Cybersecurity Matters

Investors, lenders and other stakeholders have been vocal in recent years about pushing companies to provide more information in their financial reports about cybersecurity. Could your company do a better job disclosing cyberrisks and recent hacks?

Most public companies could do better, according to recent testimony during congressional hearings by Jay Clayton, Chairman of the Securities and Exchange Commission (SEC). Here are ways his agency is attempting to “refresh” the disclosure guidance.

Updating the guidance

The SEC doesn’t expect to overhaul its Disclosure Guidance: Topic No. 2, Cybersecurity. Rather, it plans to consider whether important information about cybersecurity should be disclosed to stakeholders within the context of the existing rules. For example, companies may need to beef up their management’s discussion and analysis (MD&A) and footnote disclosures to reflect potential cyberrisks and material financial implications of data breaches.

The current guidance on cybersecurity, which was published in 2011, doesn’t include a specific requirement for companies to disclose computer system intrusions. The SEC’s effort to update the guidance comes amid concerns that more public companies have been experiencing attacks to their computer systems, but their disclosures haven’t been timely or informative enough.

Changes in the works

Regulators in the SEC don’t know whether the update will be issued in the form of staff-level guidance or a regulatory release approved by the SEC’s commissioners. But they’ve decided to address two key areas in the update:

  • Financial reporting controls and procedures that identify and disclose cybersecurity threats in a timely manner, and
  • Corporate strategies and policies regarding cybersecurity prevention, detection and breach response.

Many companies welcome additional guidance from the SEC, because it can be difficult to determine the appropriate time to disclose a hack into their systems.

On the one hand, companies feel a responsibility to share relevant information openly and honestly with stakeholders. On the other, they don’t want to prematurely disclose information about a breach before they know the extent of the damage or to release inaccurate information that later needs to be revised. Company insiders may also be working with law enforcement, in which case they don’t want to disclose information that could compromise the investigation.

Team approach

Regardless of whether your business is public or private, it’s important to assemble a team of professional advisors — including legal, insurance and financial experts — to identify risk factors and to handle breach response, measure the impact and mitigate potential losses. We can help you provide transparent and timely information to your stakeholders.

© 2018

4 Steps to Auditing AP

At most companies, the accounts payable (AP) department handles an enormous volume of transactions. So, the AP ledger may be prone to errors or used to bury fraudulent journal entries. How do auditors get a handle on AP? They use four key procedures to evaluate whether this account is free from “material misstatement” and compliant with U.S. Generally Accepted Accounting Principles (GAAP).

1. Examination of SOPs

Standard operating procedures (SOPs) are critical to a properly functioning AP department. However, some companies haven’t written formal SOPs — and others don’t always follow the SOPs they’ve created.

If SOPs exist, the audit team reviews them in detail. They also test a sample of transactions to determine whether payables personnel follow them.

If the AP department hasn’t created SOPs — or if existing SOPs don’t reflect what’s happening in the department — the audit team will temporarily stop fieldwork. Auditors will resume testing once the AP department has issued formal SOPs or updated them as needed.

2. Analysis of paper trails

Auditors use the term “vouching” to refer to the process of tracking a transaction from inception to completion. Analyzing this paper trail requires auditors to review original source documents, such as:

  • Purchase orders,
  • Vendor invoices,
  • Journal entries for AP and inventory, and
  • Bank records.

The audit team may select transactions randomly, as well as based on a transaction’s magnitude or frequency. They’ll also ascertain whether the company has complied with invoice terms and received the appropriate discounts.

3. Confirmations

Auditors may send forms to the company’s vendors asking them to “confirm” the balance owed. Confirmations can either:

  • Include the amount due based on the company’s accounting records, or
  • Leave the balance blank and ask the vendor to complete it.

If the amount confirmed by the vendor doesn’t match the amount recorded in the AP ledger, the audit team will note the exception and inquire about the reason. Unresolved discrepancies may require additional testing procedures and could even be cause for a qualified or adverse audit opinion, depending on the size and nature of the discrepancy.

