Launching a Net Zero Journey With Confidence

The technology industry, and particularly the software industry, faces unique accounting challenges. One common question that companies need to answer is whether to expense or capitalize software development costs.

When software is developed in-house, it can be tricky to know whether the costs should be treated as an asset (capitalized) or as an expense. GAAP provides separate guidance for internal-use and external-use software.

Here’s our guide to determining what guidance applies to you.

Internal-use software is developed in-house for internal-use cases. This also includes software accessed through a hosting arrangement (SaaS) in which customers do not obtain ownership of the software. In general, ASC 350 should be used to guide accounting for internal-use software.

External-use software, also known as traditional or “on-premise” software, should follow ASC 985 for guidance.  This software is designed to be leased or sold to end customers.

In 2024, the FASB proposed significant changes to ASC 350 related to internal-use software to modernize outdated rules and better align with today’s agile, iterative development practices. One major impact is that fewer costs will qualify for capitalization because of a higher threshold, meaning more development costs will be expensed. This article incorporates these changes made to ASC 350.

For internal-use software, costs should be capitalized when two criteria are met:

Costs should be expensed if there is significant uncertainty associated with the development, such as novel, unique, or unproven functions and features.

For external-use software, costs should be capitalized once “technological feasibility” has been established. Until that point (during planning, coding, and testing), costs are expensed.

Costs that should be capitalized include:

Capitalized costs should be amortized on a straight-line basis over their estimated useful life, beginning when the software is ready for use. Because of agile development practices, software changes rapidly and typically has a relatively short life—often three to five years.

Upgrades and enhancements can be capitalized only if they add new additional functionality—that is, enabling the software to perform tasks it previously could not. Maintenance costs should always be expensed.

Once you understand the applicable guidance, you’ll need to determine which costs to capitalize. This involves collaboration between the accounting and engineering teams.

During this process, it is crucial to understand the engineering team’s reporting and tracking systems. Ask questions like:

Capitalization of software development costs involves judgment and estimation. Our team of experts is available to support you and ensure the right calls are made. Get in touch with our technology audit team today.

Modern tech leaders are faced with challenges like increasingly tighter capital, rising investor expectations, and fierce competition. Financial modeling helps startup founders translate their ideas into clear numbers that can guide decision-making while helping company leaders and investors understand market opportunities, prepare for challenges, and identify funding needs.

A solid model shows how revenue, costs, and growth might unfold, which is essential for winning investor trust and making smart business choices. And while the process of preparing and updating models can be complex for founders without a strong finance background, AI-powered tools can simplify this process by automating financial reports and reducing errors. This allows tech startups to focus less on spreadsheets and more on building their business.

For founders, a well-built financial model serves as a roadmap and a communication tool. Investors expect to see forecasts that outline how revenue, expenses, and funding needs should play out over time. These models are also useful internally for budgeting, planning, and anticipating potential tax implications. By testing different scenarios, founders can prepare for challenges, optimize hiring, and track progress against goals.

While traditional spreadsheet-based modeling provides a foundation, newer AI-driven tools can streamline the process by automating data updates, flagging inconsistencies, and generating realistic projections more quickly. This frees up founders to focus on strategy while ensuring their numbers are credible and investor-ready.

Startup financial models come in different forms, depending on the company’s stage:

Many founders also build industry-specific models, such as recurring revenue forecasts for SaaS companies, inventory and logistics planning for e-commerce, or production costs for device companies.

Regardless of the type, most models include three key financial statements:

Together, these elements give founders and investors a clear view of the company’s financial health and performance.

While spreadsheets and static forecasts once sufficed, today’s investors expect founders to use modern tools to automate manual processes and reduce errors. Relying solely on traditional models can hinder organizational flexibility and overlook the speed at which markets evolve.

By embracing AI-driven financial modeling, startups can build stronger, more adaptable forecasts that adjust quickly as conditions change. Automation reduces the time founders spend working with spreadsheets, freeing them to focus on strategy, fundraising, and growth. The shift from reactive to proactive planning is now essential to stay ahead.

The result is not just greater efficiency, but also clearer insights into the company’s health and resilience. For investors, it signals discipline and foresight. For founders, it creates a reliable framework to plan for shifts in markets, customer behavior, or funding needs, while instilling investor confidence in their ability to execute.

Building a financial model may sound complex, but breaking it into steps makes the process manageable and valuable:

AI-powered tools can streamline these steps, automating updates and testing assumptions more efficiently. This combination of structure, accuracy, and flexibility allows startups to build investor-ready models.

