemed immaterial for the organization, Jules can not conclude that
the revenue is materially correct without comparing entry fees to 2008 to assure reasonableness.
11. Substantive analytical procedures can help auditors discern if their client is affected by management fraud or
cooking the books. If analytical procedures produced the results listed below, which one indicates the highest
risk of fraud?
a. Unusual pattern of revenue from annual special events by year found during trend analysis.
b. Low contributions for a year in which there was a downturn in the economy.
c. A large amount of revenue from fund raising campaign at end of reporting period.
d. Statistics maintained by development department consistent with recorded contribution revenue.
12. June's firm has her engagement team shift work for a particular audit to interim dates. What is an advantage
of this shift?
a. Identification of issues or problems could be delayed until the statement of financial position date.
b. More rollforward procedures will be necessary to complete the audit.
c. June can work with a smaller engagement team, allowing her more familiarity with the client.
d. Analytical procedures will not need to be used because the work is spread out over a longer time.

193

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

13. During the course of his audit, Hal discovers several differences between his client's recorded amounts and
Hal's expectations of what those amounts should be. Which of the following is a rule of thumb Hal can use to
determine if those differences are significant enough to require additional audit procedures?
a. Investigate differences greater than 10% to onethird of tolerable misstatement.
b. Investigate differences greater than 20% to onethird of tolerable misstatement.
c. Investigate differences greater than 25% of tolerable misstatement.
d. Because each audit is different, there is no magic rule of thumb. Hal must investigate all differences.
14. List all of the following that must be documented under SAS No. 56 if an analytical procedure is the principal
substantive test of a significant financial statement assertion.
i.
ii.
iii.
iv.

Prioryear workpapers and budget.
The expectation and factors used in its development.
Results from comparing recorded amounts to the expectation.
Information on the auditor's approach to evaluating the significance of any
differences between the expectation and recorded amounts.
v. Any additional procedures performed to address significant differences and
results of the procedures.

a. ii and iii.
b. ii, iii, and v.
c. i, ii, iii, and iv.
d. i, ii, iii, iv, and v.
15. In what instance does SAS No. 110 condone using audit evidence from substantive procedures performed in
a prior audit?
a. When the auditor's expectation amounts are the same as in the prior audit.
b. When the tolerable misstatement amount has not been exceeded.
c. When the auditor determines there is no risk of material misstatement due to fraud.
d. When the purchase cost of a building or building addition is substantiated.
16. Maggie's audit client keeps a large stock of valuable items on hand which are small enough to be easily stolen.
This makes the client's assets particularly susceptible to misappropriation. Which of the following procedures
would be specifically targeted to respond to this fraud risk?
a. Physically inspecting the assets at year end.
b. Obtaining information from independent sources.
c. Increasing sample sizes.
d. Engaging a specialist to perform additional procedures.

194

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

17. James is auditing CalPlus, a small business. After considering the controls and the risk that any fraudulent
disbursements would be material to the company's financial statements, James decides an additional audit
response is required. Which of the following procedures could he consider?
i. Reviewing selected disbursements for unusual endorsements, signatures, or
payees.
ii. Examine the company's journal entries and other adjustments.
iii. Performing paymaster procedures (such as observing the distribution of
payroll checks).
iv. Review accounting estimates for bias.
v. Reviewing vendor lists for any unusual patterns.
vi. Determine the propriety of functional expense allocation by performing
analytical procedures.
a. iv and vi.
b. iii and iv.
c. i, ii, and v.
d. i, iii, v, and vi.
18. As required by SAS No. 99, John must evaluate the business rationale behind several of his audit client's
significant unusual transactions. Which of the following is one thing that he should consider during this
evaluation?
a. Whether responses to identified fraud risks have been documented.
b. Whether parties to the transaction lack substance.
c. Whether estimates in the financial statements indicate management bias.
d. Whether the trial balance agrees with the company's general ledger.
19. As part of his audit, Henry must test the completeness assertion. There are basic categories of procedures
Henry can use to perform these tests. Which of these procedures performed by Henry would fall into the
analytical procedures category?
a. Inspecting assets on hand and comparing them with recorded amounts.
b. Comparing industry averages for expense to sales ratios.
c. Performing tests of the sequence of prenumbered documents.
d. Obtaining written representations of completeness from management.
20. Which of the following would be considered a flexible timing procedure, as opposed to an interim audit
procedure?
a. Confirmation of accounts receivable.
b. Inventory observation.
c. Inventory price testing.
d. Tests of transactions for revenues and expenses.
195

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

21. Nikki performs interim audit procedures during the course of her audit. She then decides that substantive tests
of the remaining period will be sufficient to complete the audit. Under SAS No. 110, what should she include
in her tests of the remaining period?
a. Analytical procedures and/or tests of details.
b. Verification of the balance as of the interim date.
c. An evaluation of the accounts involved in the interim procedures.
d. An assessment of the audit risk for the remaining period.

196

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Lesson 2:AUDIT SAMPLING IN A NONPROFIT
ORGANIZATION AUDIT ENGAGEMENT
INTRODUCTION
This lesson explains the use of audit sampling in a nonprofit organization audit engagement. It identifies those
aspects of such an engagement that involve the use of audit sampling and the most efficient and effective approach
to sampling in those circumstances. It also explains an alternative to sampling determining the extent of an audit
test without sampling that may be more efficient and effective in certain circumstances.
Learning Objectives:
Completion of this lesson will enable you to:
Describe the authoritative literature and general considerations related to sampling in an audit engagement.
Plan the extent of substantive procedures needed for an audit.
Summarize the requirements of substantive samples.
Describe sampling for substantive tests of details.
Assess tests of controls that use audit sampling, and assess tests of compliance with laws and regulations.
Authoritative Literature
The authoritative pronouncements that establish requirements or provide suggestions that most directly affect the
use of audit sampling are as follows:
SAS No.39 (AU 350), Audit Sampling, as amended by SAS No. 111, establishes several specific
requirements that apply whenever an auditor uses audit sampling statistical or nonstatistical.
AICPA Audit and Accounting Guide, Audit Sampling, (referred to in this lesson as the AICPA Sampling
Guide") explains how to apply SAS No.39. The AICPA Sampling Guide is an interpretive publication under
the GAAS hierarchy outlined in SAS No.95, Generally Accepted Auditing Standards. Auditors are required
to consider interpretive publications when conducting the audit. If the guidance in the AICPA Sampling
Guide is not applied, auditors should be prepared to explain how they complied with the provisions of SAS
No.39. The AICPA Sampling Guide currently does not include guidance from SAS No. 111 and the other
risk assessment standards.
SAS No. 111, Amendment to Statement on Auditing Standards No. 39, Audit Sampling, incorporates guidance from
SAS No. 99, Consideration of Fraud in a Financial Statement Audit, and SAS No. 110, Performing Audit Procedures
in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, and expands guidance involving the
auditor's judgment in establishing tolerable misstatement and applying sampling to tests of controls in SAS No. 39.
In addition, SAS No. 107, Audit Risk and Materiality in Conducting an Audit, includes guidance formerly included in
the Appendix to SAS No. 39.
Single Audit Literature. If the nonprofit organization is required to have an audit in accordance with the Single
Audit Act, the auditor may also wish to refer to the following documents:
OMB Circular A133, Audits of States, Local Governments, and NonProfit Organizations.
AICPA Audit Guide, Government Auditing Standards and Circular A133 Audits (the GAS/A133 AICPA Audit
Guide).
Definition and Uses of Audit Sampling
Audit sampling is defined by SAS No.39 (AU 350.01) as:
the application of an audit procedure to less than 100 percent of the items within an account
balance or class of transactions for the purpose of evaluating some characteristic of the balance
or class.
197

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

This definition is important in the selection of audit procedures. Some audit procedures are not sampling by this
definition, including the following:
Application of an audit procedure limited to a specific group of items within a balance or class of
transactions that have a distinct characteristic, such as all fixed asset additions over $5,000.
Examining a few transactions within a balance or class of transactions to obtain an understanding of the
nature of the client's activities.
Applying an audit procedure to a few transactions to clarify the understanding of the design of the
organization's internal control.
The important difference in these three examples is that the purpose of the test is not to reach a conclusion that
applies to the entire balance or class of transactions. In each of these cases, authoritative pronouncements on
sampling would not apply to the test performed.
The definition of audit sampling in SAS No.39 (AU 350.01) allows some alternatives to sampling in deciding the
extent of procedures. This is important since it may allow the auditor to apply procedures in a more efficient manner.
If audit sampling is used, SAS No.39 imposes certain requirements. The key to distinguishing audit sampling from
other audit approaches for the types of audit tests that might possibly involve sampling is as follows:
A test that involves application of procedures to less than 100 percent of the items in the
population but that does not involve projecting the results to the entire account balance or class
of transactions is not audit sampling.
However, the auditor cannot ignore the requirements of SAS No.39 by arbitrarily failing to project the results of a
sample.
Thus, when the auditor evaluates some aspect of an entire account balance or transaction class on the basis of
examining less than 100% of the population, the auditor must follow the requirements of SAS No.39 and project the
test results.
Relation of Types of Audit Procedures to Audit Sampling
In a nonprofit organization engagement, four distinct types of audit procedures may involve the use of audit
sampling as follows:
Substantive tests of details of account balances.
Substantive tests of details of transactions.
Tests of controls directed toward operating effectiveness.
Tests of compliance with laws and regulations.
Exhibit 21 presents common examples of audit sampling applications for these types of audit procedures. The
examples in Exhibit 21 assume the auditor has decided that sampling is necessary. In some cases, the auditor may
be able to design an efficient and effective approach without sampling.
Exhibit 21
Audit Sampling Applications
Common Examples in Nonprofit
Organization Engagements

Type of Audit Procedures
Substantive Tests of Account Balances

Confirmation of service fee receivables.

Substantive Tests of Transactions

Vouching cash disbursements for goods and
services.
198

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Common Examples in Nonprofit
Organization Engagements

Type of Audit Procedures
Tests of Controls

Inspecting documents supporting transactions
selected for substantive tests for indications of
performance of control activities.

Tests of Compliance with Laws and Regulations

Inspecting documents supporting expenses
charged to grant programs for compliance with
laws and regulations.

*

*

*

Substantive Tests of Account Balances. The auditor's objective in using a substantive test of a general ledger
account balance is to decide whether the balance is materially misstated. Audit sampling is usually necessary in
applying a substantive test of an account balance when the balance is composed of a large number of items and
the remaining balance, after identifying individually significant items, exceeds tolerable misstatement. In a nonprofit
organization engagement, examples of this type of test are confirmation of service fee receivables or unconditional
promises to give with donors.
Substantive Tests of Transactions. The auditor's objective in using a substantive test of transactions is to decide
whether the total of a transaction class presented in an activity statement is materially misstated. The auditor
inspects documents supporting recorded transactions to determine whether the transactions are valid and valued
and coded properly, that is, recorded correctly as to account, amount, program, function, and period. Tests of
transactions are often unnecessary in a nonprofit organization audit if the statement of activities does not present
unnecessary detail or if alternatives such as effective analytical procedures can be applied to transaction classes.
However, in some nonprofit organization engagements, this type of test may be a common audit sampling
application. It can be used for most types of expenses, such as payroll or goods and services.
Tests of Controls. Risk assessment procedures performed to obtain an understanding of internal control do not
involve sampling. Also, sampling concepts might not apply to the following types of tests of controls:
Analyses of controls for determining the appropriate segregation of duties or other analyses that do not
examine documentary evidence of performance.
Analyses of the effectiveness of security and access controls.
Tests directed toward obtaining audit evidence about the operation of the control environment, for example,
inquiry or observation of the explanation of variances from budgets when the auditor does not plan to
estimate the rate of deviation from the prescribed control.
Examining actions of those charged with governance for assessing their effectiveness, for example,
evaluating whether the audit committee is appropriately involved in the financial reporting process. (SAS
No. 39, as amended, AU 350.32)
Generally, the use of audit sampling for tests of controls will be efficient and effective in the following circumstances
(SAS No. 110, AU 318.46):
The control is applied on a transaction basis, for example, matching approved purchase orders to supplier
invoices.
The control operates frequently and the population is relatively large.
In these circumstances, the auditor can select a sample of transactions and reperform the related control activities
to see whether compliance with the control procedures is acceptable. According to SAS No. 39, as amended (AU
350.32), sampling applies when the auditor needs to decide whether the rate of deviation from a prescribed
procedure is no greater than the tolerable rate, for example, in testing a matching process or an approval process."
199

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

When the control operates infrequently or the population is not relatively large, additional consideration needs to be
given to the use of audit sampling.
In a nonprofit organization engagement, the need to use tests of controls depends on whether (a) the auditor's risk
assessment includes an expectation of the operating effectiveness of controls or (b) substantive procedures alone
do not provide sufficient appropriate evidence at the relevant assertion level. However, not all tests of controls
involve audit sampling.
Tests of Compliance with Laws and Regulations. This type of test is used in audits of governmental units,
nonprofit organizations, and certain business enterprises, such as vocational schools, that receive funds from
government agencies for services provided to eligible recipients. The purpose of tests of compliance with laws and
regulations is to determine whether there have been instances of noncompliance that may have a material effect on
the financial statements or to provide a basis of reporting on the nonprofit organization's compliance with such laws
and regulations. As a result, tests of compliance with laws and regulations are substantive procedures usually
accomplished by examining supporting documentation. In a Single Audit, or in the audit of a nonprofit organization
with other significant grant or similar programs, this type of audit procedure is frequently applied using audit
sampling. The auditor usually selects a sample of revenue or expenditure transactions and inspects supporting
documentation to determine compliance with relevant laws and regulations. For example, the auditor selects a
sample of expenditures charged to a federal award program and inspects documentation to determine whether
expenditures were for activities allowed. The most efficient approach is usually to conduct these procedures
simultaneously with tests of transactions, that is, concurrently with selecting samples of cash receipts or disburse
ments to test recording accuracy.

200

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
22. Which of the following pieces of authoritative literature directly addresses audits of nonprofit organizations?
a. OMB Circular A133.
b. SAS No. 39.
c. SAS No. 111.
d. AICPA Sampling Guide.
23. Jane needs to decide whether her audit client's general ledger account is materially misstated. Which of the
following should she use?
a. Substantive tests of details of account balances.
b. Substantive tests of details of transactions.
c. Tests of controls directed toward the operation of the control environment.
d. Examination of the actions of those charged with governance.

201

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
22. Which of the following pieces of authoritative literature directly addresses audits of nonprofit organizations?
(Page 197)
a. OMB Circular A133. [This answer is correct. This guidance is titled Audits of States, Local
Governments, and NonProfit Organizations.]
b. SAS No. 39. [This answer is incorrect. SAS No. 39, Audit Sampling, lists requirements for audit sampling
for all entities.]
c. SAS No. 111. [This answer is incorrect. SAS No. 111, Amendment to Statement on Auditing Standards No.
39, Audit Sampling, is one of the risk assessment standards providing new guidance on audit sampling
to all entities.]
d. AICPA Sampling Guide. [This answer is incorrect. The AICPA Sampling Guide interprets SAS No. 39 and
explains the application of SAS No. 39.]
23. Jane needs to decide whether her audit client's general ledger account is materially misstated. Which of the
following should she use? (Page 199)
a. Substantive tests of details of account balances. [This answer is correct. Jane will normally need
to use audit sampling when applying a substantive test of an account balance if the balance is made
up of a large number of items and if the balance remaining after individually significant items are
identified exceeds tolerable misstatement.]
b. Substantive tests of details of transactions. [This answer is incorrect. If Jane performed this type of test,
her objective would be to decide whether the total of one of her client's transaction classes is materially
misstated.]
c. Tests of controls directed toward the operation of the control environment. [This answer is incorrect. This
is not appropriate for Jane's purposes; however, if she were to perform these tests, she would not use audit
sampling.]
d. Examination of the actions of those charged with governance. [This answer is incorrect. This would allow
Jane to assess the effectiveness of those charged with governance, and is one type of tests of controls in
which audit sampling concepts generally would not apply. However, this is not what Jane should do in this
scenario.]

202

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

DEVISING A PLAN TO DETERMINE THE EXTENT OF SUBSTANTIVE
PROCEDURES
In general, SAS No. 110 (AU 318) indicates that the extent of further audit procedures is a matter of auditor
judgement based consideration of tolerable misstatement, the assessed risk of material misstatement, and the
degree of assurance required. As the risk of material misstatement increases, the extent of substantive procedures
also increases.
Substantive procedures consist of tests of details and substantive analytical procedures. The extent of a substan
tive analytical procedure is primarily a function of the precision of the auditor's expectation. Determining the extent
of substantive procedures when the auditor performs substantive tests of details is addressed here.
Use of audit sampling is more common in a nonprofit organization engagement than in the audit of a business
enterprise of similar size. However, because of the increased cost associated with using sampling, it is important for
the auditor to consider the effectiveness of alternative approaches before concluding that sampling is necessary.
Exhibit 22 shows a practical approach for planning the extent of substantive procedures involving tests of details
for a nonprofit organization. The following paragraphs discuss the auditor's considerations in applying that
approach.
Exhibit 22
Planning the Extent of Substantive Procedures Involving Tests of Details
Step Description

Result

1. Assess the appropriate level of tolerable
misstatement.

Tolerable misstatement (as a rule of thumb, use 50% to
75% of planning materiality).

2. Determine an amount for individually
significant dollar items.

Any amount less than tolerable misstatement may be
used (as a rule of thumb, use onethird of tolerable
misstatement).

3. Identify unusual items.

Identification of additional items to be tested 100%.

4. Calculate the remaining balance after
selecting individually significant items
(Steps 2 and 3).

Calculated amount.

5. Determine what procedures, if any, are
needed to test the remaining balance.

Procedures, if any, needed to test remaining balance.

*

*

*

STEP 1Assessing the Appropriate Level of Tolerable Misstatement
As a rule of thumb, when relatively few misstatements are expected and past experience indicates management will
likely correct those detected, tolerable misstatement may be determined as 50% to 75% of planning materiality.
STEP 2Determining an Amount for Individually Significant Dollar Items
The term individually significant items encompasses two types of items in a financial statement component
a. Individually significant dollar items.
b. Unusual items (that is, items that have audit significance by their nature).
In determining the extent of substantive procedures involving tests of details, the auditor should first select an
amount for individually significant dollar items and then consider any unusual items.
203

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Generally, when performing tests of details, the auditor should at least examine all items that equal or exceed
tolerable misstatement. Accordingly, the cutoff amount for determining individually significant dollar items cannot
exceed tolerable misstatement. As a rule of thumb, the auditor may use onethird of tolerable misstatement as the
cutoff for individually significant dollar items. However, the auditor may choose any amount less than tolerable
misstatement to limit the remaining balance to an amount that will reduce the risk of material misstatement to an
acceptable level.
STEP 3Identifying Unusual Items
An item also may be individually significant if, because of its nature, it is prone to misstatement or otherwise
requires audit attention. The lesson refers to these items as unusual items.
Examples might include related party transactions and negative receivable balances. It is important for auditors to
look for unusual items whenever a test of details is performed. Unusual items may be identified based on:
Prior experience.
Results of analytical procedures.
Unusual characteristics.
Prior Experience. Based on historical experience with a client, an auditor may be aware of types of items that are
highly susceptible to misstatement. The audit may need to be structured to select items that have historically been
a problem and subject these items to individual examination. This approach can add efficiency by going directly to
the problem.
Results of Analytical Procedures. Welldesigned preliminary analytical procedures coupled with appropriate
expectations of plausible relationships can be extremely effective in identifying risks of material misstatement
during the risk assessment stage of the engagement. In the payroll area, an effective analytical procedure is to
compare current expenditures to prior period actual and current budget by department and relate to the number of
employees by department. In this manner, the auditor may eliminate the need to perform tests of details, or the
auditor may reduce the extent of payroll testing to departments with significant unexpected differences.
Unusual Characteristics. This category is by nature difficult to define because it includes virtually any characteris
tic that the auditor identifies as worth investigating, such as related party transactions or balances and unusual or
unfamiliar vendor names. In a nonprofit organization engagement, the auditor may regard a category of items as
unusual because of concern with compliance with laws, regulations, or donor or grantor restrictions. Exhibit 23
lists some common types of items that might be selected for individual examination due to their unusual nature:
Exhibit 23
Examples of Unusual Items
Audit Area

Unusual Items

Receivables

Large credit balances.
Very delinquent balances.
Customers whose names cause some significant question.
Large contributions recorded just prior to year end.
Balances with special terms outside the organization's normal
policy.

Property, Plant, and Equipment

Additions that do not seem appropriate for the organization.
Additions that involve capitalization of interest.

204

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Audit Area

Unusual Items

Accounts Payable

Vendors whose names do not seem appropriate or could be
related parties.
Large debit balances.
Vendor accounts in dispute.
Nonspecific accruals or broad, evendollar accruals for a vendor.

Expenses

Expense entries that appear to be inappropriate.
Expense amounts paid to possible related parties or potentially
inappropriate payees.

*

*

*

STEPS 4 and 5Considering the Remaining Balance
After the individually significant items have been selected, the remaining balance should be computed. The
remaining balance is calculated by subtracting the individually significant and unusual items from the total account
balance.
Comparing the Remaining Balance to Tolerable Misstatement. After computing the remaining balance, the
auditor should compare it to tolerable misstatement. Normally, the auditor will not need to apply additional audit
procedures to the remaining balance if it is less than tolerable misstatement. However, the decision of whether to
apply additional audit procedures to the remaining balance is a matter of professional judgment. Misstatements
detected in applying audit procedures to individually significant items may be so large or so numerous that the
auditor may decide to apply additional audit procedures to the remaining balance even if it is less than tolerable
misstatement.
Considering the Need to Apply Additional Audit Procedures to the Remaining Balance. If the remaining
balance exceeds tolerable misstatement, the auditor considers what procedures, if any, are needed to obtain
sufficient audit evidence concerning that balance. Generally, the following options should be considered:
a. Determining that no additional audit procedures are needed.
b. Performing analytical procedures.
c. Considering the contribution of other substantive procedures.
d. Applying audit sampling.
e. Expanding the audit procedures performed on individually significant items.
Exhibit 24 illustrates the thought process involved in considering these options. Each option is discussed sepa
rately in the following paragraphs. However, the auditor may use a combination of these options with respect to the
remaining balance.

205

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 24
Planning the Extent of Substantive Procedures Involving Tests of Details
Assess tolerable misstatement.

Identify individually significant items
(ISIs) and compute remaining
balance.

Yes

Is remaining balance less than
tolerable misstatement?

No
Yes

Has the risk of material misstate
ment of the remaining balance been
reduced to an acceptable level?

No
Do analytical procedures or other
substantive procedures contribute
sufficiently to meeting the
auditobjective?

Yes

No
Is sampling preferable for obtaining
audit evidence relevant to the
remaining balance?

Yes

No
Perform audit pro
cedures on ISIs
only.

Perform audit pro
cedures on ISIs and
sample remaining
balance.

Expand audit pro
cedures performed
on ISIs.

*

*
206

*

Perform audit procedures
on ISIs and perform ana
lytical procedures or other
substantive procedures on
the remaining balance.

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Determining That No Additional Audit Procedures Are Needed. The auditor may decide to perform no further audit
procedures on the remaining balance after considering the risk of material misstatement of the remaining balance.
In assessing the risk of material misstatement of the remaining balance, the auditor should consider the following
factors:
a. Characteristics of the Remaining Balance. The auditor may have some knowledge of the account based
on prior experience and other audit procedures performed, including audit procedures performed on
individually significant items. Using that knowledge, the auditor should consider the nature, size, and
frequency of misstatements necessary for the remaining balance to be materially misstated. For example,
if the auditor determines that the remaining balance is composed of many small dollar items and believes
there is a low rate of misstatements in the remaining balance, then it may be possible to assess the risk of
material misstatement of the remaining balance as low.
b. Risk of Material Misstatement of the Account. The risk of material misstatement of the remaining balance
is related to the risk of material misstatement of the entire account. However, those risks would not
necessarily be the same because (1)the remaining balance is smaller and (2)the auditor may be able to
separately identify items that are prone to misstatement and perform audit procedures on them individually.
Accordingly, the risk of material misstatement of the remaining balance may be lower than the risk for the
account.
As is the case at the account balance level, the higher the risk of material misstatement of the remaining balance,
the greater the assurance that is needed from substantive procedures. The auditor generally will need to perform
additional audit procedures unless the risk of material misstatement of the remaining balance is low.
Furthermore, even if the risk of material misstatement is low, it is generally advisable for the auditor to at least scan
the remaining balance for unusual items.
Performing Analytical Procedures. In many cases, analytical procedures can be both effective and efficient audit
procedures relevant to the remaining balance. In evaluating whether analytical procedures provide adequate
evidence with respect to the remaining balance, the auditor should consider the risk of material misstatement of the
remaining balance and the effectiveness of those analytical procedures.
Considering the Contribution of Other Substantive Procedures. Sometimes the auditor may plan to perform other
substantive procedures that contribute, either directly or indirectly, to the same audit objective as the test of details.
In such cases, the auditor may decide that the contribution of the other procedures, along with audit procedures
performed on individually significant items, adequately achieves the audit objectives for the account balance. For
example, for organizations with rapid collections of receivables, the auditor may be able to reduce the remaining
balance by examining subsequent cash receipts instead of confirming accounts in the remaining balance, assum
ing the risk of material misstatement is low. As when considering analytical procedures, the auditor should consider
the risk of material misstatement and the degree of effectiveness of the other substantive procedures.
Applying Audit Sampling. If the auditor decides that analytical procedures or other substantive procedures do not
provide sufficient appropriate audit evidence with respect to the remaining balance, then tests of details must be
applied to the remaining balance. Consequently, the auditor has two remaining options using audit sampling or
expanding the audit procedures performed on individually significant items. In choosing between those options,
the auditor should consider the following factors:
a. Number of Items in the Remaining Balance. If the remaining balance consists of numerous items (such as
200 items or more), sampling generally is more efficient. However, if the auditor can further reduce the
amount of the remaining balance by performing audit procedures on only a few of the larger items in the
remaining balance, then it is probably more efficient to perform audit procedures on those larger items
instead of sampling.
b. Expected Misstatement in the Remaining Balance. Generally, if the expected misstatement in the remaining
balance exceeds onethird of tolerable misstatement, sampling risk would be too high and sampling would
not be appropriate. However, it may be possible to isolate the items that are most prone to misstatement,
perform audit procedures on 100% of those items, and sample the remaining population.
207

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Assuming that sampling risk is at an acceptable level, the consideration is a matter of efficiency (that is, which
option results in applying audit procedures to the fewest items). For large populations of small dollar items,
sampling generally is more efficient.
Expanding the Audit Procedures Performed on Individually Significant Items. As discussed in the preceding
paragraph, the auditor should consider this option only after determining that:
a. tests of details are needed to obtain sufficient appropriate audit evidence concerning the remaining
balance, and
b. this option is preferable to sampling the remaining balance.
Expanding the audit procedures performed on individually significant items normally is accomplished by:
a. lowering the amount for individually significant dollar items and, possibly,
b. choosing additional unusual items.
Also, the auditor should consider the possibility of using analytical procedures or other substantive procedures to
reduce the assurance needed from tests of details.

208

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
24. Define unusual items as related to audit sampling and the data population.
a. Individually significant dollar items.
b. Items prone to misstatement or that otherwise require audit attention.
c. All items that equal or exceed tolerable misstatement.
25. Dwayne is conducting an audit. He assesses the tolerable misstatement and identifies individually significant
items. Then Dwayne computes the remaining balance, which is less than the tolerable misstatement. Refer to
the table at Exhibit 24, and determine what Dwayne should do next.
a. Perform audit procedures on the individually significant items only.
b. Expand audit procedures performed on the individually significant items.
c. Perform audit procedures on the individually significant items and sample the remaining balance.
d. Perform audit procedures on the individually significant items and perform analytical procedures or other
substantive procedures on the remaining balance.
26. In which of the following scenarios would audit sampling generally be the auditor's most appropriate response?
a. After Tom examines the individually significant items, the remaining balance consists of 250 items with
small dollar amounts.
b. Jessie assesses expected misstatement in the remaining balance as half of the tolerable misstatement
amount.
c. Clementine is performing an inventory count observation for a client that has a small inventory population.
d. Grayson is performing a test of disbursements during the course of an audit without a significant risk of
fraudulent disbursements.

209

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
24. Define unusual items as related to audit sampling and the data population. (Page 204)
a. Individually significant dollar items. [This answer is incorrect. Individually significant items fit into two
categories, unusual items and individually significant dollar items. When determining the amount of
substantive procedures needed for an audit, the auditor should first select an amount for the individually
significant dollar items and then consider any unusual items that might exist.]
b. Items prone to misstatement or that otherwise require audit attention. [This answer is correct. This
is the definition of unusual items. Some examples are negative customer receivable balances and
related party transactions.]
c. All items that equal or exceed tolerable misstatement. [This answer is incorrect. This is the minimum
amount of items that an auditor should examine in his or her engagement.]
25. Dwayne is conducting an audit. He assesses the tolerable misstatement and identifies individually significant
items. Then Dwayne computes the remaining balance, which is less than the tolerable misstatement. Refer to
the table at Page 206, and determine what Dwayne should do next. (Page 206)
a. Perform audit procedures on the individually significant items only. [This answer is correct. Because
the remaining balance is less than tolerable misstatement, Dwayne can perform audit procedures
on the individually significant procedures without performing further tests on the remaining
balance.]
b. Expand audit procedures performed on the individually significant items. [This answer is incorrect.
Dwayne would need to do this if the remaining balance was more than tolerable misstatement, the
percentage of coverage from individually significant items was inadequate (considering the risk of material
misstatement), analytical procedures (or other substantive procedures) did not contribute sufficiently to
meeting the audit objective, and sampling was not preferable for obtaining audit evidence based on the
remaining balance.]
c. Perform audit procedures on the individually significant items and sample the remaining balance. [This
answer is incorrect. If the remaining balance was greater than tolerable misstatement, the percentage of
coverage from individually significant items was not adequate (considering the risk of material
misstatement), analytical procedures (or other substantive procedures) did not contribute sufficiently to
meeting the audit objective, but sampling was the preferred method for obtaining audit evidence based
on the remaining balance, Dwayne would need to perform procedures on the individually significant items
as well as sample the remaining balance.]
d. Perform audit procedures on the individually significant items and perform analytical procedures or other
substantive procedures on the remaining balance. [This answer is incorrect. Dwayne would need to do
this if the remaining balance was more than tolerable misstatement, the percentage of coverage from
individually significant items was inadequate (considering the risk of material misstatement), and analytical
procedures (or other substantive procedures) sufficiently contributed to meeting the audit objective.]
26. In which of the following scenarios would audit sampling generally be the auditor's most appropriate response?
(Page 207)
a. After Tom examines the individually significant items, the remaining balance consists of 250 items
with small dollar amounts. [This answer is correct. Audit sampling would be the most efficient
approach when the remaining balance consists of numerous items (200 or more), especially if they
are small dollar items.]
210

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

b. Jessie assesses expected misstatement in the remaining balance as half of the tolerable misstatement
amount. [This answer is incorrect. In this case, the misstatement risk is too high for Jessie to use audit
sampling. She could consider it if the expected misstatement amount was less than onethird of tolerable
misstatement. However, if Jessie could isolate the items most prone to misstatement, she could test all of
those items and sample the remaining population.]
c. Clementine is performing an inventory count observation for a client that has a small inventory population.
[This answer is incorrect. Sampling is rarely used in this situation. To be susceptible to sampling,
Clementine's audit client would need to have a relatively large inventory population. Also, there are
conflicting views about whether sampling can effectively accomplish the objective of observation
procedures. Thus, it would be better for Clementine to choose other procedures for this audit.]
d. Grayson is performing a test of disbursements during the course of an audit without a significant risk of
fraudulent disbursements. [This answer is incorrect. Sampling disbursements would not be a very effective
or efficient audit approach for Grayson to use. Typically, a test of disbursements does not address the risks
of material misstatement as efficiently as other audit procedures.]

211

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

REQUIREMENTS THAT APPLY TO ALL SUBSTANTIVE SAMPLES
The two possible approaches to audit sampling are statistical and nonstatistical. SAS No.39 (AU 350.04) indicates
that both of these approaches are capable of producing sufficient appropriate audit evidence, if properly applied.
In fact, SAS 39 at AU 350.23 observes that, in general, when the same sampling parameters are applied, compara
ble sample sizes result from either approach. The types of procedures that the auditor applies are not determined
by the sampling approach used. Either approach may be used to apply whatever tests of details the auditor deems
necessary in the circumstances. The importance of professional judgment cannot be overemphasized as it applies
to the evaluation of the sufficiency of audit evidence generated by the sampling approach. Regardless of the
sampling approach selected, an auditor must properly plan, perform, and evaluate the results of the sample.
Professional judgment must be used to relate the sample results to other audit evidence when the auditor forms a
conclusion about a particular account balance or class of transactions.
Once an auditor decides to use audit sampling, attention is focused on which sampling approach (statistical or
nonstatistical) to use. Substantial information is available in SAS No.39, as amended by SAS No. 111, the AICPA
Sampling Guide, and other sources on the use of various statistical sampling approaches. This lesson emphasizes
using nonstatistical sampling but explains the relation of the nonstatistical methods discussed to statistical sam
pling.
The Basic Requirements
The basic requirements that relate to all substantive audit samples statistical and nonstatistical are as follows:
Defining. The auditor must relate the population (account balance or transaction class or portion of balance
or class) to the objective of the audit procedure, that is, define the population and sampling unit.
Selection. The auditor needs to select items that can be expected to be representative of the population.
Evaluation. The auditor must project sample results to the population and consider sampling risk.
Defining Population and Sampling Unit
Defining the Population. In a sampling application, the population is usually all items that constitute the account
balance or class of transactions, excluding those items selected for individual testing. Sampling results can be
projected only to the population from which the sample is drawn. The use of the wrong population for a sampling
application could mean that conclusions based on the sample are invalid for an auditor's purpose.
Population Approach
Examining a sample of recorded cash contributions in the year to support the completeness assertion for
cash contributions.
Problem
Sampling recorded amounts allows no conclusion to be projected about potentially unrecorded amounts.
Alternative
Define nonaccounting documents (for example, copies of receipts given to donors or field solicitors`
reports) as the population for the audit procedure and trace to recorded receipts.
Defining the Sampling Unit. The sampling units are the individual items that are subjected to audit procedures
and that represent the components of the population. It is important to properly identify the sampling unit before the
sample is selected in order to produce an efficient and effective sampling application. Examples of sampling units
include promises to give balances, expense checks, and payroll checks. The determination of the specific sam
pling unit is influenced by the following considerations.
The sampling unit should produce an efficient sampling plan.
212

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

The sampling plan must be effective to accomplish its objectives.
The nature of the audit procedures can determine the sampling unit.
Representative Selection
Selecting Sample Items. SAS No.39 , as amended, (AU 350.24) requires a representative sample," which means
the sample items should be selected in such a manner that all items have an opportunity to be selected. There are
several commonly used methods of selecting representative samples in accordance with the guidance in SAS
No.39. The following are some of those methods.
Random Selection. Regardless of the method of sampling used (statistical or nonstatistical), a random
selection provides each item in the population an equal chance of being selected.
Systematic Sampling. This method can be used with nonstatistical or statistical sampling to give every item
in the population an equal chance of being selected if a random start is used. However, it does not produce
an equal opportunity for all combinations of sampling units to be selected unless numerous random starts
are made. The population is divided by the number of sample items to determine the sampling interval to
use.
Haphazard Selection. In this sense, haphazard does not mean careless"; it means without conscious
bias." Under this method, sample items are selected in no specific pattern without bias for or against any
items in the population. This could be done by selecting a sample of items from the paid invoices for the
year if there were no bias for or against large ones. The auditor may use this method provided care is taken
to be sure no conscious bias is added to the selection process. However, the AICPA Audit Sampling Guide
3.27 states that although haphazard sampling is useful for nonstatistical sampling, it is not used for
statistical sampling because it does not allow the auditor to measure the probability of selecting the
combination of sampling units."
An auditor should qualitatively evaluate whether the sample selected seems representative of the population
subject to the audit procedures. For instance, if the auditor is selecting a sample of expenditure checks with a
sample size of 50, a sample that included 15 employee expense reimbursement checks might not be considered
representative of the population being subjected to the audit procedures. If the sample does not seem representa
tive, it should be reselected.
The auditor should, if practical, stratify the remaining population. Generally, the remaining population should be
divided into at least two subgroups that are more similar in amount. Here is one useful approach to stratification:
a. Determine the average amount of the population to be sampled (amount of population divided by number
of items in the population).
b. Allocate twothirds of the computed sample size to the items greater than the average and the remaining
onethird to items below the average.
c. The auditor would apply the sample selection method (random, systematic, or haphazard) separately to
each stratum based on the sample size allocated. First, the auditor would select twothirds of the sample
items from the upper stratum and then onethird from the lower stratum.
Choosing a Method. The auditor might consider using random selection (with a random number table or micro
computergenerated numbers) or systematic selection with several random starts when performing nonstatistical
sampling. However, using one of these randombased methods does not make the sampling application statistical.
Haphazard selection may be used when the population is not numbered or when other circumstances make use of
a randombased method impractical.
Random Selection Using Random Numbers. SAS No.39, as amended requires that sample items be selected in
such a manner that each item in the population has an opportunity to be selected. The following randombased
213

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

selection methods meet this requirement and are commonly used in selecting statistical audit samples (and may
be used when selecting nonstatistical samples):
Random number table.
Computergenerated random numbers.
Evaluation and Other Requirements
Projecting Sample Results. The evaluation of sample results has two aspects. The auditor must project the
misstatement. (Various approaches to projecting misstatement are explained later in this lesson.) Also, the auditor
must consider the sampling risk. In a statistical sample, sampling risk is objectively measured using probability
theory. In a nonstatistical sample, sampling risk must still be considered and restricted to a relatively low level, but
cannot be objectively measured. This is the primary conceptual distinction between statistical and nonstatistical
sampling.
Additional Requirements. SAS No.39 imposes additional requirements for certain types of audit procedures
using sampling. These requirements are considered in the following discussion.

214

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
27. Clint plans to use substantive audit sampling during the course of his audit engagement, and must choose
between statistical and nonstatistical sampling. Which of the following factors accurately describes the
sampling approach(es)?
a. Statistical sampling will give him the most reliable sample size.
b. Nonstatistical sampling requires more planning tasks beforehand.
c. The sampling approach he chooses will determine the audit procedures he applies.
d. For both approaches, he must define the population and select sample items.
28. Define sampling unit as related to audit sampling.
a. The individual items that are subjected to audit procedures.
b. All items that constitute the account balance or class of transactions.
c. Sample items selected in a way that gives all items a chance to be selected.
d. Items selected in a haphazard manner without conscious bias.

215

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
27. Clint plans to use substantive audit sampling during the course of his audit engagement, and must choose
between statistical and nonstatistical sampling. Which of the following factors accurately describes the
sampling approach(es)? (Page 212)
a. Statistical sampling will give him the most reliable sample size. [This answer is incorrect. According to SAS
No. 39, generally, comparable sample sizes will result from the statistical and the nonstatistical approach,
if the same sampling parameters are applied.]
b. Nonstatistical sampling requires more planning tasks beforehand. [This answer is incorrect. Regardless
of which approach Clint chooses, he must properly plan, perform, and evaluate the results of the sample.]
c. The sampling approach he chooses will determine the audit procedures he applies. [This answer is
incorrect. The types of procedures Clint applies will not be determined by whether he selects the statistical
or nonstatistical sampling approach.]
d. For both approaches, he must define the population and select sample items. [This answer is
correct. In addition, Clint will also need to project the sample results to the population and consider
the risk of sampling.]
28. Define sampling unit as related to audit sampling. (Page 212)
a. The individual items that are subjected to audit procedures. [This answer is incorrect. This is the definition
of the term population.]
b. All items that constitute the account balance or class of transactions. [This answer is correct.
Examples include expense checks, payroll, checks, and customer account balances. Sampling
units must be properly identified before the sample is selected to produce an effective and efficient
sampling application.]
c. Sample items selected in a way that gives all items a chance to be selected. [This answer is incorrect. This
is the definition of a representative sample, as explained in SAS No. 39.]
d. Items selected in a haphazard manner without conscious bias. [This answer is incorrect. Sample items can
be selected using random selection, systematic sampling, or haphazard selection.]

216

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

CONSIDERATIONS FOR SUBSTANTIVE TESTS OF DETAILS
The guidance in SAS No.39 is divided between substantive tests of details (or transactions) and tests of controls.
For tests of details, no distinction is made between tests of details of transactions and tests of details of account
balances. According to SAS No.39 (AU 350.15), as amended, in planning an audit sample for a particular test of
details, an auditor should consider the following:
a. The relationship of the sample to the audit objective.
b. Preliminary judgments about materiality levels (tolerable misstatement).
c. The risk of incorrectly accepting a materially misstated population (allowable risk of incorrect acceptance).
d. Characteristics of the population; that is, the items that make up the account balance or class of
transactions of interest.
At this point in planning, an auditor would have already developed specific audit objectives, selected a procedure
to achieve a particular audit objective, and determined that it was necessary to use audit sampling in applying the
procedure.
Planning Considerations
Assessing Risk of Incorrect Acceptance. The risk of incorrect acceptance is the risk that the auditor will, after
performing audit procedures on the sample and projecting the results, fail to detect that the population being
sampled is materially misstated. The allowable risk of incorrect acceptance is the sampling aspect of the audit risk
model. Theoretically, if no procedures besides the one being applied using sampling are relevant to achieving an
audit objective and both inherent risk and control risk are assessed as high, then audit risk is equal to the allowable
risk of incorrect acceptance. In practice, the auditor first assesses the risk of material misstatement of the related
account and the audit evidence provided by other substantive procedures. Then the auditor determines the
allowable risk of incorrect acceptance based on those assessments.
In audit sampling, there is an inverse relationship between the allowable risk of incorrect acceptance and required
sample sizes. Generally, as the allowable risk of incorrect acceptance decreases, the required sample size
increases. Statistical sampling allows an auditor to determine a specific percentage of allowable risk of incorrect
acceptance, such as 5%, and either hold the risk to that level or measure the risk actually achieved by the sample
results. Although nonstatistical sampling does not allow the auditor to measure the risk achieved, the relationship
between the sample size and the allowable risk of incorrect acceptance still applies. The lower the allowable risk,
the larger the required sample size. In the PPC sampling approach, this relationship is achieved through the
selection of risk factors.
Assessing Tolerable Misstatement. Tolerable misstatement is a concept defined in SAS No.39, as amended,
(AU350.17) as amended. SAS No. 39 states that the auditor considers how much monetary misstatement in the
related account balance or class of transactions may exist when combined with misstatements that may be found
in other tests without causing the financial statements to be materially misstated. This maximum monetary misstate
ment that the auditor is willing to accept for the balance or class is called tolerable misstatement for the sample."
This reference also indicates that tolerable misstatement relates to the auditor's determination of materiality for
planning the financial statement audit (or planning materiality) such that tolerable misstatement for all balances
when combined does not exceed the financial statement materiality. This means that tolerable misstatement is just
another term for planning materiality at the account balance level. The term is used in this course both because it
is shorter and because it is the term used in the risk assessment standards including SAS Nos. 107 and 111. The
sample size for a balance or class of transactions will increase as the tolerable misstatement for the balance or
class decreases. As the tolerable misstatement increases, the sample size required will decrease. In other words,
if a large percentage of the balance could be misstated without causing a material misstatement of the financial
statements, then the sample size can be very small. In contrast, if a small percentage misstatement in the balance
could cause a material misstatement of the financial statements, then the sample size should be larger.
Assessing Expected Misstatement. Another factor that affects sample size is the size or frequency of expected
misstatements. With any sample selected, there is a certain degree of expected misstatement. It is anticipated at
217

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

the beginning of the sampling process that the misstatement will be equal to or less than the tolerable misstate
ment. Otherwise, there would be no point in sampling because the account would be expected to be misstated by
a material amount. As the size or frequency of expected misstatement increases, the sample size required to
accomplish the objectives also increases. If the expected misstatement decreases, the sample size decreases. The
determination of the expected misstatement is based on knowledge of the population and previous experience.
In assessing expected misstatement, the auditor should avoid two possible sources of confusion. First, expected
misstatement does not include accounting adjustments that are typically necessary and expected to close the
books, such as normal accruals and deferrals. Second, the expected misstatement is that amount of misstatement
expected for the remaining population (after individually significant items have been removed) from which the
sample is drawn, so it is the expected projected misstatement.
Considering Population Size. The number of items in the population is not usually an important factor in
determining sample size for a statistical sample or a nonstatistical sample. Sample size for a substantive procedure
is influenced much more by the amount of variance in the population than by the number of items in the population.
The most important practical implication of this fact is that it is either inefficient or ineffective to determine sample
size as a fixed percentage of the population. No one recommends this approach, but some auditors have custom
arily used a fixed percentage of the number of items in the population (such as10%) as sample size. If the
population is very large (for example, over 5,000 items), this approach normally results in unnecessarily large
sample sizes. If the population is very small (for example, 100 items), the sample size is normally too small.
While the size of the population in sample units (i.e., the number of items in the population) is generally not an
important factor in determining sample size, there can be unusual situations in which population characteristics
create problems in using the approach recommended in this lesson. When tolerable misstatement is approximately
equal to the average size of items in the population, the indicated sample size will be approximately the entire
population. In these circumstances, the auditor should consider whether there are other ways to substantiate the
balance that are more efficient, such as by performing an analytical procedure with a high degree of precision.
Relating Factors to Determine Sample Size. The AICPA Sampling Guide in Table 44 summarizes the effects of
changes in various factors, such as tolerable misstatement and inherent and control risk, on sample sizes for
substantive tests of details. Table 44 illustrates the relative effect of the factors (that is, smaller or larger) on sample
size rather than providing specific numerical sample sizes. Table 45 of the AICPA Sampling Guide illustrates
specific numerical sample sizes that might be used for statistical or nonstatistical sampling based on the Monetary
Unit Sampling (MUS) statistical approach [sometimes called the Probability Proportional to Size (PPS) approach].
The nonstatistical sampling approach discussed in this lesson is based on the same underlying statistical
approaches as Table 45 in the AICPA Sampling Guide. This nonstatistical approach draws on statistical sampling
theory, but combines that theory with practical judgments and the collective experience of many auditors to
facilitate implementation.
A Practical Approach to Nonstatistical Sampling
The most significant problem facing an auditor trying to use audit sampling is how to deal with essentially statistical
concepts, such as tolerable misstatement, risk of incorrect acceptance, and expected misstatement for the popula
tion, when a nonstatistical sampling approach is used. The use of the following approach in conjunction with the
related practice aid on planning materiality is recommended. As noted in the preceding paragraph, this approach
is based on the statistical theory underlying MUS sampling. The use of this model as a practical method of
determining sample size for nonstatistical sampling is recommended. The steps in Exhibit 25 are applied in this
method. The following paragraphs describe the auditor's considerations for each step.

218

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Exhibit 25
A Practical Approach to Nonstatistical Sampling
Step Description
1. Assess appropriate level of tolerable misstatement.

2. Assess the risk of material misstatement.

3. Assess the other substantive procedures risk.
4. Use the table in Exhibit 27 to determine a risk factor.
5. Estimate population balance after removal of items to
be examined 100% (individually significant items).
6. Consider the amount of expected likely misstatement
in the population to be sampled.

Required Result
Tolerable misstatement amount (normally
calculated as 50%75% of planning material
ity).
One of three qualitative levels of risk high,
moderate, or low based on the assessment
of inherent and control risk.
One of three qualitative levels of risk high,
moderate, or low.
A factor between 0.9 and 3.0.
Quantified amount.
If expected misstatement exceeds onethird
of tolerablemisstatement, sampling nor
mally should not be used.

7. Estimate the sample size using the following formula:
Dollar value of remaining
population (step 5)
Risk factor
Tolerable misstatement (steps 2, 3, and 4)
(step 1)
8. Adjust sample size for lack of stratification in the
sample, if applicable.

*

*

Sample size.
Possible sample size increase.

*

Step 1 Assess Tolerable Misstatement. The amount that should be used for tolerable misstatement is normally
75% of planning materiality. Planning materiality relates to financial statements taken as a whole and is used to
derive a total tolerable misstatement that also relates to the financial statements taken as a whole. Because the
financial statements may be viewed as a single population of dollars when using MUS sampling, the same tolerable
misstatement amount may be used in all sampling applications using the recommended approach. Note that this
is not true for classical statistical sampling.
Step 2 Assess the Risk of Material Misstatement. The risk of material misstatement is the combination of
inherent risk and control risk. Exhibit 26 shows how the assessments of inherent risk and control risk may be
combined to determine the risk of material misstatement. The auditor can document inherent risk, control risk, and
the resulting risk of material misstatement.

219

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 26
Combined Risk of Material Misstatement
Control Risk Assessment

IInherent
h
t Ri
Risk
k
Assessment

High

Moderate

Low

High

High

High

Moderate

Moderate

Low

Low

Low

Low

Low

Moderate
Low

*

*

*

Theoretically, the auditor should assess the risk of material misstatement of the population to be sampled (that is,
the account balance excluding individually significant items). However, in sampling applications, the risk of material
misstatement for the account normally is a reasonable approximation of the risk of material misstatement of the
remaining balance. Because the risk of material misstatement in the remaining balance is almost always equal to
or less than the risk for the entire account balance, using the risk of material misstatement for the entire account is
both reasonable and conservative.
Step 3 Assess the Other Substantive Procedures Risk. As previously discussed, other substantive procedures
risk is the risk that related substantive procedures besides sampling, such as analytical procedures, will fail to
detect a material misstatement. This risk assessment is inversely related to the effectiveness of the other substan
tive procedures (that is, the more effectively the other substantive procedures contribute to addressing the same
assessed risks as the sampling procedure, the lower the risk assessment).
Step 4 Identify a Risk Factor. The fourth step is to identify a risk factor using the table presented at Exhibit 27.
The factors in the table correspond to levels for the risk of incorrect acceptance. The factors range from 3.0 to 0.9,
which is analogous to a range of 5% to 40% of the risk of incorrect acceptance. A factor of 3.0 is used when the
auditor assesses the risk of material misstatement as high and there are no effective related procedures being
applied. A factor of 0.9 is used when the risk of the account balance or transaction class being materially misstated
is assessed as low and very effective related substantive procedures are being applied. Use of the table permits the
auditor to hold the audit risk to an appropriately low level while adjusting the level of the risk of incorrect acceptance
in response to the other assessed levels of risk. This table permits the auditor to adjust sample size to various
combinations of assessed risk levels.
Exhibit 27
Table for Determination of Risk Factor
Other Substantive Procedures Risk
High

Moderate

Low

High

3.0

2.3

1.9

Moderate

2.3

1.6

1.2

Low

1.9

1.2

0.9

Risk of Material Misstatement

*

*
220

*

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Step 5 Estimate Remaining Population. The next step is to determine the dollar amount of items to be sampled
by reducing the total amount of the balance or transaction class by individually significant items. As explained
earlier, an item may be individually significant because of its nature or size. Generally, the most efficient approach
is to identify individually significant dollar items as all items greater than or equal to tolerable misstatement divided
by the applicable risk factor as determined in Step 4. That is, the fewest total number of items will be tested when
individually significant dollar items are defined as tolerable misstatement divided by the applicable risk factor.
Often, however, the efficiency gained between using onethird, onehalf, or some other fraction of tolerable mis
statement is minimal. Consequently, it is recommended that individually significant dollar items be defined as all
items greater than or equal to onethird of tolerable misstatement. However, the cutoff amount for individually
significant dollar items can be any amount up to tolerable misstatement. The choice of a cutoff amount is a matter
of efficiency.
Step 6 Consider Expected Misstatement. The last step before determining the sample size is to consider the
amount of expected likely misstatement in the population to be sampled based on the auditor's knowledge of the
population and prior experience. If the amount of likely (that is, projected) misstatement is expected to exceed
onethird of tolerable misstatement, sampling normally is not appropriate. If expected misstatement exceeds
onethird of tolerable misstatement, the auditor should ask the client to correct the population. After the client has
taken steps to correct the population, then it may be appropriate to sample the corrected population, if necessary.
Step 7 Estimate Sample Size. To calculate the sample size, divide the total of the population to be sampled
(account balance or transaction class less individually significant items) by tolerable misstatement, and multiply
that result by the risk factor determined in Step 4.
Step 8 Increase Sample Size for Lack of Stratification. This sampling approach depends on dividing the items
being tested into at least three groups: individually significant items and an upper and lower group of remaining
items. If the auditor finds it impractical to stratify after identifying individually significant items, the sample size
calculated in Step 7 must be increased. The AICPA Sampling Guide (paragraph 4.32) notes that auditors typically
increase the sample size from 10% to 50% if the sample is not stratified but notes that an adjustment of 100% or
more may be needed when there is extreme variability in the characteristic of audit interest. It has been noted that
firms with nonstatistical sampling plans advocate different percentage increases ranging from 10% to 100%. It is
recommended that sample size be increased approximately 20% if stratification is not practical and there is not a
significant variation in the items being sampled.
Selecting the Sample
The auditor may use one of several methods to select a substantive sample (such as, random selection, systematic
selection, or haphazard selection). The important point is that the auditor should ensure that all items in the
population have a chance to be selected. Accordingly, the auditor should determine that the sample population
actually includes all of the items comprising the balance. There are many ways to determine the completeness of
a sample population, including:
a. If the sample is selected from a trial balance, the auditor can foot the trial balance and reconcile the total
to the account balance.
b. If the items are numerically sequenced, the auditor can scan the accounting records to account for the
numerical sequence of items in the population and select the sample from that sequence.
Document how the completeness of the sample population was considered.
Using Data Extraction Software to Select the Sample. Some auditors may use data extraction software in audit
sampling. The discussion in the following paragraphs assumes auditors use the approach presented in here to
calculate the sample size and evaluate the sample results; data extraction software is used only to select the
sample.
The ability of data extraction software to quickly process large volumes of data can save time spent on sample
selection. Using data extraction software, the auditor can check a control total of the file being sampled to ensure
the completeness of the population prior to selecting the sample. Alternatively, if the items in the population are
221

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

numerically sequenced, the auditor can test for gaps and duplicates to account for the numerical sequence of
items in the population prior to sampling. The auditor can also use data extraction software to extract individually
significant and unusual items from the population (based on criteria specified by the auditor) prior to sampling.
Projecting the Misstatement
The auditor may use one of several methods to satisfy the requirement of SAS No.39 (AU 350.26) to project the
sample misstatement to the population. Two of the more commonly used methods are as follows:
a. Ratio Method. This method is also called the rate of misstatement method. The ratio of sample misstatement
to sample dollars (the total of all items selected) is multiplied by population dollars (the total of the
population from which the sample was selected) to project the misstatement as follows:
Sample misstatement
Population dollars = Projected population misstatement
Sample dollars
Thus, if an auditor has identified $500 of sample misstatement, sample dollars are $60,000, and population
dollars are $600,000, the projected misstatement would be calculated as:
$500
$600,000 = $5,000 (projected population misstatement)
$60,000
b. Difference Method. Using this method, the auditor calculates the average amount of misstatement in the
sample and multiplies that average by the number of items in the population, as follows:
Sample misstatement
Population items = Projected population misstatement
Sample items
If the previous example included a sample of 100 items and the population had 1,000 items, the calculation
would be as follows:
$500
1,000 = $5,000 (projected population misstatement)
100
The ratio and difference methods only produce the same result if the proportion of the number of sample items to
population items is the same as the ratio of sample dollars to population dollars. Usually, the two methods do not
produce the same results. The auditor should select one of the methods based on whether there is reason to
expect a relationship between the amount of the misstatement and the amount of the item.
Factor

Method

1. Misstatement relates to size of the item.

Ratio (or Rate of Mis
statement) Method.

2. Misstatement relatively constant for all items.

Difference Method.

The AICPA Sampling Guide discusses the ratio and difference methods (Paragraphs 4.764.78) as well as a third
method the MUS method (Paragraph 4.79). The MUS method uses tainting factors (that is, the ratio of each
detected misstatement to the book value of that item) to project the sample misstatement. The sum of the tainting
factors is multiplied by the sampling interval (that is, the total population amount in dollars divided by the sample
size) to obtain an estimate of the total misstatement.
Considering Sampling Risk
SAS No.39, as amended (AU 350.26), states that the total projected misstatement should be compared with the
tolerable misstatement for the account balance or class of transactions, and appropriate consideration should be
given to sampling risk." Sampling risk is the risk that the auditor may reach a different conclusion if audit proce
dures are applied to a sample than if they are applied to all items in a population.
222

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

In a statistical sample, sampling risk can be measured based on sample results. In a nonstatistical sample, precise
measurement is impossible. However, using the sampling model discussed here, the auditor may consider sam
pling risk through answering the following questions:
a. Does projected misstatement exceed expected misstatement? If yes,
b. Does projected misstatement exceed onethird of tolerable misstatement?
If the answer to these questions is no," the auditor usually need not be concerned about unacceptable sampling
risk under this sampling model. If the answer to both questions is yes," the auditor would normally assume there
is an unacceptable risk that true misstatement exceeds tolerable misstatement. The following example summarizes
this analysis:
Grants and contracts receivable balance $1,675,000.
Tolerable misstatement $150,000 (onethird of $150,000 = $50,000).
Expected misstatement $25,000.
Projected
Misstatement

Acceptable
Sampling
Risk

$15,000

X

25,000

X

50,000

Unacceptable
Sampling
Risk

(could be either)

60,000

X

70,000

X

In this case, projected misstatement over $50,000 (onethird of tolerable misstatement) would indicate unaccept
able sampling risk and in the $25,000 to $50,000 range would indicate potentially unacceptable sampling risk. A
qualitative analysis of detected misstatements should always be made to determine the nature and cause of the
misstatement. When the auditor concludes that there is unacceptable sampling risk, qualitative analysis of mis
statements is especially important so the auditor can determine the best way to reduce the unacceptable sampling
risk (for example, consideration of what kinds of misstatements are occurring and what items in the population are
most likely to be misstated).
Considering Qualitative Characteristics
The size or frequency of misstatements in a sampling application are not the only factors that should be consid
ered. An auditor should, according to SAS No. 39 (AU 350.27), as amended by SAS No. 111, consider the following
qualitative factors:
a. Nature and cause of any misstatements:
(1) Is the misstatement an error (unintentional) or is it possible fraud (intentional)?
(2) If the misstatement is an error, is it due to misunderstanding of instructions or carelessness?
b. Relationship of misstatements to other phases of the audit.
Documentation of Substantive Sampling Applications
When audit sampling is used in tests of controls and substantive tests of details, SAS No. 103, Audit Documentation
(AU 339.20), requires auditors to identify in the workpapers the items tested. There is no other specific requirement
to document factors related to audit sampling applications, except the requirement to document tolerable misstate
223

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

ment in SAS No. 107 (AU 312.69) and the requirement to document the assessment of the risk of material
misstatement at the relevant assertion level in SAS No. 109 (AU 314.122). However, the AICPA Sampling Guide
(Paragraph 4.93) identifies examples of items that the auditor typically documents for substantive audit samples.
The auditor does not need to document a matter that is implicit in the form or practice aid that a firm has adopted.
Alternative Approach for Substantive Tests of Transactions
The sampling method explained here is an approach to nonstatistical sampling that may be applied either to
account balances or transaction classes. This approach will always be effective for a substantive test of transac
tions. However, this approach may not be the most efficient when the audit procedure being applied using
sampling is not intended solely to validate the total amount of a transaction class, for example, when the auditor is
testing the classification of disbursements, or when the population is composed of a large number of items all
similar in amount. An alternative approach to this type of substantive test of transactions that uses attribute
sampling as a model is explained later in this course.

224

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
29. This course recommends using an eightstep approach to deal with nonstatistical sampling. What is the first
step of this approach?
a. Assess the risk of material misstatement.
b. Estimate population balance.
c. Adjust sample size for lack of stratification.
d. Assess appropriate level of tolerable misstatement.
30. Based on the information in Exhibit 26, which of the following audits has the lowest risk of material
misstatement?
a. Zoey's client has high inherent risk and moderate control risk.
b. Carlos's client has low control risk and high inherent risk.
c. Leo's client has moderate inherent risk and high control risk.
d. Julie's client has moderate control risk and moderate inherent risk.
31. Dave needs to estimate the sample size for his test of details. The total remaining balance of the population is
$50,000. Tolerable misstatement is $2,500. Using the table at Exhibit 27, Dave estimated that the risk of material
misstatement is low, but the risk of assessment of other substantive procedures is high. Calculate Dave's
sample size.
a. 20.
b. 38.
c. 60.
d. 1,316.
32. Alice plans to project the misstatement from her audit sampling to the entire population using the ratio method.
The amount of sample misstatement is $600, the amount of sample dollars is $50,000, and the amount of
population dollars is $500,000. The number of sample items Alice used is 150, and the total number of items
in the population is 2,000. Calculate the projected population misstatement.
a. $60.
b. $6,000
c. $8,000.
d. $150,000.

225

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

33. According to the SAS No. 39 (AU 350.27), as amended by SAS No. 111, which of the following is a qualitative
factor that an auditor should consider when using audit sampling?
a. Whether the projected misstatement exceeds expected misstatement.
b. Whether the projected misstatement exceeds onethird of tolerable misstatement.
c. Whether misstatement is relatively constant for all items.
d. Whether any misstatements are related to other phases of the audit.

