Planning the Audit of Financial Resources in a Non-Profit Organization

Internal auditing of non-profit organizations represents the first line of defence against inadequate use of non-profit organization ’ s funding sources. In the European legal system, the purpose of a non-profit organization is to meet the needs of stake-holders with different products and services and public works that the state or other profit organization cannot satisfy and to affect the policy of the state or the economy. Non-profit organizations due to their nature are not able to acquire their own sources of financing, which is why they largely depend on subsidies, grants, membership fees, revenue from the sale of services and products that are not necessarily sold at market price. Therefore, the correct usage of these sources is all the more important. One way of checking the correctness of the use of sources of financing is internal audit, which must be carefully planned. The purpose of the chapter is to present the planning of the internal audit in the case of a non-profit organization, the most important part of which is the definition of audit objectives, the organization ’ s risk analysis and the preparation of the audit plan.


Introduction
The biggest financial challenge of a non-profit organization is to implement all its programs and to meet the needs of both users and financiers. "The interdisciplinary aspect of non-profit organizations' research is a reflection of the distinctive nature of non-profit organizations, the distinctive nature of non-profit organizations, the complexity of their operations and their relationships with their environment, and the difficulties of defining the boundaries of NPO activity and determining, categorically, what is and what is not a non-profit organization" [1]. Non-profit organizations could be funded by different finance sources, for example, the state (ministries), municipalities, parents, donors, institutions, and others. Funding problems can arise when the state devotes, for many years, equal or even, less financial resources for financing non-profit organizations. In some countries, for example, the state's financial resources are strictly dedicated and are intended to cover wages and material and indirect costs of a non-profit organization. Usually no financier, with the exception of the, for example, FIHO Foundation, finances fixed assets, which means that a nonprofit organization must provide, for all equipment it needs, from its own funds or donations. A non-profit organization can be financed by various types of public resources; therefore, transparency of this funding must be ensured, and one way is to monitor external funding of non-profit organizations by the so-called internal audit. An internal auditor is either a person employed by an organization (in the case of major non-profit organizations) or a person outside the organization. In any case, it must be authorized for internal auditing.
For each audit, an internal auditor shall prepare a plan for carrying out the audit or an internal audit plan. In planning a particular transaction, internal auditors should handle with the necessary professional due diligence. Planning work focuses on key areas that have a significant impact on the correctness and rationality of operations and/or the purpose of using budget funds.
The plan shall specify at least: • Subject (area) and scope of an audit • The purpose and objective of an internal audit • Significant risks to an audited area/process and data on their control • Criteria to be used in the implementation of each audit • Predicted scope and method of work • Deadlines for starting and completion of the implementation and preparation of the final audit report • Persons to whom the final audit report will be sent

The purpose and methods of work
The chapter aims to examine the regularity of financing in accordance with laws and regulations. We will use the theoretical framework and study case's outcomes to compile recommendations for non-profit organizations on how to use finance resources in accordance with the rules. We will focus on a singular study of internal audit of financing a social entity, and this is the non-profit organization in Slovenia, working in pre-educational children programs.
We set the following research question: How internal controls in using financial resources in the non-profit organization work?
The research will be qualitative with using the audit method of internal control surveys: it is the COSO II.

Definition of the purpose and objectives of an internal audit engagement
c. Ensuring compliance with guidelines, plans, laws, and other regulations d. The protection of property e. Ensuring the efficient and efficient use of resources f. Achievement of the set goals and objectives related to business or programs and continuous improvement of the performance of the basic business functions of the direct user of the budget As the purpose of an internal audit of the financing of the activities of an educational institution, the aforementioned definitions apply in the previous paragraph. We will focus on financing the non-profit organization, in accordance with the guidelines, plans, laws, and other regulations of the financing process.
We can say that the goals are derived from the purpose. As defined by the standards, the objectives (Operation Standard 2210) must be defined for each job.
Based on the business goals at organizational level and audit units, opportunities and disadvantages in an organization that influence the setting up and realization of business desires, the initial assessment of the management of business risks and the internal control system, the internal auditor sets the work goals and defines the further scope and conditions for the realization of an internal audit function [4].
Each management of the non-profit organization (in our case the management represents one person) is responsible for the legality of operations and, in this regard, also for the prevention and detection of operations incompatible with legal norms. In doing so, the management can help with the following orientations and procedures [5]: • Monitors the regulatory requirements and provides procedures that enable compliance with legal regulations

