The Function the Sector Was Never Going to Hire

I brought the briefing note to the finance committee in the late spring. I was the senior finance and IT person at a national mental health non-profit — over 200 staff across more than 13 sites, serving tens of thousands of people a year, partnered with school boards and the provincial Ministries of Health and Education at exactly the moment those systems were rewriting their own architecture around us. My recommendation was modest by corporate standards and ambitious by sector standards: stand up an internal audit function. Even a partial one. Even a co-sourced one.

The timing was unfortunate. A new executive director was arriving the same quarter, and the treasurer on the finance committee read the proposal the way many of us would have in their position — as one more thing to land on a new leader's plate, in a sector that already feels picked over by audits, by funders, by the regulatory weight of operating at any kind of scale. There was concern. There was frustration. There was, gently put, fear of the word audit, which in our sector tends to mean the year-end statement audit and the funder reviews and the accreditation assessments — none of which feels like something you would willingly add to.

The recommendation didn't go anywhere. That happens. What didn't leave me was the realisation that this was one of a stack of things I had been quietly noticing:

• Gaps in our procurement practices.
• Inconsistencies in our contract management.
• Weaknesses in how we were reporting service statistics.
• A general protective instinct in the sector against examining its own operations the way other sectors are required to.

The internal audit gap was, in some ways, the most specific symptom of a much broader structural avoidance. It was, in some ways, one of several factors that started me down a path of working differently with the sector — eventually, of leaving in-house leadership in it, and then later of building TERN.

I have been thinking about that finance committee meeting again because PwC has just published The end of traditional internal audit: human-led, agent-powered, naming what is coming for internal audit functions in the corporate world. Audits will run continuously, with intelligent agents sensing emerging risks, testing controls across the entire data population, and surfacing insights in real time. Auditors keep the judgement, the interpretation, the professional skepticism. The agents do the work nobody had time to do at quarterly cadence anyway.

It is a remarkable piece — concrete, specific, written by people who clearly understand both the audit function and the technology that is reshaping it. And it is being written for, and sold into, organisations that already have internal audit functions. The Fortune 500. The regulated public companies. The firms with audit committees, chief audit executives, and the budget to think in terms of agent-powered orchestration suites.

The grassroots social purpose sector was never in that audience. It was never going to be. And the absence of internal audit in the sector is not a thing the largest professional services firms are going to fix from the outside.

I came to the sector from corporate internal audit. The version I had been doing was the version PwC's report assumes the reader already understands: a value-added function inside the organisation, identifying risk before it crystallised into loss, finding savings in places nobody had thought to look, building a feedback loop between operations and governance that closed faster than the external audit ever could.

That function exists in roughly every other corner of the economy that operates at scale. Tap a card to see who requires it and why:

The function has been embedded so thoroughly into the operating logic of mature organisations that its absence in the social purpose sector is almost invisible — a missing organ that nobody notices until something specific goes wrong.

I have been told, more than once, that the reason the sector doesn't have it is budget. The budget answer is incomplete. There is a deeper reason, and it has to do with what internal audit looks like when it shows up.

When internal audit arrives at a mid-sized non-profit, what arrives is a team of people:

1. They occupy a meeting room for two weeks, sometimes three or four.
2. They request documentation that nobody is keeping in the form requested.
3. They interview staff whose primary job is direct service, fundraising, or grant compliance — none of whom have time for a structured discussion of process risk.
4. They surface findings that get escalated to senior leadership, who must then respond inside a culture that does not quite know how to receive a report cataloguing what is failing.

The optics are difficult. The stigma is real. The conflict that gets generated at the senior level — between the executive director who feels personally responsible, the treasurer who feels institutionally responsible, and the operational leaders being assessed — lands in organisations that are not structurally equipped to hold it.

This is not a criticism of the people in any of those roles. It is the predictable consequence of trying to install a corporate-shaped function inside organisations that were never funded, structured, or culturally formed to absorb it.

The other reason the function doesn't land is that the sector already feels audited. A typical mid-sized Canadian non-profit goes through, in any given year:

• A financial statement audit.
• Multiple funder audits or compliance reviews.
• Often an accreditation review on a multi-year cycle.
• Various program evaluations layered on top.

That is a lot of attention from the outside.

But the structure of what each of those audits measures is the same in a way that isn't obvious from inside the workload of preparing for them. They measure outputs. The financial statement audit attests to the year-end numbers. Funder audits verify that grant dollars went where the grant said they would go. Accreditation looks at whether the organisation meets a defined set of programmatic and governance standards. Program evaluations measure whether the work delivered the intended impact.

