Nonprofit Audit Preparation: A Step-by-Step Guide
Prepare for your nonprofit's financial audit with a clear step-by-step process. Covers when audits are required, how to choose an auditor, PBC lists.
# Nonprofit Audit Preparation: A Step-by-Step Guide
The first time a funder told us we needed an audited financial statement, my reaction was: "How much is that going to cost?" followed immediately by: "What do we actually have to do?"
If you're in that spot right now — staring down your first audit, or your fifth audit but you've never had a clean process — this guide is for you. I'm going to walk you through when you actually need an audit, how to pick the right auditor without overpaying, exactly what to prepare, and how to make the whole thing as painless as possible.
Because here's the thing: audits aren't punishment. A clean audit is one of the most powerful signals you can send to funders, donors, and your board that you're running a legitimate, well-managed operation. The organizations that dread audits are usually the ones that aren't preparing year-round. The ones that treat audits as routine? They've built systems. That's what we're building here.
If you're setting up your nonprofit financial management infrastructure, audit readiness should be part of the foundation.
When Does a Nonprofit Need an Audit?
Not every nonprofit needs a full audit every year. The requirements depend on your size, funding sources, and state.
State Thresholds
Most states require audited financial statements once your annual revenue crosses a certain threshold. These vary widely:
| State | Audit Threshold | Notes |
|---|---|---|
| California | $2M+ revenue | Review required at $500K+ |
| New York | $1M+ revenue (if registered to solicit) | CPA review at $250K-$1M |
| Florida | $1M+ revenue | Independent audit |
| Texas | No state requirement | But funders often require it |
| Illinois | $300K+ revenue | If registered with AG |
| Pennsylvania | $750K+ revenue | |
| Massachusetts | $500K+ revenue |
Check your state Attorney General's office for current thresholds. These change, and some states have recently raised their thresholds.
Funder Requirements
Many institutional funders require audits regardless of state thresholds:
- Government grants: Most federal, state, and local government grants above $25,000-$50,000 require audited financials
- Community foundations: Typically require audits for grants above $50,000-$100,000
- Corporate foundations: Varies, but common for grants above $25,000
- United Way: Generally requires audits for member agencies
Pro tip: Read the fine print on every grant agreement. Some funders will accept a "review" or "compilation" instead of a full audit (more on the difference below). Don't pay for an audit when a review will suffice.
The Single Audit (OMB Uniform Guidance)
This is the big one. If your nonprofit expends $750,000 or more in federal funds in a single fiscal year, you're required to have a Single Audit (formerly called an A-133 audit) under the OMB Uniform Guidance (2 CFR 200).
This is more extensive (and more expensive) than a standard financial audit. It includes testing of your compliance with the specific requirements of each federal program you operate. If you're receiving significant federal funding, start planning for this early — it takes longer and costs more.
When It's Just a Good Idea
Even if no one requires it, consider getting an audit when:
- Your annual budget exceeds $500K and you don't have one
- You're applying for significantly larger grants and need credibility
- You have a new Executive Director or major board turnover (establishes a clean baseline)
- You suspect financial irregularities or want to verify internal controls
- You're merging with another organization
Audit vs. Review vs. Compilation
These three levels of CPA engagement are very different in scope, cost, and what they tell the reader.
Compilation (~$2,000-$5,000)
The CPA takes your financial data and puts it into proper financial statement format. They do not verify the data. No testing, no confirmation letters, no analysis.
What it says: "A CPA formatted these numbers, but didn't check if they're right."
Useful when: You need properly formatted financial statements for a small grant application and no one is requiring more.
Review (~$4,000-$10,000)
The CPA performs analytical procedures and inquiries — they look at your numbers, compare them to prior years, ask management questions, and check for obvious inconsistencies. They provide limited assurance that the financials are accurate.
What it says: "Based on our review, we are not aware of any material modifications that should be made."
Useful when: A funder accepts reviewed financials, or your revenue is in the $250K-$1M range and a full audit isn't required.
Audit (~$5,000-$25,000)
The CPA performs extensive testing — confirming bank balances directly with banks, testing a sample of transactions, verifying revenue recognition, testing internal controls, examining supporting documentation. They provide reasonable assurance and issue a formal opinion.
