Having taken a new administrative position restricting the activities not-for-profit organizations (NPOs) can undertake to earn revenue, the Canada Revenue Agency (the CRA) has now established the NPO Risk Identification Project (the Project). The Project seeks to gather information on NPOs to assist the CRA in analyzing the quality and quantity of compliance risk with respect to the activities NPOs are conducting. More specifically, the Project is geared towards determining “the level of non-compliance, any significant data gaps that may require mandatory filing of prescribed forms, and whether recommendations to the Department of Finance for more robust legislation are necessary.”

With the Project well underway, many NPOs are concerned that they may be targeted by the CRA for an audit. If your organization is selected for an audit, the following tips may help to alleviate some of the anxiety, and mitigate some of the costs, associated with the audit process. Our comments, while directed towards NPOs, apply equally to charities and other organizations that may be subject to an audit in the future:  

A. SELECTION FOR AUDIT DOES NOT MEAN YOUR ORGANIZATION IS DOING SOMETHING WRONG

There are many reasons why particular organizations are chosen for CRA audit, and non-compliance is not always one of them. In addition to perceived non-compliance, organizations can be identified for audit through random selection or when a related organization is audited. Selection for audit can also be based on third party complaints, which are not always well-founded. It is therefore important to keep in mind that being selected for an audit doesn’t automatically mean there is a problem with the way an organization is operating.

B. DESK AUDITS V. FIELD AUDITS

Once an organization has been selected for audit, there are two potential ways in which the CRA can conduct the process. The first (and more common) audit method is the desk audit, which is less onerous. A desk audit is usually limited in scope to a request or review of certain documentation and may be conducted via telephone or fax. It is generally more informal and does not involve CRA auditors attending at an organization’s place of business. After a desk audit is complete, the CRA may determine that the organization is compliant and close the file, or it may refer the file for a field audit. A field audit is more burdensome and is usually performed for the most part on location at an organization’s offices. It may involve a single auditor or a team of auditors. A field audit will generally involve a comprehensive examination of an organization’s books and records and financial affairs. Depending on the size of the organization and the extent of perceived non-compliance, the timeline for completion of a field audit may be lengthy.

C. AUDIT OUTCOMES

After a field audit, an audit report is normally prepared by the CRA, though preliminary findings are usually communicated to the organization in advance of the audit report. The audit report will set out the CRA auditor (or audit team’s) findings with respect to the organization and provide a legal rationale for any sanctions or taxes that may be imposed on the organization. A finding of non-compliance or other areas of concern with respect to the organization’s operations by the CRA does not mean that heavy penalties will be imposed, however. For example, the CRA has the power, with respect to charities, to encourage compliance through education or a compliance agreement. Whether and the extent to which these types of mechanisms will be used with respect to NPOs, and whether such mechanisms may be used in lieu of penalties in particular situations, remains to be seen.

D. SURVIVING AN AUDIT

Preparation and management are key to getting through the audit process successfully. When preparing for an audit, it is important to assemble the right team, and point person, to manage the process. Obtaining professional advice is important, particularly if your organization has not yet experienced an audit or if it looks like the audit will be extensive. Assembling and organizing documentation, and segregating privileged materials, are also important. Managing an audit effectively will generally entail setting a protocol with the auditor(s) and parameters for the audit, as well as determining points of contact for the flow of information. While an organization is required under the Income Tax Act (Canada) (the ITA) to provide “all reasonable assistance” to the CRA audit team, it is important to remember that only requested information is required to be disclosed. In some cases, it may be appropriate to request written inquiries and questions from the auditor. In all cases, it will be helpful to establish a comfortable working rapport with auditors, which will make the audit process easier for all involved.

The increased attention on NPOs and the initiation of the Project by the CRA makes the chances of audit more likely for some organizations. While many organizations may be in full compliance with the provisions of the ITA, preparing for and managing an audit is essential for the process to run smoothly in terms of length, cost and reduction of interruption to operations. In some circumstances, organizations under audit should seek professional advice to formulate a strategy that ensures the process runs as efficiently and effectively as possible.