226

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
29. This course recommends using an eightstep approach to deal with nonstatistical sampling. What is the first
step of this approach? (Page 219)
a. Assess the risk of material misstatement. [This answer is incorrect. This is the second step of the approach.
After the auditor assesses the risk of material misstatement, he or she should assess the other substantive
procedures risk.]
b. Estimate population balance. [This answer is incorrect. This is the fifth step of the recommended approach,
and the auditor would do this after individually significant items have been removed.]
c. Adjust sample size for lack of stratification. [This answer is incorrect. If this step is applicable to the audit
in question, it would be done last. If the auditor performs this step, it is possible that the sample size will
increase.]
d. Assess appropriate level of tolerable misstatement. [This answer is correct. The tolerable
misstatement amount would normally be calculated as 5075% of planning materiality.]
30. Based on the information on Page 220, which of the following audits has the lowest risk of material
misstatement? (Page 218 and Page 220)
a. Zoey's client has high inherent risk and moderate control risk. [This answer is incorrect. In this scenario,
the risk of material misstatement is high.]
b. Carlos's client has low control risk and high inherent risk. [This answer is incorrect. In this situation, the risk
of material misstatement would be assessed as moderate.]
c. Leo's client has moderate inherent risk and high control risk. [This answer is incorrect. The risk of material
misstatement in this scenario is assessed as moderate.]
d. Julie's client has moderate control risk and moderate inherent risk. [This answer is correct. The risk
of material misstatement in this situation would be assessed as low, even though both types of risk
are considered moderate.]
31. Dave needs to estimate the sample size for his test of details. The total remaining balance of the population is
$50,000. Tolerable misstatement is $2,500. Using the table on Page 220, Dave estimated that the risk of material
misstatement is low, but the risk of assessment of other substantive procedures is high. Calculate Dave's
sample size. (Page 220)
a. 20. [This answer is incorrect. This is the total of the population ($50,000) divided by the tolerable
misstatement ($2,500), but the risk factor was not taken into account.]
b. 38. [This answer is correct. The correct calculation to estimate the sample size is to divide the total
of the population ($50,000) by the tolerable misstatement ($2,500) and multiply that by the risk factor
(in this case, 1.9).]
c. 60. [This answer is incorrect. In this calculation, the wrong risk factor number was used (3.0).]
d. 1,316. [This answer is incorrect. In this calculation, the tolerable misstatement ($2,500) was divided by the
risk factor (1.9). The total of the population was not taken into account.]
32. Alice plans to project the misstatement from her audit sampling to the entire population using the ratio method.
The amount of sample misstatement is $600, the amount of sample dollars is $50,000, and the amount of
227

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

population dollars is $500,000. The number of sample items Alice used is 150, and the total number of items
in the population is 2,000. Calculate the projected population misstatement. (Page 221)
a. $60. [This answer is incorrect. This answer is the result of the following incorrect formula: $600/$500,000
$50,000.]
b. $6,000. [This answer is correct. To calculate projected misstatement using the ratio method, the
amount of sample misstatement ($600) should be divided by the sample dollars ($50,000), and the
result should be multiplied by the population dollars ($500,000).]
c. $8,000. [This answer is incorrect. To get this answer, the difference method was used to calculate the
projected misstatement. The difference method calculation is the sample misstatement ($600) divided by
the sample items (150) multiplied by the number of population items (2,000).]
d. $150,000. [This answer is incorrect. To get this answer, the number of items was incorrectly used in the
formula ($600/2,000 $500,000).]
33. According to the SAS No. 39 (AU 350.27), as amended by SAS No. 111, which of the following is a qualitative
factor that an auditor should consider when using audit sampling? (Page 223)
a. Whether the projected misstatement exceeds expected misstatement. [This answer is incorrect. This is a
consideration that an auditor should have if a nonstatistical sampling model is used. This consideration
will help the auditor evaluate sampling risk.]
b. Whether the projected misstatement exceeds onethird of tolerable misstatement. [This answer is
incorrect. If an auditor used a nonstatistical sampling method, this consideration would help him or her
determine if the amount of sampling risk is acceptable.]
c. Whether misstatement is relatively constant for all items. [This answer is incorrect. This would be a
consideration for determining what method to use to project the misstatement to the rest of the population.
If this were true, the auditor should use the difference method.]
d. Whether any misstatements are related to other phases of the audit. [This answer is correct. The
other qualitative factor that the auditor should consider is the nature and cause of any
misstatements (e.g., if the misstatement is an error or fraud).

228

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

AUDIT SAMPLING AND TESTS OF CONTROLS
Tests of controls should be performed only when the auditor's risk assessment includes an expectation of the
operating effectiveness of controls (i.e., an expectation of assessing control risk as either low" or moderate") or
when substantive procedures alone do not provide sufficient appropriate audit evidence at the relevant assertion
level. In many engagements, tests of controls using audit sampling are tests of details of transactions. All of the
requirements of SAS No. 39 apply to this type of test. When performing a Single Audit, auditors are required to
perform tests of controls. The mechanics of sampling for tests of controls, whether in a financial statement audit or
a Single Audit are discussed here.
Generally, audit sampling is used for tests of controls directed toward operating effectiveness where there is
documentation of the control's operation. These tests normally include inspecting the documents and reperforming
the application of the control. In practice, the most common test of controls that uses audit sampling is a test of
transactions. This test is directed to the effectiveness of controls. In some cases, it may be efficient to perform this
test of controls in combination with a substantive test of transactions. SAS No. 110 (AU 318.33) describes this type
of dualpurpose test as follows:
When responding to the risk assessment, the auditor may design a test of controls to be
performed concurrently with a test of details on the same transaction. The objective of tests of
controls is to evaluate whether a control operated effectively. The objective of tests of details is to
support relevant assertions or detect material misstatements at the relevant assertion level.
Although these objectives are different, both may be accomplished concurrently through
performance of a test of controls and a test of details on the same transaction, known as a
dualpurpose test.
SAS No. 39 (AU 350.44), as amended, provides the following guidance when a sample is used for dual purposes
(i.e., testing the operating effectiveness of an identified control and testing whether the recorded monetary amount
or transaction is correct):
The size of a sample designed for dual purposes should be the larger of the samples that would
otherwise have been designed for the two separate purposes. In evaluating such tests, deviations
from the prescribed control and monetary misstatements should be evaluated separately using
the risk levels acceptable for the respective purposes.
An efficient approach to dualpurpose testing that can be used when appropriate and is presented later in this
lesson.
Terminology for Sampling in Tests of Controls
The following discussion uses these sampling terms:
Deviation. Departure from the prescribed control policy or procedure.
Tolerable Rate. The maximum rate of deviations that would still support the planned assessed level of
control risk.
Risk of Assessing Control Risk Too Low. The auditor's allowable risk of assessing control risk too low, an
aspect of sampling risk. If control risk is assessed too low, the auditor may inappropriately rely on a control.
Thus, this risk is also called the risk of overreliance.
Expected Rate. The rate of deviations the auditor expects based on prior experience and knowledge of the
characteristics of the population.
Population. The class of transactions being sampled.
The basic approach to applying tests of controls is the same regardless of whether sampling is used. However,
there are additional matters to consider when using audit sampling methods. Exhibit 28 illustrates how those
additional considerations are integrated into the basic approach to testing controls. Discussion of those additional
considerations and how they affect tests of controls follows.
229

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 28
Tests of Controls Using Audit Sampling
Step Description
1. Identify suitable controls to be tested and, if applicable, the related substantive procedures to be
reduced.
2. Consider whether testing controls is practical.a Consider whether there is documented evidence of the
application of the controls.
3. Select appropriate tests of controls.
a. Define deviation for purposes of the test.
b. Define the population to be sampled.
c. Determine the tolerable rate of deviations.
d. Determine the allowable risk of assessing control risk too low (risk of overreliance).
e. Determine the expected rate of deviations.
f. Compute the required sample size.
g. Determine the method of sample selection.
4. Perform tests of controls. Select sample and apply audit procedures to the sample.
5. Evaluate the results of the tests of controls. Compare sample rate of deviations to tolerable rate of
deviations and consider the effect of sampling risk.
6. Assess control risk.
7. Document the tests performed and conclusions reached.
Note:
a

The auditor may wish to compute an estimated sample size for the test of controls (Step3f.) before
determining whether testing controls is practical. However, OMB Circular A133 requires tests of
controls in Single Audits.

*

*

*

STEP 1Identify Controls and Related Substantive Procedures
The first step in planning the sample is to identify the controls to be tested and, if applicable, the related substantive
procedures to be reduced. This step requires identifying controls relevant to specific assertions. Some auditors
specify audit objectives and control objectives for each major transaction class as an aid in linking controls with
financial statement assertions.
STEP 2Consider Whether Testing Controls Is Practical
A test of controls using audit sampling is a test directed toward operating effectiveness. The auditor should perform
tests of controls in the following circumstances:
a. When the auditor's risk assessment includes an expectation of the operating effectiveness of controls. This
would only apply to controls that the auditor has determined are designed to prevent or detect a material
misstatement in a relevant assertion.
230

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

b. When substantive procedures alone do not provide sufficient appropriate evidence at the relevant assertion
level (AU 318.23 and AU 326.22).
c. When required for a Single Audit.
When sampling is used in tests of controls, the auditor should also consider whether there is documented evidence
of the application of the identified controls (such as rubber stamps, initials, matched source documents, etc.).
Without documented evidence, it may be difficult to test those controls using audit sampling.
STEPS 3 and 4Select and Perform Tests of Controls
Documented controls are normally readily susceptible to testing through sampling. A common type of control
activity tested is a checking routine or approval evidenced by initials, signatures, or stamps on documents. The
approach is usually to sample the documents, inspect items selected for evidence that control activities were
performed, and reperform the procedure to test its effectiveness.
Performing tests of controls when sampling is used involves many considerations besides the type of test proce
dure. The auditor also must:
a. Define deviation for purposes of the test.
b. Define the population to be sampled.
c. Determine the tolerable rate of deviations.
d. Determine the allowable risk of assessing control risk too low (risk of overreliance).
e. Determine the expected rate of deviations.
f. Compute the required sample size.
g. Determine the method of sample selection.
Exhibit 29 compares the sampling considerations in tests of controls to those for substantive tests of details.
Exhibit 29
Distinguishing Features of Sampling in Tests of Controls
Feature
Objective

Distinguishing Trait
A controltransaction objective (for example, all receipts are
recorded) is specified to link with the related assertion (such as
completeness).
Should identify particular substantive procedures that will be modi
fied in response to results of tests of controls.

Deviation

The characteristic of interest is adherence to a control; an exception
or deviation is defined as a lack of adherence rather than monetary
misstatement.

Population

Definition has to include time period covered.
Units may be unpriced, so completeness may be considered by
accounting for sequence of prenumbered documents rather than
footing.

Selection

No stratification. (The characteristic is an attribute, present or not
present, so variance depends entirely on the deviation rate.)

Sample Size

Factors that influence size differ; the primary difference is concern
with the rate, rather than the dollar amount.
231

Companion to PPC's Guide to Audits of Nonprofit Organizations

Feature

NPOT09

Distinguishing Trait

Performance

Procedures applied include inspecting evidential matter of design
and operation of controls.

Evaluation

Relation should be established between deviation rate and risk of
monetary misstatement (precisely how sample results will relate to
substantive tests).

Documentation

As indicated in establishing the objective, the relation to particular
substantive procedures should be specified.
Specific items tested must be documented.

*

*

*

Define Deviations. The auditor should specify the conditions that will be regarded as a deviation from prescribed
controls. To be efficient, the auditor should focus only on those controls that are important to respond to identified
risks of material misstatements. The auditor should not test all of the controls involved in processing the transaction
being sampled, but only those that will have a significant bearing on the related substantive procedures. For
example, do not bother to test credit approvals on sales transactions when substantive procedures related to
collectibility will not be restricted anyway.
Define the Population. For a test of controls using audit sampling, the population is usually all transactions of a
particular type (for example, expenditures for goods and services for a specified time period, such as January 1,
20X1 to September30, 20X1). The time period may be the entire period covered by the financial statements, but
tests of controls may be applied at an interim date. SAS No.110 (AU318.37) indicates that when the auditor obtains
audit evidence about controls during an interim period, the auditor should determine what audit evidence should
be obtained for the remaining period by considering the following:
a. Significance of the assessed risks of material misstatement at the relevant assertion level.
b. The specific controls that were tested during the interim period.
c. The degree to which audit evidence about the operating effectiveness of those controls was obtained.
d. The length of the remaining period.
e. The extent to which the auditor intends to reduce further substantive procedures based on the reliance on
controls.
f. The control environment.
Tests of controls using audit sampling are usually tests of transactions. The sample unit in tests of controls is
individual transactions of a particular type, and the auditor must specify the physical sample unit that will be
selected (such as canceled checks when the population is cash disbursements).
Determine the Tolerable Rate. Deciding on the appropriate tolerable rate is strictly an audit judgment. Sampling
only forces the auditor to specify in advance what rate of deviation would correspond to the levels of control risk to
be used, that is, high, moderate, or low. Examples of tolerable rates commonly used in practice are as follows:
Planned Assessed
Level of Control Risk

Tolerable Rate

Low

5%7%

Moderate

10%12%

High

Omit Test
232

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Determine the Allowable Risk of Assessing Control Risk Too Low (Risk of Overreliance). This risk is similar to
the risk of incorrect acceptance in a substantive sample. This means that it
a. is an aspect of sampling risk, and
b. has a corresponding opposite risk (the risk of assessing control risk too high or risk of underreliance), which
does not have to be considered under authoritative pronouncements because it relates solely to efficiency.
Authoritative pronouncements are more specific about allowable risk than tolerable rate. SAS No.39, as amended,
(AU 350.37) explains that when a test of controls using audit sampling is the primary source of evidence of whether
the procedure is being applied as prescribed, the auditor should allow for a low level of risk of assessing control risk
too low (that is, sampling risk). SAS No. 39 (AU 350.37, footnote 13) even specifies how low: The auditor who
prefers to think of risk levels in quantitative terms might consider, for example, a 5 percent to 10 percent risk of
assessing control risk too low." Generally, the risk level is fixed at 10% in practice. This means there is 90%
assurance that the auditor is not assessing control risk too low or overrelying on controls. A 10% sampling risk is
allowed because the auditor never places complete reliance on the control risk assessment. In statistical theory,
either the risk or the tolerable rate could be varied in response to the assessed level of control risk. However, that
does not fit audit logic. The tolerable rate is more directly related to the risk of monetary misstatement.
Determine the Expected Rate of Deviations. The auditor should also consider the expected rate of deviation from
a particular control. Generally, if the expected rate is over onehalf the tolerable rate, sampling is not efficient.
However, if the expected rate is high, the auditor would not plan to assess control risk below the high" level. In
practice, many tests of controls using sampling plans assume a zero expected rate. This is analogous to the
statistical method of discovery sampling, and it is highly efficient. The established tolerable rate, allowable risk of
assessing control risk too low (risk of overreliance), and expected rate are the only factors that need to be specified
for determining sample size in a statistical sample size table. For example, TableA.2 to AppendixA in the AICPA
Sampling Guide gives sample sizes for a 10% sampling risk.
Compute Sample Size. In determining the sample size for a test of controls, SAS No.39 requires that the auditor
consider the tolerable rate, the risk of assessing control risk too low (risk of overreliance), and the expected rate of
deviations from prescribed controls. The only relevant population characteristic is usually the expected rate of
deviations. Population size is usually assumed to be infinite for convenience. Only very small population sizes
would influence sample size. Generally, if the population is smaller than 2,000 items, the conclusions are conserva
tive, that is, characteristics of the population are actually better than the statistical evaluation indicates, but there is
little efficiency to be gained by reducing the sample size until the population falls below approximately 200 items.
However, if the population is less than 200 items, the auditor should be aware that sample sizes in statistical
sampling tables or nonstatistical sampling approaches based on statistical methods may have a larger than
necessary sample size. In other words, the sample size is effective, but not efficient. Therefore, sample sizes are
provided for three ranges of population size: greater than 200, 100200, and less than 100.
A special case of small population size is a control that operates infrequently. For example, controls over a bank
reconciliation operate monthly or twelve times a year and controls over a weekly payroll operate 52 times a year.
The AICPA Sampling Guide (Paragraph 3.61) provides reasonable minimum sample sizes related to the frequency
of operation of controls as illustrated in Exhibit 210. The guidelines are based on the experience and judgment of
practicing auditors rather than being statistically derived.
Exhibit 210
Minimum Sample Sizes for Infrequently Operating Controls
Control Frequency and Population Size
Quarterly (4)
Monthly (12)
Semimonthly (24)
Weekly (52)

*

Sample Size
2
24
38
59

*
233

*

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

The sample sizes in Exhibit 210 are based on the assumption that the test of controls being performed is
supplemented by other sources of evidence, such as a walkthrough, corroborating inquiries, past experience with
the competence and diligence of the personnel, or other control testing. Also, the testing is assumed to be for one
or a few locations. For example, a weekly control performed at 50 locations would represent a population of 2,600,
which would be a large population.
An approach to sampling for tests of controls was developed that allows effective and efficient determination of
sample size. This approach is based on the statistical theory of attribute sampling, but it does not require special
ized statistical knowledge or training. This approach uses tolerable rates, a 10% risk of assessing control risk too
low (risk of overreliance) (90% confidence or assurance level), and a zero expected deviation rate. That means
when there is greater than a 10% risk that the deviation rate in the population exceeds approximately 12%, control
risk is assessed as high, and tests of controls would be inefficient. This recommended approach to sample size
determination is presented in Exhibit 211 for both large and small populations (however, for infrequently operating
controls, use the table in Exhibit 210).
Exhibit 211
Determination of Sample Size for a Test of Controls
Population Size
> 200
100200
< 100

Sample Size
40
35
30

25
22
20

Number of Deviations
(Expected or Actual)
0
1
2
3

*

60
50
45

Control Risk Assessment
Moderate
Low
Low
High
Moderate
Low
High
High
Moderate
High
High
Moderate

*

*

(High, moderate, and low indicate the planned or supported assessed level of control risk.)
Determine Sample Selection Method. The same selection methods described previously are appropriate for tests
of controls using audit sampling. However, it should be emphasized that block sampling (selecting all the transac
tions of a particular type for a day, week, or month) is not acceptable. A distinctive aspect of selecting a sample for
a test of controls is that, if any documents necessary to perform the test are missing, the items normally should be
counted as deviations. According to SAS No.39, as amended (AU350.40):
If the auditor is not able to apply the planned audit procedures or appropriate alternative
procedures to selected items, he should consider the reasons for this limitation, and he should
ordinarily consider those selected items to be deviations from the prescribed policy or procedure
for the purpose of evaluating the sample.
However, unused and legitimately voided documents do not have to be considered as deviations.
Statistical versus Nonstatistical Approaches. There are really no nonstatistical sampling plans for tests of controls
similar to those for substantive procedures. Some CPA firms use tables that relate qualitative levels of control risk
to sample size. However, the sample sizes are the same as would be determined from a statistical formula or
attribute sampling table using the same factors for tolerable rate, risk of assessing control risk too low (risk of
overreliance), and expected rate. That does not mean an auditor should necessarily use statistical tables in
planning and evaluating samples for tests of controls. If each individual auditor had to determine the appropriate
tolerable rate, risk of assessing control risk too low (risk of overreliance), and expected rate in planning every
sample, the results would be very inefficient. Audit time that could be spent more effectively in other areas would be
234

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

consumed in planning sample sizes. Also, there could be substantial variation in sample sizes in identical circum
stances because of differences in judgment about the determinants of sample size. It makes sense for a CPA firm
to adopt a uniform policy on sample sizes for tests of controls.
STEP 5Evaluate the Results of Tests of Controls Involving Sampling
Once the sample is selected and tested, the results of the test of controls must be evaluated. The table in Exhibit
211 can be used both to determine sample size during planning and to evaluate sample results. The table in
Exhibit 211 incorporates the consideration of sampling risk. The auditor cannot simply compare the projected rate
of deviation to the tolerable rate and assess controls as effective if the projected rate is lower. The auditor needs to
consider the effect of sampling risk (i.e., the risk that the true rate of deviation in the population may be higher than
the projected rate). If the table in Exhibit 211 is not used, the auditor needs to judgmentally consider the risk that
the true rate of deviation may differ from the sample rate. For example, if the auditor wants to assess control risk as
low for a population of 2,000 items and believes the sample results may include a single deviation, then a sample
size of 60 would be necessary. If more than one deviation is found in the sample, then the assessed level of control
risk would be at best moderate. Note that a sample size of 25 with no deviations for a population of 2,000 items will
at best support an assessed level of control risk of moderate. If one or more deviations are found, control risk will
have to be assessed at the high level. This occurs because of the high sampling risk associated with a small sample
size. A single deviation in a sample of 25 is an actual deviation rate of 4%. However, at a 10% risk of assessing
control risk too low, the true deviation rate in the population could be as high as 15%, and there is a 10% risk that
it is higher.
Practical Implications if Deviations Are Found. One practical implication of the table in Exhibit 211 is that, if the
auditor finds more than three deviations when the audit procedure is applied to the first few selected items, the
auditor should stop and assess control risk as high. Auditors often ask: If a deviation is found, can the sample size
be increased so that assessment of control risk at less than high is possible if no more deviations are found? The
answer is a qualified yes. The AICPA Sampling Guide (Paragraph 3.63) observes that a practical and conservative
ruleofthumb for expanding sample size is to at least double the sample size. If no additional deviations are found,
the auditor can support the planned control risk assessment. The AICPA Sampling Guide (Paragraphs 3.79.81),
however, also cautions the auditor that extending the sample when the initial sample was indicative of the true error
rate will likely result in further deviations being identified. That is, if the auditor expected no deviations when
planning the sample, then an unexpected deviation in the sample results may be indicative of other deviations in
the population. For that reason, and because it is believed that sample sizes of over 60 are inefficient, expanding
the sample is discouraged when unexpected deviations are found. It makes more sense for the auditor to increase
the extent of the substantive procedure and not attempt to restrict the substantive procedure by assessing control
risk as low or moderate. In using the table, it is important to remember that the sample results only indicate the
satisfactory functioning of a control procedure that the auditor has judgmentally concluded is effective as designed.
The initial judgment that the design of the control activity permits restricting the extent of substantive procedures if
the control activity functions effectively is strictly an audit judgment.
STEP 6Assess Control Risk
Essentially, assessing control risk involves applying the evaluation of the test (Step 5) to the assertions they were
matched with in Step 1. SAS No. 110 (AU 318.72) states that the auditor should determine whether the audit
evidence obtained from the test of controls:
a. provides a basis for reliance on the controls tested,
b. indicates the auditor should perform additional tests of controls, or
c. indicates the auditor needs to address the potential risk of material misstatement through substantive
procedures.
For controls that are determined to be effective, control risk for the related assertions is assessed as moderate or
low, depending on the sufficiency and appropriateness of the evidence obtained. Control risk is assessed as high
for remaining assertions because either (a) no related tests of controls were performed or (b) the related controls
were tested and determined to be ineffective. Using the table in Exhibit 211, the auditor can determine the
appropriate level of control risk given the sample size and number of deviations in the sample.
235

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

STEP 7Documenting Tests of Controls Involving Sampling
When using audit sampling for tests of controls, the auditor should consider the documentation requirements of
SAS Nos. 39, 103, and 109. SAS No. 109 at AU 314.122 requires the auditor to document the assessment of the
risks of material misstatement (which is a combination of both control risk and detection risk at the relevant
assertion level) both at the financial statement level and at the relevant assertion level, as well as the basis for the
assessment. SAS No. 103, Audit Documentation, requires the auditor performing tests of operating effectiveness of
controls involving inspection of documents to identify in the workpapers the items tested. A walkthrough ordinarily
is not a test of the operating effectiveness of controls. However, the auditor's documentation, which ordinarily is in
the form of a memo, should indicate which transaction(s) were selected for walkthrough. For reperformance tests
involving review of reconciliations and similar recordkeeping routines, it is believed documentation should identify
which routines were reperformed and the nature of the auditor's tests. SAS No.39 does not impose specific
documentation requirements for audit sampling, but the AICPA Sampling Guide (Paragraph3.93) suggests that the
auditor document the following matters:
a. A description of the control being tested.
b. The control objectives related to the sampling application, including the relevant assertions.
c. The definitions of the population and sampling unit, including how the auditor considered the
completeness of the population.
d. The definition of the deviation condition.
e. The acceptable risk of overreliance on controls (or desired confidence or assurance level), the tolerable
deviation rate, and the expected population deviation in rate used in the application.
f. The method of sample size determination.
g. The method of sample selection.
h. The selected sample items.
i. A description of how the sampling procedure was performed.
j. The evaluation of the sample and the overall conclusion.
When matters, such as sample size determination or expected deviation rate, are implicit in the tables or forms used
in a firm's sampling approach, those matters need not be separately documented.
SAS No. 110 (AU 318.77) states that the auditor should document the nature, timing, and extent of the further audit
procedures (the test of controls in this instance) and the linkage of those procedures to the assessed risks at the
relevant assertion level.
The nature and extent of documentation are matters for the auditor's judgment in particular circumstances.
Test of Controls in a Single Audit
Circular A133 requires that test of controls over federal program compliance requirements be planned to achieve
a low level of assessed control risk. Note that based on the assumptions described at Exhibit 211 for large
populations, a sample size of 25 with no deviations will at best support an assessed level of control risk of
moderate. To achieve a low level of assessed control, a sample size of 40 with no deviations or 60 with one
deviation is necessary.
Many practitioners have asked if they can use a sample of 25 to test controls. Starting with the information and the
assumptions referred to in the preceding paragraph, the question is: Can a low control risk assessment be
supported with a sample of 25? Note that a determination of a sample size is a matter of professional judgment, and
SAS No.39 does not require the auditor to compare the sample size for a nonstatistical sampling application with
236

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

a corresponding sample size calculated using statistical theory. SAS No. 39 (AU 350.23), as amended by SAS No.
111, states as follows:
An auditor who applies nonstatistical sampling uses professional judgment to relate these factors
in determining the appropriate sample size. Ordinarily, this would result in a sample size compa
rable to the sample size resulting from an efficient and effectively designed statistical sample,
considering the same sampling parameters.
The auditor will need to apply careful professional judgment in reviewing the risk levels and expected deviation
rates in relation to the sample sizes to meet the requirements of Circular A133.
In statistical theory, either the confidence level or the tolerable error rate can be varied in response to the assessed
level of control risk. Or stated differently, as the sample size decreases, either the confidence level decreases or the
tolerable error rate increases for a given level of control risk assessment. Because it does not seem logical for the
risk of assessing control risk too low (risk of overreliance) to be greater than 10% (less than a 90% confidence level),
the question becomes: What is the effect on the tolerable rate? With a sample of 25 and no deviations, you have a
10% risk that the deviation rate will exceed 9%. With one or two deviations, there is a 10% risk that the deviation rate
will exceed 15% or 20% respectively. Based on a 95% confidence level, a sample of 25, and zero, one, or two
deviations, you have a 5% risk that the error rate will exceed approximately 12%, 18%, and 25% respectively.
The maximum rate that is allowable and still assesses the control risk as low is a matter or professional judgment.
It is believed that auditors may make their own judgment and that judgment can vary from situation to situation. For
example, if four procedures contribute to control over a transaction and all four are being tested (by inquiry,
observation, or inspection), it might be reasonable to accept a higher deviation rate for one of the procedures and
still assess overall control risk as low. It would be a matter of judgment and would depend on what the procedures
are, and the nature of the deviation. Just how high the accepted error rate could go is strictly a matter of judgment.
The same rationale may be made for other sample sizes in given situations. It is recommended that practitioners
who wish to know more about sampling, including the determination of sample sizes, should be familiar with the
AICPA Sampling Guide.

TESTS OF COMPLIANCE WITH LAWS AND REGULATIONS
The auditor may combine compliance tests of laws and regulations that involve the inspection of documentation
supporting transactions with tests of details or tests of controls. In other words, a triplepurpose test of transactions
is possible. The auditor selects a sample of transactions and inspects supporting documentation to determine the
following:
a. Recording in the correct amount, account, program or other function, and period.
b. Indications of performance of controls.
c. Indications of compliance with relevant laws and regulations.
When this approach is taken, the sample size should be the largest sample size necessary to satisfy any of the three
purposes of the test.
Auditors must assess the risk of material misstatement resulting from violations of laws and regulations having a
direct and material effect on the determination of financial statement amounts. These laws and regulations can
relate to items such as budgetary compliance, purchasing compliance, and cash and investment compliance,
especially for organizations that receive federal awards. This part of the lesson focuses on testing compliance with
laws and regulations in a Single Audit. However, the approach is based on attribute sampling and may also be used
for other compliance procedures.
Single Audit Requirements
OMB Circular A133, section500(d), describes the single audit requirement for compliance testing in order to
determine whether the recipient has complied with laws and regulations, contracts, and grant agreements that may
have a direct and material effect on each major federal award program.
237

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Both OMB Circular A133 and SAS No. 74, Compliance Auditing Considerations in Audits of Governmental Entities
and Recipients of Governmental Financial Assistance, require the auditor to determine both the known questioned
costs and likely questioned costs associated with audit findings. Determining likely questioned costs may require
projecting the sample results to conclude whether a finding has to be reported in the schedule of findings and
questioned costs. OMB Circular A133 does not require the auditor to report an exact amount or a statistical
projection of likely questioned costs. Instead, the auditor should report an audit finding when estimated likely
questioned costs exceed $10,000.
Sample Size Considerations in Single Audits. Paragraph 10.33 of the GAS/A133 AICPA Audit Guide explains
that in determining the nature, timing, and extent of tests to perform, the auditor should exercise professional
judgment regarding the appropriate level of detection risk to accept. In applying judgment, be aware that small
sample sizes for tests of details with a low dollar value and from a large population generally do not, by themselves,
provide sufficient appropriate evidence."
Paragraph 10.41 of the GAS/A133 AICPA Audit Guide explains that when planning to test a particular sample of
transactions, the auditor should consider the specific audit objective to be achieved and should determine that the
audit procedure, or combination of procedures, will achieve that objective. The size of a sample necessary to
provide sufficient appropriate audit evidence depends on both the objectives and the efficiency of the sample.
Although the auditor is required to obtain sufficient appropriate audit evidence to support an opinion on com
pliance for each major program, there is no requirement to use a separate sample for each major program.
However, Paragraph 10.44 of the GAS/A133 AICPA Audit Guide explains that it is preferable to select separate
samples from each major program because the separate sample provides clear evidence of the tests performed,
the results of those tests, and the conclusions reached." If audit samples are selected from transactions for all major
programs, the audit documentation should clearly indicate that the results of such samples, together with other
audit evidence, are sufficient to support the opinion on each major program's compliance.
Requirement for Representative Number. The OMB CircularA133 Compliance Supplement (Compliance Sup
plement) uses the phrase select a sample" for testing transactions at various locations. SAS No.39, as amended
(AU350.24) requires that a sample be a representative sample (that is, the sample items should be selected in such
a manner that all items have an opportunity to be selected). The auditor should select a representative number of
transactions from each major program but is not required to select separate samples from each major program.
Agency and IG Concerns about Sample Size. As federal awarding agencies and their offices of the Inspector
General (IG) review audits performed under OMB Circular A133, the size of audit samples for tests of compliance
is a frequent cause for concern. In some cases, IGs have concluded that the small size of the sample selected and
tested may not have been sufficient to support an opinion on compliance. The Report on National Single Audit
Sampling Project" highlighted sampling techniques, which would include selection of appropriate sample sizes, as
a problem area that affects the overall quality of single audits. This concern was reiterated in other meetings
attended by representatives of federal agencies, federal IGs, program personnel, the AICPA, GAO, OMB, state
auditors, and practitioners. Auditors should be aware of such concerns and any audit alerts or other reports issued
by IGs or other federal agency representatives that provide guidance or comments concerning audit sampling, as
well as other issues.
Factors That Affect Sample Size. CircularA133 at section525 (the paragraphnumbers are indicated) states that
selecting the test of transactions should be based on the auditor's professional judgment considering such risk
factors as the following:
Size of Program. The larger or smaller the amount, the greater or lower the risk. [Sec.525(d)(4)]
Program Maturity at the Federal Agency. The newer the program, the greater the risk. Also, significant
changes in the law, regulations, or the provisions of contracts or grant agreements may increase risk.
[Sec.525(d)(2)]
Program Maturity at the Auditee. The risk may be higher in the first and last year of a program due to the
peculiarities related to startup and closeout of program activities and staff. [Sec.525(d)(3)]
Complexity. The more complex the program (eligibility, calculations, etc.), the greater the risk. The simpler
the program, the less the risk. [Sec.525(d)(1)]
238

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Extent of Contracting. The greater the amount of program contracting for goods and services, the greater
the risk. [Sec.525(d)(1)]
Use of Subrecipients. When significant parts of a federal program are passed through to subrecipients, a
weak system for monitoring subrecipients would indicate higher risk. [Sec.525(b)(1)(ii)]
Level of Oversight. The greater the level to which the program is subject to review or other forms of
independent oversight, the lower the risk. Recent oversight that disclosed no significant problems would
boost the lowrisk assessment. Recent oversight that disclosed significant problems would indicate higher
risk. [Sec.525(c)(1)]
Prior Audit Findings. Prior audit findings relative to the program may indicate a higher risk, particularly when
the situation identified in the audit findings could have a significant impact on the program or have not been
corrected. [Sec.525(b)(2)]
Report on National Single Audit Sampling Project. In June 2007, the President's Council on Integrity and
Efficiency (PCIE) and the Executive Council on Integrity and Efficiency (ECIE) released the Report on National
Single Audit Sampling Project" (the Report). Among the Report's findings was that inconsistent numbers of
transactions were being selected for testing of internal controls and compliance testing for the allowable costs/cost
principles compliance requirement. In addition, many auditors did not document the number of transactions and
the associated dollars of the universe from which the transactions were dawn.
The Report discusses a need to provide for consistency in sample sizes and recommends that OMB and AICPA
guidance be amended to require that compliance testing in Single Audits be performed using sampling in a
manner prescribed by SAS No. 39, as amended. Among other things, the Report also recommends specific
documentation requirements and indicates that guidance should include examples that illustrate proper documen
tation based on real compliance requirements and situations typically encountered when performing a Single
Audit. The Report is available at www.ignet.gov/pande/audit/NatSamProjRptFINAL2.pdf.
The AICPA and OMB (in conjunction with PCIE) have each formed task force groups to respond to the Report's
recommendation to provide more specific guidance for auditors on sampling in single audits. According to the
AICPA Audit Risk Alert, Government Auditing Standards and Circular A133 Developments 2008, it is expected this
guidance will be incorporated as a new chapter in the 2009 edition of the GAS/A133 AICPA Audit Guide. These task
force projects could result in revisions to OMB requirements, the GAS/A133 AICPA Audit Guide, and other
standards, regulations, and guidance. Auditors should be alert for further developments in this area.
Practical Guidance on Sample Size
The PPC approach described earlier is also a practical approach to determine a sample size for testing compliance
in a Single Audit. The approach is the same as that summarized at Exhibit 25 and explained in the paragraphs
preceding the exhibit with one difference. Instead of using a tolerable misstatement a tolerable noncompliance is
used. For purposes of auditing federal award programs, planning materiality and tolerable noncompliance are
estimated at five percent of federal program expenditures instead of using the tables typically used in a financial
statement audit. This approach will result in maximum sample sizes of 38, 46, and 60items (assuming the
population is stratified), based on the auditor's assessment of the combined risk of material noncompliance as low,
moderate, or high, respectively. (The sample sizes will be less if other audit procedures are also performed that
lower the risk.)
This approach to performing substantive tests of compliance is adapted from the AICPA Sampling Guide and is
based on the statistical theory of MUS (PPS) sampling. Exhibit 212 outlines the steps to applying this sampling
method. The auditor's consideration for each step is discussed in the paragraphs following the exhibit.

239

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 212
Steps for a Nonstatistical Sampling Approach
to Substantive Tests of Compliance
Step Description

Required Result

1. Assess appropriate level of tolerable noncom
pliance.
2. Assess the risk of material noncompliance.
3. Use the table in Exhibit 214 to determine a risk
factor.
4. Estimate population balance after removal of items
to be examined 100% (individually significant
items).
5. Consider the amount of expected likely noncom
pliance in the population to be sampled.
6. Estimate the sample size using the following
formula:
Dollar value
of remaining
population (step 4)
Risk factor
(steps 2 and 3)
Tolerable
noncompliance
(step 1)
7. Adjust sample size for lack of stratification in the
sample, if applicable.
8. Adjust sample size for items previously tested.

*

*

Tolerable noncompliance amount (normally
calculated as 5% of total program expendi
tures).
One of three qualitative levels of risk high,
moderate, or low for each of the categories of
risk assessment.
A factor between 1.9 and 3.0.
Quantified amount.
If expected noncompliance exceeds 1/3 of
tolerable noncompliance, sampling normally
should not be used.

Sample size

Possible sample size increase.
Possible sample size decrease.

*

Step 1 Assess Tolerable Noncompliance. The amount that should be used for tolerable noncompliance (ques
tioned costs) is normally 5% of total expenditures for the program.
Step 2 Assess the Risk of Material Noncompliance. The risk of material noncompliance (questioned cost) is
the combination of inherent risk and control risk. Exhibit 213 shows how the assessments of inherent risk and
control risk may be combined to determine the risk of material noncompliance (questioned costs). Documentation
of the assessment of the risk of material misstatement should be done whenever sampling methods are used.
Exhibit 213
Combined Risk of Material Noncompliance
Control Risk Assessment

Inherent
Inherent Risk
Assessment

High

Moderate

Low

High

High

High

Moderate

Moderate

Moderate

Low

Low

Low

Low

Low

Low

*

*
240

*

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Theoretically, the auditor should assess the risk of material noncompliance of the population to be sampled (that is,
the balance of program expenditures excluding individually significant items). However, in sampling applications,
the risk of material noncompliance for the program normally is a reasonable approximation of the risk of material
noncompliance of the remaining balance. Because the risk of material noncompliance in the remaining balance is
almost always equal to or less than the risk for the entire program, using the risk of material noncompliance for the
entire program is both reasonable and conservative.
Step 3 Identify a Risk Factor. Using the table presented in Exhibit 214, identify a risk factor based upon the
auditor's assessment of the program's combined risk of material noncompliance. The factors in the table corre
spond to levels for the risk of incorrect acceptance:
Exhibit 214
Table for Determination of Risk Factor
Risk of Material
Noncompliance

Risk Factor

High

3.0

Moderate

2.3

Low

1.9

*

*

*

Step 4 Estimate Remaining Population. The next step is to determine the dollar amount of items to be sampled
by reducing the total amount of the balance or transaction class (for example, total major program expenditures) by
individually significant items. As explained earlier, an item may be individually significant because of its nature or
size. Generally, the most efficient approach is to identify individually significant dollar items as all items greater than
or equal to tolerable noncompliance divided by the applicable risk factor as determined in Step 3. That is, the
fewest total number of items will be tested when individually significant dollar items are defined as tolerable
noncompliance divided by the applicable risk factor. Oftentimes, however, the efficiency gained between using
onethird, onehalf, or some other fraction of tolerable noncompliance is minimal. Consequently, it is recommended
that individually significant dollar items be defined as all items greater than or equal to onethird of tolerable
noncompliance. However, the cutoff amount for individually significant dollar items can be any amount up to
tolerable noncompliance. The choice of a cutoff amount is a matter of efficiency.
Step 5 Consider Expected Noncompliance. The last step before determining the sample size is to consider the
amount of expected likely noncompliance in the population to be sampled based on the auditor's knowledge of the
population and prior experience. If the amount of likely (i.e., projected) noncompliance is expected to exceed
onethird of tolerable noncompliance, sampling normally is not appropriate.
Step 6 Estimate Sample Size. To calculate the sample size, divide the total of the population to be sampled
(account balance or transaction class less individually significant items) by tolerable noncompliance, and multiply
that result by the risk factor determined in Step3.
Step 7 Increase Sample Size for Lack of Stratification. This sampling approach depends on dividing the items
being tested into at least three groups: individually significant items and an upper and lower group of remaining
items. If the auditor finds it impractical to stratify after identifying individually significant items, the sample size
calculated in Step6 must be increased. It is recommended that sample size be increased approximately 20% if
stratification is not practical, and there is not a significant variation in the items being sampled.
Step 8 Adjust Sample Size for Items Tested. The sample size calculated in either Step6 or Step7 should be
reduced for the items selected, and tested for compliance, as part of the financial statement audit and for those
items selected for tests of controls that were also tested for compliance in a dualpurpose test.
241

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

All items of noncompliance identified in either the items tested for financial statement audit purposes, items
selected for tests of controls that were also tested for compliance, or the remaining items tested for compliance
must be included when projecting noncompliance.
Alternative Guidance on Sample Size
A practical alternative approach to determining sample size has been developed. Essentially, it involves a choice
between a sample size of 25 and 60. A sample size of 25 is approximately a 10% tolerable rate and a 10% risk of
assessing control risk too low (risk of overreliance). A sample size of 60 is approximately a 5% tolerable rate and a
5% sampling risk. This sampling approach is useful when the concern is with the rate of a characteristic rather than
a dollar amount. The analogous statistical approach for this type of sampling is attribute sampling. This seems
appropriate for tests of compliance with laws and regulations in a Single Audit because the auditor is more
concerned with the rate of noncompliance than the dollar amount (that is, all instances of noncompliance detected
are reported), and the effect on the financial statements depends on grantor agency action and not the dollar
amount of noncompliance. Documenting such a sample is recommended.
Selecting the Sample. Sample selection will generally be made from each major program's transactions. The
auditor should be alert, however, for those instances where selection of only one sample from all major program
transactions would be appropriate. The GAS/A133 AICPA Audit Guide discusses sample selection in Paragraph
10.44, which states:
Experience has shown, however, that it is preferable to select separate samples from each major
program because the separate sample provides clear evidence of the tests performed, the results
of those tests, and the conclusions reached. If the auditor chooses to select audit samples from
the entire universe of major program transactions, the auditor should prepare the audit
documentation such that it clearly indicates that the results of such samples, together with other
audit evidence, are sufficient to support the opinion on each [emphasis added] major program's
compliance.
Evaluating Sample Results. When testing compliance in a Single Audit, the auditor is concerned not only with the
dollar amount of noncompliance but also the rate of noncompliance in the population. Therefore, the auditor
should consider not only the dollar amount of questioned costs but also the number of items of noncompliance
identified. Even though the dollar value of questioned costs may be insignificant, if it results from numerous
instances of small dollar items of noncompliance, the auditor should consider the overall effect on determining
whether the program is or is not in compliance. The qualitative aspect of the instances of noncompliance should
also be considered.
Considering Qualitative Characteristics. Size or frequency of noncompliance in a sampling application are not
the only factors that should be considered. An auditor should consider the following qualitative aspects of the
noncompliance (questioned costs):
a. The nature and cause of any questioned costs:
(1) Do the questioned costs result from an error (unintentional) or is it from a possible fraud (intentional)?
(2) If the noncompliance is the result of an error, is it due to misunderstanding of instructions or
carelessness?
b. The possible relationship of questioned costs to other phases of the audit.
Projecting Sample Results. SAS No. 39, as amended, (AU 350.26) states, The auditor should project the
misstatement results of the sample to the items from which the sample was selected. . . " OMB Circular A133 and
SAS No. 74 also require the auditor to determine the amount of likely questioned costs associated with audit
findings. These requirements are met by projecting the amount of questioned costs found in the sample. In
evaluating the sampling results in a Single Audit, the auditor compares total projected questioned costs for each
major federal award program to the amount of questioned costs considered material for that program and
considers the risk that such result might be obtained even if the amount of questioned costs exceeds the amount
considered material (i.e., sampling risk).
242

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

If the auditor determines that the projected amount of questioned costs are material to the individual program or
that sampling risk is unacceptable, the auditor's report should be modified. The auditor's estimate of projected
costs is also necessary to determine whether a finding must be reported in the schedule of findings and questioned
costs because likely questioned costs in excess of $10,000 trigger reporting of known questioned costs for the
particular compliance requirement. Even though the auditor is required to project the questioned costs identified
from the items sampled to the population as a whole, only the known questioned costs in the items tested need to
be reported in the schedule of findings and questioned costs. Also, the scope of the audit is not required to be
expanded. However, the auditor must consider the potential effect of the questioned costs in reporting on the
entity's financial statements and on compliance of the individual financial award programs.
Documenting the Sampling Application. Although SAS No. 39 does not impose specific documentation require
ments for audit sampling, SAS No. 103 (AU 339.03) requires that audit documentation be sufficient to provide a
clear understanding of the work performed (including the nature, timing, extent, and results of audit procedures
performed). In other words, the audit documentation should show that SAS No. 39 has been complied with. The
lack of documentation of sampling is one of the most common topics in letters of comments for peer reviews and
findings in quality control reviews. Both AICPA standards and the Yellow Book state that the audit documentation
should be sufficient to enable an experienced auditor with no connection with the audit to understand the nature,
timing, extent, and results of the audit procedures performed. In addition, SAS No. 103 states that documentation
of audit procedures, including those involving sampling, should include identifying characteristics of the specific
items that were tested. This requirement specifically includes tests of the operating effectiveness of controls and
substantive tests of details involving inspection of documents. Thus, audit documentation should document all
important aspects of the engagement, including the sampling and other selection criteria used, and should be
sufficiently detailed to permit reasonable identification of the work done and conclusions reached.
Circumstances Indicating a Need for Statistical Sampling
In certain circumstances, the auditor will not be able to follow the alternative guidance on sample size. One such
circumstance is the auditor's expectation for high rates of deficiencies in samples. The sample sizes of 25 or 60 are
appropriate for the conditions indicated when few or no deficiencies are expected. When the auditor expects to find
many deficiencies, it may be advisable to use statistical sampling with relatively large sample sizes to estimate the
upper limit on the rate or monetary amount involved.

AN EFFICIENT APPROACH TO TESTS OF TRANSACTIONS USING
ATTRIBUTE SAMPLING
For some nonprofit organizations, tests of transactions may be a common audit procedure. Many nonprofit
organizations use a single cash disbursements system and rely on proper coding of checks to achieve a correct
classification. To test classifications, the auditor may perform a test of transactions to test that aspect of transaction
processing. When the auditor's primary concern in selecting a sample of transactions and applying audit proce
dures to the supporting documentation is to evaluate an aspect of transaction processing such as classification, an
attribute sampling approach may be the most efficient.
Conditions for Using Attribute Sampling Approach
The basic conditions for using an attribute sampling approach are as follows:
a. the audit procedures being applied using sampling are not the only procedures that contribute to achieving
the auditor's objectives (that is, there are other related procedures); and
b. the auditor expects a low rate of monetary misstatement in the transaction class being sampled.
Other Related Procedures. When the audit procedure being applied using sampling is the sole basis for substan
tiating an amount that is a transaction total, the auditor should use the sampling approach described in substantive
tests of details discussed earlier in this lesson. However, if other audit procedures such as analytical procedures
provide persuasive evidence, the auditor's primary concern in testing transactions may be to test some aspect of
transaction processing (such as classification of expenditures). In this case, the auditor may use the attribute
sampling approach described here.
243

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Low Rate of Monetary Misstatement. If many misstatements are expected, the auditor must be concerned with
projecting monetary misstatement to assess whether the misstatement could be material. In that case, the
approach explained in substantive tests of details, or perhaps statistical sampling, should be used. When a low rate
of monetary misstatement is expected and the auditor's primary concern is in making an assessment of the
effectiveness of some aspect of processing, such as coding and classification, an attribute sampling approach as
described in this section may be used. This alternative approach is based on the mathematics of a statistical
attribute sampling plan. An attribute is a characteristic rather than a quantity; it is either present or not present, for
example, compliance or noncompliance with a pertinent control activity. This type of sampling plan can be
appropriate for a test of transactions when the primary concern is with an aspect of transaction processing. In this
case, the auditor is normally primarily concerned with the rate rather than the dollar amount of processing
misstatements. The rationale for concern with a rate rather than a dollar amount is that all transactions of that type
are processed through the same system, and the likelihood of misstatement for a particular transaction is indepen
dent of its size. In that respect, a misstatement is looked upon simply as a deviation.
Sample Size for Substantive Tests of Transactions
Using the underlying theory of an attribute sampling model results in the following:
With a sample of 25, when no deviations are expected or found, there is approximately a 10% tolerable rate
and a 10% risk of assessing control risk too low (risk or overreliance).
With a sample of 60, when no deviations or one deviation is expected or found, there is approximately a
5%8% tolerable rate and a 5% risk of assessing control risk too low (risk or overreliance).
These same sample sizes may be used for a test of transactions when the auditor's primary concern is an aspect
of processing effectiveness. The factors to consider in determining the appropriate sample size for a particular test
are explained in the following paragraphs.
Sample Size of 25. The auditor may use a sample size of 25 for a test of transactions when the basic conditions for
using an attribute sampling approach are met and the same sample is also being used to test controls pertinent to
the aspect of transaction processing being tested, i.e. the procedure is a dualpurpose test.
A sample size of 25 may also be used when the auditor wants to test the same sample of transactions for aspects
of transaction processing, the operating effectiveness of controls, and tests of compliance with funding source
restrictions or laws and regulations. However, the conditions for a sample size of 25 for a test of compliance with
laws and regulations must be met and all the transactions must be pertinent to the grant program.
Sample Size of 60. The auditor should use a sample size of 60 for a test of transactions when the basic conditions
for using an attribute sampling approach are met, but there are no effective controls pertinent to the aspect of
transaction processing being tested. This will be the case when the nonprofit organization has no policies and
procedures pertinent to the aspect of processing being tested, or when past experience, or a sample of 25
transactions in the current audit, indicates a lack of compliance.
This sampling approach is not designed to allow the auditor to project the amount of monetary misstatement in the
population. When deviations are detected, the auditor should make a careful qualitative evaluation of the nature
and cause of the deviation. Generally, a single deviation in a sample of 60 will still allow the auditor to conclude that
processing is effective. However, if two or more deviations are detected, additional procedures will generally be
needed. In some instances, the auditor may be able to identify the transactions that are likely to result in monetary
misstatement and examine those transactions 100%. Otherwise, the auditor should consider using the nonstatisti
cal sampling approach described in substantive tests of details or statistical sampling to estimate the amount of
likely misstatement in the population and evaluate whether the misstatement could be material.

244

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
34. Which of the following is true about using audit sampling in conjunction with tests of controls?
a. Tests of controls using audit sampling have different requirements than tests of details of transactions.
b. A test of controls and a test of details cannot be performed on the same transaction.
c. Audit sampling is often used for tests of controls when a client has no effective policies.
d. The basic approach for applying tests of controls does not change if sampling is used.
35. This course outlines a sevenstep process for performing tests of controls using audit sampling. Put the
following steps in the correct order.
i. Select appropriate tests of controls.
ii. Assess control risk.
iii. Identify suitable controls for testing and, if applicable, related substantive
procedures to be reduced.
iv. Perform tests of controls.
v. Document the conclusions reached and tests performed.
vi. Evaluate results from the tests of controls.
vii. Consider if testing controls is practical.
a. vii, iii, i, iv, vi, v, and ii.
b. ii, vii, iii, i, iv, vi, and v.
c. iii, vii, i, iv, vi, ii, and v.
d. i, iii, iv, vi, vii, v, and ii.
36. Allie uses audit sampling in her tests of controls on a population greater than 200. She uses a sample size of
40. During the test, she discovers one deviation. What level of control risk would be assessed?
a. Low.
b. Moderate.
c. High.
37. In which of these examples does the auditor correctly perform audit sampling procedures related to tests of
controls?
a. Matthew uses block sampling while selecting samples for the tests of controls.
b. Terry finds a document necessary to perform the test missing and counts it as a deviation.
c. Victoria follows the guidance in SAS No. 39 to document her audit sampling procedures.
d. Bob uses a 75% confidence level to calculate the sample size using data extraction software.
38. What is meant by the requirement of SAS No. 39 that states that a selected sample must be a representative
sample?
a. Selection method allowing all items to have the opportunity to be selected.
245

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

b. Selection method of larger samples required when there is a greater risk of misstatement.
c. Selection method must be based on the auditor's professional judgment considering several risk factors.
d. Selection method of small sample size for tests of details with low dollar value and from a large population.
39. JulesLyn is auditing CreationOrg and is calculating sample size for a substantive test of compliance. Total
expenditures for the program are $1,000,000. The inherent risk assessment is low, but the control risk
assessment is high. JulesLyn determined for efficiency reasons to define individually significant items as all
items equal to or greater than 1/3 of tolerable noncompliance. Large dollar items that needed to be looked at
to see if they fall within the range of individually significant items were $10,000; $15,000; $22,000; $28,000; and
$50,000. JulesLyn determined that there was no expectation of noncompliance in the population to be
sampled. She further determined that no adjustments needed to be made for stratification or for items
previously tested. What would her calculated sample size be?
a. 54.
b. 41.
c. 44.
d. 46.
40. When would it be appropriate for an auditor to use an attribute sampling approach in a substantive test of
transactions?
a. This procedure is the sole basis for substantiating the total transaction amount.
b. The auditor wants to assess the effectiveness of an aspect of transaction processing.
c. The auditor expects high rate of monetary misstatement.
d. The auditor is concerned with a dollar amount of transaction misstatement.

246

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
34. Which of the following is true about using audit sampling in conjunction with tests of controls? (Page 229)
a. Tests of controls using audit sampling have different requirements than tests of details of transactions. [This
answer is incorrect. Many times, tests of controls that use audit sampling are tests of details of transactions.
The requirements discussed in SAS No. 39 apply to this type of test.]
b. A test of controls and a test of details cannot be performed on the same transaction. [This answer is
incorrect. A test of details and a test of controls can often be performed simultaneously on the same
transaction.]
c. Audit sampling is often used for tests of controls when a client has no effective policies. [This answer is
incorrect. Audit sampling is generally used for tests of controls that are directed toward operating
effectiveness when the audit client has documentation of the operation of controls.]
d. The basic approach for applying tests of controls does not change if sampling is used. [This answer
is correct. However, though the basic approach does not change, adding audit sampling methods
to the tests of controls means the auditor will have additional matters to consider.]
35. This course outlines a sevenstep process for performing tests of controls using audit sampling. Put the
following steps in the correct order. (Page 229 and Page 230)
i. Select appropriate tests of controls.
ii. Assess control risk.
iii. Identify suitable controls for testing and, if applicable, related substantive
procedures to be reduced.
iv. Perform tests of controls.
v. Document the conclusions reached and tests performed.
vi. Evaluate results from the tests of controls.
vii. Consider if testing controls is practical.
a. vii, iii, i, iv, vi, v, and ii. [This answer is incorrect. Suitable controls must be identified for testing before
considering if testing controls is practical.]
b. ii, vii, iii, i, iv, vi, and v. [This answer is incorrect. Control risk cannot be assessed until after the tests are
performed and evaluated.]
c. iii, vii, i, iv, vi, ii, and v. [This answer is correct. The additional procedures for using audit sampling
methods have been integrated into a stepbystep approach for applying tests of controls.]
d. i, iii, iv, vi, vii, v, and ii. [This answer is incorrect. Control risk must be assessed before the documentation
procedures are performed.]
36. Allie uses audit sampling in her tests of controls on a population greater than 200. She uses a sample size of
40. During the test, she discovers one deviation. What level of control risk would be assessed? (Page 234)
a. Low. [This answer is incorrect. The only way Allie can assess control risk as low with a sample size of 40
is if there are zero deviations. One deviation would have a low control risk if she used a sample size of 60.]
b. Moderate. [This answer is correct. The control risk for this test would be assessed as moderate. If
she had used a sample size of 25, her control risk would be high, and if she had used a sample size
of 60, her control risk would have been low with one deviation.]
247

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

c. High. [This answer is incorrect. With a sample size of 40, Allie would only have to assess control risk as
high if she had two or more deviations.]
37. In which of these examples does the auditor correctly perform audit sampling procedures related to tests of
controls? (Page 234)
a. Matthew uses block sampling while selecting samples for the tests of controls. [This answer is incorrect.
Block sampling means that Matthew has selected all the transactions of the type of transaction he is testing
that occurred for a day, week, or month. This type of sample selection is not appropriate for either tests
of controls or substantive procedures.]
b. Terry finds a document necessary to perform the test missing and counts it as a deviation. [This
answer is correct. When performing tests of controls, the absence of any documents needed to
perform the test means that item is counted as a deviation. This is unique to tests of controls.]
c. Victoria follows the guidance in SAS No. 39 to document her audit sampling procedures. [This answer is
incorrect. SAS No. 39 does not impose documentation requirements. However, Victoria can look to the
AICPA Sampling Guide for suggestions, including documentation of the objectives of the test of controls,
the method for determining sample size, and the method of sample selection.]
d. Bob uses a 75% confidence level to calculate the sample size using data extraction software. [This answer
is incorrect. In generally, a 90% confidence level should be used when data extraction software calculates
the sample size for a test of controls. The upper error limits should then correspond with Bob's planned
assessed level of control risk.]
38. What is meant by the requirement of SAS No. 39 that states that a selected sample must be a representative
sample? (Page 238)
a. Selection method allowing all items to have the opportunity to be selected. [This answer is correct.
The auditor should select a representative sample from each major program.]
b. Selection method of larger samples required when there is a greater risk of misstatement. [This answer
is incorrect. Although Circular A133 at section 525 lists the risk factors that must be considered when
determining sample size, this answer is not the definition of representative sample.]
c. Selection method must be based on the auditor's professional judgment considering several risk factors.
[This answer is incorrect. Circular A133 states that test of transactions selections should be based on the
professional judgment of the auditor taking the risk factors into consideration, however, this answer is not
the definition of representative sample.]
d. Selection method of small sample size for tests of details with low dollar value and from a large population.
[This answer is incorrect. This is not the definition of representative sample. The GAS/A133 AICPA Audit
Guide says that small sample sizes for tests of details with a low dollar value and from a large population
generally do not, by themselves, provide sufficient evidence."]
39. JulesLyn is auditing CreationOrg and is calculating sample size for a substantive test of compliance. Total
expenditures for the program are $1,000,000. The inherent risk assessment is low, but the control risk
assessment is high. JulesLyn determined for efficiency reasons to define individually significant items as all
items equal to or greater than 1/3 of tolerable noncompliance. Large dollar items that needed to be looked at
to see if they fall within the range of individually significant items were $10,000; $15,000; $22,000; $28,000; and
$50,000. JulesLyn determined that there was no expectation of noncompliance in the population to be
sampled. She further determined that no adjustments needed to be made for stratification or for items
previously tested. What would her calculated sample size be? (Page 239Page 241)
a. 54. [This answer is incorrect. This answer comes from using an incorrect risk factor.]
b. 41. [This answer is correct. The answer comes from the formula $900,000 divided by $50,000 times
2.3. Tolerable noncompliance is calculated as 5% of total program expenditures or $1,000,000 times
248

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

.05 equal $50,000. Risk of material noncompliance is moderate when inherent risk is low and control
risk is high. This calculates out as a risk factor of 2.3. One third of tolerable noncompliance is
$50,000 divided by 3 equal to $16,667. There are 3 items that will need to be examined 100%: $22,000
plus $28,000 plus $50,000 or $100,000. The estimated population balance after removal of those
items is $900,000 (1,000,000 less 100,000). The estimated sample size is calculated using the
formula: Dollar value of remaining population divided by tolerable noncompliance times risk factor
or $900,000 divided by $50,000 times 2.3.]
c. 44. [This answer is incorrect. This answer comes from calculating the amount of individually significant
items incorrectly.]
d. 46. [This answer is incorrect. This answer comes from calculating the population balance after removal of
individually significant items.]
40. When would it be appropriate for an auditor to use an attribute sampling approach in a substantive test of
transactions? (Page 244)
a. This procedure is the sole basis for substantiating the total transaction amount. [This answer is incorrect.
This approach should only be used when other procedures (e.g., analytical procedures) also provide
persuasive audit evidence.]
b. The auditor wants to assess the effectiveness of an aspect of transaction processing. [This answer
is correct. When the auditor's primary concern is whether an aspect of transaction processing is
working (such a characteristic is either present or not present), this could be a viable approach,
assuming other conditions are met.]
c. The auditor expects high rate of monetary misstatement. [This answer is incorrect. Attribute sampling
would only be acceptable if a low rate of monetary misstatement were expected by the auditor. If many
misstatements were expected, the auditor would have to be concerned with projecting monetary
misstatement to assess whether it could be material.]
d. The auditor is concerned with a dollar amount of transaction misstatement. [This answer is incorrect. Using
this approach allows the auditor to focus on a rate, not a dollar amount. All transactions of the type being
tested are processed through the same system; therefore, the likelihood of misstatement is independent
of the transaction's size.]

249

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT
Lesson 2 (NPOTG092)
Determine the best answer for each question below. Then mark your answer choice on the Examination for CPE
Credit Answer Sheet located in the back of this workbook or by logging onto the Online Grading System.
22. What piece of authoritative literature provides guidance that most directly affects the extent of audit tests?
a. SAS No. 39.
b. SAS No. 39, amended by SAS No. 111.
c. SAS No. 99.
d. The AICPA Audit and Accounting Guide, Audit Sampling.
23. Define audit sampling.
a. The application of an audit procedure to less than 100% of the items in an account balance or class of
transactions to evaluate some characteristic of the balance or class.
b. Application of an audit procedure limited to a specific group of items in a balance or class of transactions
that share a distinct characteristic.
c. Examining a few transactions in a balance or class of transactions for the purpose of obtaining an
understanding of the nature of the client's operations.
d. Applying audit procedures to one or a few transactions of each type with the purpose of clarifying the
auditor's understanding of the design of the company's internal controls.
24. Which of the following procedures would most likely involve audit sampling?
a. Risk assessment procedures to obtain an understanding of internal control.
b. Tests of automated application controls when effective general IT controls are present.
c. Substantive tests of details of account balances and transactions.
d. Analyses of the effectiveness of access and security controls.
25. The following are steps to an approach for planning the extent of substantive procedures involving tests of
details needed when auditing a nonprofit organization. Arrange them in the correct order.
i.
ii.
iii.
iv.
v.

Determine an amount for the individually significant dollar items.
Determine what procedures, if any, are needed to test the remaining balance.
Calculate the remaining balance.
Assess the appropriate level of tolerable misstatement.
Identify unusual items.

a. v, i, iii, ii, iv.
b. ii, iv, i, v, iii.
c. iii, i, v, ii, iv.
d. iv, i, v, iii, ii.
250

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

26. Match the following unusual items to the appropriate audit area.
1. Accounts receivable

i. Slowmoving large dollar items.

2. Plant, property, and equipment

ii. Large debit balances.

3. Accounts payable

iii. Units with highly volatile values.

