Graphs, charts, tables, and other data visualizations can be inserted in your financial statement disclosures to improve transparency and draw attention to key accomplishments. By pairing visual aids with verbal explanations, you can increase the likelihood others understand the information you are sharing. As your organization prepares its year-end or quarterly financials, consider presenting some information in a more user-friendly, visual format.

In business, using so-called “infographics” started with product marketing. By combining images with written text, these data visualizations can draw readers in and evoke emotion. They can breathe life into content otherwise considered boring or dry.

Annual reports are traditionally lengthy and heavy with numbers and text. Some organizations now use visual aids to disclose critical financial information to investors and other stakeholders. In this context, infographics help stakeholders digest complex information and retain key points.

Examples of formats that might be appropriate in financial reporting include:

These graphics can be used to show financial metrics, such as revenue and expenses over time. They can help identify trends, like seasonality and growth rates (or decline), which can be used to interpret historical performance and project it into the future.

Here, data is grouped into rectangular bars in lengths proportionate to the values they represent so data can be compared and contrasted. A company might use this type of graph to show revenue by product line or geographic region to determine what (or who) is selling the most.

These circular models show parts of a whole, dividing data into slices like a pizza. They might be used in financial reporting to show the composition of a company’s operating expenses for budgeting or cost-cutting projects.

This simple format presents key figures in a table with rows and columns. A table can be an effective way to summarize complex time-series data, for example. It can provide a quick reference for information investors may want to refer to in the future, such as gross margin or EBITDA over the last five years.

Effective visualizations avoid “chart junk.” That is, unnecessary elements — such as excessive use of color, icons, or text — that detract from the value of the data presentation. Ideally, each graphic should present one or two ideas, simply and concisely. The information also should be timely and relevant. Too many pictures can become just as overwhelming to a reader as too much text.

In addition to using infographics in financial statements, management may create data visualizations for other financial purposes. For example, they could be given to lenders when applying for loans or to prospective buyers in M&A discussions. An infographic could also be used in-house to help the management team make strategic decisions.

Additionally, nonprofits often use infographics to create an emotional connection with donors. If effective, this outreach may encourage additional contributions for the nonprofit’s cause.

By supplementing text and numeric presentations with visual elements, your organization can communicate more effectively with investors, lenders, donors, and other stakeholders. Contact us to decide how visual aids can help you drive home key points and clarify complex matters.

© 2023

Understanding your objectives, identifying organizational risk, enlisting executive support, and evaluating internal controls are among the keys to developing an effective internal audit function.

Internal audit provides the company, on an ongoing basis, with insights into its performance, policies, and procedures that can improve operational, compliance, and financial risks. Common objectives for an internal audit include:

The first step in developing an effective internal audit function is developing a framework that defines management’s needs and expectations. This will vary depending on the company’s industry but will typically include examining the various categories of risk the organization faces, as well as any specific compliance requirements.

This step should be followed by conversations with leaders in different business units — finance, planning, operations, the audit committee, and others — as the first stages of a broader risk assessment. This will involve asking questions about the organization’s risks and whether the implications of a given risk are material.

You can’t eliminate risk completely, but instead, you want to develop a cross-functional view of the appropriate thresholds, so you’re devoting time and resources most effectively during the internal audit.

It’s also important for the organization to designate an executive sponsor of the internal audit function to highlight unequivocally the organization’s commitment to compliance and ethical behavior. Everyone participating in or supporting the audit needs to understand the organization will accept any findings and address shortcomings discovered during the audit process. If people believe the audit will not result in action, the process can become an unproductive exercise that wastes time and money.

Together, these steps will help the company define the scope of the internal audit and optimize management’s risk tolerance, as well as the thresholds for testing during the audit. For example, reviewing the approval of $49 transactions may not be an appropriate use of internal audit’s time.

This discussion also will help you design the objectives and attributes of the tests you will perform during the audit process. This may include, for example:

The next step is scheduling time with management, process owners, and other key participants to align the audit process with the organization’s calendar to avoid intrusions during busy seasons or other important periods. You probably can’t eliminate the perception that the audit is interrupting routine work, but working to accommodate peak periods will improve cooperation and the effectiveness of the audit overall.

With this plan in place, you can launch an internal audit process knowing that it’s backed by a carefully designed, well-reasoned plan that’s aligned with the company’s financial, operational, and compliance risk management objectives.

