Your Guide to Not For Profit Audit Requirements in 2026
Struggling with not for profit audit requirements? Our guide clarifies federal and state thresholds, preparation steps, and how to avoid common audit findings.

The main reason your nonprofit might need an audit comes down to money—specifically, hitting certain financial thresholds set by government funders. If your organization spends more than a set amount of federal or state dollars in a year, an audit isn't just a good idea; it's a requirement.
What Triggers a Nonprofit Audit

For a lot of nonprofit leaders, just hearing the word "audit" can be stressful. It brings to mind a complicated, expensive process that seems reserved for massive institutions. But the reality is much more straightforward. Whether you need a not for profit audit is usually determined by where your funding comes from and how much of it you spend.
Think of it from the funder's perspective. Government agencies and large foundations need to be sure their money is being used correctly and for its intended purpose. An independent audit is the gold standard for providing that assurance.
Federal vs State Thresholds
Most often, the need for an audit is triggered by government funding rules, which operate on two main levels: federal and state.
Federal Requirements: If your nonprofit spends a certain amount of federal money in one year, you’re required to get a specific, in-depth audit known as a "Single Audit." The federal government recently raised this threshold from $750,000 to $1 million for awards issued after October 1, 2024. This is great news for some smaller organizations that might no longer need this intensive review, but for those crossing that new line, it means expectations for precise financial tracking are higher than ever.
State Requirements: This is where things get tricky, as every state has its own set of rules. For example, one state might mandate an audit if your total annual revenue tops $500,000, while its neighbor might not require one until you hit $2 million. And these rules often apply to your total revenue, not just government grants.
A good way to think about it is that federal rules are like the national speed limit on the interstate, while state rules are the different speed zones you find in each local town. You have to follow both to stay compliant.
Other Common Audit Triggers
While government funding thresholds are the biggest driver, they aren't the only reason you might need an audit. Even if you don't hit those financial marks, an audit could still be on your to-do list. The principles behind audit requirements are fairly universal, and it can be interesting to see how they apply elsewhere; for example, you can see how requirements are structured in other countries by looking at a guide like, Do you need a company audit in the UK?.
Here are a few other common triggers to watch out for:
- Funder Mandates: A major foundation or a corporate sponsor might write an annual audit into their grant agreement as a non-negotiable condition, no matter your organization's size.
- Lender Covenants: If your nonprofit has taken out a loan, the bank or lending institution will likely require an annual audit to confirm your financial health and ability to repay the debt.
- Organizational Bylaws: Sometimes, the requirement comes from within. Your own governing documents might state that an audit must be performed each year to ensure transparency for the board and your supporters.
Choosing the Right Level of Financial Scrutiny
Many nonprofit leaders treat the word "audit" as a catch-all term for any kind of financial check-up. But in reality, there are three distinct levels of scrutiny, and knowing the difference is crucial. Making the right choice hinges on your budget, bylaws, and what your funders are asking for, ensuring you meet all not for profit audit requirements without paying for more than you need.
I often tell clients to think of it like a home inspection. A full audit is a deep, structural investigation from the foundation to the roof. A review is more like a walk-through, checking that the major systems like plumbing and electrical seem to be in working order. And a compilation? That’s like having someone neatly organize your appliance manuals and utility bills into a binder. Each serves a purpose, but they provide very different levels of confidence.
To quickly see how these services stack up against one another, this table provides a high-level comparison.
Audit vs Review vs Compilation a Snapshot for Nonprofits
| Service | Level of Assurance | Auditor's Work | Best For |
|---|---|---|---|
| Compilation | None | Assembles your financial data into standard statements. No verification or testing performed. | Small nonprofits needing formatted financials for internal board meetings. |
| Review | Limited | Conducts inquiries and analytical procedures to see if financials are plausible. | Mid-sized nonprofits needing some assurance for banks or certain grantors. |
| Audit | Highest | Performs in-depth testing, confirms balances, and evaluates internal controls. | Organizations that must meet federal/state funding thresholds or want maximum stakeholder confidence. |
Understanding these distinctions helps you have a much more productive conversation when you start looking for a CPA firm.
Compilation: The Basic Assembly of Financials
Let's start with the most basic service a CPA can offer: a compilation. Here, the accountant takes the financial data you provide and simply arranges it into a proper financial statement format.
