Accurate revenue tracking is paramount in understanding the performance and growth prospects of companies, such as SaaS providers, that rely on subscriptions. Investors, management, and finance teams evaluate metrics such as annual recurring revenue (ARR) and GAAP revenue recognition, which, while both related to revenue, serve different purposes and are often confused.

Annual recurring revenue is a key financial metric for many subscription-based businesses, serving as a benchmark for tracking growth and providing a high-level view of predictable revenue.

ARR measures the revenue that a business expects to receive from recurring customers in the next 12 months. It is defined as the value of all recurring contracts (subject to renewal on at least an annual basis) normalized to an annual basis.

If average customer terms are less than a year, monthly recurring revenue (MRR) may be a more useful metric.

U.S. generally accepted accounting principles (GAAP) define revenue recognition from contracts with customers under Accounting Standards Codification Topic 606 (“ASC 606”).

ASC 606 requires companies to recognize revenue based on a five-step model designed to align revenue recognition with the customer receiving the good or service. This requires a company to evaluate the amounts that are expected to be collected and the nature of the transfer of goods or services to determine the proper amount and timing of revenue recognition.

Step five of the ASC 606 model requires companies to determine whether revenue should be recognized ‘over time’ or at a ‘point in time’. For subscription-based businesses, this consideration often means revenue is recognized over the subscription term, however there are factors that could lead to point-in-time recognition.

There are several key differences between ARR and GAAP revenue recognition. While both metrics are related to revenue, they are not equivalent. Stakeholders need to understand these differences and when the use of each metric is most valuable.

ARR is a forward-looking metric, while GAAP revenue recognition measures historical information. ARR includes only revenues that are recurring in nature, while GAAP revenue recognition will also include any non-recurring items such as implementation fees.

ARR typically includes any closed bookings for which executed documents may not be completed or services may not have commenced. Under GAAP, this type of contract would not be recognized as revenue until services commence.

GAAP revenue recognition appears on the company’s GAAP financial statements. ARR typically accompanies management reporting and is often included in the Management Discussion and Analysis (“MD&A”) portion of financial reporting. Finance and accounting teams are more likely to use GAAP revenue to analyze the company’s performance while investors and company leadership teams use ARR.

Investors often review ARR as a metric to imply the value of a company by applying industry-based ARR multiples, among other valuation techniques. Because ARR is a non-GAAP metric, it is not subject to audit.  A CPA firm cannot opine on ARR or related metrics, as there are no published rules regarding the classification of recurring versus nonrecurring revenue.

For companies in which ARR is a relevant metric, it is imperative that management and the stakeholders understand the differences between ARR and revenue recognition under GAAP. Also, they must understand that ARR is not defined under specific rules and regulations.

Based on our experience, the following are best practices as they relate to tracking and measuring ARR and GAAP revenue recognition:

We hope this article has helped clarify the difference between annual recurring revenue and GAAP revenue recognition and has provided useful information on best practices for each. If you’re a technology company looking for an audit partner, please don’t hesitate to reach out. Our team has experience with a wide range of clients in the technology industry, and we would be happy to chat with you.py to chat with you.

The SECURE 2.0 Act of 2022 (“Act”) was designed to strengthen the retirement system and improve Americans’ financial readiness by expanding access to plans, encouraging savings, enhancing flexibility in planning, and simplifying plan administration.

The Act introduced several key implications for employers offering retirement plans, with many taking effect this year. Some of the Act’s most notable provisions include the following.

Effective January 1, 2025, new defined contribution plans such as 401(k) or 403(b) plans that were signed and enacted after December 29, 2022, must automatically enroll participants upon becoming eligible unless the participants opt out of coverage.

Plans established before December 29, 2022, are “grandfathered” and not subject to this mandatory automatic enrollment feature.

The initial automatic enrollment amount for new plans is at least 3%, but not more than 10%. Each year thereafter, that amount increases by 1% until it reaches at least 10%, but not more than 15%.  If a participant makes an affirmative election, that remains in effect. Additionally, participants can affirmatively elect to make contributions in a different amount.

Automatic enrollment is expected to significantly increase employee participation in retirement plans. Participation rates in plans with automatic enrollment typically exceed 90%, for instance, compared to around 44% for traditional opt-in plans.

This broader participation can help plans pass non-discrimination tests more easily, benefiting highly compensated employees as well.

Effective January 1, 2025, plans have the option to increase the amount of catch-up contributions employees aged 60-63 are able to make. If a plan adopts the provision, employees in that age group can make higher catch-up contributions of up to $11,250 to eligible retirement plans. The increased amounts are indexed for inflation after 2025.

Starting January 1, 2026, employees earning over $145,000 in the prior year must make catch-up contributions to Roth accounts in after-tax dollars. Other eligible participants in the plan who are not subject to this new rule will be able to make catch-up contributions on either a pre-tax or Roth basis.

The Act provides increased tax credits for small businesses starting new retirement plans:

The SECURE Act requires employers to allow long-term, part-time workers to participate in the employers’ 401(k) plans. The SECURE Act provision provides that, except in the case of collectively bargained plans, employers maintaining a 401(k) plan must have a dual eligibility requirement under which an employee must complete either one year of service (with the 1,000-hour rule) or three consecutive years of service (where the employee completes at least 500 hours of service).

Section 125 of SECURE 2.0 reduces the three-year rule to two years, effective for plan years beginning after December 31, 2024. Section 125 also provides that pre-2021 service is disregarded for vesting purposes, just as such service is disregarded for eligibility purposes under current law.

Section 110 permits an employer to make matching contributions under a 401(k) plan, 403(b) plan, or SIMPLE IRA with respect to “qualified student loan payments.” A qualified student loan payment is broadly defined as any indebtedness incurred by the employee solely to pay qualified higher education expenses of the employee.

