Comparison of a Financial Audit and Financial Review

The Community Foundation requires that all organizations that submit applications to our competitive grant

programs must receive a financial audit or a financial review. These are both terms used to describe levels of

financial analysis completed by an “auditor,” meaning someone external to the nonprofit organization

(generally a CPA or accounting firm).

Here is more detailed information on what is meant by these terms:

Comparison of a Financial Audit and Financial Review

Attribute

Audit

Review

Engagement performed for the purpose of providing

an opinion or report about whether the financial

statements are presented fairly in conformity with

generally accepted accounting principles

The auditor obtains a high, but not

absolute, level of assurance about

whether the financial statements are

free of material misstatement

Accountant obtains limited assurance

that no material modifications should

be made to the financial statements

CPA obtains an understanding of internal control

over financial statements

Yes

CPA tests the effectiveness of internal control

Frequently, but not always. The

nature and extent of internal control

testing depends on the auditor’s

judgment and conclusions

pertaining to risk assessment

CPA verifies certain balances and transactions with

third parties

Yes

CPA performs procedures to obtain reasonable

assurance that financial statements are free of

material misstatements whether caused by fraud or

error

Yes

Financial statements are the responsibility of

management

Yes

Financial statements are prepared by and are the

responsibility of management

Yes, but CPA may assist in drafting

CPA guarantees that the financial statements are

accurate and free of fraud

CPA evaluates the entity’s policy decision and use of

resources

CPA reports material weaknesses in internal control

over financial reporting noted during the

engagement to management or audit committee

Yes

Not required, though may be done if

matters come to the CPA’s attention

CPA acts as a whistleblower internally and reports

identified fraud to management or audit committee

Yes

Yes, unless clearly inconsequential

CPA acts as a whistleblower externally and reports

fraud and other matters to third parties, such as the

IRS or state attorneys general

Cost

The cost of an audit or review will vary depending on many factors

What is an audit?

The financial statements for nonprofit organizations (NPOs) are prepared by and are the responsibility of the

NPO’s management. The auditor’s responsibility is to express an opinion on those financial statements based

on the audit. Generally Accepted Accounting Standards (GAAS) require that the auditor plan and perform the

audit to obtain reasonable assurance about whether the financial statements are free of material misstatement,

whether caused by error or fraud. Though this is a reasonable or high level of assurance, an audit does not

provide a guarantee of accuracy.

An audit includes obtaining knowledge about and an understanding of the industry in which the entity

operates. It includes acquiring information on key aspects of the entity, including operating methods,

products and services, material transactions with related parties, and internal controls. Auditors make inquiries

concerning financial statement related matters, such as accounting principles and practices; recordkeeping

practices, accounting policies, actions of the governing board, and changes in business activities. Auditors

apply analytical procedures designed to identify unusual items or trends in the financial statements that may

need explanation. An audit also includes assessing the accounting principles used and significant estimates

made by management, as well as evaluating the overall financial statement presentation. Essentially, many of

the preceding procedures are designed to determine whether the financial statements make sense, prior to

applying additional audit procedures.

An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial

statements. Typical audit procedures might include confirming balances with banks or creditors, observing

inventory counting, and testing selected transactions by examining supporting documents. In addition, the

auditor contacts other sources outside of the client to gather information that may be more objective than that

obtained from internal sources. For example, the auditor may decide to obtain written confirmation from an

NPO’s donors about promises to give. While accumulating this type of evidence, the auditor tries to reduce

the risk that the financial statements will be materially misstated.

Because an audit must be performed at a reasonable cost, an auditor tests a portion of the transactions and

does not examine 100 percent of all transactions. The auditor must exercise skill and judgment in deciding

what evidence to look at, when to look at it, and how much to look at. The auditor must also exercise skill and

judgment in evaluating and interpreting the results of the tests performed. Additionally, because

management in preparing its financial statements must use estimates and because estimates are inherently

imprecise, an audit cannot guarantee exactness.

The auditor plans and performs the audit with an attitude of professional skepticism; that is, the auditor

designs the audit to obtain reasonable assurance that material errors or fraud are detected. An audit,

however, does not and cannot provide a guarantee that fraud does not exist. For example, the auditor may

not find fraud concealed through forgery or collusion, because the auditor is not trained to catch forgeries, nor

will customary audit procedures detect all conspiracies. Procedures the auditor performs pertaining to

consideration of fraud in a financial statement audit include, but are not limited to, the following:

• Discussion among the engagement personnel regarding the risks of material misstatement due to

fraud

• Identifying risks that may result in a material misstatement due to fraud

• Assessing identified risks after taking into account an evaluation of the entity’s programs and controls

• Responding to the results of an assessment

• Evaluating audit evidence

• Communicating about fraud to management, the audit committee, and others

What is a review?

During a review performed in accordance with Statements on Standards for Accounting and Review Services

(SSARS), an accountant obtains limited assurance that material changes to the financial statements are not

necessary in order for the financial statements to be in conformity with Generally Accepted Accounting

Principles (GAAP).

The end product of a review is the CPA’s report on the accompanying financial statements. The CPA’s report

states the scope of the CPA’s work (for example, which financial statements have been reviewed) and provides

a statement that the CPA is not aware of any material modifications that should be made to the financial

statements in order for them to be in conformity with GAAP.

As with all levels of service the financial statements are the responsibility of the NPO’s management. The

primary difference between a review and an audit is that in an audit, the auditor verifies management’s

amounts and disclosures with evidence provided by third parties. In a review, the CPA ordinarily does not

verify management’s amounts and disclosures with outside evidence unless the CPA believes that the amounts

and disclosures are materially inaccurate.

In performing a review, the CPA performs inquiries and analytical procedures designed to identify unusual

items or trends that may need further explanation by management. Essentially, the review is designed to

determine whether the financial statements make sense without applying audit-like procedures. A review of

financial statements does not require that the CPA obtain an understanding of the entity’s internal control,

assess control risk, test accounting records and responses to inquiries by obtaining corroborating evidential

matter, or perform certain other procedures ordinarily performed during an audit. A review does include

assessing the accounting principles used and significant estimates, made by management, as well as

evaluating the overall financial statement presentation.