4. Verification of financial statements

Auditors compare the amounts recorded in the company financial statements to the records maintained by the AP department. This includes reviewing the month-end close process to ensure that items are posted in the correct accounting period (the period in which expenses are incurred).

Auditors also review the process for identifying and recording related-party transactions. And they search for vendor invoices paid with cash and unrecorded liabilities involving goods or services received but yet not processed for payment.

Get it right

These four procedures may be conducted as part of a routine financial statement audit — or you may decide to hire an auditor to specifically target the AP department. Either way, your payables personnel can help streamline fieldwork by having the formal SOPs in place and source documents ready when the audit team arrives. Contact us for more information about what to expect during the coming audit season.

© 2018

LIFO Lessons Learned

You have choices when it comes to reporting inventory costs. One popular technique — the last-in, first-out (LIFO) method — assumes that merchandise is sold in the reverse order it was acquired or produced. That is, it allocates the most recent costs to the cost of sales. Although this method is often preferred for tax purposes, internal accounting personnel may be hesitant to use it for various reasons.

Tax benefits

Assuming your inventory costs generally increase over time, LIFO offers a definite tax advantage over other inventory reporting methods. By allocating the most recent — and, therefore, higher — costs first, LIFO maximizes your cost of goods sold, which minimizes your taxable income.

In contrast, the first-in, first-out (FIFO) method assumes that merchandise is sold in the order it was acquired or produced. Thus, the cost of goods sold is based on older — and often lower — prices.

Financial reporting challenges

Before you jump headfirst into using LIFO, it’s important to recognize that it’s not permitted under International Financial Reporting Standards. The approach also involves sophisticated record keeping and calculations.

For example, the “LIFO conformity rule” generally requires you to use the same inventory accounting method for tax and financial statement purposes. Switching to LIFO may reduce your tax bill, but it could also depress your current earnings and reduce the value of inventories on your balance sheet, thus giving the appearance of a weaker financial position.

LIFO also can create a problem if your inventory levels are declining. As higher inventory costs are used up, you’ll need to start dipping into lower-cost “layers” of inventory, triggering taxes on “phantom income” that the LIFO method previously has allowed you to defer.

Moreover, if a C corporation elects S corporation status, the business must include a “LIFO recapture amount” in income for the C corporation’s last tax year. The recapture amount is the excess of your inventory’s value using FIFO over its value using LIFO. Fortunately, you can spread out the tax payments over four years in equal, interest-free installments.

One of the biggest challenges in using LIFO is the need to measure changes in inventory costs. If you currently use LIFO, you may be able to enjoy additional savings by electing to use the inventory price index computation method. It may enable you to reduce administrative costs — and it might even generate greater tax benefits — if you rely on government indexes to calculate LIFO values rather than developing an internal index.

Right for you?

If you’re contemplating a switch to LIFO, there are various issues to address and forms to complete. Contact us to help decide whether it’s right for your business.

© 2018

Audit Opinions: How Your Financial Statements Measure Up

Audit opinions differ depending on the information available, financial viability, errors discovered during audit procedures and other limiting factors. The type of opinion your auditor issues tells stakeholders whether you’re in compliance with accounting rules and likely to continue operating as a going concern.

The basics

To find out what type of audit opinion you’ve received, scan the first page of your financial statements. Known as the “audit opinion letter,” this is where your auditor states whether the financial statements are fairly presented in all material respects, compliant with Generally Accepted Accounting Principles (GAAP) and free from material misstatement. But the opinion doesn’t constitute an endorsement or evaluation of the company’s financial results.

Most audit opinion letters consist of three paragraphs. The introductory paragraph identifies the company, accounting period and auditor’s responsibilities. The second discusses the scope of work performed. The third paragraph contains the audit opinion.

In general, there are four types of audit opinions, ranked from most to least desirable.

1. Unqualified. A clean “unqualified” opinion is the most common (and desirable). Here the auditor states that the company’s financial condition, position and operations are fairly presented in the financial statements.