Governmental employers are also permitted to make matching contributions in a section 457(b) plan or another plan with respect to such repayments. For purposes of the nondiscrimination test applicable to elective contributions, Section 110 permits a plan to test separately the employees who receive matching contributions on student loan repayments.

The SECURE 2.0 Act introduces several new types of distributions to offer participants flexibility and support for various situations. Some of the new distributions include:

The Act includes provisions to simplify plan administration by:

Under current law, generally, a Form 5500 for a defined contribution plan must contain an opinion from an independent qualified public accountant as to whether the plan’s financial statements and schedules are fairly presented. However, no such opinion is required for a plan covering fewer than 100 participants with plan balances.

Section 345 clarifies that plans filing under a group of plans (or defined contribution group) need only to submit an audit opinion if they have 100 or more participants with balances. In other words, DOL and Department of Treasury would continue to receive full audit information on at least the number of plans as under current law.

These changes aim to make it easier for employers to offer retirement plans and encourage greater employee participation and savings.

To learn more about SECURE 2.0 or retirement plan disclosures, contact us.

As a technology startup prepares for its first audit, there are a few common accounting issues that can increase the time and cost required to complete the audit.

These issues often result from the accounting/finance team balancing competing priorities, not having certain technical accounting knowledge, or not having proper systems in place to account for transactions properly.

The most common accounting challenges we see for technology companies include:

Technology companies are often unsure how to account for various non-cash, equity related transactions. This includes accounting for equity instruments such as restricted stock, warrants, and stock options. Because non-cash equity activity won’t appear on bank statements, these transactions are often overlooked from a financial reporting perspective and are not recorded (or are recorded improperly).

Similarly, legal or other costs incurred in the issuance of preferred stock are often recorded improperly as legal expenses, rather than being properly capitalized on the balance sheet as stock issuance costs.

A common challenge for tech startups is failing to recognize revenue in line with the often-complex provisions within the GAAP requirements under ASC 606. Startups may struggle to understand, for instance, precisely what’s being sold within a customer contract, the complexities of subscription revenue accounting, or the accounting implications of non-cash items.

Startups often lack a robust revenue recognition policy or may have inconsistencies in recording similar kinds of transactions. In many situations, the accounting for revenue must be adjusted to complete the audit successfully.

For startups that operate through multiple entities/subsidiaries, intercompany accounts are often not reconciled, so the auditors may request that a company unwind historic transactions to determine if intercompany balances are appropriate and in line with any intercompany cost-plus agreements. If a startup has international entities, such as an offshore development subsidiary, the company needs to be sure any foreign currency translations or remeasurements are assessed and calculated properly.

Technology startups face the specific, complex issue of accounting for software development costs in accordance with GAAP. Many companies mistakenly expense the costs associated with software development as they are incurred, but there are complicated rules dictating whether these costs should be capitalized or expensed.

Many companies also lack the necessary documentation regarding the nature of their software development costs, making the accounting determinations increasingly difficult.

If reconciliations aren’t done on a consistent and timely basis, there’s a risk that expense or revenue cutoff dates are missed. As a result, transactions can be recorded in the wrong period, which causes an inaccurate accounting of the organization’s performance in each period. Common causes for this issue include a lack of proper accounting policies or inconsistent practices among different team members.

While most of these startup challenges can be resolved, a consultation with your external auditor early in the audit process to identify and resolve potential roadblocks is extremely beneficial. Consulting with your auditors as you’re setting up systems, developing accounting policies, and creating your financial infrastructure can save time and money while helping you achieve your business goals sooner.

If any of these scenarios sound familiar, don’t hesitate to reach out.

Undergoing your technology startup’s first audit can be daunting. Here are a few tips to help ease the stress.

You’ll need the cooperation of several key team members to navigate your first audit successfully. Your auditor will need to understand your accounting policies and your general business practices. Ensure key team members with knowledge of accounting, HR, sales, and operations are ready to participate in the audit process.

It is common for startup companies to operate without a robust accounting team in their early stages. For that reason, before the first audit it is common for financial statements to be on a cash basis or have other deviations from U.S. Generally Accepted Accounting Principles (“US GAAP”).

Before beginning your first audit, ensure the company’s accounting records are brought in order. This includes reconciliations for all balance sheet accounts, documented accounting policies for key areas, and ensuring your supporting documentation is available and organized.

As mentioned in #2, there are several common accounting issues in startup company financial statements. Ensure you engage someone with the necessary understanding of U.S. GAAP accounting rules to facilitate the audit. Some of the most common areas of accounting complexity include:

See this article for more detail around these complex areas:

5 of the Most Common Audit Challenges We See with Tech Startups

Understanding the business need for the audit is crucial to building the timeline. Knowing who is counting on the audit report (such as lenders or investors) can determine whether there are any hard deadlines to meet.  Once you establish a deadline, work with your auditor to lay out a detailed timeline.

The audit process is iterative and requires management’s cooperation throughout, so it is important to establish key milestones with your auditor to ensure both parties stay on track. Request regular check-ins with your auditor to ensure any issues are resolved timely.

Initial audits take time to complete, so be sure to communicate proactively and continuously with key stakeholders to manage expectations.

At the end of each audit, your auditor will provide you with their report as well as more detailed results for management’s consideration. It is common for startup companies to receive recommendations from their auditor on areas needing improvement. Common deficiencies the first time through an audit include a lack of supporting records, improper segregation of duties, or insufficient internal controls.

Talk through the findings with your auditor, discuss remediation priorities with the Board of Directors or Audit Committee, and make a plan to begin implementing their suggestions. At the end of the audit, you should also provide feedback on the process to you auditor because developing a good working relationship with your auditor requires providing feedback in both directions for shared success.

