Skip Ribbon Commands
Skip to main content

​Best-in-class personal and business insurance solutions customized for CPAs, their families and firms.

Education Center

Not-For-Profit Organizations: Charity Begins at Home

Professional Liability, Practice Management, Client Engagement Acceptance and Continuance


Executive Summary  

  • The success of not-for-profit organizations is based in part, on their compliance with applicable laws and regulations and maintenance of the trust and confidence of benefactors and other funding sources.
  • CPAs, boards of directors, corporate officers, and other professionals have an important role to play in ensuring that NFPs have and follow appropriate business, financial, and accounting practices and procedures.
  • CPAs must be pro-active in establishing and maintaining open communications with NFP boards of directors. Reporting matters of concern to the board in a timely manner, especially when potential fraud is present, is critical to a firm’s liability risk management.
  • Evaluating NFP governance procedures should be an important aspect of a CPA firm’s new client/engagement evaluation process.

Many CPAs provide professional services to not-for-profit (NFP) organizations. Services generally include traditional practice areas, such as audit, attestation, tax, bookkeeping, and consulting services. Some firms specialize in serving particular niches, such as hospitals and health care institutions, while others serve local charities and social service organizations as a means of supporting their local community. Many CPAs view these client relationships as "low risk" and price their services competitively to keep professional staff busy during slow periods. However, 6% of all audit-related claims in the AICPA Professional Liability Insurance Program originate with NFP clients. NFP claims also arise from tax engagements.


The Environment


Charities and other NFP organizations receive billions of dollars annually from individual donors, corporations, foundations, government-sponsored grant programs, and others. To maintain their funding and provide program services, NFPs must maintain the trust and confidence of their benefactors. This is accomplished in part by complying with applicable laws, regulations, funding, and grant terms stipulated by donors, supporters, and government-sponsored programs. While these are the responsibilities of the boards of directors and corporate officers of the NFP, CPAs play an important role by providing advice and assisting clients in completing required forms and applications, and by informing management of accounting, tax, and compliance issues that come to their attention while performing professional services.


Many NFP organizations have few full and part-time paid employees who perform program, administrative, and oversight functions, and instead rely on a corps of volunteers. As a result, supervision, separation of duties, and internal control measures are often lacking.


NFPs are under increased scrutiny, as the public has learned of wrong-doing, excessive executive compensation, and spending excesses within these organizations. While the Sarbanes-Oxley Act of 2002 (SOX) applies to public companies rather than NFP organizations, some of its provisions are being viewed by NFP boards of directors and others as appropriate practices for NFP organizations.


Passage of the American Recovery and Reinvestment Act of 2009 established quarterly reporting and other requirements on NFP organizations receiving federal contracts, grants and loan awards. While it did not change the need for A-133 single audits, it did increase the need for consulting services among NFPs in the area of compliance.


Form 990 was revised in 2008 to obtain more information from NFPs and IRS audits of exempt organizations have also increased. Tax exemptions are also under scrutiny by state and local governments, as they seek additional tax revenues. To enforce compliance with filing obligations by NFPs, The Pension Protection Act of 2006 requires the IRS to automatically revoke exempt status for organizations that have not filed Form 990 for three years. Along with the focus on the tax exempt status of NFPs, executive compensation has come under close scrutiny by both the media and various state governments.


These activities create new business opportunities for CPA firms while at the same time raising the stakes for their not-for-profit clients. The risks of losing state and federal funding, donor contributions and tax exempt status have all been elevated, in part due to the downturn in the U.S. economy.


Malpractice Claims Against CPAs


NFP malpractice claims against accountants tend to fall within three basic categories:

  • Allegations that the accountants failed to detect and report an ongoing fraud or embezzlement by management or bookkeeping personnel to the board of directors.
  • Allegations that the accountants failed to detect and report evidence of non-compliance with applicable tax or financial statement filing obligations, regulations, funding, and grant terms to the board of directors.
  • Allegations of accounting or auditing errors, leading to incorrect bookkeeping records (i.e. general ledgers) or materially misstated financial statements.  