When building a model, a few best practices provide powerful advantages and benefits in meeting investor expectations:

Financial modeling is essential for startup founders, but building a reliable model requires avoiding common pitfalls. Investors look for discipline, realism, and adaptability in forecasts, and models that miss these marks can undermine credibility.

One of the most frequent mistakes, for instance, is creating overly optimistic revenue projections. While confidence is important, projections should be grounded in data and reasonable assumptions about market adoption.

Another misstep is ignoring seasonality or industry trends that can affect sales cycles. For example, SaaS companies may see slower growth in summer months, while e-commerce businesses often experience spikes during holidays.

A third mistake is failing to update the model regularly. Startups operate in fast-changing environments, and stale data quickly makes forecasts irrelevant.

Finally, using unrealistic expense assumptions—such as underestimating hiring costs, marketing spending, or infrastructure needs—can lead to dangerous cash shortfalls.

With accurate, timely, and flexible models, startups can better plan for challenges, gain investor trust, and make smarter decisions about growth and funding. The right approach ensures financial models serve as a reliable roadmap rather than just a fundraising tool.

To learn more about financial modeling or optimizing your startup’s technology stack, contact us.

For technology companies, innovation is the engine of growth, and that innovation often comes with significant software development costs. How these costs are accounted for can have a major impact on your company’s financial statements, profitability, and investor perceptions.

When software is developed in-house, it can be tricky to determine whether the cost of the development is a capital expenditure or an expense. It can be even trickier to support your position when undergoing your audit.

Many startup companies deprioritize labor documentation early in their lifecycle. This can create significant challenges as they undergo their first audit. When auditors review software development costs, they’re looking for more than just numbers on a spreadsheet.

Your auditor is focused on compliance with accounting standards, consistency with industry practices, and the presence of robust supporting documentation. Auditors will scrutinize your company’s capitalization policies, compare them to industry norms, and assess whether the costs being capitalized meet the criteria of GAAP standards.

For a deeper dive into the specific accounting rules for software development, see our article, Accounting for Software Development Costs in the Technology Industry.

The foundation of any successful audit is thorough documentation. You will need to show your auditor a reconcilable trail, related to software development costs, that includes:

There are several methods to ensure you have this information ready for your auditor:

In all of the above methods, this information can be integrated with payroll data to allocate payroll costs to your organization’s projects. The finance and engineering teams then need to collaborate on which projects can be capitalized, and which should be expensed in accordance with GAAP.

Finding alignment and understanding between the finance and engineering teams can be a common challenge with these methods.

Auditors prefer systems that allow them to match general ledger data, payroll, and project output. Time tracking that captures all work, not just capitalizable tasks, allows for better cross-comparisons and audit readiness. A robust understanding of each project is essential in determining whether related costs should be capitalized or expensed.

ClickTime is a time tracking system that reduces audit prep burden. With ClickTime, technical teams don’t need to remember what they worked on or worry about whether their projects are capitalizable. Their existing tools, like calendars and Jira boards, translate directly into hours worked to intelligently capture where time was spent, so they never need to spend Friday afternoon guessing how they spent their week.

Finance then applies its own logic layer, ensuring each new hour logged is routed to the right cost center. Time entries flow straight into payroll, while reports stay aligned with the GL and audit requirements.

First and foremost, get your finance and engineering teams aligned before audit season to ensure you have the data and understanding needed to support your determinations. Use a tool that tracks time, ties into payroll, and produces a complete dataset.

Developing good processes with clean documentation early in your company’s life cycle adds operational maturity, not just for cost capitalization, but for all of your financial reporting.

Need help? Our team of experts is available to support you and ensure you have the right processes in place. Get in touch with our technology audit team today.

As organizations prepare to undergo an ISO/IEC 42001 audit, identifying the employees, contractors, and business partners who should be included in the organization’s AI-related headcount is vital in determining the audit’s scope, complexity, and cost.

ISO/IEC 42001:2023, Artificial Intelligence Management Systems (AIMS), offers guidance and controls to help organizations deploy AI efficiently and mitigate related security risks.

Determining whether an organization’s AIMS meets the requirements spelled out in the standard requires an external audit. During this review, auditors will examine processes, policies, and practices to verify conformity with the standard’s requirements, such as maintaining ethical AI governance, risk management, transparency, accountability, privacy, fairness, and safety.

The number of people directly involved in processes governed by the AIMS, such as AI development, deployment, risk management, and monitoring, plays a key role in defining how an audit is conducted.

Certification bodies use AI-related headcount as the basis for estimating the time required to perform an audit because a higher headcount generally means more complex workflows and dependencies, as well as a need to review more processes and documentation.

For example, a team of one to 10 people working as AI producers (defined in the standard as being “responsible for the full lifecycle of designing, developing, testing, and deploying products or services that utilize one or more AI systems”) would require an estimated 5.0 auditor days.

