Skip to content

Insights

Audit vs. Review vs. Compilation: Which One Does My Nonprofit Need?

Funders, banks, and government agencies ask this question often, and the answer is not always obvious. The three levels of CPA-prepared financial statements (audit, review, and compilation) sound similar but involve different work, deliver different levels of assurance, and cost different amounts. The wrong choice can delay grant funding, miss a compliance requirement, or buy more service than the organization needs.

This guide is written specifically for nonprofit leaders. It covers what each service involves, what triggers the requirement for one level over another, and a decision framework you can use when the question comes up.

The Three Levels at a Glance

For a detailed technical comparison of all CPA financial statement services including preparation engagements, see our full guide to preparation, compilation, review, and audit services. Here is the nonprofit-specific summary:

CompilationReviewAudit
What the CPA doesFormats your data into GAAP-compliant financial statements; no verificationPerforms inquiries and analytical procedures; provides limited assuranceTests transactions, confirms balances with third parties, evaluates internal controls; provides reasonable (highest) assurance
Assurance levelNoneLimited (“not aware of any material modifications that should be made”)Reasonable (“presents fairly in all material respects”)
CPA must be independentNo (must disclose if not)YesYes
Internal controls evaluatedNoNoYes
Typical cost range$2,000–$7,000$5,000–$15,000$10,000–$25,000+
TimelineDays to 1 week1–3 weeks4–8 weeks
When nonprofits typically need itSmall organizations; internal use; basic bank requirementsFoundation grants; some state requirements; boards wanting independent reviewFederal Single Audit; large funders; state audit thresholds; bonding; public accountability

Cost and timeline vary based on your organization’s complexity, number of programs, transaction volume, and whether federal compliance testing is involved.

What Triggers the Requirement

Nonprofit leaders rarely get to choose the service level based on preference. In most cases, the decision is made for you by an external requirement. Here are the five most common triggers, in order of how often we see them:

1. Grant Agreements and Funder Requirements

This is the most common trigger. Foundations, government agencies, and corporate funders frequently specify the level of financial statement assurance they require as a condition of the grant. The language is usually in the grant agreement, the request for proposal (RFP), or the funder’s compliance guidelines.

What you will typically see:

  • Smaller foundation grants ($25,000–$100,000): Many private foundations accept compiled or reviewed financial statements, particularly from smaller grantees. Some will accept a Form 990 with no CPA-prepared statements at all.
  • Larger foundation grants ($100,000+): Most major foundations require at least reviewed financial statements. Some require a full audit, especially for multi-year or capacity-building grants.
  • Government grants (state and local): Requirements vary widely by agency. Some Colorado state agencies require audited statements for grants above $500,000. Others accept reviews. Read the compliance language in every award letter.
  • Federal grants ($1 million+ in expenditures): A full audit is required, plus a Single Audit under the Uniform Guidance (2 CFR Part 200). This is the most extensive and expensive engagement level. More on this below.

The critical practice: read the financial reporting requirements in every grant agreement before you sign it. If a funder requires audited statements and you currently have only a compilation, you need to know that before accepting the award, not six months into the grant period.

2. The Federal Single Audit Threshold

If your nonprofit expends $1 million or more in federal awards during a fiscal year, you are required to undergo a Single Audit. This threshold increased from $750,000 under the revised Uniform Guidance (2 CFR Part 200), effective for fiscal years ending on or after September 30, 2025.

A Single Audit is not just a financial statement audit with a few extra steps. It is performed under Government Auditing Standards (the Yellow Book, 2024 revision effective for periods beginning on or after December 15, 2025) in addition to GAAS. It includes:

  • Compliance testing on each major federal program
  • Evaluation of internal controls over federal awards
  • Preparation of a Schedule of Expenditures of Federal Awards (SEFA)
  • Submission of the completed audit package to the Federal Audit Clearinghouse

The additional Single Audit requirements can raise the incremental cost above a standard audit by 25% to 50% or more.

If your federal expenditures are approaching $1 million, begin planning now. The transition from a standard audit to a Single Audit requires additional documentation, compliance procedures, and auditor expertise. Organizations that wait until they have already crossed the threshold often face rushed engagements and higher costs. For a detailed walkthrough of the audit process itself, see our guide to what actually happens during a nonprofit audit.

3. State Charitable Solicitation Requirements

Many states require nonprofits to submit audited or reviewed financial statements as part of their charitable solicitation registration. The thresholds vary significantly by state. A few examples from the National Council of Nonprofits:

  • California: Nonprofits with gross revenue over $2 million must submit audited financial statements (government grant revenue is excluded from the gross-revenue calculation per CA Attorney General guidance)
  • New York: Organizations with total revenue and support over $1 million must submit audited statements; those between $250,000 and $1 million must submit reviewed statements
  • Connecticut: Organizations with gross revenue over $1 million must submit audited statements; $500,000 to $1 million may submit either an audit or a review (effective July 1, 2023)

Colorado does not require an audit or review as part of its charitable solicitation registration with the Secretary of State. Colorado nonprofits that raise over $25,000 must register and file annual financial reports, but there is no state-mandated audit threshold. However, if your organization solicits donations in other states, those states’ requirements apply. A Colorado nonprofit fundraising nationally may need audited statements to satisfy New York or California requirements even though Colorado does not require them.