What none of them look at is the process by which transactions are originated, classified, approved, and posted. None of them look at the inputs — the daily, transaction-level decisions about how a donation is coded, how a grant expense is allocated, how a capital asset is distinguished from an operating expense, how a payroll allocation rolls up to a funder report. Those are exactly the decisions internal audit was designed to surface. They are also exactly the decisions where errors compound silently over years, surface eventually in a funder finding or a year-end adjustment, and produce the audit findings the year-end auditor then reports.

The sector is missing the specific, inputs-focused, process-focused oversight that only internal audit was ever designed to provide. And the version of internal audit that could provide it was never going to fit through the door.

The shift PwC is naming for the corporate world matters here for a different reason than they intend. If internal audit can be embedded — running continuously, at the transaction level, surfacing the right question to the right human at the moment the question is live — then the function of internal audit can survive without the form of internal audit. The team in the meeting room becomes unnecessary. The two-week occupation becomes unnecessary. The senior-level conflict that the form of internal audit triggers in under-resourced organisations becomes unnecessary.

What remains is the substance: a continuous feedback loop between the transactions and the people responsible for them, identifying risk before it crystallises, finding the small accuracy improvements before they become the year-end adjustment, building the same kind of internal control discipline that mature organisations in every other sector have always taken for granted.

This is what we are building TERN to do — the actual operating model. Two examples follow, drawn from work that is either built or close to it.

The agent gates a judgement call before it becomes a posting error

One of the organisations I work with is a conservation authority. They acquire properties — that is core to what they do — and they make property-related expenditures constantly: land surveys, environmental assessments, legal fees on closings in progress, repairs and improvements to existing holdings, fencing, dock work, gate hardware — the kind of expenses any property-holding organisation accumulates daily.

The accounting question that sits underneath every one of those transactions is whether the cost should be capitalised to a property or expensed in the period. The answer is genuinely complicated. It depends on:

1. Whether a closing has happened, or only been initiated.
2. Whether the cost is preparing the asset for use, or maintaining an asset already in service.
3. Dollar-value thresholds, useful-life judgements, and the organisation's own capitalisation policy.

None of which the person posting the invoice was hired to know.

I am a CPA, trained in this, and I still spend time researching individual situations. So I do not blame the staff. The question is hard. What I have started to build is a workflow that walks the user through the same questions a CPA would ask, in plain language, before the transaction posts.

The user starts to enter the transaction. The agent intercepts. Is this expenditure associated with a property the organisation already owns, or with a property in the process of being acquired? Depending on the answer, it asks the next question. Has the closing happened yet? Is this expenditure preparing the asset for use, or maintaining an asset already in service? Does the cost meet the organisation's capitalisation threshold? By the end of two or three questions, the agent can recommend the correct treatment — capitalise as an addition to the property, expense to the relevant program, or hold for review by the finance team. The user agrees. The transaction posts to QuickBooks correctly classified. The finance team has a complete record of the questions asked and the answers given.

This is the function of internal audit operating at the moment of the transaction. It is gated, walked through, and resolved at the source — at the moment of the transaction, before any year-end reconciliation. The staff member is supported in getting it right. And the organisation accumulates a documented audit trail of the reasoning behind every classification — exactly the kind of evidence external auditors want to see and almost never find.

The agent walks the senior leader through the close, in the language of the work

A consistent piece of feedback we hear from external auditors who serve this sector is that the executive director or senior leader of the organisation is often not meaningfully engaged in the monthly or quarterly close. Not because they don't care — because they don't have a structured way in. The financials arrive after the close has been completed by the bookkeeper or external accountant, and the senior leader's role becomes ratification. Variances get explained reactively. Questions that should have been asked at the close get asked at the audit, six months later.

We are building this differently. As the close completes, an agent walks the senior leader through their own financials — surfaces the variances, asks the contextualising questions a reviewer would ask, gives the leader a structured way to engage with the numbers in the language of how the organisation actually operates. Where the agent can answer with confidence, it does. Where it cannot — because the question requires judgement, context, or follow-up that only the leader can provide — it documents the open item, drafts the question in language the external accountant will recognise, and routes it cleanly into the next conversation.

The leader, in this model, is the reviewer the audit always wished they had been. The external accountant or strategic partner gets the questions in a usable form. The internal audit function, which the organisation could never have hired, has effectively shown up — embedded, continuous, in the language of the work.

The people running the organisations the sector depends on are social workers, doctors, community builders, educators, organisers. They are not accountants, lawyers, or computer scientists. The technical languages of finance, law, and IT have historically required them either to build internal expertise they cannot afford or to retain external expertise they cannot fully evaluate. AI is, among other things, a translation layer between those technical languages and the operational language of the people doing the mission work. Internal audit, embedded into the workflow and surfaced through chat, is one specific instance of that translation — the function of disciplined, continuous, transaction-level oversight, rendered in the language of the people whose work it is meant to support.

That is the function the sector was never going to hire in its old shape. It is, I think, a function the sector can finally have.