For the same-sized team of AI developers, providers, or users, that estimate drops to 3.5 days. If people on the team have multiple roles, the estimate increases to 6.5 auditor days. Organizations can also use the higher-value role in preparing estimates.

These estimates are codified in the ISO/IEC 42006 standard, which provides guidelines to determine the number of expected audit days based on factors like headcount, organizational complexity, and AI roles. The standard ensures auditors apply consistent criteria when defining the scope of the AIMS audit, such as verifying that the in-scope headcount reflects the organization’s roles affecting AI governance accurately.

Determining the in-scope headcount for an ISO/IEC 42001 audit involves reviewing job descriptions and identifying the team members whose roles directly or indirectly influence the organization’s AIMS. This is important to make sure the audit reflects the scale and complexity of AI-related activities.

For a more detailed breakdown of key AI roles and their importance in ISO 42001 compliance, refer to our article:

Understanding AI Roles to Promote ISO 42001 Compliance.

As a first step, organizations should map roles involved in the AI lifecycle, including development, deployment, monitoring, and maintenance (such as data scientists and product managers). They should include personnel responsible for risk management, ethical oversight, and compliance with AI governance frameworks.

From there, organizations should add teams providing indirect support such the IT function responsible for maintaining the AIMS infrastructure and access controls, and their cybersecurity team.

It’s also important to include contractors, third-party vendors, and part-time workers in the headcount total. Their hours should be totaled to establish how many fulltime equivalent hours they represent, with the FTE figure being included as part of the overall headcount.

For headcount purposes, someone’s duties and responsibilities are more important than their employment status. Similarly, if team members divide their time between AI and non-AI related tasks, their AI-related hours should be added to provide a fulltime equivalent for audit purposes.

Every team member’s role should be documented clearly, along with a narrative description explaining what the role entails and its reason for being included in the in-scope audit headcount.

The following challenges and common oversights can increase audit time and cost while hindering the potential effectiveness of an ISO/IEC 42001 audit:

With careful planning and by avoiding common mistakes, organizations can ensure their defined in-scope headcount aligns with ISO/IEC 42001 requirements, supports effective audits, and strengthens overall AI governance. To learn more about ISO/IEC 42001 and certification or recertification audit planning, contact us.

The U.S. government’s 2025 AI Action Plan outlines a strategy to accelerate artificial intelligence adoption by reducing regulatory friction, expanding national infrastructure, and promoting U.S.-developed AI technologies globally.

While the plan is aimed at boosting innovation and competitiveness, wider adoption of AI tools and services introduces new risk exposures for companies implementing or developing AI capabilities.

As organizations integrate AI more deeply into their products and operations, the need for reliable security and governance frameworks becomes critical. The ISO/IEC 42001:2023 standard and the NIST AI Risk Management Framework (AI RMF) can help security leaders align their efforts with evolving expectations and demonstrate accountability in a complex policy and regulatory environment.

The U.S. government’s AI strategy is centered on reducing barriers to adoption and positioning the United States as a global leader in AI infrastructure and innovation. The plan is structured around three key pillars:

Federal and state agencies are encouraged to remove perceived regulatory bottlenecks, redirect funding to jurisdictions with business-friendly policies, and support open-source models and datasets. To create downstream demand, the federal government is positioning itself as an early adopter of AI tools.

To address long-term capacity needs for AI workloads, the plan wants to promote measures such as expediting permitting for data center construction, using federal land, strengthening electrical infrastructure, and expanding domestic semiconductor production.

The U.S. will promote exports of the full AI technology stack—hardware, software, and models—to trusted partners, while updating export controls to reduce the risk of sensitive technologies reaching adversaries. Notably, proposed revisions to the NIST AI RMF suggest a move toward “ideological neutrality” in federal procurement.

Taken together, these initiatives aim to lower regulatory friction, increase deployment speed, and create incentives for public and private adoption.

Faster adoption and expanded infrastructure introduce new risks that must be addressed proactively. Among the most pressing for security teams:

Security executives seeking to address these risks can look to ISO/IEC 42001 and the NIST AI RMF as practical tools to guide and structure AI risk management and oversight.

ISO/IEC 42001 provides a formal, certifiable framework for managing AI systems across their lifecycle. It emphasizes governance, transparency, risk-based controls, and human oversight—principles that align closely with U.S. policy goals, including those outlined in Executive Order 14110 and OMB’s draft guidance on AI use in federal agencies.

NIST’s framework is non-certifiable but widely referenced. It is organized around four core functions—Map, Measure, Manage, and Govern—and is designed to help organizations identify and mitigate risks to individuals, systems, and organizations posed by AI.

