Understanding the Right Audit for Your Nonprofit

If you’re running a nonprofit, you already know audits are more than a regulatory box to check. They’re critical tools for protecting your organization’s mission, securing large-scale funding and reinforcing stakeholder trust. But not all audits serve the same purpose.

Some are required by law or grantors. And a few can even expose fraud before it disrupts your operations. Choosing the right audit type depends on your nonprofit’s structure, funding streams and long-term goals. In this guide, we’ll walk through each type of audit commonly used in the nonprofit sector. And more importantly, we’ll show you who needs them and why.

Let’s start with the gold standard.

Financial audits: Built for confidence and compliance

Financial audits provide the highest level of assurance you can give to external stakeholders. Conducted in accordance with generally accepted auditing standards (GAAS), these audits result in a formal opinion on whether your organization’s financial statements are presented fairly.

So who requires them?

• State governments, often for registration or renewal of charitable solicitation licenses
• Large private foundations, especially for grants exceeding six figures
• Institutional donors that request independent verification of financial health
• Board members and finance committees as part of governance oversight

If your nonprofit receives significant support from outside funders, operates in multiple states or has plans for major capital campaigns, a financial audit is essential. Not only is it important for compliance, it also helps them win competitive grant awards, negotiate favorable financing and show fiscal transparency to local government partners.

But financial audits aren’t one size fits all. They require substantial documentation, internal control reviews and detailed testing of transactions. That’s why it’s important to engage a CPA firm with experience in nonprofit assurance services and a strong understanding of your funding environment.

If your organization is preparing for significant funding growth or seeking to increase donor confidence, a financial audit is the right next step.

 

 

Single audits: Required for federal grant recipients

If your nonprofit spends $1,000,000 or more in federal funds in a single fiscal year (in fiscal years ending on or after Sept. 30, 2025), a single audit is a federal requirement. Governed by the Uniform Guidance (2 CFR Part 200), this audit combines a traditional financial audit with a compliance audit that focuses on how you manage federal awards.

The purpose of a single audit is to ensure your organization complies with federal program requirements. That includes how you spend funds, track allowable costs, maintain internal controls and meet specific grant objectives.

Here’s who requires a single audit:

• Federal agencies, such as the Department of Health and Human Services or HUD
• Pass-through entities, like state or local governments that subgrant federal funds
• Independent boards or fiscal sponsors, particularly if your organization serves as a lead applicant for multi-partner federal grants

For example, consider a nonprofit healthcare organization that received more than $2 million through a federally funded state mental health initiative. Even though the money was distributed by the state, its federal origin means the organization must undergo a single audit to confirm spending compliance, assess internal controls and remain eligible for future federal program funding.

Beyond compliance, a well-executed single audit demonstrates your operational strength and financial reliability. It also identifies internal improvements that strengthen your grants management systems.

Nonprofits with complex funding structures or recurring federal contracts should prepare early in the fiscal year. Working closely with your CPA firm to align documentation, timekeeping, and reporting systems can reduce delays and protect your eligibility for future awards.

For a detailed guide on the Single Audit Act and federal compliance requirements, see the Government Accountability Office’s audit standards.

Review engagements: A flexible middle ground

If your nonprofit isn’t legally required to have a full audit, but your board or funders still want a level of assurance, a review engagement may be the best fit.

A review provides limited assurance. That means the CPA performs analytical procedures and inquiries to confirm that your financial statements make sense and are free from obvious errors. Unlike a full audit, a review doesn’t involve deep testing of transactions or internal controls.

When is a review engagement the right move?

• Your organization has outgrown internal-only financial reporting but isn’t required to undergo a full audit
• A lender or private donor requests independent financial statements without the higher cost of an audit
• You’re applying for a smaller foundation grant that requires reviewed financials

This middle-ground approach is often useful for growing nonprofits. It signals financial maturity without requiring the extensive preparation and expense of a full audit.

To illustrate, imagine that a local arts nonprofit increases its annual revenue to $1.5 million through a mix of ticket sales and sponsorships. Their board might request a review to provide more visibility into operations and prepare for a future audit.

However, reviews have their limitations. They do not test transactions or assess internal controls. They also won’t satisfy most federal, state or major institutional funder requirements.

If you’re unsure whether a review is sufficient or an audit is required, we recommend speaking with our assurance services team. We help nonprofit leaders make cost-effective decisions based on funding sources, compliance thresholds, and long-term planning. Explore our Assurance Services for more insight.

Compilation reports: For internal or informal use

Not every nonprofit needs a formal audit or review. If your organization is small, new or in a transitional phase, a compilation might be all you need to present financial statements in a clean, organized format.

A compilation is the lowest level of assurance. In fact, it doesn’t offer any assurance at all. Instead, the CPA gathers financial data provided by your organization and formats it according to generally accepted accounting principles (GAAP). There’s no verification, analysis or opinion issued.

So when is a compilation appropriate?

• Your board or internal leadership wants GAAP-compliant financials without external verification
• You’re preparing to apply for a grant and want clean financial statements before pursuing a review or audit
• Your nonprofit is just getting off the ground and needs an inexpensive option for financial reporting

For example, a nonprofit community theater group with annual revenue under $500,000 might use a compilation to present financials at their board retreat. This would help them outline priorities for growth, budgeting and eventual audit preparation once their funding increased.