4. Expenses

iv. Large credit balances.
v. Vendor accounts in dispute.
vi. Additions involving capitalization of inter
est.
vii. Customers whose names cause a signifi
cant question.
viii. Expense entries that appear to be inap
propriate.

a. 1 viii; 2 ii and i; 3 v; and 4 vi and vii.
b. 1 iv and vii; 2 vi; 3 ii and v; 4 viii.
c. 1 ii and iv; 2 i; 3 vii and iii; 4 vii.
d. 1 vii; 2 viii; 3 i and iv; 4 iii and v.
27. Chelsea has finished examining the individually significant items for her audit engagement, and now must
decide what else, if anything, must be done for the remaining balance. She has assessed the risk of material
misstatement on the remaining balance as low and the individually significant items made up 75% of the
account balance as a whole. Which of the following best illustrates what Chelsea should do next?
a. Chelsea does not need to perform any additional procedures on the remaining balance.
b. At a minimum, Chelsea should scan the remaining balance for any unusual items.
c. Chelsea must perform additional analytical procedures to the remaining balance.
d. Chelsea must apply audit sampling procedures to the remaining balance.
28. Which of the following sampling types can be used for both the statistical and nonstatistical sampling
approach?
i. Random selection
ii. Systematic sampling
iii. Haphazard selection
a. i and ii.
b. i and iii.
c. ii and iii.
d. i, ii, and iii.
251

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

29. Sam needs to select the sample items for his audit sampling engagement using the random selection method.
Which of the following methods should he use?
a. Use several random starts during selection.
b. Use the probability theory.
c. Stratify the population into two equal parts.
d. Create a random number table.
30. In which of the following scenarios has the auditor dealt with audit sampling in tests of details appropriately?
a. Maria determines that the allowable risk should be 5% instead of the 7% she'd originally estimated, so she
increases the required sample size.
b. In Will's audit, a large percentage of the balance could be misstated without causing material
misstatement, so he uses a large sample size to compensate.
c. Dawn includes accounting adjustments in the expected projected misstatement for her audit sampling
engagement.
d. Reginald determines the sample size for his audit sampling engagement using a fixed percentage of the
population.
31. The risk of material misstatement is the combination of what?
a. Tolerable misstatement and inherent risk.
b. Control risk and the risk of incorrect acceptance.
c. Inherent risk and control risk.
d. The risk of incorrect acceptance and tolerable misstatement.
32. Annie uses nonstatistical audit sampling to perform tests of details. Then she estimates the remaining
population. When identifying the risk factor, Annie determines that the risk of material misstatement is moderate
and the risk from assessment of other substantive procedures is low. Annie assesses tolerable misstatement
at $6,000. Use the most efficient method to calculate the cutoff amount for individually significant items.
a. $72.
b. $2,000.
c. $5,000.
d. $6,720.

252

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

33. Mark is contemplating using data extraction software to select his audit sample. What is one advantage Mark
would gain by using data extraction software?
a. He will be able to scan numerically sequenced items to account for their sequence and select the sample
more efficiently.
b. The data extraction software will calculate the sample size and evaluate the sample results more effectively
than Mark could on his own.
c. The data extraction software will verify the completeness of the population, which will save Mark time
during the sampling process.
d. Mark can use the data extraction software to extract unusual and individually significant items from the
population after sampling.
34. Lisa plans to project the misstatement from her audit sampling to the entire populating using the difference
method. The amount of sample misstatement is $300, the amount of sample dollars is $40,000, and the amount
of population dollars is $400,000. The number of sample items Alice used is 100, and the total number of items
in the population is 1,500. Calculate the projected population misstatement.
a. $3,000.
b. $4,500.
c. $80,000.
d. $133,333.
35. Walter must project the misstatement of his audit sampling to the population. When determining the risk of
misstatement, Walter concluded that the greatest risk of misstatement related to the size of the items. What
method should he use to project the misstatement?
a. The ratio method.
b. The difference method.
c. The population approach.
d. Walter can use any method as they generally produce the same results.
36. If an audit included the following amounts, what projected misstatement amount ensures an acceptable level
of sampling risk?
Accounts receivable balance:

$ 500,000

Tolerable misstatement:

$ 50,000

Expected misstatement:

$ 10,000

a. $8,500.
b. $11,000.
c. $16,667.
d. $17,000.
253

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

37. Match the following sampling terms to their definitions as they relate to tests of controls.
1. Deviation

i. Maximum rate of deviations that still support the
planned assessed level of control risk.

2. Tolerable rate

ii. The class of transactions being sampled.

3. Risk of assessing control
risk too low

iii. Departure from a prescribed control policy or
procedure.

4. Expected rate

iv. An auditor's allowable risk of assessing control risk
too low.

5. Population

v. The rate of deviations an auditor expects based on
his or her prior experience and knowledge of the
population's characteristics.

a. 1 v; 2 iv; 3 iii; 4 ii; 5 i.
b. 1 ii; 2 v; 3 i; 4 iii; 5 iv.
c. 1 v; 2 iii; 3 iv; 4 i; 5 ii.
d. 1 iii; 2 i; 3 iv; 4 v; 5 ii.
38. Which of the following is a distinguishing feature of tests of controls that use audit sampling?
a. Deviation from the control must be expressed as a monetary misstatement.
b. Footing will determine completeness of the population from which the sample will be taken.
c. The deviation rate must be related to the risk of monetary misstatement.
d. During the course of the sampling, the remaining population must be stratified.
39. Under SAS No. 103, which of the following should be documented by an auditor performing tests of controls
with sampling?
a. The items tested.
b. The definition of the population.
c. The tolerable deviation rate.
d. The evaluation of the sample.
40. What is the difference in the approach to determine sample size for testing compliance in a federal award
program rather than a financial statement audit?
a. A tolerable noncompliance is used rather than a tolerable misstatement.
b. Results of approach taken with financial statement audit yields sample sizes of 38, 46, and 60 items.
c. Planning materiality and tolerable noncompliance are estimated at 3% rather than 5%.
d. Do not select this answer choice.
254

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

GLOSSARY
Appropriateness: The measure of the quality of audit evidence; its relevance and its reliability in providing support
for, or detecting misstatements in, the classes of transactions, account balances, and disclosures and related
assertions.
Analytical procedures: Evaluations of financial information made by a study and comparison of plausible
relationships among both financial and nonfinancial data. This includes trend analysis, ratio analysis, and predictive
or reasonableness tests.
Audit evidence: Evidence, the third fieldwork standard, requires the auditor to obtain sufficient competent evidential
matter to provide a reasonable basis for an opinion on financial statements. Evidential matter begins with the client's
accounting records; however, the client's accounting records alone are not considered sufficient or competent
enough to support an opinion. The auditor must obtain and analyze evidence from external sources (e.g.,
confirmations) and through personal observation and inspection (e.g., physical inventory), recalculation, inquiry,
reconciliation, and other testing methods to corroborate the accounting records. Evidential matter must be sufficient
(is there enough evidence?) and competent (is it valid and relevant?) enough to withstand the scrutiny of other
auditors or outsiders. The evidence must be convincing enough to enable the outsiders to reach the same conclusion
as the auditor.
Audit sampling: The application of an audit procedure to less than 100 percent of the items within an account
balance or class of transactions for the purpose of evaluating some characteristic of the balance or class, according
to SAS No. 39. Any test that involves application of procedures to less than 100% of the items in the population without
projecting the results to the entire account balance or class of transactions is not audit sampling.
Control risk: The risk that a material misstatement that could occur will not be prevented or detected on a timely
basis by the entity's internal control. It is an element of audit risk.
Deviation: Departure from the prescribed control policy or procedure.
Data extraction software: Some auditors may use data extraction software in audit sampling. The ability of data
extraction software to quickly process large volumes of data can save time spent on sample selection. Data extraction
software can also be used to assist in performing analytical procedures, where it allows the practitioner to analyze
information downloaded from a client's computer system. Procedures such as calculating and sorting percentage
variances in accounts between periods and calculating financial ratios can be performed using data extraction
software, and those procedures can be performed at a detailed level as easily as at an aggregated level, resulting
in a higher level of precision.
Expected rate: The rate of deviations the auditor expects based on prior experience and knowledge of the
characteristics of the population
Flexible timing procedures: Flexible timing substantive procedures can be applied at any time, including an interim
date. These procedures generally consist of examining transactions or gathering information without attempting to
reach a conclusion about an entire account balance as of an interim date. The procedures can be performed through
an interim date and later extended to the balance sheet date. The auditor can then reach one conclusion covering
the balance for the entire year.
General procedures: Procedures auditors are specifically required to perform that do not relate to particular account
balances, such as sending a letter of audit inquiry to the client's lawyer and reading minutes of meetings of directors.
Haphazard sampling: A sampling method in which sampling items are selected in no specific pattern without bias
for or against any items in the population. It can be used for nonstatistical samples if care is taken to be sure no
conscious bias is added to the selection process.
Individually significant items: This term encompasses two types of items in a financial statement component: (a)
individually significant dollar items and (b) unusual items.
255

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Inherent risk: The susceptibility of an assertion to a material misstatement, assuming that there are no related
internal controls. It is an element of audit risk. Inherent risk exists as an inseparable part of certain assertions and/or
account balances or classes (e.g., cash, complex calculations, and accounts dependent on accounting estimates).
Inherent risk may also arise from external factors (e.g., technological obsolescence) or internal factors (e.g., lack of
sufficient working capital).
Interim audit procedures: Procedures performed to arrive at a conclusion about an account balance as of an interim
date. Additional procedures are then performed to extend the interim conclusion to the balance sheet date.
Misstatement: A reported amount that is over (overstated) or under (understated) the actual amount. It may result
from errors (mistakes) or fraud. The objective of the audit is to detect any material misstatements that exist in the
financial statements taken as a whole. Individual misstatements are aggregated and analyzed to determine if the
aggregate is material to financial statement elements and as a whole. Judgments regarding audit risk depend on
the level of misstatement that can be accepted (tolerable misstatement) before the misstatement is considered
material.
Nonstatistical sampling: A sampling technique for which the auditor considers sampling risk in evaluating an audit
sample without using statistical theory to measure that risk. It does not enable the auditor to quantify sampling risk
but can provide sufficient competent evidential matter. It is a plan which does not meet the requirements to be
statistical.
Overall review analytical procedures: A category of analytical procedures identified by SAS No. 56. These are used
in the final review stage of the audit.
Population: In an audit sampling application, the population is usually all items that constitute the account balance
or class of transactions, excluding those items selected for individual testing.
Preliminary analytical procedures: A category of analytical procedures identified by SAS No. 56. These are used
to enhance the auditor's understanding of the client's business and assist in assessing areas of specific risk of
misstatement by identifying unexpected relationships among account balances or the absence of expected
relationships.
Random sampling: A sampling method that provides each item in the population an equal chance to be selected
for both sampling approaches statistical and nonstatistical sampling.
Representative sample: According to SAS No. 39, a sample in which the sample items are selected in such a
manner that all items have an opportunity to be selected.
Sampling unit: The individual items that are subjected to audit procedures and that represent the components of
the population.
Significant risk: Risk that requires special audit attention.
Statistical sampling: A sampling plan in which the laws of probability are used for selecting and evaluating a sample
from a population for the purpose of reaching a conclusion about the population. It allows the auditor to design an
efficient sample, to measure the sufficiency of the evidential matter obtained, and to evaluate the sample results. It
enables the auditor to quantify sampling risk. For a sampling plan to be statistical the sample must be statistically
selected (e.g., using random selection) and the sample results must be mathematically evaluated.
Substantive procedures: Further audit procedures performed for the purpose of detecting material misstatements
at the relevant assertion level. They consist of tests of details and substantive analytical procedures.
Substantive analytical procedures: A category of analytical procedures identified by SAS No. 56. These are used
to obtain audit evidence about potential misstatements.
Sufficiency: The measure of the quantity of audit evidence.
256

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Systematic sampling: A sampling method in which the sampling interval is determined by dividing the population
by the number of items to be sampled. It can be used with nonstatistical or statistical sampling to give every item
in the population an equal chance of being selected if a random start is used. However, it may not produce an equal
opportunity for all combinations of sampling units to be selected unless numerous random starts are made.
Tests of controls: Tests directed toward the design or operation of internal controls to assess their effectiveness in
preventing or detecting material misstatements in a financial statement assertion. They are used to test the specific
controls the auditor would like to use to reduce control risk. The auditor is testing for the number of deviations from
the control (e.g., the number of credit sales invoices that do not show proper credit approval).
Tests of transactions: The auditor's objective in using a substantive test of transactions is to decide whether the total
of a transaction class is materially misstated. The auditor inspects documents supporting recorded transactions to
determine whether transactions are valid, and valued and coded properly (i.e., recorded correctly as to account,
amount, and period).
Tolerable rate: The maximum rate of deviations that would still support the planned assessed level of control risk.
Unusual items: An item that may be individually significant if, because of its nature, it is prone to misstatement or
otherwise requires audit attention, such as related party transactions and negative customer receivable balances.

257

Companion to PPC's Guide to Audits of Nonprofit Organizations

258

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

INDEX
A
ANALYTICAL PROCEDURES
Completeness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Interim testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Types and purposes of analytical procedures
Purposes of analytical procedures . . . . . . . . . . . . . . . . . . .
What are analytical procedures? . . . . . . . . . . . . . . . . . . . . .
What distinguishes substantive analytical
procedures? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

S
SAMPLING
Attribute sampling approach to substantive tests of transactions
Conditions for use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Sample size for . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Authoritative literature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Case studies
Definition and uses of sampling . . . . . . . . . . . . . . . . . . . . . . . . . 197
Determining whether sampling is necessary
Factors to consider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223, 236
Nonsampling approach to substantive procedures . . . . . . . . 203
Nonsampling approach to substantive tests
Considering the need to apply additional audit
procedures remaining items . . . . . . . . . . . . . . . . . . . . . . . . . 205
Identifying individually significant items . . . . . . . . . . . . . . . 203
Relation of types of audit tests to audit sampling
Substantive tests of balances . . . . . . . . . . . . . . . . . . . . . . . . 199
Substantive tests of transactions . . . . . . . . . . . . . . . . . . . . . 199
Tests of compliance with laws and regulations . . . . . . . . . 200
Tests of controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Requirements that apply to all audit samples
Basic requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 212, 214
Choosing a selection method . . . . . . . . . . . . . . . . . . . . . . . 213
Defining the population . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Defining the sampling unit . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Projecting sample results . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Random selection using random numbers . . . . . . . . . . . . 213
Selecting sample items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Substantive tests of details using sampling
Alternative approach for substantive tests of
transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Considering qualitative characteristics . . . . . . . . . . . . . . . . 223
Considering sampling risk . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Planning considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Practical approach to nonstatistical sampling . . . . . . . . . . 218
Projecting the misstatement . . . . . . . . . . . . . . . . . . . . . . . . . 222
Selecting the sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Tests of compliance with laws and regulations using sampling
Alternative nonstatistical sampling approach . . . . . . . . . . 242
Sample size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238, 239
Single Audit requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Statistical sampling, circumstances indicating
need for . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Tests of controls using sampling
Assess control risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Consider whether testing is practical . . . . . . . . . . . . . . . . . 230
Define the population . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Document tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Evaluate results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Expected rate of deviation . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Identifying controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
Risk of assessing control risk too low . . . . . . . . . . . . . . . . . 233
Selecting and performing tests . . . . . . . . . . . . . . . . . . . . . . 231
Single Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Statistical versus nonstatistical sampling . . . . . . . . . . . . . . 234
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Tolerable rate of deviation . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

181
164
157
157
158

AUDIT PLANNING
Fraud, responsibility for . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Timing of substantive tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
AUDIT PROCEDURES
Basic substantive audit procedures
Completeness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Tests of details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
AUTHORITATIVE LITERATURE
AICPA pronouncements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Auditing literature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Single Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

C
CHANGES IN AUDIT REQUIREMENTS
Substantive procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
CHECKLISTS
Sampling planning and evaluation form substantive
tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Test of controls form, sampling planning and
evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
CONFIRMATION LETTERS
Representation letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

D
DATA EXTRACTION SOFTWARE
Sample selection using . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

F
FRAUD
Auditor's responsibility for fraud detection . . . . . . . . . . . . . . . .
Fraud risk assessment
Documenting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Required procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Responding to fraud risk assessment
Addressing the risk of management controls
override . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Effect on audit programs . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Misappropriation of assets, unique considerations . . . . .
Professional skepticism . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Specific responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

175
180
178
178
180
177
177
175

FURTHER AUDIT PROCEDURES
Substantive procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

G

SINGLE AUDIT
Sampling requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

GENERAL RISK ANALYSIS AND INITIAL PLANNING
Fraud risk assessment
Analytical procedures and . . . . . . . . . . . . . . . . . . . . . 162, 163

STATEMENTS ON AUDITING STANDARDS (SAS)
SAS No. 103 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
SAS No. 106 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
SAS No. 110 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
SAS No. 56 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157, 166
SAS No. 85 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
SAS No. 99 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

I
ILLEGAL ACTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
INTERIM TESTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

259

Companion to PPC's Guide to Audits of Nonprofit Organizations
SUBSTANTIVE PROCEDURES
Analytical procedures and accounting estimates . . . . . . . . . .
Analytical procedures and fraud detection . . . . . . . . . . . . . . . .
Corroboration of explanations . . . . . . . . . . . . . . . . . . . . . . .
Analytical procedures and interim testing . . . . . . . . . . . . . . . . .
Appropriate procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Authoritative literature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Changes from previous standards . . . . . . . . . . . . . . . . . . . . . . .
Choosing between analytical procedures and
substantive tests of details . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Considering whether circumstances are favorable
to substantive analytical procedures . . . . . . . . . . . . . . . . . . . . .
Availability of data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Efficiency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Likely cause of potential misstatements . . . . . . . . . . . . . . .
Precision of expectation . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NPOT09

Type of account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Designing effective substantive analytical procedures
First ask management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Identify comparables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Talk to operating personnel . . . . . . . . . . . . . . . . . . . . . . . . . 159
Documenting substantive analytical procedures . . . . . . . . . . . 166
Other types of analytical procedures . . . . . . . . . . . . . . . . . 167
Principal substantive tests of significant assertion . . . . . . 166
Identifying and evaluating significant differences revealed by
substantive analytical procedures
Corroboration of the explanation of the difference . . . . . . 165
Evaluation of the significance of differences . . . . . . . . . . . 165
Nature, timing, and extent of substantive procedures . . . . . . 148
Required in every audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Risk assessment standards requirements . . . . . . . . . . . . . . . . 188
Sufficiency and appropriateness of audit evidence . . . . . . . . 147

164
162
163
164
148
145
148
148
160
160
161
160
160

260

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

COMPANION TO PPC'S GUIDE TO AUDITS OF NONPROFIT ORGANIZATIONS

COURSE 3
Special Accounting and Auditing Considerations for Nonprofit Organizations
(NPOTG093)
OVERVIEW
COURSE DESCRIPTION:

This interactive selfstudy course discusses special accounting and auditing
considerations and is generally relevant to all types of nonprofit organizations; but,
when necessary, distinctions are made between accounting and auditing
considerations that apply to voluntary health and welfare organizations and those
that apply to other nonprofit organizations.

PUBLICATION/REVISION
DATE:

February 2009

RECOMMENDED FOR:

Users of PPC's Guide to Nonprofit Organizations

PREREQUISITE/ADVANCE
PREPARATION:

Basic knowledge of accounting and auditing

CPE CREDIT:

8 QAS Hours, 8 Registry Hours
Check with the state board of accountancy in the state in which you are licensed to
determine if they participate in the QAS program and allow QAS CPE credit hours.
This course is based on one CPE credit for each 50 minutes of study time in
accordance with standards issued by NASBA. Note that some states require
100minute contact hours for self study. You may also visit the NASBA website at
www.nasba.org for a listing of states that accept QAS hours.

FIELD OF STUDY:

Accounting, 4 hrs.; Auditing, 4 hrs.

EXPIRATION DATE:

Postmark by March 31, 2010

KNOWLEDGE LEVEL:

Basic

Learning Objectives:
Lesson 1 Cash, Investments, and Contributions in the Nonprofit Environment
Completion of this lesson will enable you to:
Examine nonprofit client accounting and auditing considerations generally, and identify auditing consider
ations related to cash.
Describe accounting and auditing considerations related to nonprofit clients and investments including those
related to SFAS 124 and SAS 92.
Outline nonprofit client accounting and auditing issues concerning contributions and promises to give,
including debt guarantees, promises to pay in the future, and splitinterest agreements.
Lesson 2 Other Activities Related to Nonprofits and Their Financials
Completion of this lesson will enable you to:
Explain nonprofit accounting and auditing issues associated with program service fees, revenue, and
receivables in exchange transactions.
Examine accounting and auditing issues related to nonprofits that involve donations of services or physical
items such as goods and facilities.
Summarize nonprofit accounting and auditing issues related to program and support services costs and
expenses.
Describe accounting and auditing considerations related to payroll and related liabilities.
261

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Explain nonprofit accounting and auditing concerns related to inventories, and property and equipment.
Outline nonprofit accounting and auditing issues related to other topics such as debt and statement of activities
accounts.
TO COMPLETE THIS LEARNING PROCESS:
Send your completed Examination for CPE Credit Answer Sheet, Course Evaluation, and payment to:
Thomson Reuters
Tax & Accounting R&G
NPOTG093 Selfstudy CPE
P.O. Box 966
Fort Worth, TX 76101
See the test instructions included with the course materials for more information.
ADMINISTRATIVE POLICIES:
For information regarding refunds and complaint resolutions, dial (800) 3238724 for Customer Service and your
questions or concerns will be promptly addressed.

262

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Lesson 1:CASH, INVESTMENTS, AND
CONTRIBUTIONS IN THE NONPROFIT
ENVIRONMENT
INTRODUCTION
This lesson includes various accounting and auditing aspects associated with the cash, investments, and contribu
tions of nonprofit clients. Confirmations, valuations, and consideration of fraud are among the topics discussed.
Learning Objectives:
Completion of this lesson will enable you to:
Examine nonprofit client accounting and auditing considerations generally, and identify auditing considerations
related to cash.
Describe accounting and auditing considerations related to nonprofit clients and investments including those
related to SFAS 124 and SAS 92.
Outline nonprofit client accounting and auditing issues concerning contributions and promises to give,
including debt guarantees, promises to pay in the future, and splitinterest agreements.
The following authoritative pronouncements specifically relate to nonprofit organizations and are referred to
frequently throughout this lesson:
SFAS No.116, Accounting for Contributions Received and Contributions Made (FASB ASC 958605),
requires measuring contributions received and promises to give at their fair value and reporting them as
increases in net assets immediately, even if the donor has restricted their use and the restriction will be met
in a future reporting period.
SFAS No.117, Financial Statements of NotforProfit Organizations (FASB ASC 958205, 958210, 958225,
958720), requires the general purpose external financial statements of nonprofit organizations to consist
of statements of financial position, activities, and cash flows. Voluntary health and welfare organizations
are required to present an additional statement of functional expenses.
SFAS No.136, Transfers of Assets to a NotforProfit Organization or Charitable Trust That Raises or Holds
Contributions for Others (FASB ASC 95820, 958605), as amended, establishes standards for transactions
in which a donor transfers assets to a recipient organization that (a)uses the assets on behalf of or
(b)transfers the assets, the return on investment of the assets, or both, to a beneficiary named by the donor.
It also establishes standards for revocable or reciprocal transfers for similar transactions that are not
contributions.
AICPA Audit and Accounting Guide, NotforProfit Organizations (Audit Guide) (FASB ASC 958), provides
additional guidance in the areas of splitinterest agreements and accounting for contributions that expands
on the original guidance in SFAS No.116.
Responsibility for Fraud Detection
The auditor is responsible for designing the audit to detect material misstatements, whether caused by error or
fraud. The auditor does not routinely select procedures designed specifically to detect fraud in ordinary circum
stances. However, SAS No.99, as amended (AU 316), Consideration of Fraud in a Financial Statement Audit,
requires the auditor to specifically identify and assess risks of material misstatement due to fraud and to respond
to the results of the assessment when gathering and evaluating audit evidence. SAS No. 113, Omnibus 2006,
amended SAS No. 99 to provide a clear link between the auditor's consideration of fraud and the auditor's risk
assessment and procedures in response to those risks by referring to SAS Nos. 109 and 110.
Based on the auditor's assessment of fraud risks, he or she may alter the nature of procedures performed (i.e.,
apply additional procedures designed to detect fraud), or alter the timing or extent of procedures performed. The
263

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

auditor also may require more or different evidence to support material transactions or balances than would be the
case if the auditor did not identify any specific fraud risks. In addition, SAS No. 99 also requires auditors to perform
certain specific procedures to address the risk of management override of controls, including examining the
organization's journal entries and other adjustments, reviewing accounting estimates for bias, and evaluating the
business rationale for significant unusual transactions.
A risk of misappropriation of assets will exist in many nonprofit organizations. However, the auditor is not responsi
ble for immaterial fraud, and many frauds involving misappropriation of assets are not material to the financial
statements. Consequently, auditors need not automatically perform additional procedures related to misappropri
ation simply because a risk of misappropriation exists. The auditor should consider the level of risk that material
misappropriation has occurred.
SAS No. 99 (AU 316.41) requires auditors to ordinarily presume that improper revenue recognition is a risk that may
result in material misstatement of the financial statements due to fraud. In addition, even if the auditor does not
identify specific risks of material misstatement due to fraud, SAS No.99 requires the auditor to perform procedures
to address the risk of management override of controls. The SAS also indicates that account balances or classes
of transactions that are particularly susceptible to manipulation, such as those involving significant estimates or the
application of complex accounting principles, may present risks of material misstatement due to fraud. Auditors
should consider whether it is necessary to identify risks relating to specific operating locations as well as to the
organization as a whole.
Responsibility for Communicating Internal Control Related Matters
SAS No. 112 (AU 325A), Communicating Internal Control Related Matters Identified in an Audit, requires auditors to
report certain matters relating to an entity's internal control that they have identified during the audit. SAS No. 112
describes those matters as significant deficiencies" and material weaknesses." The significant deficiencies and
material weaknesses must be reported in writing to management and those charged with governance. SAS No.
112 notes in AU 325A.02 that the term those charged with governance refers to the individuals or bodies (such as
the audit committee) that have responsibility for overseeing the entity's strategic direction and its obligations
related to accountability, including overseeing its financial reporting process. SAS No. 112 also discusses the form
of reporting when there are significant deficiencies and material weaknesses.
Auditing Fair Value
Recent accounting standards indicate a move to providing more fair value information. Under generally accepted
accounting principles, fair value measurements are used for specific items in the financial statements or, in some
cases, as a comprehensive basis for all items in the financial statements. In addition, GAAP requires disclosures in
several areas, such as investments and derivatives and donated materials and services. Fair value measurements
of assets, liabilities, and components of net assets may arise from the initial recording of transactions and the
subsequent changes in value.
SAS No. 101 (AU 328), Auditing Fair Value Measurements and Disclosures, provides guidance on auditing fair value
measurements and disclosures contained in financial statements. SAS No. 101 provides overall guidance for
auditing fair values, but it does not provide detailed auditing guidance for specific assets, liabilities, transactions, or
industries. For more specific guidance, auditors might also consider other sources such as SAS No. 92 (AU 332),
Auditing Derivative Instruments, Hedging Activities, and Investments in Securities, SFAS No. 144, Accounting for the
Impairment or Disposal of LongLived Assets (FASB ASC 36010), SFAS No. 157, Fair Value Measurements (FASB
ASC 82010), and the AICPA Audit and Accounting Guide, NotforProfit Organizations (FASB ASC 958).
According to SAS No. 101, the auditor should obtain an understanding of the organization's process for determin
ing fair value and assess the risk that the fair value measurement would result in material misstatement of the
financial statements. Some fair values are readily determinable because there are relevant quoted market prices.
For such items, published price quotations in an active market are the best evidence of fair value. When there is no
observable market price or items have characteristics requiring an estimate to be made, a valuation method
acceptable under GAAP should be used.
When a valuation method is used, the auditor considers the appropriateness of the method, including manage
ment's rationale for selecting the method. Auditors may consider whether management has evaluated the range of
264

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

values resulting from different methods and investigated the reasons for the differences. Changes in circumstances
or authoritative literature may require changes in the method used to determine fair value.
The following approaches may be used to obtain evidence supporting a fair value estimate determined using a
valuation model:
Test the client's valuation, including management's assumptions, the valuation model, and the underlying
data.
Develop an independent estimate and compare it to the client's valuation.
Review subsequent events and transactions to corroborate the client's valuation. (However the auditor
should consider only those events or transactions that reflect circumstances existing at the statement of
financial position date.)
When testing the client's valuation or developing an independent estimate based on management's assumptions,
the auditor should evaluate whether management's assumptions are reasonable and not inconsistent with market
information. The auditor considers the source and reliability of evidence supporting the assumptions, pays special
attention to assumptions that are highly sensitive or uncertain and those susceptible to misapplication or bias, and
considers the sensitivity of the valuation to changes in assumptions and market conditions. To be reasonable, SAS
No. 101 (AU 328.36) notes the assumptions, individually and taken as a whole, need to be realistic and consistent
with the following:
The general economic environment, the economic environment of the specific industry, and the entity's
economic circumstances.
Existing market information.
The plans of the entity, including what management expects will be the outcome of specific objectives and
strategies.
Assumptions made in prior periods, if appropriate.
Past experience of, or previous conditions experienced by, the entity to the extent currently applicable.
Other matters relating to the financial statements, for example, assumptions used by management in
accounting estimates for financial statement accounts other than those relating to fair value measurements
and disclosures.
The risk associated with cash flows, if applicable, including the potential variability in the amount and timing
of the cash flows and the related effect on the discount rate.
The accuracy, completeness, and relevancy of the underlying data should also be tested, and the auditor should
ensure the resulting valuation properly reflects both the assumptions and the data. Tests may include verifying the
source of the data, recomputation, and review of information for internal consistency.
The auditor who independently develops assumptions for use in evaluating the client's estimate should still
understand management's assumptions so he or she can assess whether any significant matters have been
omitted and can evaluate any significant differences between management's and the auditor's estimates. This
evaluation also should be performed if the fair value estimate is developed by a valuation specialist.
When auditing fair value disclosures, evaluation of whether those disclosures are in conformity with GAAP ordi
narily involves the same audit procedures used to audit fair value measurements recognized in the financial
statements. If the appropriate fair value disclosure is omitted because it is not practical to determine fair value with
sufficient reliability, information that would be pertinent to such an estimate should be disclosed along with the
reasons why it is not practical to estimate fair value. In that case, the auditor evaluates the adequacy of the
disclosures required in such circumstances.
265

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SAS No. 101 only provides overall guidance regarding auditing fair value measurements and disclosures, and the
auditor should consider other applicable standards for more specific guidance. The more specific fair value
auditing guidance is discussed where applicable throughout this lesson.
Fair Value Accounting Considerations
SFAS No. 157. SFAS No. 157, Fair Value Measurements (FASB ASC 82010), provides a common definition of fair
value, establishes a framework to measure fair value within GAAP, and expands the disclosures about fair value
measurements. The SFAS does not create any new fair value measurements. Instead, it applies under existing
accounting pronouncements that require or permit fair value measurements. When effective, this SFAS will amend
numerous accounting pronouncements throughout the accounting literature.
The new framework SFAS No. 157 (FASB ASC 82010) defines fair value as the price that would be received to sell
an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement
date. That is, fair value is based on an exit price, which may differ from the price paid to acquire the asset or
received to assume the liability (i.e., an entry price). If there is a principal market for the asset or liability, fair value
represents the price in that market.
Fair value should be measured using valuation techniques consistent with the market, income or cost approaches
described in the Statement, consistently applied. The assumptions used should be those that market participants
would use in pricing the asset or liability. Generally, a quoted price in an active market provides the most reliable
evidence of fair value and should be used whenever available. Certain disclosures are required about fair value
measurements, depending on whether the measurements are made on a recurring or nonrecurring basis.
Further Guidance on Fair Value Measurements. To provide guidance on the application of SFAS No. 157, the FASB
has issued three final FASB Staff Positions (FSPs) and an exposure draft of another proposed FSP, as follows:
FSP FAS 1571, Application of FASB Statement No. 157 to FASB Statement No. 13 and Other Accounting
Pronouncements That Address Fair Value Measurements for Purposes of Lease Classification or
Measurement under Statement, was issued in February 2008. It excludes leasing transactions from the
scope of SFAS No. 157.
FSP FAS 1572, Effective Date of FASB Statement No. 157, also issued in February 2008, delays the effective
date of SFAS No. 157 for certain nonfinancial assets and liabilities.
FSP FAS 1573, Determining the Fair Value of a Financial Asset When the Market for That Asset Is Not Active,
was issued in October 2008 in response to the credit crisis of 2008. FSP FAS 1573 addresses the
application of SFAS No. 157 when determining the fair value of financial assets in markets that are not
active.
Proposed FSP FAS 157c, Measuring Liabilities under FASB Statement No. 157, was issued for comment
in January 2008 and would provide further guidance on the fair value measurement of liabilities. As
currently drafted, this FSP would be effective at the later of the beginning of the period in which the entity
adopts SFAS No. 157 or the beginning of the period in which the FSP is issued. The FASB currently expects
to finalize this FSP in the first half of 2009.
Effective Date and Transition. SFAS No. 157 (FASB ASC 82010) is generally effective for financial statements for
fiscal years beginning after November 15, 2007, and interim periods within those years. Earlier application is
encouraged if an entity has not issued financial statements for that year, including interim periods. In February
2008, however, the FASB issued FSP FAS 1572, Effective Date of FASB Statement No. 157, which delays the
effective date of SFAS No. 157 for certain nonfinancial assets and nonfinancial liabilities until fiscal years beginning
after November 15, 2008 (and interim periods within those years). The FSP FAS 1572 deferral does not apply to
financial assets and liabilities or nonfinancial assets and nonfinancial liabilities that are recognized or disclosed at
fair value on a recurring basis (at least annually), and it is not available to entities that have issued financial
statements that reflect the adoption of SFAS No. 157. The FSP provides examples of the types of assets that would
and would not be eligible for deferral. If elected, the deferral must be applied consistently for all nonfinancial assets
and liabilities that are within the scope of FSP FAS 1572, and certain disclosures are required.
266

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

SFAS No. 157 (FASB ASC 82010) is generally applied on a prospective basis as of the beginning of the fiscal year
of adoption. However, as described in Paragraph 37 of SFAS No. 157, the Statement should be applied retrospec
tively as of the beginning of the fiscal year of adoption for certain financial instruments [including split interest
agreements with embedded derivatives accounted for in accordance with SFAS No. 133, as amended (FASB ASC
815)]. The transition adjustment, representing the difference between carrying amount and fair value in the year of
adoption, should be recognized as a cumulativeeffect adjustment to beginning net assets.
It is believed that most financial statements for years ending prior to November 30, 2008 will have been prepared
using the fair value measurement guidance included in the various accounting pronouncements amended by
SFAS No. 157. Thus, this course continues to address the accounting guidance contained in those pronounce
ments while also addressing SFAS No. 157.

267

Companion to PPC's Guide to Audits of Nonprofit Organizations

268

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
1. What additional statement is required in the external financial statements of voluntary health and welfare
organizations versus those of other nonprofit entities?
a. Statement of financial position
b. Statement of cash flows
c. Statement of functional expenses
d. Statement of activities
2. When designing the audit, SAS 99 requires the auditor to:
a. detect misstatements in the financials caused by errors.
b. detect misstatements in the financials caused by fraud.
c. identify fraud risk for individual locations of the organization.
d. address the risk of management override of controls.
3. Which of the following approaches is appropriate to obtain evidence supporting a fair value estimate developed
using a valuation model?
a. Test the client's valuation, ignoring management assumptions.
b. Develop an independent estimate.
c. Review events as of the audit date.
d. Review transactions subsequent to the date of the statement of financial position.
4. For a valuation to be considered, valid assumptions may change, but the method used must be immutable.
a. True
b. False

269

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
1. What additional statement is required in the external financial statements of voluntary health and welfare
organizations versus those of other nonprofit entities? (Page 263)
a. Statement of financial position [This answer is incorrect. A statement of financial position is one of the
components of the external financial statements required for nonprofit entities in general.]
b. Statement of cash flows [This answer is incorrect. A statement of cash flows is a required external financial
statement component of many different types of organizations, including those of voluntary health and
welfare organizations.]
c. Statement of functional expenses [This answer is correct. In addition to those components normally
required for general purpose nonprofit external financial statements, SFAS 117 requires inclusion
of a statement of functional expenses for voluntary health and welfare organizations.]
d. Statement of activities [This answer is incorrect. SFAS 117 requires a statement of activities as one of the
components of general purpose external financial statements for nonprofit entities.]
2. When designing the audit, SAS 99 requires the auditor to: (Page 264)
a. detect misstatements in the financials caused by errors. [This answer is incorrect. The auditor is not
required to detect all errors, only those that cause material misstatements in the financial statements.]
b. detect misstatements in the financials caused by fraud. [This answer is incorrect. The audit should be
designed to detect material misstatements that may be caused by fraud.]
c. identify fraud risk for individual locations of the organization. [This answer is incorrect. The auditor may
choose to design the audit to identify fraud risk for individual locations of the organization in addition to
the organization as a whole, but this is not a requirement of SAS 99].
d. address the risk of management override of controls. [This answer is correct. SAS 99 requires the
auditor to address the risk of management override of controls in a nonprofit client, even if specific
risks of misstatement caused by fraud are not identified.]
3. Which of the following approaches is appropriate to obtain evidence supporting a fair value estimate developed
using a valuation model? (Page 265)
a. Test the client's valuation, ignoring management assumptions. [This answer is incorrect. Management's
assumptions, the valuation model used, and the data underlying the estimate should be considered.]
b. Develop an independent estimate. [This answer is correct. Once developed, this estimate should
be compared to that of the client.]
c. Review events as of the audit date. [This answer is incorrect. Events that reflect circumstances as of the
date of the statement of financial position should be reviewed.]
d. Review transactions subsequent to the date of the statement of financial position. [This answer is incorrect.
Only those transactions that reflect circumstances existing as of the date of the statement of financial
position should be reviewed.]

270

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

4. For a valuation to be considered valid, assumptions may change, but the method used must be immutable.
(Page 264)
a. True [This answer is incorrect. The method used to arrive at a valuation must be reviewed for change
against authoritative literature.]
b. False [This answer is correct. Changes in authoritative literature and in circumstance may require
changes to the valuation method.]

271

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

CASH
Internal Control Considerations
Internal controls such as segregation of duties and safeguarding of cash are the same whether the entity is a
forprofit or nonprofit entity. However, nonprofit organizations have some unique situations that may require
additional internal controls. For example, many private schools have related organizations such as parent associa
tions, alumni associations, and student organizations. The school may serve as an agent for these organizations by
accepting deposits and making cash disbursements on their behalf.
Some nonprofit organizations collect large amounts of cash. Common controls over cash receipts include the
following:
Always using two or more people to collect the cash.
Rotating duties of cash collectors.
Keeping cash within sight of two people until it is locked up.
Having two or more people count the cash.
Separating the access to cash collected and the accounting for the cash as soon as possible.
Auditing Considerations
The accounting and auditing considerations for cash of a nonprofit organization are similar to those for a business
enterprise. Cash usually is not difficult to substantiate, and the auditor's focus is on disclosure of restrictions on
cash and proper classification of cash balances. The auditor of a nonprofit organization usually can expect to find
a greater number of bank accounts and a greater prevalence of restrictions on the use of cash balances than is the
case for a typical small business. This is because nonprofit organizations often maintain separate operating bank
accounts for individual programs. They do so either voluntarily for management or accounting control purposes or
because regulations, contracts, or agreements with funding sources require separate bank accounts or restrict
transfers from such accounts. Also, nonprofit organizations are more likely to have opened or closed bank
accounts during the period. This occurs because programs or agreements with funding sources often require
separate accounts, and various programs may commence or terminate during the period.
Bank Confirmations. The detailed audit work for cash is virtually the same as for a business enterprise of similar
size. The basic approach is to confirm cash balances and apply audit procedures to bank reconciliations using
cutoff bank statements. In applying this approach to a nonprofit organization, however, the auditor must do more
than identify all bank accounts (checking and savings) maintained as of the audit date and at any time during the
period, for example, closed accounts. The auditor also should determine that separate bank accounts required to
be maintained were maintained. Inquiry and review of minutes, contracts, and funding source agreements are
sources of information about bank accounts required and maintained. After identifying accounts for confirmation,
the auditor should identify the accounts for which cutoff bank statements will be requested and cutoffrelated audit
procedures applied. The auditor may not be able to limit cutoffrelated procedures to one primary operating
account as is often the case in a small business audit. The decision about requests for cutoff statements and
cutoffrelated procedures should be based on the size and volume of reconciling items in recent bank reconcilia
tions.
Special Considerations for the Use of Electronic Bank Confirmations. Bank of America announced that it would no
longer respond to paper confirmation requests as of October 1, 2008. Instead, it will only respond to electronic
confirmation requests submitted via a designated thirdparty provider. Such providers serve as intermediaries,
providing secure links between auditors and validated financial institutions. Auditors should be alert for financial
institutions in addition to Bank of America that may choose to only process electronic confirmation requests.

272

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Auditing Interpretation No. 1 of AU 330, Use of Electronic Confirmations (AU 9330.01.08), indicates that electronic
confirmations may be reliable audit evidence. When using electronic confirmations, auditors should consider the
following risks to the reliability of such information:
Response might not be from an authentic source.
Respondent may not be knowledgeable about the information.
Integrity of the transmission might be compromised.
An electronic confirmation can be considered a sufficient, valid confirmation response if the auditor is satisfied that
the:
Electronic confirmation process is secure and properly controlled.
Information is obtained from a third party who is the intended respondent.
Information is a direct communication in response to a request.
In determining whether the electronic confirmation process meets these requirements, the auditor might review an
assurance trust services report or another auditor's report on that process. Typically, the auditor would determine
if the report addresses the three risks noted above. If not, the auditor may perform additional procedures to address
those risks, such as telephoning the sender of the information.
The use of an electronic confirmation process through a thirdparty provider may provide the following benefits to
the auditor:
Provides a secure link to a valid financial institution.
Provides significantly faster response times since the confirmation is received directly by a bank employee
who is designated by the institution to respond to such confirmations.
Removes the possibility of fraudulent or unauthorized recipients or interception of confirmation requests
by the client.
Auditors should consider whether the client's financial institution(s) requires the use of a thirdparty confirmation
service when performing engagement planning. By doing so, the auditor (1) will have appropriate time to learn
about the service, (2) can determine whether the service addresses the risks discussed above, and (3) can discuss
modifications in the confirmation process with the client, as well as any additional fee considerations, if necessary.
The improper use of paper confirmation requests in such situations may result in delays in completing the
confirmation process and finalizing the audit. Bank of America and numerous other financial institutions have
designated Capital Confirmation, Inc. as the thirdparty provider for submitting electronic confirmation requests.
Bank Reconciliations. As part of an effort to reduce bank fees, some nonprofit organizations choose not to have
their bank return cancelled checks to the organization along with the monthly bank statement. Frequently, the
auditor will use cutoff bank statements and cancelled checks while examining bank reconciliations. Also, cancelled
checks are occasionally examined as support for transactions in other audit areas. In these circumstances, the
auditor should have the nonprofit organization communicate with appropriate bank personnel to determine if
special arrangements can be made well in advance to obtain cancelled checks along with the cutoff statement.
Banks that do not routinely return cancelled checks typically hold the checks or a microfiche copy for a period of
time and may make selected copies available upon request. As the need arises during the audit, the auditor may
also be able to request copies of specific checks paid by the bank during the year.
If the auditor cannot obtain checks, the following alternative procedures may provide satisfactory evidence about
disbursements:
a. Some banks list the payee on the bank statement as well as the check number, amount, and date paid.
This detail may provide sufficient evidence of the actual payee listed in the nonprofit organization's records.
273

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

b. The details of the disbursement can be confirmed with the payee if neither the check nor a sufficiently
detailed bank statement is available and the auditor wants evidence independent of the nonprofit
organization's records.
c. The auditor may be able to rely on a combination of data on the bank statement (check number, amount,
and date paid), the nonprofit organization's internally generated information about the disbursement, and
the organization's control activities related to disbursements such as the following:
(1) Use of prenumbered checks and numerical control of checks used.
(2) Recording of check numbers in the disbursements journal.
(3) Designation of authorized check signers.
(4) Restricted access to checks and signature plates.
(5) Approval of payments, signing of checks, and timely preparation of bank reconciliations by persons
other than the one who prepares checks and posts disbursements to the accounts.
In auditing the bank reconciliations of a nonprofit organization, the auditor should give heightened attention to the
possibility that interbank transfers may be in violation of funding source restrictions. Also, the auditor should
consider the propriety of the financial statement classification of cash balances and should consider the adequacy
of disclosure of restrictions, for example, restrictions on withdrawal or minimum balance requirements related to
funding source agreements or loan agreements. In addition, the auditor will need to send separate letters, signed
by the client, to the financial institution official responsible for the financial institution's relationship with the client for
confirmation of certain types of transactions and arrangements such as contingent liabilities, compensating bal
ance arrangements, and lines of credit. The auditor should be aware that sole reliance on a standard form to satisfy
the completeness assertion is unwarranted. Additional information can be obtained by inquiry of client personnel
and review of minutes, contracts, funding source agreements, etc.
Concentration of Credit Risk Disclosures. In addition to disclosures regarding restrictions on cash, the auditor
should consider the need for disclosures about concentrations of credit risk for cash deposits. Cash deposits with
banks, brokerdealers, and other financial entities are financial instruments with credit risk. SFAS No.107, as
amended (FASB ASC 82510), Disclosures about Fair Value of Financial Instruments, requires significant concentra
tions of credit risk to be disclosed at each date for which a statement of financial position is presented. Although not
defined by SFAS No.107 (FASB ASC 82510), it is believed that whether concentrations of credit risk are significant
should be evaluated in the context of the maximum loss that could result. Thus, it is believed that the authoritative
literature requires disclosure if the concentration is significant, regardless of the likelihood of loss.
Disclosures about concentrations of credit risk for cash deposits should provide information about the credit risk
caused by maintaining cash deposits in financial institutions. Because a financial institution generally has no
responsibility with respect to deposits in transit and in the event of failure may not honor outstanding checks, it is
believed that the credit risk for cash deposits is the balance reported by the financial institution at the statement of
financial position date.
Some deposits with banks are insured by the Federal Deposit Insurance Corporation (FDIC), while deposits with
brokerdealers are insured by the Securities Investor Protection Corporation (SIPC). SIPC insurance is more
analogous to FDIC insurance than to private insurance. SFAS No.107 (FASB ASC 82510) does not address
whether the credit risk for cash deposits can be reduced by insurance. Some accountants argue that it should not.
They believe that insurance merely decreases the likelihood of loss, but has no effect on the overall amount of credit
risk (that is, there is still a risk that the insurance may not be collected). While that may be conceptually correct, it
is believed that credit risk for cash deposits should be reduced by amounts that are federally insured. In a technical
practice aid (TIS2110.06), the AICPA stated that bank statement balances in excess of FDICinsured amounts
represent a credit risk, and the uninsured cash balances should be disclosed if they represent a significant
concentration of credit risk. The technical practice aid further states that while a material uninsured cash balance
with a single bank should generally be disclosed, numerous immaterial uninsured cash balances on deposit with
several banks may not require disclosure. Judgment must be used in determining the threshold for significance,
274

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

which will vary with individual circumstances. For example, the financial statement preparer should use judgment
to determine the aggregate materiality of numerous immaterial uninsured cash balances on deposit with several
banks.
Liquidity Restrictions. Nonprofit organizations frequently invest in money market funds and other shortterm
investments. In some instances, there may be restrictions placed on the funds that limit the nonprofit organization's
ability to withdraw its balance (or a portion of its balance) for a period of time. The AICPA has issued a Technical
Practice Aid at TIS 1100.15 that addresses the potential accounting and auditing implications when a fund (or the
fund's trustee) imposes restrictions on a nonprofit organization's ability to withdraw all or a portion of its balance in
a money market fund or shortterm investment. Some of the considerations addressed in the TPA are as follows: (a)
whether the restrictions on the assets keep them from qualifying as cash equivalents or current assets, (b) whether
the restrictions result in risks or uncertainties that should be disclosed in the financial statements, (c) whether the
restrictions could trigger debt covenant violations that result in a reclassification of the debt to a current liability, and
(d) whether the restrictions raise going concern considerations. The TPA is available on the AICPA's website at
www.aicpa.org/download/acctstd/TIS1100_15.pdf.
Counting Cash. Counting cash on hand is more common in the audit of a nonprofit organization than of a business
enterprise of similar size. Nonprofit organizations, particularly certain health and welfare organizations, may rou
tinely keep more cash on hand for uses such as emergency needs of charitable beneficiaries or service recipients.
Also, funding source agreements may require cash counts. However, the auditor should avoid the tendency to
routinely count cash on hand. In deciding whether to count cash, in addition to considering the materiality of the
balance on hand, the auditor should consider the frequency of reimbursement and the volume of expenditures
processed through the fund. Also, the auditor should consider counting cash funds at a preliminary date as a test
of controls to improve audit efficiency. This approach may not reduce total audit hours, but it is still more efficient
because it avoids the busiest part of the engagement when time demands are most severe.
Common Cash Overauditing Tendencies. There is a tendency to overaudit cash because it is easy to test and
also because certain common procedures are often performed out of tradition instead of necessity. The auditor
should design the nature, extent, and timing of substantive procedures based on the assessed risks of material
misstatement at the relevant assertion level and avoid the temptation to apply procedures that are not necessary
given the level of assessed risks.
Common overauditing tendencies include
Counting Cash on Hand. The auditor should avoid the tendency to routinely count cash.
Routinely Requesting Cutoff Bank Statements. Many auditors have historically sent out requests for a cutoff
bank statement along with the confirmation request. However, in many cases, the timing of the audit or
assessed level of risks does not warrant requesting a cutoff bank statement. For many nonprofit
organization audits, the use of subsequent bank statement activity (or in some cases, the client's online
banking services) when performing tracing and vouching procedures will be sufficient. However, when a
cutoff bank statement is not requested, the auditor should be satisfied that subsequent bank statements
that are used have not been altered.
Testing Immaterial Cash Accounts. There is a tendency to perform detail testing of the yearend
reconciliations of all bank accounts. The decision about cutoff testing should be based on the size and
volume of reconciling items in recent bank reconciliations. Sufficient assurance on payroll bank accounts
and other small accounts can generally be obtained by confirming the bank balance and scanning the
reconciling items for unusual entries.
Workpaper Inefficiencies. Often elaborate workpapers (such as interbank transfer schedules) are prepared
out of tradition when they may not be necessary.
Matching of Individual Items on Deposit Slips to Accounts, Fees, or Promises to Give. This procedure is a
traditional fraud procedure to discover lapping. Fraud procedures are not necessary unless they are
performed in response to an identified fraud risk.
275

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Immaterial Reconciling Items. Significant time and effort can be spent trying to determine the cause of many
small reconciling items. If an auditor is satisfied as to the nature of the reconciling item, any concerns over
the cause can be expressed in a management letter. The auditor might also suggest a separate
engagement at a later date to evaluate the causes of any problems with the financial reporting system.
Routinely Performing a Proof of Cash. A proof of cash is a bank reconciliation that includes not only the
priorperiod and currentperiod balances but also reconciles the book receipts and disbursements for the
period(s) with the bank statement(s). A proof of cash can provide evidence about the existence and
completeness assertions for transactions that were recorded on the books or bank statements. However,
many of the other audit procedures described earlier are more efficient and just as effective. A proof of cash
is essentially a fraud procedure aimed at detecting recurring cash defalcations. It should typically be
performed if misappropriation of cash is an identified fraud risk or if there is a high risk of material
misstatement of cash. In such cases, it should be performed for the entire audit period.
Unnecessary Vouching of Transactions. Organizations with endowments or other idle cash may invest in
certificates of deposit and renew them over an extended period. It is usually unnecessary to vouch
certificate transactions, especially if they are confirmed at year end.
Common Cash Underauditing Tendencies. Underauditing tendencies may result from overlooking GAAP and
special nonprofit presentation requirements. Common underauditing tendencies include
Classification Deficiencies. Restricted cash, cash overdrafts, and held checks may not be identified
because of lack of familiarity with the disclosure requirements for these items.
Not Relating Facts to Other Audit Areas. Compensating balances agreements may be overlooked during
cash procedures and also be overlooked during debt procedures. Information regarding interest rates,
balances, and collateral or debt may not be related to corresponding audit work on debt.
Failure to Test Completeness of the Outstanding Check List. The outstanding check lists of major bank
accounts should be tested for completeness. That test is generally accomplished by tracing cancelled
checks clearing in the cutoff bank statement to the outstanding check list. Vouching outstanding checks
(that is, tracing from the bank reconciliation to the cancelled checks) does not test completeness.
Common Cash Fraud Schemes, Symptoms, and Related Audit Responses
Examples of common fraud schemes related to cash and procedures that may be performed in response to those
schemes are provided for both misappropriation of assets (Exhibit 21) and fraudulent financial reporting (Exhibit
22). For misappropriation of assets, Exhibit 21 also lists the symptoms (also called red flags or indicators) auditors
may observe that indicate the presence of a particular fraud scheme. For fraudulent financial reporting schemes
presented in Exhibit 22, symptoms generally relate to fraud risk factors such as the desire to understate unre
stricted net assets to avoid potentially negative effects on fundraising. Those risk factors may provide an incentive
or pressure to manipulate the financial statements.

276

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 21
Common Cash Fraud Schemes, Symptoms, and Related Audit Responses Misappropriation of Assets
Fraud Scheme

Audit Responsesa

Symptoms

Theft of a daily
deposit.

Cash sales or receipts differ from normal or expected
patterns.
Cash deposit totals differ from normal or expected
patterns.
Inventory discrepancies.
Lack of segregation of duties.
Missing deposit slips.
Missing sales invoices.
Unusual journal entries or unusual items on the bank
reconciliation.
Differences between daily list of receipts and deposits
on bank statement.

Compare bank depos
its to cash receipts
records.
Prepare proof of cash.
Review journal entries.
Reviewbank reconcili
ations.

Less cash schemes
(that is, shorting the
deposit).

Less cash on deposit tickets.
Cash sales or receipts differ from normal or expected
patterns.
Cash deposit totals differ from normal or expected
patterns.
Inventory discrepancies.
Unusual reconciling items on bank reconciliations.
Unusual journal entries affecting cash accounts.
Deposits per the bank statement that do not match the
organization's copy of deposit tickets.
Lack of segregation of duties.

Compare bank depos
its to cash receipts
records.
Prepare proof of cash.
Reviewbank reconcili
ations.
Review journal entries.

Note:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*

*

Exhibit 22
Common Cash Fraud Schemes, and Related Audit Responses Fraudulent Financial Reporting
Audit Responsesa

Fraud Scheme
Holding cash receipts records open after the statement
of financial position date or closing cash disbursement
records early.

Inspect deposits and cancelled checks for dates
they cleared the bank and note any unusual
patterns.

Kiting.

Prepare and review interbank transfer schedule.

Improperly accounting for held checks.

Inspect deposits and cancelled checks occurring
around period end for dates they cleared the bank.
Examine support for held checks.
277

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Note:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*

*

Positive Pay. Check fraud can lead to significant losses for nonprofit organizations. One way for organizations to
reduce the opportunity for check fraud is to use a bank service called positive pay. When an organization uses
positive pay, the organization prepares a computer file containing information about the check number, amount,
date, etc. and transmits the file to the organization's bank. The bank then compares all checks presented for
payment to the transmitted file. If the checks do not match the file, the bank does not pay the check and notifies the
organization of the exception. The service can also be structured to consider checks above a certain dollar amount
and/or all stale dated checks as exceptions. The nonprofit organization then has the option of either accepting or
rejecting each exception item. In order to maintain a proper segregation of duties, this decision should be made by
a knowledgeable individual who is not directly involved in the disbursement system. (Once the exception items
have been approved for payment, the nonprofit organization may not be able to recover anything from the financial
institution, even if the item is later determined to be fraudulent.) Each nonprofit organization must decide for itself
whether the additional controls over check fraud outweigh the additional bank processing costs. If the organization
is interested in using positive pay, have it contact its banking representative for additional information on how the
positive pay program works.

278

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
5. Which of the following statements is correct concerning audits of cash in a nonprofit versus a forprofit
environment?
a. Cash is more difficult to substantiate in a nonprofit audit.
b. Nonprofits will probably have more restrictions on the use of cash.
c. Forprofits will usually have more cash account opening and closing activity.
d. Nonprofits generally maintain a control cash account and allocate via a subledger.
6. Which of the following is noted in the text as a common cash overauditing tendency?
a. Classification deficiencies
b. Failure to test outstanding check list completeness
c. Counting cash on hand
d. Not related facts to other audit areas
7. An audit of United Charities reveals the following information concerning cash deposits as of the cutoff date:
cash in FDICinsured bank B1 $320,000; cash in SIPC insured brokerage account S1 $620,000; cash in
FDICinsured banks B2, B3, and B4 $252,000, 254,000, and 253,000 respectively. As of the cutoff date, FDIC
insurance covers $250,000 in aggregate deposits per institution and SIPC insurance covers $500,000 in
aggregate cash deposits per broker. The brokerage company has a sound and longstanding reputation, and
maintains private insurance of $2,000,000 on deposits in excess of SIPC; the private insurance company is
fiscally sound with a longstanding history and a solid reputation. The threshold of significance for materiality
has been determined to be $15,000. Based on the text and TIS 2110.06, what amount of credit risk on cash
deposits should be disclosed in the financials?
a. $70,000
b. $79,000
c. $199,000
d. $690,000
8. According to the text, which of the following may be a symptom of a scheme to fraudulently report by
understating unrestricted cash balances before an upcoming nonprofit fundraiser?
a. Indications of less cash on deposit tickets
b. Accounting for held checks improperly
c. Discrepancies in inventory

279

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
5. Which of the following statements is correct concerning audits of cash in a nonprofit versus a forprofit
environment? (Page 272)
a. Cash is more difficult to substantiate in a nonprofit audit. [This answer is incorrect. Cash is generally not
difficult to substantiate. Proper classification is often a bigger focal point for the auditor.]
b. Nonprofits will probably have more restrictions on the use of cash. [This answer is correct. Funding
sources will often impose regulatory or contract restrictions on the maintenance and use of cash.]
c. Forprofits will usually have more cash account opening and closing activity. [This answer is incorrect.
Nonprofit cash account opening and closing activity will generally be greater because of commencement
and ending of related programs.]
d. Nonprofits generally maintain a control cash account and allocate via a subledger. [This answer is
incorrect. Nonprofits often maintain several cash accounts, each for a separate program.]
6. Which of the following is noted in the text as a common cash overauditing tendency? (Page 275)
a. Classification deficiencies [This answer is incorrect. This may result from lack of familiarity with disclosure
requirements.]
b. Failure to test outstanding check list completeness [This answer is incorrect. This indicates that cancelled
checks have not been traced from the outstanding check list to the cutoff bank statement.]
c. Counting cash on hand [This answer is correct. Because cash is generally easy to substantiate,
counting cash may become a routine audit exercise that may be not always be necessary.]
d. Not related facts to other audit areas [This answer is incorrect. This is considered a common cash
underauditing tendency.]
7. An audit of United Charities reveals the following information concerning cash deposits as of the cutoff date:
cash in FDICinsured bank B1 $320,000; cash in SIPC insured brokerage account S1 $620,000; cash in
FDICinsured banks B2, B3, and B4 $252,000, 254,000, and 253,000 respectively. As of the cutoff date, FDIC
insurance covers $250,000 in aggregate deposits per institution and SIPC insurance covers $500,000 in
aggregate cash deposits per broker. The brokerage company has a sound and longstanding reputation, and
maintains private insurance of $2,000,000 on deposits in excess of SIPC; the private insurance company is
fiscally sound with a longstanding history and a solid reputation. The threshold of significance for materiality
has been determined to be $15,000. Based on the text and TIS 2110.06, what amount of credit risk on cash
deposits should be disclosed in the financials? (Page 274)
a. $70,000 [This answer is incorrect. This answer considers that only the credit risk related to bank account
B1 should be considered.]
b. $79,000 [This answer is incorrect. The amount of private insurance, and the reputation and solvency of the
private insurer indicates a high degree of safety for covered cash deposits in excess of SIPC. Given the
events of late 2008 and early 2009, it has become apparent that such indications cannot be adequately
relied upon. The text indicates that credit risk should be disclosed for privately insured deposits.
c. $199,000 [This answer is correct. FDIC and SIPC insured amounts are federally backed and should
be considered secure. Privately insured deposits ($620,000 $500,000) still present a risk that the
insurance may not be collected. This leaves the issue of the uninsured bank deposits. Individually,
only the $70,000 ($320,000 $250,000) in B1 exceeds the materiality threshold. The technical
280

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

practice aid indicates that material uninsured amounts in a single account should be disclosed,
while immaterial uninsured amounts in numerous accounts may not require disclosure. The text,
however, advises that aggregate materiality of uninsured amounts should be considered and that
professional judgment should be exercised on a casebycase basis when determining the amount
of credit risk subject to disclosure. Given the foregoing, the excess credit risk to be disclosed in the
financials is the sum of the deposits in excess of FDIC and SIPC insurance ($70,000 + $120,000 +
$2,000 + $4,000 + $3,000).]
d. $690,000 [This answer is incorrect. Cash deposits insured by SIPC should be considered analogous to
those insured by FDIC.]
8. According to the text, which of the following may be a symptom of a scheme to fraudulently report by
understating unrestricted cash balances before an upcoming nonprofit fundraiser? (Page 276)
a. Indications of less cash on deposit tickets [This answer is incorrect. This presents the possibility of shorted
deposits and defalcation]
b. Accounting for held checks improperly [This answer is correct. By improperly recording
disbursements for held checks, unrestricted funds are thereby understated in order to avoid
potentially negative effects on fundraising.]
c. Discrepancies in inventory [This answer is incorrect. Inventory discrepancies are more closely associated
with theft or misappropriation of assets.]