While ISO 42001 establishes organizational controls suitable for audit and certification, the NIST RMF provides an adaptable model for day-to-day risk management. Used together, they offer complementary approaches:

Organizations can use the NIST AI RMF to inform the design of their AI programs and build toward ISO/IEC 42001 certification.

Here’s a summary of how the frameworks align with the U.S. AI Action Plan:

Although ISO/IEC 42001 is a voluntary standard, certification may serve as a differentiator in several ways:

While certification is not mandatory, it offers a structured path toward transparency and assurance, especially in high-stakes, high-regulation environments.

The 2025 AI Action Plan signals a policy environment focused on speed, infrastructure investment, and global competitiveness. But it also places greater responsibility on companies to self-regulate and secure their AI deployments.

Security executives have an opportunity—and a growing obligation—to lead on AI risk governance. By adopting frameworks like ISO/IEC 42001 and the NIST AI RMF, organizations can not only strengthen their internal controls but also position themselves for long-term success in an increasingly complex ecosystem.

Together, the frameworks provide a solid foundation for accountability, resilience, and trust in an AI-driven future. To learn more about the frameworks and AI governance, contact us.

Security and compliance qualifications, like SOC 2 and ISO/IEC 27001, demonstrate you apply good practices in your business.

They’re often classified as “security” and thought of as the technical security of your systems. However, they’re broader, focusing on organizational practices that support your security AND other objectives. That includes availability (system resilience), confidentiality of data, privacy for your users, integrity of the system processing objectives, scalable process design, and operational readiness to support large business customers. 

There are five reasons we see our clients pursue these certifications, in order of the prevalence we see them.

Each standard has different requirements, nuances in how they are applied, and perceptions in the market. This impacts which may be best for your business and how they help you achieve the goals above. When deciding between SOC 2 and ISO/IEC 27001, your primary goal often dictates the best choice. Let’s break down the key considerations:

If your goal is enterprise sales or ticking the box on a mandate, it’s important to consider your customers’ preferred standard(s). In general, more regulated industries (such as finance or healthcare) prefer the SOC standards. Less regulated customers generally prefer the ISO family of standards. SOC 2 is more prevalent in the U.S., while ISO/IEC 27001 is more common in Europe.  

For reducing due diligence, the best standard is often linked to the last point. However, it’s also important to consider that ISO/IEC 27001 provides a certificate only. SOC 2 reporting has a system description including the controls specific to your organization, your system scope, third-party responsibilities, e.g., AWS shared responsibility model, and your end users’ responsibilities when using your system.

This reporting approach in SOC 2 helps answer more “questions” for the due diligence process. It helps your customers’ vendor risk teams understand what’s relevant, the associated risks of using your services, and how those risks are addressed in your specific practices.

When improving operational practices, it’s up to your organization to pick the approach that “fits” best. The SOC 2 criteria-based approach is more flexible and focused on how the criteria are practically met in your specific context. Tech companies often see this as a better way to align operating practices with their company’s culture, size, scale, and unique nature.

ISO/IEC 27001 is a more prescriptive approach aligned to a higher standard of practice, focusing on policies and procedures. While some businesses feel this is more rigid and restrictive on their business, it can be advantageous and, in some ways, easier to follow a cross-industry, “best-practice” methodology. 

Meeting the needs of other stakeholders will depend on the specifics of what they are looking for assurance over. Regulators that require an “independent audit” of your technology generally steer towards SOC 2. Partners often prefer the standard they have adopted themselves or their customers care more about. Employees’ and management’s preferences are based on what they feel “fits” best.

Whichever standard you choose initially, it’s very common for tech companies to do both. The good news is there’s a lot of overlap. Customers generally accept if you have one of these, even if it’s not their preferred one. If they do require their preferred standard, they typically accept what you have in the immediate term and agree on a period to achieve the other.

To learn more about choosing the best standard or frameworks for your compliance and reporting needs, contact us.

Accurate revenue tracking is paramount in understanding the performance and growth prospects of companies, such as SaaS providers, that rely on subscriptions. Investors, management, and finance teams evaluate metrics such as annual recurring revenue (ARR) and GAAP revenue recognition, which, while both related to revenue, serve different purposes and are often confused.

Annual recurring revenue is a key financial metric for many subscription-based businesses, serving as a benchmark for tracking growth and providing a high-level view of predictable revenue.

ARR measures the revenue that a business expects to receive from recurring customers in the next 12 months. It is defined as the value of all recurring contracts (subject to renewal on at least an annual basis) normalized to an annual basis.

If average customer terms are less than a year, monthly recurring revenue (MRR) may be a more useful metric.

