Comparing Internal and External Audits

Businesses use two types of audits to gauge financial results: internal and external. Here’s a closer look at how they measure up.

Focus

Internal auditors go beyond traditional financial reporting. They focus on a company’s internal controls, accounting processes and ability to mitigate risk. Internal auditors also evaluate whether the company’s activities comply with its strategy, and they may consult on a variety of financial issues as they arise within the company.

In contrast, external auditors focus solely on the financial statements. Specifically, external auditors evaluate the statements’ accuracy and completeness, whether they comply with applicable accounting standards and practices, and whether they present a true and accurate presentation of the company’s financial performance. Accounting rules prohibit external audit firms from providing their audit clients with ancillary services that extend beyond the scope of the audit.

The audit “client”

Internal auditors are employees of the company they audit. They report to the chief audit executive and issue reports for management to use internally.

External auditors work for an independent accounting firm. The company’s shareholders or board of directors hires a third-party auditing firm to serve as its external auditor. The external audit team delivers reports directly to the company’s shareholders or audit committee, not to management

Qualifications

Internal auditors don’t need to be certified public accountants (CPAs), although many have earned this qualification. Often, internal auditors earn a certified internal auditor (CIA) qualification, which requires them to follow standards issued by the Institute of Internal Auditors (IIA).

Conversely, the partner directing an external audit must be a CPA. Most midlevel and senior auditors earn their CPA license at some point in their career. External auditors must follow U.S. Generally Accepted Auditing Standards (GAAS), which are issued by the American Institute of Certified Public Accountants (AICPA).

Reporting format

Internal auditors issue reports throughout the year. The format may vary depending on the preferences of management or the internal audit team.

External auditors issue financial statements quarterly for most public companies and at least annually for private ones. In general, external audit reports must conform to U.S. Generally Accepted Accounting Principles (GAAP) or another basis of accounting (such as tax or cash basis reporting). If needed, external auditing procedures may be performed more frequently. For example, a lender may require a private company that fails to meet its loan covenants at year end to undergo a midyear audit by an external audit firm.

Common ground

Sometimes the work of internal and external auditors overlaps. Though internal auditors have a broader focus, both teams have the same goal: to help the company report financial data that people can count on. So, it makes sense for internal and external auditors to meet frequently to understand the other team’s focus and avoid duplication of effort. Contact us to map out an auditing strategy that fits the needs of your company.

© 2019

Put a QOE Report to Work for You

An independent quality of earnings (QOE) report can be a valuable tool in mergers and acquisitions. It’s important for both buyers and sellers to look beyond the quantitative information provided by the selling company’s financial statements.

Quality matters

There’s a lack of guidance from the American Institute of Certified Public Accountants (AICPA) regarding scope and format of a QOE report. As a result, these engagements may be customized to meet the needs of the party requesting the report.

Typically, QOE reports analyze the individual components of earnings (that is, revenue and expenses) on a month-to-month basis. The goals are twofold: 1) to determine whether earnings are sustainable, and 2) to identify potential risks and opportunities, both internal and external, that could affect the company’s ability to operate as a going concern.

Examples of issues that a QOE report might uncover include:

  • Deficient accounting policies and procedures,
  • Excessive concentration of revenue with one customer,
  • Transactions with undisclosed related parties,
  • Inaccurate period-end adjustments,
  • Unusual revenue or expense items,
  • Insufficient loss reserves, and
  • Overly optimistic prospective financial statements.

QOE analyses can be performed on financial statements that have been prepared in-house, as well as those that have been compiled, reviewed or audited by a CPA firm. Rather than focus on historical results and compliance with Generally Accepted Accounting Principles (GAAP), QOE reports focus on how much cash flow the company is likely to generate for investors in the future.

Beyond EBITDA

Earnings before interest, taxes, depreciation and amortization (EBITDA) for the trailing 12 months is often the starting point for assessing earnings quality. To reflect a more accurate picture of a company’s operations, EBITDA may need to be adjusted for such items as:

  • Nonrecurring items, such as a loss from a natural disaster or a gain from an asset sale,
  • Above- or below-market owners’ compensation,
  • Discretionary expenses, and
  • Differences in accounting methods used by the company compared to industry peers.