281

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

INVESTMENTS
Authoritative Literature
The following pronouncements and interpretative publications provide accounting guidance regarding invest
ments' carrying amounts, income, and gains and losses:
SFAS No.124, Accounting for Certain Investments Held by NotforProfit Organizations (FASB ASC
958320), as amended, provides guidance for all nonprofit organizations. It applies to equity securities with
readily determinable fair values and all debt securities.

SFAS No.133, Accounting for Derivative Instruments and Hedging Activities (FASB ASC 815), as amended,
addresses accounting and reporting requirements for derivative instruments (including certain derivative
instruments embedded in other contracts) and hedging transactions. SFAS No.133, as amended, amends
SFAS No.124 to exclude derivative instruments that would otherwise meet its definition of investments.

SFAS No. 155, Accounting for Certain Hybrid Financial Instruments, amends SFAS No.133 (FASB ASC
815) by allowing an entity to elect the fair value option" for measuring any financial instrument that
previously was separated into a host contract and embedded derivative.
FASB Staff Position (FSP) FAS 1151 and FAS 1241, The Meaning of OtherThanTemporary Impairment
and Its Application to Certain Investments (FASB ASC 958325), addresses determining when an
investment is considered impaired, whether the impairment is other than temporary, and measuring an
impairment loss. This FSP also provides accounting guidance for periods subsequent to the recognition
of an otherthantemporary impairment and requires certain disclosures about unrealized losses that have
not been recognized as otherthantemporary impairments.
The AICPA Audit and Accounting Guide, NotforProfit Organizations (Audit Guide) (FASB ASC 958),
provides guidance for investments not covered by SFAS Nos. 124 and 133 or by SOP 943 by retaining
previously existing guidance until such time as more definitive guidance is issued by the FASB or AcSEC.
The Audit Guide refers to these investments as other investments".

SOP 943, Reporting of Related Entities by NotforProfit Organizations (FASB ASC 958810), applies to
investments in equity securities for which either the equity method or consolidation is appropriate.

SFAS No. 157, Fair Value Measurements (FASB ASC 82010), will amend numerous accounting pronouncements
throughout the accounting literature including SFAS Nos. 124 and 133. In view of the Statement's effective date, it
is believed that most financial statements for years ending prior to November 30, 2008 will have been prepared
using the currently effective fair value measurement guidance, i.e., the guidance presented in the various account
ing pronouncements amended by SFAS No. 157. As a practical matter, with respect to investments, many nonprofit
organizations hold their investments in equity or debt securities traded in active public markets. For these invest
ments, measuring the fair value of investments under the market approach described in SFAS No. 157 is no
different from current practice.
Accounting Considerations under SFAS No.124
Basis of Valuation. SFAS No.124 (FASB ASC 958320) requires organizations to report (a)investments in equity
securities with readily determinable fair values and all investments in debt securities in the statement of financial
position at fair value and (b)realized and unrealized gains and losses in the statement of activities. The Statement
does not address the valuation of any other investments.
Fair Value Measurement and Disclosure Considerations. While SFAS No. 124 is clear that securities within its
scope should be measured at fair value at the end of the reporting period, it does not address whether subsequent
changes in their fair value prior to issuance of the financial statements should be disclosed. SFAS No. 157, Fair
Value Measurements, also does not address the need to disclose subsequent changes in fair value for fair value
measurements. However, AU 560, Subsequent Events, provides relevant guidance as to whether disclosure of
subsequent declines in fair value is required.
282

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

The fair value measurement required by SFAS No. 124 is intended to be a snapshot, generally computed for
marketable equity securities by multiplying the fair value per share by the number of shares. Factors that could
affect the amount realized are not considered. For example, the measurement does not consider control premiums,
blockage factors, or selling costs. Similarly, changes in fair value before the securities are sold are not considered.
There is no implication that the carrying amount of the securities will be realized, and therefore the measurement
does not require disclosure of subsequent changes in the fair value of the securities.
However, subsequent changes may lead to a condition that should be disclosed so the financial statements will not
be misleading. It is therefore the condition caused by the subsequent change in fair value that requires disclosure.
If the change does not cause a condition that requires disclosure, disclosure of the subsequent change is not
required.
To illustrate, assume that a private school maintains a large portfolio of securities and relies on a portion of the
earnings from the portfolio to subsidize annual losses from operating the school. Subsequent to yearend, the
market contracts significantly, but the portfolio is large enough that it will continue to provide enough earnings to
subsidize annual operating losses. The decline in the portfolio's fair value has therefore not led to a condition that
should be disclosed to keep the financial statements from being misleading.
Now change the facts so that the decline was significant enough that earnings from the portfolio will likely not be
sufficient to subsidize annual operating losses for at least the next few years. The school's management has
therefore begun planning a substantial development effort. However, given the general economic conditions,
management believes there is a significant risk the school will be unable to continue operations beyond the next
few years if general economic conditions do not improve. In that set of facts and circumstances, the subsequent
decline in the fair value of the securities has led to a condition that should be disclosed so the financial statements
will not be misleading.
Misappropriation of Securities. A subsequent decline in fair value from changes in market conditions should not be
confused with the subsequent determination that the securities did not exist because of fraud. To illustrate, assume
that prior to issuance of the financial statements, management determined that securities did not exist. Instead, the
entity's investment in the securities had been misappropriated. Since the securities did not exist, they should be
written off as a loss from misappropriation. The loss should be offset by the recognition of a receivable for probable
recoveries, for example, through SIPC or litigation.
Whether the writeoff should be recognized through a charge to the change in net assets of the year depends on
how long ago the investment was misappropriated. For example, if the misappropriation occurred during the
current year, the writeoff should be charged to the currentyear change in net assets. However, if the misappropri
ation occurred during a prior year, the writeoff should be recognized through a restatement of prior years since
reporting the investment in those years was an error.
Fair Value under SFAS No. 157. When effective, SFAS No. 157, Fair Value Measurements (FASB ASC 82010),
amends SFAS No. 124 by providing a common definition of fair value within GAAP. SFAS No. 157 defines fair value
as the price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between
market participants at the measurement date. If there is a principal market for the asset or liability, fair value
represents the price in that market, and, as with SFAS No. 124, transaction costs are not considered. In general, an
investment traded in an active market with quoted market prices will be measured the same under SFAS No. 157
as under the previous definition of fair value in SFAS No. 124. SFAS No. 157 also amends SFAS No. 124 to include
restricted stock with restrictions of less than a year within its scope.
Fair Value Measurement in Inactive Markets. FSP FAS 1573, Determining the Fair Value of a Financial Asset When
the Market for That Asset Is Not Active, clarifies the application of SFAS No. 157 in inactive markets and provides an
example illustrating key considerations in those situations. The FSP clarifies that even in situations where there is
little or no market activity for an asset at the measurement date, the fair value objective discussed in SFAS No. 157
(i.e., the price that would be received in an orderly transaction that is not a forced liquidation or distressed sale at
the measurement date) still applies. It is not appropriate to assume that all activity in markets that are not active
represents forced liquidations or distressed sales, or to automatically assume that transaction prices reflect fair
value. Instead, fair value is dependent on the facts and circumstances and may involve significant judgment. The
FSP discusses relevant considerations when the entity's own assumptions about future cash flows and risk
283

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

adjusted discount rates are used because relevant observable inputs are not available. It also provides guidance
about situations when Level 2 observable inputs require significant adjustment based on unobservable data,
making the result a Level 3 fair value measurement. FSP FAS 1573 states that regardless of the valuation technique
used, appropriate risk adjustments that market participants would make for nonperformance and liquidity risks
should be included. Guidance about using broker quotes as inputs for fair value measurements of financial assets
in inactive markets is also provided by the FSP.
Investment Income and Gains and Losses. Investment income should be reported as an increase in unrestricted
net assets unless the donor or relevant law places restrictions on the income's use. If the income is restricted, it
should be reported as an increase in temporarily or permanently restricted net assets, depending on the nature of
the restrictions. Gains and losses should be reflected as increases or decreases in the unrestricted class of net
assets unless the donor or relevant laws place temporary or permanent restrictions on the gains and losses.
Donorrestricted investment income and gains whose restrictions are met in the same reporting period may be
reported as unrestricted income and gains if the organization reports consistently from period to period, follows the
same policy for reporting donorrestricted contributions, and discloses its accounting policy.
Unless a donor or relevant law directs otherwise, any losses on investments that are donorrestricted for an
endowment fund (that is, permanently restricted) should first reduce temporarily restricted net assets for net
appreciation of the investments in the donorrestricted endowment fund for which donor restrictions have not been
met. Any remaining losses should then reduce unrestricted net assets. Subsequent gains should be recorded as
increases in unrestricted net assets until the total amount of the gains offsets the amount of the losses previously
recorded as decreases in unrestricted net assets. (Effectively, that treatment reinstates unrestricted net assets for
losses recorded in that class of net assets.) Organizations should record gains in excess of that amount in
accordance with donor restrictions.
Some nonprofit organizations have more than one donorrestricted endowment fund. SFAS No.124, Paragraph15
(FASB ASC 958205502), requires disclosure of aggregate deficiencies of all donorrestricted endowment funds.
Therefore, if one endowment has unrealized gains while another has unrealized losses, the nonprofit organization
should account for each donorrestricted endowment fund individually rather than netting the gains of one endow
ment fund with the losses of another endowment.
If investment losses in donorrestricted endowment funds cause the fair value of the endowment's assets to fall
below the amount the donor (or relevant law) requires to be maintained in perpetuity, SFAS No.124, Paragraph 15
(FASB ASC 958205502), requires the nonprofit organization to disclose the total amount of deficiencies in those
donorrestricted endowment funds. The amount disclosed is the sum of any deficiencies in the nonprofit organiza
tion's individual donorrestricted endowment funds, not the net deficiency for the nonprofit organization as a whole.
UMIFA and Other Laws. Laws concerning net appreciation of donorrestricted endowment funds vary from
jurisdiction to jurisdiction. Many states follow the Uniform Management of Institutional Funds Act (UMIFA), although
some follow trust law, other laws, or variations of UMIFA. As a result, auditors should consider the applicable state
law under which the organization operates when determining whether net appreciation of donorrestricted endow
ment funds is available for spending or is permanently restricted. For those states that have adopted it, UMIFA
provides guidance on matters concerning the governance and management of donorrestricted endowment funds.
UMIFA requires the historical dollar amount of a donorrestricted endowment to be preserved. However, UMIFA
states that, absent donor restrictions, net appreciation on a donorrestricted endowment (realized and unrealized)
is spendable. UMIFA also requires an organization's board to exercise ordinary business care and prudence" in
managing funds. Using the ordinary business care provision of UMIFA as a basis, some nonprofit organizations
have taken the position that UMIFA prohibits the expenditure of all income on endowment assets because a
prudent" investor would try to preserve the purchasing power of the investment. In response, the footnote to
Paragraph 8.16 of the Audit Guide (FASB ASC 9582054520), states that legal limitations requiring a board to act
using ordinary business care and prudence when investing funds do not result in extending donor restrictions to
net appreciation. That is, the legal limitations under UMIFA on the use of the appreciation in endowment funds still
allow the nonprofit organization's board to ultimately determine how the appreciation will be used. Accordingly,
unless a donor has explicitly restricted the net appreciation on an endowment fund, it should be reported as a
change in unrestricted net assets if the investment income is unrestricted or as temporarily restricted net assets if
the investment income is temporarily restricted by the donor. Therefore, in the absence of donor stipulations or law
284

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

to the contrary, donor restrictions on the use of income of an endowment fund also extend to the net appreciation
on the endowment fund.
Revisions to UMIFA Now Referred to as UPMIFA. In July 2006, the National Conference of Commissioners on
Uniform State Laws (NCCUSL) approved revisions to the UMIFA and issued a new model act. The new uniform act
is known as the Uniform Prudent Management of Institutional Funds Act (UPMIFA) and is being circulated to each
of the states for possible adoption. The new model law builds upon the principles established by UMIFA with
improvements in the four primary areas. If adopted, UPMIFA would:
a. Provide consistent investment and spending standards to all forms of charitable funds. UMIFA excludes
all trusts, which has led to adoption of additional investment and spending statutes in many states.
b. Strengthen the concept of prudent investing. UPMIFA updates the standards for investment with a more
exact set of rules for investing in a prudent manner.
c. Abandon the use of historic dollar value as a floor for expenditures and provide more flexibility to the
organization in making decisions about whether to expend any portion of an endowment fund.
Expenditures from an endowment fund are permitted to the extent the organization determines that the
expenditures are prudent. The new act also provides an optional 7 percent rule" that presumes
expenditures exceeding seven percent of total return measured by a three year average are imprudent.
d. Provide a process for the release or modification of restrictions on a gift instrument, including specifying
the circumstances when such action may be appropriate if a gift restriction becomes impracticable.
As of the date this course went to press, at least, 25 states have adopted the new model law, and it has been
introduced for consideration in seven other state legislatures. Accountants and auditors for nonprofit organizations
should monitor the progress of UPMIFA through their state legislatures. In August 2008, the FASB issued guidance
for the net asset classification of donorrestricted endowment funds for nonprofit organizations subject to an
enacted version of UPMIFA. State CPA societies, legal counsel, states' attorneys general, and others will also need
to collaborate on a common understanding of the law's impact in their respective states.
FSP FAS 1171. In August 2008, the FASB issued FSP FAS 1171, Endowments of NotforProfit Organizations: Net
Asset Classification of Funds Subject to an Enacted Version of the Uniform Prudent Management of Institutional
Funds Act, and Enhanced Disclosures for All Endowment Funds, to provide guidance for nonprofit organizations
with donorrestricted endowment funds in states that have enacted a version of UPMIFA. According to FSP FAS
1171, the donor's restriction extends to the net appreciation on the endowment fund because the governing board
must consider the duration and preservation of the fund when determining the amount of the fund that must be
retained permanently under UMIFA. Thus, in the absence of explicit stipulations, the portion of a donorrestricted
endowment fund that is not permanently restricted by the donor or by the board, consistent with the relevant law,
should be classified as temporarily restricted net assets (time restricted) until appropriated for expenditure by the
governing board. Once the appropriation has occurred and purpose restrictions, if any, are met the net assets are
reclassified from temporarily restricted to unrestricted net assets.
Investment Expenses. Although SFAS No.117 (FASB ASC 9582254514) generally requires reporting of gross
amounts of revenues and expenses in the statement of activities, investment income may be reported net of related
expenses, such as investment management or custodial fees. The amount of any such expenses must be dis
closed, either on the face of the statement of activities or in notes to the financial statements.
SFAS No.117 (FASB ASC 958225457) requires expenses to be reported as decreases in unrestricted net assets.
Accordingly, some accountants believe that all investment expenses should be classified as decreases in unre
stricted net assets, with appropriate amounts reclassified from temporarily restricted net assets to unrestricted net
assets if a donor restriction was met by the expenditure. It is believed that appropriate investment expenses may be
proportionately netted against investment revenues in the unrestricted, temporarily, and permanently restricted net
asset classes because donor restrictions generally relate to net investment return. (In some cases, however, a
donor may state that investment revenues are not to be used to pay investment expenses. In that event, investment
expenses should be reported as a reduction of unrestricted net assets with no related reclassification from
temporarily restricted net assets.)
285

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Accounting Considerations for Derivative Instruments
SFAS No.133, Accounting for Derivative Instruments and Hedging Activities (FASB ASC 815), as amended,
establishes accounting and reporting standards for derivative instruments and hedging activities. SFAS No.133
amends SFAS No.124 to exclude certain derivative instruments that would otherwise meet the investment defini
tion under SFAS No.124 (FASB ASC 958320154). A summary of the authoritative guidance is provided in the
following paragraphs.
Definition. SFAS No.133 (FASB ASC 815) uses the terms underlyings, notional amounts, and payment provisions
in defining derivative instruments. An underlying is a specified interest rate, security price, commodity price, foreign
exchange rate, price or rate index, or other variable, including the occurrence or nonoccurrence of a specified
event. For example, the prescribed fixed and variable rates are the underlyings of an interest rate swap, and in a
stock option, the underlying is the exercise price. A notional amount is a specified number of currency units, shares,
bushels, pounds, or other units. For example, in an interest rate swap, the notional amount is theamount to which
the two specified rates are applied, and in a stock option, the notional amount is the number of shares. A payment
provision specifies a fixed or determinable settlement to be made if the underlying performs in a specified manner.
An underlying, along with either a notional amount or a payment provision, determines the settlement of a
derivative and, in some cases, whether or not a settlement is required. Therefore, a derivative must have at least
one underlying and at least one notional amount or payment provision (or both).
A derivative instrument is a financial instrument or other contract that has all three of the following characteristics:
a. It has at least one underlying and at least one notional amount or payment provision or both.
b. No initial net investment is required or a smaller investment is required than would be for other types of
contracts that would be expected to have a similar response to changes in market factors.
c. The terms require or permit net settlement; it can be readily settled net outside the contract; or it provides
for delivery of an asset that puts the recipient in a position not substantially different from a net settlement.
However, an issuer of a loan commitment related to the origination of a mortgage loan to be held for sale must
account for the loan commitment as a derivative instrument.
Derivative instruments, however, do not include items such as normal purchases and normal sales, regularway"
security trades (contracts providing for delivery of a security that is readily convertible to cash within customary
timeframes established by marketplace regulations), certain insurance contracts, financial guarantee contracts
with certain characteristics, certain contracts that are not traded on an exchange, derivatives that serve as impedi
ments to sales accounting, investments in life insurance, certain investment contracts [i.e., investment contracts
accounted for under SFAS Nos. 35 or 110 (FASB ASC 960)], or certain loan commitments. In addition, derivative
instruments do not include contracts that are issued as contingent consideration in a business combination.
Embedded Derivative Instruments. Certain contracts that do not meet, in their entirety, the criteria shown earlier
may have embedded derivative instruments; that is, instruments that have implicit or explicit terms that affect some
or all of the cash flows or value of other exchanges required by the host contract, similar to derivative instruments.
Contracts that have embedded derivative instruments (hybrid" financial instruments) may include items such as
bonds, insurance policies, leases, and certain splitinterest agreements.
Unless the organization elects to measure the contract containing an embedded derivative instrument in its entirety
at fair value, it should separate the embedded derivative from the host contract only if all of the following conditions
are met:
a. The economic characteristics and risks of the embedded instrument are not clearly and closely related to
those of the host contract.
b. GAAP does not require the contract (the hybrid instrument) to be remeasured at fair value, with changes
in value reported in the current change in net assets.
286

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

c. It would be subject to the requirements of SFAS No.133 (FASB ASC 815) if it were a standalone contract.
If a debt or equity security investment that would otherwise be subject to the requirements of SFAS No.124 (FASB
ASC 958320) has an embedded derivative within it, the host debt or equity security investment remains subject to
the provisions of SFAS No.124 rather than to the provisions of SFAS No.133 (FASB ASC 815). If an embedded
derivative cannot be reliably identified and measured separately from the host contract, the entire contract should
be measured at fair value with gains or losses recognized in the change in net assets. A type of embedded
derivative unique to nonprofit organizations is a derivative embedded in a splitinterest agreement.
The authoritative literature permits an organization to irrevocably elect to measure at fair value financial instruments
that contain embedded derivatives, including obligations for splitinterest agreements. The election is made on an
instrumentbyinstrument basis and should be supported by concurrent documentation or a preexisting docu
mented policy for automatic election. If an election to measure at fair value is made, the financial instrument is
measured at fair value [that is, without separating into a host contract and a derivative instrument (bifurcating) the
embedded derivative]. An instrument measured at fair value in its entirety may not be designated as a hedge.
Recognition and Measurement. All derivative instruments should be measured at fair value and recognized in the
statement of financial position as either assets or liabilities, depending on the rights or obligations under the
contracts. Changes in the fair value of all derivative instruments should be recognized as a change in net assets in
the period of change.
Disclosures. SFAS Nos.133, as amended (FASB ASC 815), establishes presentation and disclosure requirements
related to derivative instruments and hedging activities. In March 2008, the FASB issued SFAS No. 161, Disclosures
about Derivative Instruments and Hedging Activities. The Statement is effective for years beginning after November
15, 2008. As a practical matter, however, the additional disclosure requirements are not likely to affect most small
and midsize nonpublic entities because their use of derivatives generally is limited to no more than a very small
number of plain vanilla instruments.
Accounting Considerations for Other Investments
Nonprofit organizations occasionally have investments with accounting treatments not covered by the scope of
SFAS Nos.124 (FASB ASC 95830) and 133 (FASB ASC 815). Those investments include, among other things,
certain oil and gas interests, real estate investments, partnership interests, and other alternative investments"
without readily determinable fair values such as hedge funds, private equity funds, venture capital funds, and real
estate funds.
General guidance on accounting for other investments is provided by the Audit Guide beginning at Paragraph 8.35
(also titled Appendix A Measuring Other Investments). The Audit Guide retains certain measurement guidance for
other investments from AVHW, SOP 7810, and the AICPA Industry Audit Guide, Audits of Colleges and Universities,
except as described below. That guidance is summarized in the following paragraphs. Paragraph 8.36 of the Audit
Guide (FASB ASC 958325352) states that to the extent its guidance requires all other investments to be mea
sured using the same measurement attribute, only those other investments for which the organization has not
elected a fair value option in accordance with other authoritative pronouncements are required to be measured
using the same measurement attribute. If the other investment is a derivative instrument that contains an
embedded derivative, it may be measured at fair value. Certain other investments that are financial instruments may
be measured at fair value if the organization elects the fair value option as prescribed by SFAS No. 159, The Fair
Value Option for Financial Assets and Financial Liabilities (FASB ASC 82510).
Paragraph 8.04 of the Audit Guide also indicates that its general measurement guidance for other investments
applies until more definitive guidance is issued by the FASB or AcSEC subsequent to the original issuance of the
Audit Guide in 1996. FSP FAS 1151 and FAS 1241, The Meaning of OtherThanTemporary Impairment and Its
Application to Certain Investments (FASB ASC 95832010), provides such definitive guidance for measuring
impairment of other investments. The Audit Guide further states in Paragraph 8.36 that EITF Consensus Opinions
should be considered in conjunction with the general measurement guidance described in these paragraphs, even
though these statements are lower on the GAAP hierarchy than the Audit Guide. It is believed the EITF Consensus
Positions discussed herein, provide more definitive guidance than the Audit Guide and should be followed when
applicable in lieu of the general measurement guidance.
287

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Voluntary Health and Welfare Organizations. Other purchased investments may be reported at cost, and other
donated investments should be measured at their fair market value at the date of gift. If other investments are equity
securities reported at cost, the guidance herein should be followed to determine if an impairment loss must be
recognized. If other investments are not equity securities and the market value of the portfolio of those investments
is below the recorded amount, according to the Audit Guide, Paragraph8.36:
...it may be necessary to reduce the carrying amount of the portfolio to market or to provide an
allowance for decline in market value. If it can reasonably be expected that the organization will
suffer a loss on the disposition of an investment, an impairment loss should be recognized in the
period in which the decline in value occurs.
The organization is allowed to carry the entire portfolio of other investments at market value, including purchased
investments, provided it values all other investments at market value. The organization cannot choose to carry
some purchased investments, such as real estate, at market value and some purchased investments, such as oil
and gas interests, at cost. The organization is required to disclose the basis used for carrying other investments.
Colleges and Universities. Other purchased investments may be reported at cost, and other donated investments
should be measured at their fair value (or appraised value) at the date of gift, unless there has been an impairment
of value that is not considered to be temporary. If other investments are equity securities reported at cost, the
guidance discussed shortly should be followed to determine if an impairment loss must be recognized. The
organization is allowed to carry the entire other investments portfolio at current market value or fair value, instead
of carrying purchased investments at cost. The organization should apply the same valuation method to all of its
other investments, excluding other investments that the organization elects to measure at fair value.
Other Nonprofit Organizations. Organizations other than voluntary health and welfare organizations and colleges
and universities should carry other investments at their fair value or the lower of cost or fair value. The same
measurement method should be applied to all of an organization's other investments, except for those other
investments measured at fair value. (Thus, for example, it would not be acceptable for an organization to value
some of its investments at the lower of cost or fair value and some of its other investments at fair value.) If other
investments are not equity securities and are carried at the lower of cost or fair value, and the aggregate market
value (that is, the market value of the entire other investment portfolio) is less than the carrying amount, the
organization should recognize the decline. If the aggregate market value recovers in later periods, the organization
should recognize the increase up to the original cost of the other investments. If other investments are equity
securities reported at cost, the guidance below should be followed to determine if an impairment loss must be
recognized.
Investments in Equity Securities That Do Not Have a Readily Determinable Fair Value. Accounting literature
provides only limited guidance on accounting for cost method investments, which include equity securities that (a)
do not have readily determinable fair values and (b) do not qualify for consolidation or the equity method. FSP FAS
1151 and FAS 1241 provides guidance on cost method investments, including determining impairment of
investments, whether impairment is other than temporary, and the measurement of an impairment loss.
If the carrying amount of an investment in equity securities reported at cost exceeds its fair value, an impairment
loss should be recognized unless the impairment is considered temporary. Because the fair value of an investment
in equity securities carried at cost is not readily determinable, however, an organization may not have developed a
fair value estimate. If no fair value estimate has been developed, the organization should evaluate whether events
or changes in circumstances have occurred during the period that would have a significant adverse effect on fair
value, such as (a) a significant deterioration in the investee's financial or operating performance, (b) a significant
adverse change in the investee's regulatory, economic, or technological environment, (c) a significant adverse
change in the investee's industry or geographic market conditions, (d) a bona fide offer to purchase or sell that is
below cost, or (e) significant concerns about the investee's ability to continue as a going concern. If one or more of
those events has occurred, a fair value estimate should be developed and compared to the cost of the investment.
If impairment exists but is considered only temporary, the cost method investment should be evaluated for
impairment each reporting period until an impairment loss is recognized or the investment is no longer impaired.

288

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

When the fair value of cost method investments is less than cost, an evaluation should be performed to determine
if the impairment is other than temporary, which may be indicated by factors such as the following:
It is probable that all amounts due according to the contractual terms of a debt security will not be collected.
An investee experiences a series of operating losses.
There are adverse changes in the present value of current estimated cash flows related to a beneficial
interest.
The length of the time and the extent to which the market value has been less than cost.
The financial condition and nearterm prospects of the issuer of the investment, including any specific
events which may influence its operations.
The intent and ability of the entity to retain the investment for a sufficient period of time to allow for any
anticipated recovery in market value.
If a cost method investment is otherthantemporarily impaired, its carrying amount is reduced to fair value. Also, if
an impaired costmethod investment will be sold shortly after the statement of financial position date and the fair
value is not expected to recover prior to the sale date, the investment should be deemed to be otherthantempo
rarily impaired in the period the decision to sell is made.
Accounting Considerations under the Related Entities SOP
SOP 943, Reporting of Related Entities by NotforProfit Organizations (FASB ASC 958810), allows the market
value of reporting as an option in circumstances in which APB Opinion No.18, The Equity Method of Accounting for
Investments in Common Stock (FASB ASC 32310), would otherwise require the equity method of reporting.
However, this exception is only allowed if the Audit Guide allows the investments to be reported at market value. As
prescribed by SFAS No. 159 (FASB ASC 8251a), an organization might be able to choose the fair value option for
investments that would otherwise be accounted for by the equity method.
Accounting Considerations for Investment Pools
For greater flexibility in managing investments, nonprofit organizations frequently pool their investments. Invest
ments resulting from unrestricted contributions or contributions with temporary or permanent restrictions may be
pooled unless prohibited by donors of specific investments or by regulatory agencies. When investments are
pooled, they lose their specific identification with specific contributions. Thus, the income and realized and
unrealized gains and losses of the investment pool must be allocated to the pool participants. An equitable
allocation requires that investment pools be operated on the market value method. The market value method
assigns a number of units to each pool participant based on the relationship of the individual investments to the
total investments at the time the investments are pooled. Periodically, the pooled assets are valued and new unit
values are assigned and used for valuing additions to, or withdrawals from, the pool by existing members or by new
pool participants entering the pool. Also, interest and dividend income of investments in the pool should be
allocated to pool participants based on the number of units each participant holds. Gains and losses due to market
price changes may be allocated on this basis except when donor restrictions on investment income of a pool
participant require a separate accounting. The pool participants account for their allocated amounts using methods
appropriate for the particular net asset class.
Accounting Considerations for Investment Revenue Recorded on a Total Return Basis
Some nonprofit organizations determine spendable amounts of endowment investment revenue based on a total
return formula. Total return is a concept that focuses on the overall return on investments and includes both
investment income and net appreciation. The total return formula calculates a spending rate" that represents the
percentage of the invested assets available to fund current operations. SFAS No. 117 (FASB ASC 958225455)
requires investment income to be reported as an increase in unrestricted net assets unless restricted by the donor
or by law. However, the Audit Guide, Paragraph 8.22 (FASB ASC 958320501), states that organizations using a
289

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

total return spending rate may segregate their total investment return into operating and nonoperating amounts
(computed using the spending rate) and present the operating portion as operating investment income on the face
of the statement of activities or in the notes to the financial statements.
Internal Control Considerations
It is important that the nonprofit organization's financial reporting system provide for the recording of investments
(whether donated or purchased) and the related investment income, gains, and losses. Controls should be in place
to identify restrictions (for example, temporary restrictions or a permanent endowment) and the nature of the
restrictions (for example, restricted for a donorstipulated program). Organizations also may designate certain
investments for longterm purposes. Controls should be in place to track such designations of otherwise unre
stricted investments. Once restrictions or designations are identified, the organization must also have controls in
place to ensure that compliance with those restrictions is monitored. Organizations should also have controls in
place to identify and properly record and report derivative instruments.
Auditing Considerations
Many auditing considerations and procedures for investments of a nonprofit organization are the same as for the
audit of a business. The auditor obtains evidence about existence and ownership of securities by physical inspec
tion or confirmation; uses vouching and recomputation procedures to test investment transactions during the
period and gains or losses realized on disposition; performs analytical or vouching tests of dividend or interest
income; and refers to published market quotations, estate or gift tax valuations, or appraisals to obtain evidence
about market value and unrealized gains or losses. The additional auditing considerations from SAS No. 92 and a
related interpretation for derivative investments and investments for which a readily determinable fair value does
not exist are discussed shortly.
To test whether the measurement and classification of investment balances and transactions conform to GAAP, the
auditor should consider the nature of the investments. That is, the auditor should consider whether they were
acquired by purchase or donation and whether donor or legal restrictions apply to the use of the investment or
related income, gains, or losses. To do this, the auditor should read the gift or endowment instruments, donation
acknowledgments, and agreements with funding sources; review board of directors' minutes; make inquiries of
management; review evidence of the nonprofit organization's investment policy and authorizations; and perhaps
obtain opinions of legal counsel.
For example, opinions of legal counsel may be necessary if there are questions about legal restrictions on the net
appreciation on investments. Since donor stipulations or law may temporarily or permanently restrict the net
appreciation on investments, the Audit Guide states, in Paragraph 8.34, that auditors should be familiar with the
relevant laws that a nonprofit organization is subject to. For example, in some jurisdictions, unrealized gains are
permanently restricted, whereas in other jurisdictions they are unrestricted. Guidance about applicable state laws
may be available from the various state societies of certified public accountants or from the state attorney general's
office. However, if there is still confusion about the relevant laws or interpretations, the auditor should request the
organization to obtain a legal opinion about the restrictions. If the legal opinion is relied upon, the auditor should
consider the guidance in SAS No.73 (AU336), Using the Work of a Specialist. The auditor should also obtain
management representations about any interpretations that the board of directors made about whether the use of
the net appreciation is limited by relevant laws.
After restrictions on investments, investment income, and net appreciation are determined, the auditor should
review the related transactions for proper accounting treatment. For example, the auditor should review investment
transactions to determine they are recorded as changes in the appropriate net asset classification and that
amounts are properly reclassified within the statement of activities as donorimposed restrictions are met.
To test the valuation of donated securities without readily available market values, a valuation may have to be
obtained from an investment banker or securities dealer. There are several factors to be considered when securities
are valued in good faith." Those factors include the type of security, financial standing of the issuer, availability of
current financial statements, special reports prepared by analysts, existence of merger proposals or tender offers,
reported prices of public trading in similar securities of the issuer or comparable companies, economic conditions
in the company or industry, etc.
290

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

The auditor should use analytical procedures or recalculations to test the equity allocations of investment pools and
valuations of additions to, or withdrawals from, the pool by pool participants and allocations of income, gains, or
losses to pool participants. The auditor should also consider whether any legal or donor prohibitions or restrictions
apply to investments participating in the pool or to the treatment of their share of pool income, gains, or losses.
Opinions or approvals from the nonprofit organization's legal counsel about the propriety of pooling certain
investments may also be reviewed.
Auditing Guidance in SAS No.92. SAS No.92, Auditing Derivative Instruments, Hedging Activities, and Invest
ments in Securities, (AU332) provides guidance for auditing debt and equity securities, investments accounted for
by the equity method, and derivatives and hedging activities. The SAS addresses procedures that can be per
formed to test the existence, ownership, and completeness of investments. The SAS also provides guidance for
testing the fair value of investments and addresses the issue of impairment of investments. The AICPA Audit Guide,
Auditing Derivative Instruments, Hedging Activities, and Investments in Securities, provides guidance for complying
with SAS No.92. The audit guide includes a general discussion of derivatives and securities, related accounting
considerations, and various case studies.
The AICPA has issued an auditing interpretation of SAS No. 92 titled Auditing Investments in Securities Where a
Readily Determinable Fair Value Does Not Exist" (AU 9332.01.04), which provides guidance on auditing the
existence and valuation of alternative investments" such as hedge funds and private equity funds. The interpreta
tion states that receiving a thirdparty confirmation of such investments in aggregate does not provide adequate
audit evidence for either the existence or valuation assertions. A confirmation provided on a securitybysecurity
basis normally would provide sufficient audit evidence as to existence, but would not be adequate audit evidence
in and of itself of the valuation assertion. The interpretation emphasizes that management's responsibility for the
valuation of these alternative investments cannot be outsourced or assumed by an outside party.
The lack of readily determinable fair value information and the limited investment information usually provided by
fund managers present special challenges to the auditor. The AICPA provides a practice aid, Alternative Invest
ments Audit Considerations, which provides nonauthoritative guidance on considerations for auditing alternative
investments, including management representations and financial statement disclosures.
Common Investment Fraud Schemes, Symptoms, and Related Audit Responses
Examples of common fraud schemes related to investments and procedures that may be performed in response to
those schemes are provided for both misappropriation of assets (Exhibit 23) and fraudulent financial reporting
(Exhibit 24). For misappropriation of assets, Exhibit 23 also lists the symptoms (also called red flags or indicators)
auditors may observe that indicate the presence of a particular fraud scheme. For fraudulent financial reporting
schemes presented in Exhibit 24, symptoms generally relate to fraud risk factors such as the desire to understate
unrestricted net assets to avoid potentially negative effects on fundraising. Those risk factors may provide an
incentive or pressure to manipulate the financial statements.

291

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 23
Common Investment Fraud Schemes, Symptoms, and Related Audit Responses
Misappropriation of Assets
Fraud Scheme

Audit Responsesa

Symptoms

Theft of investment or
diversion of income
or gains.

Unexpected or unexplained fluctua
tions in investment balances.
Unexpected or unexplained fluctua
tions in investmentrelated income or
expense accounts.

Confirm with third party and inspect
documents.
Vouch and trace information.
Conduct predictive tests of investment
income or expenses.
Review journal entries.

Borrowing schemes.

Sales of investments from the organiza
tion to an employee.
Securities held by unusual party.
Indications that securities may be
pledged.

Reviewinvestment documents and
records.
Confirm with third party and inspect
documents.
Vouch and trace information.
Conduct interviews.
Review journal entries.

Note:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*

*

Exhibit 24
Common Investment Fraud Schemes and Related Audit Responses Fraudulent Financial Reporting
Audit Responsesa

Fraud Scheme
Recording fictitious investments, or
investments not owned by the
organization.

Confirm with third parties and inspect investments.
Determine the legitimacy and viability of investment custodians.

Failing to record sales of invest
ments.

Confirm with third parties and inspect investments.
Determine the legitimacy and viability of investment custodians.

Misclassifying or misstating the value
of investments.

Review the classification of securities with professional skepticism.
Verify value of securities using published sources or multiple brokers.
Consider whether there has been a nontemporary decline in value for
nonmarketable equity securities and investments accounted under the
equity method.

Failing to disclose liens on securities.

Review collateral provisions of debt instruments and confirm details of
loan agreements with lenders.

Note:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*
292

*

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
9. Which of the following statements is correct concerning valuation reporting requirements under SFAS 124?
a. SFAS 124 requires the reporting of all complex derivatives at fair value.
b. SFAS 124 requires the reporting of all debt instruments at fair value.
c. SFAS 124 requires disclosure of fair value changes after the reporting period.
d. SFAS 124 requires consideration of selling costs in fair value valuations.
10. Which of the following are included within the scope of SFAS 124 or SFAS 133 for a nonprofit organization?
a. Investments in a venture capital fund
b. Investments in a real estate limited partnership
c. Investments in publiclytraded common stock
d. Investments in a private equity fund
11. Who bears responsibility for the valuation of alternative investments on the nonprofit organization's financial
statements?
a. The management
b. The auditor
c. The specialist

293

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
9. Which of the following statements is correct concerning valuation reporting requirements under SFAS 124?
(Page 282)
a. SFAS 124 requires the reporting of all complex derivatives at fair value. [This answer is incorrect. Fair value
is not always readily determinable for complex derivatives, and SFAS 124 requirements do not pertain to
such investments. SFAS 133 and SFAS 155 address reporting requirements for derivatives and hedges.]
b. SFAS 124 requires the reporting of all debt instruments at fair value. [This answer is correct. All debt
instruments, and those equity securities with readilydetermined fair values are required by SFAS
124 to be reported in the statement of financial position.]
c. SFAS 124 requires disclosure of fair value changes after the reporting period. [This answer is incorrect.
SFAS 124 does not require the entity to attempt to estimate the amount it will realize.]
d. SFAS 124 requires consideration of selling costs in fair value valuations. [This answer is incorrect. SFAS
124 does not consider factors such as selling costs that may affect the amount ultimately realized.]
10. Which of the following are included within the scope of SFAS 124 or SFAS 133 for a nonprofit organization?
(Page 287)
a. Investments in a venture capital fund [This answer is incorrect. A venture capital fund has no readily
determinable value.]
b. Investments in a real estate limited partnership [This answer is incorrect. Investment in a real estate limited
partnership may lack liquidity, and its fair value may not be readily determinable.]
c. Investments in publiclytraded common stock [This answer is correct. The fair value of an
investment in a publiclytraded common stock is readily determinable by simply multiplying the
shares owned by the closing price reported by the exchange for the date in question.]
d. Investments in a private equity fund [This answer is incorrect. The value of an investment in a private equity
fund depends on the negotiated price between a willing buyer and a willing seller. As such, this value is
not readily determinable until the investment is sold.]
11. Who bears responsibility for the valuation of alternative investments on the nonprofit organization's financial
statements? (Page 291)
a. The management [This answer is correct. Regardless of how difficult or complex the nature of
valuation, management bears responsibility for the valuation of alternative investments.]
b. The auditor [This answer is incorrect. The auditor is responsible for testing the reasonableness of the
valuation and verifying valuation calculations, but is not responsible for the valuation itself.]
c. The specialist [This answer is incorrect. A specialist may be consulted when valuation of an alternative
investment proves difficult, but this does not mean that the specialist bears responsibility for the alternative
investment's valuation.]

294

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

CONTRIBUTIONS AND PROMISES TO GIVE
This section discusses the recording of contributions and promises to give under SFAS No.116 (FASB ASC
958605) and special auditing considerations related to those transactions. Revenues resulting from exchange
transactions, donated longlived assets, facilities, services, and donated inventory are discussed later. This course
contains a general discussion of accounting for contributions.
SFAS No. 157 (FASB ASC 82010), Fair Value Measurements, will amend numerous accounting pronouncements
throughout the accounting literature including SFAS No. 116 (FASB ASC 958605). In view of the Statement's
effective date, it is believed that most financial statements for years ending prior to November 30, 2008 will have
been prepared using the currently effective fair value measurement guidance, i.e., the guidance presented in the
various accounting pronouncements amended by SFAS No. 157 (FASB ASC 82010). Thus, this section continues
to address the accounting guidance contained in those pronouncements while also addressing SFAS No. 157.
One difference under SFAS No. 157 (FASB ASC 82010) will be in accounting for promises to give. The previous
guidance found in paragraph 19 of SFAS No. 116 (FASB ASC 958605) about using the present value of future cash
flows as a fair value measurement technique for measuring promises to give has been eliminated by SFAS No. 157
(FASB ASC 82010). In place of such specific guidance, the new SFAS describes the general category of present
value techniques as a possible income approach for fair value measurement. SFAS No. 157 (FASB ASC 82010)
does not require that a particular present value technique be used and it is believed organizations will continue to
measure unconditional promises to give using the present value techniques they are currently using. However,
there would be a change from current practice in the choice of the riskadjusted discount rate employed in the
calculation.
What Is a Contribution?
Paragraph 5 of SFAS No.116 (FASB ASC 95860520) describes a contribution as an unconditional transfer of
assets or settlement of liabilities in a voluntary nonreciprocal transfer. Transferred assets may be cash, securities,
property, use of facilities or utilities, materials and supplies, services, and unconditional promises to give those
items in the future.
When accounting for contributions, it is important to distinguish them from other transactions and arrangements,
such as the following:
Intentions to Give. Intentions to give are merely statements of an expressed interest in giving.
Exchange Transactions. These are reciprocal transfers resulting from transactions such as program service
fees and sales revenue. Many grants may also be exchange transactions.
Agency or Intermediary Transactions. These are transfers of assets in which the organization acts as an
agent or intermediary.
Accounting Considerations Contributions
SFAS No.116 (FASB ASC 958605252, 958605302) generally requires measuring contributions received at the
fair value of the assets or services received or promised or the fair value of the liabilities satisfied, and recognizing
them as revenues or gains in the period they are received, even if the donor has restricted their use and the
restriction will be met in a future reporting period; that is, none are deferred. As a result, contributions are recorded
immediately either as an increase in unrestricted net assets, temporarily restricted net assets, or permanently
restricted net assets, depending on the nature of the donor restrictions, if any.
Restricted Support. After determining that support should be recorded in the financial statements, the organiza
tion must determine whether the donor has restricted its use in some manner or to some time period. For example,
a donor may specify that a gift be used for the operation of a particular program, the acquisition of property or
equipment, or an endowment, whereby only income generated by the gift may be used for operating purposes.
Restrictions may be explicit (such as a letter specifying that the contribution be used for a substance abuse
program) or implicit (such as gifts received in a capital improvements drive or in an appeal for a particular program).
295

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Temporary and Permanent Restrictions. Generally, a restriction is temporary if the organization is authorized to
deplete what was donated, such as contributions restricted to purchase assets or to fund program costs; other
wise, it is permanent. Permanent restrictions are those that permanently restrict the organization's use of contrib
uted assets (such as an endowment under which the principal must remain intact). Sometimes an endowment
instrument temporarily restricts the use of the income from the principal, such as an endowment to a school
requiring the income to be used to fund the compensation of a fine arts instructor. Another example of a permanent
restriction is land donated for the organization's permanent use.
A temporarily restricted contribution generally is recognized when received and is reclassified from temporarily
restricted net assets to unrestricted net assets when the donor's restriction is satisfied or when the stipulated time
has elapsed. Cash received in connection with a campaign to raise funds for renovating a facility would be reported
as contribution revenue, increasing temporarily restricted net assets. When the expenditures for the renovations are
incurred, the financial statements would report a reduction in temporarily restricted net assets and an increase in
unrestricted net assets.
Unrestricted Support. Contributions not restricted by time or manner of use are recognized as unrestricted
support in the period in which they are received (or the promise is made). However, if a donor has stipulated that
funds are to be used in a subsequent period, the contribution is considered restricted and would be recorded
following the guidance included earlier. The Audit Guide, Paragraphs 5.39 and 5.49 (FASB ASC 958605455),
indicates that contributions to be received in future periods are assumed to be temporarily restricted unless the
donor explicitly states that the contribution is to support the current period.
Contributions Whose Restrictions Are Met in the Same Year. Restricted contributions may be reported as unre
stricted support if (a) the restrictions are met in the same reporting period, (b) that policy is followed consistently, (c)
the policy is disclosed, and (d) the organization has a similar policy for accounting for restricted investment income
and gains. For example, an organization may receive a $50,000 contribution to fund the cost of a oneweek
educational seminar. If the $50,000 is received in the same year the seminar is held, the donation can be reflected
as an unrestricted contribution in the statement of activities provided the organization meets the criteria in this
paragraph. If the educational seminar straddled the organization's year end and restrictions on only $25,000 of the
donation were met, the statement of activities could reflect unrestricted contributions of $25,000 and temporarily
restricted contributions of $25,000.
Designations Imposed Internally. Sometimes, the governing board (that is, the board of directors or trustees) of a
nonprofit organization may designate a portion of unrestricted net assets for a specific purpose as a management
planning tool. For example, the board of directors may designate a certain amount of current year contributions to
be used to fund future roof repairs. Those board designations are not restrictions because the designations may be
reversed by the board, and they do not alter the nature of unrestricted contributions.
Special Considerations Special Events. Contributions may be solicited by special events such as fundraising
dinners, benefit concerts, theater parties, and sports events, or by sales" of items, where the price charged is
substantially greater than the cost of the items and the excess represents a contribution. However, sales of
publications, records, reproductions, etc., by organizations such as museums and libraries are normally consid
ered exchange transactions.
The portion of a special event payment that is a contribution is recognized as revenue. The portion that is an
exchange transaction is recognized after the special event takes place (that is, after the benefits are provided to the
donors). If the special event has not taken place before the end of the fiscal year, the exchange portion of the
payment should be classified as deferred revenue in the statement of financial position. If the contribution portion
of the special event payment is conditioned upon the event taking place, the contribution is conditional. Accord
ingly, the receipt of any cash payments should normally be recorded as a liability (refundable advance) instead of
as contribution revenue. If the contribution is not conditioned on the event taking place, it should generally be
recognized as revenue when received before the organization's year end.
SFAS No.117 (FASB ASC 9582254517) requires that the statement of activities report the gross amounts of
revenues and expenses from special events that are ongoing major activities. Reporting the net amount is accept
able only if the special event is an incidental activity. If a special event is sponsored by an independent organization
over which the nonprofit organization has no control, but for the benefit of the nonprofit organization, the net
296

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

proceeds received should generally be reported as support. However, if the independent organization deducts a
fundraising fee or other compensation before remitting the net proceeds, according to AICPA Technical Practice
Aid TIS 6140.22, the nonprofit organization should report the contribution at the original amount contributed by the
donor, and the fee should be recorded as fundraising expense.
Guarantees of the Organization's Debt. Some nonprofit organizations assist other nonprofit organizations by
guaranteeing their debt without receiving compensation (called a premium) in exchange. FASB Interpretation No.
45, Guarantor's Accounting and Disclosure Requirements for Guarantees, Including Indirect Guarantees of
Indebtedness of Others (FASB ASC 46010), clarifies that these guarantees are gifts to the nonprofit organizations
that benefit from the guarantees and liabilities of the organizations that issue the guarantees. Paragraph 5.32 of the
Audit Guide states that the guarantee is in part conditional and in part unconditional. The donor's obligation to
make future payments if certain triggering events occur is conditional. The donor's obligation to stand ready to
perform under the guarantee is unconditional.
FASB Interpretation No. 45 only sets standards for initial recognition of guarantees by the guarantor. The Interpreta
tion requires the guarantor to recognize a liability for the fair value of a guarantee at inception even if it is not
probable that payments will be required under that guarantee. Although the Interpretation does not state how the
recipient of a guarantee should measure the gift it has received, SFAS No. 116 (FASB ASC 958605302) requires
contributions to be measured at fair value as well.
Internal Control Considerations Contributions
It is important that the nonprofit organization's financial reporting system provide for the recording and collection of
contributions, including the identification of restrictions (for example, temporary or permanent restrictions) and the
nature of the restrictions (for example, restricted for a donorstipulated program). A nonprofit organization may
maintain a separate general ledger account or subsidiary ledger for each restricted contribution, gift, or grant. Even
a small organization may have an elaborate chart of accounts to distinguish the source of contributions for
programs and the related expenses. The account number may include code numbers by funding source, grant,
program, and expense. This will facilitate the proper presentation of the restricted contributions in the financial
statements and compliance with the donorimposed restrictions and monitoring of compliance. Also, the financial
reporting system should provide for the identification of restrictions that lapse at a specified time or at the occur
rence of a specified event (for example, term endowments) so the resources can be appropriately used and
accounted for when they become unrestricted.
Special Considerations Cash Contributions. It is the responsibility of a nonprofit organization's management
to take steps to ensure that all contributions intended for the organization have been received and recorded. Public
relations and financial considerations often motivate management to maintain adequate controls over cash con
tributions. Adverse publicity about loss or mishandling of cash contributions can hinder the organization's ability to
raise funds in the future.
A basic control objective is to separate the access to cash collected and the accounting for the cash as soon as
possible. Techniques such as using a bank lockbox to receive and deposit contributions from direct mail, radio, or
television solicitations can provide such control. For direct contact solicitations such as doortodoor and street
solicitations, control can be provided by adequate supervision of solicitors reporting the individual responses to
their solicitations to area captains and supervisors. The area captains or supervisors should account for the
population under their jurisdiction by comparing the solicitors' reports to street maps, neighborhood directories,
etc. Cash collected should be deposited in depository bank accounts as soon as possible after collection, and the
deposit slips and related summary reports should be forwarded to the nonprofit organization. There should be
control over the dissemination of, and accounting for, all promotional material, donation envelopes, receipt forms,
sealed canisters, etc., furnished to the solicitors.
Some nonprofit organizations have situations where several individuals have access to cash contributions. For
example, a religious organization may have volunteers that collect the weekly offerings and may also allow several
of the volunteers to have access to the organization's safe. In order to compensate for this problem, some churches
place the cash in prenumbered sealed bags before depositing the cash in the organization's safe. The organization
keeps a log of the bags. Once the safe is reopened, if a numbered bag is missing or a seal is broken, the
organization will know that someone has tampered with the cash.
297

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Desirable controls over mail receipts of either solicited or unsolicited contributions are essentially the same as for
any small business, that is, dual control over opening mail and prelisting incoming receipts, preparation of the
accounting records from the prelist by someone who does not have access to the cash, deposit made by someone
independent of the accounting function, and comparison of the bank deposit record with the accounting record.
Control over all types of contributions can also be provided by practices unique to nonprofit organizations, that is,
use of prenumbered contribution acknowledgment forms and publication of donors' names in journals and reports
the organization issues. Finally, control is afforded by management's preparation of budgets or campaign goals for
cash contributions that can be reasonably estimated, comparison of actual results to budgeted amounts, and
investigation of significant differences.
Auditing Considerations Contributions
In performing risk assessment procedures, the auditor gains an understanding of the organization's activities and
services, its collection policies related to promises to give, its internal control over contributions, and its accounting
policies and procedures related to revenue recognition. In performing risk assessment procedures, the auditor
considers the type of organization [for example, whether the organization would be expected to receive contribu
tions (e.g., can donors claim a tax deduction for making donations to the organization) and whether the organiza
tion's collection policies and accounting practices are consistent with similar organizations], changes in the
organization's policies or practices related to revenue recognition, general economic trends, and operating or
performance pressures. Welldesigned preliminary analytical procedures also help the auditor identify situations
that may represent risks of improper revenue recognition that require overall or specific audit responses to ensure
revenue recognition is proper. An overall response to a risk of improper revenue recognition may be to assign more
experienced audit staff to perform related audit procedures. Specific responses may be to perform additional audit
procedures such as inquiry of relevant personnel; review of pledges, grant agreements, or bequests; and confirma
tion of promises to give.
The control environment is probably the most important factor influencing the integrity of reported contributions.
Therefore, the auditor's understanding of the organization's activities related to revenue recognition includes
understanding how controls over receipts may be overridden and what the client's motivation to misstate support
may be. For organizations that receive significant amounts of contributions, the Audit Guide, Paragraph 5.83,
emphasizes that obtaining an understanding of the internal controls over contribution revenues and receivables
involves evaluating the design of a control and determining whether it has been implemented. The absence of an
accounting system and related controls over recording the receipt and collection of contributions might indicate a
significant deficiency or a material weakness.
The auditor may use confirmations to obtain evidence about the existence of contributions, the amount of the gift,
the nature of any restrictions, the period in which it may be used, payments made during the period, and any
amounts receivable. The auditor may consider using electronic confirmations rather than mailed confirmation
letters. As discussed earlier, an auditing interpretation at AU 9330.01.08, Use of Electronic Confirmations, dis
cusses considerations for controlling and protecting such audit evidence. Auditors may also find it helpful to obtain
representations from management concerning specific revenue recognition issues. In addition, communications
with those charged with governance may include a discussion of the organization's revenue recognition practices.
Review for Restrictions. A primary auditing concern is to determine the existence and nature of any restrictions
over contributions received because the restrictions govern how the contributions should be reported in the
financial statements. The auditor obtains evidence about the existence and nature of restrictions by review of
minutes, agreements, and documentation related to gifts, contributions, bequests, etc., and by inquiry of client
personnel. The auditor can also obtain evidence by communication with donors, that is, by confirmation.
Consideration of the types of fundraising appeals the nonprofit organization made during the period or how the
contribution received was obtained (for example, from a capital improvements drive) may also alert the auditor to
restricted contributions he or she should expect to find recorded in the accounting records or the proper classifica
tion of contributions received. After the auditor understands the nature of any restrictions, he or she should
consider whether the contribution is properly classified and recognized in the financial statements. The auditor
should test the nonprofit organization's compliance with donor requirements and restrictions that have a direct and
material effect on the determination of financial statement amounts.
298

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Testing Completeness. The completeness assertion is of particular concern because nonprofit organizations may
receive unsolicited gifts and bequests. An auditing interpretation at AU9326.24.27 entitled The Auditor's Consid
eration of the Completeness Assertion" states that for cash receipts, such as those of some charitable organiza
tions, it may be difficult to limit audit risk for the completeness assertion to an acceptable level without a low or
moderate assessed level of control risk. Typically, as the auditor's assessed level of the risk of material misstate
ment for the completeness assertion increases, the level of detail and required precision of predictive and other
analytical procedures for the completeness of contributions will also increase. It is believed that, if cash contribu
tions are significant for an organization, the auditor cannot take a solely substantive approach to the audit of
completeness of cash contributions but should generally plan to test controls over solicited and unsolicited cash
contributions.
Audit procedures that provide evidence about the completeness of contributions (both cash contributions and
promises to give) include analytical procedures such as, if meaningful, comparison of current and prior period
recorded amounts, comparison of current period recorded and budgeted amounts, and investigation of significant
differences. Also, the auditor may obtain evidence about the completeness of the accounting records from which
the financial statements are prepared by comparing those records with separately prepared and maintained
financial management records (such as fundraising or development department data), mention of contributions
received in minutes of governing board meetings, copies or records of acknowledgments sent to contributors, or
lists of contributors in published journals or reports of the organization. (Auditors should be aware that develop
ment records may contain the gross amount of the promises to give, but the promises would be recorded only at
fair value in the accounting records.) The auditor may review and test field solicitors' reports and summary reports
prepared in direct contact solicitations and trace the amounts into the accounting records of recorded contribu
tions. The auditor should also consider reviewing contributions received after year end and noting if any of those
should be recorded as contributions in the current year, possibly as promises to give.
Consideration of Fraud. SAS No. 99 (AU 316.41) requires auditors to ordinarily presume that improper revenue
recognition is a risk that may result in material misstatement of the financial statements due to fraud. Auditors may
respond to a risk of improper revenue recognition by tailoring the basic audit procedures for support, receivables,
and receipts in the audit programs, by increasing the extent of those procedures or by performing additional
procedures.
Common Contributions Fraud Schemes, Symptoms, and Related Audit Responses
Examples of common fraud schemes related to contributions and promises to give and procedures that may be
performed in response to those schemes are provided for both misappropriation of assets (Exhibit 25) and
fraudulent financial reporting (Exhibit 26). For misappropriation of assets, Exhibit 25 also lists the symptoms (also
called red flags or indicators) auditors may observe that indicate the presence of a particular fraud scheme. For
fraudulent financial reporting schemes presented in Exhibit 26, symptoms generally relate to fraud risk factors
such as the desire to understate unrestricted net assets to avoid potentially negative effects on fundraising. Those
risk factors may provide an incentive or pressure to manipulate the financial statements.

299

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 25
Common Contributions and Promises to Give Fraud Schemes, Symptoms,
and Related Audit Responses Misappropriation of Assets
Fraud Scheme

Audit Responsesa

Symptoms

Send confirmations.b
Prepare proof of cash.
Review journal entries.
Review reconciling items.
Review detail of promises togive.
Conduct interviews.
Trace deposits, paying particular atten
tion to composition of each deposit.
Review the allowance for uncollectible
promises to give.

Lapping.

Donor complaints.
Increased, unexplained aging of prom
ises to give balances.
Unexplained discrepancies in contribu
tions andpromises to give confirma
tions.
Different dates between deposits and
credits to donor accounts.
Discrepancies between deposit slip
names and amounts of credits to donor
accounts.
Lifestyle changes.
Persons with access to cash receipts
and related records do not take annual
vacations.

False credits, dis
counts, and other
writeoffs.

Unusual or unexplained credits.
Unusual, unexpected, or unauthorized
writeoffs.
Unexplained discrepancies in contribu
tions and promises to give confirma
tions.
Lifestyle changes.
Customer complaints.

Theft of other non
cash assets contrib
uted.

Unusual or unexplained decreases in
contributions.
Lifestyle changes.
Inadequate segregation of duties.

More indepth analytical procedures
designed to highlight unusual fluctua
tions in contribution accounts.
Review of original source documents
such as tax receipts (for donated
goods) or other receiving reports.
Inventory observation procedures, if
significant amounts of donated goods
are expected to be on hand.
Detailed review of controls over the
receipt of noncash asset contributions.

Failing to remit cash
obtainedthrough
direct contact solicita
tions.

Unfavorable variances between budget
and actual.
Unusual or unexplained decreases in
contributions.

More indepth analytical procedures
designed to highlight unusual fluctua
tions in contribution accounts.
Detailed review of controlsover direct
contact solicitations.

Send confirmations.b
Prepare proof of cash.
Review journal entries.
Review reconciling items.
Review detail of promises togive.
Review the allowance foruncollectible
accounts receivable and promises
togive.
Conduct interviews.
Inspect credit memos.
Inspect deposit slips.

Notes:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
300

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.
b

In addition to written confirmation, the auditors may also follow up with phone calls to donors.

*

*

*

Exhibit 26
Common Contributions and Promises to Give Fraud Schemes and
Related Audit Responses Fraudulent Financial Reporting
Audit Responsesa

Fraud Scheme
Misclassifying or overstating value of
noncash contributions

Expanded confirmations including confirmation of any donorimposed
restrictions.b
Verify value of noncash contributions using published catalogs,
vendors, independent appraisers, estimated selling prices, or other
sources.

Misclassifying or misstating the value
of promises to give

Expanded confirmations including confirmation of any donorimposed
restrictions.b
Review of subsequent collections.
Review of board of directors minutes for discussion on significant
promises to give.

Failing to comply with or disclose
donor restrictions

Expanded confirmations including confirmation of any donorimposed
restrictions.b

Failing to properly adjust promises
to give for collectibility problems

Review of journal entries.
Review of detail of promises to give.
Review of allowance for uncollectible promises to give.
Review of correspondence with donor.

Notes:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

b

In addition to written confirmation, the auditors may also follow up with phone calls to donors.