U.S. generally accepted accounting principles (GAAP) define revenue recognition from contracts with customers under Accounting Standards Codification Topic 606 (“ASC 606”).

ASC 606 requires companies to recognize revenue based on a five-step model designed to align revenue recognition with the customer receiving the good or service. This requires a company to evaluate the amounts that are expected to be collected and the nature of the transfer of goods or services to determine the proper amount and timing of revenue recognition.

Step five of the ASC 606 model requires companies to determine whether revenue should be recognized ‘over time’ or at a ‘point in time’. For subscription-based businesses, this consideration often means revenue is recognized over the subscription term, however there are factors that could lead to point-in-time recognition.

There are several key differences between ARR and GAAP revenue recognition. While both metrics are related to revenue, they are not equivalent. Stakeholders need to understand these differences and when the use of each metric is most valuable.

ARR is a forward-looking metric, while GAAP revenue recognition measures historical information. ARR includes only revenues that are recurring in nature, while GAAP revenue recognition will also include any non-recurring items such as implementation fees.

ARR typically includes any closed bookings for which executed documents may not be completed or services may not have commenced. Under GAAP, this type of contract would not be recognized as revenue until services commence.

GAAP revenue recognition appears on the company’s GAAP financial statements. ARR typically accompanies management reporting and is often included in the Management Discussion and Analysis (“MD&A”) portion of financial reporting. Finance and accounting teams are more likely to use GAAP revenue to analyze the company’s performance while investors and company leadership teams use ARR.

Investors often review ARR as a metric to imply the value of a company by applying industry-based ARR multiples, among other valuation techniques. Because ARR is a non-GAAP metric, it is not subject to audit.  A CPA firm cannot opine on ARR or related metrics, as there are no published rules regarding the classification of recurring versus nonrecurring revenue.

For companies in which ARR is a relevant metric, it is imperative that management and the stakeholders understand the differences between ARR and revenue recognition under GAAP. Also, they must understand that ARR is not defined under specific rules and regulations.

Based on our experience, the following are best practices as they relate to tracking and measuring ARR and GAAP revenue recognition:

We hope this article has helped clarify the difference between annual recurring revenue and GAAP revenue recognition and has provided useful information on best practices for each. If you’re a technology company looking for an audit partner, please don’t hesitate to reach out. Our team has experience with a wide range of clients in the technology industry, and we would be happy to chat with you.py to chat with you.

Running a startup is exciting, and your focus should be on the future of your company and the technology you’re developing. However, investors and your board of directors expect their investment to be managed prudently and professionally. You’re expected to do as much as possible with as little as possible, particularly in back-office functions such as accounting and HR.

This article outlines key financial and operational controls that can help streamline your startup’s back-office functions.

Even with a lean team, never compromise on separating duties. This is essential for investor confidence. Ensure the individual authorizing spending is not also processing payments or reconciling accounts. As you scale, consider role-based access controls within your financial systems to enforce this digitally. This protects against fraud and demonstrates a commitment to professional operations.

Other areas where segregating duties makes sense include:

Maintaining a clean cap table is crucial for attracting investors and managing equity accurately. Software like Carta or Pulley can help track ownership, manage stock options, and ensure compliance. Errors in cap table management can create significant legal and financial problems. Equity management tools also can help track stock options and calculate accounting charges required for audited financial statements.

Creating a clear and efficient record system for proper documentation is essential in two important ways:

Investors expect sophisticated financial reporting beyond basic profit and loss statements. Implement systems providing granular insights into key metrics such as:

Proactive tax compliance for startup stability and growth tax compliance is a significant factor in due diligence, even for startups with minimal tax liabilities. Key considerations include:

By implementing these controls, your startup can build a solid financial foundation while maintaining investor confidence. Effective financial and operational controls ensure stability, transparency, and efficiency as your company scales. Contact us if you have any questions.

As a technology startup prepares for its first audit, there are a few common accounting issues that can increase the time and cost required to complete the audit.

These issues often result from the accounting/finance team balancing competing priorities, not having certain technical accounting knowledge, or not having proper systems in place to account for transactions properly.

The most common accounting challenges we see for technology companies include:

Technology companies are often unsure how to account for various non-cash, equity related transactions. This includes accounting for equity instruments such as restricted stock, warrants, and stock options. Because non-cash equity activity won’t appear on bank statements, these transactions are often overlooked from a financial reporting perspective and are not recorded (or are recorded improperly).

Similarly, legal or other costs incurred in the issuance of preferred stock are often recorded improperly as legal expenses, rather than being properly capitalized on the balance sheet as stock issuance costs.

