• Effective Audit Committee Guide

“The audit committee plays a critical role in fostering a strong tone at the top, which is the foundation for a robust control environment.”-Wayne Kolins, Partner, Global Head of Audit and Accounting, BDO International Limited

Internal control over financial reporting is crucial to the governance of an organization. The audit committee’s primary responsibility with respect to internal control is the internal control over financial reporting.

In order to be knowledgeable about management’s evaluation and assessment of internal control, the audit committee needs a good understanding of the organization’s framework and related components of internal control. One framework used in practice includes the following key integrated components:
  • Control environment – tone of the organization
  • Risk assessment – identification and analysis of relevant risks
  • Control activities – policies and procedures
  • Information and communication – relevance and timeliness
  • Monitoring – ongoing assessment of controls

Understanding of the organization’s control environment; how robust the risk assessment process employed by management is; what activities in the form of policies and procedures have been put in place by the organization to meet risk management objectives; whether information and communications are relevant and timely to ensure adequacy of the internal control system; and how well the organization is able to monitor existing controls to ensure they are operating effectively and efficiently is paramount for the audit committee to then be able to understand how and where things may go wrong.

In this regard, auditors are required to report all significant deficiencies and material weaknesses, in writing, to the audit committee. A significant deficiency (SD) is defined as a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the organization’s financial reporting.

material weakness (MW) is defined as a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the organization’s financial statements will not be prevented or detected on a timely basis.15
(15) Note: AICPA SAS 115, as it pertains to nonpublic organizations, aligns the definitions of significant deficiencies and material weaknesses with those included in PCAOB AS 5. SAS 115 also requires the auditors to communicate in writing to the audit committee or those charged with governance of nonpublic organizations SDs and MWs identified during the course of the audit. Refer to the earlier section on required communications for more information.



Andrea Espinola Wilson.
Andrea Wilson Managing Partner; Industry Specialty Services National Co-Leader, Nonprofit & Education Practice 703-752-2784
Adam Cole.
Adam Cole Managing Partner; Nonprofit & Education Advisory Practice National Co-Leader 212-885-8327
Laurie De Armond.
Laurie De Armond Assurance Office Managing Partner; Institute for Nonprofit Excellence Executive Director 703-336-1453
Marc Berger
Marc Berger National Director, Nonprofit Tax Services 703-336-1420
Lee Klumpp
Lee Klumpp National Professional Practice Partner – Nonprofit and Government Industries 703-336-1497
See all contacts

Nonprofit Standard Newsletter


We Wrote The Book


How to Read Nonprofit Financial Statements: A Practical Guide is a key resource that will help you read, interpret, and use nonprofit financial statements.

Video Series: Nonprofit Voices