Creating a work program
Internal auditors must develop and document a work program to achieve the business objectives (Standard 2240). Work programs must include procedures for identifying, studying, evaluating, and documenting information during the course of the transaction. The work program must be approved before the implementation, and each adjustment must be approved immediately (Standard 2240.A1).
An engagement work program is a document listing the procedures to be followed at work to fulfill its plan [6].
A well-prepared work program [7]: • Provides a general overview of the work that will be carried out and facilitates the understanding of the audited entity • Provides evidence that the work is properly planned • Provides a document for the management review • Assures that all risks are adequately addressed • Assist in supervising work

• Edits and links the audit
The auditee is a non-profit organization X. In our case, the basis for the commencement of the internal audit is the rules on the operation of the joint internal audit service in the municipality and the annual plan for auditing this municipality for 2018. The basis for the internal audit of non-profit organization X is the strategic plan of the municipality's internal audit from 2015 to 2020. Both the strategic (long-term) and the annual audit plans are approved by the mayor of the municipality. On the basis of the strategic and annual audit plan for 2018, an internal audit of the financing of activities for non-profit organizations X for 2018 will be carried out.
The annual plan of the internal audit of the municipality is based on an initial assessment of the risks of doing business in a non-profit organization, based on the examination of the organizational structure, business-organizational rules, questionnaire, and self-assessment of the auditee [4]. The process of initial assessment of business risks includes the following steps: • Identification of important areas of the organization's business The initial assessment of the risks of non-profit organization X showed that the priority in internal auditing has an area that relates to the coherence of financing public non-profit organization's activities with internal and external regulations. The public service activity is financed from the state budget, municipal budget, and parent payments.
Based on municipality policies and plans, an internal auditor who audits nonprofit organization X must make a so-called internal audit plan that contains the purpose, scope, and objectives of the audit, the expected results, implementation times, deadlines, and employees; it is shown in Table 1.

Title of the material
Plan for the implementation of an internal audit of non-profit organization X The purpose of the internal audit task The purpose of the internal audit activity is to improve the legality of financing the activities of the non-profit organization, thus improving the possibilities of achieving the goals of non-profit organization X and increasing its added value The subject of internal audit Assessment of the lawfulness of the financing of non-profit organization activities in 2018 in the context of the provision of public services, the verification of the operation of internal controls, and the management of risks in this field

Revised period
Year 2018

Definition of risks
The key risks are broken down as follows: • The risk of the internal environment The internal audit will include a review of the legality of the financing of the activities and will therefore review the following: • The legal bases that apply to the subject of internal audit • Internal policies • Instructions from the municipality in the field of financing the public service of the non-profit organization • The founding act • Website of the non-profit organization • Organization of non-profit organization • Personal staff folders • A record of the mission, plans, and goals of the non-profit organization • Invitations and minutes of the meetings of the council of non-profit organization X • The decisions of the council of non-profit organization X regarding the financing of activities • Bookkeeping documentation related to the financing of non-profit organization X • Extracts from the accounting information system • Report of non-profit organization X • Requests for payment • Other documentation

Plan of audit rates
The internal audit will be carried out by an internal auditor from the joint internal audit department of municipality Z, and its implementation will be supervised by the head of that service. The implementation schedule is as follows: The level and content of the implementation of the internal audit

Number of days
Time frame

Job planning
• Elaboration of the implementation plan of the audit • Acquainting with basic information on the field of auditing • Reviewing and updating a permanent folder and preparing a current folder for the audited area on which the audit task will be carried out 7 days From day _______ to day _______