Use this checklist to assess your readiness. Audit Readiness Checklist – Technology Company (First Year Under Audit)

When choosing an auditor, look for a firm experienced in the auditing of startup companies who will be prepared to partner with your company throughout the process. At Sensiba, our technology accounting team has helped hundreds of startups navigate their first audits successfully. Contact us to discuss your company’s needs.

If your company offers a 401(k) retirement plan, you understand the extraordinary benefits it can offer your workforce. What many companies don’t realize is that the size of your company dictates whether or not your 401(k) plan requires a third-party audit.

Ensuring your plan is up-to-date with compliance standards is key, and there are often overlooked issues that serve as red flags for the Department of Labor (DOL) and/or the IRS. To make your audit process as smooth as possible, there are some critical points to consider when preparing for your retirement plan audit and maintaining 401(k) compliance.

Generally, a plan is considered a “large” plan and requires an audit when there are more than 100 participants with account balances on the first day of the plan year. If the plan had more than 80 participants with account balances the previous year but has fewer than 120 participants in the current year, it can follow prior year’s filing as a small plan and forego the audit requirement.

Whether or not every participant is employed by the company, an employee is eligible to participate if they meet the definition of eligibility outlined in the plan documents. Eligibility is the minimum age and service requirement that the plan requires as a condition of participation. Based on eligibility requirements of the plan, the plan should determine which individuals are eligible to participate to join the plan or would be automatically enrolled in accordance with plan provisions.

Under Section 412 of the Employee Retirement Income Security Act (ERISA), a fidelity bond must cover the plan’s assets in case of fraud or dishonesty. The fidelity bond must cover at least 10% of the plan’s assets as the beginning of each plan year, subject to a minimum bond amount of $1,000 and a maximum of $500,000 ($1,000,000 for plans that hold employer securities). As plan assets increase each year, an increase in coverage could be required if the bond no longer meets the 10% minimum requirement.

It’s important to ensure that all deferred contributions were calculated properly under the definition of eligible compensation outlined in the plan documents. There are various types of compensation that may be considered ineligible in accordance with plan documents and should be excluded from the calculation of deferrals.

Always keep your plan documents updated with the most current compliance standards and laws. It’s helpful to keep records and make all amendments easily accessible. This allows all participants to fully benefit from the plan, particularly when the documentation has not been recently revised.

It is important to establish a Fiduciary Committee to provide oversight for vital functions such as:

It’s a good idea to draft, record, and retain your annual 401(k) committee meeting minutes to help prove and defend any allegations of breach of duty.

Ensure that employee contributions are deposited within a reasonable amount of time. This can be either a timeframe outlined in the plan’s documentation or as administratively feasible. Businesses considered to have a small plan are eligible for a safe harbor rule that allows for a seven-business day window to deposit contributions.

There is an annual addition limitation designated by the IRS, subject to change every year, that is placed on the dollar amount participants are allowed to contribute to their 401(k) plan each year. If an excess contribution is found, necessary actions must be taken to remove the excess contribution and avoid penalties and potential tax issues.

If your company offers employer matching, it is important to note any maximums in your plan documents, as well as to not surpass the Plan’s matching cap. There is also an annual addition limit, subject to change by the IRS, placed on the combined contribution of employee and employer. This limit should be monitored each year by the plan to ensure compliance.

When employees are offered the option of managing their investment portfolio, make sure participants are given adequate information on the investment choices as well as the fees associated with those options. While providing participants with investment choices may reduce fiduciary liability, the committee should still maintain oversight and ensure participants are well-informed.

For companies that require an audit, Form 5500 is due by the last day of the seventh month after the plan’s year-end with a two and a half month extension. For example, if the plan’s year ends on December 31, Form 5500 will be due on July 31, with an optional extension through October 15 (Form 5558).

If you would like to learn more about the rules and regulations surrounding 401(k) compliance, or if you want to find out how Sensiba can help make your 401(k) plan audit as seamless as possible, don’t hesitate to get in touch with one of our employee benefit plan audit specialists.

Sponsoring a 401(k) plan can bring tremendous value to your organization. Having a great benefits plan can boost the morale of your team members, for example, and improve your ability to attract and retain top talent.

Managing your 401(k) plan, however, can get more complicated.

Many companies fail to meet their basic responsibilities as plan sponsors. Whether you sponsor a large or small plan, your fiduciary responsibilities are the same. The Department of Labor (DOL) and Internal Revenue Service (IRS) both conduct examinations of 401(k) plan sponsors, so it is critical to understand and meet your responsibilities.

Many plan sponsors are overly reliant on third-party service providers, assuming that because they are paying a service provider manage their plan, all of their responsibilities have been met. In reality, many 401(k) sponsors neglect their fiduciary duties, harming their employees and organization. Failing to meet regulatory requirements can lead to larger investigations from the IRS and the DOL, and more money from your pocketbook.

As a plan sponsor, you are responsible for managing your employees’ assets. The IRS and the DOL have published requirements on the fiduciary responsibilities of plan sponsors.

Some of the commonly overlooked requirements include:

Your third-party provider can also help you understand your responsibilities. Just remember that hiring a third-party plan provider alone doesn’t ensure you are meeting your obligations; in fact, reviewing their work is part of your fiduciary responsibility.

Government examinations are not the best time to discover problems with your plan. Understanding the problems that are typically found during an examination can help plan sponsors find and correct issues before they are revealed under examination.

For instance, many sponsors fail to meet document retention requirements, mistakenly assuming their third-party plan provider keeps all documents. When participants take a hardship distribution or borrow money from the plan, these activities must be documented, and records should be retained.