The most important thing to know is that a compilation provides no assurance. The CPA isn't double-checking your numbers, testing your controls, or verifying anything. They are purely taking your information and presenting it correctly.
To put it another way, a compilation is like asking a contractor to organize your receipts and material costs into a simple budget spreadsheet. They aren't checking if you paid the right price or if the materials are high-quality; they're just organizing the information you gave them.
This is a perfectly fine option for very small nonprofits that need clean financial statements for internal management or board discussions but have no outside pressure for a higher level of assurance.
Review: A Limited Assurance Engagement
Moving up the ladder, we have the financial review, which offers limited assurance. This is a significant step up from a compilation. In a review, the CPA performs analytical procedures and asks probing questions to see if your financial statements are plausible and free from obvious, major errors.
During a review, an auditor will spend their time on things like:
- Analyzing your financial data to spot unusual trends or significant variances.
- Inquiring with your team about key accounting practices and policies.
- Comparing your current numbers against prior periods and your budget.
What they won't do is test your internal controls, dig into stacks of invoices, or confirm balances with your bank. Think of it as a "sniff test"—they're checking to see if the numbers make sense on the surface, not doing a deep dive to prove they are 100% correct. Many grantmakers and banks will accept a review, and for some, it's the right balance of cost and credibility. You can find more on the specific audit needs of smaller organizations in our dedicated guide: https://www.fundsprout.ai/resources/audit-for-small-organizations.
Audit: The Gold Standard of Assurance
Finally, we have the full audit. This is the most intensive and thorough engagement, providing the highest level of assurance. An audit is a deep examination where the CPA performs extensive work to give a formal opinion on whether your financial statements are fairly and accurately presented. Before getting into the weeds of an audit, it’s helpful to have a strong handle on the basics of accounting for Not-for-Profit Organisations.
An audit includes everything done in a review, but then goes much, much further. Expect the auditors to be:
- Testing the design and effectiveness of your internal controls.
- Independently verifying account balances with outside parties, like your bank or donors.
- Physically inspecting tangible assets, if you have them.
- Examining original source documents, such as contracts, invoices, and bank statements.
This rigorous process is precisely why a full audit is the standard for meeting most state and federal funding requirements. It gives your board, your funders, and the public the greatest possible confidence in your financial health and integrity.
Navigating Federal and State Audit Thresholds
For any nonprofit leader, one of the most critical jobs is understanding the financial tripwires that trigger an audit. These aren't just arbitrary numbers; they're specific thresholds set by government bodies to make sure public and private funds are being handled responsibly. Getting this wrong can lead to serious compliance headaches, funding delays, and even penalties.
The big one you’ll hear about most often is the federal Single Audit. This is a comprehensive, organization-wide audit that becomes mandatory once your nonprofit expends a certain amount of federal money within your fiscal year.
The Federal Single Audit Explained
For a long time, the threshold for a Single Audit was $750,000 in federal expenditures. But things are changing. For federal awards issued on or after October 1, 2024, that number is jumping to $1 million. This change gives some breathing room to smaller organizations, but it also means that those hovering around the new mark need to be more meticulous than ever.
So, what exactly counts as "federal awards expended"? It’s more than just the cash you receive. Think of it as the total value of all federal resources you've put to use during your fiscal year. This can include:
- Direct cash from federal grants
- The value of federal property you've received (like equipment or buildings)
- Food commodities you've distributed
- The face value of federal loans or even loan guarantees
Imagine a community center receives a $600,000 grant from the Department of Health and Human Services and a separate $500,000 grant from the Department of Education. If they spend $450,000 from the first grant and $550,000 from the second within their fiscal year, their total expenditure is $1 million. That's what triggers the Single Audit.
I’ve seen it happen time and again: organizations wait until the end of the year to add up their federal spending. That’s a recipe for a last-minute scramble. The only way to stay ahead is to track these expenditures in real time so you can see the threshold approaching and prepare accordingly.
This flowchart can help you visualize where you might land based on who is asking for financial information and how much assurance they need.

As you can see, a full-blown audit provides the highest level of assurance, which is why it's typically reserved for situations where government funders or major grantors demand it.
State-Level Audit Requirements: A Mixed Bag
Here’s where it gets tricky. While the federal rule is the same for everyone, state requirements are all over the map. Each state has its own laws, creating a complex web of compliance, especially for nonprofits operating in more than one state.