Results of the case study and discussion
In the continuation of the article, we provide some of the more important findings from the internal audit of each of the eight components of the model COSO II, whereby the financing of the activities of non-profit organization X is revised. Internal environment, setting goals, recognition of risk events from the management's side, risk assessment, risk control, communication, and monitoring (they are all parts of the COSO method) were evaluated on the basis of interviews, Receiving comments from the principal and the accounting officer on the draft report: Creating a final report:

Recipients of the report
The draft report is received by • Director of non-profit organization X • Accountant of non-profit organization X • Head of the joint internal audit service in municipality Z The final report is received by • Director of non-profit organization X • Accountant of non-profit organization X • Head of the joint internal audit department in municipality Z • Mayor of municipality Z Expected added value of the performed internal audit For the municipality • Ensure the regularity of the funding of an indirect budget user in the field of preschool education or public service activities For internal auditors • To refine and upgrade knowledge for auditing in the field of financing the activities of the indirect budget user-the public institution • To formulate a plan for the implementation of the internal audit activity and a work program which will be a direction for future internal audits in the field of financing public service activities Source: Own. Table 1.
An example of an internal audit plan.
observations, verification, and examination of relevant documentation, all in accordance with the work program. In accordance with the audit plan, we have evaluated the control activities according to the audit plan in the phases inside the financing activities of non-profit organization X on the basis of the selection of a nonstatistical sample of documents or data and the review and comparison of data in order to obtain the appropriate ground for providing assurance about properly established and functioning internal controls.

First component of COSO II: evaluation of the control environment (internal environment)
From the examination of the control environment, we could find out how much employees are aware of the need for internal control, how the control environment ensures the possibilities for the operation of internal controls in the field of financing activities of non-profit organization X, and what basis it represents for the functioning of the other components of the COSO.
In order to verify the internal control environment, we carried out the following methods of work: • Verification of the existence of a code of ethical conduct and verification of the signature of the responsible person • Checking employees' knowledge of the code of ethical conduct and how to get acquainted with it, interview with employees (sample), and verification on a sample of employment contracts (nonstatistical sampling) • Verification on a sample of contracts of employment and on a sample of colleagues' minutes (non-static sampling) • Acquisition and review of the act on the job classification system in comparison with the law on societies, the act on establishment, and the rules on norms and personnel conditions for performing preschool education activities • Acquisition and review of the act on the job classification system • Acquisition and examination of other internal acts • Employee sample interview in the process of financing activities (nonstatistical sampling) • Acquisition and verification of the act on job classification and attendance and absence • Check on the sample of how the substitution took place during the absence (non-static sampling) • Interview with headmaster X • Examining plans and reports • Selection of the sample and examination of college minutes • Examining the act on the job classification system • Examining documentation on employee replacement and sick leave.