Notwithstanding the fact that these entities frequently have poorly maintained records and weak or nonexistent internal controls, most claims also allege that the accountants failed to alert the board of directors to these problems, thereby preventing the board or others charged with governance from:

  • Addressing fraud and embezzlement problems as soon as possible and limiting potential losses in subsequent periods.
  • Avoiding the loss of funding due to compliance problems or decreased confidence in the organization due to accounting deficiencies.
  • Protecting the NFP’s tax-exempt status.

Investigations of audit claims sometimes reveal significant deficiencies in the work performed by auditors, particularly when a client is small and an audit is only required to comply with funding or grant requirements. Such entities may budget only a few thousand dollars per year for the audit work, and their accounting records are often in disarray.


Nevertheless, in part to keep staff working and in part as a service to the community, some CPA firms accept engagements under these terms and cut corners on the presumption that there is little risk associated with such engagements. Typical deficiencies in audit engagements include inadequate analytical testing, acceptance of end-of-period adjusting entries without adequate support or explanation by management, and failure to conduct inquiry regarding significant changes in expenses.  


Theft of funds within NFP organizations is a common problem facilitated by both poor oversight and controls and, unfortunately, an increasing lapse in ethical conduct by those in a position to defraud the organization. While the responsibilities of an auditor certainly do not extend to preventing fraud within a client organization, documentation of communications with the board of directors regarding the need to implement and maintain adequate internal controls and to address obvious control weaknesses is critical to the defense of an audit malpractice claim.


Additionally, with respect in particular to small NFP organizations, auditors run the risk of jeopardizing their independence when clients have not maintained up-to-date accounting records and demand that the auditor complete the accounting work because they have no employee qualified to do so.


While the adequacy of work done is often questioned in audit claims, allegations in bookkeeping claims typically center around the accountant's failure to detect an ongoing pattern of improper payments to third-party vendors, untimely processing of and/or inadequate controls over the receipt of charitable contributions, and the use of entity funds to pay the personal expenses of employees and officers of the entity. While accountants often view bookkeeping services as a ministerial service, in a not-for-profit organization, members of the board of directors often view the independent accountant as a watchdog over the activities of a largely unsupervised executive director of the organization.


Liability Risk Management for NFP Engagements


Managing risk in NFP engagements comes down to several basic practices: client and engagement acceptance and continuance, quality control, and effective oral and written client communications. The following risk management procedures are recommended when serving NFP organizations:


Follow established client and engagement acceptance procedures
Firms should adhere to their new client/engagement review and acceptance procedures. Procedures should not be abbreviated because the prospective client is a NFP. Background checks should be considered for key officers, employees, and members of the board of directors. Regardless of the circumstances leading to the engagement of a new CPA firm, communicate with the predecessor CPA firm about the organization and the predecessor’s work. Sufficient inquiry should be conducted to determine the qualifications of the entity's accounting personnel, the status of required tax filings and accounting records, and the existence of and application of basic internal controls. References from the NFP should be obtained and checked.

Evaluate client governance

The NFP’s governance structure and practices, especially at the board of director level, should be considered prior to acceptance of an engagement. An evaluation of the practices followed by the board in overseeing the activities of the executive director/CEO and other key personnel should be conducted. Likewise, the firm should ask about board oversight of executive compensation and benefits, financial controls and reporting, and conflict of interest policies.



Evaluate client and engagement continuance annually
Both clients and engagements change over time. Corporate governance and client and engagement review procedures should be considered annually. In an engagement that includes tax or audit services, these matters should be considered several months prior to the time annual work begins. In the event a relationship must be terminated, this provides the client with adequate time to engage a new firm.


Evaluate fraud risk
Failure to detect and report embezzlement or financial statement fraud committed by client employees is the most prevalent cause of CPA malpractice claims arising from NFP engagements in the AICPA Professional Liability Insurance Program, regardless of the level of financial statement service. Contributing factors include a lack of internal controls, segregation of duties, and oversight of bookkeeping and treasury-related functions. One recurring factor is an executive director/CEO who has the ability to circumvent established procedures without the board's knowledge, and a hands-off board of directors that is only involved in fund-raising. In this regard:

