What matters most before you hire an auditor
- An audit gives reasonable assurance, not a guarantee that every problem will be found.
- If a nonprofit expends $1 million or more in federal awards during the fiscal year, a single audit is generally required under current federal rules.
- State filing rules and grant agreements can trigger audit requirements even when federal rules do not.
- Audit, review, and compilation are not interchangeable services; they solve different problems at different price points.
- Most audit cost inflation comes from weak month-end close, missing support, and complex grant activity.
- The fastest way to reduce friction is to keep reconciliations, board records, and grant files current all year.
What an independent audit really covers
An audit is a detailed, independent examination of a nonprofit’s financial statements and the evidence behind them. The auditor is looking for material misstatement, which means an error or omission large enough to change a reader’s decision. In plain terms, the question is not whether the books are perfect; it is whether they are trustworthy enough for boards, donors, lenders, and regulators to rely on them.
That scope usually includes cash, receivables, payables, payroll, revenue recognition, restricted funds, fixed assets, and the disclosures attached to those items. If the organization receives federal money and crosses the single-audit threshold, the work expands again: the auditor also tests compliance with federal award requirements and reviews the Schedule of Expenditures of Federal Awards, or SEFA, which is the summary of federal spending subject to audit.
Just as important, an audit does not measure program impact or mission success. It tells you whether the financial reporting and compliance story is reliable. Once that scope is clear, the next question is whether the nonprofit is actually required to hire an auditor or whether a lighter engagement is enough.
When a U.S. nonprofit needs one
At the federal level, the current rule is straightforward: if a non-Federal entity expends $1 million or more in federal awards during its fiscal year, a single audit is required. The reporting package is generally due within the earlier of 30 calendar days after the auditor’s report or 9 months after the end of the audit period. That deadline matters because many nonprofits plan the audit late and then discover they have less room to move than they expected.
State rules are a separate layer. Many states tie audit requirements to annual revenue, contributions, or charitable registration status, and some private funders impose their own audit clauses. Grant agreements and lender covenants can also force an audit even when neither federal nor state law would. I would not treat “we are below the federal threshold” as the end of the discussion.
In practice, I think of audit triggers in four buckets:
- Federal awards that cross the single-audit threshold.
- State law requirements tied to revenue, contributions, or solicitation registration.
- Contractual terms in grants, loans, or donor agreements.
- Board policy or bylaws that require independent financial review as a governance safeguard.
That compliance stack can change quickly as a nonprofit grows, which is why the next comparison matters if you are trying to match the engagement to the real need.
Audit, review, or compilation is the difference
This is where many organizations overspend or undershoot. If a funder wants audited financials, a review will not be enough; if nobody outside the organization needs assurance, paying for a full audit may be unnecessary. I prefer to match the engagement to the decision the report has to support, not to the default habit of “getting an audit because that sounds safer.”
| Engagement | Assurance level | What it gives you | Best fit | Main limitation |
|---|---|---|---|---|
| Audit | Reasonable assurance | An independent opinion on the financial statements; in a single audit, compliance testing too | Boards, regulators, grantors, lenders, and organizations needing the strongest external credibility | Most expensive and time-consuming option |
| Review | Limited assurance | CPA inquiries and analytical procedures that identify obvious issues or unusual trends | Smaller nonprofits that need some outside credibility but do not face audit-level requirements | Usually not enough for many funders or compliance triggers |
| Compilation | No assurance | Financial statements presented from management’s data without testing | Internal reporting or early-stage organizations with simple needs | Offers little external value when stakeholders expect independent verification |
The practical test is simple: if the report has to satisfy an external party, you need to know exactly what that party accepts. A compilation may be inexpensive, but it does not carry the same weight as audited statements, and a review sits in the middle without replacing an audit where one is required. Once you know the engagement type, the next variable is the process itself.
How the audit process usually unfolds
A clean audit is less about heroics and more about sequencing. The firms that do this well ask for the right records early and keep the board out of the weeds until judgment is actually needed. I usually think of the process in four stages.
-
Planning and risk assessment.
The auditor learns how the nonprofit earns money, how grants flow, who approves spending, and where the biggest risks sit. This is where the PBC list appears, which means “prepared by client” and is simply the set of files the auditor needs before testing begins.
-
Fieldwork and testing.
The audit team samples transactions, bank reconciliations, payroll records, journal entries, and disclosures. They are checking whether the numbers tie back to support and whether the organization’s controls actually work in practice.
-
Compliance testing if federal funds are involved.
For a single audit, the scope expands to major federal programs, including eligibility, allowable costs, reporting, procurement, and subrecipient monitoring. This is the part that makes federal funding more demanding than a standard financial statement audit.