Examination of ownership of internal control procedures and rules on circulation of bookkeeping documents
• Acquisition and review of the annual report and the report on work in the school year • Obtaining and studying the development plan, educational plan and examining the annual work plan and the financial plan • Verification of records of the parents' council, minutes of conferences and colleges of employees and examination of the annual report We show the following findings by the components of the control environment: • Irreproachableness and ethical values: non-profit organization X passed a code of ethics which has been signed by the management of the non-profit organization, which is internal control at the level of the organization. The code is divided into four basic areas of peoples' responsibility, who are directly or indirectly involved in the care of the child within the non-profit organization. The workers' responsibilities in the non-profit organization are responsibility to the children, responsibility to the parents and families, responsibility to work organization and colleagues, and responsibility to the wider community. The employees of the non-profit organization are familiar with the abovementioned code at the annual conference of all employees in non-profit organization X, which is evident from the records of the conclusions of the annual conference and from the sample of five signed employment contracts, where the employees commit themselves to comply with the aforementioned code. From the interviews of randomly selected four employees (teacher 1, teacher 2, cook, business secretary), we understand that the employees are aware that they must respect integrity and ethical values and that there are measures in case of noncompliance with the said code. The latter is examined on a sample of 10 records of weekly board meetings, with 1 record containing an increase in awareness in the case that the non-profit organization staff must separate what they say on behalf of the institution from their own opinion. Internal controls in the field of integrity and ethical values are assessed as appropriate from the internal auditor's view.
• Commitment to the skills and human resource management: non-profit organization X is at the level of the organization ready and has a so-called act on the job classification system signed by the management of the organization, which is updated with the law on organization and financing of education, which explicitly stipulates in Article 108, that the systematization of non-profit organization jobs is determined by the director in agreement with the founder, on the basis of prescribed norms and standards (rulebook on norms and personnel conditions for performing preschool education activities). After examining the act on job systematization, we have learned that it is in line with the aforementioned regulations and that it is adopted at the municipal council of the municipality. When examining internal controls at the level of the process, we find out that the act on the systematization of jobs, the rules on accounting, and the book of rules on the circulation of accounting defined system of authorizations and responsibilities of the following working posts of employees in the process of financing activity X, president, assistant president, accountant, bookkeeper, and business secretary. We check the performance of the authorization system in the next steps. On the last page of the rules on accounting and the rules on the circulation of bookkeeping documents with their own signature, the abovementioned employees confirmed that they are familiar with the said rules. We also find the latter on the basis of interviews with them. The act on the job classification system also defines the replacement during the absence (who replaces who); we also check the operation by taking the month of August for 2018 and checking the presence and the replacement of employees participating in the financing process; we check the presence and replacement of employees who are involved in the activity financing process of non-profit organization X. During this period, the management of the organization is absent (14 days in the month of August) and was replaced by the assistant director and vice versa; the bookkeeper replaced the accountant, as determined in the act. From the presence and absence records, it is evident that the absences are planned, which ensures the smooth running of the work process. We consider the internal controls appropriate from the internal audit's view.
• Philosophy of leading and way of functioning: on the basis of an interview with the management we verify, if he/she is aware that risk management, internal control, and internal auditing for non-profit organization X is a useful process, we come to see that the management possesses this awareness; she has acquired it primarily by various training courses for school principals and nonprofit organizations. From the interview we also find out that the management, together with the management's assistant, plans tasks in non-profit organization X with the intent to achieve the objectives of non-profit organization X; this is evident from the annual work plans for non-profit organization for 2018 and a financial plan prepared for the calendar year 2018. Both plans are confirmed by municipality Z. The management occasionally discusses the tasks and objectives on regular weekly councils, as can be seen from the sample of records of 10 weekly council meetings. We evaluate internal controls as appropriate from the internal audit's view.
• Organizational structure: the organizational structure of non-profit organization X is determined in accordance with the act of the systematization of jobs and the rules on norms and personnel conditions for performing activities of preschool education, and this is handled appropriately. These regulations also specified the number, qualifications, and replacement of employees in the process of financing the activities of non-profit organization X. We compare the job description, as recorded by the rules on job classification system, with the actual occupation of the workplace, so we learn the following, the level and the direction of the professional education, special conditions or additional skills and competences, organizational field or occupation, type and extent of the responsibility of civil servants occupying the post, and working conditions and other attributes and characteristics. From the interview with the management, we recognized that the management realizes the responsibility and dedication of employees involved in the process of financing activities of the non-profit organization. We evaluate the internal controls as appropriate from the internal audit's view.
• Responsibility: according to the Public Finance Act, non-profit organization X must prepare a so-called annual report on the achieved objectives and results, where, among other things, it reports on an annual basis an assessment of the functioning of the internal financial control system, where it actually briefly reports on the situation in the field of risk management, internal control, and internal auditing, but it also reports on risk management in the work report for the school year. An annual reporting is set up; both reports are discussed by the board of the institution when the school year or calendar year is concluded [8].
We find that there is no regular reporting within the school or calendar years for employees to whom risks and internal controls apply; therefore we are assessing this internal control as partially appropriate.