In addition, QOE reports usually entail detailed ratio and trend analysis to identify unusual activity. Additional procedures can help determine whether changes are positive or negative.

For example, an increase in accounts receivable could result from revenue growth (a positive indicator) or a buildup of uncollectible accounts (a negative indicator). If it’s the former, the gross margin on incremental revenue should be analyzed to determine if the new business is profitable — or if the revenue growth results from aggressive price cuts.   

We can help

Using an objective accounting professional to provide a QOE report can help the parties stay focused on financial matters during M&A discussions and add credibility to management’s historical and prospective financial statements. Contact us if you’re in the market to buy or sell a business.

© 2019

Auditing Accounting Estimates and the Use of Specialists

The Public Company Accounting Oversight Board (PCAOB) recently voted to finalize two related standards aimed at improving audits of accounting estimates and the work of specialists. Though the new, more consistent guidance would apply specifically to public companies, the effects would likely filter down to audits of private entities that use accounting estimates or rely on the work of specialists.

Estimates

Financial statements often report assets at fair value or use other types of accounting estimates, such as allowances for doubtful accounts, credit losses and impairments of long-lived assets. These estimates may involve some level of measurement uncertainty. So, they may be susceptible to misstatement and require more auditor focus.

PCAOB Release No. 2018-005, Auditing Accounting Estimates, Including Fair Value Measurements , aims to improve audits of estimates. The new risk-based standard would promote greater consistency in application. It would emphasize the importance of professional skepticism when auditors evaluate management’s estimates and the need to devote greater attention to potential management bias. Under the updated standard, auditors would consider both corroborating and contradictory evidence that’s obtained during the audit.

Use of specialists

Some accounting estimates may be easily determinable. But many are inherently subjective or complex, requiring the use of specialists. Examples include:

  • Actuaries to determine employee benefit obligations,
  • Engineers to determine obligations regarding environmental remediation, and
  • Appraisers to determine the value of intangible assets or real estate.

The audit guidance on using the work of specialists hasn’t changed much since it was originally published in the 1970s. It deals with auditors’ oversight of third-party specialists, as well as the auditor’s use of the work of a professional hired by management. Existing guidance requires auditors to evaluate the relationship of a specialist to the client, including situations that might impair the specialist’s objectivity. But it doesn’t provide specific requirements.

PCAOB Release No. 2018-006, Amendments to Auditing Standards for Auditor’s Use of the Work of Specialists , would provide more direction for carrying out that evaluation. The updated standard would extend the auditor’s responsibility for evaluating specialists beyond simply obtaining an understanding of their work. It would require auditors to perform additional procedures to evaluate the appropriateness of the company’s data, as well as significant assumptions and methods used. However, auditors wouldn’t be required to reperform the work of the company’s specialist.

Stay tuned

The PCAOB issued these related standards simultaneously at the end of 2018, and wants both to become effective for audits of financial statements for fiscal years ending on or after December 15, 2020. However, the updated guidance is pending approval by the Securities and Exchange Commission. Contact us to discuss how these updated standards are likely to affect your company’s audit procedures in the coming years.

© 2019

Simplifying the Accounting Rules for Convertible Debt and Equity

Distinguishing between liabilities and equity on a company’s balance sheet may seem straightforward. But difficulties arise when it comes to the terms of complex securities and financial contracts like redeemable equity instruments, equity-linked or indexed instruments, and convertible instruments.

The good news is that the Financial Accounting Standards Board (FASB) is currently working on a project to improve how to determine the difference between liabilities and equity.

Need for change

Work on this project dates as far back as 1986, when distinguishing liabilities from equity was added to the FASB’s technical agenda. Since then, the board has issued various pieces of guidance to help resolve issues that have been raised. But the outcry for revisions to the liabilities vs. equity topic hasn’t waned.