It is common for plans to fail to adequately define ‘compensation’ and ‘contributions,’ which leads to incorrect matching contributions that can create liability and interest for the plan sponsor. Many smaller plans have nondiscrimination issues, where plan contributions are unfairly top heavy. Other plans have problems omitting eligible employees. Management must notify employees when they become eligible and follow up on participation.

The DOL voluntary fiduciary correction program generally provides plan sponsors with the opportunity to self-report and correct problems before fines are assessed. The IRS and DOL are generally much more lenient regarding self-reported corrections than problems found under examination.

Regardless of the size of your plan, you have a fiduciary duty as the plan sponsor. While larger plans require audits that often identify problems during the audit process, smaller plans must also ensure that their fiduciary responsibilities have been met.

For more information regarding the responsibilities of 401k sponsors, get in touch with one of our 401k plan auditors.

To inspire more employers to offer retirement savings plans, a regulatory change has reduced the number of employee benefit plans required to obtain an audit report with Form 5500, “Annual Return/Report of Employee Benefit Plan.”

For plan years beginning on or after January 1, 2023, only plans that have 100 or more participants with account balances at the beginning of the plan year are now counted as a “large plan,” and therefore subject to audit requirements. Previous regulations specified that all eligible employees needed to be counted in determining whether a specific plan was large (whether or not they participated in the plan).

This change means fewer retirement savings plans will need to obtain a Form 5500 audit, saving them the cost and administrative requirements associated with an external audit.

Plans with fewer than 100 participants that have account balances will instead be able to file the Form 5500-SF. This form has fewer schedules and disclosure requirements than Form 5500.

In its Regulatory Impact Analysis, the U.S. Department of Labor estimated more than 19,000 of the nation’s 149,000 large plans, nearly 13%, would no longer be classified as large plans.

In addition to reducing administrative burdens and costs for smaller plans, the new threshold was designed to encourage more small businesses to offer retirement plans to employees.

The “80/120 participant rule,” which was not affected by the 2023 changes, offers an important exception related to Form 5500 filing requirements for employee benefit plans. The 80/120 rule allows plans with between 80 and 120 participants at the beginning of the plan year to file Form 5500 in the same category (large or small) as they did in the previous year.

Under this rule, a plan that filed as a small plan in the previous year can maintain that filing status until it reaches 121 participants. Similarly, any plan that filed as a large plan in the previous year can continue to file as a large plan until it drops below 100 participants.

The rule provides consistency and flexibility for plans hovering around the 100-participant threshold, allowing them to avoid switching between large and small plan status (along with the associated changes in filing requirements) from year to year.

Looking ahead to the 2024 plan years, the Department of Labor is expected to make additional changes under the 2022 SECURE Act (known as SECURE 2.0) designed to simplify plan administration while making retirement plans more accessible and attractive to employees.

For instance, effective January 1, 2025, the definition of a Long-Term Part-Time employee is scheduled to change to include part-time employees who worked at least 500 hours in two consecutive years (rather than the three years required in 2024). This eligibility is determined by looking at hours worked since January 1, 2021.

While this change could expand the number of employees eligible to participate in a plan, the administrative cost is likely to be offset for many plans by the reduced “large plan” criteria outlined above.

Also starting in 2025, companies that request an extension for filing Form 5500 with the Department of Labor will be able to do so electronically, rather than having to file a paper form.

To discuss the filing changes and potential implications for your employee benefit plan, contact us.

Audit confirmations are information requests, typically distributed by email or through secure portals, in which accountants ask third parties to confirm information provided by the company being audited.

Audit confirmations are a powerful tool for auditors that provide independent evidence to substantiate various financial statement assertions.

To be considered credible, the confirmation process should be performed between the auditor and the third party verifying the requested information. Confirmations received directly by the auditor from the confirming parties are more reliable than evidence generated internally by the audited entity.

For example, a company being audited providing bank statements is not considered credible evidence because the statements may have been created or edited by the company. Instead, the auditor interacting directly with the bank to verify balances mitigates the risk of a statement containing inaccurate or modified information. As such, auditors perform bank confirmations to validate the information on the bank statements received from the company.

Audit confirmations can be categorized by their format:

While specific inquiries can vary according to the company, industry, or specific risk factors, common confirmation requests center around:

In late 2023, the SEC and the PCAOB approved AS 2301, The Auditor’s Use of Confirmation, to replace guidance for audits of public companies. The new standard, which emphasizes auditors’ responsibility to use confirmations to obtain reliable audit evidence, makes a number of changes that include:

While these changes do not impact private company audits, it is important to consider these changes when evaluating the sufficiency of confirmations for an audit.

If a third party does not provide the requested confirmation or does not agree with the information presented for confirmation, auditors can use alternative methods to verify information. These may include:

Several potential obstacles can hinder the effective use of confirmation requests in the audit process. For instance, many large enterprises, as a matter of policy, will not respond to requests related to their suppliers or other business partners.

In other instances, a company may have outdated contact information for the third party, so a confirmation request is never received. Another common challenge is a data entry error, such as transposing two digits, that causes a mismatch between specified amounts in two locations. In these situations, auditors will turn to the alternative methods described earlier.

If you have questions about the use of confirmations during the audit process, contact us.

As auditing keeps pace with technological advancements and adjusts to evolving business standards and regulatory expectations, businesses are actively embracing the integration of continuous auditing into their day-to-day operations.  

Continuous auditing involves the use of automated audit evidence collection and review of an organization’s IT systems, transactions, processes, and controls on an ongoing basis. This review helps ensure policy and regulatory compliance by providing early warnings about potential control failures or other issues.  

Continuous auditing empowers businesses to monitor and analyze data sources and operational processes in real time, enabling prompt action to uphold the accuracy and integrity of financial information. By implementing continuous monitoring, businesses cultivate stakeholder trust and confidence by demonstrating a proactive approach and management commitment to accountability and transparency. 