Second component of COSO II: evaluation of business goals
Leadership must have known and attainable business goals, and their evaluation is needed, so it is possible to know the orientation and business events that influence the achievement of the goals that are set [9].
Non-profit organization X has long-term and short-term goals of operation written in a strategic sense, written for 5 years in the so-called management's development plan. The management prepares it with the help of other employees. The legal basis of the development plan is in the law on organization and financing of education (ZOFVI, Ur. l. RS 16/2007-UPB5, 48 and 49. article). We conclude that operational goals are set in the development plan based on strategic objectives in the annual work plan for the selected school years and in the financial plan for the calendar year. The development plan was presented and discussed by working groups in April and May 2018, so that the employees are familiar with it. The development plan is passed by the Council of the Institute; there is an agreement passed in this regard by the institute. Monitoring and implementation of planned descriptive tasks by individual areas are carried out by the management, assistant management, counseling worker, and heads of individual departments. The analysis is carried out twice per year in January and June 2018 at educational assemblies, professional working groups, house working groups, and development teams where relevance and efficiency of these and the introduction of necessary changes and improvements are determined. In this aspect there are meeting records in January and June 2018; we also hold interviews with five randomly selected employees (educator, cook, business secretary, consultant) from whom it is evident that they are acquainted with the descriptive goals from the internal audit's view X, not in detail, but know how to find documents from the field of planning of organization X in the intranet of non-profit organization X, which is intended for internal communication of employees. Non-profit organization X is reporting on the achievement of the descriptive goals and causes for the derogation in the 2018 annual report. I find that non-profit organization X is monitoring financial objectives only once per year, in the 8-month business report. Therefore, we estimate that internal controls in the field of objectives are partially appropriate from the internal audit's view.

Third component of COSO II: identifying unwanted events
Recognizing (identifying) internal and external events is necessary to learn about opportunities and threats and the advantages and disadvantages that affect the achievement of business objectives.
In order to verify the identification of adverse events in the organization, we carried out the following methods of work: • Obtaining and examining the contents of the risk register and the annual report The non-profit organization records the unwanted events related to the process of financing activities in the risk register of 2018 and in the business part of the annual report for 2018. Based on these statements, we estimate that internal controls are appropriate from the internal audit's view.

Fourth component of COSO II: assessment of the assessment and management of business risks
In order to verify the identification of risks in the organization, we examined the risk register and the annual report from the viewpoint of legal financing of nonprofit organization X.
Based on the examination of the risk register, we find that risks in non-profit organization X are defined and assessed in the risk register, where the risk response is also defined. Non-profit organization X has defined risks in the implementation of education programs, in the field of profit/non-profit activity, financial accounting, purchasing, physical security and security of digitized data, investment activities, provision of information support, human resources and recruitment, library activities, property, public commission, and external risks, like the risks of changes in legislation and regulations; it is important to strictly comply with legislation and other regulations and rules for legitimate financing of activities.
The risk register is from 2018 and is available to other employees on the intranet, before that there was a register of risks from 2008. Employees who participate in the process of financing activities are signing at the end of the risk register to prove they are acquainted with it. Within the risk register, certain risks are identified and rated related to the audited area, and the way of handling these risks is determined. Based on audit procedures, the obtained evidence on assessment and managing of risks is evaluated as appropriate from the internal audit's view.