In 2017, accounting professionals told the FASB that current guidance is “overly complex, internally inconsistent, path dependent, form based and is a cause for frequent financial statement restatements.”

Once again, the project is a top priority for the FASB. In 2019, deliberations will initially focus on two areas:

  1. Accounting for convertible instruments with embedded conversion features, and
  2. Determining whether instruments are indexed to an entity’s own stock.

A convertible instrument, typically a bond or a preferred stock, is an instrument that can be converted into a different security — often shares of the company’s common stock. For example, emerging and growing companies often use convertible debt as an alternative financing solution. It’s basically a loan obtained by a company from venture capital or angel investors whereby both parties agree to convert the debt into equity at a specific date.

Tentative plans

Convertible instruments create complex accounting issues and have become a major source of confusion and restatements. In February 2019, the FASB tentatively voted to:

  • Revise certain disclosures for convertible instruments, including adding disclosure objectives for convertible debt and for convertible preferred shares,
  • Centralize the guidance on convertible preferred shares in Accounting Standards Codification (ASC) Topic 505, Equity, and convertible debt in ASC Subtopic 470-20, Debt — Debt with Conversion and other Options, and
  • Improve the diluted earnings-per-share calculation and derivative scope exception.

Under the existing rules, there are currently five models to account for convertible debt, which the board plans to narrow down to one or two models. As a result, convertible debt would be recognized in the balance sheet as a single liability, measured at amortized cost. There would no longer be bifurcation, or separation, of the conversion feature and the debt host. Similarly, convertible preferred shares would be recognized in the balance sheet as a single equity element.

Stay tuned

Many start-ups and midsize businesses use convertible instruments to raise cash. But it’s easy for management to miss an aspect of an arrangement and then follow the wrong accounting model under today’s complex, inconsistent principles. And the complex accounting rules even may cause some businesses to avoid tapping into these financing alternatives.

Fortunately, the FASB is taking steps to simplify the financial reporting requirements — and we’re atop the latest developments. Contact us for more information.   

© 2019

Transparency is Key with Related Party Transactions

In recent years, external auditors have focused more attention on related party transactions. Although related party transactions aren’t necessarily bad, they do raise some concerns about the risk of misstatement or omission in financial reporting.

3 focal points

Issues with related parties played a prominent role in the scandals that surfaced nearly two decades ago at Enron, Tyco International and Refco. Public outrage about these scandals led Congress to pass the Sarbanes-Oxley Act of 2002 and establish the Public Company Accounting Oversight Board (PCAOB). Similar problems have arisen in more recent financial reporting fraud cases, prompting the PCAOB to enact tougher standards on related-party transactions and financial relationships.

PCAOB Auditing Standard No. 2410 (AS 2410), Related Parties, requires auditors of public companies to beef up their efforts in financial statement matters that pose increased risk of fraud. Specifically, auditors must focus on three critical areas:

1. Related-party transactions, such as those involving directors, executives and their family members,
2. Significant unusual transactions (SUTs) that are outside the company’s normal course of business or that otherwise appear to be unusual due to their timing, size or nature, and
3. Other financial relationships with the company’s executive officers and directors.

Subjecting these transactions and financial relationships to enhanced auditor scrutiny may help avert corporate failures. The PCAOB also hopes that enhanced auditor scrutiny will lead to improvements in accounting transparency and disclosures, which will help investors to more clearly gauge financial performance and fraud risks.

From start to finish

AS 2410 requires auditors to obtain a more in-depth understanding of every related-party financial relationship and transaction, including their nature, terms and business purpose (or lack thereof). Tougher related-party audit procedures must be performed in conjunction with the auditor’s risk assessment procedures, which occur in the planning phase of an audit.

In addition, auditors are expected to communicate with the audit committee throughout the audit process regarding the auditor’s evaluation of the company’s identification of, accounting for and disclosure of its related-party relationships and transactions. They can’t wait until the end of the engagement to communicate on these matters.

During fieldwork, expect auditors to be on the hunt for undisclosed related parties and unusual transactions. Examples of information that may be gathered during the audit that could reveal undisclosed related parties include information contained on the company’s website, tax filings, corporate life insurance policies, contracts and organizational charts.

