Small charities required to be audited will tend to fall within the Tier 3 Public Benefit entity reporting framework.
These entities will have expenses under $2million. If over $1million they will be required to be audited, and over $500k will need to be reviewed, but of course any entity may opt to be audited.
Most will have a Statement of Service Performance included in the content to be audited, although those that are opting in to audit (under $1million expenditure) may choose to not include an SSP in the scope of the audit.
Features of small charitable entities:
- Lack of division of duties
- “Off the shelf” software
- Potential cash handling risks (cash donations, fundraising etc)
- Income in many cases fairly easy to audit (e.g.grants)
- Related parties’ issues/volunteers
- Blurred lines over payments to volunteers
- Low volume of transactions
- Reliance on approval of transactions by committee
Steps to performing an audit of such an entity:
- Select appropriate audit template – Tier 3 PBE (2016 updates)
- Check that the entity is actually able to use Tier 3 PBE (page A2)
- Identify key personnel (1.7) – these will be reused later (edit from sidebar)
- Complete regular checks for independence, continuance, and assigning of staff
- Governance checklist may be useful
- Create engagement letter and attach draft example audit report
- Request items required for audit (A10) – this page may be shared with the client – (suggested that the auditor go through and n/a out anything that is not relevant for the client to address)
- Plan testing of Statement of Service Performance and Entity Information (A11)
Statement of Service Performance and Entity Information (A11):
- This is based on EG Au9 - Guidance on the Audit or Review of the Performance Report of Tier 3 Not- For-Profit Public Benefit Entities (a full standard is being released shortly)
- Seek to understand the entity at a deeper level than the numbers – what does the entity actual try to do? What does it exist for? (Qualitative rather than quantitative information)
- This is also helpful for the whole audit – a wider angle view
- How does the entity measure its achievement of its own goals (service performance)?
- What controls are there around this to ensure that this information is accurate?
- How do the decision makers determine that they are getting accurate information on these results?
- How can we create materiality that is qualitative rather than quantitative (The yardstick is “Will the misstatement be relevant to an assessment of the activities of the entity by a user of the performance report?”)
- Identify the risks that the SSP information may be materially misstated – flag like other risks
- Remember outcomes are what the entity seeks to achieve, outputs are what it has achieved
- Outcomes are relatively easy as they will usually be stated in the trust deed or founding document, outputs will be hardest to measure and to audit
- A range of tests of outputs is provided:
- Other tests may be added as appropriate
- A table is then created, outputs are added, and the tests above are applied
- The auditor is also asked to assess whether these outputs actually describe what the entity did i.e. is the list of outputs complete?
- The SSP work is essentially all done on this page, although there are further mentions later in terms of presentation and overall disclosure.
These notes are taken from a series of training sessions currently being developed looking at using Audit Assistant for different kinds of entities.