Whether you’re looking to establish, enhance, or outsource your internal audit function, we provide ‘right-sized’ audit support to assist you. For more information about optimizing the value of your SOX investment, reach out to our team.

Technology companies often operate at a loss, especially in their early stages, as they work to develop their product or service and grow their revenue. When this is the case, the company’s auditor will likely place a heavy emphasis on evaluating the company’s going concern disclosures.

To remain a going concern, a company must have the resources to continue its operations for the foreseeable future. Financial statements are generally prepared using the assumption that a business will continue to be a going concern.

Management is required to assess whether there are existing conditions that raise substantial doubt about the company’s ability to continue as a going concern. If substantial doubt exists, management must evaluate its plans (and the effectiveness of those plans) to alleviate this risk. This assessment will then be evaluated by the company’s external auditor.

The going concern assessment should be based on whether it is likely the company will not be able to fulfill its obligations within one year of the date the financial statements were issued.

Under U.S. accounting standards, certain disclosures are required if any conditions give rise to substantial doubt about the company’s ability to continue as a going concern. The disclosures should include:

If management’s plans do not alleviate the substantial doubt, the disclosures must also include a statement that there is substantial doubt about the company’s ability to continue as a going concern. In this circumstance, the audit report will also include an emphasis on the matter paragraph regarding the existence of substantial doubt.

A company’s auditor will be required to obtain appropriate evidence to evaluate management’s assessment regarding its ability to remain a going concern. To obtain this evidence, an auditor will likely request the following information from management:

If your business needs assistance regarding your going concern disclosures or assessment, contact us. Our auditors can help you understand how the assessment will affect your financial statement disclosures.

If you have declining profits compared to revenue and assets, your financial statements may provide insight into what’s happening and how to improve your performance.

As you sell more and invest in additional assets, profits should, in theory, increase proportionately. However, that’s not always the case. Ratios to watch for a decline include:

For all three profitability ratios, look at two key elements: changes between accounting periods and differences from industry averages.

If these ratios are declining, it’s important to find the cause. If the whole industry suffers, the decline is likely part of an external trend. If the industry is healthy, yet a company’s margins are falling, perhaps management has lost control of costs — or maybe vendor or receivables fraud is to blame. To find the root cause, it’s often helpful to study the main components of the income statement.

If the top line (gross sales or revenue) has declined, your overall profit margin will fall because there is less revenue to spread fixed costs over. To determine if this trend is company-specific or industrywide, look at revenue trends of public companies in the same industry. Also, monitor trade publications, trade associations, and relevant online sources for information.

This category of expenses is a function of raw materials, labor, and overhead elements. Direct materials and labor should be controllable and historically represent a consistent percentage of revenue.

Overhead is mostly fixed and shouldn’t significantly increase unless the company has changed (for example, purchased new equipment, changed its depreciation policy, or relocated its production facility). Examine those elements to determine whether overhead is increasing or decreasing and how the ebb and flow applies to the gross margin, which is simply revenue minus cost of goods sold.

Check whether selling and administrative cost items increased significantly. This section of the income statement can also reveal if you’re trying to determine whether a profit margin decline arose from deteriorating industry conditions or weak management.

Need help solving the mystery of your disappearing profits? Our auditors can use your financial statements to help compute financial statement ratios, identify problem areas and find solutions to get your performance back on track. Contact us to get help with your declining profits.

© 2023

Analytical procedures can make audits more efficient and effective. First, they can help during the planning and review stages of the audit. However, analytics can have an even bigger impact when supplementing substantive testing during fieldwork.

The Association of International Certified Professional Accountants (AICPA) auditing standards define analytical procedures as “evaluations of financial information through analysis of plausible relationships among financial and nonfinancial data.” Analytical procedures also investigate “identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount.” Examples of analytical tests include trend, ratio, and regression analysis.

During fieldwork, auditors can use analytical procedures to obtain evidence, sometimes in combination with other substantive testing procedures, that identify misstatements in account balances. Analytics are often more efficient than traditional, manual audit testing procedures that typically require the business to be audited to produce significant paperwork. Traditional procedures also usually require substantial time to verify account balances and transactions.

Analytical procedures generally follow these five steps:

When using analytics, the auditor must establish a threshold that can be accepted without further investigation. This threshold is a matter of professional judgment, but it’s influenced primarily by materiality and the desired level of assurance.

For differences due to misstatement (rather than a plausible explanation), the auditor must decide whether the misstatement is material (individually or in the aggregate). Material misstatements typically require adjustments to the amount reported and may also necessitate additional audit procedures to determine the scope of the misstatement.