-
Exit meeting and reporting.
The auditor issues the opinion, shares findings, and may draft a management letter or governance letter. If the report flags a material weakness, that means a control problem serious enough that a material error could slip through without being caught.
The biggest slowdowns are usually missing support, unexplained journal entries, and accounts that were never reconciled during the year. If your records are organized, the process is far less dramatic than people expect, which is why preparation deserves its own section.
What the work typically costs
Cost is mostly a function of time. The more complexity, the more hours, and the more hours, the higher the fee. In the U.S. market, a straightforward nonprofit audit often lands in the $5,000 to $20,000 range, while more complex or larger engagements can move into the $25,000 to $50,000+ range. Single audits usually push higher because the compliance work adds another layer of testing.
| Organization profile | Typical fee range | Why the price moves |
|---|---|---|
| Small nonprofit with clean monthly closes and few funding sources | $5,000 to $15,000 | Less testing, fewer schedules, and simpler review of controls |
| Mid-sized nonprofit with grants, restricted funds, and multiple bank accounts | $15,000 to $30,000 | More sampling, more disclosure support, and more time spent on reconciliation issues |
| Complex nonprofit, first-year audit, or single-audit engagement | $25,000 to $50,000+ | Compliance testing, more coordination, and a heavier documentation burden |
If you want to control cost, the fastest lever is usually the monthly close. A messy close is expensive because auditors spend time reconstructing what management should already have ready. The same is true when grant files are scattered or when restricted funds are not tracked cleanly, so the next section is about avoiding that problem.
How to prepare records before fieldwork begins
I start audit prep earlier than most boards expect. Ninety to 120 days before year-end is not too early if the finance team wants the fee to stay predictable and the questions to stay manageable. The goal is simple: make the auditor test your records, not rebuild them.
Core financial records
- Monthly bank and credit card reconciliations.
- General ledger reports that tie to the financial statements.
- Payroll registers, benefit support, and payroll tax filings.
- Fixed asset schedules with additions, disposals, and depreciation.
- Restricted and unrestricted net asset rollforwards.
- Grant agreements, reimbursement requests, and donor restrictions.
- Documentation for in-kind contributions if they are material.
Governance and control documents
- Board minutes and committee minutes.
- Approval matrix for spending, hiring, and transfers.
- Conflict of interest policy and whistleblower policy.
- Evidence that duties are separated where possible.
Read Also: Nonprofit Fundraising Costs - Master Allocation & Maximize Impact
Federal award files if applicable
- SEFA support and grant-by-grant summaries.
- Subrecipient monitoring records.
- Procurement support for federally funded purchases.
- Eligibility and reporting evidence for major programs.
When these items are current, the auditor spends more time on judgment and less on housekeeping. That is the difference between a productive engagement and one that keeps circling back to missing support, which leads directly to the question of who should perform the work.
How to choose the right auditor for your nonprofit
The wrong auditor can turn a routine engagement into a year-long annoyance. I look for four things: nonprofit depth, federal-grant fluency, strong communication, and a fee structure that reflects scope instead of guesswork. If one of those is missing, the relationship usually gets expensive in a different way.
- Ask whether the firm has audited nonprofits similar in size, funding mix, and program complexity.
- Confirm that the team can handle a single audit if federal awards might cross the threshold.
- Verify independence and ask about the firm’s peer review or quality-control process.
- Find out who will actually do the fieldwork, not just who signs the proposal.
- Make sure the engagement letter names deliverables, deadlines, and expected reporting.
- Check whether the firm can explain findings to the board in plain English.
If the quote is far below the rest, the scope is often thin. If the firm does not ask about grants, controls, or restricted funds, it is probably not designing the audit correctly. The best auditors are not always the cheapest; they are the ones who reduce rework and tell you something useful.
The board moves that make next year easier
Once the audit report arrives, the board should treat it as a governance tool, not a filing requirement. That means the audit committee or finance committee should review the management letter, track repeat findings, and ask whether the organization’s controls actually improved.
- Put the management letter on a board or audit committee agenda, not just in an email folder.
- Track federal awards monthly so the single-audit threshold never becomes a surprise.
- Use a rolling close calendar and reconcile major accounts every month.
- Budget for the next audit before year-end if growth is pushing the organization toward a trigger.
- Turn repeat findings into named corrective actions with owners and deadlines.
For me, the real test is whether the audit changes behavior. If it only produces a PDF, the organization got compliance; if it changes approvals, reconciliations, and grant tracking, it also got stronger governance. That is the point where the audit stops being an annual interruption and starts becoming part of how the nonprofit operates.