If your nonprofit is growing quickly, a compilation might be a good temporary step. But it’s not a substitute for the oversight and confidence that comes with higher-assurance engagements. We can help you determine when it’s time to shift from a compilation to a review or audit and ensure you’re ready when the time comes.

 

 

Compliance audits: Meeting grant and program-specific rules

Compliance audits serve a very specific purpose: They confirm that your organization is meeting the requirements of a specific funding agreement, regulatory obligation or operational standard.

These audits focus on how you administer funds, document spending, follow eligibility rules and maintain appropriate records for the activity being funded.

Here’s when a compliance audit may be required:

• You’ve received state or local government funding that comes with spending restrictions
• You’re managing a restricted-use endowment or grant that requires a detailed use-of-funds review
• A funder or oversight body requests proof that you’ve followed the terms of a grant agreement

Let’s say your nonprofit was awarded a $1.2 million grant by a state agency to provide mental health services in underserved communities. That grant might stipulate that funds only be spent on licensed personnel, client counseling services and administrative costs capped at a fixed percentage. A compliance audit would examine whether your nonprofit followed those conditions accurately.

Unlike a single audit, which is federally mandated and standardized, a compliance audit is often tailored to the specific funding source or program. That means the audit procedures are developed to match the rules of that particular agreement.

The level of assurance in a compliance audit varies depending on the funder and the nature of the program. It often falls between the rigor of a review and the depth of a full audit.

Government-funded nonprofits in particular should keep strong internal controls and documentation practices year round. That makes it easier to produce the right support when a compliance audit is requested.

For a helpful reference, the Florida Department of Financial Services outlines state-specific compliance requirements for nonprofits receiving grant money.

Program audits: Focused on performance and impact

A program audit takes a different approach than traditional financial audits. Instead of concentrating solely on financial accuracy, this audit examines how well a specific program is performing in relation to its stated goals and how the associated funds are being used.

These audits are often commissioned by funders, particularly when the grant has outcome-based requirements or performance benchmarks. They are especially common for:

• Federal or state-funded initiatives with reporting mandates tied to service delivery
• Foundations supporting multi-year pilot programs
• Organizations participating in community impact collaboratives or shared funding models

Here’s an example. Your nonprofit operates a job readiness program funded by a national foundation. The grant agreement specifies that you must place at least 100 individuals into full-time jobs annually. A program audit would assess whether you met that target, how well you documented participant outcomes, and whether the expenditures supported those results.

The assurance level in a program audit varies. Some audits are financial in nature and focus on fund utilization. Others are more operational, focusing on metrics, documentation and performance measurement.

What matters most is your ability to support the claims and outcomes you report. That means maintaining up-to-date documentation, using consistent tracking systems and aligning expenditures with the goals of the funded program.

Organizations expanding their services or applying for large-scale funding should prepare to support program audits at any time. These audits not only validate your work but also build trust with current and future funders.

When done correctly, program audits can also become a strategic tool. They identify inefficiencies, improve reporting systems and help secure ongoing or renewed funding. That’s especially important as funders become more outcomes-focused and seek data-driven accountability.

Forensic audits: Responding to fraud, misconduct or financial concern

No one wants to believe fraud or financial misconduct can happen in their organization. But when suspicions arise, a forensic audit is often the most appropriate response. A forensic audit investigates specific concerns like theft, embezzlement, misreporting or violations of donor restrictions.

This type of audit is investigative by nature. It follows a trail of documentation, transactions, internal controls and personnel activity to uncover what happened, who was involved and how to mitigate risk going forward.

When is a forensic audit necessary?

• Financial discrepancies have been reported or discovered during a routine review
• Whistleblower complaints or internal concerns about misuse of funds arise
• Grant requirements were not followed and penalties or clawbacks are possible
• There is an allegation of donor or board fund misappropriation

Forensic audits require discretion, technical expertise and (often) collaboration with legal teams or law enforcement. While uncomfortable, they can be essential for restoring trust with funders, board members and the public.

They also offer lasting value. In most cases, the findings lead to stronger governance practices, better financial controls and renewed commitment to accountability.

If your organization is facing internal concerns or unexplained financial issues, acting early is crucial. A professional forensic audit can help uncover the truth and support recovery, remediation and future prevention.

For more on your fiduciary responsibilities as a nonprofit leader, the IRS compliance guide for charities is a valuable resource.

Choose the right audit for your nonprofit’s next step

Each type of audit serves a different purpose, be it navigating federal grant compliance, working to increase donor confidence, or addressing an internal concern. The right audit can provide peace of mind, support growth, guide better decision-making and position your organization for greater impact.

At James Moore, we work with nonprofit leaders every day to assess audit needs and develop tailored assurance services that balance cost, compliance and stakeholder expectations. We take the time to understand your goals, funding sources and operations to help you stay accountable and move forward with confidence.

If you’re not sure what level of assurance your organization needs or facing a new compliance threshold, we’re here to help. Contact a James Moore professional to schedule a conversation about how our nonprofit assurance services can support your mission.

 

 

All content provided in this article is for informational purposes only. Matters discussed in this article are subject to change. For up-to-date information on this subject please contact a James Moore professional. James Moore will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within these pages or any information accessed through this site.