Fifth component of COSO II: evaluation of control activities
The evaluation of control activities was carried out on the basis of the process of financing the non-profit organization's activities by showing internal controls and responsibilities, from the point of view of using cash. The objective of assessing the operation of internal controls in the process of using cash was to determine the degree of completeness and reliability of their operation.
In accordance with the working program, we check internal controls of using the cash in salaries, material, and investments. Our starting point is the purposefully used funds and the rules for using the sources of financing for the main purposes, which are salaries, material, small inventory, and services and funds for investment and investment maintenance. For this purpose, we select the annual items in the gross profit balance income and expenses, which are higher than EUR 7500 (nonstatic sampling), and compare this item with their amount in the financial plan.
In order to verify that there are control activities in the use of financial assets of non-profit organization X, we carried out the following methods of work: • Verification that the financing agreements with different institutions and donors are signed and valid.
• Examine the compliance of the financial plan of the organization with regulations, starting points, instructions, etc.
• Verification of the rules on accounting, the book of rules on the movement of bookkeeping documents, the act on establishment, and the act on the systematization of jobs, whether they exist, whether they are signed and valid, or refer to the financing of the organization's activities.
• Comparison of the gross balance sheet (comparison of the 760-grant line of the ministry, municipal grant, student payments) with the financial plan.
• Selecting a non-static sample and checking the sample whether the payment requests given to the municipality are substantially and formally relevant (non-static sampling), which means checking the formal correctness (or containing the relevant information on the issue date, etc.), the content correctness (e.g., amount, compliance with the law, calculation of the price of the program, etc.), and the timeliness of the payment requests submitted.
• Selecting a sample of weekly printouts of inflows and outflows, and checking the amounts on the subaccount of the PPA.
• Choice of a sample of overdue claims up to 30 days, up to 60 days, and up to 90 days and verification of the recovery of claims. Selection of the sample and examination of reminders and decisions on execution.
• Overview of a group of accounts of a 12-month short-term trade receivable. Select (nonstatistical) sample of overdue receivables and verification of posting (creating adjustments and impairments).
• Interview with headmaster, interview with accountant, and acquisition and examination of cash flow plan.
• Selecting a sample of annual items in the gross balance sheet of revenues and expenditures exceeding EUR 7500 (nonstatistical sampling) and a comparison of these items with their amount in the financial plan.
• Comparison of the records of employees with employment contract and job classification systematization. Selection of a sample of employment contracts and comparison with data in employee records. Verification of the existence of the signing of the record by the director.
• Selection of employees' sample and substantive verification of data entry from employee records into payroll accounting program. Interview with accountant.
• Comparison of the printed list of gross wages, contributions, and personal income tax through the recapitulation of payments on the sample.
• Selecting a sample of accounts (non-static sampling) and checking the existence of checks of received invoices and separating the duties of incompatible events.
• Checking the selected sample of accounts and related order forms, delivery notes, and other supporting documents. Verify the book of received invoices.
• Selecting a sample of accounts (nonstatistical sampling) and verifying the existence of the separation of duties incompatible events and the approval of business events.
• Check the traffic report from the UJP for the selected month (company name, TRR number, accompanying documentation, etc.). Verifying the timeliness of payment.
• Verify the contents of the book of received invoices. Selecting a sample of accounts (non-static sampling) and checking the matching of the balance on the accounts of the general ledger, which are also balance sheet items, with the situation in the analytical records.
• Sample selection (nonstatistical sampling) of payment orders and their verification with record-keeping of payments.
• Examination of material distribution and retail inventory records and services provided, cross-check of records.
• Examining the requirements of the PPP-2 for public procurement in the case of investments. Checking and reviewing the needs in the preparation of the financial plan.
• Testing and checking the selected contractors on the sample. Verification of the contract's compliance with the offer. Verification of contract performance. Interview with headmaster. Selecting a sample of accounts (non-static sampling) and checking the existence of controls and separating the duties of incompatible events on the selected sample of received invoices.
• Verify the book of received invoices.
• Verify the contents of the account, supporting documents by monitoring the execution of works on a selected sample of accounts.
• Selecting a sample of accounts (nonstatistical sampling) and verifying the existence of the separation of duties incompatible events and the approval of business events.
• Checking the timeliness of payment.
• Verify the contents of the book of received invoices.
• Selecting a sample of accounts (non-static sampling) and checking the status of accounts in the accounts and cost centers.
• Checking the selected sample of accounts and related order forms, delivery notes, and other supporting documents.
• Verify the book of received invoices.
• Selecting a sample of accounts (nonstatistical sampling) and verifying the existence of the separation of duties incompatible events and the approval of business events.