Done right, analytical procedures can help make your audit less time-consuming, less expensive, and more effective at detecting errors and omissions. However, it’s important to notify your auditor about any major changes to your operations, accounting methods, or market conditions during the current accounting period.

This insight can help auditors develop more reliable expectations for analytical testing and identify plausible explanations for significant changes from the balance reported in prior periods. Moreover, now that you understand the role analytical procedures play in an audit, you can anticipate audit inquiries, prepare explanations, and compile supporting documents before fieldwork starts.

Looking for guidance on how to integrate analytical procedures into your audit process? Our experienced professionals are here to help. Contact us now to get started.

© 2023

The IRS uses Audit Techniques Guides (ATGs) to help IRS examiners get ready for audits. Your business can use the same guides to gain insight into what the IRS is looking for in terms of compliance with tax laws and regulations.

Many ATGs target specific industries or businesses, such as construction, aerospace, art galleries, child care providers, and veterinary medicine. Others address issues that frequently arise in audits, such as executive compensation, passive activity losses, and capitalization of tangible property.

The IRS compiles information obtained from past examinations of taxpayers and publishes its findings in ATGs. Typically, these publications explain:

By using a specific ATG, an examiner may, for example, be able to reconcile discrepancies when reported income or expenses aren’t consistent with what’s normal for the industry or to identify anomalies within the geographic area in which the taxpayer resides.

ATGs cover the types of documentation IRS examiners should request from taxpayers and what relevant information might be uncovered during a tour of the business premises. These guides are intended in part to help examiners identify potential sources of income that could otherwise slip through the cracks.

Other issues that ATGs might instruct examiners to inquire about include:

One Audit Technique Guide focuses specifically on cash-intensive businesses, such as auto repair shops, check-cashing operations, gas stations, liquor stores, restaurants and bars, and salons. It highlights the importance of reviewing cash receipts and cash register tapes for these types of businesses.

Cash-intensive businesses may be tempted to underreport their cash receipts, but franchised operations may have internal controls in place to deter such “skimming.” For instance, a franchisee may be required to purchase products or goods from the franchisor, which provides a paper trail that can be used to verify sales records.

Likewise, for gas stations, examiners must check the methods of determining income, rebates and other incentives. Restaurants and bars should be asked about net profits compared to the industry average, spillage, pouring averages and tipping.

Some guides were written several years ago and others are relatively new. There is no guide for every industry. Here are some of the guide titles that have been revised or added this year:

To access the complete list of ATGs, visit the IRS website.

Although Audit Techniques Guides were created to enhance IRS examiner proficiency, they also can help small businesses ensure they aren’t engaging in practices that could raise red flags with the IRS. For more information on the IRS red flags that may be relevant to your business and your right ATG, contact us.

© 2023

An organization’s internal controls are the rules, policies, and procedures specifying how various functions are carried out, as well as measures designed to verify those procedures are being performed effectively.

Management is responsible for developing an appropriate system of internal controls, but every employee is responsible for following and applying those practices. They are established to help an organization achieve its objectives supported by strategic, financial, and operational initiatives. At a tactical level, internal controls help organizations and management prevent errors in routine functions, reduce fraud risk, and identify and correct any problems that may arise.

Internal controls typically fall into two broad categories, which include preventive and detective controls.

Preventive controls are designed to avoid errors or misclassifications. This includes the segregation of duties designed to reduce fraud risk. For example, having someone reviewing invoices and someone else sending payments.

Detective controls are designed to identify an error or misclassification after it has occurred. Common measures include records reviews, account reconciliations, and physical inventories. One example is reconciling the general ledger to various accounts, such as reconciling cash to ensure the balance on the organization’s books matches its bank balance.

Beyond a compliance focus, organizations that support strong governance, internal controls, and risk management demonstrate stronger performance than their peers that ignore these important success factors.

A strong system of internal control will depend on identifying, establishing, and maintaining controls based on certain key components. There are several established control frameworks to aid management. No specific framework is required, and management may utilize any of their choice.

Leveraging from an established and commonly used control framework adds to the flexibility, reliability, and cost-effectiveness of management’s approach to the design and evaluation of internal controls. An example is the 2013 COSO Framework (Committee of Sponsoring Organizations of the Treadway Commission), which focuses on five components of internal control detailed below.

Often described as “tone at the top,” the control environment describes a set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.

