Internal Audit - Adding Value in the Not-for-Profit World

While not-for-profit organizations perform many of the same accounting functions as public corporations, not-for-profits are inherently different in many ways and require a unique Internal Audit focus. In 2006, the American Society of Association Executives (ASAE) published the results of a research project undertaken by The Center for Association Leadership to identify characteristics of the most successful not-for-profit organizations. The study found the following factors to be common in the most successful associations: Commitment to Purpose, Commitment to Analysis and Feedback, and Commitment to Action.

By focusing on the conclusions of this study, auditors can go beyond assurance and provide insight that will help to identify and mitigate risk. An entity level assessment should ask questions to identify the risks associated with each factor listed above.

Commitment to Purpose
A successful organization aligns its products and services with a customer focused mission. Its reason for being is measured by its relevance to the customers and/or members. Questions for auditors to ask include:

• Are strategies aligned with the interests of the customer and/or member before the generation of revenue or the promotion of an image?
• How can upcoming changes in the external environment affect the commitment to the mission? Are underlying values constant?
• Does the association periodically and clearly define the customer? Does it best serve the customers and/or membership directly or through chapter organizations? Are the needs of special interest groups being prioritized effectively?

Commitment to Analysis and Feedback
Communication and data-driven strategies are vital to the success of a not-for-profit organization. The organization should be the ultimate authority concerning the needs and issues of its customers and/or members as well as the state of the business environment. To evaluate the risk associated with poor analysis and feedback, the following questions will be helpful:

• Are initiatives and strategic goals supported by data and research?
• How is information shared throughout the organization? Are all levels of employees actively involved?
• Are computer systems and models appropriate and sufficient?

Commitment to Action
A successful organization is flexible and adapts quickly to crisis situations. For not-for-profits, these situations typically involve a financial setback or a leadership void. Leading not-for-profit organizations also actively pursue alliance opportunities that will leverage services for the membership. The following questions assess the organization’s commitment to continuous improvement and adaptability:

• Does the organization have an action plan that will support quick decision-making in the event of a crisis?
• Are there “sacred cow” programs or services that cannot be changed?
• How does the organization identify and evaluate potential alliances?

Internal Audit has a responsibility to monitor risks particular to the not-for-profit environment. By using the 2006 study as a guideline, a partnership between audit and organization leadership can help foster success and better results for the membership community.

Data Analytics: Providing Greater Internal Audit Depth During A Turbulent Economy

Data Analysis through Computer Assisted Audit Techniques (CAATs) is an efficient way to test transactions, providing 100% assurance on the effectiveness of Internal Controls. Using basic tools such as Microsoft Excel and Access, advanced tools such as ACL or IDEA, or the tools embedded in ERP applications has been a best practice for years but has often been viewed as a luxury, not a necessity. This year, during this economy, using CAATs has become absolutely critical.

Obviously budget pressures have gone through the roof, resulting in massive global layoffs. Reductions in work force, especially to the accounting department, create enormous pressure on the employees who remain. Requiring employees to take on more responsibility often increases the likelihood of errors and misstatements. Added pressures like salary freezes combined with less oversight can tempt an otherwise honest employee to cut corners or commit fraud. The risk of financial misstatement doesn’t get any higher.

A critical way to respond to these challenges is to increase (or initiate) the use of data analytics. This approach evaluates and monitors data from every transaction processed by a company to identify anomalies. Applying data analytics to review transactions in accounts payable, advertising, freight, health benefits, construction, and other areas can yield hundreds of thousands or more in savings and recoveries. When this process is done by management instead of internal audit, errors are identified sooner and with more precision.

CAATs have been around for more than 20 years and those experienced in using CAATs have had experience ranging from good to fabulous. Unfortunately CAATs have typically been used only by Internal Audit Departments and only on selected audit projects. The inconsistent usages of CAATs make it difficult to maintain the knowledge and experience to make CAATs a regular and sustainable part of the audit process.

With the status of the economy, CAATs have become an essential part of effective Corporate Governance. The first step is gaining the basic knowledge to make CAATs part of the oversight process. The second step is sharing the knowledge throughout the Internal Audit department and management ranks. The third step is imbedding the process into the fabric of the organization to make it sustainable and continuous. Getting more oversight with less effort is possible today by simply leveraging CAATs, a technology most companies already employ.

To learn more about how to make CAATs a routine part of the audit process, please contact Vonya Global for a free consultation. Leveraging readily available software tools in combination with proprietary methodologies, our team of data analysis experts focus data analytics at common problem areas to help our clients recover overpayments and develop a sustainable approach to continuous auditing.

ACL is a registered trademark of ACL Corporation and IDEA is a registered trademark of Caseware IDEA.

---

This article was contributed by Joe Oringel and Kim Jones of Visual Risk IQ, a thought leader in Continuous Auditing and Monitoring. For more information on Visual Risk IQ, please visit their web site at www.visualriskiq.com.

Data Analytics: Identifying and Responding to Business Risks Efficiently

Every time a company processes a transaction there is risk. Be it accidental errors such as duplicate entry, incorrect posting, and transposing numbers or intentional misconduct, all might be difficult to spot. As technology has advanced, so has the speed and volume of transaction processing. More is done in less time, which potentially increases the likelihood of error.

What can be done to prevent or mitigate these risks? Internal Controls. When designed properly, Internal Controls can detect a risk once it happens, or better yet, prevent a risk from happening in the first place.

Under the COSO Internal Control-Integrated Framework, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations.*

An example of an internal control is the three way match between a Purchase Order, a receipt of the goods and the related invoice. The control is that the match ensures that the invoice has the authorized price from the Purchase Order and that the quantity agrees to what has been received.

Designing an effective system of Internal Controls is just the beginning. Once designed, it is important to test the Internal Controls to make sure they are operating effectively. The traditional method for testing would investigate a sample size of roughly 25 invoices. If there are exceptions, the sample size will be increased. If there are no exceptions in the first 25, the Internal Controls were deemed effective. Without automation, this is the typical way to test the transactions and make assumptions on the entire population by extrapolation since there are too many transactions to manually test each one.

But what if there were errors, just not represented within the sample? Using CAATTs is the answer.

Computer Assisted Audit Tools and Techniques (CAATTs), is the practice of using software such as Excel or Access, or specialized Audit software such as ACL or IDEA, or ERP specific tools built into SAP or Oracle to automate or simplify the audit process. CAATTs are an efficient way to test all transactions, providing 100% assurance on the effectiveness of Internal Controls.*

What are the benefits?

• Large amount of data can be examined efficiently
• Timely identification of business risks and exceptions
• Business days are not interrupted with information requests to pull paper samples
• Once established, running the tests is simple and very cost-effective

What are the drawbacks?

• Setup time requires IT resource knowledge and availability
• Knowledge of the software to create the tests accurately
• Different system applications at different locations requires different tests to be created

To learn more about using CAATTS to identify and respond to business risks more efficiently visit www.vonyaglobal.com or contact Vonya Global for a free consultation.

* Excerpts taken from www.wikipedia.com