A common challenge for tech startups is failing to recognize revenue in line with the often-complex provisions within the GAAP requirements under ASC 606. Startups may struggle to understand, for instance, precisely what’s being sold within a customer contract, the complexities of subscription revenue accounting, or the accounting implications of non-cash items.

Startups often lack a robust revenue recognition policy or may have inconsistencies in recording similar kinds of transactions. In many situations, the accounting for revenue must be adjusted to complete the audit successfully.

For startups that operate through multiple entities/subsidiaries, intercompany accounts are often not reconciled, so the auditors may request that a company unwind historic transactions to determine if intercompany balances are appropriate and in line with any intercompany cost-plus agreements. If a startup has international entities, such as an offshore development subsidiary, the company needs to be sure any foreign currency translations or remeasurements are assessed and calculated properly.

Technology startups face the specific, complex issue of accounting for software development costs in accordance with GAAP. Many companies mistakenly expense the costs associated with software development as they are incurred, but there are complicated rules dictating whether these costs should be capitalized or expensed.

Many companies also lack the necessary documentation regarding the nature of their software development costs, making the accounting determinations increasingly difficult.

If reconciliations aren’t done on a consistent and timely basis, there’s a risk that expense or revenue cutoff dates are missed. As a result, transactions can be recorded in the wrong period, which causes an inaccurate accounting of the organization’s performance in each period. Common causes for this issue include a lack of proper accounting policies or inconsistent practices among different team members.

While most of these startup challenges can be resolved, a consultation with your external auditor early in the audit process to identify and resolve potential roadblocks is extremely beneficial. Consulting with your auditors as you’re setting up systems, developing accounting policies, and creating your financial infrastructure can save time and money while helping you achieve your business goals sooner.

If any of these scenarios sound familiar, don’t hesitate to reach out.

Undergoing your technology startup’s first audit can be daunting. Here are a few tips to help ease the stress.

You’ll need the cooperation of several key team members to navigate your first audit successfully. Your auditor will need to understand your accounting policies and your general business practices. Ensure key team members with knowledge of accounting, HR, sales, and operations are ready to participate in the audit process.

It is common for startup companies to operate without a robust accounting team in their early stages. For that reason, before the first audit it is common for financial statements to be on a cash basis or have other deviations from U.S. Generally Accepted Accounting Principles (“US GAAP”).

Before beginning your first audit, ensure the company’s accounting records are brought in order. This includes reconciliations for all balance sheet accounts, documented accounting policies for key areas, and ensuring your supporting documentation is available and organized.

As mentioned in #2, there are several common accounting issues in startup company financial statements. Ensure you engage someone with the necessary understanding of U.S. GAAP accounting rules to facilitate the audit. Some of the most common areas of accounting complexity include:

See this article for more detail around these complex areas:

5 of the Most Common Audit Challenges We See with Tech Startups

Understanding the business need for the audit is crucial to building the timeline. Knowing who is counting on the audit report (such as lenders or investors) can determine whether there are any hard deadlines to meet.  Once you establish a deadline, work with your auditor to lay out a detailed timeline.

The audit process is iterative and requires management’s cooperation throughout, so it is important to establish key milestones with your auditor to ensure both parties stay on track. Request regular check-ins with your auditor to ensure any issues are resolved timely.

Initial audits take time to complete, so be sure to communicate proactively and continuously with key stakeholders to manage expectations.

At the end of each audit, your auditor will provide you with their report as well as more detailed results for management’s consideration. It is common for startup companies to receive recommendations from their auditor on areas needing improvement. Common deficiencies the first time through an audit include a lack of supporting records, improper segregation of duties, or insufficient internal controls.

Talk through the findings with your auditor, discuss remediation priorities with the Board of Directors or Audit Committee, and make a plan to begin implementing their suggestions. At the end of the audit, you should also provide feedback on the process to you auditor because developing a good working relationship with your auditor requires providing feedback in both directions for shared success.

Use this checklist to assess your readiness. Audit Readiness Checklist – Technology Company (First Year Under Audit)

When choosing an auditor, look for a firm experienced in the auditing of startup companies who will be prepared to partner with your company throughout the process. At Sensiba, our technology accounting team has helped hundreds of startups navigate their first audits successfully. Contact us to discuss your company’s needs.

Technology startups often overlook the Research and Development (R&D) Tax Credit. In doing so, they bypass the powerful benefits the credit can provide during a company’s earliest stages (and beyond).

Legislative provisions allow companies to apply some or all of their research tax credit against payroll taxes—instead of income taxes. This can free up valuable cash as the company works to establish its marketplace and financial foundations.