Continuous auditing is a dynamic process designed to enhance the internal audit function and supplement interim and annual programs. Real-time risk identification and evaluation through ongoing monitoring enables the organization to address and mitigate potential issues promptly to minimize their impact on operations and financial performance. Other key benefits include:  

Reduce the risk of penalties and other adverse consequences by sustaining ongoing adherence to regulations, internal policies, and industry standards. 

Prevent potential financial losses or disruption by identifying and promptly investigating errors, anomalies, and irregularities in financial data and operational processes.  

Manage fraud risks and detect fraudulent activities by identifying suspicious patterns, deviations from norms, and unauthorized transactions. 

Reduce costs, enhance productivity, and improve operational efficiency by identifying areas of improvement and streamlining workflows.  

Mitigate the risk of control failures by monitoring access controls, segregation of duties, and approval workflows. 

Expand audit coverage by analyzing a larger volume of data and providing a more comprehensive assessment of risks, controls, and compliance across the business. 

Enable auditors to prioritize higher-risk areas, conduct deeper analysis, and deliver more incisive recommendations by enhancing the quality and efficacy of internal audits. 

Provide real-time insights into cybersecurity threats and vulnerabilities by continuously monitoring networks, systems, and data. 

Continuous auditing enables businesses to make greater-informed decisions, mitigate risks, and maintain transparency and efficiency in their operations through proactive risk management measures, enhanced compliance monitoring, and timely feedback.

Identifying and mitigating potential implementation challenges is important to building a successful continuous auditing program. Some common obstacles to instituting continuous auditing within a business include: 

Despite the challenges, businesses can navigate the implementation of continuous auditing successfully by harnessing technology, innovation, commitment, and strategic planning. 

Continuous auditing heavily relies on automation and technology for efficient collection, processing, and analysis of large datasets. Utilizing advanced data analytics tools, AI, machine learning algorithms, and robotic process automation (RPA) streamlines audit procedures to identify patterns, trends, and outliers for further investigation.  

Successful implementation of continuous auditing necessitates seamless integration with the organization’s business processes and systems. This includes establishing secure connections to pertinent data sources like ERP systems, databases, and transactional applications to ensure compliance with data privacy regulations. Additionally, factors such as scalability, compatibility, and ease of integration with existing systems should be considered carefully. 

Judgment remains essential in continuous auditing to interpret results, assess relevance, and make informed decisions based on the data analyzed by automated processes. While automation facilitates data processing and the identification of deviations, human judgment is crucial for contextual understanding, identifying false positives, and determining the significance of findings in relation to the organization’s goals and risk tolerance. 

Implementing continuous auditing initiatives represents a significant step forward for businesses seeking to optimize their audit processes, improve risk management practices, and increase operational efficiency. Successful implementation of continuous auditing requires careful planning, collaboration, and expertise.  

Leveraging the guidance and support of experienced consultants can be valuable in navigating the complexities of continuous auditing initiatives and ensuring their effective integration into the organization’s audit framework.  

To capitalize fully on the advantages of continuous auditing, businesses are encouraged to undertake the following:  

Continuous auditing signifies a transformative change within the audit landscape. By leveraging technology, embracing a risk-based methodology, and aligning audit processes with organizational workflows, businesses can maximize the advantages of continuous auditing and facilitate continual growth and success. 

Contact us to explore how continuous auditing can help your business stay ahead and become more adaptable and robust in today’s business environment. 

For public companies offering employee stock purchase plans or defined contribution plans with options to invest in the plan sponsor’s stock, Form 11-K is an essential compliance document designed to ensure transparency and accountability to employees and investors.  

The annual 11-K report, which provides a detailed account of the plan’s financial health and its policies, is required by the U.S. Securities and Exchange Commission (SEC) to maintain investor confidence in a company’s governance practices. Understanding what Form 11-K entails, stakeholder expectations for the form, and how to file the report can help companies stay compliant and avoid potential compliance risks.

Form 11-K must be filed annually by companies that offer employee stock purchase, savings, or similar plans in which employees have the option to invest in company stock. The filing is generally due within 90 days after the end of a given plan’s fiscal year.

Public companies, as well as certain private entities with registered employee stock plans, are required to submit Form 11-K if they are subject to SEC regulations. The content of Form 11-K covers several key areas:

Other important details include a description of the plan’s purpose, structure, and any significant changes made during the reporting period, as well as disclosures such as administrative fees or conflicts of interest that could affect the plan.

Financial statements must be prepared in accordance with SEC requirements (Regulation S-X) or ERISA requirements.

Meeting the filing requirements involves understanding the process, including the deadlines, electronic filing mandates, and the SEC’s review procedures. Form 11-K must be filed within 90 days after the plan’s fiscal year end, and if the plan is subject to ERISA, it should be filed within 180 days of the plan’s fiscal year-end. Companies can request an extension if necessary.

The form must be submitted electronically via the SEC’s EDGAR system. Once filed, the SEC reviews the document for completeness and compliance, and may ask for additional information or corrections if needed.

Auditors play a crucial role in the Form 11-K process. They are responsible for auditing the plan’s financial statements to ensure accuracy and compliance with applicable standards. Generally, a financial statement audit is required to evaluate the plan’s net assets and overall financial health, and to obtain reasonable assurance the plan is being managed according to its stated terms.

The auditor’s report, which accompanies Form 11-K, provides an opinion on whether the financial statements are presented fairly in all material respects. A clean auditor’s opinion indicates sound management practices, helping to maintain investor trust.

To stay compliant, companies should focus on several best practices:

Understanding and filing Form 11-K correctly is crucial for any company with employee stock purchase plans. By meeting stakeholder and regulatory expectations, companies can maintain compliance, protect their reputation, and continue to foster trust among employees and investors.

