Always Add Written Management Responses When There Are Audit Findings

ArticlesIntro to SE4N - Fiscal
Written By A. Michael Gellman (CPA, CGMA)

Audit findings are not unusual. Most nonprofit organizations will have many more years with audit findings reported by their auditors than years for which there are no findings. Audit findings tend to produce feelings of negativity and thoughts that something is wrong. Adding thoughtful written management responses will turn negative feelings into positive and constructive actions.

Financial statement audits are time intensive, comprehensive, stressful, and expensive. To make the most of the efforts and resources applied, consider certain key inflection points that could be better optimized to ensure the best results possible are realized from your financial statement audit process. One of those key inflection points surrounds the AU-C Section 265 management letter from your auditors communicating internal control related matters.

AU-C Section 265.06 states that “[t]he objective of the auditor is to appropriately communicate to those charged with governance and management deficiencies in internal control that the auditor has identified during the audit and that, in the auditor's professional judgment, are of sufficient importance to merit their respective attentions.”

Note that the emphasis is to “communicate to those charged with governance and management.” There is no specific guidance beyond communication of findings by the auditors to management. By adding a written management response, the organization actively participates in and improves the audit process.

Apply these three strategies related to providing written management responses.

1. Update your accounting policies and procedures manual and audit committee checklist

Add providing written management responses to audit findings to the accounting policies and procedures manual for management and staff and the oversight checklist for the audit committee to complete each year. These steps will make sure written management responses will be provided consistently when needed.

2. Communicate with your auditors

Inform the auditors of your request to provide written management responses to internal control audit findings during the front-end audit planning process and at the risk assessment meeting with your auditors. Let them know that you want the written management responses to be listed sequentially after each finding in the AU-C Section 265 management letter. As we mentioned in Q&A #39, when the auditors know that a management response will follow each finding, auditors will think twice about the selection of audit findings and timing of related communications before proceeding to a final conclusion.

3. Develop guidelines for written management responses

Develop guidelines for providing written management responses to audit findings that include:

Positive Responses with a corrective action plan (CAP) that includes management concurrence with the finding and what steps management plans to put in place to satisfy or correct the issue.

Negative Responses where management does not necessarily agree with the finding or sees no alternative efficient course of action. Include an explanation of why no changes are being implemented. An example of this would be a segregation of duties issue at a small-staffed nonprofit, which tend to be especially challenging to address.

Neutral Responses with deferral of action pending an event, gathering of more information, or other circumstances under which the organization expects changes in the future that will impact the finding but cannot implement actions at this time. An example of this occurred during COVID-19, where remote working became temporarily necessary. Some internal control procedures designed for in-person work were perceived as deficient in a remote workplace environment. A neutral response would be appropriate in this situation to document that the organization expects to return to in-person working in the future.

Planning Tip – Provide educational information related to audit findings to your audit committee, Board of Directors, senior management, and staff. Explain why audit findings appear, that findings are not always related to errors or missteps, and that audit findings can generally lead to improvements in internal accounting control systems (IACS) that will enhance protection of assets and promote more efficient use of resources.

Having robust systems, guidelines, and procedures in place to address audit findings demonstrates that the organization’s volunteer leadership and senior management are working together to safeguard assets and advance the efficient use of resources. Further, as we discussed in Q&A #39, any finding ultimately listed in the management letter will appear in a better light if followed by a thoughtfully written management response.

Print Friendly and PDF
A. Michael Gellman (CPA, CGMA)
Previous

Q&A #56 – Who should fill out an organization’s annual conflict of interest disclosure statement?
Next

Q&A #55 – What Board members are considered independent for purposes of reviewing executive compensation?