Each nonprofit organization has unique organizational documents, mission, structure, activities, policies, and practices.  Therefore, there is no set formula for conducting a legal audit.  However, most legal audits of nonprofit organizations typically include review of the following categories of documents.  Other types of documents should be considered in light of the organization’s unique mission and structure, as well as the scope of the legal audit.

1.  Organizational and Operational Documents

The audit should begin with a review of the organizational and operational documents.  This includes: articles of incorporation; bylaws; significant board resolutions; board books; board minutes; key committee meeting minutes; list of board members and committee members; and organizational chart.  These documents enable the legal team to learn about the organization’s mission, structure, and operations, and to determine if the organization’s governing documents, policies and procedures, and general operations are in accordance with applicable laws and best practices for corporate and nonprofit governance.

2.  Regulatory Filings

The legal team should review the organization’s federal and state records, including: the organization’s Form 1023 or Form 1024; federal and state (if applicable) determination letters regarding tax exempt status; annual reports; and state charitable solicitation registrations (if applicable).  This review should assess whether the organization’s funding, structure, and operations are consistent with the facts set forth in its Form 1023 (or Form 1024).   Where the federal or state tax exemption letters included caveats or conditions, the legal team should assess whether the organization is in compliance with those conditions. 

Many state laws also require that organizations register with the state in order to conduct business, fundraise, and/or conduct lobbying activities in that state.  The legal team should examine whether the organization is registered as necessary in states where it conducts such activities. 

3. Financial Documents and Tax Returns

The legal team should review the organization’s tax and information returns.  The number of years to review may vary based on the circumstances, but best practice is to review tax returns for at least the most recent three years.  This includes the organization’s Forms 990, Forms 1099, Forms W-2, any amended returns, and any communications or filings with the IRS or other regulatory agencies.  The legal team should also review the organization’s recent financial statements, expense reports, accounting reports, any written manuals or procedures regarding treatment of income and funds, and results of any financial audits required by the bylaws and/or state law. 

4. Employment Practices and Policies

If the scope of the audit includes employment questions, the team should review policies regarding hiring and firing employees, workplace safety, workplace behavior, and sexual harassment.  These policies, which are often contained in employee manuals or handbooks, should be reviewed for compliance with federal and state laws.  The legal audit should also assess whether the organization is lacking any policies that it should have in place, either because they are required by law or recommended to mitigate the organization’s legal risk. 

5. Operational Policies and Procedures

Each organization has its own unique mission and structure, and likely a number of written policies and procedures that govern its operations.   The legal audit should include review of these policies and procedures to ensure that they: (1) are consistent with the organization’s mission; (2) are consistent with the organization’s bylaws; (3) are consistent with federal and state law; and (3) are consistent with best practices for similar tax exempt organizations. 

Other policies to review are the organization’s membership policies (if applicable), document retention policies, conflict of interest policies, whistle blower policies, codes of ethics, or policies and procedures regarding prohibitions or limitations on political campaign activities of the organization and/or its employees.

6. Executive Compensation Review Policies and Process

Key to maintaining exempt status is the ability to demonstrate that executives are paid no more than reasonable compensation for the services they provide.   Accordingly, legal audits often include a review of the nonprofit organization’s executive compensation philosophy (if drafted), as well as the policies and procedures regarding review of such compensation. 

7. Contracts

The legal audit may include review of employment agreements, leases, insurance policies, and other contractual documents to ensure that the organization is in compliance with its contracts, applicable laws, and best practices, and to ensure that it is appropriately mitigating any risk.  In particular, for contracts that contain renewal or cancellation terms, it is important for the organization to be aware of these requirements and plan appropriately.

8. Emails           

While review of an organization’s emails may not always be necessary for purposes of a legal audit, email review should be considered in light of the objective of the audit.  Factors to consider when determining whether to review emails include: scope and focus of the legal audit; structure of the organization; number of employees; the organization’s use of email; and the likelihood that emails will reveal information that cannot be obtained from other sources. 

9. Website and Other External Publications

Review of the organization’s website and other external publications, such as brochures, membership publications, recruiting materials, and fundraising materials are also important to include in the scope of a legal audit to ensure that the organization is operating in accordance with its mission, adhering to its fundraising protocols, refraining from lobbying and political activity, and otherwise acting in accordance with applicable law.

10. Intellectual Property

Nonprofit organizations may have intellectual property rights that should be protected, such as trademarks and copyrighted material.  The legal audit should include review of any trademark or copyright registrations to ensure that they are current and to determine whether the organization should take any additional steps to protect its intellectual property.

— Allison Levin Nadel

Alison Levin Nadel is a partner in the Washington, D.C. office of international law firm McDermott Will & Emery. In addition to performing legal audits on behalf of clients, Alison has a robust litigation practice that includes intellectual property and false claims act litigation and assisting clients with cost-saving electronic discovery.