A key difference is what triggers the audit. The federal Single Audit is based on federal expenditures. In contrast, most state requirements are triggered by your organization's total annual revenue, regardless of where it came from. This means you could have zero federal funding and still be required by your state to conduct a full audit.
Let’s look at how wildly this can vary from state to state:
California: Any nonprofit required to register with the Attorney General must file an audited financial statement if its gross revenue hits $2 million or more.
New York: The requirements here are tiered. You'll need an independent CPA’s review if your gross revenue is between $250,000 and $1 million. Once you cross $1 million, a full audit is mandatory.
Texas: The Lone Star State is generally more relaxed. There isn't a statewide audit requirement based on a simple revenue threshold for most charities, though specific state contracts or grant programs can—and often do—require one.
These examples show just how important it is to know your local rules. The compliance plan for a nonprofit in Austin is going to look very different from one in Albany. Your best bet is to check directly with your state's Attorney General or the agency that regulates charities to get the exact not for profit audit requirements that apply to you.
Your Step-by-Step Audit Preparation Timeline

Let's be honest—the thought of an audit can be nerve-wracking. But from my experience, the nonprofits that sail through it are the ones that start early and stay organized. The key is to stop thinking of it as a single, overwhelming event and start seeing it as a predictable project with clear phases.
Cramming for an audit simply doesn’t work. Instead, we're going to walk through a simple timeline that breaks everything down, starting a full six months before the auditors even walk through your door. This approach turns a mountain of stress into a series of manageable steps.
Phase 1: Pre-Planning (Six Months Out)
The best audit preparation begins long before your fiscal year even closes. This early stage isn't about pulling documents; it's about laying the groundwork, getting your team aligned, and making sure you have the right experts in your corner.
Your main job here is to lock in your audit firm and get on the same page about their expectations. If you’re hiring a new firm, this is your interview and selection window. If you’re sticking with your current auditors, it's time to sign the new engagement letter and get a planning meeting on the calendar.
Here’s your checklist for this phase:
- Confirm Your Auditor: Get that official engagement letter signed with your chosen CPA firm. This document is your contract—it spells out the scope of work, the timeline, and, importantly, the cost.
- Hold a Planning Meeting: This is a crucial conversation. Sit down with the audit team to discuss key dates, flag any big changes from last year (like new major grants or programs), and identify potential risk areas upfront.
- Request the PBC List: Ask for the "Prepared by Client" (PBC) list as soon as you sign the engagement letter. This is the auditor's master checklist of every single report and document they'll need from you.
The single best piece of advice I can offer is to get that PBC list six months in advance. It's your roadmap for the entire process. It tells you exactly what you need to gather, where to find it, and who on your team should own it, practically eliminating any last-minute scramble.
Phase 2: Document Gathering (Three Months Out)
Once your fiscal year has wrapped up, the real work begins. This is when you roll up your sleeves and start methodically working through that PBC list. The goal is to ensure every number in your financial records is complete, accurate, and has a clear paper trail.
Think of it this way: auditors need to verify, not just trust. Every transaction needs evidence. Your job during these three months is to pull together that proof.
Break down the PBC list and delegate tasks across these key areas:
- Reconcile All Accounts: Make sure every penny in your internal books matches the statements from your banks, credit cards, investment accounts, and any outstanding loans. Now is the time to hunt down and fix any discrepancies.
- Gather Grant Agreements: Pull together every new grant agreement and funding contract you signed during the year. Auditors will read these carefully to check for donor restrictions and compliance requirements. Using specialized grant compliance tracking software can be a lifesaver here, keeping everything organized in one place.
- Compile Payroll and Expense Reports: Get your payroll registers, W-2s, 1099s, and all supporting documentation for major expenses organized. Be ready to explain and provide backup for any large or unusual payments.
Phase 3: Final Preparations (One Month Out)
You're in the home stretch. The final month before the audit's "fieldwork" phase is all about review, refinement, and final touches. This is your last chance to spot-check your own work, tie up loose ends, and prepare your staff for the visit.
By now, you should have almost everything on the PBC list checked off. The focus shifts from gathering to quality control. It’s also time to make sure your leadership team and board are looped in and ready.
Your final to-do list before the auditors arrive:
- Review Financial Statements: Have your internal finance lead do a final, thorough review of the draft financial statements and all the schedules you’ve prepared. Look for consistency and accuracy.