• Check the traffic report from the UJP for the selected month (company name, bank account number, accompanying documentation, etc.). Verifying the timeliness of payment.
• Verify the contents of the book of received invoices. Selecting a sample of accounts (non-static sampling) and checking the matching of the balance on the accounts of the general ledger, which are also balance sheet items, with the situation in the analytical records.
• Testing and checking the selected contractors on the sample. Verification of the contract's compliance with the offer. Verification of contract performance. Interview with headmaster. Selecting a sample of accounts (non-static sampling) and checking the existence of controls and separating the duties of incompatible events on the selected sample of received invoices.
• Verify the book of received invoices.
• Verify the contents of the account and supporting documents by monitoring the execution of works on a selected sample of accounts.
• Selecting a sample of accounts (nonstatistical sampling) and verifying the existence of the separation of duties incompatible events and the approval of business events.
• Verify the printout of the traffic on the account from the Public Payment Administration in Slovenia (company name, TRR number, accompanying documentation, etc.).
• Checking the timeliness of payment.
• Verify the contents of the book of received invoices.
• Selecting a sample of accounts (non-static sampling) and checking the status of accounts in the accounts and cost centers.
• Sample selection (nonstatistical sampling) of payment orders and their verification with record-keeping of payments.
• Examining the annual report from the viewpoint of legal funding of the nonprofit organization.
• Acquisition and review of interim business analyses (e.g., offsets, deviations, reasons for deviations from the financial plan) and interim reports from the viewpoint of legal financing of the non-profit organization.
In the continuation of the existing types of controls, we show the results of testing on the basis of a dedicated use of funds.
When using funds for salaries, we check the employee records as a basis for the calculation of wages and compare them with the employment contract and the job description systematization. Based on an interview with an accountant and a random sample of 10 employees, we check the substantive correctness of data input from the employee records into the payroll program. On the same sample, we check the existence of irregularities in the transfer of salaries into the general ledger by comparing the printed sheets of the amount of gross wages, the amount of contributions, and the recapitulation of payments on the sample.
When using funds, devoted to the material, we check the small inventory of the service on the selected sample of 10 received supplier receipts on the existence and implementation of separation control incompatible events, as set out in the rules of book record circulation. For example, on a selected invoice for an offered service, a signed multiple-signature stamp is located. We check the existence of the signature of a business secretary who is responsible for completing the invoices or order forms and other documentation (We also check their existence), check the existence of a bookkeeper signature that makes a formal check of the account, and check the existence of the signature of the assistant management, who is in charge of controlling received invoices on the basis of concluded contracts with the supplier-to this we check the existence of the service provided. We check the existence of the signature of the accountant who keeps the account of the received invoices and the existence of the signature of the management as the authorized decree giver. On the same sample of invoices based on the extract from the UJP subaccount, we test the authenticity of the payment to the true supplier indicated on the account and the existence of the separation of the duties of incompatible events (payment by two electronic signatures is carried out by the accountant and the management or by the authorized person, the assistant of the management). We also check the consistency between the value date and the payment date. On the selected sample of payment orders, we separately check the existence and appropriateness of posting the paid invoice into the record-keeping of payments. On a selected payment sample, we make a cross-check of the compliance of the material distribution, small inventory, and service records with the material procurement records, small inventory, and services.
When using finances for investment and investment maintenance, we check the randomly selected purchase of equipment worth more than €10,000 and compliance with the financial plan and the existence of the main steps in the Public Procurement Act. We are examining whether non-profit organization X is following the main phases of public procurement, namely, whether there is a need for a public procurement plan (financial plan), whether there are tender specifications and documentations, or whether there is a publication for a public tender on the websites of the information portal or in the Official Journal of the European Union (the subject of the public procurement, the value, the quantity, the quality, the delivery deadlines, the selection criteria, the address for information, the time for submission and opening of tenders, and the publication of the results), whether there is a procedure for selecting the most favorable bidder in the audited entity, whether there is a concluded contract and its date. On the selected equipment purchase account, we make a content control, who is the supplier, miscellaneous documentation, and compliance to the rules on separating the duties of incompatible events (check the existence of signatures of the business secretary, bookkeeper, assistant of the management, accountant, management). At the invoice payment, we pay attention to the compliance of the supplier's data in the invoice and program for payment at the UJP; we also compare the payment time and the value time. We check the consistency of posting the selected invoice on the relevant account and the cost spot.
We estimate that the functioning of internal controls in the field of the lawfulness of financing the non-profit organization in the use of finances is appropriate.