To learn more about Form 11-K filling and the audit process, contact us.

Preparing an 11-K report is a critical step for companies with certain types of employee benefit plans, serving as a vital tool to ensure compliance with Securities and Exchange Commission (SEC) requirements. These reports, filed annually, detail the financial condition of employee benefit plans in which employees can invest their contributions in employer securities, such as 401(k) plans with a company stock investment option.

Auditors play an essential role in this process by providing expertise to ensure filings are accurate and compliant, which in turn minimizes the risk of penalties or reputational damage.

For compliance professionals contemplating a change in auditors, choosing the right partner is invaluable in helping them navigate the complexities of 11-K filings and achieving 11-K readiness.

11-K filings come with unique challenges, and understanding the specific requirements is important. Auditors are responsible for examining the financial statements of employee benefit plans and attesting to their fairness and compliance with accounting standards. Their work must be independent, objective, and thorough.

Independence and Objectivity 

Independence is a cornerstone of a reliable audit. Auditors must remain free from conflicts of interest and committed to unbiased assessments.

Expertise in ERISA and Employee Benefit Plan Audits 

Auditors need specialized knowledge of the Employee Retirement Income Security Act (ERISA) and employee benefit plan audits to understand key aspects such as fiduciary responsibilities and the associated reporting requirements.

Familiarity With SEC Filing Requirements 

Given the intricate nature of SEC regulations, auditors must be deeply familiar with the SEC’s filing requirements for 11-K reports.

11-K audits can present several challenges, including evolving regulations, complex plan structures, and data management issues. The right auditor can help mitigate these challenges by staying up to date on regulatory changes, maintaining a deep understanding of industry practices, and employing robust data analytics tools to ensure accuracy.

Not all auditors are the right fit for your company, especially when it comes to the unique demands of 11-K filings. Knowing when to consider a change can save time, money, and stress.

For instance, selecting an auditor who matches your company’s risk profile and growth strategy is important. An auditor with a deep understanding of your industry and business model will be better positioned to provide accurate insights and recommendations that support your long-term goals.

Conversely, an auditor who lacks industry-specific experience or fails to stay updated on evolving regulations can put your company at risk. Communication issues, such as delayed responses or a lack of transparency, are another red flag.

When considering a new auditor, it is essential to evaluate several factors to ensure they meet your company’s needs. The following criteria can help you evaluate potential partners:

Industry Specialization and Track Record 

Look for auditors specializing in employee benefit plans with a proven track record with 11-K filings. Their experience can offer peace of mind, knowing they have successfully navigated similar challenges before.

Comprehensive Understanding of 11-K Requirements and SEC Regulations 

Your auditor should demonstrate a strong understanding of 11-K requirements and SEC regulations, ensuring that your filings comply with all applicable standards.

Reputation for Integrity and Independence 

Choose an auditor known for their integrity and independence. This reputation is built through consistent adherence to ethical standards and a commitment to objective assessments. Look for membership in the AICPA’s Employee Benefit Plan Audit Quality Center.

Accessibility and Client Service 

Accessibility and responsiveness are key. An auditor who is available when needed and provides timely feedback can make the 11-K filing process smoother and more efficient.

Use of Technology and Innovative Tools 

The right auditor will leverage technology to enhance audit efficiency and accuracy. Look for firms that use advanced data analytics, digital audit tools, and other innovations to streamline the process.

When selecting a new auditor, ask questions that help determine their alignment with your needs. Inquire about their experience with similar clients, their approach to staying current with regulations, and how they manage client communication and expectations.

A productive working relationship with your auditors and advisors is key to successful 11-K readiness. Regular communication and clear expectations, for instance, are essential. Involve your auditors in planning discussions and leverage their expertise for training and internal process improvement. Building a collaborative relationship fosters trust while improving the efficiency of the 11-K filing process.

By understanding your auditor’s responsibilities, evaluating your current partnerships, and selecting the right team for your needs, you can ensure a smooth path to 11-K readiness.

To learn more about effective 11-K filings, contact us.

Increasing the frequency of SOX audits is a strategic move that helps companies enhance the robustness of their internal controls, improve financial reporting accuracy, and ensure ongoing compliance with regulatory requirements.

Companies typically conduct interim and year-end SOX testing as part of their audit plan, but relying solely on interim and year-end SOX testing may result in limited visibility, delayed issue identification, increased risk exposure, complacency, inadequate response to change, and regulatory scrutiny. 

To mitigate these diverse risks, organizations should complement periodic testing with continuous monitoring and auditing practices to ensure ongoing compliance, enhance control effectiveness, and address emerging risks and issues promptly.

Increasing the frequency of SOX audits can provide several benefits:

Frequent audits allow for the early detection of compliance issues and internal control weaknesses. By identifying problems as they arise, companies can implement corrective actions promptly and reduce the risk of financial misstatements and regulatory penalties.

Increased audit frequency can streamline operations by embedding compliance into daily business processes. This integration fosters a culture of continuous improvement, where compliance becomes a routine part of the organizational workflow rather than a periodic checkpoint.

To fully realize the benefits of more frequent SOX audits, organizations must implement a structured approach that incorporates technology, risk assessment, collaboration, and continuous education.

Here are some essential strategies for increasing the frequency of SOX audits effectively:

Utilize automation and advanced data analytics to facilitate continuous auditing. These tools can monitor transactions and controls in real-time, providing immediate insights and reducing the burden of manual audit tasks.

Focus on high-risk areas that have the greatest potential impact on financial reporting. By prioritizing these areas, companies can allocate resources more effectively and ensure critical risks are identified and addressed promptly.

Foster collaboration between internal audit, compliance, and financial reporting teams. Regular communication and information sharing can help identify and address issues more efficiently, ensuring that all stakeholders are aligned on the organization’s compliance objectives.