Certain types of questionable transactions — such as contracts for below-market goods or services, bill-and-hold arrangements, uncollateralized loans and subsequent repurchase of goods sold — also might signal that a company is engaged in unusual or undisclosed related-party transactions.

To facilitate the audit process, management should be up-front with auditors about all related party transactions, even if they’re not required to be disclosed or consolidated on the company’s financial statements.

Let’s be honest

Private companies also engage in numerous related party transactions, and they may experience spillover effects of the tougher PCAOB auditing standard, which applies only to audits of public companies. Regardless of whether you’re publicly traded or privately held, it’s important to identify, evaluate and disclose all related parties. We can help you present related party relationships and transactions, openly and completely.

© 2019

ESG Issues: To Report or Not to Report?

Securities and Exchange Commission (SEC) Chairman Jay Clayton recently said that public companies shouldn’t be required to disclose information concerning environmental, social and governance (ESG) matters in their financial statements using a standardized format. Right now, these disclosures are voluntary and unstandardized.

ESG issues

The SEC is a long-standing member of the International Organization of Securities Commissions (IOSCO). But, in January, the SEC refused to sign a statement issued by IOSCO that urged companies to disclose nonfinancial ESG matters that may affect a company’s financial condition and performance. Examples include:

• The size of the company’s carbon footprint,
• Efforts to replace fossil fuels with renewable energy sources,
• Workplace, health and safety issues, and
• Consumer product safety risks.

Media attention on these external threats has increased public awareness and prompted concerns about how ESG issues could impact value or increase a company’s risk of litigation. Some investor groups and regulators are calling for formal rules that would mandate the use of a standardized framework.

SEC position

SEC Commissioner Hester Peirce and Chairman Clayton recognize that voluntary ESG disclosures provide insight into company operations when used in conjunction with traditional financial metrics. But they oppose a one-size-fits-all reporting format. They contend that some ESG information isn’t relevant to a reasonable investor and thus takes time away from focusing on more pressing matters.

They also point out that companies that follow U.S. Generally Accepted Accounting Principles (GAAP) already must disclose material ESG matters in the following sections of their financial statements:

Description of business. This disclosure describes the business and that of its subsidiaries, including information about its form of organization, principal products and services, major customers, competitive conditions and costs of complying with environmental laws.

Legal proceedings. This disclosure briefly explains any material pending legal proceedings in which the company, any of its subsidiaries and any of its property are involved.

Risk factors. These disclosures highlight the most significant factors that make an investment in the company speculative or risky.

Management’s discussion and analysis (MD&A). Public companies must identify known trends, events, demands, commitments and uncertainties that are reasonably likely to have a material effect on financial condition or operating performance.

In addition, some companies voluntarily issue separate standalone “sustainability” reports that cover a broad range of nonfinancial issues. However, these nonfinancial figures aren’t audited, and, unfortunately, some companies use ESG data to present a stronger financial picture than the ones that appear in their audited financial statements.

A custom approach

Voluntary ESG reporting can provide valuable insight to investors and lenders. We can help your company create customized financial statement disclosures and standalone sustainability reports that reflect its most pressing ESG concerns. Contact us for more information.

© 2019

Automating Your Accounting Department

Many businesses have adopted robotic process automation (RPA), or plan to do so in the future. While most RPA initiatives target “core” business operations, routine accounting functions also can be automated to help lower costs and allow personnel to focus on higher-level analyses and strategic projects. Here’s some insight into how to integrate RPA in your accounting department.

Paving the way

In general, RPA eliminates the need for manual (human) intervention. In the accounting department, automation software can assume control of such tasks as journal entries, bank reconciliations, and certain aspects of the budgeting and forecasting process. To begin automating your accounting department, follow these five preliminary steps:

1. Inventory manual processes. Prepare a list of manual processes and rank them by complexity and the number of hours to administer them. This provides a prioritized list of RPA candidates. Select the most straightforward process to convert first.