What it says: "In our opinion, these financial statements present fairly, in all material respects, the financial position of the organization."
Cost factors: Budget size, number of programs, number of grants, complexity of transactions, number of locations, whether you're audit-ready or the auditor has to do significant cleanup.
| Level | Cost Range | Assurance | Testing |
|---|---|---|---|
| Compilation | $2K-$5K | None | None |
| Review | $4K-$10K | Limited | Analytical only |
| Audit | $5K-$25K | Reasonable | Extensive |
| Single Audit | $10K-$40K | Reasonable + compliance | Extensive + federal programs |
Choosing an Auditor
This decision matters more than most nonprofits realize. A bad auditor wastes your money and time. A good one becomes a trusted advisor.
What to Look For
- Nonprofit experience. This is non-negotiable. Nonprofit accounting (FASB ASC 958) has specific rules around contributions, net asset classifications, and functional expense allocation that general auditors may not know well. Ask: "How many nonprofit audits does your firm perform annually?" Aim for a firm where nonprofits are at least 25% of their audit practice.
- Government audit experience (if you have federal funds). Single Audits require specific knowledge. Ask if they're registered with the Federal Audit Clearinghouse and how many Single Audits they perform.
- Size match. A Big Four firm will charge you $50K for a $1M nonprofit audit. A solo practitioner might not have the capacity for a complex engagement. Find a firm that serves organizations your size — typically a regional or local firm with 5-50 staff.
- References. Ask for three nonprofit references of similar size and complexity. Call them. Ask: "Were they responsive? Did the audit finish on time? Did they explain their findings clearly? What did they charge?"
- Rotation. Consider changing auditors every 5-7 years. Fresh eyes catch things that familiarity misses. Some funders require or recommend auditor rotation.
The Proposal Process
Get proposals from at least three firms. Provide each with:
- Prior year's financial statements (and audit report if available)
- Current year's trial balance (if available)
- List of all funding sources and grant programs
- Number of employees
- Number of bank and investment accounts
- Any known issues or restatements
Compare proposals on: fee, timeline, team assigned (who's actually doing the work — a partner or a first-year associate?), and their approach to communication during the engagement.
Red Flags
- They quote a fee without asking questions about your organization
- They can't name other nonprofit clients
- They don't ask about your internal controls
- They want to do everything "on-site" (much of modern audit work is done remotely)
- They can't start until your fiscal year has been over for 6+ months
The Audit Timeline (3-6 Months)
A well-run audit follows a predictable timeline. Here's what to expect for a June 30 fiscal year-end:
Planning Phase (2-4 Months Before Year-End)
March-April (for June 30 FYE):
- Select and engage auditor (if new)
- Review engagement letter
- Schedule the audit — interim fieldwork and final fieldwork dates
- Receive the Prepared by Client (PBC) list from the auditor
- Begin gathering year-to-date documentation
Interim Fieldwork (1-2 Months Before Year-End)
May (for June 30 FYE):
- Auditors test internal controls mid-year
- Review selected transactions from the first 9-10 months
- Identify any issues early so you can correct them before year-end
- This step is optional for smaller engagements but valuable for larger ones
Year-End Close
July (for June 30 FYE):
- Close your books — all transactions recorded, accounts reconciled
- Prepare year-end financial statements (trial balance, P&L, balance sheet)
- Complete all PBC list items
- This is your hardest month. Block the time.
Final Fieldwork (1-2 Months After Year-End)
August-September (for June 30 FYE):
- Auditors on-site or connected remotely for 1-3 weeks (depending on complexity)
- Test year-end balances, confirm bank accounts, sample test transactions
- Review subsequent events (anything significant between year-end and audit date)
- You'll get questions — respond quickly to keep things moving
Reporting (2-3 Months After Year-End)
September-October (for June 30 FYE):
- Draft audit report issued for management review
- Review for accuracy — are the numbers right? Are the footnotes accurate?