- Prepare Your Workspace: Set aside a quiet, comfortable space for the auditors to work. Make sure they have reliable Wi-Fi and everything else they need to be productive. A happy auditor is an efficient auditor.
- Schedule Key Personnel: Check the calendars of your CEO, CFO/Director of Finance, and key program managers. You need to ensure they are available and accessible to answer questions when the auditors are on-site. Their availability is absolutely critical to keeping the process moving smoothly.
Here’s what to expect from your nonprofit audit in 2026 and beyond.
The world of financial oversight is always evolving. What worked for auditors five years ago might not cut it today. To get through your audit smoothly, you need to know what's coming. Think of it like getting the updated rulebook before the season starts—it helps you prepare the right plays.
Staying ahead of these shifts is a huge part of meeting your not for profit audit requirements. For 2026, the biggest change is that auditors are being required to dig deeper and be more skeptical. They’ll be taking a closer look at several key parts of your finances and operations.
Heightened Scrutiny on Core Financials
The most significant changes are coming straight from new professional auditing standards. These aren't just minor adjustments; they represent a real shift in how auditors have to approach their work, and that will directly affect the questions they ask you and the documents they need to see.
For instance, new standards like SAS 149—which goes into effect for audits of periods ending on or after December 15, 2026—are pushing auditors to be much more thorough. This means they will be intensifying their checks on things like cash confirmations, fraud risks, and how you recognize revenue. You can get into the technical details by reading about these new and proposed auditing standards.
What does this mean for your team? Get ready for more direct, pointed questions.
Auditors will no longer just accept a bank reconciliation you've prepared. They'll want to see direct, third-party confirmation from the bank themselves, especially for accounts tied to specific, restricted grants. The "why" behind their requests is to get one step closer to indisputable proof.
Deeper Dives into Fraud Risk and Internal Controls
Following that same trend, expect your auditors to spend a lot more time looking at the internal controls you have in place to prevent and spot fraud. This isn't personal; it's not that they think you're up to something. It's because the new standards require them to perform these extra steps.
They’ll be especially curious about:
- Journal Entries: Who has the power to create and post journal entries? Is there a second set of eyes on unusual or last-minute adjustments? They’ll almost certainly pull a sample of entries to test this.
- Management Override: What stops a senior leader from going around the established rules? This is a classic weak spot where fraud can happen, so they’ll want to see your safeguards.
- Grant Restrictions: How do you track donor and grant restrictions to make sure you're honoring them? Auditors will want to see your exact process for releasing funds from restriction as you hit milestones.
A rock-solid conflict of interest policy is one of the best ways to show your commitment to good governance. For a step-by-step guide, see our article on creating a conflict of interest policy for nonprofits.
Cybersecurity and Board Governance
The audit isn't just about the numbers on your financial statements anymore. Auditors are now expected to consider wider organizational risks, and cybersecurity has shot to the top of the list. A major data breach can cause as much financial and reputational damage as any accounting scandal.
Auditors aren't IT experts, but they will want to know what your organization is doing to protect sensitive data, from financial records to donor information. Be prepared to talk about:
- Your official policies for data security and privacy.
- Any staff training you provide on identifying phishing scams and other cyber threats.
- The incident response plan you have in place for if—or when—a breach occurs.
Finally, they’ll be looking for signs of active and engaged board oversight. When they review your board meeting minutes, they'll want to see that the board is regularly discussing financial performance, asking tough questions, and seriously considering the results of past audits. A transparent and involved board is the final piece of the puzzle for a successful audit in 2026.
Common Audit Findings and How to Fix Them

No one enjoys seeing red marks on a report, and an audit finding can certainly feel like a bad grade. But after years of working with nonprofits, I've learned to see them differently. Think of it as getting a free consultation—an expert is showing you precisely where your financial house could be stronger.
These findings are rarely about catching someone doing something wrong. More often than not, they point to simple oversights, processes that haven't kept up with your growth, or a gap in expertise. Knowing what auditors commonly flag is the first step to getting ahead of the curve.
Inadequate Internal Controls
This is the big one. If there's a common thread in audit findings, especially for smaller organizations, it's a weakness in internal controls. This sounds technical, but it often boils down to one critical concept: segregation of duties.