2. Standardize processes. RPA requires standardized tasks and processes. So, you’ll need to apply a standard approach to all transactions. Identify exceptions and scrutinize why they exist and how they can be eliminated.

3. Focus on the source data. Accounting data often exists in different formats and locations, which doesn’t facilitate RPA. So, you’ll need to centralize your accounting data using a consistent structure and format.

4. Document requirements. Many types of RPA software solutions exist. Identify the functionality and capabilities you’ll need and use this list to screen potential providers.

5. Conduct robust testing. Before relying on the output generated by RPA software, test the output to make sure it’s accurate and reliable. Such testing should use statistically valid sampling techniques. You’ll also need to consider judgmental sampling procedures, which allows team members to select transactions based on their training and experience.

Right for your accounting department?

Throughout your organization, RPA can minimize data entry errors, reduce processing time and lower costs. However, getting it to work in the accounting department takes some initial legwork and a fresh mindset. It also may affect the procedures a CPA performs when preparing your financial statements. Contact us for more information.

© 2019

Audits Home in on Cybersecurity

In 2018, U.S. organizations that suffered a data breach lost an average of $7.91 million as a result. That’s the highest average organizational cost of all the countries and regions covered in the 2018 Cost of a Data Breach Study by IBM and independent research firm Ponemon Institute. Malicious or criminal attacks were the source of more than half of those breaches, rather than system glitches and human errors.

With so much at stake, it’s no surprise that auditors consider these issues when conducting their audit risk assessments. This audit season, prepare to answer questions about cybersecurity and the effectiveness of your company’s internal controls against cyberthreats.

Inspections of public companies

In recent years, Public Company Accounting Oversight Board (PCAOB) inspectors have interviewed auditors of companies that have experienced a breach into their computer systems to find out how the auditors and their firms responded to the incidents. They report that auditors today are increasingly focused on matters related to cybersecurity.

Audit firms have provided varying levels of guidance, both when assessing risk at the start of an engagement and when uncovering a cybersecurity incident that occurred during audit fieldwork or the period under audit.

“Many of the firms are actually factoring cybersecurity issues into their risk assessment at this point in time, and there is a real focus on developing real understanding about cybersecurity incidents,” reported William Powers, deputy director for technology in the PCAOB’s Division of Registration and Inspections.

Audit inquiries

Possible questions that auditors might ask during fieldwork include:

  • How does management identify and prioritize cyberrisks?
  • What kind of internal controls has management established to safeguard digital assets and sensitive data (such as formal policies and procedures, employee training and the use of security analytics)?
  • How does management monitor internal controls to ensure effective operation?
  • Does management have a detailed breach response plan?
  • If a breach occurred during the accounting period, how did management respond and how much did it cost?
  • Has the company purchased cyber liability and breach response insurance?

The PCAOB hasn’t yet found any material misstatements on a public company’s financial statements as a result of a cybersecurity breach. But there’s a risk that future attacks may affect financial reporting. So, the PCAOB is planning to expand its inspection program to explore what auditors are doing to protect clients’ data and stakeholder data.

Universal risk factor

PCAOB inspectors target audits of public companies. But private companies can also be victims of cyberattacks — and the effects may be even more devastating for companies with fewer resources to absorb the losses and assign dedicated staff to respond to breaches.

The increasing frequency and severity of cyberattacks underscores the need for auditors of entities of all sizes to update their procedures. It’s our job to ask key questions about cyberrisks and the effectiveness of your internal controls. The answers, in turn, can help you formulate more effective governance strategies.

© 2019

How to Report Stock Compensation Paid to Non-employees

The accounting rules for reporting stock compensation have been expanded. They now include share-based payments to non-employees for providing goods and services, under recent guidance issued by the Financial Accounting Standards Board (FASB).

Old Rules

Under existing U.S. Generally Accepted Accounting Principles (GAAP), the FASB requires businesses that give stock awards to independent contractors or consultants to follow a separate standard from the one used for employee stock compensation.