*

*

*

Accounting Considerations Unconditional Promises to Give
SFAS No.116 (FASB ASC 958605) uses the term promises to give" instead of pledges." Promises can be written
or oral. However, Paragraph 6 of SFAS No.116 (FASB ASC 958605258) requires that verifiable documentation
exist before the amount can be recognized in the financial statements. It is believed sufficient documentation by the
organization of the terms of oral promises would include the name, address, and telephone number of the donor,
amount of the promise, due date, the date the promise was made, and the name of the organization's employee or
representative to whom the promise was made.
SFAS No.116 (FASB ASC 958605257 through 2515) discusses conditional and unconditional promises to give.
Conditional promises to give are not recorded in the financial statements.
301

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Unconditional promises to give are measured at their fair value and recognized as revenues in the period they are
received, even if the donor has restricted their use and the restriction will be met in a future reporting period; that is,
none are deferred. Conditional promises should be recorded when the conditions on which they depend are
substantially met, that is, when the conditional promise becomes unconditional. For example, if a corporation
agrees to match the donations of its employees, the corporation's promise to give is conditional. The corporation's
promise to give becomes unconditional with each donation that is received from the corporation's employees.
Promises to Give with Payments Due in Future Periods. Unconditional promises to give with payment dates in
future periods are reported as restricted support (generally increasing temporarily restricted net assets) unless the
donor clearly expressed that the contribution be used to support activities of the current period. For example, if an
organization holds an annual fall fundraising campaign that is clearly to obtain support for the next fiscal year,
unconditional promises to give would be reported as increases in temporarily restricted net assets. However if the
promise with payment dates in future periods was restricted for an endowment, the unconditional promise to give
would be reported as an increase in permanently restricted net assets. There have been numerous questions about
when such time restrictions on promises to give lapse. An AICPA Technical Practice Aid (TIS6140.03) clarifies that
a time restriction on a promise to give lapses when the promise is due, not when the promise is collected. Thus,
amounts should be reclassified from temporarily restricted to unrestricted net assets at the point the unconditional
promise to give is due. If the due date is unclear, the organization should consider facts and circumstances to
determine the due date of the promise.
Promises to Give Cash Expected to Be Collected in Less Than One Year. As indicated earlier, unconditional
promises to give should be recorded at their fair value. SFAS No. 116, paragraph 21, and the Audit Guide, at
Paragraph 5.61 (FASB ASC 958605306), note that if the promise to give is expected to be received in less than
one year, net realizable value is considered a reasonable estimate of fair value.
Promises to Give Cash Expected to Be Collected in More Than One Year. For unconditional promises to give
cash in the future, the present value of estimated future cash flows is one valuation technique for measuring fair
value. Future cash flows will inherently have to consider the collectibility of such promises. The Audit Guide clarifies
the guidance in SFAS No.116 on how to record unconditional promises to give that are expected to be collected
in more than one year. The Audit Guide, Paragraph 5.64 (FASB ASC 9586055522), illustrates the initial recogni
tion of unconditional promises to give cash when a present value technique is used to measure fair value. In that
illustration, the organization records (a) an unconditional promise to give for only the amount of the expected future
cash flows and (b)a corresponding discount to reduce the expected cash flows to present value. Thus, other than
calculating the present value of the amounts, the recording is similar to unconditional promises to give expected to
be collected in less than one year. In each situation, an allowance for uncollectible promises to give is not reflected
at the time a promise to give is initially recorded. SFAS No.116 indicates that the discount rate used in the present
value calculation should be the rate that is commensurate with the risks involved. Once the rate is determined for
the promise to give, it is not revised for any market changes.
When effective, SFAS No. 157 (FASB ASC 82010), Fair Value Measurements, supersedes the guidance in SFAS
No. 116 about measuring the present value of unconditional promises to give using a riskfree rate of return
appropriate for the expected term of the promise to give. SFAS No. 157 also suggests that there are additional
factors that should be taken into account in determining the appropriate riskadjusted discount rate if present value
techniques are used to measure fair value. The authors believe that when organizations implement the guidance in
SFAS No. 157 for using present value techniques, those additional factors will probably result in a discount rate
higher than the riskfree rate but lower than the donor's borrowing rate.
An organization may also elect the fair value option as prescribed by SFAS No. 159, The Fair Value Option for
Financial Assets and Financial Liabilities (FASB ASC 82510), for recording longterm promises to give cash or
financial instruments. For items for which the fair value option is elected, changes in fair value are reported in the
changes in net assets at subsequent reporting dates as they occur.
Promises to Give Noncash Assets Expected to Be Collected in Less Than One Year. Unconditional promises
to give noncash assets should be measured at fair value. SFAS No.116 (FASB ASC 958605306) and the Audit
Guide, Paragraph 5.61, allow unconditional promises to give that are expected to be collected in less than one year
to be recorded at their net realizable value, which is an estimate of fair value.
302

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Promises to Give Noncash Assets Expected to Be Collected in More Than One Year. Prior to the issuance of
SFAS No. 157 (FASB ASC 820), the Audit Guide expanded on the guidance in SFAS No. 116 and indicated that the
fair value of unconditional promises to give noncash assets expected to be collected in more than one year should
be based on the present value of the expected fair value of the underlying noncash assets that the organization
expected to receive. SFAS No. 157 (FASB ASC 820) notes that present value techniques are one method of
measuring fair value. Other methods are also available. If present value techniques are used, the fair value of an
unconditional promise to give noncash assets might be based on the present value of the projected fair values of
the underlying noncash assets at the date and in the quantities that those assets are to be received. The fair value
of underlying noncash assets today may not necessarily represent the projected fair value of those assets at the
date they are expected to be received. Consequently, the projected fair value of the underlying noncash assets may
be difficult to determine. The Audit Guide, Paragraph 5.65 (FASB ASC 958605308), states that the fair value of the
noncash assets at the date the promise is received may be used to measure the fair value of the contribution if it is
difficult to determine the future fair value (and, consequently, the present value of the projected fair value) of that
underlying asset. In that case, the organization would not record a discount. It is believed that many organizations
will choose to use the current fair value of the underlying assets to estimate the fair value of those assets in the
future unless information is readily available indicating that current fair value is not the best estimate.
Contributions Restricted to Acquisition of Longlived Assets. Organizations often receive promises to give
specified amounts over a number of years that are donorrestricted for the purchase or construction of longlived
assets. For example, an organization begins a capital campaign to raise funds to build a new building and receives
a donor promise to give $5,000 toward the campaign for each of the next five years. Occasionally, an organization
will complete construction of the longlived asset (e.g., the building) prior to the end of the pledge period (e.g., five
years). In such a circumstance, there has been confusion about when the donor's restriction lapses; that is, does
the temporary restriction represent a purpose restriction that is met when the asset is placed in service, or a time
restriction that is met only when the receivable is due? An AICPA Technical Practice Aid (TIS6140.04) addresses
the situation. The asset construction should be considered an activity of the current period. The organization
should evaluate whether the donor intended the contribution to support the current period (which includes the
construction). If so, there is no time restriction.
Donated Collections. Whether an unconditional promise to give collections is recorded in the financial statements
depends on the nonprofit organization's policy for capitalizing collections. If the organization has adopted a policy
of capitalizing collections, promises to give collections should be measured at fair value and recorded as an
increase in the appropriate net asset class. If the organization has chosen not to capitalize collections, promises to
give collections would not be recorded in the financial statements.
Interestfree or Belowmarketinterest Loans. Some organizations may have loans payable that carry no interest
or have belowmarketinterest rates.
Subsequent Measurement of Unconditional Promises to Give. Between the time an unconditional promise to
give is initially recognized and the time it is collected, the fair value of the promise can change. As a result, until
promises to give are collected, they should be reevaluated in each subsequent period. After their initial recording
in the financial statements, unconditional promises to give cash or noncash assets may require periodic adjustment
for the following:
Subsequent increases in present value (amortization of the discount).
Changes in the future fair value of assets to be received.
Changes in the quantity or nature of the assets expected to be received (changes in collectibility).
Changes in the time value of money.
Changes in the expected timing of assets to be received.
Changes in fair value that are required to be recognized if the organization has elected the fair value option
as prescribed by SFAS No. 159 (FASB ASC 82510).
303

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

The following paragraphs discuss the effect of those items on the amount initially recorded for unconditional
promises to give.
Subsequent Increases in Present Value. Present value techniques may be used to measure the fair value of
unconditional promises to give cash or noncash assets expected to be collected in more than one year. After the
initial recording of the promise to give, its present value should be periodically recomputed as the promise gets
nearer to its expected collection. The change in the present value due only to the passage of time (that is, the
amortization of the discount) is recognized as contribution revenue rather than interest income. The discount rate
used for the initial calculation is not revised for future calculations unless the organization has elected to measure
the promise to give at fair value in conformity with SFAS No. 159 (FASB ASC 82510).
Fair Value versus Quantity or Nature of the Assets to Be Received. The Audit Guide distinguishes between changes
in the fair value of noncash assets to be received and changes in the quantity or nature of the assets to be received
(including cash and noncash assets.) For example, assume that an organization receives an unconditional promise
to give 500 shares of stock in ABC Company. An increase in the fair value of the ABC stock would be a change in
the fair value of the assets to be received. However, if the organization believes that it will only get 400 shares of ABC
or that the donor will substitute 500shares of less valuable XYZ Company stock for the ABC stock, that would be
a change in the quantity or nature of the assets to be received (that is, a change in collectibility). The requirements
for accounting for changes in the fair value of the underlying noncash assets expected to be received differ
depending on whether the assets expected to be received are certain investments or whether they are other
noncash assets.
Changes in Fair Value of Noncash Assets to Be Received. As discussed in the preceding paragraph, the Audit
Guide's requirements for accounting for changes in the future fair value of the underlying assets that the nonprofit
organization expects to receive depend on whether the assets are certain investments or other noncash assets.
Investments. Changes in the fair value of promises to give debt securities or equity securities with readily
determinable fair values [that is, securities that would be covered by SFAS No.124 (FASB ASC 958325)]
should be recognized as increases or decreases in contribution revenue. The change should be reported
in the net asset class in which the contribution was originally recorded or in the net asset class in which
the net assets are represented.
For example, if the original promise to give was reported as an increase in temporarily restricted net assets,
the subsequent change in fair value of the investments would typically be reflected as an increase or
decrease in temporarily restricted contribution revenue. However, if the original promise was recorded as
temporarily restricted support and then was subsequently reclassified to unrestricted net assets (for
example, if the organization met the donor's restrictions before collecting the promise to give), the change
in fair value of the investment would be reflected as an increase or decrease in unrestricted contribution
revenue. This could result in negative contribution revenue being reported if there is a significant decline
in fair value during a period when no other significant contributions are recorded.
Other Noncash Asset. Increases in promises to give resulting from changes in the underlying future value
of other noncash assets should not be recognized, but decreases should be recognized as a reduction of
contribution revenue in the net asset class in which the contribution was originally recorded or in the net
asset class in which the net assets are represented.
Changes in the Quantity or Nature of Assets to Be Received. This paragraph relates to changes in the quantity or
nature of the assets expected to be received from unconditional promises (that is, changes in collectibility of the
assets promised to the organization). The Audit Guide, Paragraph 5.71 (FASB ASC 958310357; 958310453),
notes that if the fair value of unconditional promises to give cash or noncash assets decreases after the contribution
was initially recorded because of a change in the quantity or nature of assets to be received, the decline in fair value
should be recorded as bad debt expense or loss in the period the decline is determined. SFAS No.117 (FASB ASC
958225457) requires all expenses to be reflected as decreases in unrestricted net assets. Therefore, any declines
in fair value of unconditional promises to give that are reflected in temporarily restricted or permanently restricted
net assets would be recorded as bad debt losses instead of bad debt expense, as would declines affecting
unrestricted net assets. In addition, an AICPA Technical Practice Aid (TIS6140.09) clarifies that bad debt losses
304

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

may not be netted against contribution revenue because losses are permitted to be netted only against gains, not
against revenues.
Subsequent increases in the fair value of the promises to give due to changes in the quantity or nature of assets
expected to be received would be recognized as decreases in bad debt expense or loss to the extent that bad debt
expense or loss was previously recognized. As with the declines, the subsequent increases would be recognized
as changes in the net asset class where the net assets are included. Increases in fair value due to changes in the
quantity or nature of assets expected to be received that exceed previously recognized expenses or losses would
not be recorded. Instead, additional contribution revenue would be recorded in the applicable net asset class when
the promise to give is collected.
Internal Control Considerations Promises to Give
Since promises to give may not involve cash receipts at the time the promise is made, controls are needed to
ensure that all unconditional promises to give are reflected in the financial statements and that conditional promises
to give are not recorded until they become unconditional. (Unconditional promises are recorded as contribution
revenue and conditional promises are disclosed in the notes to the financial statements.) In addition, SAS No. 99
(AU 316) requires the auditor to perform preliminary analytical procedures related to revenue through the end of the
reporting period to identify unusual or unexpected relationships. Those procedures may provide evidence relating
to the completeness of revenue. Accounting personnel should review contribution documentation for donor
conditions. Although SFAS No. 116 (FASB ASC 9586055519) does not require an unconditional promise to give
to be written before recording it in the financial statements, Paragraph 6 of SFAS No. 116 (FASB ASC 958605258)
does require that verifiable documentation" exist before the amount can be recognized. Also, conditional prom
ises must be monitored to ensure that as conditions are met and the conditional promises to give become
unconditional, contribution revenue is recorded.
Controls over contributions also need to address proper valuation. This would include controls to ensure that
contributions are originally recorded at fair value at the time of initial recognition and controls to ensure that the
valuation of promises to give is periodically reassessed. Noncash contributions require controls to ensure that only
those contributions that meet the criteria for recognition are recorded in the financial statements. For example,
contributions of collection items are only recorded if the nonprofit organization has a policy of capitalizing collec
tions. There should also be procedures in place to ensure that writeoffs of uncollectible promises to give are
identified and approved.
Auditing Considerations Promises to Give
Many of the auditing considerations related to contributions discussed earlier are also applicable to promises to
give. Additional considerations unique to promises to give are discussed next.
Confirmations. SAS No.67 (AU330.34) defines accounts receivable as (a) the entity's claims against customers
that have arisen from the sale of goods or services in the normal course of business and (b)a financial institution's
loans." Therefore, promises to give of a nonprofit organization do not meet the definition of accounts receivable
under SAS No.67 and are not required to be confirmed under generally accepted auditing standards. However, it
is believed that the confirmation of promises to give (usually the confirmation of individually significant items) is an
effective procedure for auditing the existence assertion of promises to give, and some accounting firms require the
use of confirmations for material promises to give as a matter of internal policy. Confirmations can also provide
valuable information on donor restrictions. If promises to give are confirmed, the Audit Guide notes in Paragraph
5.86 that the guidance in SAS No.67 (AU 330) should be followed. It is believed confirmations are rarely used for
cash contributions. However, if used, the confirmations should be carefully worded to avoid the appearance of
asking for contributions.
Valuation of Promises to Give. Auditors must also address valuation of promises to give. This includes obtaining
an understanding of the organization's accounting policies for measuring promises to give (such as whether the
organization has elected the fair value option, reviewing documentation of the promises' payment terms and the
assumptions used in fair value measurements (for example, management's assessments of the estimated future
cash flows for promises to give cash or the quantity and nature of assets to be received for promises to give
noncash assets). If confirmations are used, it may be helpful to confirm the payment schedules with donors.
305

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Promises to give equity securities with readily determinable fair values or debt securities are adjusted for changes
in the fair value of the investments promised. Audit procedures to test the valuation of those types of promises are
similar to procedures performed on investments held by the nonprofit organization.
Collectibility of Promises to Give. With respect to collectibility, the auditor considers factors such as the age of the
receivables, past collection experience, the donor's reputation in the community, and the nonprofit organization's
collection policy. Past collection experience may relate to the organization as a whole (for example, the historic
overall percentage of promises that are collected) and to an individual promise (for example, whether the individual
has defaulted on any installments of his or her promise). SAS No.57 (AU342), Auditing Accounting Estimates,
describes three approaches to evaluating the reasonableness of accounting estimates. An auditor may make an
independent estimate for comparison with the client's estimate, review and evaluate the client's process of estima
tion for reasonableness, or review subsequent events or transactions in identifying and evaluating estimates.
Review of subsequent collections likely will provide less evidence about collectibility of promises to give than the
procedure typically provides for accounts receivable of a small business or a nonprofit organization. This is
because promises to give often are payable over a longer period beyond the date of the statement of financial
position; for example, a promise to give may be payable over several years.
Consideration of Fraud. SAS No. 99 (AU 316.41) requires auditors to ordinarily presume that improper revenue
recognition is a risk that may result in material misstatement of the financial statements due to fraud. Auditors may
respond to a risk of improper revenue recognition by tailoring the basic audit procedures for support, receivables,
and receipts in the audit programs by increasing the extent of those procedures or by performing additional
procedures.
Common Promises to Give Fraud Schemes, Symptoms, and Related Audit Responses
Examples of common fraud schemes related to promises to give and procedures that may be performed in
response to those schemes are provided for both misappropriation of assets (Exhibit 25) and fraudulent financial
reporting (Exhibit 26). For misappropriation of assets, Exhibit 25 also lists the symptoms (also called red flags or
indicators) auditors may observe that indicate the presence of a particular fraud scheme. For fraudulent financial
reporting schemes presented in Exhibit 26, symptoms generally relate to fraud risk factors such as the desire to
understate unrestricted net assets to avoid potentially negative effects on fundraising. Those risk factors may
provide an incentive or pressure to manipulate the financial statements.
Conditional Transfers and Conditional Promises to Give
Under a conditional promise to give, the promisor is not bound until the occurrence of some future event (other than
the passage of time or demand from the organization). A promise or transfer of assets is also conditional if the
promisor or transferor has a right of return. A conditional promise to give generally is not recorded as a contribution
until the condition on which it depends is substantially met. A conditional transfer of assets to the organization is
generally recorded as a liability on the statement of financial position. However, according to Paragraph 22 of SFAS
No.116, the promise or transfer is accounted for as unconditional if the future event on which it depends has only
a remote chance of not occurring. For example, a promise to give based on the promisor receiving the organiza
tion's audited financial statements should be considered unconditional if the likelihood that the organization would
fail to submit the financial statements is remote.
If the promise contains vague stipulations that do not clearly indicate an unconditional promise to give, SFAS
No.116 (FASB ASC 9586052514) requires the promise to be treated as a conditional promise. For example, if a
corporation tells an organization it will give the organization $50,000 the next year depending upon the corpora
tion's operating results, the promise should be treated as a conditional promise. (In contrast to donorimposed
conditions, a donorimposed restriction specifies how or when an organization may use an unconditional contribu
tion.
Some nonprofit organizations are soliciting unusual pledges from their donors so that the organization is not
required to record contribution revenue when the pledge is received. For instance, assume that a nonprofit
organization receives a pledge to give $100,000 ($25,000 per month for four months) to be used under certain
specific conditions towards a summer jobs program. The nonprofit organization must submit monthly reports
tracking progress towards the donor's conditions. The donor determines if sufficient progress is made towards the
306

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

specific conditions and may choose to discontinue paying the pledge at any time. Some accountants argue that
this is an exchange transaction since the donor organization is basically purchasing" specific services that it wants
by listing the specific conditions. Other accountants would argue that it is a conditional promise to give, and the
conditions represent donor conditions. In either case, the pledge is not an unconditional promise to give, and any
funds received in advance of the nonprofit organization successfully meeting the donor's conditions would be
recorded as a liability on the organization's financial statements. Auditors should carefully review any donor
agreements to ensure that the transactions are properly accounted for.
Intentions to Give
Depending on the transaction, a donor may indicate an intention, rather than a promise, to give. For example,
assume that an organization receives a notification letter from a foundation that says We will consider giving your
organization $10,000 for the next year." That is an intention to give. An intention to give is not recorded unless it is
legally enforceable. Legally enforceable intentions to give should be accounted for like unconditional promises to
give.
In practice, it may be difficult to differentiate between an unconditional promise to give and an intention to give.
When determining whether it has received an unconditional promise or just an intention, an organization may
consider, among other things, whether any partial payments have been made, the written evidence and the words
contained therein (for example, promise to give as opposed to plan to give), whether a payment schedule exists,
and whether the organization has publicly announced the donation and has taken action to rely upon the promise.
The Audit Guide notes in Paragraph 5.51 that bequests included in wills are intentions to give because the donor
has the right to modify or change the will. The intention to give changes to an unconditional promise when the will
is validated after the donor's death (FASB ASC 9586055549 through 51).
Intentions to give may also occur when an organization solicits information from potential donors about what those
donors intend to give during the coming year (for example, religious organizations planning their annual budgets).
Those intentions may be documented on pledge cards that indicate the potential donor's information will be used
by the organization for budgeting purposes only. SFAS No.116 and the Audit Guide, Paragraph 5.51 (FASB ASC
9586052510), note that those pledges are intentions to give instead of promises to give and, therefore, should not
be recorded.
Agency or Intermediary Transactions
Some organizations act as intermediaries, simply distributing contributions from individual donors to local nonprofit
organizations. The Audit Guide, Paragraph 5.06, notes that organizations acting as agents or intermediaries have
little or no discretion in determining the use of assets transferred to them. The Audit Guide refers to Paragraphs
5254 in the Basis for Conclusions" section of SFAS No.116 for additional guidance in distinguishing contribu
tions from agency transactions. Paragraph 54 in that section (FASB ASC 9586055576) notes that organizations
generally are involved in receiving and making contributions if the donor allows them to establish and define the
programs that disburse cash or other assets to the organizations' beneficiaries. If the organization has discretion
over the use of the assets, the transaction is usually either a contribution or an exchange transaction. If the
organization does not have discretion, it is generally an agency or intermediary transaction, and SFAS No.116
does not apply. An example of an agency or intermediary transaction is when a donor gives money or goods to the
organization and tells the organization to deliver the money or goods to a specified third party.
Accounting Requirements. SFAS No.136 (FASB ASC 95820 and 958605), Transfers of Assets to a NotforProfit
Organization or Charitable Trust That Raises or Holds Contributions for Others, establishes standards for transac
tions in which a donor transfers assets to a recipient organization that is to (a)use the assets on behalf of or
(b)transfer those assets, the return on investment of those assets, or both to a beneficiary named by the donor. It
also establishes standards for similar transactions that are not contributions because the transfers are revocable or
reciprocal. SFAS No.136 (FASB ASC 95820 and 958605) does not address how a trustee should account for
assets that it holds and manages for a beneficiary under a trust agreement.
Accounting by a Recipient Organization for a Contribution. As a general rule, when a recipient organization accepts
assets from a donor and agrees to use those assets on behalf of a specified beneficiary or disburse those assets,
the return on investment on those assets, or both to that beneficiary, the recipient organization has not received a
307

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

contribution (FASB ASC 9586052533). Accordingly, it should recognize a liability to the specified beneficiary
when it recognizes the assets received from the donor. Those amounts should be measured at the fair value of the
assets received.
The following are three exceptions to that general rule:
If the donor explicitly grants the recipient the unilateral power (called variance power) to redirect the use
of the assets transferred to a beneficiary other than the one specified by the resource provider, the recipient
organization should account for the transfer as a contribution. The ability of the nonprofit organization to
exercise variance power must be referred to in the resource provider's communications to the nonprofit
organization at the time the assets are transferred. The variance power allows the nonprofit organization
to override the instructions it received from the resource provider and redirect the distribution of the assets
or income from them without approval from the resource provider, the specified beneficiary, or any other
party.
If a recipient organization receives a transfer for a specified beneficiary and (a)the recipient and the
beneficiary are financially interrelated and (b)the recipient organization is not a trustee, the recipient
organization should recognize contribution revenue. Nonprofit organizations are financially interrelated if
(a)one of the organizations has the ability to influence the other organization's operating and financial
decisions and (b)one of the organizations has an ongoing economic interest in the other organization's
net assets.
If a recipient organization that does not qualify for either of the previous two exceptions receives a
nonfinancial asset (such as a car or equipment), the recipient organization is permitted, but not required,
to recognize its liability to the specified beneficiary and the related assets in its financial statements.
Accounting by a Beneficiary for a Contribution. The specified beneficiary recognizes its right to financial and
nonfinancial assets held by a recipient organization as either (a)an interest in the net assets of the recipient
organization using the equity method of accounting (if the beneficiary and recipient are financially interrelated),
(b)a beneficial interest measured at fair value, or (c)a contribution receivable. If the recipient organization raised
the contribution in a fundraising activity and deducts a fee before remitting the net proceeds, according to AICPA
Technical Practice Aid TIS 6140.22, the beneficiary should report the contribution at the original amount contributed
by the donor, and the fee should be recorded as fundraising expense.
Accounting for Transfers That Are Not Contributions. SFAS No.136 (FASB ASC 9586052533) also describes
several circumstances in which transfers of assets to recipient organizations are not contributions to either the
recipient organization or the beneficiary. Those transfers are accounted for as an asset by the resource provider
and as a liability by the recipient organization (such as a refundable advance) because the transfer is revocable or
reciprocal. Those types of transfers include the following:
The transfer remains subject to the resource provider's unilateral right to redirect the use of the assets to
another beneficiary.
The transfer includes a conditional promise to give from the resource provider or is otherwise revocable
or repayable.
The resource provider controls the recipient organization and the resource provider specifies an
unaffiliated beneficiary.
The resource provider or its affiliate is specified as the beneficiary and the transfer is not an equity
transaction.
Accounting for Equity Transfers. A transfer is an equity transaction if it includes all of the following:
The beneficiary is the resource provider or its affiliate.
The resource provider and recipient are financially interrelated.
308

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

The resource provider and its affiliate do not expect payment of the transferred assets. However, they may
expect payment of investment return on the transferred assets.
If the resource provider names itself as the beneficiary, it records the equity transaction as an interest in the net
assets of the recipient organization. If the resource provider's affiliate is named as the beneficiary, the resource
provider reports the equity transaction as a separate line on its statement of activities and the affiliate records an
interest in the net assets of the recipient organization. The recipient organization reports an equity transaction as a
separate line on its statement of activities.
Auditing Considerations. Auditors should review agency transactions and any related agreements to determine
the appropriate recording in the financial statements. SFAS No.136 affects many federated fundraising organiza
tions and foundations established as fundraising arms for other nonprofit organizations. Auditors should carefully
review fundraising solicitations and contribution documents to ensure that the nonprofit organization has properly
accounted for agency transactions.
Splitinterest Agreements
Nonprofit organizations receive contributions from donors in many different forms. Splitinterest agreements are
contributions shared by the nonprofit organization and other beneficiaries. A splitinterest agreement is created
when a donor contributes assets directly to a nonprofit organization or places them in a trust for the benefit of the
nonprofit organization.
Types of Splitinterest Agreements. Five of the more common types of splitinterest agreements are:
Charitable lead trusts.
Perpetual trusts held by third parties.
Charitable remainder trusts.
Charitable gift annuities.
Pooled (life) income funds.
Those five types are described in more detail in the following paragraphs.
Charitable Lead Trusts. Under a charitable lead trust agreement, a donor establishes a trust naming the nonprofit
organization as beneficiary. The nonprofit organization receives distributions from the trust until the termination of
the agreement, at which time the remaining assets in the trust are paid out to the donor or another beneficiary
named by the donor. The donor may or may not restrict the use of the assets distributed to the nonprofit organiza
tion. Charitable lead trusts generally take the following two forms:
Charitable Lead Annuity Trusts (CLATs). Under this type of charitable lead trust, the nonprofit organization
periodically receives a specific dollar amount from the trust.
Charitable Lead Unitrusts (CLUTs). Under this type of charitable lead trust, the nonprofit organization
periodically receives a distribution of a fixed percentage of the trust's fair market value determined each
year.
Perpetual Trust Held by a Third Party. Some donors establish and fund a trust administered by an individual or
organization other than the nonprofit beneficiary. In a perpetual trust held by a third party, the nonprofit organization
has an irrevocable right to receive the income from the trust's assets in perpetuity. However, the organization will
never receive the trust's assets. In addition, the donor may restrict the use of the distributions paid by the trust.
Charitable Remainder Trust. Charitable remainder trusts are splitinterest agreements in which a nonprofit benefi
ciary receives its interest in the donated assets after the donor or another beneficiary has received benefits for a
specified time period. The donor establishes and funds the trust and specifies a beneficiary to receive distributions
309

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

over the life of the splitinterest agreement. At the termination of the agreement, the remaining assets in the trust
pass to the nonprofit organization for its use. The donor may place temporary or permanent restrictions on the
assets transferred to the nonprofit organization.
Charitable remainder trusts generally take one of the following forms:
Charitable Remainder Annuity Trusts (CRATs). Under this type of charitable remainder trust, distributions
to the beneficiary are for a specified dollar amount.
Charitable Remainder Unitrusts (CRUTs). Under this type of charitable remainder trust, the beneficiary
receives a stated percentage of the fair market value of the trust, determined annually. In some cases, the
donor limits the CRUT distributions to the lesser of the actual amount earned or the stated distribution
percentage.
Obligations to the beneficiaries under either CRATs or CRUTs are limited to the assets in the trust.
Charitable Gift Annuity. A charitable gift annuity is like a charitable remainder annuity trust in that a donor contrib
utes assets in exchange for distributions of a fixed amount for a specified period of time to the donor or other
beneficiaries. Unlike a charitable remainder annuity trust, however, no trust is established under a charitable gift
annuity arrangement. Rather, the assets are contributed directly to the nonprofit organization and are held as
general assets of the organization, and the related annuity liability is recorded as a general obligation of the
organization.
Pooled (Life) Income Fund. Pooled (or life) income funds are those arrangements in which a nonprofit organization
pools, invests, and manages life income gifts from many different donors. The funds are unitized and donors are
assigned a specific number of units based on the relationship of the fair value of their contribution to the fair value
of the pool as a whole at the time the donor enters the pool. During the term of the life income gifts, the donor, or
beneficiaries specified by the donor, receives the actual income earned on the donor's units in the pool. Income"
is defined under the splitinterest agreement covering the arrangement. When the donor dies, the donor's units
revert to the nonprofit organization. Net income unitrusts are similar to pooled life income funds, and, accordingly,
are accounted for similarly.
Accounting for Revocable Splitinterest Agreements. Upon notification of or receipt of assets under a splitinter
est agreement, the nonprofit organization should determine whether the agreement is revocable or irrevocable. If
the agreement is revocable (that is, the donor can cancel the agreement), it should be treated as an intention to
give. An intention to give should not be recorded as a contribution unless it is legally enforceable. (However, an
intention to give may be disclosed in the notes to the financial statements.)
Any assets transferred to the nonprofit organization under a revocable splitinterest agreement should be recorded
at fair value by debiting assets and crediting a refundable advance (a liability). If the transferred assets are debt
securities or equity securities with readily determinable fair values, they should be initially recognized at fair value,
and future changes in the carrying value of assets received should be recognized as adjustments to the recorded
assets and the related refundable advance.
If income generated by the assets held is not available for the organization's unconditional use, it should be
recognized as an increase in the refundable advance. If the income is available for the organization's unconditional
use, it should be recognized when received or receivable as unrestricted, temporarily restricted, or permanently
restricted contribution revenue, depending on the existence or absence of donor restrictions. Assets received
under a revocable splitinterest agreement should be recognized as contribution revenue only when the organiza
tion's rights to the assets become irrevocable or the assets become available to the organization for its uncondi
tional use, whichever occurs first.
Accounting for Irrevocable Splitinterest Agreements. Contributions received by nonprofit organizations under
irrevocable splitinterest agreements should be recorded at their fair value when received. The date when an
organization is considered to receive an irrevocable splitinterest agreement often depends on whether the organi
zation or a third party is the trustee for the agreement. If the organization is the trustee or fiscal agent of the assets,
the gift is considered received (and the splitinterest agreement should be recorded) when the donor executes the
310

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

agreement. If an unrelated third party (such as a bank, trust company, or private individual) is the trustee or fiscal
agent of the assets, the nonprofit organization should record the splitinterest agreement when it is notified of the
gift's existence.
Initially Recording the Agreement. Whether the nonprofit organization or a third party is the trustee or otherwise
controls the contributed assets affects both when a nonprofit organization should record the splitinterest agree
ment and how the agreement should be recorded.
A Third Party Is Trustee. If the assets contributed under an irrevocable splitinterest agreement are held or
controlled by a third party, SFAS No.136, Transfers of Assets to a NotforProfit Organization or Charitable
Trust That Raises or Holds Contributions for Others (FASB ASC 958303011), requires that the nonprofit
organization recognize its beneficial interest in the assets. If the nonprofit organization (beneficiary) has an
unconditional right to receive all or a portion of the specified cash flows from an unidentifiable pool of assets
(such as a charitable trust), contribution revenue and the beneficial interest in the assets should be
measured at fair value. Present value techniques are one valuation technique for measuring the fair value
of the contribution and the beneficial interest; other valuation techniques also are available as described
in SFAS No. 157 (FASB ASC 820.10). If present value techniques are used, the contribution revenue and
the beneficial interest in trust would be measured at the present value of the estimated future distributions
the nonprofit organization expects to receive over the splitinterest agreement's term or upon termination
of the agreement.
The Organization Is Trustee. If the nonprofit organization holds or controls the assets contributed under an
irrevocable splitinterest agreement, it should (a)record the assets received at their fair value, (b) record
a liability for any portion of the assets that are held for the donor or other beneficiary at fair value (if a present
value technique is used, fair value should generally be measured at the present value of the expected future
payments to be made to the donor or other beneficiary), and (c)record contribution revenue for the
difference between the fair values of the assets received and the liability incurred.
If the nonprofit organization has a remainder interest in the assets, the present value of future payments
to be made to the donor or other beneficiaries often can be computed directly from the splitinterest
agreement's terms. However, if the nonprofit organization has a lead interest, the best estimate of the
liability for amounts due to the donor or other beneficiaries may be the difference between the fair value
of the assets contributed and the fair value of the benefits to be received by the nonprofit organization.
As a general rule, contribution revenue recognized under splitinterest agreements should be classified as tempo
rarily restricted. SFAS No.116 (FASB ASC 958605455) states that contributions of assets to be received in the
future carry an implied time restriction and thus are classified as temporarily restricted contribution revenue unless
the donor stipulates otherwise. However, some explicit donor stipulations result in classifying the splitinterest
agreement contribution revenue as permanently restricted or unrestricted. For example, if the donor places a
permanent restriction on the nonprofit organization's use of its beneficial interest in the agreement's assets (such
as with a perpetual trust held by a third party or a splitinterest gift that creates a permanent endowment upon the
beneficiary's death), the contribution would be classified as an increase in permanently restricted net assets. If the
donor stipulates that the nonprofit organization has an immediate, unrestricted right to its interest in the agree
ment's assets (such as with a charitable gift annuity where the donor does not restrict the use of the assets and
neither the splitinterest agreement nor state law require the organization to invest the assets received until the
income beneficiary's death), the contribution would be classified as an increase in unrestricted net assets.
SFAS No.136 (FASB ASC 958605159), does not apply to splitinterest agreements if the nonprofit organization
is both a trustee and a beneficiary. Paragraph 80 of SFAS No.136 notes that the Statement does not establish
standards for trustees and instead refers to Chapter6 of the Audit Guide. SFAS No.136 (FASB ASC 9586052530
and 31) does establish standards for the beneficiaries of trusts held by others.
Recording Changes in Value during the Agreement's Term. After initially recognizing the splitinterest agreement, a
nonprofit organization will need to recognize transactions and events during the agreement term in its statement of
activities. According to the Audit Guide, Paragraphs6.12.14, the accounting for the agreement during its term

311

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

varies depending on whether the nonprofit organization or a third party is the trustee or otherwise controls the
contributed assets.
a. A Third Party Is Trustee. If assets contributed under an irrevocable splitinterest agreement are held or
controlled by a third party, the organization should recognize changes in the fair value of its beneficial
interest using the same valuation technique that it initially used to measure the beneficial interest. When
measuring fair value using present value techniques, all of the elements of the present value measurement,
including the discount rate, should be revised to reflect current market conditions (FASB ASC 82010555;
95830553).
b. The Organization Is Trustee. If the organization holds or controls the assets contributed under an
irrevocable splitinterest agreement, the measurement of the liability will change as a result of (1)
amortization of the discount set up to record the benefits to be received at fair value and (2) revaluations
of the expected future payments to the beneficiaries based on changes in life expectancy and other
actuarial assumptions. Generally, the rate used to determine the discount should not change after initially
recognizing the splitinterest agreement unless the measurement objective is fair value. Thus, typically the
discount should only be adjusted for current period amortization. However, if the liability being measured
is the obligation for a splitinterest agreement with a term of a number of years, or a combination of life
expectancy and a number of years, the splitinterest agreement may contain an embedded derivative
instrument that requires the discount rate assumptions used in any present value calculations to be revised
to reflect current market conditions (FASB ASC 95830354 and 356).
The discount rate is determined at the time the contribution is initially recognized. That rate should not be
subsequently revised unless the measurement objective is fair value. Currently, there are four situations that require
fair value to be used in subsequent measurements as follows:
A beneficial interest in a trust held by a thirdparty trustee. SFAS No. 136 (FASB ASC 9586053014;
958303011) requires that fair value be used to measure and remeasure a beneficial interest in the cash
flows from a charitable trust held by a thirdparty trustee.
A derivative embedded in a splitinterest gift if that embedded derivative is subject to the measurement
provisions of SFAS No. 133, as amended, Accounting for Derivative Instruments and Hedging Activities
(FASB ASC 815).
A splitinterest obligation that contains an embedded derivative if the organization has irrevocably elected
to measure the obligation in its entirety at fair value in conformity with SFAS No. 133, as amended, (FASB
ASC 8151525).
The organization elects the fair value option as prescribed by SFAS No. 159, The Fair Value Option for
Financial Assets and Financial Liabilities (FASB ASC 82510), for recording splitinterest agreements. (This
option would result in the same treatment as that prescribed by SFAS No. 155.)
When measuring fair value using present value calculations, all assumptions, including the discount rate, should be
revised at each measurement date to reflect current market conditions. Thus, if a beneficial interest in a trust held
by a thirdparty trustee or the embedded derivative in a splitinterest gift is measured at fair value and a present
value technique is used, the discount rate should be adjusted to reflect current market conditions.
The transactions and events that must be recorded during the term of the splitinterest agreement should be
recorded as increases or decreases to the assets and liabilities recorded under the agreement, with a correspond
ing amount recorded as a change in the value of splitinterest agreements in the statement of activities. The amount
recognized in the statement of activities should be classified as unrestricted, temporarily restricted, or permanently
restricted depending on the classification used when the contribution was initially recorded.
A nonprofit organization serving as trustee or fiscal agent for the assets covered by the agreement also should
recognize income earned on assets, gains and losses on sales of assets, and distributions to other beneficiaries.
The transactions should be reflected on the organization's statement of financial position, statement of activities,
and statement of cash flows.
312

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Accounting for the Termination of the Agreement. At the end of the splitinterest agreement's term, an amount
necessary to reduce to zero all assets and liabilities related to the agreement should be recognized in the statement
of activities as changes in the value of splitinterest agreements. That amount should be classified as unrestricted,
temporarily restricted, or permanently restricted, as appropriate. Any distributions previously received under the
terms of the agreement that become available to the nonprofit organization for its unrestricted use when the
agreement terminates should be reclassified from temporarily restricted to unrestricted net assets.
Internal Control Considerations. The nonprofit organization should establish accounting records and procedures
adequate to identify, record, and segregate cash, investments, and other assets received under splitinterest
agreements and payments required and distributed to beneficiaries. In addition, procedures should be in place to
ensure that the organization records all income that it should receive under those agreements. If the nonprofit
organization serves as the trustee or otherwise controls the contributed assets, the organization also must consider
whether the assets are sufficient to make the required payments to the donor or other designated beneficiaries. For
example, under a charitable remainder trust or a charitable gift annuity, the amount payable to the annuitant may be
a fixed dollar amount and thus would not vary with the actual income earned on the contributed assets. If the
earnings were less than the required annuity payments, some of the originally contributed assets would be used to
make the required annuity payments. This would leave fewer assets to earn income for future annuity payments
and to be available for the organization at the end of the trust or annuity agreement term. The accounting records
and procedures also should be adequate to facilitate monitoring of compliance with related restrictions (including,
possibly, also restrictions or regulations by local governmental agencies relating to annuity arrangements) and the
termination of payments. Separate registers and files may be maintained for each gift to record the related assets,
liabilities, and activity and to maintain copies of the gift agreements, correspondence with the donors and benefi
ciaries, etc.
Auditing Considerations. Audit procedures include reading the gift agreements and correspondence with trust
ees and donors; obtaining an understanding of the organization's accounting policies for measuring splitinterest
agreements (such as whether the organization has elected to measure the agreements at fair value, determining
whether the splitinterest agreement contains an embedded derivative; reviewing minutes of the meetings of the
board of directors for unrecorded splitinterest agreements; determining that the assets received and the income
earned on the assets are appropriate and are properly recorded; and testing the computation, recording, and
payment of the income to the beneficiaries.
One way to test the investments and income earned on those investments held by a trustee is to review the
applicable trustee statements and to vouch the disbursements made by the trustee. A discussion follows of
considerations concerning using confirmations for beneficial interests held by a trustee. If a service organization
processes payments to beneficiaries or serves as a trustee for investments held under splitinterest agreements,
the auditor should consider the guidance on service organizations to test the valuation of the investments.
To test the liability for expected future payments to be made to others, the auditor may review actuary reports
supporting any present value computations of the expected future payments. Life expectancy and interest rate
tables can be referred to. It may be necessary to consider SAS No.73 (AU336), Using the Work of a Specialist,
when using actuarial reports to support any calculations of the present value of the expected future payments.
Finally, the auditor should consider whether payments to beneficiaries have been discontinued if the termination
date has beenreached and whether the related resources have been properly accounted for, for example, by
reclassification to unrestricted net assets.
Beneficial Interests Held By A Trustee. An auditing interpretation at AU 9328.1, Auditing Interests in Trusts Held by
a ThirdParty Trustee and Reported at Fair Value," states that in circumstances in which the auditor determines that
auditing procedures should include verifying the existence and testing the measurement of a beneficial interest in
a trust, the auditor may not limit testing to simply receiving a confirmation from the trustee. The interpretation
explains that
A confirmation that provides information on the underlying investments of the trust on an investmentby
investment basis (e.g., 50 shares of BBB Company common stock) constitutes adequate evidence of the
existence of the beneficial interest, but not of its fair value.

313

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

A confirmation that provides information in the aggregate about the underlying investments (e.g., total trust
investments are $250,000) does not provide adequate evidence of either the existence or the valuation of
the beneficial interest.
A confirmation that provides information about categories of investments (e.g., $30,000 of domestic
common stocks, $75,000 of domestic corporate bonds, and $110,000 of U.S. Treasury bonds) does not
provide adequate evidence of either the existence or the valuation of the beneficial interest.
The interpretation notes that management is responsible for making fair value measurements. However, depending
on the nature of the underlying investments, it may be difficult for management to obtain the information required
by the interpretation. If the auditor is unable to audit the existence or valuation of beneficial interests in trusts at the
financial statement date, the auditor should consider whether that scope limitation requires the auditor to either
qualify an opinion or to disclaim an opinion.

314

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
12. Which of the following would be considered a contribution to a nonprofit organization?
a. Unconditional promises to give in the future
b. Grants qualifying as an exchange transaction
c. Unconditional intentions to give in the future
d. Agency transactions
13. Union college receives a grant for $50,000 in 2009 and immediately spends $28,000 in accordance with the
grant. The remainder of the grant is to be spent in 2010 and 2011. Assuming relevant conditions are met, how
much of the grant can be shown as unrestricted in the statement of activities for 2009?
a. $0
b. $22,000
c. $28,000
d. $50,000
14. SFAS 117 allows special events to be reported at net amounts in the statement of activities if they are major
ongoing activities.
a. True
b. False
15. Which of the following is not one of the ways an auditor should normally obtain evidence concerning the
existence and nature of restrictions placed on a contribution?
a. Review of organizational minutes
b. Interviewing client personnel
c. Review of client agreements with donor
d. Interviewing client donor
16. Which of the following statements is correct concerning promises to give?
a. Conditional promises to give are recorded as revenue when they are received from the donor.
b. Unconditional restricted promises to give are recorded as revenue when restrictions are met.
c. Unconditional promises to give may be unrestricted or restricted, depending on donor stipulations.
d. Any restricted promise to give will become unrestricted no later than ten years after the initial contribution.

315

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

17. Under SFAS 116 and the Audit Guide, which of the following may be used to record an unconditional promise
to give a noncash asset when collection is expected to occur more than one year after the date of the promise?
a. The projected fair value of the noncash assets at the date they are expected to be received.
b. The discounted future value of the noncash assets from the date the promise is received.
c. The present value of the noncash assets as of the date the unconditional promise is received.
d. The future value of the noncash assets as of the date the assets are expected to be collected.
18. The amortization of the discount on a conditional promise to give should be recorded:
a. as an operating expense
b. as contribution revenue
c. as interest income
d. as other expense
19. River Community College received an unconditional promise to donate Verde, improved property worth
$100,000, in Year 1 with collection to occur in Year 5. In Year 2, a fire destroyed the building located on the
property; this reduced the value of the property by $75,000. The contributions revenue was recorded in Year
1. How should the reduction in value be handled in Year 2?
a. Record the reduction as a bad debt loss.
b. Increase the allowance for uncollectibles.
c. Reduce the amount of contributions revenue.
d. Record the reduction as bad debt expense.
20. Which of the following is not an internal control consideration regarding promises to give?
a. Unconditional promises to give must be in writing prior to recording.
b. Valuation of promises to give should be periodically reassessed.
c. Conditional promises should be recorded when they become unconditional.
d. Conditional promises should be disclosed in the notes to the financials.
21. Prairie Junior College receives a promise to give $100,000 based on the donor's receipt of the college's annual
audited financial statement for the year just ended. How should this promise be reflected by the college?
a. Recorded as an unconditional promise
b. Disclosed as a conditional promise
c. Recorded as a conditional promise
d. Recorded as a temporarily restricted promise

316

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

22. Johnson Company annually selects from among applicants (children of its employees) for scholarships. The
funds are paid directly to the successful applicant's choice of accredited institution of higher learning,
stipulating the individual for whom they are to be used. As far as Bearkat University is concerned, any funds
so received will be considered
a. a designated transaction.
b. temporarily restricted.
c. an intermediary transaction.
d. permanently restricted.

317

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
12. Which of the following would be considered a contribution to a nonprofit organization? (Page 295)
a. Unconditional promises to give in the future [This answer is correct. An unconditional, voluntary,
nonreciprocal transfer of assets would be considered a contribution even though it involves a
promise to perform in the future.]
b. Grants qualifying as an exchange transaction [This answer is incorrect. Exchange transactions are
reciprocal transfers and are not considered contributions.]
c. Unconditional intentions to give in the future [This answer is incorrect. An intention is a nonbinding
expression of interest and is not considered a contribution.]
d. Agency transactions [This answer is incorrect. In an agency transaction, the nonprofit organization acts
as an intermediary. This type of transaction is not considered a contribution.]
13. Union college receives a grant for $50,000 in 2009 and immediately spends $28,000 in accordance with the
grant. The remainder of the grant is to be spent in 2010 and 2011. Assuming relevant conditions are met, how
much of the grant can be shown as unrestricted in the statement of activities for 2009? (Page 296)
a. $0 [This answer is incorrect. At least some of the grant restrictions were satisfied by the end of 2009.]
b. $22,000 [This answer is incorrect. Grant restrictions have not been satisfied for these funds.]
c. $28,000 [This answer is correct. Grant restrictions were satisfied for these funds and they were
spent in the same year as that of the grant. The remainder should be classified as temporarily
restricted.]
d. $50,000 [This answer is incorrect. Grant restrictions were not satisfied in full during 2009.]
14. SFAS 117 allows special events to be reported at net amounts in the statement of activities if they are major
ongoing activities. (Page 296)
a. True [This answer is incorrect. Incidental activities may be reported at net amounts.]
b. False [This answer is correct. Revenue and expense of major ongoing special event activities should
be reported at gross amounts.]
15. Which of the following is not one of the ways an auditor should normally obtain evidence concerning the
existence and nature of restrictions placed on a contribution? (Page 298)
a. Review of organizational minutes [This answer is incorrect. A review of organizational minutes can provide
insight as to restrictions that may exist concerning a particular contribution and thereby help the auditor
understand how the contribution should be reported on the financial statements.]
b. Interviewing client personnel [This answer is incorrect. Client personnel can sometimes provide anecdotal
or other evidence that may prove useful in an audit. For instance, details of conversations that occurred
between client personnel and donor personnel subsequent to the contribution may clarify certain aspects
of the terms and conditions of the contribution that might otherwise not be apparent.]
c. Review of client agreements with donor [This answer is incorrect. A review of client agreements with the
donor normally helps the auditor understand the terms of the contribution and can reveal evidence of
restrictions placed on the contribution.]
318

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

d. Interviewing client donor [This answer is correct. Auditor communication with the client donor is
normally by way of confirmation.]
16. Which of the following statements is correct concerning promises to give? (Page 302)
a. Conditional promises to give are recorded as revenue when they are received from the donor. [This answer
is incorrect. Conditional promises to give are recorded as revenue when the stipulated conditions are
substantially satisfied.]
b. Unconditional restricted promises to give are recorded as revenue when restrictions are met. [This answer
is incorrect. Unconditional restricted promises to give are recorded as revenue when received.]
c. Unconditional promises to give may be unrestricted or restricted, depending on donor stipulations.
[This answer is correct. Further, TIS 6140.03 indicates that time restrictions lapse and related
restricted promises to give become unrestricted when the promise to give becomes due.]
d. Any restricted promise to give will become unrestricted no later than ten years after the initial contribution.
[This answer is incorrect. Some contributions, such as endowments, are considered permanent restricted
funds.]
17. Under SFAS 116 and the Audit Guide, which of the following may be used to record an unconditional promise
to give a noncash asset when collection is expected to occur more than one year after the date of the promise?
(Page 303)
a. The projected fair value of the noncash assets at the date they are expected to be received. [This answer
is incorrect. A discounted value must be derived from this amount.]
b. The discounted future value of the noncash assets from the date the promise is received. [This answer is
incorrect. The calculation would be based on the date the noncash assets are expected to be collected.]
c. The present value of the noncash assets as of the date the unconditional promise is received. [This
answer is correct. This may be used when the fair value at the date of the promise is considered the
best estimate of the future value. In this case, no discount would be recorded.]
d. The future value of the noncash assets as of the date the assets are expected to be collected. [This answer
is incorrect. This amount must be discounted.]
18. The amortization of the discount on a conditional promise to give should be recorded: (Page 304)
a. as an operating expense [This answer is incorrect. Amortization of the discount on a conditional promise
to give is not an operating expense item.]
b. as contribution revenue [This answer is correct. Amortization of the discount stems from changes
in present value as the promised date of the contribution approaches. This should be recorded as
contribution revenue rather than interest income.]
c. as interest income [This answer is incorrect. Amortization of the discount concerns changes in present
value of the assets underlying a promise to give. These changes should not be recorded as interest
income.]
d. as other expense [This answer is incorrect. Other expense is normally reserved for items not normally
charged as operating expense. It would be inappropriate to record amortization of the discount on a
conditional promise to give as other expense.]

319

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

19. River Community College received an unconditional promise to donate Verde, improved property worth
$100,000, in Year 1 with collection to occur in Year 5. In Year 2, a fire destroyed the building located on the
property; this reduced the value of the property by $75,000. The contributions revenue was recorded in Year
1. How should the reduction in value be handled in Year 2? (Page 303)
a. Record the reduction as a bad debt loss. [This answer is correct. Based on guidance from SFAS 117
and TIS 6140.09, the reduction in the value of the asset underlying the unconditional promise should
be recorded as a bad debt loss, and thereby be reflected as a decrease in unrestricted net assets.]
b. Increase the allowance for uncollectibles. [This answer is incorrect. The allowance for uncollectibles
account would not normally be involved in a writedown related to a specific loss in value of an asset
underlying an unconditional promise.]
c. Reduce the amount of contributions revenue. [This answer is incorrect. The initial revenue was recorded
in the previous year. AICPA Practice Aid TIS 6140.09 advises that subsequent reductions for losses in the
value of assets supporting an unconditional promise to pay cannot be netted against contributions
revenue.]
d. Record the reduction as bad debt expense. [This answer is incorrect. AICPA TIS 6140.09 indicates that
such a reduction should not be charged to bad debt expense.]
20. Which of the following is not an internal control consideration regarding promises to give? (Page 305)
a. Unconditional promises to give must be in writing prior to recording. [This answer is correct. SFAS
116 requires verifiable documentation of the unconditional promise to give prior to recording, but
does not specifically require that the promise itself be in writing.]
b. Valuation of promises to give should be periodically reassessed. [This answer is incorrect. Valuation
methods, underlying assumptions, and changes in conditions related to valuations should all be reviewed
to determine continued validity and reasonability of the resulting valuations.]
c. Conditional promises should be recorded when they become unconditional. [This answer is incorrect.
Only unconditional promises should be recorded in the financials; however, conditional promises should
be monitored to ensure recording of revenue as conditions are met.]
d. Conditional promises should be disclosed in the notes to the financials. [This answer is incorrect.
Disclosure of conditional promises is appropriate until they become unconditional.]
21. Prairie Junior College receives a promise to give $100,000 based on the donor's receipt of the college's annual
audited financial statement for the year just ended. How should this promise be reflected by the college?
(Page 306)
a. Recorded as an unconditional promise [This answer is correct. Under SFAS 116, the promise will
be recorded as unconditional since there is only a remote possibility that the college will not comply
with the donor's stipulation.]
b. Disclosed as a conditional promise [This answer is incorrect. It is unlikely that the college will not comply
with the donor's stipulation.]
c. Recorded as a conditional promise [This answer is incorrect. Conditional promises are not recorded.]
d. Recorded as a temporarily restricted promise [This answer is incorrect. The condition stipulated by the
donor does not constitute a restriction.]

320

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

22. Johnson Company annually selects from among applicants (children of its employees) for scholarships. The
funds are paid directly to the successful applicant's choice of accredited institution of higher learning,
stipulating the individual for whom they are to be used. As far as Bearkat University is concerned, any funds
so received will be considered (Page 307)
a. a designated transaction. [This answer is incorrect. Designated funds originate with the nonprofit
governing board, and are set asides" devoted to particular purposes. These funds may also be
undesignated" by governing board action.]
b. temporarily restricted. [This answer is incorrect. Johnson's conditions do not constitute a temporary
restriction as considered in the Audit Guide.]
c. an intermediary transaction. [This answer is correct. The nonprofit has little or no control over the
use of the funds. They are acting as an agent or intermediary for Johnson Company.]
d. permanently restricted. [This answer is incorrect. An endowment, where only the interest may be used by
the nonprofit donee, would be an example of a permanent restriction.]

321

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT
Lesson 1 (NPOTG093)
Determine the best answer for each question below. Then mark your answer choice on the Examination for CPE
Credit Answer Sheet located in the back of this workbook or by logging onto the Online Grading System.
1. How many basic components are required by SFAS 117 for the external financial statements of a voluntary
health and welfare organization?
a. 1
b. 2
c. 3
d. 4
2. Which of the following pronouncements give the most specific guidance for auditing fair value measurements
of certain nonprofit transactions?
a. SAS 101 Auditing Fair Value Measurements and Disclosures
b. SAS 116 Accounting for Contributions Received and Contributions Made
c. SAS 117 Financial Statements of NotforProfit Organizations
d. SAS 157 Fair Value Measurements
3. Which of the following statements is correct concerning auditor testing of client valuations?
a. SAS 101 does not require individual assumptions to be realistic, so long as the assumptions when taken
as a whole are realistic.
b. Independent fair value estimates should be evaluated against client estimates even when developed by
valuation specialists.
c. The entity's past experience cannot be used to accurately predict future results and should therefore not
be considered.
d. SAS 101 considers management expectations to be speculative and therefore should be disregarded.
4. Under SFAS 157, fair value is based on:
a. exit price.
b. entry price.
c. dollarcost averaging.
d. market price indexes.
5. Which of the following statements is correct concerning bank confirmations and bank reconciliations review
in a nonprofit audit?
a. The auditor should be able to limit bank confirmations to one primary account.
b. Electronic bank confirmations are not considered reliable audit evidence.
c. The bank statement may form part of an alternative to cancelled checks.
d. Contacting individual payees is not feasible during reviews of bank reconciliations.
322

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

6. SIPC insurance should be treated as analogous to private insurance when determining disclosure of credit risk
on cash deposits.
a. True
b. False
c. Do not select this answer choice
d. Do not select this answer choice.
7. Which of the following would be considered as underauditing cash or is noted in the text as a common cash
underauditing tendency?
a. Vouching outstanding checks to test outstanding check list completeness
b. Workpaper inefficiencies from routinely preparing interbank transfer schedules
c. Performing lapping procedures in absence of identified fraud risk
d. Testing immaterial cash accounts
8. Which of the following would be considered a symptom of cash fraud leading to an employee theft of cash?
a. Inadequate segregation of duties
b. Recording current cash receipts as belonging to a fiscal period already ended
c. Disbursing checks after the fiscal period in which they were recorded
d. Positive Pay
9. Which of the following statements is correct concerning SFAS 124 reporting requirements for certain
investments?
a. Disclosure requirements of SFAS 5 also apply.
b. Valuations must be determined as of the end of the reporting period.
c. Disclosure requirements of SOP 946 also apply.
d. The statement of activities must include gains and losses except for unrealized losses.
10. Unless otherwise required, nonprofit organizations other than colleges and universities or voluntary health and
welfare organizations should report other investments at:
a. greater of cost or fair value.
b. historic cost.
c. lower of cost or fair value.
d. fair value for hedges or bifurcated cost for other derivatives.

323

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

11. Which authoritative pronouncement is most closely associated with auditing of hedging activity, derivatives,
and securities investments?
a. SAS 92
b. SFAS 124
c. SAS 73
d. SOP 943
12. The Board of Regents set aside $200,000 in current revenue from each of the next three years for a special
project. How should these funds be classified on the financial statements for the university?
a. Unrestricted
b. Designated
c. Temporarily restricted
d. Permanently restricted
13. A $1,000 per plate rubber chicken" dinner has been scheduled as a fund raiser for the local museum. Because
of a potential scheduling conflict, the tickets are refundable if the entertainer is unable to perform at the event.
How should ticket receipts be booked prior to the event?
a. General revenue
b. Contributions revenue
c. Deferred contributions
d. Advance liability
14. FASB Interpretation No. 45 applies only to the guarantor concerning the initial recognition of guarantees.
a. True
b. False
c. Do not select this answer choice
d. Do not select this answer choice
15. Donor complaints and unexplained increases in promises to give aging balances may be evidence of:
a. False writeoffs
b. Theft of noncash assets
c. Theft by lapping
d. Failure to remit donations from direct solicitations

324

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

16. Which of the following statements is correct concerning a promise to give cash in five annual installments?
a. An allowance for uncollectibles should be reflected with the initial recording.
b. The promise to give should be recorded at the future value of the cash flows.
c. The organization may elect a fair value option for recording the promise to give.
d. The discount rate should be adjusted each reporting period for market changes.
17. Under SFAS No. 116, unconditional promises to give noncash assets that are expected to be collected in less
than one year from the promise date should be recorded at net realizable value.
a. True
b. False
c. Do not select this answer choice
d. Do not select this answer choice
18. Which of the following statements is correct concerning changes in value of noncash assets to be received?
a. Increases in fair value of promised publiclytraded debt securities should not be reflected on the nonprofit
organization's financial statements.
b. Decreases in fair value of promised noncash other" assets should not be recorded by the nonprofit
organization.
c. Decreases in fair value of promised publiclytraded equity securities should be recorded as a net
unrealized loss on investments.
d. Decreases in fair value of promised noncash assets can result in negative contributions revenue being
reported.
19. River Community College received an unconditional promise to donate Verde, improved property worth
$100,000, in Year 1 with collection to occur in Year 5. The contributions revenue was recorded in Year 1. In Year
2, a fire destroyed the building located on the property; this reduced the value of the property by $75,000 and
River Community College recorded a loss to recognize the decrease in value of the assets underlying the
unconditional promise. In Year 3, a strip mall valued at $200,000 was built on the property. How should the
increase in value be handled in Year 3?
a. Decrease bad debt loss.
b. Increase contributions revenue.
c. Decrease bad debt loss and increase contributions revenue.
d. Do not select this answer choice.
20. How are the following promises to give reflected in the financial statements?
a. Unconditional: recorded; conditional: disclosed
b. Unconditional: recorded; conditional: recorded
c. Unconditional: disclosed; conditional: recorded
d. Unconditional: disclosed; conditional: disclosed
325

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

21. Rush University receives a promise to give from Troy Ltd for $48,000. Troy will pay $4,000 each month toward
the university's work study program conditional upon the university meeting certain conditions and submitting
certain reports. Troy has the right to assess progress toward stipulated goals and can withdraw from further
contributions at any time. How should advance funds paid by Troy be reflected on the university's financials?
a. Recorded as a liability
b. Recorded as unconditional
c. Recorded as temporarily restricted
d. Do not select this answer choice
22. Which of the following should be recorded by the nonprofit as a liability on the nonprofit's financials?
a. An agency or intermediary transaction
b. A transaction granting the nonprofit variance power
c. A transaction involving an interrelated recipient and beneficiary
d. A transaction involving certain nonfinancial assets and a specified beneficiary

326

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Lesson 2:OTHER ACTIVITIES RELATED TO
NONPROFITS AND THEIR FINANCIALS
INTRODUCTION
This lesson concentrates on nonprofit accounting and auditing issues associated with financial aspects not
covered in Lesson 1. Inventories, property payroll, and income and expense activities are among the topics
discussed.
Learning Objectives:
Completion of this lesson will enable you to:
Explain nonprofit accounting and auditing issues associated with program service fees, revenue, and
receivables in exchange transactions.
Examine accounting and auditing issues related to nonprofits that involve donations of services or physical
items such as goods and facilities.
Summarize nonprofit accounting and auditing issues related to program and support services costs and
expenses.
Describe accounting and auditing considerations related to payroll and related liabilities.
Explain nonprofit accounting and auditing concerns related to inventories, and property and equipment.
Outline nonprofit accounting and auditing issues related to other topics such as debt and statement of activities
accounts.

PROGRAM SERVICE FEES, REVENUE, AND RECEIVABLES
This section addresses program service fees, revenue, and receivables resulting from exchange transactions.
SFAS No.116 (FASB ASC 95860520), defines exchange transactions as reciprocal transfers in which each party
receives and sacrifices approximately equal value." Nonprofit organizations may participate in a variety of
exchange transactions. Examples include collection of dues, receiving fees for services, ticket sales, and invest
ment income. Such exchange transactions generally provide resources that are not externally restricted (except for
income on restricted investments). However, the nonprofit organization's governing board may designate the
resources for specific purposes, for example, for the particular program activity from which the service fee revenue
is derived. Such board designations are not restrictions.
Service Fees
There are many types of service fees, and different types of fees are significant for different types of nonprofit
organizations; that is, they depend on the nature of the organization's activities. Examples include:
Client fees of voluntary service organizations, for example, patientcare fees for home care services; and
charges for vocational training, counseling, therapy, etc.
Membership dues and initiation fees of associations, clubs, and unions.
Admission fees and ticket sales for performances and exhibitions of performing arts organizations and
museums.
School tuition.
Lot sales or annual care fees of cemetery organizations.
Life membership and other fees of homes for the aged.
Accounting Considerations for Service Fees. Service fees of nonprofit organizations are exchange transactions
rather than contributions and are accounted for in the same manner as those for business enterprises; that is, they
327

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

are recognized in the period in which the services are rendered. That is consistent with the Audit Guide, Paragraph
10.05 (FASB ASC 958405252), which notes that revenue from exchange transactions should be recorded as
deferred revenue to the extent that it has not been earned. When the service and the charge usually occur in the
same period, the revenue is recorded when the client is billed. For example, admission fees and ticket charges are
recognized when the fees are charged or tickets sold. If the fees relate to ticket sales for performances that will not
take place until the next year, such as advance season ticket sales, the revenue should be deferred and recognized
when the performance or performances take place. It may also be necessary to defer recognition of revenue for
portions of membership dues, initiation fees, life memberships, tuition charges, etc., that relate to periods subse
quent to the statement of financial position date.
Membership Dues. Membership dues can present special accounting considerations. The Audit Guide, Paragraph
5.27 (FASB ASC 958605559), indicates that membership dues may be partially exchange transactions and
partially contributions. Exhibit 21 lists indicators that may be helpful when determining how to account for
membership dues. The portion of the dues that is considered a contribution would be accounted for following the
guidance on contributions discussed earlier. The portion considered an exchange transaction would be recognized
in the period earned.
Exhibit 21
Indicators for Determining Contribution and Exchange Portions of Membership Duesa
Indicator

Exchange Transaction

Contribution

Nonprofit organization's
expressed intent concerning
purpose of dues

Request describes the dues as provid
ing economic benefits to members or
other organizations or individuals
designated by or related to the mem
bers.