Invest in ongoing training for audit and compliance personnel. Keeping staff updated on the latest regulatory changes, auditing techniques, and technological advancements is essential for maintaining an effective continuous auditing program.

Increasing the frequency of SOX auditing offers numerous benefits, from timely issue detection to enhanced operational efficiency. By adopting a more frequent audit schedule, leveraging technology, and focusing on high-risk areas, organizations can strengthen their compliance posture and build a robust framework for financial integrity.

As the business environment continues to evolve, embracing continuous and frequent SOX auditing will be key to staying ahead of the curve and ensuring long-term success. Contact us to explore ways to enhance your internal control program and reduce year-end SOX audit pressures.

Disruptions are inevitable in business and their effects can be quite significant for small to medium businesses (SMBs). By taking the initiative and embracing business continuity planning, SMBs can mitigate risk, navigate uncertainty, and emerge from adverse situations stronger and more resilient.

Larger corporations typically have dedicated resources for risk management, while SMBs do not possess the same level of preparedness. But SMBs are equally vulnerable to disruptions, whether from natural disaster, cyber-attack, power outage, equipment failure, human error, or supply chain disruption that affects critical business operations.

Investing in business continuity is valuable not only in mitigating risks and addressing emerging threats, but also in safeguarding the long-term sustainability of the business and maintaining trust and confidence among customers, investors, and other stakeholders.

Customers and suppliers increasingly want to collaborate with organizations that demonstrate their commitment to reliability, risk management, and responsiveness through an effective business continuity plan (BCP). Customers depend on SMBs to deliver products or services consistently and dependably, while suppliers depend on their customers to maintain stable demand for their offerings.

Internal challenges can pose significant barriers to the successful implementation of business continuity strategies for SMBs. For companies with simple organizational structures and fewer personnel, it can be challenging to identify critical processes, assess risks, and develop mitigation strategies. These obstacles may include:

Business continuity planning involves developing and implementing a comprehensive set of organizational policies and procedures to prevent and recover quickly from crises. Establishing a dedicated Business Continuity Planning Team entrusted with the responsibility to design, implement, and maintain a robust BCP is imperative for an organization’s ongoing success.

Developing an effective BCP requires a thorough understanding of the organization’s operations and dependencies, and the recognition of potential vulnerabilities. In most cases, SMBs choose to optimize the expertise of consultants that specialize in the complex planning involved with BCPs. Consultants partner with the organization and serve as a key advisor, offering guidance on effective BCP strategies and implementation.

Key components integral to business continuity planning that consultants often tailor to the needs of specific companies include:

Planning for these actions before a disruption resulting from a disaster or other unplanned event is critical to help mitigate risk and ensure the availability of potentially scarce resources when they’re needed most in the immediate aftermath of a crisis.

Contact us for innovative solutions and actionable strategies to help prepare your business for the unexpected.

As publicly traded companies work to optimize their Sarbanes-Oxley (SOX) compliance, increasing the efficiency and effectiveness of those efforts requires management to better understand organizational risks, align management and the audit committee, train process owners, increase automation, and centralize the monitoring of risk exposures and control performance.

The optimization process starts with an effective risk assessment that helps the company understand its exposures and map the various controls that help it mitigate those risks. The types and number of needed controls will depend on a specific company and its risks.

It’s also important to avoid imposing more controls than the company needs to mitigate risks effectively because each control bears costs for design, documentation, testing, evaluation, and reporting. Understanding the company’s risks, and ensuring you have the correct number of controls, is key to effectiveness and efficiency. This can be further enhanced through a control rationalization, with a deeper review of key risks and the alignment of mitigating control activities.

Management and the audit commitment play important roles in SOX compliance by setting the appropriate “tone at the top” by actively asking about and understanding the company’s key risks, and allocating resources to the implementation and evaluation of the appropriate controls. By demonstrating that they believe in and understand risk management and compliance, they set a tone that the rest of the company will generally follow.

A valuable way to increase efficiency and potentially reduce the cost of a SOX review is making it as easy as possible for external auditors to rely on the company’s testing and documentation. Under SOX, external auditors are required to sign off on the company’s internal controls, give an opinion about the effectiveness of those controls, and identify any deficiencies.

To make these determinations, the auditors will either rely on the company’s control testing and documentation, or will have to perform that testing themselves. While a company won’t be able to reach a point where the auditors rely exclusively on the company’s testing, expanding the percentage of company-tested controls increases efficiency. It does this by reducing the volume (and cost) of auditor testing, as well as avoiding controls being tested twice by the company as well as by the auditors.

Another important step in optimizing SOX compliance is providing training for financial reporting process owners—the managers with oversight responsibilities for specific processes. In addition to setting the tone at the top with messaging from a SOX sponsor (e.g., the CFO), managers need to understand the nature of transactional flows and data involved with significant processes—and be enabled to identify gaps in the performance or documentation of those steps. They should also understand the risks that could affect material accounts.

As part of this training, process owners need to understand the value of testing and documentation outside of preparing for an audit. These steps need to be part of ongoing, year-round risk management activities.

While the role of automation in financial reporting is early and evolving in many organizations, the advantages of streamlining the financial processes that underlie the controls being evaluated will pay dividends in SOX compliance. A large portion of the SOX effort and control performance are steps that are repeated through the fiscal year and across fiscal years.  Where tasks are repeated and involve systems or applications, there are opportunities to automate.

For instance, the vast majority of the information needed for SOX compliance is produced during the accounting period close. Critical activities that occur during closes include journal entries, analyses, reconciliations, approvals, and more—all of which need to be documented and are subject to auditor review.