Under Accounting Standards Codification (ASC) Subtopic 505-50, Equity — Equity-Based Payments to Non-Employees, the measurement date for nonemployees is determined at the earlier of the date at which:

  • The commitment for performance is complete, or
  • The counterparty’s performance is complete.

This requires judgment and tracking issues that have led to inconsistencies in financial reporting, especially if nonemployees are awarded stock options on a one-by-one basis, rather than a single large grant.

The FASB originally chose to apply different stock compensation guidance to nonemployees because independent contractors and consultants were perceived as having significant freedom to move from company to company. In theory, independent contractors could watch stock price movements to determine where to work.

However, the FASB now believes the assumptions behind the dual standards were overstated, because full-time employees also have the freedom to move from job to job.

New Rules

In June 2018, the FASB issued Accounting Standards Update (ASU) No. 2018-07, Compensation — Stock Compensation: Improvements to Non-employee Share-Based Payment Accounting. It eliminates the separate guidance for stock compensation paid to non-employees and aligns it with the guidance for stock compensation paid to employees.

Under the aligned guidance, all share-based compensation payments will be measured with an estimate of the fair value of the equity the business is obligated to issue at the grant date. The grant date is the date the business and the stock award recipient agree to the terms of the award. Essentially, compensation will be recognized in the same period and in the same manner as if the company had paid cash for goods or services instead of stock.

The guidance doesn’t cover stock compensation that’s used to provide financing to the company that issued the shares. It also doesn’t include stock awards tied to a sale of goods or services as part of a contract accounted for under the new-and-improved revenue recognition standard.

Effective Dates

The updated standard is effective for public companies for fiscal years that begin after December 15, 2018. Private companies have an extra year to implement the changes for annual reports.

Early adoption is generally permitted, but businesses aren’t allowed to follow the changes in ASU No. 2018-07 until they’ve implemented the new revenue recognition standard. Contact us for more information.

© 2019

Auditing Cashless Transactions

Like most businesses, you’ve probably experienced a significant increase in the number of customers who prefer to make cashless payments. And you may be wondering: How does the acceptance of these types of transactions affect the auditing of your financial statements?

Cashless transactions require the exchange of digital information to facilitate payments. Instead of focusing on the collection and recording of physical cash, your auditors will spend significant time analyzing your company’s electronic sales records. This requires four specific procedures.

1. Identifying accepted payment methods

Auditors will ask for a list of the types of payments your company accepts and the process maps for each payment vehicle. Examples of cashless payment methods include:

  • Credit and debit cards,
  • Mobile wallets (such as Venmo),
  • Digital currencies (such as Bitcoin),
  • Automated Clearing House (ACH) payments,
  • Wire transfers, and
  • Payments via intermediaries (such as PayPal).

Be prepared to provide documents detailing how the receipt of cashless payments works and how the funds end up in your company’s bank account.

2. Evaluating roles and responsibilities

Your auditors will request a list of employees involved in the receipt, recording, reporting and analysis of cashless transactions. They will also want to see how your company manages and monitors employee access to every technology platform connected to cashless payments.

Evaluating who handles each aspect of the cashless payment cycle helps auditors confirm whether you have the appropriate level of security and segregation of duties to prevent fraud and misstatement.

3. Testing the reconciliation process

Auditors will review prior sales reconciliations to test their accuracy and ensure appropriate recognition of revenue. This may be especially challenging as companies implement the new accounting rules on revenue recognition for long-term contracts. Auditors also will test accounting entries related to such accounts as inventory, deferred revenue and accounts receivable.

4. Analyzing trends

Cashless transactions create an electronic audit trail. So, there’s ample data for auditors to analyze. To uncover anomalies, auditors may, for example, analyze sales by payment vehicle, over different time periods and according to each employee’s sales activity.

If your company has experienced payment fraud, it’s important to share that information with your audit team. Also tell them about steps you took to remediate the problem and recover losses.

Preparing for a cashless future

Before we arrive to conduct fieldwork, let’s discuss the types of cashless payments you now accept — or plan to accept in the future. Depending on the number of cashless methods, we’ll amend our audit program to review them in detail.

© 2019