Dues request describes the dues as
being used to provide benefit to the
general public or to the nonprofit
organization's service beneficiaries.

Extent of benefits to
members

Substantive benefits available to
Benefits to members are negligible.
members (such as publications,
admissions, educational programs, or
special events) also may be available to
nonmembers for a fee.

Nonprofit organization's
service efforts

Nonprofit organization benefits are
provided primarily to members.

Nonprofit organization provides
services to members and nonmem
bers.

Duration of benefits

Benefits are provided for a defined
period, and additional payment is
required to extend benefits.

Duration of benefits is not specified.

Expressed agreement con
cerning refundability of dues
payment

Payment is fully or partially refundable if
member withdraws from membership.

Payment is not refundable to
member.

Note:
a

Depending on the circumstances involved, one indicator may have more significance than another. Thus, the
relative importance of an indicator to the transaction should be considered rather than the number of
indicators pointing to a particular type of transaction.

*

*

*

A receivable for nonrefundable initiation or life membership fees should be recognized when the fees are due. The
Audit Guide, Paragraph 5.28, notes revenue should be recognized as follows:
If future membership fees are expected to cover future costs of providing membership benefits, recognize
the nonrefundable fees as revenue in the period in which the fees are receivable.
328

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

If future membership fees will not cover future costs of providing membership benefits, record deferred
revenue when the receivable is recorded and recognize the fees in future periods based on the average
membership duration, life expectancy, or other applicable time periods.
Revenue from service fees and other exchange transactions should be reported gross of applicable expenses.
However, the Audit Guide, Paragraph 12.05, does require that if a nonprofit organization regularly provides
discounts to certain customers or clients (without receiving any goods or services from the customers or clients),
those discounts should be netted against the service fee or sales revenue. Examples would be a private school that
regularly gives scholarships to needy students or a museum that charges reduced admission fees. If the school or
museum incurs incremental expenses to provide the goods or services, then the scholarships or reduced admis
sion would be recorded as an expense to the extent of the incremental expenses. If there are no incremental
expenses or for the amounts in excess of the incremental expenses, then the scholarships or reduction in admis
sion fees are recorded as a discount. For example, a school offers a $1,000 scholarship to a needy student. If the
student causes the school to incur incremental expenses of $400 (a teacher and facilities would already be needed
for the fulltuition students), then the $1,000 scholarship would be recorded as scholarship expense of $400 and as
a tuition discount of $600.
Auditing Considerations for Service Fee Revenues. Service fee revenue of a nonprofit organization can often be
audited effectively and efficiently by welldesigned analytical procedures. [SAS No. 99 (AU 316.41) requires
auditors to ordinarily presume that improper revenue recognition is a risk that may result in material misstatement
of the financial statements due to fraud. Auditors may respond to a risk of improper revenue recognition by tailoring
the basic audit procedures for program service fees, revenue, and receivables in the audit programs, for example,
by increasing the extent of those procedures or by performing additional procedures]. SAS No.56, Analytical
Procedures, indicates at AU329.09 that analytical procedures are a form of substantive tests, and AU329.04 states
that in some cases, analytical procedures can be more effective or efficient than tests of details for achieving
particular substantive testing objectives." In auditing service fee revenue by analytical procedures, the auditor
compares recorded revenue with expectations developed from relating relevant key factors and reliable records of
volume of service provided prepared independently of the financial reporting system. For example, key factors
would include information such as average client service charge per hour, session, or visit; annual membership
dues or tuition rate; and average admission fee or ticket price. Key factors should be tested by reference to rate,
dues, or tuition schedules; advertisements, etc. Reliable source data on volume of service provided would include
records of service calls made, membership rolls, attendance and enrollment records, turnstile counts, ticket usage
reports, etc. When applying such analytical procedures, it is important that the statistical data of key factors and
volume of service be reliable and represent a complete record of service provided. SAS No.56 at AU329.11 states
that the expected effectiveness and efficiency of an analytical procedure in identifying potential misstatements
depends on, among other things,...the reliability of the data used to develop the expectation." AU329.16 indicates
that data is more apt to be reliable if it is obtained from a source within the entity independent of those responsible
for the amount being audited, if it was developed under a reliable system with adequate controls, or if it was
subjected to audit testing in the current or prior year. The auditor should consider the organization's controls related
to revenue and may perform procedures such as reviewing and testing records accounting for all ticket numbers;
tracing timesheets of field service providers, daily service call sheets prepared in the field, or receipts signed by
service recipients to the compilation of total service calls; and tracing names from class attendance sheets to
enrollment summaries.
A simple but effective analytical test of service fee revenue can be comparing the total quantity of service available
(for example, total number of field service personnel times the number of hours that service may be provided) to the
number of service hours billed and investigating significant differences. Also, comparison of budgeted or prior year
amounts with actual amounts recorded in the current period and investigation of significant differences may
provide evidence about completeness and reasonableness of service fees. In some cases, the auditor may wish to
confirm service fees such as tuition, membership dues, or club dues with outside parties, particularly if related
receivables are also being confirmed.
The auditor should consider whether portions of service fees should be deferred, and, if so, the auditor should
obtain an understanding of the organization's controls for deferring fees and recognizing deferred amounts as
revenue over one or more future periods. If the client prepares the calculation, the auditor can review or recalculate
it and examine support for related underlying amounts and periods.
329

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Auditing Considerations for Service Fee Receivables. Accounts receivable may be tested by confirmation. SAS
No. 67 (AU 330) provides guidance about all types of confirmations, including accounts receivable. In addition to
defining accounts receivable, the Statement notes that confirmation of accounts receivable is a generally accepted
auditing procedure. Thus, there is a presumption that the auditor will request confirmation of accounts receivable
during the audit unless one of the following situations exists:
Accounts receivable are immaterial to the financial statements.
The use of confirmations would be ineffective as an audit procedure. For example, if, based on prior years'
audit experience or experience with similar engagements, the auditor concludes that response rates to
properly designed confirmation requests will be inadequate, or if responses are known or expected to be
unreliable, the auditor may determine that the use of confirmations would be ineffective.
The combined assessed level of inherent risk and control risk is low and the assessed level, in conjunction
with the evidence expected to be provided by analytical procedures or other substantive tests of details,
is sufficient to reduce audit risk to an acceptably low level for the applicable financial statement assertions.
In many situations, both confirmation of accounts receivable and other substantive audit procedures are
necessary to reduce audit risk to an acceptably low level for the applicable financial statement assertions.
SAS No. 67 (AU 330) also requires that an auditor who has not requested confirmation of accounts receivable
should document how the presumption was overcome. It is ordinarily not sufficient to merely assert in the workpa
pers that the use of confirmation would be ineffective without providing some type of evidence or analysis to
substantiate that assertion.
If the organization objects to a confirmation with a particular customer, the auditor should consider the reason for
the request and ordinarily obtain corroborating evidence to support the organization's reasoning. If the reason is
considered valid, alternative procedures should be applied to obtain sufficient audit evidence related to the
customer's account. The auditor should also consider obtaining a representation in the management representa
tion letter regarding the reasons for not confirming. Auditors should be alert to the fact that an organization's
request that an account not be confirmed because it is in dispute may be intended to divert the auditor from an
inappropriate transaction. If the organization's reason is not considered valid, the auditor should consider the
possible effect on his or her fraud risk assessment and the ability to rely on management's representations. If the
restrictions significantly limit the scope of the audit, it may be necessary to modify the auditor's report.
Confirmation of receivables for tuition, membership and club dues, etc., would typically be effective and efficient,
particularly if the total balance is composed of a relatively small number of individually significant accounts. The
auditor may need to make a judgment about the practicality of confirming receivables of certain voluntary health
and welfare services. The reason is that confirmations may need to be in the native language of the recipients rather
than English and translation of responses may be required, or the attitude and education level of service recipients
may cast doubt about the reliability of responses that could be expected. The client may desire that confirmation
letters for such receivables include a statement that the confirmation is not a request for payment. If the total
receivables balance is composed of numerous small balances, the auditor may need to use audit sampling in the
confirmation procedure. According to SAS No.67 (AU 330.20), negative confirmations can be used only when:
the combined assessed level of inherent and control risk is low,
a large number of small balances is involved, and
the auditor believes the confirmation recipients will consider the requests.
The first criterion is usually not met in small nonprofit organization audits. However, if all the criteria are met, the
auditor should increase the number of negative confirmations over a comparable sample of positive confirmations
to allow for a lower expected response rate. Normally, an increase of 20% to 50% in the number of confirmations is
an appropriate increase in sample size. When using negative confirmations, auditors should bear in mind that
negative confirmations do not provide any evidence that the requests were actually received or verified by the
recipient. Therefore, negative confirmations provide only limited evidence. As a result, the use of negative confirma
tions is not a sampling application and the results should not be projected to the population. Because of the limited
330

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

evidence provided by negative confirmations, they are best used as a supplement to evidence obtained from other
auditing procedures. Only positive confirmations should be used to confirm individually significant items.
Evaluating the collectibility of service fee receivables such as tuition and memberships and club dues normally is
no different than for a business enterprise and is achieved by review of subsequent collections and by consider
ation of the age of past due accounts, management's correspondence with the patrons, and past collection
experience. Evaluating the collectibility of certain voluntary health and welfare client service receivables may
present special difficulties. A significant portion of the service recipients may depend on insurers or other local
funders to pay for the services they received; this dependence may delay payment. Also, the service recipients are
more likely to have relocated after receiving the service and may be difficult to contact for payment (this is also a
reason why confirmation may not be feasible). Such economic and social factors may influence the auditor's
judgment about the adequacy of the allowance for doubtful accounts.
Overauditing Tendencies for Receivables. Common overauditing tendencies include
Sampling When It Is Not Warranted. This occurs when auditors use confirmation procedures but fail to focus
on individually significant balances for confirmation. The remaining balance may be immaterial, or perhaps
it can be effectively tested with other substantive procedures.
Performing Both Subsequent Collections Testwork on Receivables and Analyzing Statistical Trends in the
Allowance Accounts. If adequate collectibility information is available during fieldwork, the auditor may
perform subsequent collections testwork. However, if adequate collectibility information will not be
available, the auditor should consider performing only trend analysis.
Performing Alternative Procedures on All Nonreplies. Although alternative procedures are proper, they
should not be performed if they would not change the evaluation of the confirmation results (that is, if the
evaluation would not change even after assuming the nonreply is totally misstated). This approach can
reduce the time spent on insignificant nonreplies. Judgment is required when determining that alternative
procedures are not necessary.
Spending Excessive Time Investigating Minor Differences in Confirmed Balances. For the same reasons
as noted above regarding nonreplies, it is often most efficient to treat insignificant confirmation differences
like misstatements.
Failing to Use Client Assistance. The client can normally type and copy confirmations and pull related
documentation.
Processing Confirmation Replies Each Time One Is Received. Confirmation replies should be collected and
processed in substantial groups to save time.
Premature Analysis of Collectibility. It is most efficient to post subsequent cash receipts to the aged trial
balance as long as possible before performing test work on collectibility. For many receivable balances,
subsequent payments will prove their collectibility. For this reason, the promises to give and accounts
receivable agings should not be tested before subsequent payments are posted.
Underauditing Tendencies for Receivables. Common underauditing tendencies include
Failure to Apply SAS No.67. SAS No.67 (AU 330) applies to receivables for such items as service fees,
member and club dues, tuition, and thirdparty reimbursements. Accordingly, these receivables should be
confirmed unless one of the exceptions listed earlier. Although confirmation may not be practical in some
cases, the reasons for not confirming those receivables should be documented in the workpapers. (As
previously noted, SAS No.67 does not apply to promises to give. However, if promises to give are
confirmed, the Audit Guide, Paragraph 5.86, notes that SAS No.67 should be followed.)
Inadequate Bad Debt Evidence. A common deficiency is failing to determine sound economic reasons for
a deterioration of the aging of accounts receivable. Also, too much reliance is often placed on the client's
responses to questions about collectibility without obtaining corroborating evidence. This can result in
failure to obtain sufficient audit evidence relating to the valuation assertion.
331

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Negative Confirmations. Sometimes negative confirmations are used even though the client does not have
effective internal control. In fact, SAS No. 67 (AU 330) on confirmations permits negative confirmations only
when the risk of material misstatement is assessed as low. In those rare instances where negative
confirmations are used, the sample size should normally be increased to allow for a lower response rate.
Ignoring the Completeness Assertion. This assertion should be addressed by relating procedures
performed in the revenue area and supporting receivables procedures. The approach selected to test
completeness should be based on the auditor's assessment of the risk of material misstatement for the
completeness assertion.
Inappropriate Reliance on Aging Schedules. Auditors often use client aging schedules in testing the
adequacy of the allowance for uncollected amounts. In such cases, it is important to test the aging schedule
to determine whether the receivables were aged properly. This can be a particular problem if the aging is
computergenerated. If the aging is not tested, inadvertent reliance is placed on the client's computer
controls.
Inadequate Support and Services Cutoff Procedures. Although basic receivable tests and analytical
procedures are usually adequate to address receivables cutoff, additional cutoff tests may be required
when:
there has been a large increase in receivables during the last month of the year under audit or the first
month of the next year, or
the auditor's knowledge of the client, understanding of internal control and/or fraud risk assessment
indicates a high risk of material misstatement of the receivables cutoff.
Deficiencies in Disclosure. Failure to look for related party receivables or to disclose such items is a
common underauditing tendency. Auditors also should ensure disclosures comply with SOP 016,
Accounting by Certain Entities (Including Entities with Trade Receivables) That Lend to or Finance the
Activities of Others (FASB ASC 3101050), including adequate disclosure of accounting policies for trade
receivables, doubtful accounts, chargeoffs, and past due receivables. Receivables may relate to program
fees, sales of program materials, or other activities.
Other Considerations. Additional or modified procedures may be necessary in order to properly respond to risks
for receivables that have unique characteristics. Some nonprofit organizations include categories of nonprogram
receivables in the aged trial balance; therefore the aged trial balance should be scanned for possible reclassifica
tions. For significant items, the auditor might typically need to apply confirmation and collectability procedures to
those items apart from those for program service fee receivables. The auditor could inquire about the nature of the
receivable, review the history of similar transactions, and determine whether a pattern of writeoffs for such items
exists. The auditor should also consider whether there are categories of receivables in the aged trial balance that
require reclassification for disclosure purposes. For example, consideration might be given to whether related party
receivables from management should be reflected as salary rather than as outstanding receivables.
Sales Revenue
Accounting Considerations. Many nonprofit organizations obtain unrestricted revenue by selling items that were
purchased, produced, or donated for sale. Examples include the sale of publications, periodical subscriptions,
cards and stationery, records, reproductions, used clothing or articles, or advertising space. Such sales are often
cash sales in shops and concession stands or mail order sales. The accounting for such sales is usually straightfor
ward; that is, revenue is recorded at the time of sale or shipment. Subscription revenue, however, should be
recognized over the period to which the subscription applies, and deferred revenue should be recorded for
subscriptions related to future periods.
Auditing Considerations. Auditing considerations for sales revenue are similar to those for a business enterprise
and include consideration of controls over merchandise flow and inventory, cash register receipts, charge slips,
etc., and tests related to completeness, for example, reviewing the sequence of prenumbered sales receipts and
shipping documents and tracing them into the accounting record of sales. Analytical procedures, such as compari
332

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

son of sales revenues between months for the current year and with corresponding months of prior year, may
provide evidence as to reasonableness and completeness. Such an analytical procedure may be the only audit
procedure necessary if sales revenue is relatively insignificant to the nonprofit organization. The auditor should also
consider whether sales revenue results in unrelated business taxable income.
Consideration of Fraud. SAS No. 99 (AU 316.41) requires auditors to ordinarily presume that improper revenue
recognition is a risk that may result in material misstatement of the financial statements due to fraud. Auditors may
respond to a risk of improper revenue recognition by tailoring the basic audit procedures for programs service fees,
revenue, and receivables in the audit programs by increasing the extent of those procedures or by performing
additional procedures.
Affinity Programs
Some nonprofit organizations participate in affinity programs. The organization receives royalties or other income
in exchange for allowing a third party to use the organization's name or logo. For example, a nonprofit organization
may allow a credit card issuer to place the organization's logo on credit cards in exchange for either a flat fee or a
percentage of charges made with the cards. Organizations should have controls in place to ensure that the revenue
from those arrangements is properly recorded. Those arrangements also should be reviewed to determine whether
they are subject to unrelated business income taxes.
Thirdparty Reimbursements
Accounting Considerations. Some nonprofit organizations that provide services to the general public, particularly
health and welfare organizations, are reimbursed by third parties (for example, Medicare and Medicaid) for the
costs of providing the services. Thirdparty reimbursements may be a significant source of revenue for some
organizations. Usually, a contract or agreement specifies the basis for reimbursement, that is, the direct and indirect
costs that are reimbursable and the basis of allocation. The revenue related to such reimbursements should be
recognized in the period in which the reimbursable costs are incurred if this differs from the period in which the third
party is billed.
Auditing Considerations. Audit procedures for thirdparty reimbursements include review of the contracts and
agreements and determination that revenue is recorded for costs incurred in accordance with the terms of the
agreement and review and tests of the costreimbursement reports and supporting data (including allocations of
indirect costs) that are the bases for billings to the third parties. Some cost reimbursement agreements provide for
audits by the third party. The auditor should review any such audit reports for evidence of previously billed costs
that have been questioned and consider the need for recording a liability or disclosing a contingency. Cost
reimbursement contracts with governmental units may subject the nonprofit organization to special compliance,
audit, or reporting requirements.
Consideration of Fraud. SAS No. 99 (AU 316.41) requires auditors to ordinarily presume that improper revenue
recognition is a risk that may result in material misstatement of the financial statements due to fraud. Auditors may
respond to a risk of improper revenue recognition by tailoring the basic audit procedures for program service fees,
revenue, and receivables in the audit programs by increasing the extent of those procedures or by performing
additional procedures.
Grants
Many grants may be exchange transactions or conditional promises to give that do not qualify as contributions
under the authoritative literature. However, some grant agreements could be contributions, and accountants
should consider the factors in the following paragraphs when determining whether a grant is a contribution, a
conditional promise to give, or an exchange transaction.
Accounting Considerations. An organization must determine whether a grant is an unconditional promise to give,
a conditional promise to give, or an exchange transaction. That determination will often be difficult and require
significant judgment. The organization should evaluate each grant individually in light of the consideration dis
cussed shortly.
333

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exchange Transactions. Exchange transactions are, in reality, purchases of goods and services from another entity.
Many grants from governmental entities may be exchange transactions rather than contributions. Exhibit 22 lists
indicators from the Audit Guide, Table 51 (FASB ASC 958605558), that can be considered to help determine
whether a transaction is a contribution or an exchange transaction.
Exhibit 22
Indicators for Distinguishing Contributions from Exchange Transactionsa
Indicator

Exchange Transaction

Contribution

Nonprofit organization's intent Nonprofit organization asserts that it is Nonprofit organization asserts that it is
in soliciting the asset
seeking resources in exchange for
soliciting a contribution.
specified benefits.
Provider's expressed intent
about the purpose of the
asset to be provided

Provider asserts that it is transferring
resources in exchange for specified
benefits.

Provider asserts that it is making a
contribution to support the nonprofit
organization's programs.

Methods of delivery of the
assets to be provided by the
nonprofit organization to third
party recipients

Delivery method is specified by the
provider.

Delivery method is at the discretion of
the nonprofit organization.

Method of determining pay
ment amount

Provider pays the nonprofit organiza
tion an amount equal to the value of
the assets provided by the nonprofit
organization or the assets' cost plus
markup, based on the quantity of
assets to be provided.

Provider determines the amount of
payment.

Penalties assessed if the
nonprofit organization fails to
make timely delivery of assets

Nonprofit organization is penalized for
nonperformance. Provisions for
economic penalties exist beyond the
amount of payment.

Nonprofit organization is not penal
ized for nonperformance. Penalties
are limited to the delivery of assets
already produced and the return of
the unspent amount.

Delivery of assets to be pro
vided by the nonprofit organi
zation

Assets are to be delivered to the
provider or to individuals or organiza
tions closely connected to the pro
vider.

Assets are to be delivered to individu
als or organizations other than the
provider.

Note:
a

Depending on the circumstances involved, one indicator may have more significance than another. Thus, the
relative importance of an indicator to the transaction should be considered rather than the number of
indicators pointing to a particular type of transaction.

*

*

*

If the grant is determined to be an exchange transaction rather than a promise to give, it is not a contribution, and
the organization should review the terms of the grant agreement to determine when to record the revenue. The
revenue should be reported as an increase in unrestricted net assets when the revenue is earned. Exchange
transactions will never increase restricted net assets, which are only affected by contributions received with
donorimposed restrictions.
Promises to Give. If the grant is determined to be a promise to give, it should be reported following the guidance in
SFAS No.116 (FASB ASC 958605258). Conditional grants under SFAS No.116 (FASB ASC 9586052511)
should not be reported in the financial statements. However, if funds have been received related to the conditional
334

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

grant, the amounts received should be accounted for as a refundable advance. Also, certain disclosures are
required for both conditional and unconditional promises to give.
SFAS No.116 notes in Paragraph 23 that it may be difficult to differentiate between a conditional and an uncondi
tional promise to give. However, if donor requirements are not clearly unconditional, the promise to give should be
considered conditional. In SFAS No.116, Paragraph 80 of the Basis for Conclusions" section, the FASB cited an
example of a promisee being required to incur certain expenses as an example of a donor condition rather than a
restriction with the promise becoming unconditional (and revenues being recorded) as the expenses are incurred.
This area will require a great deal of judgment to determine whether a promise to give contains donor restrictions
or donor conditions.
Collectibility. Like promises to give, the collectibility of grants that are unconditional promises to give should be
considered. The organization should consider the age of the grant and the reputation of the grantor in determining
any necessary allowance.
Auditing Considerations. Auditing considerations for grants are similar to those for a business enterprise and
include review of the agreements and determination that revenue is recorded in accordance with its terms.
However, grants may result in additional reporting requirements. For example, a grant agreement may require
periodic submission of financial reports to the grantor, including an auditor's report on the financial statements and
on compliance with the terms of the grant agreement. Other special reporting requirements may apply if the grant
is from a federal, state, or local governmental agency.
Consideration of Fraud. SAS No. 99 (AU 316.41) requires auditors to ordinarily presume that improper revenue
recognition is a risk that may result in material misstatement of the financial statements due to fraud. Auditors may
respond to a risk of improper revenue recognition by tailoring the basic audit procedures for program service fees,
revenue, and receivables in the audit programs by increasing the extent of those procedures or by performing
additional procedures.

335

Companion to PPC's Guide to Audits of Nonprofit Organizations

336

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
23. Which of the following statements are correct concerning exchange transactions?
a. Exchange transactions involve nonprofit activity on an SECregulated exchange.
b. Exchange transactions involve reciprocal transfers of approximately equal value.
c. Exchange transactions generally involve externally restricted resources.
d. Exchange transactions cannot involve boarddesignated resources.
24. Camel Lodge provides a lifetime membership for a nonrefundable fee of $10,000 which covers the costs of
providing membership benefits for the life of the member. The lodge bills members who opt for this
membership; the fee is due within 30 days of billing. How should Camel Lodge account for such transactions?
a. Record revenue upon notification by the member.
b. Record revenue in the period fees are receivable.
c. Record revenue at the normal fee due dates.
d. Defer revenue and recognize based on actuarial calculations.
25. The auditor may test a university's controls related to revenue by tracing names from applicable class
attendance sheets to corresponding class enrollment summaries.
a. True
b. False
26. According to the text, which of the following would be considered evidence of overauditing of receivables?
a. Failure to apply SAS 67 to service fees receivables
b. Use of negative confirmations
c. Prematurely analyzing collectibility
d. Inadequate evidence of bad debt

337

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
23. Which of the following statements are correct concerning exchange transactions? (Page 327)
a. Exchange transactions involve nonprofit activity on an SECregulated exchange. [This answer is incorrect.
Exchange transactions do not necessarily involve SECregulated securities. Indeed, such a transaction
can involve realty, goods, services, etc.]
b. Exchange transactions involve reciprocal transfers of approximately equal value. [This answer is
correct. Each party to the transaction receives and sacrifices something of approximately equal
value in the transfer.]
c. Exchange transactions generally involve externally restricted resources. [This answer is incorrect. Except
for income on restricted investments, such resources are generally not externally restricted.]
d. Exchange transactions cannot involve boarddesignated resources. [This answer is incorrect. For
instance, the governing board may designate the resources to be used for the particular purpose or
program that generates the resources.]
24. Camel Lodge provides a lifetime membership for a nonrefundable fee of $10,000 which covers the costs of
providing membership benefits for the life of the member. The lodge bills members who opt for this
membership; the fee is due within 30 days of billing. How should Camel Lodge account for such transactions?
(Page 328)
a. Record revenue upon notification by the member. [This answer is incorrect. A member's stated intent to
exercise the option is not sufficient basis for recording revenue.]
b. Record revenue in the period fees are receivable. [This answer is correct. This approach is correct
when fees are expected to cover the future costs of providing membership benefits. Otherwise,
revenue is deferred when the receivable is recorded and recognized based on actuarial calculations
or some other acceptable approach.]
c. Record revenue at the normal fee due dates. [This answer is incorrect. Assuming some time range is
established for such recognition, this might be part of an acceptable approach if fees are not expected to
cover future costs of providing membership benefits.]
d. Defer revenue and recognize based on actuarial calculations. [This answer is incorrect. Recognition based
on actuarial calculations is appropriate when fees are not expected to cover future costs of providing
membership benefits.]
25. The auditor may test a university's controls related to revenue by tracing names from applicable class
attendance sheets to corresponding class enrollment summaries. (Page 329)
a. True [This answer is correct. This would be a simple analytical test of controls applicable to
headcount funding.]
b. False [This answer is incorrect. SAS 56 advocates the use of analytical tests over tests of details for certain
substantive testing objectives.]

338

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

26. According to the text, which of the following would be considered evidence of overauditing of receivables?
(Page 331)
a. Failure to apply SAS 67 to service fees receivables [This answer is incorrect. There are few exceptions to
the need to confirm receivables. Failure to do so may indicate a tendency toward underauditing.]
b. Use of negative confirmations [This answer is incorrect. Negative confirmations may be used when
assessed risk of material misstatement is low. Otherwise, this may be a sign of underauditing tendencies.]
c. Prematurely analyzing collectibility [This answer is correct. Subsequent postings of receipts will
often prove collectibility of receivables as of the date of the financials. Failure to wait the appropriate
length of time for such postings can increase the amount of effort required to prove collectibility.
This can point to overauditing tendencies.]
d. Inadequate evidence of bad debt [This answer is incorrect. This could highlight an underauditing tendency
that can lead to insufficient collection of audit evidence related to the valuation assertion.]

339

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

DONATED MATERIALS, LONGLIVED ASSETS, FACILITIES, AND SERVICES
Many nonprofit organizations receive significant amounts of donated materials (often called giftsinkind) for the
organizations to sell or to use in their programs or supporting services. For example, donations may include food,
clothing, furniture, equipment, facilities, collections of works of art or rare books, or bargain purchases of materials
or facilities at prices significantly less than fair value. Donated materials may be restricted for specified programs or
uses, and they may be provided by affiliated organizations as well as unrelated parties. In addition, volunteers
provide nonprofit organizations with significant amounts of free services, including administrative services, partici
pation in fundraising drives, and program services rendered to charitable beneficiaries of the organization. Also,
employees of affiliated organizations may regularly perform services. Finally, nonprofit organizations may receive
free use of facilities such as office space.
Donated Longlived Assets and Facilities
Accounting Considerations. Nonprofit organizations may receive contributions of longlived assets or the use of
facilities for free or a belowmarket rate. Contribution revenue should be recorded in the period received at fair
value. If donated assets have no value and no alternative use, they should not be recognized in the financial
statements. GAAP also requires unconditional promises to give longlived assets or free use of facilities to be
recorded when the promise is received.
Free Use of Facilities. The Audit Guide, Paragraph 5.58, notes that the contribution recorded for the free use of
facilities cannot exceed the fair value of the asset being used. (That situation could occur if an organization were
promised the longterm use of a facility.) If the facilities will be used over several years, the contribution is recorded
as temporarily restricted (because of the time restriction) and measured as (a)the fair rental value of the facilities if
the nonprofit organization receives the use of the facilities at no cost or (b)the fair rental value of the facilities less
the nonprofit organization's contractual lease obligation if the nonprofit organization receives the use of the facilities
at belowmarket rates. When the time restrictions are met, an amount would be reclassified on the statement of
activities as net assets released from restrictions. The Audit Guide, Paragraph 5.58, notes that the unconditional
promise to give the use of facilities may be described in the financial statements by the type of facility (for example,
building), instead of as a receivable. If the free use of facilities is not promised for a specified period of time, the
organization would recognize a contribution and expense for the same amount each period it occupies the free
office space.
Accounting Policy on Implying Time Restrictions. Donations of property and equipment (that is, longlived assets)
without donorimposed stipulations about how long the property must be used may be recorded as restricted
contributions or unrestricted contributions, depending on the accounting policy of the nonprofit organization. SFAS
No.116 (FASB ASC 958605503) requires organizations to adopt and disclose an accounting policy regarding
donations of longlived assets. An organization may adopt a policy of implying a time restriction that expires over
the useful life of donated assets. Accordingly, the donated asset would initially be recorded as a contribution (an
increase in temporarily restricted net assets) with a corresponding entry to the Property and Equipment account in
the statement of financial position. An entry should also be made each year of the asset's useful life to reclassify
temporarily restricted net assets to unrestricted net assets in an amount equal to its depreciation expense.
Alternatively, an organization may adopt a policy of not implying a time restriction and record donated assets as
increases in unrestricted net assets. It is believed few organizations will want to adopt the former policy due to the
cumbersome accounting that would be required in making the reclassification to recognize that a portion of the
time restriction had been met.
Auditing Considerations. Audit procedures include reviewing governing board minutes to ensure all donations
are recorded and reviewing documentation of recorded donations to ensure fair value amounts are properly
calculated and recorded. Lease agreements should be reviewed to ensure that the difference between market
rental rates and contractual rental rates is considered a contribution. The auditor should review donor correspon
dence and governing board minutes for the existence of donor restrictions on donated property and equipment. If
donor restrictions exist, the auditor should review transactions to ensure that the restrictions are complied with and
that the contribution is recorded in the appropriate net asset class.

340

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Donated Services
Accounting Considerations. SFAS No.116 (FASB ASC 9586052516) requires the fair value of donated services
to be recognized in the financial statements if the services either (a)create or enhance a nonfinancial asset or
(b)require specialized skills, are provided by entities or persons possessing those skills, and would need to be
purchased if they were not donated. Services that do not meet either of the preceding criteria should not be
recognized. Donated services are to be recorded at their fair value. SFAS No.116 (FASB ASC 9586053010)
allows donated services that create or enhance a nonfinancial asset to be recorded at the donated services' fair
value or the fair value of the asset created (or the increase in fair value of an enhanced asset). The value of services
recognized is credited to support when they are provided and charged to a nonfinancial asset (such as a building)
or to an expense (such as legal and accounting fees). Donated services that create or enhance a nonfinancial asset
do not need to be specialized to be recognized, but those that neither create nor enhance a nonfinancial asset must
be specialized to be recognized. For example, when a new facility is built, both the value of donated services
requiring specialized skills and those not requiring such skills should be capitalized as a cost of construction.
Typically, a variety of services is donated to a nonprofit organization for the construction of a new facility. Some
services are specialized, such as those provided by an engineer who works without a fee or charges a reduced fee,
but others are not specialized, such as those of volunteers who help paint the interior. Both the value of donated
services requiring specialized skills and those not requiring such skills should be capitalized as a cost of construc
tion. Other services typically requiring specialized skills are provided by attorneys, accountants, physicians,
nurses, plumbers, architects, and other professionals. The examples provided in Paragraphs 195206 of the
nonauthoritative Basis for Conclusions" to SFAS No.116 (FASB ASC 9586055553 through 5568) provide some
additional insight on which contributed services should be recognized. Donated services that do not meet the
above criteria should not be recognized.
Certain contributions that might be considered services (such as contributions of advertising space, radio or
television airtime, or similar services) do not relate to personal services. It is believed that such donated services
that do not represent personal services are actually donated goods" and should be treated as giftsinkind, rather
than as contributed services.
Often, someone is appointed to the organization's board of directors specifically because the new member
possesses a skill that is needed for a particular project. An organization considering a significant acquisition and
renovation of a facility might appoint an architect and engineer to its board to assist with construction as well as an
attorney to assist with negotiating zoning changes and terms of loans and grants for the project. If a reduced fee is
charged, the fee that is recognized as a donation is the difference between the reduced fee and the fee that would
have been charged in an arm's length transaction. (Many professionals may quote a standard billing rate" to be
used when valuing their donated services. The standard billing rate may not be representative of the fair value. Fair
value should be determined based on what other entities would pay for similar services under similar conditions.)
As with the application of all accounting standards, materiality should be considered. The value of services
provided by volunteers in spending a few days painting probably is not significant to the cost of the project and it
probably would not increase annual depreciation charges significantly. In that event, the effort required to deter
mine the value, such as maintaining time records and determining an hourly value, exceeds the value of the result.
While board members often possess specialized skills, the value of their services should be recorded only if they
are used in connection with a building or renovation project or if they would be purchased if not donated. To
illustrate, the services of a CPA who is the board's treasurer, reads financial statements prepared by the organiza
tion's accounting staff, and reports to the board on the financial results would usually not meet the criteria for
recognition. However, if that person compiles financial statements for submission to donors or prepares the
organization's Form 990, the value of those services would require recognition if the organization would have had
to pay someone else to perform those services.
Organizations often rely on volunteers to provide routine services; for example, a shelter for battered women uses
volunteers to assist with child care and operate a telephone hotline. Since those services neither create nor
enhance a nonfinancial asset, nor require specialized skills, their value would not be recognized. Such organiza
tions often use volunteers with specialized skills as well, such as a doctor who provides medical services for the
residents of the shelter and a licensed clinical social worker who provides counseling services for them. While those
services clearly require specialized skills and are provided by individuals possessing those skills, deciding whether
341

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

they would be purchased is often difficult. The organization should consider whether it would otherwise need to
purchase the services, not whether it could afford to purchase the services at their fair value. Accordingly, the
organization does not have to show that it could otherwise afford to purchase the services to meet the condition.
Although not allinclusive, the following factors might indicate the organization would need to purchase the services
if they were not donated:
The services represent an integral part of the organization's programs (such as physician services at a
community clinic).
The services are required to fulfill part of the organization's ongoing administrative requirements (such as
preparation of the organization's Form990).
Volunteer services make up a significant part of the organization's total program activities (such as teachers
who train other volunteers who will in turn teach others to read).
Similar services are also purchased from third parties when volunteer services are not available (such as
legal services).
In many cases, organizations determine that they would not purchase the donated services. Accordingly, the
donated services would not meet the criteria for revenue recognition. However, each circumstance should be
evaluated individually.
Some nonprofit organizations may receive services (such as fundraising or accounting services) provided by
affiliated nonprofit organizations. If the services meet the recognition criteria discussed in the previous paragraphs,
those donated services should be reflected as a contribution in the nonprofit organization's financial statements.
Promises to give services usually involve personal services. As a result, the FASB noted in Paragraph 70 of SFAS
No.116 that those services were often conditioned (either explicitly or implicitly) upon whether or not the person
promising the services was available in the future. For example, a lawyer promising free legal services for five years
might die and therefore not be able to fulfill that promise. Therefore, most promises to give services will usually be
conditional promises to give that should not be recognized in the financial statements until the services are
provided. However, organizations should disclose those conditional promises in the notes to the financial state
ments.
A promise to give services might be unconditional if an individual representing an established service organization
promises that the organization will provide services, and the organization would likely honor the individual's
promise if the promisor was subsequently unavailable.
SFAS No.116 (FASB ASC 958605501) requires that organizations receiving donated services disclose the
activities or programs for which those donated services were used, the nature and extent of those services, and the
amount recognized as revenue during the period. Similarly, organizations are encouraged to disclose the amount
of donated services received, but not recognized as revenue if it is practicable to do so. For example, an organiza
tion may want to disclose the number of volunteer hours received during the year and their estimated fair value,
even though the organization may not record them.
Internal Control Considerations. Nonprofit organizations that frequently receive donated services should have
internal controls in place to ensure that the donated services are properly tracked and evaluated to determine if the
appropriate recognition criteria are met. For example, a health and welfare organization may use schedules and
work logs that track the hours donated by volunteer doctors and nurses. Nonprofit organizations also need to have
a system in place to consistently and properly value the donated services.
Auditing Considerations. The auditor should obtain an understanding of the client's policies with respect to the
types of donated services that will be recorded in the financial statements, the basis for valuing the services, and the
procedures for supervising volunteers and accounting for the quantity and nature of services provided. In assess
ing audit risk, the auditor should consider whether there is any particular incentive to overstate donated services,
for example, whether donated services qualify as inkind matches under the requirements of grant agreements. The
342

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

auditor should review lists of recorded services, including names, positions, descriptions of services, quantity
(hours) provided, valuation, and program benefited. This data can be tested by examining related documentation
and considering support for, and reasonableness of, valuations and by considering the appropriateness of classifi
cations by nature of service and program.
The auditor should also inquire of appropriate client personnel about whether unrecorded volunteer services are
occurring that should be recorded. Failure to record donated services that should be recorded can adversely affect
the financial statements, the audit, or the nonprofit organization. For example, the auditor might fail to obtain a legal
letter from a lawyer who donated legal services that were not recorded. Or, the nonprofit organization might not
obtain as large an allotment from a federated fundraising organization to which it was entitled. This could happen
if the federated fundraising organization bases allotments on cost of programs provided and allows donated
goods or services that qualify for recording in the financial statements to be included in program costs for that
purpose.
Consideration of Fraud
SAS No. 99 (AU 316.41) requires auditors to ordinarily presume that improper revenue recognition is a risk that may
result in material misstatement of the financial statements due to fraud. Auditors may respond to a risk of improper
revenue recognition by tailoring the basic audit procedures for donated materials, facilities, and services in the
audit programs by increasing the extent of those procedures or by performing additional procedures.
Common Overauditing and Underauditing Tendencies for Donated Materials, Longlived Assets, Facilities,
and Services
Common overauditing tendencies include
Performing Inventory Observations on Donated Items That Have No Value. Some entities receive donations
of clothing or household goods. Generally, these items should not be subjected to inventory procedures
if the amount would not be considered material to the financial statements.
Performing Both Confirmations and Document Reviews on Donated Items When Only One Procedure
Should Be Performed.
Common underauditing tendencies include
Accepting Client Valuation of Donated Services without Adequate Support. For example, in a nonprofit
theater, costumes and sets are often made by volunteers. The auditor should obtain independent support
that the items are assets and that they have been properly valued.
Failure to Identify Unrecorded Volunteer Services That Should Be Recorded. For example, the auditor
should inquire if pro bono services were received from attorneys (and send them legal letters).

343

Companion to PPC's Guide to Audits of Nonprofit Organizations

344

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
27. Red Wave University has the use of a facility at $20 per year with no time stipulations. At the time of donation,
fair value of the facility was $10,000 and fair value of the facility's use was $2,500 per year. Red Wave has used
the facility for the last six years. How much contribution revenue should the university record related to its use
of the facility in year seven?
a. $0
b. $140
c. $2,260
d. $2,500
28. Which of the following donated services should be recognized by a nonprofit in its financial statements?
a. A volunteer works in the Custodial Department
b. A CPA is asked to read internallyprepared financials at the board meeting
c. Volunteer drafting and design services are performed for the engineering department
d. CPA donates services to compile financial statements for a major donor

345

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
27. Red Wave University has the use of a facility at $20 per year with no time stipulations. At the time of donation,
fair value of the facility was $10,000 and fair value of the facility's use was $2,500 per year. Red Wave has used
the facility for the last six years. How much contribution revenue should the university record related to its use
of the facility in year seven? (Page 340)
a. $0 [This answer is correct. According to the Audit Guide, the cumulative contribution recorded
cannot exceed the fair value of the asset used.]
b. $140 [This answer is incorrect. This is the payment for the use of the facilities.]
c. $2,260 [This answer is incorrect. This assumes the cost of the use of the facilities will be netted against the
fair value of its use.]
d. $2,500 [This answer is incorrect. The cumulative effect of prior years has been ignored.]
28. Which of the following donated services should be recognized by a nonprofit in its financial statements?
(Page 341)
a. A volunteer works in the Custodial Department [This answer is incorrect. Custodial support helps to
preserve, but does not enhance, the value of the buildings being serviced.]
b. A CPA is asked to read internallyprepared financials at the board meeting [This answer is incorrect. The
value of the services is minimal and could be performed by others on staff.]
c. Volunteer drafting and design services are performed for the engineering department [This answer is
incorrect. There is no indication that the nonprofit would have to pay for these services if not performed
by the volunteer.]
d. CPA donates services to compile financial statements for a major donor [This answer is correct. The
services are specialized, and would require the nonprofit to purchase them if not donated.]

346

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

EXPENSES FOR PROGRAM AND SUPPORTING SERVICES
Expenses of nonprofit organizations can be broadly categorized as program service expenses and expenses for
supporting services. Expenses can also be classified by a natural (object) classification or afunctional classifica
tion. These various categories and classifications are explained in this section.
Program Service Expenses
Program service expenses are the direct and indirect costs related to providing a nonprofit organization's programs
or social services, that is, the costs of the activities for which purpose the organization exists. For example, program
expenses would include the costs of salaries, rent, transportation, and supplies of individual programs such as
public health education, vocational training, or child daycare of voluntary health and welfare organizations or of
programs such as research, conferences, member services, exhibits, and performances of other nonprofit organi
zations.
Supporting Services Expenses
Supporting services expenses are expenses for activities not directly related to the purpose for which the organiza
tion exists. Supporting services expenses are broadly categorized as management and general expenses, fund
raising expenses, and membership development expenses.
Management and General. Management and general expenses relate to the overall direction of the nonprofit
organization and include expenses for activities of the governing board, business management, general record
keeping, budgeting, and soliciting revenue from exchange contracts. Management and general expenses usually
include the salaries of the executive director and his or her staff because their activities usually relate to the overall
direction of the organization. However, to the extent that such persons spend time directly supervising program or
fundraising activities, their salaries and expenses should be allocated to those activities.
Fundraising. Fundraising expenses are costs of all activities that constitute an appeal for financial support, that is,
costs incurred to induce others to contribute money, securities, time, materials, or facilities to the nonprofit
organization. Fundraising expenses include expenses such as costs of personnel, professional consultants, rent,
printing, postage, telephone, direct mail lists, direct contact solicitations, and unsolicited merchandise sent to
encourage contributions.
Membership Development. SFAS No.117 specifically discusses another category of supporting services
expenses in addition to management and general expenses and fundraising expenses: membership development
expenses. According to SFAS No.117, Paragraph 28 (FASB ASC 9587204511), membership development
expenses should include any expenses relating to solicitation of new members and membership dues, member
ship relations, and similar expenses. However, the Audit Guide, Paragraph 13.35 (FASB ASC 9587204512), notes
that if there are no significant benefits or duties from the membership, the membership development expenses may
actually be fundraising expenses.
Classification of Expenses
Natural (Object) Classification. The natural, or object, classification of expenses represents the type of expense,
for example, salaries and employee benefits, professional fees, occupancy, postage and shipping, supplies,
telephone, and travel.
Functional Classification. This is the classification of expenses according to the purpose for which they are
incurred. The primary functional classifications are program services and supporting services. The functional
classification of expenses usually requires allocation of natural expenses to the proper functions. For example, an
individual may perform services benefiting more than one program; or, as previously mentioned, an executive
director may spend part of the time on overall management and general matters and part of the time directly
supervising one or more program services. As another example, both program and supporting services may be
performed in the same building.
In controlling expenses of a nonprofit organization, management is, of course, interested in their natural classifica
tion, such as the total payroll, telephone, or travel expenses incurred during the period. However, most financial
347

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

statement users are more interested in the functional classification of expenses than in the natural classification.
Contributors, funding sources, the governing board, and regulatory groups are usually more interested in the costs
of providing the organization's program services and the relationship or ratio of program expenses to supporting
(particularly fundraising) expenses than the particular types of expenses incurred.
Accounting Considerations. SFAS No.117 (FASB ASC 958720452) requires all nonprofit organizations to
provide information about expenses reported by their functional classification; this information may be provided in
the statement of activities or in notes to the financial statements. The preference expressed in this course is
reporting functionally in the statement of activities. In addition, voluntary health and welfare organizations are
required to present a separate statement of functional expenses in which expenses are reported in a matrix format
by their natural classification. Other nonprofit organizations are encouraged, but not required, to provide this same
information.
Allocation of Costs
As previously mentioned, presentation of the statement of activities on a functional basis and presentation of a
statement or supplementary schedule of functional expenses require the identification of direct costs of and the
allocation of indirect costs to the programs and supporting functions. Some costs can be identified as pertaining to
a specific program, for example, the salary of an individual who works exclusively on a particular service program
or the cost of special supplies used only in a particular program. Other costs may apply to more than one program
or supporting service, for example, the salary of an individual who works on two or more different programs or
overhead costs, such as rent or telephone. Also, fundraising costs may include elements that pertain to program
services and should be allocated.
SFAS No. 117 and the Audit Guide, Paragraphs 13.36.39, discusses allocating expenses to more than one
function. Expenses that relate to more than one program or supporting service should be allocated among the
applicable functions, for example, rent expense for facilities used for programs and supporting services. Directly
identifying (assigning) a specific expense to a function is the preferred method of charging expense to the various
functions. If direct identification is not practical, allocating shared expenses is appropriate. The nonprofit organiza
tion should apply a reasonable method for allocating expense among functions. Objective allocation methods
based on either financial or nonfinancial data are preferable to subjective methods.
There are other reasons to allocate expenses to functions. The authoritative literature requires all nonprofit organi
zations to provide information about expenses reported by their functional classification. Also, temporarily
restricted net assets are reclassified to unrestricted net assets as donor restrictions are met. To determine the
proper amounts of those reclassifications, the nonprofit organization must be able to determine the direct and
indirect expenses attributable to the restricted contribution. Thirdparty reimbursement agreements may provide
for the reimbursement of indirect (as well as direct) costs and may specify an allocation basis for determining
reimbursable indirect costs. In addition, cost incurred in generating unrelated business income must be collected
for reporting on IRS Form990T.
The following are examples of methods that may result in a reasonable functional allocation of expenses:
A study of the organization's activities may be made at the start of each fiscal year to determine the best
practicable allocation methods. The study should include an evaluation of the preceding year's time
records or activity reports of key personnel, the use of space, the consumption of supplies and postage,
and so forth. The results of the study should be reviewed periodically, and the allocation methods should
be revised, if necessary, to reflect significant changes in the nature or level of the organization's current
activities.
Periodic time and expense records may be kept by employees who spend time on more than one function
as a basis for allocating salaries and related costs. The records should indicate the nature of the activities
in which the employee is involved. If the functions do not vary significantly from period to period, the
preparation of time reports for selected test periods during the year might be sufficient.
Automobile and travel costs may be allocated on the basis of the expense or time reports of the employees
involved.
348

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Telephone expense may be allocated on the basis of use by extensions, generally following the charge
assigned to the salary of the employee using the telephone, after making direct charges for the toll calls
or other service attributable to specific functions.
Stationery, supplies, and postage costs may be allocated based on a study of their use.
Occupancy costs may be allocated on the basis of a factor determined from a study of the function of the
personnel using the space involved.
Depreciation and rental of equipment may be allocated based on asset usage.
Internal Control Considerations. The financial reporting system of a nonprofit organization should have the
capability to accumulate and report costs on both a natural and a functional basis, provide information for the
allocation of costs, and comply with cost budgeting requirements. Sometimes a program may have more than one
funding source, with each source funding particular aspects of the program costs. For example, one funding
source may fund payroll and related expenses while another source funds the program's direct costs such as
program supplies and facilities, and a third source funds the indirect costs of the program. In such cases, the
financial reporting system must be capable of tracking the appropriate program cost components to allow the
proper cost reimbursement reports to be filed with the funding sources.
Nonprofit organizations employ budgetary accounting for voluntary and mandatory reasons. Management may
voluntarily prepare budgets for the same reasons as business enterprises, that is, as a blueprint for action" and for
better control of costs. Management may also be required to prepare budgets under the terms of contracts, grants,
or agreements related to the funding of particular programs. Often, these contracts or agreements require periodic
filing of reports of actual expenditures (or expenses) and comparisons with the budget approved by the funding
source. The funding source may reserve the right to determine the disposition of budget overruns in total or for any
expenditure classification. For example, the funding source may or may not increase funding to meet budget
overruns, or it may or may not allow offsetting of overexpenditures in one classification against underexpenditures
in another classification. Unapproved budget overruns would constitute questioned costs, if the overruns are
allocated to the funding source.
As a basis for proper budgeting, cost allocations, and functional classifications of expenses, nonprofit organiza
tions should maintain uptodate job descriptions and an organization chart that clearly defines the organization's
activities by functions. It should also maintain an accounting manual with a chart of accounts and instructions for
charging disbursements and expenses to programs and functions. Employees may need to file time and expense
reports that describe the programs and functions for which time and expenses were incurred. Also, an allocation
plan must be devised based on analysis of the organization's activities. Responsible management officials should
periodically review budgets, make comparisons to actual expenditures, and investigate significant differences.
Also, there should be periodic review of the distribution of expenses and the cost allocation plan to make sure it
reasonably reflects the reality of the organization's activities.
Auditing Considerations. Auditing the natural expenses of a nonprofit organization (for example, total salaries and
rent) is similar to auditing such expenses in a small business engagement. Audit evidence can be obtained from
analytical procedures, such as comparison of actual amounts between months of the current year, with corre
sponding months of the prior year, or with budgeted amounts, and investigation of significant differences. Analyti
cal calculations, such as multiplying the monthly rent rate by 12, can be very effective. Auditing considerations for
payroll and related costs are typically the most significant expense for a nonprofit organization.
Audit attention is directed to the allocation and classification of natural expenses to programs and other functions
and to compliance with funding source requirements for expenditures. The auditor should compare expenses
charged to programs against any approved budgets prepared for the programs, since such budgets may serve as
authorization for those expenses. The auditor should review the cost allocation plan, test computations on it, and
consider whether it reasonably reflects the organization's current year activities and is consistent with methods
used in the prior year. A particular consideration is whether cost allocations were made in accordance with
fundingsource specifications that may not be appropriate for GAAP financial statements. For example, some
funding sources require all costs that they fund to be charged as program costs, even though some costs by nature
should be classified as supporting services, for example, administrative salaries and audit fees. Other funding
349

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

sources require that all indirect costs incurred by the organization be pooled and then charged to the program they
fund based on a formula such as a percentage of direct program costs to total organization costs. Still other funding
sources may specify a percentage of direct costs as an indirect cost factor. Such methods might not result in a
reasonable allocation of indirect costs under GAAP. While the funding source method would be appropriate for cost
reports submitted to the funding source, it would not be appropriate for GAAP financial statements. Also, the
auditor should be aware that the use of several different fundingsource specified allocation methods to charge
indirect costs to programs could result in the organization charging its funding sources for more than 100% of
actual indirect costs incurred. SAS No. 99 (AU 316.64) states that the auditor should perform a retrospective review
of significant accounting estimates reflected in the prior year financial statements and consider whether the
underlying assumptions in the prior year indicate a possible bias on the part of management.
Expenditures of a nonprofit organization may be intentionally misclassified to avoid exceeding program budgets,
to avoid surpluses in programs that would have to be returned to the funding source, to meet cost matching
requirements of a particular program, or to create a more favorable relationship between program service
expenses and fundraising and other supporting service expenses. (An intentional misclassification would be
fraud.) The Audit Guide notes that the auditor could use analytical procedures to determine the propriety of
functional expense allocations. Examples of analytical procedures include comparisons of current year allocations
to prior year allocations and to budgeted amounts. If a nonprofit organization receives governmental financial
assistance such as a grant, the auditor may need to test the cost allocation plan used to charge expenses to the
grant. Allocations of expenses that do not meet the funding source's requirements may be questioned costs.
Fundraising Costs
Accounting Considerations. Fundraising expenses include all costs of inducing contributions, such as salaries,
rent, printing, and postage. Some costs can be directly identified as fundraising, for example, the cost of a mailing
list of potential contributors and expenses related to a direct contact solicitation. Other costs must be allocated to
fundraising, for example, rent and the salaries of employees who devote part of their time to fundraising. SFAS
No.117 (FASB ASC 9582254514) requires that the statement of activities report the gross amounts of revenues
and expense from special fundraising events. Reporting only the net amount generally is not acceptable; however,
if the special event is a peripheral or incidental activity, the direct costs of the special event may be netted against
the revenues. The Audit Guide, Paragraph 13.26 (FASB ASC 9582254516), notes the frequency of the event and
the materiality of the revenue determines if a special event is peripheral or a major, ongoing event.
There are additional financial statement presentation issues related to fundraising expenses and special events
that are addressed in nonauthoritative AICPA Technical Practice Aids.
TIS 6140.07 suggests that the direct costs of donor benefits should be reported in categories other than
fundraising. However, it is believed that if costs of direct benefits to donors are insignificant, they may be
reported with fundraising expenses.
TIS 6140.08 further clarifies the appropriate reporting treatment. The costs of direct donor benefits that are
not program related and are provided in exchange transactions should be reported as a separate
supporting category (such as cost of sales) and not as fundraising expenses. The costs of direct donor
benefits that are not program related and are provided in transactions other than exchange transactions
(such as a free special event) should be reported as fundraising expenses.
TIS 6140.20 discusses situations in which nonprofit organizations with contribution revenue could have
minimal or no fundraising expense. As discussed in the TPA, some organizations by the nature of their
activities might be expected to report contributions and minimal or no fundraising costs. For example,
religious organizations that receive contributions solely from member tithing, or nonprofit organizations
supported by private foundations may incur no or minimal costs in soliciting contributions. Other nonprofit
organizations may receive contributions from fundraising activities that do not meet the criteria for
recognition as contributed services specified by GAAP. TIS 6140.20 concludes that in the unusual situation
of reporting contribution revenue and little or no fundraising expense, the organization should consider
the applicable financial statement disclosure requirements.