The federal Research and Experimentation (R&E) tax credit, often called the R&D Tax Credit, is designed to incentivize U.S. private-sector innovation by providing cash savings that, in turn, enable investment or reinvestment and growth.

Companies can receive credits for up to approximately 10% of project-qualifying expenditures that satisfy a four-part test embedded in the legislation:

Wages, typically the major driver of R&D credits, include the eligible portion of all taxable compensation. Qualified wages include the portion of an employee’s compensation corresponding to the percentage of working time engaged in one of several designations.

Direct conduct wages (engineers, scientists, and programmers performing the basic work required to complete an R&D project) typically represent the largest eligible wage expense category, though the credit also includes direct support (production personnel, testers, drafters) and first-line supervisors.

Note that under Section 174 of the Tax Code, domestic research or experimental expenditures must be capitalized and amortized over five years (expenses attributable to foreign research must be amortized over 15 years).

During the startup phase, most technology companies make significant investments long before their products and services begin to generate revenue, let alone profit. For these companies, the payroll tax election offers an opportunity to get immediate use from the organization’s research credits. Because every dollar of credit-eligible expenditure can result in as much as a 10-cent tax credit, that’s a big help in a company’s earliest stages.

To qualify for the election, a company must have gross receipts for the election year of less than $5 million and no more than five years (or tax periods in the case of short years) past the period for which it had no receipts (the start-up period).

Since tax year 2023, the amount of research credit a company can elect to use the payroll tax offset doubled to $500,000. The company can allocate the payroll tax offset (which can be applied to the employer side of Social Security and Medicare, not just the Social Security portion of FICA taxes) in any value up to the amount of total credits generated or the statutory maximum.

Reporting and documentation changes starting with the 2024 tax year are increasing the complexity of filing for the R&D credit by mandating more detailed disclosures of business component details and expenses.

A new Business Component Information section on the proposed new Federal Form 6765 requires taxpayers to identify specific projects included in the credit and to break out qualified research expenses by project. Direct wages are further allocated to the conduct, supervision, and support of qualified research.

Time tracking and project-level accounting, often set aside during the long days and nights that define startups with leaders performing multiple roles, can provide valuable information for claiming the R&D credit on a company’s return. Companies should take time to ensure expenses are coded to the relevant project.

Absent time-tracking tools and processes, startups should conduct quarterly surveys to capture lists of ongoing projects and the time allocated to them.

The R&D tax credit is an active area, with legislative changes under discussion at the federal and state levels. For more details, explore the webinar video and the accompanying slides on this page. To understand the latest developments and how they may affect your technology company, contact us.

Building a successful tech startup requires more than an innovative product or service—you also need to implement back-office tools, processes, and teams to ensure you’re operating the business efficiently, managing your financial resources, and reporting your results effectively.

Financial shortfalls are among the most common causes of startup failures, and failing to create a back-office infrastructure can lead to your company burning through precious cash too quickly, or not being able to obtain additional investments.

To prevent these challenges from crippling your company, you need to monitor income and expenses, and keep your board and investors informed, by building a strong back office and choosing the right software and professionals for your needs.

Running a tech startup is all about innovation. Without a strong back office, cash burn, lack of controls, and unclear financials can derail your progress quickly. We’re here to meet you where you’re at—providing flexible, cost-effective solutions that can give you the clarity and control needed to keep your business on track.

Understanding your burn rate and financials provides essential insights to help you plan your investments, finance your operations, and make any necessary adjustments to preserve assets and ensure you’re able to not only remain in business, but to grow it, too.

A well-organized back office isn’t just about managing operations; it’s the backbone that provides your board and investors with the insights they need to make informed decisions. With clear, accurate financials and streamlined reporting, a solid back office ensures the key stakeholders fully understand your business’s performance, risks, and potential.

An effective tech company back office combines tools, people, and processes. Let’s begin with software. Most companies start by trying to manage their finances with spreadsheets. They quickly realize their lives can be easier by switching to dedicated accounting software with robust budgeting and reporting features.

Your software should help you track the funds flowing into and out of the company, post transactions to the appropriate accounts, support your company’s budgeting, and enable financial reporting to interested stakeholders.

No two businesses are alike, and neither should their tech stack be. Building the right tech stack isn’t just about choosing the latest tools—it’s about selecting software that aligns with your unique business needs. A strong partner can help you navigate this complex landscape and develop a stack that not only fits your present needs but is also flexible enough to adapt to future innovations and challenges.

Along with software, it’s also valuable to invest in outsourced accounting and financial management professionals who can provide experienced support and guidance without your company investing in full-time staffers you may not need yet.