The risk assessment forms the basis for determining how risks will be managed. A risk is defined as the possibility that an event will occur and adversely affect the achievement of organizational objectives. Risk assessment requires management to consider the impact of possible changes in the internal and external environment and to potentially take action to manage the impact.

Control activities are actions (generally described in policies, procedures, and standards) that help management mitigate risks in order to ensure the achievement of objectives. These can include segregating duties, transaction review and approval, and routine account reconciliation.

Information is obtained or generated by management from both internal and external sources in order to support internal control components. Communication based on internal and external sources is used to disseminate information throughout and outside of the organization, as needed to respond to and support meeting requirements and expectations. The internal communication of information throughout an organization also allows management to demonstrate to employees that control activities should be taken seriously.

Monitoring activities are periodic or ongoing evaluations to verify that each of the five components of internal control, including the controls that affect the principles within each component, are present and functioning.

In addition to a strong control environment, an organization should have an internal audit function (either on a staff or outsourced basis) to verify the effectiveness of its internal controls. For example, internal auditors will help management assess the design of the controls as well as the organization’s risks, and update management and the audit committee on the performance of those controls. Internal auditors can also help the organization prepare for its external audit.

Vital internal audit functions include:

No system of internal controls is perfect. However, there are conditions that may undermine internal controls, which include:

Communication and monitoring must be consistent to ensure gaps in internal control do not occur. This is a task made more complex as an organization’s control environment is constantly evolving.

Whether you’re looking to establish, enhance, or outsource your internal audit function, we provide ‘right-sized’ audit support to assist you. For more information about optimizing the value of your SOX investment or want to learn more about internal controls, contact our team.

While an effective internal audit function can help an organization mitigate organizational risks, identify inefficient processes, enhance compliance, and reduce the potential for fraud, it’s important to review the process itself. Reviewing the internal audit process ensures it delivers relevant insights to management and the audit committee.

Taking a step back from the audit’s findings and reviewing its process provides several benefits, including emphasizing the idea that an internal audit is designed to identify opportunities for organizational improvement. By examining the audit as well as the organization’s performance, policies, and procedures, management is highlighting the cultural importance of continuous improvement.

It’s valuable for the audit to be seen as a partnership and a process that adds value to the company by helping it improve, not as a policing exercise for policy violations. This perception will improve the willingness of process owners to cooperate with the audit and increase its overall efficiency.

A valuable first step in enhancing your internal audit process is reviewing its results and insights with company management and the audit committee — not just any deficiencies the audit may have uncovered but the overall results and information provided.

Among the questions to ask include:

It can also be helpful to review the internal audit plan’s initial objectives. Doing so can make sure the goals that were outlined at the beginning of the process have been achieved. These conversations will be beneficial in making sure the audit is providing effective insights to its end users and filling its role in helping the organization address its financial, operational, and compliance risks.

It’s also critical to ensure that the auditors are reviewing the right information. Examining incomplete or inaccurate data will clearly hinder the team’s ability to generate meaningful insights from the audit process.

If deficiencies or improvement opportunities are discovered, it’s also important for the company to give people enough time to complete the necessary changes. This, of course, depends on the severity of the issue. But, in most instances, providing enough time to address an issue reduces the potential for someone to feel stigmatized and increases their trust in the internal auditors.

Changes, including macroeconomic, regulatory, industry space, and even work patterns (including remote work arrangements) create new risks and/or change the level of current risks. Taking time as a high-performing audit function and a team performing a current state analysis is essential to ensuring the audit function continues to evolve and provide the best service to the organization.

Whether you’re looking to establish, enhance, or outsource your internal audit process, we provide ‘right-sized’ audit support to assist you. For more information about optimizing the value of your SOX investment, reach out to our team.

A company’s first financial statement audit can be an administrative challenge. Still, effective planning and implementation tools such as BlackLine can help streamline the process, improve internal controls, and potentially reduce audit fees.

BlackLine and its Modern Accounting Playbook (MAP) framework help growing and mid-sized companies optimize and automate key aspects of their financial close and financial reporting processes. These can include balance sheet and income statement reconciliations, task management functionality to help the finance team remain organized and efficient throughout the close process, and transaction matching for clearing bank to general ledger transactions.

BlackLine helps companies shift their audit preparation from a manual process driven by and reliant on spreadsheets to a largely automated exercise that helps the finance team optimize its efforts to perform quality work efficiently.

