I love a good detective story. The detective is called in to a crime scene, and they are presented with a mystery, a collection of puzzle pieces that don't quite fit together. But the detective follows the clues, putting the pieces together, interviewing the suspects, and finally solves the mystery.
To an auditor, a community association's financials provide a mystery as deep and satisfying as any Sherlock Holmes novel.
A good audit can help identify and prevent fraudulent activity. It can prevent small mistakes from becoming big ones. It can provide peace of mind to the association members that their community's financial security is in good hands.
As a CAM professional, it is well worth your while to encourage the communities you manage to receive a regular audit. Here are some things that every Community Association Manager should know about audits.
1. Know when you need to do an audit.
Like any other decision affecting a community association, the first source you need to look to is the governing documents. If the community's documents specify that an audit must be performed annually, or within a certain period, then that is what the association must follow.
Every state has its own set of regulations when it comes to auditing the books of community associations. Some states base the requirement on the size of the association (or the size of the association's budget). Other states may only require an audit in cases of a super-majority vote of owners.
One important thing to note is that many states regulate HOAs and Condos differently. Be sure you know the laws regarding the specific community association type you manage.
Even if your state doesn't require community associations to be audited, it is a smart idea to hire an independent auditor on a regular basis to monitor the books in the associations you manage. A good rule of thumb is to do an audit every year for large associations, every 2 years for mid-sized associations, and every 4 years for smaller associations.
For management companies, one often missed opportunity is to perform an audit upon transition. A audit will help insure a smooth transition from the developer (or when transitioning from another management company), and can help avoid loss of data or other problems related to major change.
2. Know how to choose an auditor.
It's important that the auditor you choose is a third party who would have no regular access to the community's financials outside of the audit. Treat the audit like any other project - choose a selection of CPA firms who have experience doing audits for community associations. Then, bid out the project the way you would with any other partner you choose. The rest of the process is documented here.
3. Include the audit in the annual budget.
I've seen many board members complain about the cost of audits, but my theory is it's because they didn't plan for the audit in advance. An audit is like any major expenditure in your community. Don't be afraid to budget for it. A $3k price tag is only $125 per month spread over 24 months. That's not so bad!
4. Understand the different types of audits.
While we often refer to the process collectively as an audit, there are, in fact multiple escalating levels of audits.
Level 0 - Annual financials
Not an audit type, but I wanted to start at the ground floor. The annual presentation of financials is what every professional manager does anyway. At this level, it is the association members and the board who are reviewing the books.
Level 1 - Compilation
In a compilation, the community association engages a third-party CPA to look over the financial reports package prepared in level 1. The CPA makes no analysis or assurances that the data is valid, they are simply confirming that the reports appear to be in order. (This is the cheapest version of an audit, but also provides the least security.)
Level 2 - Review
In a review, the CPA digs a little deeper into the financial reports, interviews the relevant parties and looks at the generation of the financials. This is not a full on review of the individual accounting data, but the CPA can make limited assurances from the review that the Annual financials are being prepared properly. (Remember, just because the reports add up doesn't mean there is no fraud. This is still a less than ideal option in terms of security)
Level 3 - Audit
In an official audit, the CPA will dig into the actual data of the association's financials. The CPA will look for mistakes in the records, signs of fraudulent activity, and any other oddities. The audit takes 3 to 5 weeks, and culminates in an opinion letter from the CPA stating any concerns they have and/or certifying that the financials are accurate.
Level 4 - Forensic Audit
If you or your community have reason to believe that fraudulent activity has taken place in the community, a forensic audit may be in order. In a forensic audit, the CPA (and their team) will explore deep into the association's financials to track down and pinpoint fraudulent behaviors. A forensic audit can be very expensive, and should only be used if there is reason to believe there is fraud.
Level 5 - Reconstruction Audit
A reconstruction audit is useful when the community association does not have complete accounting records. This can happen after a poor transition, or when the board or the association itself has been defunct for a period of years. In this case, the CPA team would construct a workable set of accounting records so that the community can create viable financial statements.
*Image credit: Joe Hall via flickr