Tech startups can benefit from fractional CFO services in which an experienced financial professional provides management and advisory support on a part-time, retainer, or contract basis. Depending on the company’s development stage and needs, this can include advice on:

A fractional CFO can help the rest of the management team understand the company’s performance in detail, communicate effectively with the board and outside stakeholders, and provide guidance as the company pursues additional financing rounds or, potentially, a strategic transaction.

The CFO will be able to provide valuable perspectives they’ve learned from previous work supporting tech startups as well as their technical expertise.

Tech companies can also take advantage of outsourced accounting services to handle their day-to-day needs. The outsourced accounting team will help the organization enhance cash flow by managing accounts payables and receivables, and tracking customer payments. The team will also handle financial management tasks such as:

An outsourced financial team can also support the company’s management by acting as a one-stop shop for any company needs. If we don’t do it, we’ll have a referral for it. This may include, for instance, tax advisors, a payroll service, HR support, legal help, and other functions.

Together with effective financial management and accounting tools, a tech startup’s team can provide the basis for a strong back office that allows the company’s innovation and operational leadership to focus on their core products and services. At the heart of what we do is bridging the gap and eliminating the guesswork, empowering you to focus on what truly matters—fulfilling your purpose and driving the success of your business.

To learn more about how an effective back office can support your technology startup, contact us.

Defining the scope of an ISO/IEC 42001 compliance audit is an important early step in aligning the audit with the standard’s requirements, organizational risk, and stakeholder expectations.

In creating the audit scope, organizations need to define their Artificial Intelligence Management System (AIMS) and the associated roles, develop a governance structure, and identify important AI-related risks and controls.

Throughout the scope determination process, organizations should keep risk management and responsible AI use in mind. This should include assessing the organization’s processes for identifying and managing AI-related risks, as well as evaluating different types of exposures (such as risks inherent to AI development and use, control risk, and detection risk).

An important starting point in determining your scope is identifying the AI roles your organization performs. These will typically include being an AI provider, producer, or user (or a combination of these roles). Different AI roles have varying requirements and controls within the ISO/IEC 42001 standard. In addition, understanding these roles will provide valuable organizational context that will influence how the organization approaches AI risk assessment and management.

Once roles have been clarified, the next step is determining which AI systems will be included in the audit scope. Depending on the organization and the roles it performs, this may include specific AI products or services, third-party AI tools the organization uses, or systems or tools in development or testing phases.

After outlining the AI systems that will be reviewed during the audit, it’s time to consider the organizational boundaries of your AIMS. These can include:

You’ll next consider the inside and outside factors that can influence your AIMS. This list may include organizational objectives and strategies, regulatory requirements, or technology and industry trends affecting your AI use or plans.

Next up, consider anyone who could be interested in the responsible governance of your AI tools and systems. This may include, for instance, your internal users or customers, regulators, business partners, or suppliers.

The next phase of the audit scope definition process is ensuring your proposed audit scope aligns with your organization’s AI policies and objectives. Key steps in this phase include:

After reviewing the items discussed above, it’s time to draft a clear and concise scope statement that:

The ISO/IEC 42001 standard’s organizational structure can provide important insights in developing an effective audit scope. The standard includes 10 clauses outlining key requirements, such as:

The standard, and the specific controls outlined in the standard’s Annex A, will influence the type of evidence auditors seek to assess how well the organization’s AIMS aligns with the standard’s core requirements.

For example, the standard outlines methodologies for effective audit planning such as gap analyses to identify discrepancies between current practices and the standard’s requirements, as well as evidence collection through interviews, system testing, and document reviews.

The following examples illustrate the types of information outlined in ISO/IEC 42001 audit scope statements:

The scope of certification encompasses the Artificial Intelligence Management System (AIMS) governing ABC Corp’s role as an AI Service/Product Provider, delivering solutions through the Debra AI Agent solution. This includes the deployment, monitoring, and continuous enhancement of AI models to deliver advanced analytics and decision-support capabilities for clients across diverse industries

The scope of certification encompasses the Artificial Intelligence Management System (AIMS) governing the organization’s role as an AI provider, delivering cutting-edge solutions through the ABC Corp Platform (SaaS). This includes the deployment, monitoring, and continuous improvement of AI models to provide advanced analytics and decision-support capabilities for clients across various sectors. The organization is headquartered in Pleasanton, California, United States, with remote employees located globally. This certification aligns with ISO 42001 standards and is based on the SoA version 2.0 dated October 19, 2024.

By taking time to review the standard and plan an appropriate audit scope, organizations can ensure a comprehensive evaluation of their AIMS that in turn promotes more effective and responsible AI system, development, management, and usage.

To learn more about ISO/IEC 42001 and strategies for responsible AI governance and use, contact us.