When Your Nonprofit Needs an Audit Committee (and What It Does)

The term "audit committee" sounds like something that belongs in a large corporation, not a small nonprofit with six staff and a working board. For many small nonprofits, that instinct is right — a formal audit committee isn't necessary or even practical. But the function an audit committee serves is important regardless of organizational size, and ignoring it entirely creates real governance gaps.

Here's how to think about what the function actually requires, and when a formal committee becomes the right answer.

What an audit committee does

An audit committee's job is to provide independent oversight of the organization's financial reporting and audit process, on behalf of the full board. It sits between the auditors and the board, ensuring that the people responsible for reviewing financial controls aren't also the people responsible for the finances themselves.

Specifically, the audit committee (or whoever performs this function) typically:

• Selects and oversees the external auditor, managing the engagement on the board's behalf
• Reviews the draft audit report before it goes to the full board, ensuring that findings and management letters are understood and addressed
• Ensures that management has responded adequately to any findings or recommendations from the audit
• Reviews the organization's internal financial controls and considers whether they're adequate
• Provides a confidential channel for staff or others to raise financial concerns — a key element of whistleblower protection
• Approves the audit engagement letter and scope of work

The critical independence requirement: audit committee members should not include the executive director or any staff member, and ideally should not include any board member who has a significant financial relationship with the organization. The committee's value comes from its independence from both management and the rest of the board's financial decisions.

Who actually needs a formal audit committee

Several factors push an organization toward establishing a formal audit committee:

Audit requirement. If your organization conducts an annual independent audit, you need some body to oversee it. The audit committee is the standard answer. At larger organizations and those receiving federal funding, this is often a legal or grant requirement.

State law. Several states now require certain nonprofits to have an audit committee or equivalent oversight function. California, for example, requires nonprofits with revenues over $2 million that are required to file audited financial statements to have an audit committee. Check your state's requirements through the National Council of Nonprofits' state-specific guidance.

Federal funding. Organizations receiving significant federal funding (generally over $750,000 per year) are subject to the Uniform Guidance, which has specific requirements around financial oversight, including audit-related responsibilities that are typically assigned to a board committee.

Board size and complexity. When the full board is large enough that not every member has strong financial literacy, a dedicated committee that reviews the audit in detail before the full board meeting allows the board as a whole to make informed decisions without everyone needing to become experts.

When a formal committee isn't necessary — and what to do instead

For small nonprofits conducting reviews rather than full audits, and those not subject to state audit committee requirements, a formal standing audit committee may be unnecessary overhead. That doesn't mean the oversight function disappears.

The finance committee can absorb the audit oversight function, as long as its membership satisfies the independence requirements. If your finance committee includes the executive director (as many do), you'll need to restructure its participation in audit oversight specifically — the ED should be a resource during the audit process, not a decision-maker in oversight of it.

Some small nonprofits designate two or three board members to serve as an ad hoc audit oversight group each year, assembled specifically for the audit cycle and dissolved once the audit is complete. This meets the functional requirement without creating a permanent standing committee.

Whatever structure you choose, document it. The IRS Form 990 asks whether the organization has an audit committee or whether the full board performs this function. Having a clear, documented answer is part of your compliance picture. For more on what the 990 asks about governance, see nonprofit board compliance: what you actually need to track.

Working with the auditor

The audit committee's relationship with the external auditor is one of its most important functions. A few things that make this work well:

Auditor independence. The committee, not management, should be the primary point of contact for the auditor during the engagement. Management provides information; the committee provides oversight. If the auditor has concerns they want to raise independently of management, the committee is the right channel.

Management letter. Most audits produce a management letter alongside the formal audit report. This letter identifies weaknesses in internal controls or other areas for improvement that didn't rise to the level of a formal finding. Take it seriously. The committee should track each item in the management letter, ensure management responds with a specific plan, and follow up at the next audit.

Auditor rotation. Most governance guidance recommends rotating the lead audit partner (or the audit firm itself) every five to seven years to maintain independence. The committee is responsible for this decision.

Scope and fees. The committee reviews and approves the engagement letter that defines the scope and cost of the audit before management signs it. This ensures the board has visibility into what's being contracted, not just what's being reported.

Connecting audit oversight to the broader financial picture

Audit oversight doesn't exist in isolation. It's one part of the board's broader financial oversight responsibility, which also includes budget approval, financial statement review, and the treasurer's ongoing monitoring role.

For how the treasurer's role connects to the audit process, see what the board treasurer actually does. For how the finance committee fits into the overall committee structure, see how to structure committees that actually do work. And for how to make sure your full board can engage meaningfully with financial reports, see how to read nonprofit financial statements as a board member.

The goal isn't bureaucratic compliance — it's a board that actually understands the organization's financial position and can catch problems before they become crises. An audit committee, or its functional equivalent, is one of the more reliable ways to build that capacity into your governance structure.