  • Maintain an inquisitive and skeptical attitude in performing all services. If requested information, explanations, or documentation is missing or not provided to you, pursue the matter until you are satisfied.
  • Be pro-active in establishing and maintaining communications with the board of directors. Even though your primary contact may be with the executive director/CEO for purposes of performing accounting, attest, or tax services, you should make your engagement arrangements with the board and report on the completion of your work to the board. 
  • Before an engagement is complete, consider requesting a meeting with the board to report on the preliminary status of your work, any preliminary findings and observations, and any difficulties (for example, lack of cooperation from NFP employees, insufficient documentation, incomplete records, etc.) encountered in performing your work. Always extend this invitation to the entire board rather than select members, as allegiances between the executive director and individual board members could otherwise interfere with your ability to communicate findings to the full board.  
  • Report unexplained transactions and missing documentation to the appropriate level of management/board of directors of the NFP in accordance with professional and regulatory standards and guidance in a timely manner. Always communicate your preliminary findings/observations to at least one management level above the level where the problem was detected. If a timely response is not received, or the response appears to be inaccurate or incomplete, do not hesitate to provide this information directly to the board. If the organization receives funding or grants from government agencies or other private organizations, consider the impact of your findings on the need to report to such third parties.
  • Always use an engagement letter addressed to the board of directors or audit committee to document engagement scope, client and firm responsibilities, and other arrangements.
  • When performing attest services, consider and comply with the requirements of AICPA Ethics Interpretation 101-3, Performance of Nonattest Services. NFPs often need accounting and other services, which if performed, could impair the firm’s independence.

Performing services for NFPs, particularly charitable organizations, can be both profitable for the firm and an effective way to support local community interests.  However, every professional engagement, even if performed at a reduced fee, requires the full focus and commitment of the firm. Failing to do so increases your risk of errors and malpractice claims.

Additional Resources

  • Best Practices for Exempt Organizations and Form 990, By Jean Gordon Carter, Journal of Accountancy, September 2010 
  • Keeping Fraud in the Cross Hairs, by Kim Nilsen, Journal of Accountancy, June 2010      
  • Not-for-Profit Organizations Industry Development – Audit Risk Alert, AICPA, available at
  • Not-for-Profit Entities, AICPA Audit and Accounting Guide, AICPA, available at
  • Guide to Fraud in Governmental and Not for Profit Environments, by Linda Dennis, available at
  • AICPA Audit Committee Toolkit – Not-for-Profit-Organizations, AICPA, available at
  • Accounting and Reporting Practices of Not-For-Profit Organizations, AICPA, available at
  • Not-For-Profit Audit Committee Best Practices, AICPA, available at
  • Preventing and Detecting Fraud in Not-For-Profit Organizations, Keller & Owens, LLC, available at

Updated March 2012



Accountants Professional Liability Risk Control, CNA, 333 South Wabash Avenue, 39S, Chicago, IL 60604.

This information is produced and presented by CNA, which is solely responsible for its content.

The purpose of this article is to provide information, rather than advice or opinion. It is accurate to the best of the authors’ knowledge as of the date of the article. Accordingly, this article should not be viewed as a substitute for the guidance and recommendations of a retained professional. In addition, CNA does not endorse any coverages, systems, processes or protocols addressed herein unless they are produced or created by CNA. CNA recommends consultation with competent legal counsel and/or other professional advisors before applying this material in any particular factual situations.

Any references to non-CNA websites are provided solely for convenience, and CNA disclaims any responsibility with respect to such websites.

To the extent this article contains any examples, please note that they are for illustrative purposes only and any similarity to actual individuals, entities, places or situations is unintentional and purely coincidental. In addition, any examples are not intended to establish any standards of care, to serve as legal advice appropriate for any particular factual situations, or to provide an acknowledgement that any given factual
situation is covered under any CNA insurance policy. Please remember that only the relevant insurance policy can provide the actual terms, coverages, amounts, conditions and exclusions for an insured. All CNA products and services may not be available in all states and may be subject to change without notice.

IRS Circular 230 Notice: The discussion of U.S. federal tax law and references to any resources in this material are not intended to: (a) be used or relied upon by any taxpayer for the purpose of avoiding any federal tax penalties; (b) promote, market or recommend any products and/or services except to the extent expressly stated otherwise; or (c) be considered except in consultation with a qualified independent tax advisor who can address a taxpayer’s particular circumstances.

Continental Casualty Company, one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program.

CNA is a registered trade mark of CNA Financial Corporation. Copyright © 2012 CNA. All rights reserved.