One of the most powerful ways BlackLine can help a company prepare for its first financial statement audit is by enabling a centralized repository for its data. Instead of financial and performance data being stored on spreadsheets, potentially in multiple locations, BlackLine offers a secure cloud-based repository that offers a single source of truth for vital information.

A cloud-based repository offers several advantages for the company during the close process, as well as when it prepares for its audit. Data must no longer be compiled and reformatted manually, saving valuable staff time and effort. Additionally, here are other advantages of BlackLine’s centralized data.

The company can give its auditors access to selected data within the cloud-based repository. This can optimize the audit by eliminating the time-consuming aspect of a manual audit in which the auditor requests data that the finance team has to compile and share.

Storing information in a centralized repository also reduces the risk of requested information being challenging to track down. In addition to wasting time and causing frustration within the finance team, searching for missing data can increase the time the audit takes (and create a corresponding increase in audit fees).

In contrast, being able to provide information readily reduces time and increases efficiency, as well as the auditor’s ability to rely on the company’s work. This reliance, in turn, can also help the company reduce audit fees or avoid unexpected overages.

BlackLine also helps a company establish and maintain effective internal controls over financial reporting by automatically creating and enforcing key controls such as segregation of duties. For example, a preparer will not be allowed to approve his or her work, such as an account reconciliation.

These controls are vital for all companies, but building them into a financial reporting platform is especially helpful for newer companies managing vast amounts of information during their initial financial closes and audits.

Similarly, BlackLine can help the company identify areas of the balance sheet that might be classified as high risk. Designating some accounts, such as cash, as key accounts can help the company focus on those accounts by coordinating activities among different functions or adjusting due dates to ensure control activities are enforced. Automating this monitoring helps the finance team focus time and resources on other areas.

Interested in learning more? Reach out for a demo and see how BlackLine can help automate and centralize tasks within your organization’s financial close.

Creating internal controls over financial reporting (ICFR) is mandated under the Sarbanes-Oxley Act (SOX). SOX internal controls provide important insights into the accuracy and presentation of a company’s financial position while serving as a valuable risk management tool.

Section 404 of the Sarbanes-Oxley Act requires publicly traded companies to establish, assess, and report on the design and operational effectiveness of its internal controls over financial reporting.

The objective of SOX is to protect investors by improving the accuracy and reliability of an organization’s financial position and disclosures. Accuracy and reliability are vital to protect investors and other stakeholders from the risk of loss due to reporting errors or fraud. Errors and fraud may occur if a company does not have adequate policies and procedures over how financial data is recorded, processed, generated, and reported.

Although mandatory for companies publicly traded in the United States, SOX requirements are often followed by private companies that plan to become public (or to be acquired) in the near future, as well as private companies interested in demonstrating strong governance practices to external stakeholders.

It’s important for companies to distinguish their SOX internal controls from other control procedures, including those designed to improve operational efficiency. These controls typically fall outside the scope of an ICFR review under SOX Section 404. The focus of SOX internal controls is on the risk of financial misstatement.

In order to properly manage the risk of financial misstatement, management teams need to adequately identify risks faced by the organization. This is accomplished through a review of the company’s financial statements and significant transactional flows, while considering the people, processes, and systems involved in each. As management and auditors understand the company’s processes, the identification of financial misstatement risks will be defined.

With an understanding of risk, management will perform procedures to identify and assess the risks of material misstatement to the financial statements, whether due to fraud or error. Risks defined as being more significant will be the drivers for where SOX internal control activities are required.

When management and their external auditors have a common understanding of the company’s processes and financial misstatement risks, the next step is to use an agreed-upon system or framework to define control objectives and organize control activities. Together with its external auditors, management will design a risk-based approach to its internal controls, SOX compliance, and the scope of its financial statement audit.

The best approach for developing an organization’s SOX compliance program is the COSO Framework. The COSO Framework provides organizations with principles-based guidance for designing and implementing effective internal controls. While the COSO Framework is generally accepted, there are other control frameworks a company may adopt. However, the COSO framework provides components, principles, and points of focus that are commonly accepted by auditors.

The COSO framework is built around interconnected components that include:

Beyond the COSO Framework, external auditors will likely use the top-down approach recommended by the Public Company Accounting Oversight Board (PCAOB) to select controls for testing. This approach starts at the financial statement level and the auditor’s understanding of the organization’s overall ICFR risks.

The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and relevant assertions, before selecting controls for testing that address the more significant risks of financial misstatement.