350

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

TIS 6140.21 clarifies accounting when a professional fundraiser solicits and collects contributions on
behalf of a nonprofit organization. The TPA states that any fees deducted by the professional fundraiser
should be reported as fundraising expense, and should not be netted with contribution revenue. Thus,
contribution revenue is reported in the full amount contributed by donors and collected by the professional
fundraiser.
TIS 6140.22 describes how a fundraising" nonprofit organization may act as an agent or intermediary
when a donor stipulates that certain resources be transferred to another recipient" nonprofit organization.
Consistent with the pattern in TIS 6140.21, this TPA states that any fee or other compensation deducted
by the fundraising nonprofit organization should be reported as fundraising expense by the recipient
nonprofit organization. The donation received by the recipient nonprofit organization is reported as
contribution revenue in the original amount contributed by the donor.
SFAS No.117 (FASB ASC 958225457) requires all expenses, including fundraising costs, to be reported as
decreases in unrestricted net assets when incurred. In addition, the Audit Guide, Paragraph 13.06 (FASB ASC
958720254), notes that all fundraising costs should be expensed when incurred. The Audit Guide does not
provide any exceptions to the requirement. The Audit Guide, Paragraph 13.34 (FASB ASC 958720501), requires
the financial statements to disclose total fundraising expenses.
Costs of Soliciting Contributed Services. Organizations generally incur costs related to services contributed by
volunteers. The costs of training and managing volunteers should be reported in the functional category consistent
with the services received. That is, the cost of training and managing volunteers who will perform program functions
is reported as expense of the program in which the contributed services are used (or as management and general
expenses if the costs cannot be separately identified). Similarly, the costs of training and managing volunteers who
will perform fundraising functions are reported as fundraising expenses. A footnote to Paragraph 13.34 of the
Audit Guide (FASB ASC 9587204510) states that the costs of soliciting contributed services should be reported
as fundraising expenses, regardless of the type of service received or whether those services meet the recognition
criteria found in SFAS No.116 (FASB ASC 95860525).
Costs of Activities That Include Fundraising SOP 982. SOP982, Accounting for Costs of Activities of
NotforProfit Organizations and State and Local Governmental Entities That Include Fund Raising (FASB ASC
958720), applies to all nonprofit organizations and state and local governmental entities that solicit contributions.
The guidance in the following paragraphs is from that SOP, which is incorporated into the Audit Guide.
Nonprofit organizations often incur costs for materials or activities that include elements of both program services
(or management and general services) and a fundraising appeal. For example, a health association may distribute
a brochure that includes recommendations for avoiding a particular disease, symptoms of the disease and steps
to take if the symptoms appear, a description of the organization's research activities to find a cure, a request for
contributions, and a return envelope. Similar mixtures of information and appeals may be presented in radio or
television spots or in free seminars conducted in thecommunity. The question is whether the costs of such joint
activities should be reported entirely as fundraising or should be allocated between fundraising and program
services (or management and general services). SOP 982 provides accounting standards for such situations. SOP
982 (FASB ASC 958721453) begins with the underlying presumption that, in circumstances in which joint
activities are conducted, expenses should be reported as fundraising expenses rather than as program or
management and general expenses. The SOP then provides criteria for nonprofit organizations to use in overcom
ing that presumption. If any one of the criteria established by SOP 982 (FASB ASC 9587204529) is not met, all
costs of the joint activity should be reported as fundraising expense. All costs" include the costs that might
otherwise be considered program or management and general if they had been incurred in a different activity.
What Is a Joint Activity? SOP 982 covers all costs of joint activities. Activities (such as mail solicitations or television
programming) are joint activities if they are partly a fundraising activity and partly another function, such as a
program, management and general, or membership development function. Certain criteria must be met to con
clude that a program or management and general function has been conducted in conjunction with the appeal for

351

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

funds. [Appendix E to SOP 982 (FASB ASC 958720453 through 4533) shows several examples of how to
address the criteria.] The criteria are as follows:
a. Purpose. The purpose criterion addresses whether the joint activity accomplishes a program, management
and general, or membership development function. Paragraph 9 of the SOP states that to accomplish
program functions, the activity should call for specific action by the audience that will help accomplish the
entity's mission." If the activity calls for such a specific action other than to educate about the organization's
causes, or the activity does not have a program component, the following factors should be considered
in their listed order to determine if the joint activity meets the purpose criterion:
(1) If the organization substantially bases the compensation or fees for any party performing part of the
activity on the amount raised, the activity does not meet the purpose criterion and the organization
should charge the joint activity's costs to fundraising. If, after considering the method of
compensation, the organization decides that not all expenses are fundraising, the following factor
should be considered to evaluate the purpose criterion.
(2) If the joint activity's program function calls for a specific action that will help the organization
accomplish its mission, does the organization conduct a similar program activity (that does not
include a fundraising component) with the same medium and on a similar or greater scale? or Does
the organization conduct a similar management and general activity (that does not include a
fundraising component) with the same medium and on a similar or greater scale? If the answer to
either question is yes, the purpose criterion is met. If the purpose criterion is not met based on this
factor, the organization should consider the following factor.
(3) Is there other available evidence indicating whether the joint activity meets the purpose criterion?
Other evidence includes (a) considering if the program results of the joint activity are measured, (b)
determining whether a different medium is used to conduct the program or management and general
part of the activity without fundraising being a significant part under that medium, (c) considering how
employees, consultants, or other parties contributing to the activity are evaluated or compensated,
(d) considering how the organization evaluates results from the activity (for instance, if the
organization is interested in evaluating program goals or if the organization is more interested in
fundraising goals), (e)evaluating the qualifications or duties of third parties or employees performing
the activity (for example, employees performing the activity are primarily program employees or
development employees), and (f) other tangible evidence (such as the organization's mission
statement and longrange plans, minutes of board meetings, donorimposed restrictions on gifts to
fund the activity, correspondence with consultants or other parties about the activity's purpose, or
internal memos). All of the other evidence should be considered to determine whether the joint activity
has met the purpose criterion.
b. Audience. In assessing whether the activity meets the audience criterion, the source of the names and
characteristics of the audience should be considered. If the activity's audience includes prior donors or is
otherwise selected based on its ability or likelihood to contribute to the organization, Paragraph 12 of the
SOP includes a rebuttable presumption that the audience criterion is not met. Accordingly, the organization
should charge all costs of the joint activity to fundraising. However, the organization may be able to
overcome that presumption and meet the audience criterion if it also selects the audience for one or more
of the following reasons: (1) a need or reasonable potential need for the actions called for by the program
component of the joint activity, (2) an ability to take action to assist the organization in meeting the program
goals of the joint activity, and (3) a requirement imposed on the organization to direct some management
and general activity to that audience (for example, the organization sends contribution acknowledgments
to donors of greater than $250, as required by the IRS, and includes a solicitation for an additional
contribution) or the audience has a reasonable potential need for the management and general
component. If the audience does not include prior donors and is not selected based on the likelihood to
contribute to the organization, the audience criterion is considered met if the audience was selected for one
of the three reasons listed in the last sentence. In deciding whether the organization overcomes the
presumption that the audience criterion is not met, the extent to which the organization selects the audience

352

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

based on its ability or likelihood to contribute should be contrasted with the extent to which it is selected
for any of the other reasons.
c. Content. The joint activity should support program or management and general functions in a specific way.
The joint activity must either (1)call for specific action by the recipient that will help accomplish the
organization's mission or (2)fulfill one or more of the organization's management and general obligations.
The glossary to SOP 982 defines the phrase help accomplish the entity's mission" as ... actions that
either benefit the recipient (such as by improving the recipient's physical, mental, emotional, or spiritual
health and wellbeing) or benefit society (by addressing societal problems)."
If all of the preceding criteria are met, the organization should allocate the activity's joint costs among the functions
and charge costs clearly identifiable with a fundraising, program, management and general, or membership
development function to that function. If any of the preceding criteria are not met, all of the costs related to the joint
activity should be reported as fundraising expenses. That would include costs that are otherwise clearly identifi
able with program, management and general, and membership development functions. However, if an exchange
transaction is conducted with a joint activity (for example, a special event where dinner for attendees is an
exchange transaction), the costs of goods or services provided in the exchange transaction are not reported as
fundraising expenses.
SOP 982 discusses the functional classifications of fundraising, program, and management and general. It
acknowledges that membership development, as well as other functional classifications, are used by some
organizations. If there are no significant benefits associated with membership, member dues are contributions and
membership development activities are in substance fundraising activities. However, if members receive signifi
cant tangible or intangible benefits, membership development is a separate function that can be accomplished
through a joint activity. The discussion of SOP 982 in this course uses the term membership development for
activities that are not in substance fundraising activities. Similar to other joint activities that include program and
management and general components, all of the costs of the joint activity should be reported as fundraising
expenses unless the purpose, audience, and content criteria are appropriate for achieving membership develop
ment objectives.
Incidental Activities. Joint activities that are incidental to the primary fundraising, program, or management and
general activity and meet the conditions in SOP 982 for allocation are not required to be allocated. Instead, those
joint costs may be reflected in the same functional classification as the primary activity. For example, if a booklet
that would be considered a program activity based on its purpose, audience, and content contains a brief
smallprint sentence telling the reader where contributions may be sent, the fundraising activity may be considered
incidental to the program activity. If the entity meets the criteria in SOP 982 for allocation, the nonprofit organization
can choose to allocate part of the booklet's cost to fundraising or to show the entire cost of the booklet as a
program expense.
Allocation Methods. Several cost allocation methods and illustrations of their application are discussed in Appendix
F of SOP 982 (FASB ASC 95872055). The only requirements in SOP 982 for allocation methods are that the
method be rational and systematic, result in a reasonable allocation of joint costs, and be applied consistently. Any
change in the organization's cost allocation method may be a change in accounting principle under SFAS No. 154
(FASB ASC 25010).
Disclosure Requirements. SOP 982, Paragraph 18 (FASB ASC 958720502), requires disclosures related to the
types of the activities for which joint costs have been incurred, a statement that joint costs have been allocated, the
amount of total costs allocated, and the portion allocated to each functional expense category. The SOP also
encourages disclosure of the amount of joint costs for each kind of joint activity, if practical.
Auditing Considerations. Special considerations and procedures are necessary to determine whether costs of
activities that include fundraising appeals should be allocated. First, the auditor should make inquiries to deter
mine whether the organization produced materials or engaged in activities of a multipurpose nature and incurred
costs that might require allocation. For such multipurpose projects, the auditor should consider the criteria dis
cussed earlier. Written instructions to developers of the material or activity and minutes of board discussions of the
project should be reviewed for indications of the reason for the activity. The auditor should review the materials (for
example, the brochure, script for a radio or television spot, and discussion notes for a seminar) and consider what
353

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

and how much is said about the program (information about a particular issue and action requested on it) and
about fundraising.The auditor should obtain information about how the audience was selected. For example, was
a mailing list selected for a particular lowincome community characterized as needing or being interested in the
program information, or was the mailing list selected for an affluent neighborhood? The auditor should test the
costs incurred on the activity by reviewing supporting documentation. Finally, if any costs are allocated between
program costs, fundraising, and management and general functions, the auditor should test such allocations.
Some organizations have adopted time recordkeeping methodologies that use computer technology to keep time
records more efficiently. Some of these systems are web based; others use hand scanners or swipe cards. A
portion of the auditor's procedures should be devoted to gaining an understanding of the technology being
utilized. Also, it is recommended that the auditor have a staff member join the client organization and get on the
organization's mailing list to ensure literature sent to members is available independently for the audit files. SAS No.
99 (AU 316.64) states that the auditor should perform a retrospective review of significant accounting estimates
reflected in the prior year financial statements and consider whether the underlying assumptions in the prior year
indicate a possible bias on the part of management.
As mentioned earlier, SOP 982 suggests several cost allocation methods and illustrates their application. This
guidance may be helpful in assessing the reasonableness of methods used to allocate joint costs. The auditor
should obtain an understanding of the client's method, consider its reasonableness, and test whether the method
was properly applied.
In reviewing an organization's financial statements, auditors should exercise professional skepticism when a
nonprofit organization that received significant amounts of contributions reported no fundraising expenses in its
financial statements. Fundraising expenses include costs of maintaining donor mailing lists in addition to the cost
of activities related to soliciting contributions. Accordingly, most nonprofit organizations that receive contributions
would be expected to incur some expenses that should be reported as fundraising expenses. This is a topic
receiving increased scrutiny from the IRS and the donor public.
Matching Costs
Grant agreements often require that the nonprofit organization provide matching funds in the form of cash, inkind
contributions, or a combination of cash and inkind contributions. The amount of the matching funds may be a
specific amount or a percentage of the grant award. A cash match represents cash contributed by the nonprofit
organization or expenditures paid by the nonprofit organization from funds obtained from sources other than the
grant. An inkind match primarily represents donated materials, equipment, and services usable by the nonprofit
organization for general purposes, but specifically used for the purposes under the grant. The nonprofit organiza
tion's records must separately identify cash and inkind contributions to comply with the specific grant require
ments and with GAAP reporting requirements for donated goods and services. In auditing matching costs, the
auditor should not only test the expenditures or donated goods and services but should also consider whether the
cash or inkind contribution was directly allocable to the specific grant. In addition to normal accounting and
auditing considerations for expenses and donated materials, goods, and services, the auditor should consider
whether amounts claimed as matching costs qualify under the terms of the agreement and were actually incurred
or used for the purposes of the grant.
Grants to Others
Nonprofit organizations may make grants to other nonprofit organizations. For example, private foundations or
voluntary health and welfare organizations may award grants for research in health or education matters, or a
performing arts organization may award grants to local theater groups. The grants may be onetime grants; may be
routinely payable over a period of years; or may be payable over future periods, subject to periodic review,
approval, and renewal. Conditional promises to give are only recognized when the conditions on which they
depend are substantially met. Additionally, conditional promises to give or conditional grants are considered
unconditional if the chances of not meeting the condition are remote.
The liability for an unconditional promise to give is recognized at the promise's fair value, although promises that
are due within one year may be measured at net settlement (face) value because that is a reasonable estimate of
fair value. The present value of the future cash flows using a discount rate commensurate with the risks involved is
354

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

one valuation technique for measuring the fair value of unconditional promises to give cash; other valuation
techniques are available, as described in SFAS No. 157, Fair Value Measurements (FASB ASC 82010). The
organization may also make an irrevocable election in accordance with SFAS No. 159, The Fair Value Option for
Financial Assets and Liabilities (FASB ASC 82510), to measure its liability at fair value under the fair value option.
For example, Nonprofit Organization A promises unconditionally to grant Nonprofit Organization B $1 million,
payable in four equal installments over the next four years. If the contribution payable is measured using present
value techniques, Nonprofit Organization A would record a grant expense and a grant payable equal to the present
value of the future payments. Subsequent adjustments of the discount would also be recorded as grant expense,
not interest expense.
SFAS No. 157 (FASB ASC 82010) will amend numerous accounting pronouncements throughout the accounting
literature, including SFAS No. 116. In view of the Statement's effective date, it is believed that most financial
statements for years ending prior to November 30, 2008 will have been prepared using the currently effective fair
value measurement guidance, i.e., the guidance in paragraph 20 of SFAS No. 116, which stated, the present value
of estimated future cash flows using a discount rate commensurate with the risks involved is an appropriate
measure of fair value of unconditional promises to give cash." However, it is believed that, with some modifications,
present value calculations will continue to be the primary valuation technique used for measuring obligations for
unconditional promises to give when SFAS No. 157 (FASB ASC 8201) is effective. It is believed the objective in
determining a discount rate is to approximate the rate that would have resulted if an independent lender had
negotiated a transaction with the donor organization on similar terms. Following the guidance in APB Opinion No.
21, Interest on Receivables and Payables (FASB ASC 83530), it is believed the interest rate used to compute the
present value of a promise made would depend on factors such as the organization's creditworthiness, its
incremental borrowing rate, the rates available for a loan of similar length and terms, and interest rates on
securities. Thus, as noted in a footnote to Paragraph 10.07 of the Audit Guide, the discount rate used to compute
the present value of promises to give to others may differ from the rate used to discount promises to give
receivables because of differences in the risks involved. Generally, the effective interest method described in APB
Opinion No. 21 should be used to amortize the discount.
In auditing expenses for grants to others, the auditor should examine grant authorizations and related agreements
and consider whether grant expense is recorded in the proper period, based on any provisions for periodic
payment, renewal, revocation, or other conditions. The auditor should also consider the client's grantmonitoring
controls, including controls for canceling or obtaining refunds of grants. Additional audit procedures may include
reviewing board of directors' minutes for information about grants and promises to give awarded to others. Grants
payable over more than one year should be reviewed to determine that the amounts expected to be paid are
properly discounted and the amortization of the discount is recorded in subsequent periods. Also, cash disburse
ments tested during the search for unrecorded liabilities should be reviewed to determine if all grants were
recorded in the appropriate accounting period. Audit considerations applicable to other expenses also apply, for
example, determining appropriate allocation by program.
Loans Made in Lieu of Grants
While most foundations make outright contributions or grants to other nonprofit organizations, some foundations
instead make loans to nonprofit organizations. Some of these loans may be made to organizations that were not
able to obtain financing through traditional financial institutions. Oftentimes, the loans may be interestfree or they
may be made at belowmarket interest rates.
Accounting Considerations. Nonprofit organizations should have controls in place to ensure that loans are not
recorded as contributions. Interestfree or belowmarketinterest loans have additional accounting considerations.
APB Opinion No.21, Interest on Receivables and Payables, states in Paragraph13 (FASB ASC 835302512) that
the interest rate used to determine the present value of future payments of a loan should approximate the rate that
an independent borrower and independent lender would have negotiated in a similar transaction. An AICPA
Technical Practice Aid (TIS6140.05) addresses accounting for loans that are interestfree or have a belowmarket
interest rate. If the loan is due in more than one year, the organization should record the difference between the fair
value of the loan based on the market interest rate and the fair value of the loan at the stated rate (or the face value
of the loan for loans that are interestfree) as contribution revenue when the loan is received and record interest
expense during the loan period.
355

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Foundations, or other loan makers, should review any outstanding loans for collectibility. SFAS No.114, Account
ing by Creditors for Impairment of a Loan (FASB ASC 31010), provides accounting guidance for loan (used
interchangeably with notes receivable) impairments. SFAS No.114 applies to notes receivable that are identified
for collectibility evaluation, unless they are accounted for at fair value or the lower of cost or fair value. It specifically
does not apply to large groups with smaller balance homogeneous loans that are collectively evaluated (such as
consumer installment loans), to accounts receivable, or to notes receivable maturing within the next year. A note
receivable is considered impaired if it is probable that the lender will be unable to collect all amounts due under the
contractual terms of the loan agreement. In other words, when it is probable that at least some of the scheduled
principal or interest payments will not be collected, the loan should be considered impaired.
Auditing Considerations. As with unconditional promises to give receivable, loans receivable would not fall under
the guidance in SAS No.67 (AU 330), The Confirmation Process. However, confirmations may provide useful
information and audit evidence. If the auditor chooses to confirm loans receivable, the guidance in SAS No.67
should be followed. An auditor can obtain evidence of whether a transfer to or from another organization is a
contribution or a loan by reviewing any documentation accompanying the transfer, by reviewing minutes of the
governing board, and by confirmation.
Payments to Affiliated Organizations
Some nonprofit organizations make payments to affiliated organizations for administrative services, the right to
operate in a geographic area, or fundraising services. In addition, some nonprofit organizations are required to
make payments (such as dues to a national organization) without receiving any identifiable benefits. The Audit
Guide, Paragraph 13.57, requires payments to affiliated organizations to be allocated to functional classifications to
the extent possible. However, if payments cannot be reasonably allocated to functions, they should be treated as
a separate supporting service and reported on the statement of activities as a separate line item labeled Unallo
cated Payments to Affiliated Organizations."
Sometimes, the payments represent remittance of a portion of support raised at the local level, in which case it may
be appropriate to record the payment as a deduction from support in the statement of activities. Criteria for
determining the appropriate accounting treatment include the agreement with the affiliate and the basis on which
funds are solicited from the public. Audit procedures include review of the agreement with the affiliate and
confirmation of the payment and terms of the agreement with the affiliate.

356

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
29. Which of the following is an example of program service expense?
a. Executive Director's salary
b. Fundraising expense
c. Day care salaries
d. Membership development expense
30. Nonprofit management is normally more concerned with the functional classification of expenses.
a. True
b. False
31. How does SFAS 117 expect a voluntary health and welfare organization to report functional expenses in its
financial statements?
a. Optionally, in the statement of activities
b. As a required disclosure in the notes to the financial statements
c. Optionally, as disclosure in the notes to the financial statements
d. As a matrix in a separate statement
32. An important consideration for auditors of nonprofits is whether funding sources specify nonGAAP cost
allocation methods.
a. True
b. False
33. Where should the costs of managing and training volunteers be reported when such costs are not readily
identifiable to functional area?
a. Program service expenses
b. Fundraising expenses
c. Management and general expenses
d. Membership development
34. Which of the following criteria is independent of the others in establishing that joint activity costs should be
reported as other than for fundraising?
a. Purpose
b. Audience
c. Content
d. Exchange transaction

357

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
29. Which of the following is an example of program service expense? (Page 347)
a. Executive Director's salary [This answer is incorrect. This expense relates to the overall direction of the
nonprofit organization and is not directly related to the purpose of the organizations existence.]
b. Fundraising expense [This answer is incorrect. This classification includes costs of postage, telephone,
direct mail, etc. associated with various fund drive campaigns and are supporting services expenses.]
c. Day care salaries [This answer is correct. Program services are the costs related to providing the
social services or programs of a nonprofit organization.]
d. Membership development expense [This answer is incorrect. This classification includes costs to solicit
new members and is a category of supporting service expenses.]
30. Nonprofit management is normally more concerned with the functional classification of expenses. (Page 347)
a. True [This answer is incorrect. Management usually wants to see costs summarized for salaries, telephone,
etc.]
b. False [This answer is correct. Management is normally more concerned with natural classification
of expenses for cost control.]
31. How does SFAS 117 expect a voluntary health and welfare organization to report functional expenses in its
financial statements? (Page 348)
a. Optionally, in the statement of activities [This answer is incorrect. The information must be provided.]
b. As a required disclosure in the notes to the financial statements [This answer is incorrect. The information
may be provided in the disclosures.]
c. Optionally, as disclosure in the notes to the financial statements [This answer is incorrect. Inclusion in the
financials is not optional.]
d. As a matrix in a separate statement [This answer is correct. This statement and format are required
for health and welfare organizations. Expenses are shown by their natural classification.]
32. An important consideration for auditors of nonprofits is whether funding sources specify nonGAAP cost
allocation methods. (Page 349)
a. True [This answer is correct. The auditor must consider funding source cost allocation
specifications as they relate to GAAP and their effect on the financials.]
b. False [This answer is incorrect. Funding sources are not bound by GAAP in their allocation methodologies,
creating serious concern for the auditor.]
33. Where should the costs of managing and training volunteers be reported when such costs are not readily
identifiable to functional area? (Page 351)
a. Program service expenses [This answer is incorrect. Direct costs attributable to the organization's purpose
are charged here.]
b. Fundraising expenses [This answer is incorrect. This would only be true of costs related to fund raising.]
358

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

c. Management and general expenses [This answer is correct. According to the Audit Guide, such
costs should be classified as management and general expenses.]
d. Membership development [This answer is incorrect. Membership development pertains to the costs of
soliciting new members, member dues, etc.]
34. Which of the following criteria is independent of the others in establishing that joint activity costs should be
reported as other than for fundraising? (Page 353)
a. Purpose [This answer is incorrect. The purpose criterion is one of several criteria required to establish that
joint activity costs should not be reported as fundraising.]
b. Audience [This answer is incorrect. The audience criterion is required to rebut the presumption that joint
activity costs should be reported as fundraising, but others are also required.]
c. Content [This answer is incorrect. The content criterion is required in concert with others to support a
conclusion that joint activity costs should be reported as other than fundraising.]
d. Exchange transaction [This answer is correct. The presence of an exchange transaction in a joint
activity automatically accepts related costs from the rebuttable presumption that such costs are
fundraising.]

359

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

PAYROLL AND RELATED LIABILITIES
Payroll typically is a significant expense for nonprofit organizations because of the magnitude of payroll expense in
relation to total expenses and because salaries are a basis for allocating many indirect costs to programs and other
functions.
The scope of audit procedures for payroll and related liabilities depends on considerations such as whether
different payroll systems are used for salaried and hourly employees or for other categories of employees; the size,
location, and relative stability of the work force; and what benefit plans are in effect.
The work force may be relatively unstable for some nonprofit organizations, particularly voluntary health and
welfare organizations. Employee turnover may be high because of low pay scales or poor job security related to
program termination or limited or uncertain future funding. There may be significant use of temporary workers on
programs of short duration or with limited or uncertain funding. Also, some nonprofit organizations may use
employees in programs where there is a greater risk of fraud, such as youth programs or work conducted in the
field. Frequently, funding sources require physical verification of employees. In such situations, the auditor may
apply audit procedures such as a test of a sample of payroll transactions or observation of paycheck distributions
to employees.
Internal Control Considerations
The financial reporting system should include authorization for employee services with job specifications and
maintenance of attendance sheets, time sheets, project reports, etc., that specify date, type, and quantity of service
and the program or other function to which the service relates. Because a nonprofit organization may keep similar
records for recorded donated services, maintenance of salary or pay rate authorizations for paid employees is vital.
Auditing Considerations
Analytical procedures are effective and efficient when the work force is relatively stable (that is, permanent, fulltime,
experienced employees) and when it provides fixed, clearly defined routine services on the premises, such as for
libraries, museums, and recreational clubs. Persuasive evidence can be obtained by comparison of recorded
payroll to the prior period actual and the current budget (by department, program, or other function and in total), in
relation to the number of personnel, and by investigations of significant differences. Also, the auditor can compute
the average payroll cost per employee and compare it to the average for prior periods. Some auditors believe that
another effective overall test for payroll is to reconcile payroll record totals to comparable totals on Form 941 filed
by the nonprofit organization and to the general ledger. They believe that, because of the unlikelihood of filing false
forms with a federal agency, this procedure is often very efficient and effective. When the other analytical tests and
this procedure produce satisfactory results, it may not be necessary to sample individual payroll transactions, or, if
sampling is considered necessary, it may be possible to reduce the sample size.
When the work force is unstable, the auditor may consider it necessary to test for padded payroll (fictitious
employees) by tracing new hires identified in payroll records to personnel records, noting the absence in payroll
records of terminated employees identified from personnel records, and observing the physical existence of
employees in a surprise observation of a paycheck distribution. When a sample of payroll transactions is tested,
gross pay, all deductions, and net pay are recalculated and traced to supporting documents, for example, employ
ment authorization, signed and approved time cards, signed W4 forms, and endorsed cancelled checks.
Employee Benefits
Accounting Considerations. Employee benefits include vacation and sick leave, bonuses or other merit pay
plans, and pension plans. Nonprofit organizations organized under Internal Revenue Code (IRC)Section 501(c)(3)
may adopt contributory or noncontributory taxdeferred annuity plans under rules specifically provided for such
organizations in IRC Section 403(b). Such plans involve the purchase of annuity contracts from insurance compa
nies. Section 403(b) specifies maximum amounts that may be contributed to the plan for each employee. Under
SFAS No.87, Employers' Accounting for Pensions (FASB ASC 715303553), for nonparticipating annuity con
tracts (contracts in which all risk and liability is transferred to the insurance company and the annuity purchaser
360

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

does not participate in the investment performance or other experience of the insurance company), the cost of the
contract determines the cost of the benefits currently earned, that is, the annual pension expense. More complex
accounting provisions of SFAS No.87 apply to participating annuity contracts and other forms of defined benefit
pension plans.
Nonprofit organizations also are permitted to sponsor IRC Section 401(k) plans to their employees. Section401(k)
plans are defined contribution plans. Under SFAS No.87, the annual expense of defined contribution plans is the
contribution required for the period.
In addition, SFAS No.106, Employers' Accounting for Postretirement Benefits Other Than Pensions (FASB ASC
71560), focuses principally on postretirement health care benefits. It requires accrual, during the years that the
employee renders the necessary service, of the expected cost of providing those benefits. Its provisions are similar
in many respects to SFAS No.87. SFAS No. 158, Employers' Accounting for Defined Benefit Pension and Other
Postretirement Plans, amends both SFAS Nos.87 and 106 to require nonprofit employers to recognize the funded
status of a benefit plan in the statement of financial position and recognize changes in the funded status through
changes in unrestricted net assets. SFAS No. 158 also provides new measurement and disclosure guidance. The
SFAS does not change previous accounting guidance for multiemployer plans or defined contribution plans.
SFAS No.112, Employers' Accounting for Postemployment Benefits (FASB ASC 71210), is another statement that
affects accounting for employee benefits. The ultimate impact on the nonprofit organization will depend on the
types of postemployment (after employment but before retirement) benefits that are provided to former or inactive
employees, their beneficiaries, and their covered dependents and on whether or not the criteria for recognition of
these benefits are met. Postemployment benefits include salary continuation, supplemental unemployment bene
fits, severance benefits, disabilityrelated benefits (including worker's compensation), job training and counseling,
and continuation of health care and life insurance coverage. The Statement requires employers to accrue an
obligation to provide these benefits when:
The obligation is attributable to employees' services already rendered.
The right to the benefit accumulates or vests.
Payment of the benefit is probable.
The amount of the benefit can be reasonably estimated.
The accrual should be made over some period, usually the related service periods of active employees, in
accordance with SFAS No.43 (FASB ASC 71010). If the four conditions above are not met, the liability should still
be accrued if it is probable that a liability has been incurred and the amount can be reasonably estimated in
accordance with SFAS No.5 (FASB ASC 45010). If an obligation is not accrued only because the amount cannot
be reasonably estimated, that fact must be disclosed in the financial statements.
SFAS No. 132R, Employers' Disclosures about Pensions and Other Postretirement Benefits, an amendment of FASB
Statements No. 87, 88, and 106 (FASB ASC 71520), does not address recognition or measurement of pension or
other employee benefit expenses. Rather, the Statement standardizes and generally reduces the overall disclosure
requirements for nonpublic entities.
SFAS No. 158. SFAS No. 158, Employers' Accounting for Defined Benefit Pension and Other Postretirement Plans
(FASB ASC 715), amends SFAS Nos. 87, 88, 106, and 132R. SFAS No. 158 requires employers to recognize the
funded status of a defined benefit plan in the statement of financial position and recognize changes in the funded
status through changes in unrestricted net assets. The previous standards generally only required that information
be disclosed in the notes to the financial statements. In addition, SFAS No. 158 generally requires plan assets and
obligations to be measured as of the statement of financial position date. The transition provisions of SFAS No. 158
provide for a phased implementation of its disclosure, recognition, and measurement requirements. These require
ments began with certain disclosures required in financial statements for fiscal years ending after December 15,
2006, but before June 16, 2007.
As of the end of fiscal years ending after June 15, 2007, SFAS No. 158 requires nonprofit organizations to recognize
the funded status of their pension plans in the statement of financial position and recognize changes in the funded
361

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

status through changes in unrestricted net assets. The funded status of pension benefit plans is measured as the
difference between the fair value of plan assets and the projected benefit obligation. If the projected benefit
obligation exceeds the fair value of plan assets, a liability is recognized. If the fair value of plan assets exceeds the
projected benefit obligation, an asset is recognized.
Upon adoption of the recognition provisions of SFAS No. 158, the employer adjusts the amount recognized in the
statement of financial position at the end of the fiscal year of adoption so that gains or losses, prior service costs or
credits, and the net transition asset or obligation that have not yet been included in net periodic benefit cost as of
that date are recognized in the ending balance of unrestricted net assets, net of tax, if any. Any required adjustment
should be reported in the statement of activities, in a separate line item or items within changes in unrestricted net
assets, apart from expenses. If the organization presents a performance indicator or other intermediate measure of
operations in the statement of activities, any required adjustment should be reported outside of that total. Amortiza
tion of the gains or losses, prior service costs or credits, and net transition asset or obligation included in
unrestricted net assets continues in the ensuing year.
SFAS No. 87 allowed employers to measure pension plan assets and obligations up to three months in advance of
the financial statement date. Effective with fiscal years ending after December 15, 2008, SFAS No. 158 generally
requires measurement as of the employer's financial statement date. SFAS No. 158 (FASB ASC 71520651)
provides two approaches for transitioning to a fiscal yearend measurement date:
a. Remeasure benefit obligations and plan assets as of the start of the fiscal year in which the measurement
date provisions are applied, and use the new measurements to determine the effects of the measurement
date change.
b. Continue using the measurements determined for the prior fiscal year to estimate the effects of the change.
It is believed most nonprofit organizations will elect to use this approach for implementing the
measurement requirements of SFAS No. 158.
In the year the measurement provisions of SFAS No. 158 are initially applied, a nonprofit organization should
disclose the separate adjustment of unrestricted net assets that results from applying the Statement.
Auditing Considerations. Analytical tests are often effective for pension and other employee benefits, including
compensated absences. For example, the auditor can compare vacation and sick leave amounts to the prior period
actual and the current budget and can compare the ratio of amounts to gross pay with the ratio for the prior period.
The relation of these and other employee benefit expenses to the number of covered employees can be compared
to the same relationship in the prior period. Other procedures include tracing the annual contribution of a defined
contribution pension plan to authorization in the board minutes, vouching the payment for the purchase of an
annuity contract, recalculation of the maximum annual pension contribution and comparison to recorded expense
and limitations imposed by tax law, and confirmation with actuaries to obtain amounts and information required to
be recorded and disclosed in the financial statements.
Employee benefit plans meeting certain criteria are required to include audited financial statements with the plans'
annual Form 5500. Previously, most 403(b) plans were exempt from the requirement to have audited financial
statements. Beginning with the 2009 plan year, 403(b) plans with more than 100 eligible participants as of the
beginning of the plan year will also be required to include audited financial statements with the plans' annual Form
5500. Some nonprofit organizations may not be aware of the requirements related to auditing employee benefit
plans. Educating nonprofit organization clients about the requirement can be a valuable client service opportunity.
Common Payroll Fraud Schemes, Symptoms, and Related Audit Responses
Examples of common fraud schemes related to payroll, and procedures that may be performed in response to
those schemes, are provided for misappropriation of assets in Exhibit 23. The exhibit also lists the symptoms (also
called red flags or indicators) auditors may observe that indicate the presence of a particular fraud scheme.

362

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

Exhibit 23
Common Payroll Fraud Schemes, Symptoms, and Related Audit Responses Misappropriation of Assets
Fraud Scheme

Audit Responsesa

Symptoms

Ghost employees.

Unusual or unexpected fluctuations in
payroll expense or hours.
Checks to employees with minimal or
no personnel records.
Unexplained variances from standard
costs.

Review personnel files.
Perform a social security number
review.
Verify employees' existence.
Review payroll register.
Auditor distributes payroll checks or
observes their distribution.

Overpayment
schemes.

Unusual or unexpected fluctuations in
payroll expense or hours.
Unexplained variances from standard
costs.

Review payroll register.
Vouch and trace.

Diverting wages or
payroll taxes.

Employee complaints about improper
pay or withholding calculations.
Irregularities in gross pay or withhold
ing calculations.

Review payroll register.
Review payroll withholding tax returns
filed.

Theft of paychecks.

Missing payroll checks.
Unusual endorsements on cancelled
paychecks.

Review payroll checks.
Vouch and trace.
Auditor distributes payroll checks or
observes their distribution.

Employees writing
extra payroll checks
to themselves.

Duplicate paychecks or entries on pay
roll records.
Missing payroll checks.
Unusual behavior of potential suspects
(for example, changes in lifestyle or not
taking annual vacations).

Review payroll register.
Review payroll checks.
Vouch and trace (include comparing
authorized pay rates to pay rates on
payroll register).
Auditor distributes payroll checks or
observes their distribution.
Perform a physical inventory of unused
checks.

Diverting withhold
ings.

IRS notices about failure to make timely
deposits.
Late tax deposits.
Unusual endorsements on tax depos
its.

Review personnel files.
Vouch and trace.
Review payroll register.
Review payroll checks.

Keeping former
employees on the
payroll.

Unusual or unexpected fluctuations in
payroll expense or hours.
Unexplained variances from budget
expenses.
Unusual endorsements on cancelled
paychecks.
Employee complaints about excess
compensation on Form W2.

Review personnel files.
Vouch and trace.
Review payroll register.
Review payroll checks.
Auditor distributes payroll checks or
observes their distribution.

Note:
a In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*

363

*

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

INVENTORIES
Accounting Considerations
Inventories of nonprofit organizations usually consist of purchased or donated supplies, materials, publications,
and other items used in the organization's operations or programs, sold to the public, or used for the organization's
fundraising efforts. Purchased inventory should be capitalized at cost, which includes all direct and indirect costs
incurred to prepare it for sale or use. Donated inventory should be recorded as contributions and as inventory in the
period received at fair value. SFAS No.116 (FASB ASC 958605258) also requires unconditional promises to give
materials, such as inventory, to be recorded as contributions even though the nonprofit organization may not
receive the assets until a future period. The Audit Guide, Paragraph 7.03, notes that organizations can use methods
such as estimates, averages, or approximations to value the inventory if those methods reduce the cost of
determining the inventory's fair value. Examples of those methods are subsequent sales or average value per
pound of donated inventory. The Audit Guide also notes, however, that those methods are appropriate only if
(a)they are applied consistently and (b) the estimated fair value is not expected to be materially different from that
determined using a more detailed measurement of the inventory's fair value. For example, if a nonprofit organiza
tion runs a gift shop and inventory turns over 12 times per year, the organization could estimate the year end
inventory based on the subsequent month's sales.
Paragraph 7.03 of the Audit Guide (FASB ASC 958605254) states that donated items that have no value [for
example, because they cannot be (a) used internally in the organization's programs and activities or (b) sold]
should not be recognized. For example, donations of used items, such as outdated clothing, that cannot be either
used internally or in the organization's programs or sold by the organization probably have no fair value and would
not be recorded as an asset or a contribution. However, existence of value is not the same as difficulty in
determining that value.
Agency Transactions Involving Donated Materials and Supplies. Sometimes, donated materials or supplies are
passed from one organization to another at the request of a donor. If a donor does not give the nonprofit
organization the discretion to choose who will get the donated items, the nonprofit organization serves only as an
agent, and the donated materials are not reported as contribution revenue when received. Likewise, when the
nonprofit organization distributes the donated materials or supplies to the ultimate beneficiary, the transfer is not
reported as a contribution made. For example, a food bank that receives canned foods from a grocery store with
the stipulation that the food be distributed to Anytown Night Shelter would not record the donation as a contribution
because the organization has no discretion on what to do with the food. Alternatively, if the food bank was given the
food to use however it decided in its programs, the transaction would be accounted for as a contribution.
When it acts as an agent, the nonprofit organization may choose to either (a)report the receipt of donated
materials, supplies, or other nonfinancial assets as a liability to the beneficiary concurrent with recognition of the
assets received or (b)not report the transaction at all. The choice is an accounting policy allowed by SFAS No.136,
Transfers of Assets to a NotforProfit Organization or Charitable Trust That Raises or Holds Contributions for Others
(FASB ASC 9586052523), that must be applied consistently from period to period. In addition, the organization
must disclose that policy in the notes to the financial statements.
If the nonprofit organization chooses to report the assets and liability, both are measured at the fair value of the
assets received. (If the amount of donated inventory held by the nonprofit organization in an agent capacity is
material, segregating those amounts from the organization's own inventory items on the statement of financial
position is recommended.) The assets and liability are reduced when the assets received are subsequently
distributed to the beneficiary.
Internal Control Considerations
The flow of donated materials through a nonprofit organization may be significant. For example, thrift stores may
depend solely on donated items to be resold in the stores. Similarly, food banks may receive and distribute
significant amounts of donated items. For those organizations that receive material amounts of donated inventory
items, it is important that the organization have internal controls in place to monitor the receipt, recording, and
physical safeguarding of inventory. For instance, donations of inventory items may be monitored with prenumbered
364

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

receipts. In addition, controls should be in place to ensure compliance with any restrictions on the use of the
donated materials. Also important are controls for identifying, valuing, and properly classifying items that should be
reported in the financial statements as restricted or unrestricted contributions.
Auditing Considerations
Audit procedures include reviewing a list of all materials received showing the date of receipt, description of the
item, quantity, fair value, and any restrictions on use. Items can be traced to receiving reports or other supporting
documentation, and the quantity, description, and restrictions applicable to significant items can be confirmed with
donors. Items that should be reported in the financial statements should be traced into the accounting records and
fair valuation tested. Determining the fair value of donated materials can be difficult. The Audit Guide, Paragraph
7.03, suggests using catalogs, vendors, and independent appraisals. As previously discussed, other methods
such as calculations of average price per pound or subsequent sales may also be used if the calculation would not
differ significantly from a more specific method of measuring fair value. Auditors of nonprofit organizations may
need to use a specialist's work in order to obtain sufficient, appropriate audit evidence related to the valuation of
gifts in kind.
Auditors should also carefully review solicitations for and donations of inventory items to ensure that they are not
agency transactions. For example, nonprofit organizations may hold disaster relief drives seeking donations for a
third party. Depending on whether the nonprofit organization maintains discretion over the use of the donated
assets, the transaction may be an agency transaction instead of a contribution.
Inventory is not material for many nonprofit organizations, and, if not, analytical procedures in the form of compari
son with prior periods may be sufficient. Audit procedures for material amounts of inventory of nonprofit organiza
tions are similar to those for business enterprises and include observation of physical counts and tests of the
inventory compilation and pricing. Unique considerations would include proper treatment (that is, exclusion from
the priced inventory) of any quantities of donated materials on hand that are counted but are not to be reported in
the financial statements, for example, because they have no value. If a nonprofit organization has not recorded
material donated items simply because the fair value is difficult to determine and not because they have no value,
the auditor would have a GAAP departure and should modify the auditor's report. Also, the pricing of quantities of
donated materials that are reported in the financial statements should correspond to the fair value assigned at time
of donation. The same lower of cost (or, for donated items, fair value at date of donation) or market pricing and
obsolescence considerations applicable to business enterprises apply.
The Need for Physical Counts. Most practitioners agree that inventories should be adjusted to physical count at
least annually. The one exception generally accepted in annual financial statements is the use of inventory amounts
derived from wellmaintained, perpetual inventory records. (However, many nonprofit organizations do not have
wellmaintained perpetual inventory records and some auditors will not rely on perpetual records unless they are
systematically tested by periodic physical counts.) The lack of sufficient appropriate audit evidence obtained
through reliable counts of inventory at year end either by physical count or perpetual records may cause significant
problems for auditors if the inventory amounts are material to the financial statements. AU 331, Inventories,
provides guidance on several matters relating to observing inventories. As with receivables confirmation proce
dures, auditors who omit inventory observation procedures are required to document the reasons they were able
to do so. Professional standards may require the auditor to modify his or her report.

PROPERTY AND EQUIPMENT
The significance of property and equipment varies greatly with the type of nonprofit organization. A private
foundation, trade association, or community service organization may only own immaterial amounts of office
furniture and equipment, whereas a school, library, broadcasting station, or country club may own significant
amounts of land, buildings, and equipment. The assets may be acquired by purchase or donation, and there may
be restrictions on the use or disposition of donated assets. For example, a donor may specify that the assets are to
be held for investment and eventual resale or may place conditions on when they may be used in program or
supporting services. Also, title to property acquired with restricted funds, including government grants, may revert
to the grantor at the completion of the grant period or cancellation of the program.
365

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Collections are works of art, rare books and documents, botanical specimens, and other items held for display or
study by organizations such as museums, libraries, and historical societies. These items are often acquired by
donation as well as by purchase with unrestricted resources or with donated resources specifically restricted for
such purpose. Collections are also discussed in this section.
Accounting Considerations Property and Equipment
Purchased property and equipment should be capitalized at cost, including all of the costs necessary to place
those assets into service. Donated property and equipment are recorded as contributions in the period received at
fair value. As noted in the Audit Guide, Paragraph 9.06 (FASB ASC 958360301), the capitalized cost of donated
property and equipment includes any costs the organization incurs to place the donated items in service. For
example, if freight or installation costs are incurred to place donated computer equipment in service, those costs
would also be capitalized. If such property or equipment is donated for a specific use, it is reported as a restricted
contribution. This restriction may be temporary or permanent depending on the details of the donor restriction. For
example, if land is donated for use as a camping facility to a youth club with the stipulation that it never be sold, it
would be recorded as an increase in permanently restricted net assets. If an automobile is donated to a senior
citizen organization for use in delivering meals to homebound persons, it would be recorded as an increase in
temporarily restricted net assets. Finally, if a building is donated to an organization with no specific restrictions, it
would be recorded as an increase in unrestricted net assets, in most cases. Cash contributions given for the
purpose of acquiring property or equipment should be recorded initially as an increase in temporarily restricted net
assets and reclassified to unrestricted net assets after the property or equipment has been acquired. Both of these
last two examples (that is, the donated building and cash contributions) are subject to the accounting policy
adopted by an organization regarding donations of property or equipment received without donorimposed restric
tions.
Occasionally, property and equipment are used in connection with an exchange transaction (such as a government
grant contract) where the resource provider retains title to the assets. If it is probable the organization will be
permitted to keep the assets when the contract terminates, the Audit Guide, Paragraph 9.04 (FASB ASC
9586055525), notes the assets should be capitalized and a corresponding contribution should be recognized.
Also, the terms of any such arrangements should be disclosed in the financial statements.
Property and equipment are only classified based on the existence or absence of donorimposed restrictions.
Whether or not an organization's management intends to use a donated asset in its programs and activities or to
sell it has no bearing on its classification in the statement of financial position (but might affect where the asset is
sequenced, if a sequenced statement of financial position is presented).
SFAS No.117 (FASB ASC 958225458) states that the gain or loss on the disposition of property and equipment
should be reported as an increase or decrease in unrestricted net assets unless the proceeds are required to be
reinvested in property and equipment, either permanently or temporarily, in fulfillment of a donor restriction. If the
proceeds are required to be reinvested, the gain or loss should be reported as an increase or decrease in either
permanently or temporarily restricted net assets.
The treatment of property and equipment transactions in the statement of cash flows of a nonprofit organization, as
required by SFAS No.117 (FASB ASC 958205055; 958265454), is generally similar to that of a commercial
enterprise. That is, proceeds from the sale and expenditures for purchases of property and equipment are classi
fied as investing activities. Depreciation, gain or loss on the disposition of property and equipment, and donated
property are all reflected as adjustments to the change in net assets if the indirect method is used. The only
difference is with respect to cash contributions required to be used for the acquisition of property and equipment
in accordance with donorimposed restrictions. Those cash contributions are considered financing activities, not
operating activities.
Initial Values of Property and Equipment. Prior to the effective date of the Audit Guide, SOP 7810 indicated that
nonprofit organizations should retroactively capitalize any unrecorded property and equipment. The SOP stated
that if historical cost information was not available, another reasonable basis could be used to establish the fixed
asset values, including costbased appraisals, insurance appraisals, property tax appraisals adjusted for market,
and replacement cost. The SOP pointed out that an alternative basis should be used only if historical cost
information was not available and only to establish a value at the date the organization adopted SOP7810.
366

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

SOP7810 has now been superseded by the Audit Guide, and the Audit Guide does not provide guidance on
establishing initial values for unrecorded property and equipment. In addition, the Audit Guide does not address
the basis used to value property and equipment that was already capitalized at the date an organization adopted
the Audit Guide. If a nonprofit organization followed SOP 7810's guidance while it was effective, it is believed the
organization does not have to revalue those assets to reflect their historical cost or fair value at the date of donation.
However, the notes to the financial statements should adequately disclose how material amounts of property and
equipment are valued.
If a nonprofit organization that has not previously capitalized fixed assets decides to capitalize those assets (for
example, to eliminate the qualification for the GAAP departure from the auditor's report or because the organization
is being audited for the first time), purchased property and equipment should be valued at its historical cost and
donated property and equipment should be valued at its fair value at the date of donation. However, when
determining the materiality of the amounts involved, the nonprofit organization and its auditor should also consider
that depreciation would also be recorded from the date the assets were acquired. Accordingly, if the organization
has owned the assets for several years, a portion of the assets may be fully depreciated, and the remaining
undepreciated assets may be immaterial to the financial statements.
Accounting Considerations Collections
Although SFAS No.116 (FASB ASC 958360) does not use the terms inexhaustible or exhaustible, it is believed that
SFAS No.116 is applicable only to inexhaustible collections based on its definition of collections. According to
SFAS No.116, Paragraph 11 (FASB ASC 958360251; 9586052519), a nonprofit organization is not required to
capitalize contributed items that are added to collections. Collections are works of art, historical treasures, or assets
of a similar nature that meet all of the following criteria:
Are held for exhibition to the public, for educational purposes, or for research in furtherance of public
service and not financial gain.
Are protected, cared for, and preserved.
Are subject to a policy requiring any proceeds from the sale of collection items to be reinvested in other
collection items.
Although organizations are not required to capitalize contributed items as previously explained, SFAS No.116
(FASB ASC 958360253) nevertheless allows organizations to capitalize previously acquired collections retroac
tively or to capitalize collections on a prospective basis. An organization is not allowed to capitalize only selected
collections or items. If an organization elects to retroactively capitalize its collection, it may capitalize the collection
items at their cost or fair value at the date of acquisition, current cost, or current market value, whichever is the most
practical.
Under SFAS No.116 (FASB ASC 9586052519), contributed collection items are recognized as revenues or gains
if collections are capitalized and are not recognized as revenues or gains if they are not capitalized. In addition,
costs of items purchased, but not capitalized, are reported as decreases in the appropriate class of netassets;
proceeds from the disposition of items are reported as increases in the appropriate class of net assets; and
proceeds from insurance claims for lost or destroyed items are reported as increases in the appropriate class of net
assets. These transactions are to be reported on the face of the statement of activities, separately from revenues,
expenses, gains, and losses.
Organizations that elect not to capitalize their collections or elect to capitalize their collections prospectively are
required to describe their collections, including their relative significance, and their accounting and stewardship
policies for collections in the notes to the financial statements. This disclosure should be referenced from a
statement of financial position caption. This caption may have no dollar amount shown if collections are not
capitalized by the organization. However, if collections are capitalized prospectively by the organization, a dollar
amount will be shown, and the caption will be dated [for example, Collections acquired since January1, 20X1
(Note X)"]. Finally, if collection items that have not been capitalized are disposed of during a period, the disclosures
are required to include a description of the items given away, damaged, destroyed, lost, or otherwise disposed of
during the period or an estimate of their fair value.
367

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Accounting Considerations Depreciation
SFAS No.93, Recognition of Depreciation by NotforProfit Organizations (FASB ASC 958360351 through 356),
requires all nonprofit organizations to depreciate longlived tangible assets except, if certain conditions are met,
individual works of art or historical treasures. SFAS No.93, Paragraph 6 (FASB ASC 958360353), provides one
exception to its depreciation requirement, as follows:
...depreciation need not be recognized on individual works of art or historical treasures whose
economic benefit or service potential is used up so slowly that their estimated useful lives are
extraordinarily long. A work of art or historical treasure shall be deemed to have that characteristic
only if verifiable evidence exists demonstrating that (a) the asset individually has cultural,
aesthetic, or historical value that is worth preserving perpetually and (b) the holder has the
technological and financial ability to protect and preserve essentially undiminished the service
potential of the asset and is doing that.
Note that SFAS No.93 merely requires depreciation of assets that have been capitalized. It does not address
measurement, display, or asset recognition issues; thus, it does not require capitalization of collections that are not
at present capitalized under the provisions of SFAS No.116.
Provision for Plant Replacement, Renewal, and Special Maintenance (PPRRSM). Some nonprofit organiza
tions, such as private schools, choose to fund" the cost of facilities maintenance and renovations on an annual
basis. Under PPRRSM funding, the nonprofit organization typically calculates some percentage of the replacement
cost of the organization's buildings and equipment (for example, 3%5%) and then each year designates that
amount as additional unrestricted net assets for major replacements, repairs, or renovations. PPRRSM funding is
not the same as depreciation expense. Depreciation expense is an allocation of the historical cost of property and
equipment to the periods and functional areas benefited. PPRRSM funding is simply designating a portion of
unrestricted net assets for a specific purpose. A detailed discussion of PPRRSM accounting entries is beyond the
scope of this course. Such a discussion, as well as example journal entries, may be found in the National
Association of Independent Schools' publication Business Management for Independent Schools, (5th edition).
The publication may be ordered by calling (800) 7936701, or via the NAIS website at www.nais.org.
Impairment or Disposal of Longlived Assets
Sometimes changes in operating conditions raise doubts about an organization's ability to fully recover the
carrying value of a particular longlived asset. When it is determined that the carrying value will not be fully
recovered, an asset is considered impaired. SFAS No.144, Accounting for the Impairment or Disposal of Long
Lived Assets (FASB ASC 36010), provides guidance on the recognition and measurement of an impairment loss.
Accounting Considerations Asset Retirement Obligations. SFAS No.143, Accounting for Asset Retirement
Obligations (FASB ASC 41020), provides guidance on accounting for obligations associated with the retirement of
tangible longlived assets and the associated asset retirement costs. FASB Interpretation No. 47, Accounting for
Conditional Asset Retirement Obligations an interpretation of FASB Statement No. 143 (FIN 47), clarifies how to
apply SFAS No. 143 when a conditional asset retirement obligation (CARO) exists. As described in FIN 47, the legal
obligation within a CARO is not conditional; it is the timing and/or the method of performing the asset retirement
activity that are conditional on future events. The fair value of a CARO is recorded, despite these uncertainties, if it
can be reasonably estimated. SFAS No. 143 applies to retirements due to acquisition, construction, development,
or the normal operation of assets.
Internal Control Considerations Property and Equipment
The nonprofit organization should have controls in place to ensure that all contributions of property and equipment
have supporting documentation and are recorded at fair value. All those contributions should be reviewed to
ensure that donorrestrictions are complied with. Procedures are also needed to isolate those assets not used for
operating purposes for proper disclosure. If the nonprofit organization obtains moneys (either grants or exchange
contracts) that have special requirements for property and equipment acquisitions (for example, requirements for
competitive bidding, to use only local equipment sources, or to obtain grantor approval), then the organization will
need controls to see that those requirements are met. Also, nonprofit organizations should have controls in place,
368

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

such as capital budgets that are approved by the governing board, to ensure that all property and equipment
acquisitions are properly authorized.
Internal Control Considerations Collections
The nonprofit organization should have policies and procedures in place to ensure that items considered collec
tions (either capitalized or noncapitalized) meet the definition in SFAS No.116 (FASB ASC 95836020). Even if the
nonprofit organization chooses not to capitalize its collections, the organization should still have controls over
those collection items. These include controls to track recording and authorization of acquisitions or contributions
(accessions) and disposals (deaccessions) of collection items, controlling physical access to the collections, and
performing periodic physical inspections of the collections. The organization will also need to have controls in
place to ensure that purchases of collection items are authorized.
Donated collection items may have donor restrictions attached. The nonprofit organization should have policies in
place to ensure that donor restrictions are monitored. Controls should also be in place to ensure that all contributed
collection items are recorded at fair value if it is the organization's policy to capitalize collections.
Auditing Considerations Property and Equipment
Basic auditing procedures for property and equipment of nonprofit organizations are similar to those of small
businesses and focus on reviewing support for recorded additions and dispositions, determining appropriate
amounts of depreciation, and reviewing maintenance and repairs accounts for expensed items that should be
capitalized. Also, lease agreements and rent expense should be reviewed for leases that should be capitalized. The
auditor should review minutes and documents relating to donations for evidence of donated assets that should be
capitalized. The auditor should obtain evidence about the fair value of donated assets by inquiry of donors or
manufacturers, reference to trade periodicals or catalogs, review of documentation of valuation for insurance
purposes, appraisal reports, etc. The auditor may need to follow the guidance in SAS No.73, Using the Work of a
Specialist, with respect to fair values of donated assets based on appraisals. Also, the auditor should consider
whether any donorimposed restrictions apply to the use or disposition of the assets and whether such restrictions
have been complied with and properly reflected in accounting for the assets. The auditor may decide to confirm
donated assets and related restrictions with donors. Also, physical inspection of assets may be appropriate. The
auditor should also be alert for indications that longlived assets have been impaired.
The following additional audit considerations for property and equipment are discussed in Chapter9 of the Audit
Guide:
If property and equipment are not held for operating purposes, the auditor should determine that they are
separately disclosed as required by the Audit Guide, Paragraph 9.13.
If there are special requirements for property and equipment acquired with grants or restricted moneys,
the auditor should determine that the organization is in compliance with those requirements.
If donor restrictions were met during the period, the auditor should determine that the appropriate
reclassifications of net assets were made on the statement of activities.
If the nonprofit organization has access to property or equipment without owning or leasing it, the auditor
should inquire about the transaction and determine that the financial statements disclose the nature of the
relationship with the owner of the property or equipment as required by the Audit Guide, Paragraph 9.16.
Auditing Considerations Depreciation
Special considerations may be necessary to audit the depreciation provisions of SFAS No.93 (FASB ASC
958360351 through 356). It may be necessary to review appraisals of useful lives and salvage values. Also, if the
client claims the exception from depreciation applicable to individual works of art or historical treasures, the auditor
should consider support for the client's assertion that the conditions in SFAS No.93 (FASB ASC 958360353) are
met, that is, that the asset has cultural, aesthetic, or historical value worth preserving, and that the nonprofit
organization has the technical and financial ability to preserve the asset from the effects of pollution, vibrations, etc.,
369

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

and is doing so. Often, the aesthetic, cultural, or historical value of the item is recognized at the time of purchase,
donation, or discovery and can be supported by news accounts or documentation related to acquisition. Some
times, official designation as a landmark or historical treasure by an entity such as a governmental landmarks
commission may provide evidence about cultural or historical value. Opinions of experts may be necessary as
evidence. The nonprofit organization's past and current preservation activities and expenditures, and its overall
financial position, may provide evidence about its ability to preserve the items. The physical condition of the assets
may provide an indication of whether the organization is preserving them; for example, damaged or deteriorated
assets might indicate that they are not being preserved.
Auditing Considerations Collections
The auditor should review minutes of the governing board for any current period acquisitions or disposals of
collection items. If collection items are acquired by purchase rather than donation, the auditor should review
documentation to ensure that the collection items are recorded at cost. Contributed collection items should be
reviewed to determine the propriety of the client's estimate of fair value at the date of donation. If the nonprofit
organization elected to retroactively capitalize collections when SFAS No.116 (FASB ASC 958360253) was
adopted, all collection items must be capitalized.
Obtain an Understanding of Controls. The Audit Guide, Paragraph 7.17, states that even if a nonprofit organiza
tion chooses not to capitalize its collections, the auditor is not relieved of his or her responsibility to obtain an
understanding of the organization's controls over collection items. These controls are a part of the organization's
control environment. An auditor is required to obtain an understanding of the organization's control environment.
However, the auditor is not required to test the operating effectiveness of controls over collections.
The auditor should review the organization's policies for determining that collections (capitalized and noncapital
ized) are appropriately classified and accounted for. Nonprofit organizations that choose not to capitalize collec
tions must still present financial statement disclosures related to collections (for example, description and
significance of the collection and description of deaccessed collection items that were not capitalized). The auditor
should obtain sufficient, appropriate audit evidence to support those disclosures. Nonprofit organizations that
capitalize collections report activity related to collections in the financial statements (for example, contribution
income or gain/loss on deaccessions). Audit evidence may be obtained by reviewing documents supporting
accessions and deaccessions, by reviewing minutes of the governing board for current period acquisitions and
disposals, and by inquiring of responsible client personnel concerning deaccessions from the collection (for
example, curators responsible for the collection).
Review Donor Restrictions. The definition of a collection in SFAS No.116 (FASB ASC 9583602) requires the
collection to be subject to an organizational policy that restricts the use of any proceeds from the sale of any
collection item to the purchase of a new collection item. An organizational policy is not the same as a donor
imposed restriction. Thus, only donor restrictions determine the appropriate net asset classification (unrestricted,
temporarily restricted, or permanently restricted net assets) for capitalized collections. If the nonprofit organization
chooses not to capitalize collections, the auditor should still consider donor restrictions. For example, the donor
may not allow an organization to sell a collection item. The restrictions may be noted when reviewing donor
correspondence or minutes of the governing board.
Consider Physical Inspection. Due to the value of most collections, physical inspection of collection items may be
appropriate. Also, the auditor should review the nonprofit organization's reconciliation of its physical inspection to
its accounting records. At a minimum, the auditor should review the organization's procedures for controlling the
collections and for performing periodic physical inspections.
Common Property and Equipment Fraud Schemes, Symptoms, and Related Audit Responses
Examples of common fraud schemes related to property and equipment and procedures that may be performed in
response to those schemes are provided for both misappropriation of assets (Exhibit 24) and fraudulent financial
reporting (Exhibit 25). For misappropriation of assets, Exhibit 24 also lists the symptoms (also called red flags or
indicators) auditors may observe that indicate the presence of a particular fraud scheme. For fraudulent financial
reporting schemes presented in Exhibit 25, symptoms generally relate to fraud risk factors such as the desire to
370

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

understate unrestricted net assets to avoid potentially negative effects on fundraising. Those risk factors may
provide an incentive or pressure to manipulate the financial statements.
Exhibit 24
Common Property and Equipment Fraud Schemes, Symptoms, and
Related Audit Responses Misappropriation of Assets
Fraud Scheme

Audit Responsesa

Symptoms

Theft of property.

Unusual or unexpected asset pur
chases.
Unusual or unexpected fluctuations in
balance or depreciation accounts.
Unusual or unexpected changes in
ancillary accounts.
Missing assets.

Count property.
Review fully depreciated assets.
Analyze salvage and scrap sales.
Match sales of assets to reorders of
replacement assets.
Review reconciliation between detail
and general ledger.
Analyze capital expenditures.

Personal capital
improvements paid
by organization.

Unusual or unexpected fluctuations in
balance or depreciation accounts.
Changes in lifestyle.

Count property.
Review reconciliation between detail
and general ledger.
Analyze capital expenditures.
Inspect capital improvements.

Manipulation of
records to conceal
other fraud.

Unusual or unexpected fluctuations in
balance or depreciation accounts.
Unusual or unexpected changes in
ancillary accounts.

Review journal entries.
Review reconciliation between detail
and general ledger.
Count property.
Analyze capital expenditures.

Note:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*

371

*

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 25
Common Property and Equipment Fraud Schemes, and
Related Audit Responses Fraudulent Financial Reporting
Audit Responsesa

Fraud Scheme
Buying personal assets for manage
ment to own and recording them as
organization assets.

Scrutinize additions to property and equipment.
Review property and equipment detail records.

Understating depreciation.

Test depreciation calculations.
Assess propriety of depreciation methods, estimated useful lives,
estimated salvage values compared to those used in prior periods.
Obtain explanations and review supporting documentation for changes.
Calculate an average amortization period for the organization's
depreciable asset base and compare it to prior periods and bench
marks.

Not removing assets disposed of
from the books.

Perform physical inventory of property.
Review property and equipment detail records.
Inspect records for miscellaneous cash receipts and other income for
evidence of proceeds from fixed asset dispositions.

Failing to write down impaired
assets.

Interview operations personnel and others who might have knowledge
of indications of impairment.
Physically inspect potentially impaired assets as considered necessary.

Changing the approach used to
determine writedowns to manipulate
changes in net assets.

Review the determination of writedowns for consistency with prior
periods.
Interview management about the reasons for changes in the approach
used to determine writedowns.

Note:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*

*

DEBT AND OTHER LIABILITIES
Accounting and Auditing Considerations
Similar to business enterprises, nonprofit organizations may incur unsecured or secured debt; for example,
longterm debt secured by a mortgage on property or equipment. The auditing considerations are generally the
same as for a small business audit, that is, confirmation of amounts and terms of debt with creditors, vouching of
transactions, analytical tests of interest expense, consideration of compliance with terms of debt covenants, and
focus on financial statement presentation and on disclosure of terms, restrictions, and pledged assets related to
debt agreements.
Generally, confirmation of debt terms provides the auditor with sufficient appropriate audit evidence for relevant
assertions related to debt. With the increasing complexity of debt agreements, inspection of loan agreements has
also become a necessary procedure on all audits to identify items such as restrictive covenants, pledged assets,
and terms. That inspection, along with inquiry of the client, should provide the auditor with details about the
372

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

financing arrangement to confirm with the financial institution. Also, inspection of lease documents is normally
performed in the notes payable procedures to identify capital leases.
If inspection of the loan agreement reveals a debt covenant violation, it may be necessary to classify the loan as a
current liability, if a classified statement of financial position is presented. According to ARB 43, as amended, (FASB
ASC 470104511), debt that is callable because of such violations must be classified as current unless one of the
following conditions is met:
The lender has waived or lost the right to call the loan within a year from the statement of financial position
date.
The loan has a grace period that allows the debtor to cure the covenant violation within that period, and
it is probable that the violation will be cured.
When auditors find loan covenant violations, they should request that the client obtain a waiver letter, unless the
organization cures the violation within the grace period.
Some longterm loan agreements include due on demand" clauses. In those cases, the client should obtain an
unconditional waiver of the lender's rights to call the debt through the next fiscal year. If an unconditional waiver is
obtained, the debt can be classified as noncurrent. If such a waiver is not obtained, the debt should be classified as
current. Also, some loan agreements have subjective acceleration clauses, which allow the lender to call the debt
based on subjective criteria such as material adverse changes." FASB Technical Bulletin 793, Subjective Accel
eration Clauses in LongTerm Debt Agreements (FASB ASC 47010452), applies to these situations. If the auditor
believes that it is likely the lender will call the loan based on such criteria, it is believed the debt should be classified
as current unless the acceleration clause is waived unconditionally through the next fiscal year. If the likelihood of
acceleration of the due date is remote, neither reclassification of the debt nor disclosure of the existence of the
clause is required. Evidence that the likelihood of acceleration of the due date is remote includes:
History with the lender (for example, the lender has not accelerated due dates of loans containing similar
clauses).
The entity's financial condition is strong.
Classification of revolving debt agreements can also be an issue. According to EITF Issue No. 9522 (FASB ASC
47010453 through 456), if a line of credit both (a) contains a subjective acceleration clause and (b) requires
customer payments to be made directly to a lockbox account which is then applied directly to the outstanding
balance of the line of credit, it must be classified as a current liability even though the agreement may not expire
until more than one year after the statement of financial position date. These agreements may be fairly common
and the classification issues can be easily overlooked by basing the classification on the expiration date of the
agreement.
When a client obtains a waiver letter for a covenant violation or a demand clause, the auditor must evaluate whether
the waiver is sufficient to classify the debt noncurrent. To be an adequate waiver, the lender must have forfeited the
right to call the loan because of that clause or that violation, and the waiver must extend throughout the next fiscal
year. If not, the waiver is inadequate and the debt should be classified as current. The following additional guidance
is offered for evaluating the effectiveness of waiver letters:
Wording such as The lender does not presently intend to enforce its rights under the Agreement" would
not be sufficient because the lender may change its intentions during the next fiscal year.
A waiver through some date before the end of the next fiscal year would not be sufficient if the organization
is likely to be in violation of the debt covenant at that point.
When the violation relates to a single transaction, such as an equipment purchase, the waiver need only
extend to the statement of financial position sheet date, if there are no other violations after that date.
SAS No. 103 (AU 530) requires the auditor's report to be dated no earlier than the date the auditor has obtained
sufficient audit evidence to support the auditor's opinion. Accordingly, auditors should not date their audit report
373

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

until they have obtained written waiver of covenant violations, and their subsequent events procedures should be
extended until that date.
Tests of interest expense and accrued interest usually include an overall calculation, based on the average principal
amounts outstanding during the period and contractual interest rates. If this computation results in a reasonable
expense when compared to recorded interest expense, the adequacy of accrued interest payable is also tested.
Loans Made in Lieu of Grants. While most foundations make outright contributions or grants to other nonprofit
organizations, some foundations instead make loans to nonprofit organizations.
Guarantees. Some nonprofit organizations assist other nonprofit organizations by guaranteeing their debt or by
guaranteeing that their revenue for a specified period of time will be at least a specified amount, without receiving
compensation (called a premium) in exchange. FASB Interpretation No. 45, Guarantor's Accounting and Disclosure
Requirements for Guarantees, Including Indirect Guarantees of Indebtedness of Others (FASB ASC 46010),
clarifies that there is a liability associated with guarantees. A guarantee involves both contingent and noncontingent
elements. The guarantor's obligation to stand ready to perform under the guarantee is noncontingent. The guaran
tor's obligation to make future payments if certain triggering events occur is contingent on the occurrence of those
events.
The guarantor is required to recognize a liability for the fair value of a guarantee at inception even if it is not probable
that payments will be required under that guarantee. The amount recognized at inception should be the greater of
(a) the fair value of the guarantor's obligation (the noncontingent element) or (b) the loss contingency that should
be recognized under SFAS No. 5 (FASB ASC 45020) (that is, the amount of future payments under the guarantee
that are probable and can be reasonably estimated).
Auditors ordinarily evaluate whether management's assertion about the fair value of a guarantee is reasonable by
considering the premium received or receivable, prices for similar transactions with unrelated parties, or the use of
present value techniques.
Overauditing and Underauditing Tendencies for Debt and Other Liabilities
Common overauditing tendencies for debt and other liabilities include
Preparing extensive analysis schedules for immaterial accrued expenses. In many cases, accrued
expenses can be tested effectively through analytical procedures.
Performing extensive testing of notes payable and accrued interest for nonprofit organizations with a simple
debt structure.
Performing complex interest tests when analytical procedures may be adequate.
Attempting to apply sampling procedures to liability accounts.
Confirming accounts payable when there is a moderate or low risk of understatement.
When accounts payable are confirmed, postponing selection of accounts payable confirmations until the
account listing has been completed. This delays response time and may overlook vendors who are not
recorded on the listing.
Common underauditing tendencies for debt and other liabilities include
Inadequate testing of disclosure information required for employee benefit plans.
Failure to disclose longterm debt maturities for each of the five years following the statement of financial
position date (if applicable).
Lack of proper inspection of debt instruments.
374

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Overlooking appropriate classification of note agreements containing due on demand" or subjective
acceleration clauses.
Overlooking violations of debt covenants or legal requirements.
Failing to consider whether the organization has the ability to pay current debt maturities or to refinance
the debt.
Overlooking the need to impute interest when the stated interest rate on notes payable exchanged for
property, goods, or services is not reasonable in comparison with prevailing market conditions.
If accounts payable are confirmed, sending confirmations to only material outstanding balances at the
statement of financial position date.
Inadequate coordination of procedures in the search for unrecorded liabilities. For example, the auditor
only examines subsequent disbursements without considering unprocessed invoices after the statement
of financial position date.
Common Debt and Other Liabilities Fraud Schemes, Symptoms, and Related Audit Responses
Examples of common fraud schemes related to debt and other liabilities and procedures that may be performed in
response to those schemes are provided for both misappropriation of assets (Exhibit 26) and fraudulent financial
reporting (Exhibit 27). For misappropriation of assets, Exhibit 26 also lists the symptoms (also called red flags or
indicators) auditors may observe that indicate the presence of a particular fraud scheme. For fraudulent financial
reporting schemes presented in Exhibit 27, symptoms generally relate to fraud risk factors such as the desire to
understate unrestricted net assets to avoid potentially negative effects on fundraising. Those risk factors may
provide an incentive or pressure to manipulate the financial statements.
Exhibit 26
Common Debt and Other Liabilities Fraud Schemes, Symptoms, and Related Audit
Responses Misappropriation of Assets
Fraud Scheme

Audit Responsesa

Symptoms

Unauthorized borrowing.