Tools such as BlackLine increase process accuracy and SOX compliance by importing data from feeds and matching transactions to reconcile accounts automatically, posting journal entries, and coordinating task completion and approval using real-time dashboards. This reduces reliance on manual tools and the risk of data existing in disparate spreadsheets.

To the extent various activities can be automated, the company and its auditor benefit. Manual processes, documentation, and testing are more expensive and typically have higher rates of deficiencies. Where companies have more automation, auditors see fewer deficiencies and smoother, more efficient testing that is conducted with less work and a lower resulting cost.

Companies can increase the efficiency and effectiveness of their SOX compliance efforts by creating a project management office to coordinate their compliance efforts. Depending on the size and scope of the company, that oversight could come from one person, a team, or someone using a combination of internal and outsourced resources.

Without regard to how the role is structured, it’s important for the team member to have an appropriate level of knowledge and experience to coordinate its SOX compliance efforts year-round to ensure controls are performing as designed, and that emerging issues are addressed as quickly as possible.

If your company needs assistance with implementing effective SOX internal controls, reach out to our team of audit professionals who can support you throughout the process.

As 401(k) plan sponsors plan for 2024 and subsequent years, they can take advantage of several improvements to the 2022 SECURE Act (known collectively as SECURE 2.0). These changes simplify plan administration while making retirement plans more accessible and attractive to employees.

Some of the key provisions affecting plan sponsors include:

Plan managers need to understand the SECURE 2.0 changes to 401(k) administration to ensure compliance with the changed regulations and their ability to meet their existing responsibilities.

SECURE 2.0 allows plan sponsors to make discretionary amendments to increase participant benefits for a previous plan year. Effective Dec. 31, 2023, changes will be permitted after the end of a plan year, provided the amendments are adopted by the due date of the sponsor’s next federal tax return. This changes the current requirement that plan amendments be adopted by the end of a plan year in which the amendment is effective.

In late August, the IRS announced a two-year delay in implementing SECURE 2.0 regulations that would have required employees older than 50 and earning more than $145,000 annually to make “catch-up” contributions only via Roth IRA post-tax accounts.

These provisions were delayed until 2026 after feedback from employers and retirement program managers. The employers and managers said they would not be able to implement the provision in time, given the administrative complexities of setting up systems to ensure highly compensated employees would only be making Roth catch-up contributions.

Under current law, employees who have attained age 50 are permitted to make catch-up contributions more than the otherwise applicable limits. Section 109 increases limits to the greater of $10,000 or 50% more than the regular catch-up amount in 2025 for individuals who have attained ages 60, 61, 62 and 63. The increased amounts are indexed for inflation after 2025.

Under current law, participants are generally required to begin taking distributions from their retirement plans at age 72. SECURE 2.0 increased the required minimum distribution (RMD) age for participants to 73 starting on Jan. 1, 2023, and increases the age further to 75 starting on Jan. 1, 2033. IRS Notice 2023-54 provides interim transition relief for plan administrators, payors, participants, IRA owners, and beneficiaries in connection with the change in the required beginning date for RMDs.

Section 350 provides a grace period of 9-1/2 months after a plan year ends for sponsors to correct, without penalty, errors associated with the automatic enrollment of employees into a plan. The grace period also applies to errors related to the automatic escalation of contribution amounts or contribution matches for current plan participants.

Section 350 is effective to errors after Dec. 31, 2023, and should provide peace of mind for HR professionals who may have been worried about potential penalties under the current regulations.

Starting Jan. 1, 2024, plans will be required to allow employees who have worked more than 500 hours in three consecutive 12-month periods to contribute elective deferrals to the plan.

Employers are not required to make matching contributions on behalf of these employees, but may choose to do so.

This change means employers will have to track employee hire dates and hours worked dating back to Jan. 1, 2021, to determine the eligibility of specific employees. Employers need to consider the implications this broader eligibility may have for plan administration. It may be easier, for instance, to allow all employees to contribute rather than tracking hours to determine eligibility.

Starting in 2025, the three-year threshold for part-time eligibility will decrease to two consecutive 12-month periods.

New SECURE 2.0 provisions allow workers to withdraw up to $1,000 from their savings penalty-free to meet personal or family emergencies. Only one withdrawal is allowed per year and employees have the option to repay the withdrawal over three years, but are not required to.

Similarly, an employee affected by domestic violence can withdraw the lesser of $10,000 or, or 50% of their account balance, without incurring a tax penalty. This provision also includes a three-year repayment period.

Participants affected by natural disasters can withdraw up to $22,000 penalty-free. The amount taken must be repaid within three years, or the participant can pay taxes on a non-repaid distribution over three years.

For plan administrators, the penalty-free feature of these provisions reduces the need to calculate and assess the 10% additional tax typically associated with early withdrawals.

Section 101 requires 401(k) plans to automatically enroll participants upon becoming eligible (the employees may opt out of participation). All current 401(k) plans are grandfathered. The initial automatic enrollment amount is at least 3% but not more than 10%, and will increase each year by 1% until it reaches at least 10%, but not more than 15%. Section 101 is effective for plan years beginning after Dec. 31, 2024.

SECURE 2.0 also authorizes, for plan years that began January 1, 2024, the creation of pension-linked emergency savings accounts (PLESAs) by non-highly compensated employees. The U.S. Department of Labor (DOL) defines PLESAs as “short-term savings accounts established and maintained within a defined contribution plan.”

Employers can offer to enroll eligible participants in these accounts beginning in 2024 or can automatically enroll participants.

Some key provisions:

Section 110 permits an employer to make matching contributions under a 401(k) plan with respect to “qualified student loan payments.” For purposes of the nondiscrimination test applicable to elective contributions, Section 110 permits a plan to test separately the employees who receive matching contributions on student loan repayments.

To understand potential 401(k) plan audit implications going forward, contact us.