4. Board Governance and Organizational Policy

Some nonprofit boards adopt internal policies requiring an audit or review regardless of external requirements. This is a governance best practice for organizations with revenue above $500,000 and for those handling significant public trust, such as community foundations and human services agencies.

An audit or review conducted voluntarily serves several purposes: it provides the board with independent assurance that financial statements are reliable, it identifies internal control weaknesses before they become problems, and it positions the organization to respond quickly when a new funder or government agency requests audited statements. Organizations that have never been audited often need 12 to 18 months to prepare their accounting systems and internal controls before the first engagement produces clean results.

5. Lending and Banking Requirements

Nonprofits that maintain lines of credit, carry building mortgages, or use debt financing may be required by their lender to provide compiled, reviewed, or audited financial statements. The lender’s requirement depends on the loan amount and the nature of the collateral. Loan covenants often specify the service level, and failure to deliver the required statements on time can trigger a default.

Decision Framework: How to Determine What You Need

Work through these questions in order. The first one that applies determines your minimum service level.

Question 1: Do you expend $1 million or more in federal awards? If yes → you need a Single Audit (which includes a full financial statement audit plus compliance testing). This is a federal legal requirement with no flexibility.

Question 2: Do any of your grant agreements, contracts, or funder guidelines specifically require an audit? If yes → you need an audit. Read each agreement carefully. “Audited financial statements” and “independent audit” mean a full audit engagement. “CPA-prepared financial statements” may be satisfied by a review or compilation depending on context. If the language is ambiguous, ask the funder before assuming a lower level will suffice.

Question 3: Do you fundraise in states that require an audit at your revenue level? If yes → you need an audit (or a review, depending on the state and your revenue). Check the requirements in every state where you solicit contributions.

Question 4: Do any of your grant agreements or funders require reviewed financial statements? If yes → you need a review.

Question 5: Does your board policy, loan covenant, or organizational bylaws require a specific service level? If yes → follow the policy.

Question 6: None of the above apply? You have flexibility. Consider your annual revenue, the number of funders who request financial statements, and where your organization is headed.

  • Under $500,000 in annual revenue with simple operations: a compilation may be sufficient.
  • $500,000 to $2 million: a review provides meaningful assurance at moderate cost and positions you to respond to future funder requests.
  • Above $2 million: many boards choose an audit as a matter of governance even when no external requirement mandates it.

Common Mistakes Nonprofits Make

  • Assuming a 990 replaces CPA-prepared statements. Form 990 is an IRS information return, not a financial statement. Some small funders accept a 990 in lieu of financial statements, but most foundations and all government agencies require CPA-prepared statements at the appropriate assurance level.
  • Accepting a grant without reading the financial reporting requirements. Discovering that a grant requires audited statements after you have already spent the first year of funding creates an expensive scramble. Review compliance requirements during the proposal stage.
  • Using a CPA without nonprofit experience. Nonprofit accounting follows ASC 958, which governs net asset classification (without donor restrictions vs. with donor restrictions), contributed services, conditional vs. unconditional contributions, and functional expense reporting. A CPA unfamiliar with these standards may produce statements that do not meet funder expectations or GAAP requirements for nonprofits.
  • Waiting until year-end to engage an auditor. CPA firms schedule audit engagements months in advance. Organizations that call in March looking for a December 31 audit often face limited availability and rush fees. Begin the conversation three to four months before your fiscal year-end.
  • Underestimating the first-year effort. The first audit or review takes longer and costs more than subsequent years because the CPA is building familiarity with your systems, controls, and accounting practices. Budget accordingly and start cleaning up your books at least 90 days before fieldwork.

How WhippleWood CPAs Can Help

Our assurance practice works with nonprofit organizations across Colorado on compilations, reviews, financial statement audits, and Single Audits. We help boards and executive directors determine which service level their organization actually needs, prepare for the engagement, and deliver results on the timeline their funders and stakeholders require.

If you are unsure which level of assurance is right for your organization, or if a new grant or funder is requiring a service you have not previously obtained, we can help you assess the requirement and plan the engagement.

Contact WhippleWood CPAs to discuss your nonprofit’s financial statement needs.

Related Resources:

About the Author

Ron Bass CPA

Ron Bass CPA

Ron has led WhippleWood’s auditing practice since 2010. His career began in 1990 and includes time spent as a private company controller and ten years as an auditor for the largest CPA firm in Florida. He has audited publicly traded corporations, consolidated international corporations, state and local regulatory agencies, employee benefit plans, internal processes and controls, and nonprofit entities.

View Bio

Contact Ron

Name*

Interested in Learning More?

Connect with us to find out how we can help address your most complex challenge.