2. Qualified. The auditor expresses a qualified opinion if the financial statements appear to contain a small deviation from GAAP, but are otherwise fairly presented. To illustrate: An auditor will “qualify” his or her opinion if a borrower incorrectly estimates warranty expense, but the exception doesn’t affect the rest of the financial statements.

Qualified opinions are also given if the company’s management limits the scope of audit procedures. For example, a qualified opinion may result if you deny the auditor access to a warehouse to observe year-end inventory counts.

3. Adverse. When an auditor issues an adverse opinion, there are material exceptions to GAAP that affect the financial statements as a whole. Here the auditor indicates that the financial statements aren’t presented fairly. Typically, an adverse opinion letter contains a fourth paragraph that outlines these exceptions.

4. Disclaimer. Even more alarming to lenders and investors is a disclaimer opinion. Disclaimers occur when an auditor gives up midaudit. Reasons for disclaimers may include significant scope limitations, material doubt about the company’s going-concern status and uncertainties within the subject company itself. A disclaimer opinion letter briefly outlines the auditor’s reasons for throwing in the towel.

Ready, set, audit

Before fieldwork starts for the audit of your 2018 financial statements, let’s discuss any foreseeable scope limitations and possible deviations from GAAP. Depending on the situation, we may be able to recommend corrective actions and help you proactively communicate with stakeholders about the reasons for a less-than-perfect audit opinion.

© 2018

Cash vs. Accrual Reporting: Which is Right for Your Business?

Small businesses often use the cash-basis method of accounting. As businesses grow, they usually convert to accrual-basis reporting for federal tax purposes and to conform with U.S. Generally Accepted Accounting Principles (GAAP).

Starting this tax year, the Tax Cuts and Jobs Act (TCJA) has increased the threshold for businesses that qualify for the simpler cash method for federal tax purposes. Here’s how these accounting methods compare and how the TCJA could affect your financial and tax reporting decisions.

Cash method

Companies that use the cash-basis method of accounting recognize revenue as customers pay invoices and expenses as they pay bills. So, cash-basis entities often report large fluctuations in profits from period to period, especially if they’re engaged in long-term projects. This can make it hard to benchmark a company’s performance from year to year — or against other entities that use the accrual method.

Cash-basis entities also tend to postpone revenue recognition and accelerate expense payments at year end. This strategy can temporarily defer the company’s tax liability. But the flipside is that it can make a company appear less profitable to lenders and investors.

Accrual method

The more complex accrual-basis accounting method conforms to the matching principle under GAAP. That is, revenue (and expenses) are “matched” to the periods in which they’re earned (or incurred).

Accrual-basis entities report several asset and liability accounts that are generally absent on a cash-basis balance sheet. Examples include prepaid expenses, accounts receivable, accounts payable, work in progress, accrued expenses and deferred taxes.

TCJA considerations

Under the TCJA, for tax years beginning after 2017, businesses with average annual gross receipts of $25 million or less for the previous three tax years are eligible for the cash method of accounting for federal income tax purposes. Under prior law, the gross-receipts threshold for the cash method was only $5 million.

In addition, for tax years beginning after 2017, the TCJA modifies Section 451 of the Internal Revenue Code so that a business recognizes revenue for tax purposes no later than when it’s recognized for financial reporting purposes. So, if you use the accrual method for financial reporting purposes, you must also use it for federal income tax purposes.

These changes could prompt more companies to opt for the simpler, tax-deferred cash method for both financial reporting and tax purposes. But it’s not right for everyone.

Look before you leap

As your small business grows, you might be tempted to switch to the accrual method of accounting to reduce variability in financial reporting from year to year — and to attract more sophisticated lenders and investors who prefer GAAP financials. But doing so could accelerate your tax obligations. On the other hand, if you’re newly eligible for the cash method for tax purposes, you may want to switch to that method for the simplicity and tax deferral it offers.