- Management representation letter signed (you're confirming the information you provided is accurate)
- Final audit report issued
- Management letter issued (if applicable — contains recommendations for improving internal controls)
- Present to the board
The PBC List: What Auditors Need From You
The PBC (Prepared by Client) list is the auditor's wish list — every document and schedule they need you to prepare. Getting ahead of this list is the #1 thing you can do to make your audit faster and cheaper.
Here's a typical PBC list:
Financial Records
- [ ] Year-end trial balance
- [ ] General ledger detail (all accounts, all months)
- [ ] Bank statements for all accounts (all 12 months)
- [ ] Bank reconciliations for all accounts (all 12 months)
- [ ] Investment statements (all quarters + year-end)
- [ ] Accounts receivable aging schedule
- [ ] Accounts payable aging schedule
- [ ] Credit card statements (all months)
Revenue Documentation
- [ ] Schedule of all grants and contracts (funder, amount, period, restrictions)
- [ ] Grant award letters and agreements
- [ ] Grant financial reports submitted during the year
- [ ] Donation records and acknowledgment letters (for a sample of donations)
- [ ] Earned revenue documentation (fee-for-service contracts, event revenue)
- [ ] In-kind donation documentation and valuation methods
Expense Documentation
- [ ] Payroll registers (all pay periods)
- [ ] Sample of expense receipts and invoices (auditor will specify which ones)
- [ ] Functional expense allocation methodology documentation
- [ ] Lease agreements
- [ ] Insurance policies
- [ ] Contracts with vendors above $[threshold]
Governance & Compliance
- [ ] Board meeting minutes (all meetings during the fiscal year)
- [ ] Board-approved annual budget
- [ ] Form 990 (prior year, if not yet filed for current year)
- [ ] Conflict of interest policy and signed disclosures
- [ ] Whistleblower policy
- [ ] Document retention policy
- [ ] List of board members with terms and affiliations
Tax & Regulatory
- [ ] IRS determination letter (501(c)(3) status)
- [ ] State registration certificates
- [ ] Sales tax exemption certificates
- [ ] W-9s for all contractors paid $600+
- [ ] 1099s issued
- [ ] Payroll tax returns (Form 941, state equivalents)
For Single Audits (Additional)
- [ ] Schedule of Expenditures of Federal Awards (SEFA)
- [ ] Federal grant agreements and amendments
- [ ] Compliance reports submitted to federal agencies
- [ ] Subrecipient monitoring documentation
- [ ] Indirect cost rate agreement (if applicable)
If you're set up with solid accounting from day one, most of these items are already organized and accessible.
Adjusting Entries: Don't Panic
During the audit, the auditor will likely propose adjusting journal entries (AJEs). These are corrections to your books. Common ones include:
- Accruals: Revenue or expenses that should be recognized in this fiscal year but weren't recorded
- Reclassifications: Transactions coded to the wrong account (recorded as "supplies" when it should be "equipment")
- Deferred revenue: Grant funds received but not yet earned (must be recorded as a liability, not revenue)
- Depreciation adjustments: Incorrect or missing depreciation calculations
- Net asset reclassifications: Correcting the split between restricted and unrestricted
A few AJEs are normal and expected. A lot of AJEs (more than 10-15) suggests your bookkeeping process needs improvement. If you find yourself with extensive adjustments year after year, invest in stronger monthly close procedures or a more experienced bookkeeper.
The auditor should discuss every proposed AJE with you before posting it. You have the right to understand — and even disagree with — proposed adjustments. If you disagree, discuss it. The auditor may have a valid accounting point you hadn't considered, or you may have context they're missing.
The Management Letter
After the audit, some auditors issue a management letter (also called a "communication of internal control deficiencies"). This is a letter to your board outlining weaknesses the auditor identified in your internal controls and recommendations for improvement.
Common Management Letter Findings
- Segregation of duties: The same person authorizes, records, and reconciles transactions (very common in small nonprofits)
- Missing approvals: Expenses above a threshold not having documented approval
- Untimely reconciliations: Bank reconciliations not completed monthly
- Inadequate documentation: Missing receipts or inadequate records for certain transactions
- No formal policies: Missing financial policies (purchasing, travel reimbursement, reserves)
How to Respond
Take the management letter seriously. For each finding:
- Acknowledge it (don't get defensive — auditors are trying to help)
- Develop a corrective action plan
- Assign responsibility and a deadline
- Report progress to the board
- Implement before next year's audit
A clean management letter (no findings) is a significant accomplishment. If you get one, celebrate it.