Sixth component of COSO II: reporting phase
In order to verify that there is reporting on the financing of a non-profit organization, we have carried out the following working methods: • Examining the annual report from the viewpoint of legal funding of the nonprofit organization • Acquisition and review of interim business analyses (e.g., offsets, deviations, reasons for deviations from the financial plan) and interim reports from the viewpoint of legal financing of the non-profit organization We examined the content of the annual and interim reports of the organization in terms of the laws they define. We assess the contents of the annual report as appropriate, and the interim reports are inadequate because they do not exist.

Seventh component of COSO II: assessment of information and communication
From the meeting records of collegiums, conferences, and interviews with randomly selected employees, we find that the management is in favor of employees' initiatives regarding the improvement of individual procedures. We also get information about this from the interview with the management. We evaluate communication as appropriate.

Eighth component of COSO II: monitoring assessment
Internal control systems must be monitored-the quality of the system's operation over a given period should be assessed. This is done with ongoing monitoring activities, special assessments, or a combination of both [10].
There is also a special evaluation, which is mandatory by law: this is the so-called submission of the statement on internal control of public finances, which is given by non-profit organization X as a budget user once a year to state institutions together with the annual report. The president of the non-profit organization takes into account the findings of other controls, based on the last internal auditor's report. Based on these facts, we evaluate monitoring as appropriate.

Reporting on internal audit
We report on the results of the internal audit on a regular basis and at the end of the audit. The purpose of regular reporting is to inform the auditee about the problematic findings of the internal audit, which the auditee can abolish immediately. Upon completion of the internal audit, we draft the audit report.
The auditor prepares the draft audit report. The draft contains essential findings and recommendations. These recommendations may include an indication of the recommended key vehicle for the implementation of recommendations and the classification of the recommendation according to their assessed relevance. For example, the auditor's assessments can be critical, very important, important, and desirable.
The draft audit report shall inform the responsible persons of the key organizational units. They are then invited to coordinate the content of the draft audit report.
Upon receipt of the draft audit report, the recipients have 10 working days to make written proposals for its alignment. This procedure is necessary in order to avoid misunderstandings or to clarify any differences between the findings of internal auditors and any new evidence/documentation available to the persons in charge.
Proposals for the harmonization sent after the deadline are generally not taken into account in the final audit report.
A coordination meeting may also be convened in the process of coordination, in which any proposals for harmonization are further explained and discussed. The coordination meeting can be convened by e-mail or by telephone.
Below is the issue of the final audit report. This must be supported by sufficient, reliable, relevant, and useful information. It must contain essential findings and recommendations. It must cover and contain at least: • Introduction An opinion may also be given, which may be an assessment, finding, or other descriptions.
In the final report, we present, inter alia, findings that have been evaluated or classified according to the descriptive criteria that are presented in Table 2

Conclusion
Based on the findings, we prepare the recommendations that we will include in the final audit report. We give the following opinion in relation to the audit objective on the legality of the financing of non-profit organization X: positively. Our overall opinion on the legality of financing the activities of preschool education in the public service is satisfactory, and we recommend the recommendations in Table 3.  If we find that certain measures and recommendations from the audit report were not carried out due to various possible causes and thus did not eliminate the deficiencies, we conclude that organization X accepts the risk which it does not control. In this case, the internal auditor carefully examines the risk management acceptance. The management of an organization may refuse to implement recommendations or measures if it considers that additional control procedures which, owing to the aforementioned recommendations or measures, would have to be linked to excessive costs. If, according to the internal auditor, the risk adopted by the management due to the non-establishment of additional control procedures is not acceptable, further discussion is needed between the internal auditor and the president of the organization. If there is still no consensus on accepting the residual risk, the internal auditor should inform the founder of the organization, which is the supervisory body of the non-profit organization, about this.
The limitations of the research are: • The research is the case study, and we focused only on one non-profit organization.
• The survey is limited to one country.
• The survey is limited on the internal audit's legislation of the specific country.
• The limited choice of literature from the research area in the article.
For further research, we recommend to make the comparison of the financing of different non-profit organizations which have different activities and to make comparison of the internal controls of financing non-profit organizations in different countries of the European Union and outside of it.