If you’re in either situation, contact us to discuss the pros and cons of these two options to ensure you’re using the optimal method based on your circumstances.

© 2018

It’s Important to Monitor Your SEC Filing Status

As public companies grow, they may move from one filing status or issuer category to another. Recent and proposed changes to the Securities and Exchange Commission (SEC) rules for some categories could affect your company’s financial reporting and audit procedures.

Categories of public companies

Under existing rules, public companies fall into different filing categories, based on their public “float” (the amount of shares available to the public for trading):

  • Smaller reporting companies (SRCs) are nonaccelerated filers that meet certain other requirements, including annual revenues under $50 million if their public float is zero.
  • Nonaccelerated filers have a public float of less than $75 million and aren’t otherwise required to accelerate their filing deadlines.
  • Accelerated filers have a public float between $75 million and $700 million and meet other requirements.
  • Large accelerated filers have a public float of more than $700 million and meet certain other requirements.

Finally, there’s the emerging growth company (EGC). Generally, an EGC is a new public company that has gross revenues under $1 billion in its most recent fiscal year and meets certain other requirements. EGCs enjoy a variety of benefits during their first five years of existence, including scaled-back disclosures and exemption from the auditor attestation of a company’s internal control over financial reporting as required by Section 404(b) of the Sarbanes-Oxley Act.

A company that ceases to be an EGC must begin complying with Sec. 404(b), except for nonaccelerated filers, which are exempt from that requirement unless they become accelerated or large accelerated filers. (Congress currently is considering legislation that would extend the exemption for certain companies, however.)

Changes to public float thresholds

On June 28, 2018, the SEC voted unanimously to issue the final rule in Release No. 33-10513, Amendments to Smaller Reporting Company Definition. The rule increases the public float threshold for SRCs to $100 million and nonaccelerated filers to $250 million.

To complicate matters, the SEC did not make conforming changes to the definition of an accelerated filer. Rather, it eliminated the automatic exclusion of SRCs in the definitions of accelerated and large accelerated filers. As a result, a registrant could be both an SRC and an accelerated filer. As an accelerated filer, a company would still be required to comply with Sec. 404(b).

The new SEC rule will be effective 60 days after publication in the Federal Register, which normally occurs a few weeks after a rule is posted on the SEC’s website. The SEC said 966 additional companies will be eligible for smaller company status in the first year of the new threshold.

Annual assessment

Changes in filing status affect the form, content and timing of financial reports, as well as the extent of external audit procedures. So, it’s a good idea to re-evaluate your company’s status well before the end of each fiscal year. We can help you evaluate your filing status based on the SEC’s evolving guidelines. If a change is anticipated, we can help you prepare for new filing, disclosure and audit requirements.

© 2018

Transitioning to Remote Audits


Are you comfortable communicating electronically with your auditors? If so, a logical next step might be to transition from on-site audit procedures to a more “remote” approach. Remote audits can help reduce the time and cost of preparing audited financial statements.

21st century audits

Traditionally, audit fieldwork has involved a team of auditors camping out for weeks (or even months) in one of the conference rooms at the headquarters of the company being audited. Now, thanks to technological advances — including cloud storage, smart devices and secure data-sharing platforms — many audit firms are testing the feasibility of remote auditing as a replacement for sending auditors on-site.

In addition to saving time and audit fees, allowing auditors to work remotely improves the work-life balance for auditors and in-house accounting personnel. Your employees won’t need to stay glued to their desks for the duration of the audit, because they can respond to the auditor’s inquiries and document requests remotely.

Best practices

Changing the format of an audit requires flexibility, including a willingness to embrace the technology needed to facilitate the exchange, review and analysis of relevant documents. You can facilitate the transition process by:

Being responsive to electronic requests. Auditors who are out of sight shouldn’t be out of mind. Answer all remote requests from your auditors in a timely manner. If a key employee will be on vacation or out of the office for an extended period, give the audit team the contact information for the key person’s backup.