Unexpected liens on organiza
tion assets.
Unusual or unexpected changes
in lifestyle.

Confirm or contact lenders.
Search public records and credit
reports.
Examine loan documents.
Vouch and trace loan proceeds.

Diversion of loan proceeds.

Unexpected loss of cash flow.

Vouch and trace loan proceeds.

Note:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*

375

*

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 27
Common Liabilities and Other Liabilities Fraud Schemes, and Related Audit Responses Fraudulent
Financial Reporting
Audit Responsesa

Fraud Scheme
Not recording amounts due to vendors.

Search for unrecorded liabilities.
Confirm accounts payable.

Understating amounts purchased.

Search for unrecorded liabilities.
Confirm accounts payable.
Analyze changes in gross profit.

Failing to record or understating accrued expenses.

Search for unrecorded liabilities.
Analyze accruals of expenses.
Analyze historical trends in accruals and related
expense accounts.

Understating payroll obligations.

Examine subsequent payroll disbursements.
Analyze payroll calculations and related accruals.

Failing to disclose status of loan covenants with
lenders.

Confirm with lenders.

Misclassifying current maturing debt as longterm
(especially for covenant violations, demand clauses, or
acceleration clauses).

Unrecorded debt or undisclosed liens on assets.

Confirm with lenders.
Inspect board of directors' minutes for authorization
of debt.

Inspect loan documents.
Confirm with lenders.
Analyze status of loan covenants.
Recompute current maturities of longterm debt.

Note:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*

*

NET ASSETS
Net assets represent the difference between assets and liabilities. They are classified based on the presence or
absence of donorimposed restrictions as either (a) unrestricted, (b) temporarily restricted, or (c) permanently
restricted. Temporarily restricted net assets are those whose use has been limited by donorimposed time restric
tions or purpose restrictions. Permanently restricted net assets are net assets required by donor restriction or by
law to be maintained by the organization in perpetuity. Unrestricted net assets are all other net assets. Membership
equity" or similar terms are also frequently used in practice (that is, in financial statements) to describe the net
assets of membership organizations such as lodges and country clubs.
In keeping with the focus on the nonprofit organization as a whole, SFAS No.117 (FASB ASC 958205452)
requires providing information about the three classes of net assets. The amounts for each of the three classes of
net assets and total net assets are required to be reported on the face of the statement of financial position. In
addition, SFAS No.117 (FASB ASC 958205452) requires additional information to be reported for temporarily
376

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

and permanently restricted net assets. That information includes a description and dollar amount of the different
types of permanent restrictions and the different types of temporary restrictions. For example, permanent restric
tions may exist with regard to property that may not be sold and to assets required to be invested to provide a
permanent source of income. Similarly, temporary restrictions may exist with regard to support for a particular
project or for a future period. The additional information about the nature and amounts of temporarily restricted and
permanently restricted net assets may be presented either on the face of the statement of financial position as
secondary captions of those classes of net assets or in the notes to the financial statements. Although not required,
SFAS No.117 (FASB ASC 9582104511) suggests that information regarding boarddesignated portions of
unrestricted net assets may be useful and may also be provided on the face of the statement of financial position
or in the notes to the financial statements.
FASB's NotforProfit Endowments Project. In October 2007, the FASB directed its staff to draft guidance that
would address the potential effect of the adoption of the Uniform Prudent Management of Institutional Funds Act
(UPMIFA) on the classification of net assets related to donorrestricted endowment funds. Accordingly, in August
2008 the FASB issued FSP FAS 1171, Endowments of NotforProfit Organizations: Net Asset Classification of
Funds Subject to an Enacted Version of the Uniform Prudent Management of Institutional Funds Act, and Enhanced
Disclosures for All Endowment Funds. UPMIFA states that unless stated otherwise in the gift instrument, the assets
in an endowment fund are donorrestricted assets until appropriated for expenditure by the institution." FSP FAS
1171 states that until the term appropriated for expenditure is interpreted by legal or regulatory authorities, for the
purpose of applying the FSP it is deemed to occur upon approval for expenditure, unless approval is for a future
period, in which case appropriation is deemed to occur when that period is reached." The FSP clarifies that a
nonprofit organization should classify the portion of a donorrestricted endowment fund that is not permanently
restricted by the donor or by law as temporarily restricted net assets (time restricted) until it is appropriated for
expenditure and donorimposed purpose restrictions, if any, are met. When the purpose restrictions, if any, on the
portion of donorrestricted endowment funds are met and the appropriation has occurred, temporarily restricted net
assets are reclassified to unrestricted net assets.
FSP FAS 1171 also requires additional disclosures applicable to all nonprofit organizations, even if the organiza
tion is not yet subject to a version of UPMIFA. Those disclosures provide: (a) a description of the organization's
policies for making appropriations for expenditures from endowment funds (i.e., the organization's endowment
spending policies), (b) a description of the organization's investment policies for endowment funds, (c) a descrip
tion of the organization's endowment by net asset class at the end of the period in total and by type of endowment
fund, (d) a reconciliation of the beginning and ending balances of endowment funds in total and by net asset class,
and (e) a description of the organization's interpretation of the law(s) underlying the net asset classification of
donorrestricted endowment funds.
Reclassifications
Reclassifications generally occur only between temporarily restricted net assets and unrestricted net assets after
donor restrictions have been satisfied. For example, if a cash donation is made for purchasing equipment,
temporarily restricted net assets are reduced when that equipment is placed in service, with an offsetting increase
in unrestricted net assets.
However, the Audit Guide, Paragraph 5.40 (FASB ASC 9582254513), indicates that donors can impose restric
tions on otherwise unrestricted net assets that could result in a reclassification from unrestricted net assets to
restricted net assets. For example, a donor might give a contribution of $100,000 to establish an endowment with
the stipulation that the organization match the contribution with $100,000 of unrestricted net assets. In that
situation, $100,000 of unrestricted net assets would be reclassified to permanently restricted net assets, and the
organization would have no discretion about releasing those permanent restrictions.
Additionally, the Audit Guide, Paragraph 11.13, indicates that reclassifications may result from donor withdrawal or
court action removal of previously imposed restrictions.
Reclassifications have no net effect on the total net assets of a nonprofit organization as a whole. Reclassifications
should be separate line items within the statement of activities and typically will be reported as increases in
unrestricted net assets, separate from revenues, gains, and other support, with offsetting decreases in temporarily
restricted net assets.
377

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Designations
Designations are voluntary boardapproved segregations of unrestricted net assets for specific purposes, projects,
or investments. The governing board of the nonprofit organization may approve designations as an aid in planning
future expenditures, but designations are not expenses and should not be reported in the statement of activities.
Since designations are voluntary and may be reversed by the governing board at any time, designated portions of
net assets are not considered restricted. Designations may be reported as classifications of unrestricted net assets
on the statement of financial position or may be disclosed in the notes to the financial statements. However, SFAS
No.117 (FASB ASC 9582054515) requires them to be reported as part of the unrestricted class of net assets.
Auditing Considerations
Generally, the audit considerations for net assets include compliance of reclassifications with donor restrictions,
proper classification of net assets, and disclosure. The auditor must consider whether reclassifications are in
compliance with the terms of the donor agreements and in compliance with any legal requirements. The auditor
should review board approvals for any net asset designations and determine that they are properly presented in the
financial statements. Finally, the auditor should consider the classification of net assets and disclosure require
ments regarding the classes of net assets.

STATEMENT OF ACTIVITIES ACCOUNTS
Overauditing and Underauditing Tendencies for Statement of Activities Accounts
Analytical procedures, along with procedures performed in auditing statement of financial position accounts, may
allow auditors to conclude that they have obtained, completely or in part, sufficient appropriate audit evidence for
relevant assertions related to most statement of activities accounts. Accordingly, in the PPC audit approach,
extensive tests of details of these accounts normally are not needed.
Common overauditing tendencies for statement of activities accounts include
Duplication of Revenue Audit Evidence. In many cases, analytical procedures and the audit procedures on
receivables provide sufficient evidence for relevant assertions related to support or revenue. In such cases,
tests of details of support or revenue accounts are unnecessary.
Inappropriate Tests of Service Fee Transactions. Some auditors test individual service fee transactions
when the primary objective is to obtain evidence about the completeness of recorded service fees. If such
tests do not use the original documents generating such fees (such as a service log), the test is invalid and
provides evidence about occurrence instead of completeness.
Excessive Details Tested for Support or Revenue Transactions. In situations where tests of controls are
needed, some auditors examine all details associated with individual support or revenue transactions when
performing tests to support occurrence or completeness. The auditor should be careful todesign tests of
support or revenue transactions to accomplish specific objectives.
Premature Explanation of Significant Differences. Some auditors attempt to explain significant differences
in statement of activities accounts before audit adjustments are recorded. This may be appropriate if very
few adjustments are typically prepared. However, some nonprofit organizations require many adjustments
before the audit is completed, and significant differences should be explained only after the adjustments
have been reflected.
Excessive Substantive Tests of Expenses. Some auditors perform both extensive tests of disbursements
and extensive analytical procedures. It is believed auditors should concentrate on analytical procedures
and perform tests of transactions in those situations with higher assessed risks of material misstatement
or the results of analytical procedures do not provide sufficient assurance. In any case, heavy emphasis
on both types of procedures generally results in duplication.
Excessive Payroll Testing Procedures. Some auditors perform both extensive tests of details of payroll
transactions and extensive analytical procedures. Auditors can usually design effective analytical tests of
378

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

payroll and, thus, should minimize or eliminate detailed tests of payroll transactions. If a test of payroll
transactions is determined to be necessary based on the assessment of risks, the auditor should avoid
examining all individual items associated with the payroll transactions such as FICA calculations. Only the
key elements of the payroll transaction should be identified and recomputed for accuracy and propriety.
Authorization of the payroll amount and appropriate classification are the two major elements that should
be tested.
Elaborate Documentation of Tests of Transactions. Some auditors provide elaborate tieins of tests of
transactions in various areas of support or revenue and expense. This documentation reflects all individual
amounts necessary to tie the selected items to the general ledger summary amounts. Such detailed
documentation is not necessary and can be adequately presented in a memo describing the work
performed and the disposition of exceptions, if any.
Common underauditing tendencies for statement of activities accounts include
Failure to Test Support or Revenue for Completeness. Many auditors fail to address the completeness of
support or revenue. Completeness can typically be tested through analytical procedures, particularly if
reliable predictive tests of total support or revenue are possible.
Failure to Relate Amounts to Statement of Financial Position Areas. Some auditors fail to reconcile individual
support or revenue or expense account balances with related statement of financial position work
performed (for example, depreciation expense).
Accepting Inadequate Reasons for Significant Differences. Some auditors tend to simply accept client
explanations regarding significant unexpected differences. Such explanations generally should not be
accepted without supporting information from other reliable sources. Such sources may include evidence
obtained in other audit areas or information outside the organization.
Lack of Proper Inspection of Grant Agreements to Determine Allowable and Nonallowable Costs.
Inadequate Inspection of Lease Documents That Overlooks Capital Leases. Also, disclosures for both
capital and operating leases are often overlooked.
Common Cash Disbursement Fraud Schemes, Symptoms, and Related Audit Responses
Examples of common fraud schemes related to cash disbursements, and procedures that may be performed in
response to those schemes, are provided for misappropriation of assets at Exhibit 28. That exhibit also lists the
symptoms (also called red flags or indicators) auditors may observe that indicate the presence of a particular fraud
scheme.

379

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Exhibit 28
Common Cash Disbursement Fraud Schemes, Symptoms, and Related Audit
Responses Misappropriation of Assets
Fraud Scheme

Audit Responsesa

Symptoms

Kickbacks.

Higher than usual costs.
Lower quality goods or services.
Excess goods or services.
Vendor complaints.
Customer complaints.
Employee tips.
Improper or unauthorized payment for goods
or services.
Unusual, unexpected, or unexplained fluctua
tion in payables, expenses, or disbursements.
Increase in purchases from favored vendors.
Unusual changes in behavior or lifestyle.

False or inflated ven
dor invoices.

Higher than usual costs.
Excess goods or services.
Copies of supporting documents instead of
originals.
Unusual or unauthorized vendors added to
vendor list.
Improper or unauthorized payments.
Unusual vendor names or addresses.
Unusual endorsements on checks. Vendors
with alternate addresses.
Unusual, unexpected, or unexplained fluctua
tion in payables, expenses, or disbursements.
Unusual changes in behavior or lifestyle.

Review vendor lists.
Vouch and trace documents.
Confirm with third parties.
Review contracts and bids.
Review personnel files.
Conduct interviews.

Excess purchasing
schemes.

Higher than usual costs.
Unusual, unexpected, or unexplained fluctua
tion in payables, expenses, or disbursements.
Employee tips.
Unusual changes in behavior or lifestyle.
Unusual or unexpected increase in days sales
in inventory ratio.

Vouch and trace.
Review vendor lists.
Conduct interviews.
Confirm with third parties.

Duplicate payment
schemes.

Copies of supporting documents instead of
originals.
Unusual endorsements on checks.
Improper or unauthorized payments.
Improper cancellation of paid vendor invoices.
Altered or modified vendor invoices.
Duplicate payments.
Unusual changes in behavior or lifestyle.
Unusual or unexpected increase in days sales
in inventory ratio.

Vouch and trace.
Confirm with third parties.
Review personnel files.
Conduct interviews.
Use database software to iden
tify payments in the same
amount to the same employee
or vendor.

380

Vouch and trace documents.
Review contracts and bids.
Review personnel files.
Conduct interviews.
Analyze disbursement
records.
Prepare a list that groups ven
dors by size and calculate the
dollar and percentage change
in purchases for the period.

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Fraud Scheme

Symptoms

Audit Responsesa

Theft of disbursement
checks.

Missing checks or checks out of sequence.
Unusual endorsements on checks.
Unusual payees.
Altered checks.
Poor safeguards over unused checks, or lack
of segregation of duties.
Unlimited access to checks or check printing
machines.
Stale checks on bank reconciliations.

Prepare an inventory of
unused checks.
Vouch and trace (include
review of cancelled checks for
proper signature).
Review journal entries.
Review bank reconciliations.
Prepare proof of cash.
Conduct interviews.
The general ledger software
may be able to print a report
listing of all out of sequence or
missing check numbers.

Employees writing
checks to themselves.

Unusual payees (such as checks written to
cash, employees, or unapproved vendors).
Complaints from investors.
Missing cancelled checks.
Altered cancelled checks.
Disbursements with missing or unusual sup
porting documentation.
Discrepancies between payee on checks and
check registers.
Unusual changes in behavior or lifestyle.
Unusual or unexpected fluctuations in payroll
expense.

Review bank reconciliations.
Vouch and trace (include
review of cancelled checks
and
compare
cancelled
checks
to
disbursement
records).
Confirm with third parties.
Review personnel files.
Conduct interviews.

Contract and bidding
fraud.

Use software to list the total
amounts paid vendors in
descending order.
Review contracts and bids.
Vouch and trace.
Review personnel files.
Conduct
interviews
with
employees or vendors (or
unsuccessful bidders).

Higher than usual costs.
Excess goods or services.
Unusual bid specifications.
Unusual or unexpected bidding patterns or
activities.
Unusual or unexpected contract award pat
terns.
Unusual or unexpected change orders or
contract changes.
Improper, unusual, unexpected, or unautho
rized goods or services used by contractor.
Customer complaints about receiving inferior
products or services.
Complaints from unsuccessful bidders.
Not receiving goods or services ordered.
Unusual changes in behavior or lifestyle.

Expense report fraud.

Unusual or unexpected fluctuations, patterns,
or amounts of travel and entertainment, or
employee expense accounts.

Vouch and trace.

Unauthorized use of
organization credit
card.

Unusual or unexpected charges on credit card
statement.
Charges on credit card statement without
related receipt.

Review credit card statements.

381

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Note:
a

In addition to the specific responses listed, the auditor may also interview client personnel in areas where the
auditor is concerned about the risk of fraud or test controls designed to detect the fraud. The auditor's overall
response to fraud risks involves more general, or overall, considerations separate from the specific responses
illustrated.

*

*

382

*

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY QUIZ
Determine the best answer for each question below. Then check your answers against the correct answers in the
following section.
35. The auditor may consider analytical procedures effective and efficient to test payroll for which of the following?
a. A stable workforce
b. A revolving workforce with many volunteers
c. A nonprofit client
d. An exchange transaction
36. Which of the following focuses primarily on postretirement health care benefits?
a. SFAS No. 87
b. SFAS No. 106
c. SFAS No. 116
d. SFAS No. 117
37. Which of the following should a nonprofit record at fair value?
a. Purchased inventory
b. Donated inventory
c. Donated items that cannot be sold or used internally
d. Agency transactions involving donated materials
38. Donated property and equipment are classified according to the nonprofit's intended use of the donation.
a. True
b. False
39. If a debt covenant violation is found during an audit of a nonprofit client,
a. the auditor must be prepared to withdraw from the audit engagement.
b. the creditor must issue a waiver letter.
c. the loan must be classified as current unless the situation is resolved.
d. the debtor must cure the violation within the grace period.
40. Overlooking capital leases may be a symptom of:
a. underauditing tendencies.
b. inadequate internal controls.
c. kickbacks.
d. contract fraud.
383

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

SELFSTUDY ANSWERS
This section provides the correct answers to the selfstudy quiz. If you answered a question incorrectly, reread the
appropriate material. (References are in parentheses.)
35. The auditor may consider analytical procedures effective and efficient to test payroll for which of the following?
(Page 360)
a. A stable workforce [This answer is correct. A stable workforce is more likely to allow the auditor to
perform analytical tests of payroll in lieu of tracing transactions, conducting surprise observations,
etc.]
b. A revolving workforce with many volunteers [This answer is incorrect. A revolving workforce increases the
likelihood of fictitious employees and may also be subject to erratic patterns not readily lending themselves
to analytical tests.]
c. A nonprofit client [This answer is incorrect. Whether or not the client is nonprofit may have little to do with
whether the auditor deems analytical tests of payroll sufficient.]
d. An exchange transaction [This answer is incorrect. The presence of an exchange transaction, per se,
should not affect the auditor's decision to rely on analytical tests of payroll.]
36. Which of the following focuses primarily on postretirement health care benefits? (Page 361)
a. SFAS No. 87 [This answer is incorrect. SFAS No. 87 concerns employer accounting for pensions.]
b. SFAS No. 106 [This answer is correct. SFAS No. 106 focuses on postretirement health care benefits
and requires accrual of the expected cost of providing those benefits.]
c. SFAS No. 116 [This answer is incorrect. SFAS 116 concerns promises to give.]
d. SFAS No. 117 [This answer is incorrect. SFAS 117 concerns fundraising costs, classes of net assets, etc.]
37. Which of the following should a nonprofit record at fair value? (Page 364)
a. Purchased inventory [This answer is incorrect. Purchased inventory should be recorded at cost.]
b. Donated inventory [This answer is correct. Donated inventory should be recorded as a contribution
and as inventory at fair value.]
c. Donated items that cannot be sold or used internally [This answer is incorrect. Such items are deemed to
have no value and will not be recorded as asset or contribution.]
d. Agency transactions involving donated materials [This answer is incorrect. The nonprofit has the option
not to report such agency transactions, but this policy must be consistently applied and disclosed in the
financials.]
38. Donated property and equipment are classified according to the nonprofit's intended use of the donation.
(Page 366)
a. True [This answer is incorrect. The nonprofit's intentions toward the use of the donated property have no
bearing on its classification in the financials.]
b. False [This answer is correct. Donated property is classified according to whether there are
donorimposed restrictions.]

384

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

39. If a debt covenant violation is found during an audit of a nonprofit client, (Page 373)
a. the auditor must be prepared to withdraw from the audit engagement. [This answer is incorrect. The auditor
has several options to pursue that are much less severe.]
b. the creditor must issue a waiver letter. [This answer is incorrect. The creditor is not bound to do anything
not under contract. The client should request such a waiver, however.]
c. the loan must be classified as current unless the situation is resolved. [This answer is correct. This
is a requirement of ARB 43, as amended. There are several ways to resolve the situation, including
meeting one of the two criteria stipulated in the ARB.]
d. the debtor must cure the violation within the grace period. [This answer is incorrect. This is optional, not
mandatory, and there are other ways to achieve resolution.]
40. Overlooking capital leases may be a symptom of (Page 379)
a. underauditing tendencies. [This answer is correct. This can occur because of inadequate inspection
of lease documents by the auditor.]
b. inadequate internal controls. [This answer is incorrect. Inadequate oversight of capital leases and ease of
misclassification would be more likely signs of inadequate internal controls.]
c. kickbacks. [This answer is incorrect. In a kickback scheme, costs may increase and so may the number
and amount of purchases from specific vendors.]
d. contract fraud. [This answer is incorrect. Contract fraud has many symptoms; among them, unusual bid
specifications and unusual contract award patterns.]

385

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT
Lesson 2 (NPOTG093)
Determine the best answer for each question below. Then mark your answer choice on the Examination for CPE
Credit Answer Sheet located in the back of this workbook or by logging onto the Online Grading System.
23. Which of the following is an example of an exchange transaction?
a. A permanently restricted endowment to a hospital
b. University student service fees
c. A university student grant based on financial need
d. An unconditional intention to give
24. Jefferson Elementary provides after school care for its enrollees for a fee of $80 per month. Fees for needy
students are $60 per month. Incremental costs are $50 per month for each student enrolled in after school care.
Net proceeds from the program subsidize a party for the enrollees at the end of the school year. How should
fee payments for needy students be recorded?
a. Afterschool revenue $60
b. Afterschool revenue $80; Afterschool discount $20
c. Afterschool revenue $80; Afterschool expense $20
d. Afterschool revenue $80; Afterschool expense $10; Afterschool discount $10
25. Which of the following is not one of the exceptions to the expectation that accounts receivable be confirmed
under SAS 67?
a. The process will be difficult and costly.
b. Combined assessed inherent and control risk are acceptably low.
c. Accounts receivable are not material to the financial statements.
d. Using confirmations would be an ineffective audit procedure.
26. Grants are not normally classified as which of the following?
a. A contribution
b. An exchange transaction
c. A conditional promise to give
d. An unconditional intention to pay
27. SFAS 116 requires nonprofit recipients to establish a time restriction on all donations of longlived assets that
expires over their useful life.
a. True
b. False
c. Do not select this answer choice
d. Do not select this answer choice
386

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

28. How should an attorney's promise to personally donate legal services to a local hospital for the next five years
be reflected on the nonprofit's financial statements in the year of the promise?
a. Recorded as an unconditional promise to give
b. Disclosed as an unconditional promise to give
c. Recorded as a conditional promise to give
d. Disclosed as a conditional promise to give
29. Which type of expenses may arguably be considered fundraising expenses?
a. Management and general expenses
b. Membership development expenses
c. Program services expenses
d. Support services expenses
30. The governing board of a nonprofit is normally more concerned with the functional classification of expenses.
a. True
b. False
c. Do not select this answer choice
d. Do not select this answer choice
31. Which of the following statements is correct concerning nonprofit expenses that are shared among multiple
programs?
a. Allocation based on financial data is the preferred method for separating these costs.
b. Allocations cannot be made based on nonfinancial data.
c. Direct identification is normally not possible in a nonprofit environment.
d. Such costs may generate unrelated business income.
32. Which of the following items found by the auditor of a nonprofit would not be considered fraud?
a. Misclassification of expense to avoid budget overruns
b. Misclassification of expense to preserve funds otherwise refundable to the source
c. Misclassification of expense caused by computer operator error
d. Misclassification of expense to enhance fundraising opportunities
33. Which of the following provides the greatest guidance concerning joint activity costs?
a. SAS 99
b. SOP 982
c. SFAS 116
d. SFAS 117
387

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

34. SOP 982 includes a rebuttable presumption that all costs covered by its guidance should, at least in part, be
reported as:
a. programrelated.
b. fundraising.
c. management and general.
d. membership development.
35. Fictitious employees are more likely in a situation involving:
a. a stable fulltime workforce.
b. a temporary workforce.
c. a nonprofit audit client.
d. a joint activity.
36. SFAS No. 112 requires employers to accrue an obligation to provide postemployment benefits when four
criteria are present. Which of the following is not one of those criteria?
a. The employee services are already rendered in connection with the obligation
b. Benefit entitlement vests
c. The benefit payment is probable
d. The benefit amount cannot be reasonably estimated
37. If fair value of donated inventory is difficult to determine, the nonprofit recipient:
a. has the option to not record the transaction.
b. can consider this synonymous with inventory having no value.
c. can consult a valuation specialist.
d. can justify a departure from GAAP.
38. PPRRSM is synonymous with depreciation for nonprofit organizations.
a. True
b. False
c. Do not select this answer choice
d. Do not select this answer choice
39. Which of the following statements is correct concerning guarantees?
a. The guarantor's obligation to stand ready to perform is contingent.
b. The guarantor's initial obligation to make future payments is noncontingent.
c. The guarantor can optionally recognize a liability for the initial guarantee.
d. The guarantor's recognition of a liability is subject to a greater of" comparison.
388

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

40. Designations of a nonprofit's net assets should be reported in its statement of activities.
a. True
b. False
c. Do not select this answer choice
d. Do not select this answer choice

389

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

GLOSSARY
FASB Interpretation No. 45: Entitled Guarantor's Accounting and Disclosure Requirements for Guarantees,
Including Indirect Guarantees of Indebtedness of Others, FASB Interpretation No. 45 addresses the elements of a
guarantee and the associated liability.
PPRRSM: Provision for Plant Replacement, Renewal, and Special Maintenance. This acronym represents funds
internally designated by a nonprofit as a savings plan of sorts to be used toward care and replacement of the
organization's physical plant and equipment. This is not the same thing as depreciation, which recognizes the
declining value of an asset over time. Rather, this is a means of building funds while the asset has the greatest value
and is in the best physical condition and using those funds when the asset needs renewal or replacement.
SAS No. 67: Entitled The Confirmation Process, SAS No 67 provides guidance concerning accounts receivable
confirmations and other confirmations.
SAS No. 73: Entitled Using the Work of a Specialist, SAS No. 73 addresses auditor reliance upon the results of
services supplied by specialists such as actuaries and attorneys.
SAS No. 92: Entitled Auditing Derivative Instruments, Hedging Activities, and Investments in Securities, SAS No. 92
gives guidance concerning auditing fair values.
SAS No. 99: Entitled Consideration of Fraud in a Financial Statement Audit, SAS No. 99 requires the auditor to
specifically identify and assess the risks of material misstatement in the financial statements as the result of fraud
and to respond to the results of the assessment when gathering and evaluating audit evidence.
SAS No. 101: Entitled Auditing Fair Value Measurement and Disclosures, SAS No. 101 provides overall guidance
for auditing fair values in financial statements.
SFAS No. 5: Entitled Accounting for Contingencies, SFAS No. 5 includes disclosure requirements related to
contingencies.
SFAS No. 112: Entitled Employers' Accounting for Postemployment Benefits, SFAS No. 112 requires the employer
to accrue severance, unemployment, and other benefits if certain stipulated conditions are met.
SFAS No. 116: Entitled Accounting for Contributions Received and Contributions Made, SFAS No. 116 addresses
contributions and promises to give in a nonprofit environment.
SFAS No. 117: Entitled Financial Statements of NotforProfit Organizations, SFAS No. 117 addresses the elements
of external financial statements for nonprofits including voluntary health and welfare organizations.
SFAS No. 124: Entitled Accounting for Certain Investments Held by NotforProfit Organizations, SFAS No. 124
provides guidance for all nonprofits concerning all debt and certain equity securities.
SFAS No. 157: Entitled Fair Value Measurements, SFAS No. 157 supersedes certain guidance given in SFAS No.
116 concerning valuation of promises to give in a nonprofit environment.
SOP 943: Entitled Reporting of Related Entities by NotforProfit Organizations, SOP 943 applies to certain
investments in equity securities.
SOP 946: Entitled Disclosure of Certain Significant Risks and Uncertainties, SOP 946 addresses how certain risks
and uncertainties should be reported on the entity's financial statements.
SOP 982: Entitled Accounting for Costs of Activities of NotforProfit Organizations and State and Local Governmental
Entities That Include FundRaising, SOP 982 applies to all nonprofits and to governmental entities that solicit
contributions..
390

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

INDEX
A

ACCOUNTS RECEIVABLE
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Confirmations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Overauditing and underauditing tendencies . . . . . . . . . . . . . . 331
AFFILIATED ORGANIZATIONS
Payments to . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

AGENCY TRANSACTIONS
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 307, 308
Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Donated material and supplies . . . . . . . . . . . . . . . . . . . . . . . . . . 364

CONTRIBUTIONS
Accounting considerations
Guarantees of debt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Restricted support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Special events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Unrestricted support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Confirmations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Fair value measurement . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Review for restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Testing completeness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cash contributions
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . .
Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . .
Cash contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Restricted contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Temporary and permanent restrictions . . . . . . . . . . . . . . . .
Special events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Unrestricted contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Designations imposed internally . . . . . . . . . . . . . . . . . . . . .
Restrictions met in the same year . . . . . . . . . . . . . . . . . . . .

ANALYTICAL PROCEDURES
Substantive tests of balances and transaction classes . . . . . 329
AUDIT PROGRAMS (CORE)
Cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Debt and other liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Donated materials, facilities, and services . . . . . . . . . . . 340, 342
Expenses for program and supporting
services and accounts payable . . . . . . . . . . . . . . . . . . . . 349, 353
Inventories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Net assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Payroll and related liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Program service fees, revenue, and
receivables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329, 332, 333, 335
Property and equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Splitinterest agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Support, receivables, and receipts . . . . . . . . . . . . . 298, 305, 309

C
CASH
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Bank reconciliations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cash contributions
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . .
Compensating balances, confirmation of . . . . . . . . . . . . . . . . .
Concentrations of credit risk, disclosures for
cash deposits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Confirmation forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Counting cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Electronic bank confirmations . . . . . . . . . . . . . . . . . . . . . . . . . .
Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . .
Overauditing and underauditing tendencies . . . . . . . . . . . . . .
Positive pay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
COLLECTIONS
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consider physical inspection . . . . . . . . . . . . . . . . . . . . . . . .
Obtain an understanding of controls . . . . . . . . . . . . . . . . . .
Review donor restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . .
Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . .

Financial institutions, standard inquiry . . . . . . . . . . . . . . . . . . .
Investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Line of credit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Notes and mortgages payable . . . . . . . . . . . . . . . . . . . . . . . . . .
Promises to give . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Receipt for cash counted by auditor . . . . . . . . . . . . . . . . . . . . .
Receipt for cutoff bank statements mailed
directly to auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Receipt for securities counted by auditor . . . . . . . . . . . . . . . . .
Securities held by broker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Securities held by third party . . . . . . . . . . . . . . . . . . . . . . . . . . .
Service fee receivables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

272
273

272
290
274
372
305
275
272
290
290
290
330

297
295
296
296
298
298
299
295
298
299
298
297
295
297
297
295
296
296
296
296
296

COST ALLOCATIONS

D

298
297
274

DEBT AND OTHER LIABILITIES
Accounting and auditing considerations . . . . . . . . . . . . . . . . .
Confirmation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Debt covenants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Due on demand" clauses . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Guarantees of the indebtedness of others . . . . . . . . . . . . . . . .
Loans made in lien of grants . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Overauditing and underauditing tendencies . . . . . . . . . . . . . .

274
272
275
272
276
272
275
278

372
372
372
373
375
374
374
374

DEFERRED REVENUE
Initiation and life membership fees . . . . . . . . . . . . . . . . . . . . . . 328
Service fees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327, 329
Subscription revenue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

367
370
370
370
370
370
369

DONATED MATERIALS, FACILITIES, AND SERVICES
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . 340, 341
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 340, 342
Consideration of fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Donated longlived assets and facilities
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Donated services
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . 342
Overauditing and underauditing tendencies . . . . . . . . . . . . . . 343

CONFIRMATION AND CORRESPONDENCE LETTERS
Accounts receivable, positive . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Compensating balances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Contingent liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Contributions, bequests, or promises to give
received and receivable . . . . . . . . . . . . . . . . . . . . . . . . . . . 298, 305
Cutoff bank statements, request for . . . . . . . . . . . . . . . . . . . . . . 272
Debt for which no written loan agreement exists . . . . . . . . . . . 372
Electronic confirmations . . . . . . . . . . . . . . . . . . . . . . . . . . 272, 298

391

Companion to PPC's Guide to Audits of Nonprofit Organizations

E

I

ENDOWMENT FUNDS
Income, gains and losses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
UMIFA and other laws . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
UPMIFA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
ENGAGEMENT LETTER
ENGAGEMENT RISK
ETHICS RULES
EXPENSES
Accounting considerations . . . . . . . . . . . . . . . . . . . . 348, 350, 355
Allocation of costs
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . 349
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . 349, 353, 356
Classification of expenses
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Functional classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Natural (object) classification . . . . . . . . . . . . . . . . . . . . . . . . 347
Depreciation
Fundraising costs
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Costs of activities that include fundraising . . . . . . . . . . . . 351
Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Grants to others . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Loans made in lieu of grants . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Matching costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Payments to affiliates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Payroll
Program service expenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Supporting services expenses
Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Fundraising . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347, 350
Management and general . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Membership development . . . . . . . . . . . . . . . . . . . . . . . . . . 347

INTERNAL CONTROL
Allocation of expenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Communication responsibilities . . . . . . . . . . . . . . . . . . . . . . . . .
Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Donated services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Inventories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Payroll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Promises to give . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Property and equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Splitinterest agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

349
369
264
297
342
364
290
360
305
368
313

INVENTORIES
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Donated materials and supplies . . . . . . . . . . . . . . . . . . . . .
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Physical counts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . .

364
364
365
365
364

INVESTMENTS
Accounting considerations
Basis of valuation other investments . . . . . . . . . . . . . . . .
Basis of valuation related entities SOP . . . . . . . . . . . . . .
Basis of valuation SFAS No. 124 . . . . . . . . . . . . . . . . . . . .
Derivative financial instruments . . . . . . . . . . . . . . . . . . . . . .
Fair value measurements . . . . . . . . . . . . . . . . . . . . . . . . . . .
Investment expenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Investment income and gains and losses . . . . . . . . . . . . .
Investment pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Authoritative literature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Fair value measurements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Fraud considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . .
Investment pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Other investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Related entities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

287
289
282
286
282
285
284
289
290
282
282
291
290
289
287
289

M
MATCHING COSTS
Accounting and auditing considerations . . . . . . . . . . . . . . . . . 354

N

F

NET ASSETS
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Designations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Reclassifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

FAIR VALUE See also Fair value
Accounting considerations . . . . . . . . . . . . . . . . . . . . 266, 282, 295
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
FINANCIAL STATEMENTS
Activities statement
Overauditing and underauditing tendencies . . . . . . . . . . . 378
FRAUD
Responsibility for fraud detection . . . . . . . . . . . . . . . . . . . . . . . .
Types of fraud and related procedures
Cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Payroll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Promises to give . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Property and equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Statement of activities accounts . . . . . . . . . . . . . . . . . . . . .

NPOT09

376
378
376
378
377

O
OVERAUDITING TENDENCIES
Activity statement accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Debt and other liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Donated materials, facilities, and services . . . . . . . . . . . . . . . .
Receivables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

263
276
299
291
362
306
370
379

378
275
374
343
331

P
PAYMENTS TO AFFILIATES
Accounting and auditing considerations . . . . . . . . . . . . . . . . . 356

G

PAYROLL AND RELATED LIABILITIES
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 360, 362
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Employee benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Postemployment benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Postretirement benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

GRANTS
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Consideration of fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

392

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

Affinity programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing considerations
Sales revenue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Service fees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Thirdparty reimbursements . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sales revenue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Service fees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Special events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Subscription revenue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Thirdparty reimbursements . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Unconditional promises to give . . . . . . . . . . . . . . . . . . . . . . . . .
Unrestricted support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 360
PROGRAM SERVICE FEES
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 329, 330
Membership dues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Thirdparty reimbursements . . . . . . . . . . . . . . . . . . . . . . . 327, 333
Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
PROMISES TO GIVE
Accounting considerations
Donated collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Interestfree or belowmarketinterest loans . . . . . . . . . . . .
Promises to give cash expected to be collected
in less than one year . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Promises to give cash expected to be collected
in more than one year . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Promises to give noncash assets expected to be
collected in less than one year . . . . . . . . . . . . . . . . . . . . . . .
Promises to give noncash assets expected to be
collected in more than one year . . . . . . . . . . . . . . . . . . . . .
Promises to give restricted for acquisition of
longlived assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Promises to give with payments due in
future periods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Subsequent changes in unconditional promises
to give . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Collectibility to promises to give . . . . . . . . . . . . . . . . . . . . .
Confirmations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Consideration of fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Valuation of promises to give . . . . . . . . . . . . . . . . . . . . . . . .
Conditional promises to give . . . . . . . . . . . . . . . . . . . . . . . . . . .
Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Fraud considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Intentions to give . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . .

303
303
302

333
332
329
333
333
327
332
327
296
332
333
302
296

S

302

SPECIAL EVENTS
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

302

SPLITINTEREST AGREEMENTS
Accounting for irrevocable splitinterest agreements . . . . . . .
Accounting for the termination of the agreement . . . . . . .
Initially recording the agreement . . . . . . . . . . . . . . . . . . . . .
Recording changes in value during the
agreement's term . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Accounting for revocable splitinterest agreements . . . . . . . .
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . .
Types of splitinterest agreements . . . . . . . . . . . . . . . . . . . . . . .
Charitable gift annuity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Charitable lead trusts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Charitable remainder trust . . . . . . . . . . . . . . . . . . . . . . . . . .
Perpetual trust held by a third party . . . . . . . . . . . . . . . . . .
Pooled (life) income fund . . . . . . . . . . . . . . . . . . . . . . . . . . .

303
303
302
303
305
306
305
306
305
306
295
306
307
305

310
313
311
311
310
313
309
313
309
310
309
309
309
310

STATEMENTS OF ACTIVITIES ACCOUNTS
Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Overauditing and underauditing tendencies . . . . . . . . . . . . . . 378

PROPERTY AND EQUIPMENT
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . 366, 368
Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Initial values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Auditing considerations
Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Depreciation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Property and equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Depreciation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Disposition of . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Impairment of disposal of longlived assets . . . . . . . . . . . . . . . 368
Impairment or disposal of longlived assets
Asset retirement obligations . . . . . . . . . . . . . . . . . . . . . . . . . 368
Internal control considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Provision for plant replacement, renewal, and special
maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Significance to nonprofit organizations . . . . . . . . . . . . . . . . . . . 365
Statement of cash flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

T
THIRDPARTY REIMBURSEMENTS
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Auditing considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Consideration of fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

U
UNDERAUDITING TENDENCIES
Activity statement accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Debt and other liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Donated materials, facilities, and services . . . . . . . . . . . . . . . .
Receivables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

379
276
374
343
331

UNIFORM PRUDENT MANAGEMENT OF INSTITUTIONAL
FUNDS ACT (UPMIFA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

R
REVENUES
Accounting considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

393

Companion to PPC's Guide to Audits of Nonprofit Organizations

394

NPOT09

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

TESTING INSTRUCTIONS FOR EXAMINATION FOR CPE CREDIT
Companion to PPC's Guide To Audits of Nonprofit Organizations Course 1 Risk
Assessment and Planning for Nonprofit Audits (NPOTG091)
1. Following these instructions is information regarding the location of the CPE CREDIT EXAMINATION
QUESTIONS and an EXAMINATION FOR CPE CREDIT ANSWER SHEET. You may use the answer sheet to
complete the examination consisting of multiple choice questions.
ONLINE GRADING. Log onto our Online Grading Center at OnlineGrading.Thomson.com to receive instant
CPE credit. Click the purchase link and a list of exams will appear. Search for an exam using wildcards. Payment
for the exam is accepted over a secure site using your credit card. Once you purchase an exam, you may take
the exam three times. On the third unsuccessful attempt, the system will request another payment. Once you
successfully score 70% on an exam, you may print your completion certificate from the site. The site will retain
your exam completion history. If you lose your certificate, you may return to the site and reprint your certificate.
PRINT GRADING. If you prefer, you may mail or fax your completed answer sheet to the address or number
below. In the print product, the answer sheets are bound with the course materials. Answer sheets may be
printed from electronic products. The answer sheets are identified with the course acronym. Please ensure you
use the correct answer sheet. Indicate the best answer to the exam questions by completely filling in the circle
for the correct answer. The bubbled answer should correspond with the correct answer letter at the top of the
circle's column and with the question number.
Send your completed Examination for CPE Credit Answer Sheet, Course Evaluation, and payment to:
Thomson Reuters
Tax & Accounting R&G
NPOTG091 Selfstudy CPE
P.O. Box 966
Fort Worth, TX 76101
You may fax your completed Examination for CPE Credit Answer Sheet and Course Evaluation to the Tax
& Accounting business of Thomson Reuters at (817) 2524021, along with your credit card information.
Please allow a minimum of three weeks for grading.
Note:The answer sheet has four bubbles for each question. However, not every examination question has
four valid answer choices. If there are only two or three valid answer choices, Do not select this answer choice"
will appear next to the invalid answer choices on the examination.
2. If you change your answer, remove your previous mark completely. Any stray marks on the answer sheet may
be misinterpreted.
3. Copies of the answer sheet are acceptable. However, each answer sheet must be accompanied by a payment
of $75. Discounts apply for 3 or more courses submitted for grading at the same time by a single participant.
If you complete three courses, the price for grading all three is $214 (a 5% discount on all three courses). If you
complete four courses, the price for grading all four is $270 (a 10% discount on all four courses). Finally, if you
complete five courses, the price for grading all five is $319 (a 15% discount on all five courses or more).
4. To receive CPE credit, completed answer sheets must be postmarked by March 31, 2010. CPE credit will be
given for examination scores of 70% or higher. An express grading service is available for an additional $24.95
per examination. Course results will be faxed to you by 5 p.m. CST of the business day following receipt of your
examination for CPE Credit Answer Sheet.
5. Only the Examination for CPE Credit Answer Sheet should be submitted for grading. DO NOT SEND YOUR
SELFSTUDY COURSE MATERIALS. Be sure to keep a completed copy for your records.
6. Please direct any questions or comments to our Customer Service department at (800) 3238724.
395

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT
To enhance your learning experience, examination questions are located immediately following each lesson. Each
set of examination questions can be located on the page numbers listed below. The course is designed so the
participant reads the course materials, answers a series of selfstudy questions, and evaluates progress by
comparing answers to both the correct and incorrect answers and the reasons for each. At the end of each lesson,
the participant then answers the examination questions and records answers to the examination questions on
either the printed EXAMINATION FOR CPE CREDIT ANSWER SHEET or by logging onto the Online Grading
System. The EXAMINATION FOR CPE CREDIT ANSWER SHEET and SELFSTUDY COURSE EVALUATION
FORM for each course are located at the end of all course materials.
Page
CPE Examination Questions (Lesson 1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

55

CPE Examination Questions (Lesson 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

135

396

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT ANSWER SHEET
Companion to PPC's Guide to Audits of Nonprofit Organizations Course 1 Risk Assessment
Procedures and Planning for Nonprofit Audits (NPOTG091)
Price $75
First Name:
Last Name:
Firm Name:
Firm Address:
City:

State /ZIP:

Firm Phone:
Firm Fax No.:
Firm Email:
Express Grading Requested:Add $24.95
Signature:
Credit Card Number:

Expiration Date:

Birth Month:

Licensing State:

ANSWERS:
Please indicate your answer by filling in the appropriate circle as shown: Fill in like this

a

b

c

d

a

b

c

d

a

b

not like this

c

.

a

d

1.

11.

21.

31.

2.

12.

22.

32.

3.

13.

23.

33.

4.

14.

24.

34.

5.

15.

25.

35.

6.

16.

26.

36.

7.

17.

27.

37.

8.

18.

28.

38.

9.

19.

29.

39.

10.

20.

30.

40.

Expiration Date:March 31, 2010

397

b

c

d

Companion to PPC's Guide to Audits of Nonprofit Organizations

Selfstudy Course Evaluation

NPOT09

Please Print Legibly Thank you for your feedback!

Course Title:Companion to PPC's Guide to Audits of Nonprofit Organizations
Course 1 Risk Assessment Procedures and Planning for Nonprofit Audits

Course Acronym:NPOTG091

Your Name (optional):

Date:

Email:
Please indicate your answers by filling in the appropriate circle as shown:
Fill in like this not like this.

Low (1) . . . to . . . High (10)
1

Satisfaction Level:

2

3

4

5

6

7

8

9

10

1. Rate the appropriateness of the materials for your experience level:
2. How would you rate the examination related to the course material?
3. Does the examination consist of clear and unambiguous questions
and statements?
4. Were the stated learning objectives met?
5. Were the course materials accurate and useful?
6. Were the course materials relevant and did they contribute to the
achievement of the learning objectives?
7. Was the time allotted to the learning activity appropriate?
8. If applicable, was the technological equipment appropriate?
9. If applicable, were handout or advance preparation materials and
prerequisites satisfactory?
10. If applicable, how well did the audio/visuals contribute to the
program?
Please provide any constructive criticism you may have about the course materials, such as particularly difficult parts, hard to understand areas, unclear
instructions, appropriateness of subjects, educational value, and ways to make it more fun. Please be as specific as you can.
(Please print legibly):

Additional Comments:
1. What did you find most helpful?

2. What did you find least helpful?

3. What other courses or subject areas would you like for us to offer?

4. Do you work in a Corporate (C), Professional Accounting (PA), Legal (L), or Government (G) setting?

5. How many employees are in your company?

6. May we contact you for survey purposes (Y/N)? If yes, please fill out contact info at the top of the page.

Yes/No

For more information on our CPE & Training solutions, visit trainingcpe.thomson.com. Comments may be quoted or paraphrased
for marketing purposes, including first initial, last name, and city/state, if provided. If you prefer we do not publish your name,
write in no" and initial here __________

398

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

TESTING INSTRUCTIONS FOR EXAMINATION FOR CPE CREDIT
Companion to PPC's Guide to Audits of Nonprofit Organizations
Course 2 Substantive Procedures and Sampling (NPOTG092)
1. Following these instructions is information regarding the location of the CPE CREDIT EXAMINATION
QUESTIONS and an EXAMINATION FOR CPE CREDIT ANSWER SHEET. You may use the answer sheet to
complete the examination consisting of multiple choice questions.
ONLINE GRADING. Log onto our Online Grading Center at OnlineGrading.Thomson.com to receive instant
CPE credit. Click the purchase link and a list of exams will appear. Search for an exam using wildcards. Payment
for the exam is accepted over a secure site using your credit card. Once you purchase an exam, you may take
the exam three times. On the third unsuccessful attempt, the system will request another payment. Once you
successfully score 70% on an exam, you may print your completion certificate from the site. The site will retain
your exam completion history. If you lose your certificate, you may return to the site and reprint your certificate.
PRINT GRADING. If you prefer, you may mail or fax your completed answer sheet to the address or number
below. In the print product, the answer sheets are bound with the course materials. Answer sheets may be
printed from electronic products. The answer sheets are identified with the course acronym. Please ensure you
use the correct answer sheet. Indicate the best answer to the exam questions by completely filling in the circle
for the correct answer. The bubbled answer should correspond with the correct answer letter at the top of the
circle's column and with the question number.
Send your completed Examination for CPE Credit Answer Sheet, Course Evaluation, and payment to:
Thomson Reuters
Tax & Accounting R&G
NPOTG092 Selfstudy CPE
P.O. Box 966
Fort Worth, TX 76101
You may fax your completed Examination for CPE Credit Answer Sheet and Course Evaluation to the Tax
& Accounting business of Thomson Reuters at (817) 2524021, along with your credit card information.
Please allow a minimum of three weeks for grading.
Note:The answer sheet has four bubbles for each question. However, not every examination question has
four valid answer choices. If there are only two or three valid answer choices, Do not select this answer choice"
will appear next to the invalid answer choices on the examination.
2. If you change your answer, remove your previous mark completely. Any stray marks on the answer sheet may
be misinterpreted.
3. Copies of the answer sheet are acceptable. However, each answer sheet must be accompanied by a payment
of $75. Discounts apply for 3 or more courses submitted for grading at the same time by a single participant.
If you complete three courses, the price for grading all three is $214 (a 5% discount on all three courses). If you
complete four courses, the price for grading all four is $270 (a 10% discount on all four courses). Finally, if you
complete five, the price for grading all five is $319 (a 15% discount on all five courses or more).
4. To receive CPE credit, completed answer sheets must be postmarked by March 31, 2010. CPE credit will be
given for examination scores of 70% or higher. An express grading service is available for an additional $24.95
per examination. Course results will be faxed to you by 5 p.m. CST of the business day following receipt of your
examination for CPE Credit Answer Sheet.
5. Only the Examination for CPE Credit Answer Sheet should be submitted for grading. DO NOT SEND YOUR
SELFSTUDY COURSE MATERIALS. Be sure to keep a completed copy for your records.
6. Please direct any questions or comments to our Customer Service department at (800) 3238724.
399

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT
To enhance your learning experience, examination questions are located immediately following each lesson. Each
set of examination questions can be located on the page numbers listed below. The course is designed so the
participant reads the course materials, answers a series of selfstudy questions, and evaluates progress by
comparing answers to both the correct and incorrect answers and the reasons for each. At the end of each lesson,
the participant then answers the examination questions and records answers to the examination questions on
either the printed EXAMINATION FOR CPE CREDIT ANSWER SHEET or by logging onto the Online Grading
System. The EXAMINATION FOR CPE CREDIT ANSWER SHEET and SELFSTUDY COURSE EVALUATION
FORM for each course are located at the end of all course materials.
Page
CPE Examination Questions (Lesson 1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

191

CPE Examination Questions (Lesson 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

250

400

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT ANSWER SHEET
Companion to PPC's Guide to Audits of Nonprofit Organizations
Course 2 Substantive Procedures and Sampling (NPOTG092)
Price $75
First Name:
Last Name:
Firm Name:
Firm Address:
City:

State /ZIP:

Firm Phone:
Firm Fax No.:
Firm Email:
Express Grading Requested:Add $24.95
Signature:
Credit Card Number:

Expiration Date:

Birth Month:

Licensing State:

ANSWERS:
Please indicate your answer by filling in the appropriate circle as shown: Fill in like this

a

b

c

d

a

b

c

d

a

b

not like this

c

.

a

d

1.

11.

21.

31.

2.

12.

22.

32.

3.

13.

23.

33.

4.

14.

24.

34.

5.

15.

25.

35.

6.

16.

26.

36.

7.

17.

27.

37.

8.

18.

28.

38.

9.

19.

29.

39.

10.

20.

30.

40.

b

c

d

You may complete the exam online by logging onto our online grading system at OnlineGrading.Thomson.com, or you may fax
completed Examination for CPE Credit Answer Sheet and Course Evaluation to Thomson Reuters at (817) 2524021, along with your
credit card information.

Expiration Date:March 31, 2010

401

Companion to PPC's Guide to Audits of Nonprofit Organizations

Selfstudy Course Evaluation

NPOT09

Please Print Legibly Thank you for your feedback!

Course Title:Companion to PPC's Guide to Audits of Nonprofit Organizations
Course 2 Substantive Procedures and Sampling

Course Acronym:NPOTG092

Your Name (optional):

Date:

Email:
Please indicate your answers by filling in the appropriate circle as shown:
Fill in like this not like this.

Low (1) . . . to . . . High (10)
1

Satisfaction Level:

2

3

4

5

6

7

8

9

10

1. Rate the appropriateness of the materials for your experience level:
2. How would you rate the examination related to the course material?
3. Does the examination consist of clear and unambiguous questions
and statements?
4. Were the stated learning objectives met?
5. Were the course materials accurate and useful?
6. Were the course materials relevant and did they contribute to the
achievement of the learning objectives?
7. Was the time allotted to the learning activity appropriate?
8. If applicable, was the technological equipment appropriate?
9. If applicable, were handout or advance preparation materials and
prerequisites satisfactory?
10. If applicable, how well did the audio/visuals contribute to the
program?
Please provide any constructive criticism you may have about the course materials, such as particularly difficult parts, hard to understand areas, unclear
instructions, appropriateness of subjects, educational value, and ways to make it more fun. Please be as specific as you can.
(Please print legibly):

Additional Comments:
1. What did you find most helpful?

2. What did you find least helpful?

3. What other courses or subject areas would you like for us to offer?

4. Do you work in a Corporate (C), Professional Accounting (PA), Legal (L), or Government (G) setting?

5. How many employees are in your company?

6. May we contact you for survey purposes (Y/N)? If yes, please fill out contact info at the top of the page.

Yes/No

For more information on our CPE & Training solutions, visit trainingcpe.thomson.com. Comments may be quoted or paraphrased
for marketing purposes, including first initial, last name, and city/state, if provided. If you prefer we do not publish your name,
write in no" and initial here __________

402

NPOT09

Companion to PPC's Guide to Audits of Nonprofit Organizations

TESTING INSTRUCTIONS FOR EXAMINATION FOR CPE CREDIT
Companion to PPC's Guide to Audits of Nonprofit Organizations Course 3 Special
Accounting and Auditing Considerations for Nonprofit Organizations (NPOTG093)
1. Following these instructions is information regarding the location of the CPE CREDIT EXAMINATION
QUESTIONS and an EXAMINATION FOR CPE CREDIT ANSWER SHEET. You may use the answer sheet to
complete the examination consisting of multiple choice questions.
ONLINE GRADING. Log onto our Online Grading Center at OnlineGrading.Thomson.com to receive instant
CPE credit. Click the purchase link and a list of exams will appear. Search for an exam using wildcards. Payment
for the exam is accepted over a secure site using your credit card. Once you purchase an exam, you may take
the exam three times. On the third unsuccessful attempt, the system will request another payment. Once you
successfully score 70% on an exam, you may print your completion certificate from the site. The site will retain
your exam completion history. If you lose your certificate, you may return to the site and reprint your certificate.
PRINT GRADING. If you prefer, you may mail or fax your completed answer sheet to the address or number
below. In the print product, the answer sheets are bound with the course materials. Answer sheets may be
printed from electronic products. The answer sheets are identified with the course acronym. Please ensure you
use the correct answer sheet. Indicate the best answer to the exam questions by completely filling in the circle
for the correct answer. The bubbled answer should correspond with the correct answer letter at the top of the
circle's column and with the question number.
Send your completed Examination for CPE Credit Answer Sheet, Course Evaluation, and payment to:
Thomson Reuters
Tax & Accounting R&G
NPOTG093 Selfstudy CPE
P.O. Box 966
Fort Worth, TX 76101
You may fax your completed Examination for CPE Credit Answer Sheet and Course Evaluation to the Tax
& Accounting business of Thomson Reuters at (817) 2524021, along with your credit card information.
Please allow a minimum of three weeks for grading.
Note:The answer sheet has four bubbles for each question. However, not every examination question has
four valid answer choices. If there are only two or three valid answer choices, Do not select this answer choice"
will appear next to the invalid answer choices on the examination.
2. If you change your answer, remove your previous mark completely. Any stray marks on the answer sheet may
be misinterpreted.
3. Copies of the answer sheet are acceptable. However, each answer sheet must be accompanied by a payment
of $75. Discounts apply for 3 or more courses submitted for grading at the same time by a single participant.
If you complete three courses, the price for grading all three is $214 (a 5% discount on all three courses). If you
complete four courses, the price for grading all four is $270 (a 10% discount on all four courses). Finally, if you
complete five courses, the price for grading all five is $319 (a 15% discount on all five courses or more).
4. To receive CPE credit, completed answer sheets must be postmarked by March 31, 2010. CPE credit will be
given for examination scores of 70% or higher. An express grading service is available for an additional $24.95
per examination. Course results will be faxed to you by 5 p.m. CST of the business day following receipt of your
examination for CPE Credit Answer Sheet.
5. Only the Examination for CPE Credit Answer Sheet should be submitted for grading. DO NOT SEND YOUR
SELFSTUDY COURSE MATERIALS. Be sure to keep a completed copy for your records.
6. Please direct any questions or comments to our Customer Service department at (800) 3238724.
403

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT
To enhance your learning experience, examination questions are located immediately following each lesson. Each
set of examination questions can be located on the page numbers listed below. The course is designed so the
participant reads the course materials, answers a series of selfstudy questions, and evaluates progress by
comparing answers to both the correct and incorrect answers and the reasons for each. At the end of each lesson,
the participant then answers the examination questions and records answers to the examination questions on
either the printed EXAMINATION FOR CPE CREDIT ANSWER SHEET or by logging onto the Online Grading
System. The EXAMINATION FOR CPE CREDIT ANSWER SHEET and SELFSTUDY COURSE EVALUATION
FORM for each course are located at the end of all course materials.
Page
CPE Examination Questions (Lesson 1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

322

CPE Examination Questions (Lesson 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

386

404

Companion to PPC's Guide to Audits of Nonprofit Organizations

NPOT09

EXAMINATION FOR CPE CREDIT ANSWER SHEET
Companion to PPC's Guide to Audits of Nonprofit Organizations Course 3 Special Accounting and
Auditing Considerations for Nonprofit Organizations (NPOTG093)
Price $75
First Name:
Last Name:
Firm Name:
Firm Address:
City:

State /ZIP:

Firm Phone:
Firm Fax No.:
Firm Email:
Express Grading Requested:Add $24.95
Signature:
Credit Card Number:

Expiration Date:

Birth Month:

Licensing State:

ANSWERS:
Please indicate your answer by filling in the appropriate circle as shown: Fill in like this

a

b

c

d

a

b

c

d

a

b

not like this

c

.

a

d

1.

11.

21.

31.

2.

12.

22.

32.

3.

13.

23.

33.

4.

14.

24.

34.

5.

15.

25.

35.

6.

16.

26.

36.

7.

17.

27.

37.

8.

18.

28.

38.

9.

19.

29.

39.

10.

20.

30.

40.

b

c

d

You may complete the exam online by logging onto our online grading system at OnlineGrading.Thomson.com, or you may fax
completed Examination for CPE Credit Answer Sheet and Course Evaluation to Thomson Reuters at (817) 2524021, along with your
credit card information.

Expiration Date:March 31, 2010

405

Companion to PPC's Guide to Audits of Nonprofit Organizations

Selfstudy Course Evaluation

NPOT09

Please Print Legibly Thank you for your feedback!

Course Title:Companion to PPC's Guide to Audits of Nonprofit Organizations
Course 3 Special Accounting and Auditing Considerations for Nonprofit Organizations

Course Acronym:NPOTG093

Your Name (optional):

Date:

Email:
Please indicate your answers by filling in the appropriate circle as shown:
Fill in like this not like this.

Low (1) . . . to . . . High (10)
1

Satisfaction Level:

2

3

4

5

6

7

8

9

10

1. Rate the appropriateness of the materials for your experience level:
2. How would you rate the examination related to the course material?
3. Does the examination consist of clear and unambiguous questions
and statements?
4. Were the stated learning objectives met?
5. Were the course materials accurate and useful?
6. Were the course materials relevant and did they contribute to the
achievement of the learning objectives?
7. Was the time allotted to the learning activity appropriate?
8. If applicable, was the technological equipment appropriate?
9. If applicable, were handout or advance preparation materials and
prerequisites satisfactory?
10. If applicable, how well did the audio/visuals contribute to the
program?
Please provide any constructive criticism you may have about the course materials, such as particularly difficult parts, hard to understand areas, unclear
instructions, appropriateness of subjects, educational value, and ways to make it more fun. Please be as specific as you can.
(Please print legibly):

Additional Comments:
1. What did you find most helpful?

2. What did you find least helpful?

3. What other courses or subject areas would you like for us to offer?

4. Do you work in a Corporate (C), Professional Accounting (PA), Legal (L), or Government (G) setting?

5. How many employees are in your company?

6. May we contact you for survey purposes (Y/N)? If yes, please fill out contact info at the top of the page.

Yes/No

For more information on our CPE & Training solutions, visit trainingcpe.thomson.com. Comments may be quoted or paraphrased
for marketing purposes, including first initial, last name, and city/state, if provided. If you prefer we do not publish your name,
write in no" and initial here __________

406

Audit of Nonprofit Organization

Comments

Content

Sponsor Documents

Recommended