An overview of what auditors need to keep in mind when auditing NGOs
Auditors need to be mindful of the relevant implications arising from audits of non-governmental organizations, particularly charitable institutions, whose governance structures and day-to-day operations often differ from commercial organizations. The Institute has handled a number of complaints in which the auditors failed to customize their procedures to their clients’ businesses which resulted in various audit deficiencies in engagement acceptance, audit planning and audit test work.
Understanding the client
The Hong Kong Standards on Auditing require an auditor to obtain a thorough understanding of all their clients – including charitable institutions. This includes its operations, ownership and governance structures, and the internal controls relevant to the audit.
Many charitable institutions do not possess sophisticated accounting teams capable of providing support on accounting and internal control matters at a level commensurate with other organizations. It is also common that the power to govern the day-to-day operations are concentrated in a few management individuals. Therefore, it is crucial for auditors to acquire a sufficient understanding of their clients, including the internal controls in place, to properly design their audit procedures. When controls are lacking, auditors may need to amend their audit plan.
The Institute has handled past cases concerning deficiencies in this area. In one case, the auditor reviewed the prior-period audited financial statements and considered those alone would be sufficient to justify their initial acceptance of the audit engagement. There was no evidence that they had assessed other factors, including the integrity of principal owners and key management and the institution’s internal controls.
Having obtained an understanding of their clients’ businesses, auditors should design and perform procedures to obtain sufficient appropriate audit evidence on transactions, account balances and disclosures reflected in the financial statements.
Revenue is one of the key accounts to be tested in an audit and for many charitable institutions, including those founded to further religious beliefs, revenue will ordinarily comprise donations and net income derived from hosting events. Auditors need to be mindful that not all charitable institutions maintain sufficient controls on how management handles donations or event income, and so auditors need to address the resulting risk of material understatement of revenue.
In a number of cases seen by the Institute, the auditors only traced selected income amounts from the ledger to the supporting documents or bank deposit slips. They failed to consider completeness and perform procedures to address the risk that some income may not have been recognized in the ledger.
To ensure high quality evidence is obtained, auditors should determine whether to test the effectiveness of controls over completeness of revenue. Auditors may also consider if it is appropriate to test the accuracy and completeness of source documents before relying on them to perform other audit procedures.
Auditors should understand the nature of expenditures incurred by their clients, in order to ascertain their propriety in accordance with the institutions’ governance structures and other relevant requirements.
A case encountered by the Institute involving the financial statement audit of a religious organization revealed that its memorandum of association prohibited it from paying any benefit to directors. Notwithstanding, directors approved the payment of certain investment insurance, in the directors’ own names, and expensed the amounts in the financial statements. The auditor merely relied on management’s representations that they had been incurred in the ordinary course of operations, without performing procedures to evaluate whether these were genuine expenses.
In other situations, the auditors only checked the payment vouchers approved by management or cheque payment slips for expenditures without acquiring a sufficient understanding of the underlying activities and checking externally-generated documents (e.g. suppliers’ invoices). It is therefore hard to justify that the auditors have obtained sufficient appropriate evidence.
Related party transactions
When day-to-day management of a charitable institution is confined to a few individuals, there may be higher risks of improper segregation of interests between the institution and management. Consequently, the auditors’ identification and evaluation of related party transactions is vital. In one case, the auditor inappropriately concurred with the institution’s treatment of petty cash paid to the personal accounts of its directors as general prepayments – but not related party transactions.
Auditors should be sceptical about any expenditures incurred by management personnel, and evaluate whether they should instead be accounted for as related party transactions in the form of amounts due from directors, with appropriate financial statements disclosures.
Auditors should also be alert to the risk that charitable institutions may be prone to being used as vehicles to carry out money-laundering or other illegal activities. Members are reminded of their ethical obligations under the Guidelines on Anti-Money Laundering and Counter-Terrorist Financing for Professional Accountants, contained in the Code of Ethics for Professional Accountants, as well as other legal obligations.
Audits of the financial statements of charitable institutions are no less stringent than other audit engagements. A properly planned and executed audit can protect the public interest concerning the financial integrity of the institutions, and maintain public confidence in the profession.
This article is contributed by the Institute’s Compliance Department.