Nonprofit Audit Requirements: When They Apply and How to Prepare

Nonprofit audits are independent examinations of an organization's financial statements conducted by a licensed certified public accountant. Federal grant agreements, state charitable registration laws, and internal board policies each generate distinct audit obligations that apply at different revenue and expenditure thresholds. Understanding when an audit is required — and how it differs from a review or compilation — is foundational to nonprofit financial management and directly affects the range of compliance obligations that governance leaders must track.

Definition and scope

An independent audit produces an opinion letter from a CPA stating whether an organization's financial statements are presented fairly and in conformity with generally accepted accounting principles (GAAP). The audit scope is governed by auditing standards — primarily the American Institute of Certified Public Accountants (AICPA) standards and, for federally funded entities, Government Auditing Standards published by the U.S. Government Accountability Office (GAO), commonly called the "Yellow Book."

Audits differ from two less rigorous engagements:

• Review: A CPA performs analytical procedures and inquiries but does not verify underlying transactions. A review provides limited assurance, not positive assurance.
• Compilation: A CPA assembles financial statements from client-provided data without verifying accuracy. No assurance is provided.

The distinction matters because state regulators and federal awarding agencies specify which engagement level satisfies their requirements. Submitting a review when an audit is mandated is a compliance deficiency.

How it works

A standard nonprofit audit proceeds through five phases:

1. Engagement letter and planning — The CPA documents scope, timing, and fee. The organization provides prior-year statements, the chart of accounts, and a list of restricted grants.
2. Risk assessment — The auditor identifies material accounts and control weaknesses, such as inadequate separation of duties over cash disbursements.
3. Fieldwork — The auditor tests transactions, confirms bank balances, reviews board minutes, and examines grant agreements. For organizations receiving $750,000 or more in federal awards in a single fiscal year, the engagement escalates to a Single Audit under the Uniform Guidance (2 C.F.R. Part 200), which adds a separate audit of federal program compliance.
4. Draft findings and management letter — The CPA issues a draft opinion and a management letter noting internal control deficiencies. Leadership responds in writing to each finding.
5. Final report — The signed audit report, financial statements, and management letter are delivered. Single Audit packages must be submitted to the Federal Audit Clearinghouse within 30 days of the auditor's report date, or within nine months of the fiscal year end, whichever is earlier (2 C.F.R. § 200.512).

Common scenarios

Federal grant recipients: The $750,000 Single Audit threshold is the most widely encountered trigger. An organization receiving $600,000 from one federal agency and $200,000 from another in the same fiscal year crosses the threshold because the test is cumulative across all federal awards, not program-by-program.

State law requirements: At least 39 states and the District of Columbia impose independent audit or review requirements on charitable organizations as a condition of charitable solicitation registration, with thresholds varying by state (National Council of Nonprofits, Charitable Registration). California requires audited financial statements for organizations with gross revenues exceeding $2 million (California Government Code § 12586). New York requires an audit when revenues exceed $750,000 (N.Y. Exec. Law § 172-b). Organizations registered in multiple states must satisfy the strictest applicable threshold. The nonprofit state charitable solicitation registration framework provides state-by-state context.

Lender and foundation requirements: Private foundations and institutional lenders frequently require audited financials as a condition of a grant award or loan agreement, regardless of revenue size. A community foundation, for instance, may set a $500,000 annual revenue floor for grantees.

Board-initiated audits: Boards may require annual audits in the nonprofit's bylaws or financial policies independent of any legal trigger — particularly after a leadership transition, a fraud incident, or a major capital campaign. The nonprofit board of directors carries fiduciary responsibility for this oversight function.

Decision boundaries

The table below summarizes the three primary trigger categories:

Organizations that fall below all statutory thresholds but receive restricted grants should still review grant agreement language carefully. A single contract clause requiring audited financials overrides the absence of a statutory mandate.

Preparation discipline separates organizations that pass audits cleanly from those that accumulate findings. Core preparation practices include maintaining a reconciled general ledger throughout the year (not only at year-end), documenting board approval of the annual budget and compensation decisions in minutes, retaining all grant award letters and drawdown reports in a single repository, and separating authorization from disbursement duties across at least two staff members. The nonprofit financial statements framework and nonprofit document retention policy together establish the recordkeeping foundation auditors expect to find in place before fieldwork begins. Organizations that receive nonprofit grants from federal or state sources should map each award to the applicable federal program cluster at the start of the fiscal year, enabling the Single Audit schedule of expenditures of federal awards (SEFA) to be compiled without delay.

For a complete orientation to governance and compliance expectations across the sector, the nonprofit organization resource index provides structured access to the full reference framework.