Clean vs. Qualified Opinion: What It Means
The auditor's opinion is the whole point of the exercise. Here's what each type means:
Unmodified (Clean) Opinion
"In our opinion, the financial statements present fairly, in all material respects..."
This is what you want. It means the auditor found no material misstatements. Your financials are accurate. Show this to every funder, every donor, every board member.
Qualified Opinion
"Except for [specific issue]..."
The auditor found a specific, limited problem. Maybe you couldn't provide documentation for one grant, or there's a disagreement on how to account for one transaction. The rest of the financials are fair, but there's a carve-out.
Impact: Some funders will accept a qualified opinion; others won't. It depends on what the qualification is about.
Adverse Opinion
"The financial statements do NOT present fairly..."
This is bad. It means the auditor found pervasive, material misstatements. Your books are significantly wrong. This almost never happens to well-managed organizations.
Impact: Most funders will not accept this. It signals serious financial management problems.
Disclaimer of Opinion
"We were unable to obtain sufficient evidence..."
The auditor couldn't complete the audit — usually because records were missing, management was uncooperative, or there were scope limitations. This is worse than an adverse opinion in some ways because it suggests the organization couldn't even support an audit.
Year-Round Audit Preparation
The organizations that sail through audits don't scramble in the months before. They maintain audit-ready books all year. Here's how:
Monthly Disciplines
- Close your books monthly. All transactions recorded, all accounts reconciled, financial statements generated. If you're behind, you'll stay behind. A solid bookkeeping practice makes this automatic.
- Reconcile every bank account within 10 days of month-end
- Review all grant spending against budgets — catch overages or coding errors in real time
- File receipts and documentation immediately — not in a shoebox at year-end
- Review payroll — verify allocations match actual time worked on each program
Quarterly Disciplines
- Review financial statements with your Finance Committee
- Check net asset classifications — are restricted funds being tracked correctly?
- Update your grant schedule — new awards, completed grants, remaining balances
- Test your own controls — have someone other than the bookkeeper spot-check a few transactions
Annual Disciplines
- Update your PBC list (or create one if this is your first audit)
- Review all policies — financial, conflict of interest, document retention
- Collect board conflict of interest disclosures
- Verify 1099 readiness — do you have W-9s for all contractors?
- Prepare your Form 990 draft — even if you extend, having the draft ready helps
The Payoff
Organizations that maintain year-round audit discipline typically:
- Pay 20-30% less in audit fees (the auditor spends less time on cleanup and follow-up)
- Receive their final audit report 30-60 days sooner
- Have fewer adjusting entries
- Receive cleaner management letters (or none at all)
- Impress funders and board members with their financial stewardship
How Holdings Helps Nonprofits Stay Audit-Ready
When your banking and bookkeeping live in the same platform:
- Every transaction is automatically categorized — your general ledger stays current without manual entry
- Bank reconciliations happen automatically — because your bank IS your books
- Monthly financial statements are always available — P&L, balance sheet, cash flow, generated in real time
- Grant tracking per account — separate accounts per program mean clean fund accounting
- Export everything — auditors can get what they need in minutes, not days
We built Holdings because nonprofits shouldn't need a $50,000/year accounting department to have clean books. AI bookkeeping catches miscategorizations, flags unusual transactions, and keeps you audit-ready 365 days a year.
Banking partner i3 Bank, Member FDIC. Up to $3M in FDIC coverage. 1.75% APY on deposits.
Download: Audit Preparation Checklist
We built an Audit Preparation Checklist with a month-by-month prep timeline, a complete PBC list template, and a document collection checklist. Download it, assign responsibilities to your team, and walk into your next audit confident and prepared.
---
*This guide is for informational purposes and doesn't constitute financial, legal, or audit advice. Consult with a qualified CPA for guidance specific to your organization. Holdings is a financial technology company, not a bank. Banking services provided by i3 Bank, Member FDIC.*
📥 Free Download
Download the companion resource for this guide.