Giving employees access to the requisite software. Sharing documents with remote auditors may require you to install specific software on employees’ computers. But your company’s policies may prohibit employees from downloading software without approval from the IT department.

Before remote auditors start “fieldwork,” ask for a list of software and platforms that will be used to interact with in-house personnel. Give the appropriate employees access and authorization to share audit-related data from your company’s systems. Work with IT specialists to address any security concerns they may have with sharing data with the remote auditors.

Tracking audit progress. With less face-to-face time with your auditors, you have fewer opportunities to receive updates on the team’s progress. Ask the engagement partner to explain how they’ll track the performance of their remote auditors, and how they plan to communicate the team’s progress to in-house accounting personnel.

Wave of the future

Like remote working arrangements with employees and contractors, remote audits are a growing trend that could potentially reduce the costs of preparing financial statements. But not every audit firm or business is ready to embrace remote auditing. Contact us to discuss ways to make next year’s audit more efficient and cost-effective.

© 2018

Using Analytical Procedures in An Audit Provides Many Benefits

Analytical procedures can make audits more efficient and effective. First, they can help during the planning and review stages of the audit. But analytics can have an even bigger impact when used to supplement substantive testing during fieldwork.

Defining audit analytics

AICPA auditing standards define analytical procedures as “evaluations of financial information through analysis of plausible relationships among both financial and nonfinancial data.” Analytical procedures also investigate “identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount.” Examples of analytical tests include trend, ratio and regression analysis.

Using analytical procedures

During fieldwork, auditors can use analytical procedures to obtain evidence, sometimes in combination with other substantive testing procedures, that identifies misstatements in account balances. Analytical procedures are often more efficient than traditional, manual audit testing procedures that typically require the business being audited to produce significant paperwork. Traditional procedures also usually require substantial time to verify account balances and transactions.

Analytical procedures generally follow these five steps:

1. Form an independent expectation about an account balance or financial relationship.
2. Identify differences between expected and reported amounts.
3. Investigate the most probable cause(s) of any discrepancies.
4. Evaluate the likelihood of material misstatement.
5. Determine the nature and extent of any additional auditing procedures needed.

When using analytical procedures, the auditor must establish a threshold that can be accepted without further investigation. This threshold is a matter of professional judgment, but it’s influenced primarily by the concept of materiality and the desired level of assurance.

For differences that are due to misstatement (rather than a plausible explanation), the auditor must decide whether the misstatement is material (individually or in the aggregate). Material misstatements typically require adjustments to the amount reported and may also necessitate additional audit procedures to determine the scope of the misstatement.

Your role in audit analytics

Done right, analytical procedures can help make your audit less time-consuming, less expensive and more effective at detecting errors and omissions. But it’s important to notify your auditor about any major changes to your operations, accounting methods or market conditions that occurred during the current accounting period.

This insight can help auditors develop more reliable expectations for analytical testing and identify plausible explanations for significant changes from the balance reported in prior periods. Moreover, now that you understand the role analytical procedures play in an audit, you can anticipate audit inquiries, prepare explanations and compile supporting documents before fieldwork starts.

© 2018

Auditing Related-Party Transactions

Business owners generally prefer to work with entities they know and trust. But related-party transactions can provide opportunities for individuals to act in a manner that’s inconsistent with the interests of shareholders. That’s why auditors take pains to identify and properly address related-party transactions.

What is a related party?

Accounting Standards Codification (ASC) Topic 850 defines a related-party transaction as one that takes place between:

  • A parent entity and its subsidiaries,
  • Subsidiaries of a common parent,
  • An entity and trusts for the benefit of its employees, such as pension and profit-sharing trusts that are managed by or under the trusteeship of the entity’s management,
  • An entity and its principal owners and managers (or members of their immediate families), and
  • Affiliated entities.

What’s the risk?

Related-party transactions sometimes involve contracts for goods or services that are priced at less (or more) favorable terms than those in similar arm’s length transactions between unrelated third parties. For example, a spinoff business might lease office space from its parent company at below-market rates. Or a closely held manufacturer might pay the owner’s son an above-market salary and various perks that aren’t available to unrelated employees.