An auditor will get concerned if they see one person controlling too much of a financial process. For instance, is the same person who opens the mail and logs incoming checks also the one making bank deposits and reconciling the statements? That's a huge risk for either honest mistakes or, in a worst-case scenario, fraud.
- The Fix: You don't need a huge team to fix this. Simply have one person open mail and log the checks, while a different person takes the checks to the bank. Then, a third person—maybe a board treasurer or senior manager—should be the one to review the final bank reconciliation against the original check log.
The goal is simple: no single person should control a financial transaction from start to finish. Putting a second set of eyes on each step is your best defense and the first thing an auditor will look for.
Improper Expense Allocation
Your nonprofit almost certainly shares costs like salaries, rent, and utilities across various programs and administrative overhead. That’s normal. The problem arises when there's no clear, consistent, or documented logic for how you divide up those costs.
Let's say a program director spends half her time on Grant A, a third on Grant B, and the rest on general admin tasks. If your books just split her salary 50/50 between the two grants, you're misstating your expenses. That’s a major problem, especially when not for profit audit requirements for grant reporting demand accuracy.
- The Fix: Draft a formal cost allocation plan. This document doesn't have to be complicated; it just needs to spell out your methodology. For example, you might allocate salaries based on timesheets or rent based on the square footage each program uses. Just be sure to review and update it every year so it stays relevant.
Non-Compliance with Donor Restrictions
This finding is serious. When a donor gives you money for a specific purpose, you have a legal and ethical duty to use it only for that purpose. An auditor will immediately raise a red flag if they see restricted funds mixed in with your general operating cash without a system to track them separately.
Regulators and funders are paying more attention to this than ever. A 2025 survey highlighted a tough reality: even as 86% of nonprofits celebrated revenue growth, they were also dealing with more intense oversight. This trend, which you can read more about in these 2026 nonprofit industry predictions, makes proper grant management absolutely essential.
- The Fix: Your accounting software is your best friend here. Use it to create separate classes or accounts for each major restricted grant. Your financial reports should then be able to clearly show, at a glance, how much you have in restricted funds and exactly how you’ve spent it.
Your Nonprofit Audit Questions Answered
Even with the best preparation, you’re bound to have questions as you get closer to your audit. Let's tackle some of the most common ones we hear from nonprofit leaders to clear up any lingering confusion.
How Much Does a Nonprofit Audit Typically Cost?
There's no single answer here, as audit costs can range anywhere from $10,000 to over $50,000. The final price tag really depends on a few key things: the size of your organization, how complex your programs are, the number of grants you juggle, and—most importantly—how organized your financial records are.
Think of it like this: hiring an auditor is like hiring a home inspector. If your house is tidy and well-maintained, the inspection is straightforward and quick. But if there are hidden issues and clutter everywhere, the inspector has to spend a lot more time digging around. The best way to get a handle on your potential cost is to request quotes from a few different CPA firms. Proactively ask them what you can do to make their job easier; a little prep work on your end can often lead to a lower bill.
When your financials are clean and your documentation is organized, auditors can spend less time untangling records and more time on high-value analysis. This efficiency directly translates into lower audit fees for your organization.
What Is a Management Letter?
After the audit is done, your auditor will give your board a document called a management letter. This isn’t part of the formal, public audit report. Instead, it’s a private letter that points out any weaknesses the auditor noticed in your internal controls or offers suggestions for making your operations run more smoothly.
Don’t get defensive when you receive one! You should actually welcome it—it's essentially free, high-level consulting. Your board and management team should treat this letter seriously, creating a clear plan to address every point raised. Following through shows funders and your board that you’re truly committed to good governance and continuous improvement.
Can We Use the Same Firm for Bookkeeping and Auditing?
Absolutely not. This is a bright red line in the world of accounting. Your bookkeeper prepares your financial records, while your auditor’s job is to provide an independent and objective opinion on those records.
Having the same firm do both is a major conflict of interest. It’s like a student grading their own homework—you lose all credibility. This rule is a cornerstone of the audit process, a strict not for profit audit requirement that protects the integrity of the financial review.
Staying organized enough to be "audit-ready" year-round can feel like a full-time job, especially when you're managing multiple grants. Fundsprout's platform helps you maintain a perfect audit trail by automatically tracking grant compliance and reporting deadlines. See how you can simplify your financial oversight by exploring Fundsprout.
Try 14 days free
Get started with Fundsprout so you can focus on what really matters.