How do auditors address these transactions?

Given the potential for double dealing with related parties, auditors spend significant time hunting for undisclosed related-party transactions. Examples of documents and data sources that can help uncover these transactions are:

  • A list of the company’s current related parties and associated transactions,
  • Minutes from board of directors’ meetings, particularly when the board discusses significant business transactions,
  • Disclosures from board members and senior executives regarding their ownership of other entities, participation on additional boards and previous employment history,
  • Bank statements, especially transactions involving intercompany wires, automated clearing house (ACH) transfers, and check payments, and
  • Press releases announcing significant business transactions with related parties.

Audit procedures that target related-party transactions include 1) testing how related-party transactions are identified and coded in the company’s enterprise resource planning (ERP) system, 2) interviewing accounting personnel responsible for reporting related-party transactions in the company’s financial statements, and 3) analyzing presentation of related-party transactions in financial statements.

Accurate, complete reporting of these transactions requires robust internal controls. A company’s vendor approval process should provide guidelines to help accounting personnel determine whether a supplier qualifies as a related party and mark it accordingly in the ERP system. Without the right mechanisms in place, a company may inadvertently omit a disclosure about a related-party transaction.

Get it right

Undisclosed related-party transactions can raise a red flag to lenders and investors — and may even require a business to restate its financial results. Our auditors are committed to finding, disclosing and reporting these transactions in a transparent manner that complies with U.S. Generally Accepted Accounting Principles (GAAP). Contact us for help.

© 2018

Why Revenue Matters In An Audit

For many companies, revenue is one of the largest financial statement accounts. It’s also highly susceptible to financial misstatement.

When it comes to revenue, auditors customarily watch for fictitious transactions and premature recognition ploys. Here’s a look at some examples of critical issues that auditors may target to prevent and detect improper revenue recognition tactics.

Contractual arrangements

Auditors aim to understand the company, its environment and its internal controls. This includes becoming familiar with key products and services and the contractual terms of the company’s sales transactions. With this knowledge, the auditor can identify key terms of standardized contracts and evaluate the effects of nonstandard terms. Such information helps the auditor determine the procedures necessary to test whether revenue was properly reported.

For example, in construction-type or production-type contracts, audit procedures may be designed to 1) test management’s estimated costs to complete projects, 2) test the progress of contracts, and 3) evaluate the reasonableness of the company’s application of the percentage-of-completion method of accounting.

Gross vs. net revenue

Auditors evaluate whether the company is the principal or agent in a given transaction. This information is needed to evaluate whether the company’s presentation of revenue on a gross basis (as a principal) vs. a net basis (as an agent) complies with applicable standards.

Revenue cutoffs

Revenue must be reported in the correct accounting period (generally the period in which it’s earned). Cutoff testing procedures should be designed to detect potential misstatements related to timing issues, as well as to obtain sufficient relevant and reliable evidence regarding whether revenue is recorded in the appropriate period.

If the risk of improper accounting cutoffs is related to overstatement or understatement of revenue, the procedures should encompass testing of revenue recorded in the period covered by the financial statements — and in the subsequent period.

A typical cutoff procedure might involve testing sales transactions by comparing sales data for a sufficient period before and after year end to sales invoices, shipping documentation or other evidence. Such comparisons help determine whether revenue recognition criteria were met and sales were recorded in the proper period.

Renewed attention

Starting in 2018 for public companies and 2019 for other entities, revenue must be reported using the new principles-based guidance found in Accounting Standards Update (ASU) No. 2014-09, Revenue from Contracts with Customers. The updated guidance doesn’t affect the amount of revenue companies report over the life of a contract. Rather, it affects the timing of revenue recognition.

In light of the new revenue recognition standard, companies should expect revenue to receive renewed attention in the coming audit season. Contact us to help implement the new revenue recognition rules or to discuss how the changes will affect audit fieldwork.

© 2018