This will typically be achieved by reviewing samples of transactions to verify amounts are being recorded accurately. If, for example, the auditor’s testing provides reasonable assurance that revenue transactions are reported reliably, the company can assume its controls are performing as designed and, in turn, the risk is low that its financial statements are materially inaccurate.

These procedures help companies and auditors provide investors with assurance that the company’s financial statements have been reviewed, the reported amounts are correct, and the statement provides an accurate report on the company’s financial performance and balance sheet at the close of the reporting period.

If your company needs assistance with implementing effective SOX internal controls, reach out to our team of audit professionals who can support you throughout the process.

A conflict of interest could impair your auditor’s objectivity and integrity and potentially compromise your company’s financial statements. That’s why it’s important to identify and manage potential conflicts of interest with auditors.

According to the America Institute of Certified Public Accountants (AICPA), “A conflict of interest may occur if a member performs a professional service for a client and the member or his or her firm has a relationship with another person, entity, product or service that could, in the member’s professional judgment, be viewed by the client or other appropriate parties as impairing the member’s objectivity.” Companies should be on the lookout for potential conflicts when:

Determining whether a conflict of interest exists requires an analysis of facts. Some conflicts may be obvious, while others may require in-depth scrutiny.

For example, if an auditor recommends accounting software to an audit client and receives a commission from the software provider, a conflict of interest likely exists. Why? While the software may suit the company’s needs, the commission payment calls into question the auditor’s motivation in making the recommendation. That’s why the AICPA prohibits an audit firm from accepting commissions from a third party when it involves a company the firm audits.

Now consider a situation in which a company approaches an audit firm to provide assistance in a legal dispute with another company that’s an existing audit client. Here, given the inside knowledge the audit firm possesses of the company it audits, a conflict of interest likely exists. The audit firm can’t serve both parties to the lawsuit and comply with the AICPA’s ethical and professional standards.

AICPA standards require audit firms to be vigilant about avoiding potential conflicts. If a potential conflict is unearthed, audit firms have the following options:

Ask your auditors about the mechanisms the firm has implemented to identify and manage potential conflicts of interest before and during an engagement. For example, partners and staff members are usually required to complete annual compliance-related questionnaires and participate in education programs that cover conflicts of interest. Firms should monitor conflicts regularly, because circumstances may change over time, such as employee turnover or M&A activity.

Conflicts of interest are one of the gray areas in auditing. But it’s an issue our firm takes seriously and proactively safeguards against. If you suspect a conflict exists, contact us to discuss it and determine the most appropriate way to handle it.

Under U.S. Generally Accepted Accounting Principles (GAAP), financial statements are normally prepared based on the assumption that the company will continue normal business operations into the future. When liquidation is imminent, the liquidation basis of accounting may be used instead.

It’s up to the company’s management to decide whether there’s a so-called “going concern” issue and to provide related footnote disclosures. But auditors still must evaluate the appropriateness of management’s assessment. Here are the factors that go into a going concern assessment.

The responsibility for making a final determination about a company’s continued viability shifted from external auditors to the company’s management under Accounting Standards Update (ASU) No. 2014-15, Presentation of Financial Statements — Going Concern (Subtopic 205-40): Disclosure of Uncertainties About an Entity’s Ability to Continue as a Going Concern. The updated guidance requires management to decide whether there are conditions or events that raise substantial doubt about the company’s ability to continue as a going concern within one year after the date that the financial statements are issued (or within one year after the date that the financial statements are available to be issued, to prevent auditors from holding financial statements for several months after year end to see if the company survives).

Substantial doubt exists when relevant conditions and events, considered in the aggregate, indicate that it’s probable that the company won’t be able to meet its current obligations as they become due. Examples of adverse conditions or events that might cause management to doubt the going concern assumption include:

After management identifies that a going concern issue exists, it should consider whether any mitigating plans will alleviate the substantial doubt. Examples of corrective actions include plans to raise equity, borrow money, restructure debt, cut costs, or dispose of an asset or business line.

After the FASB updated its guidance on the going concern assessment, the Auditing Standards Board (ASB) unanimously voted to issue a final going concern standard. The ASB’s Statement on Auditing Standards (SAS) No. 132, The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern, was designed to promote consistency between the auditing standards and accounting guidance under U.S. GAAP.

The updated guidance requires auditors to obtain sufficient appropriate audit evidence regarding management’s use of the going concern basis of accounting in the preparation of the financial statements. It also addresses uncertainties auditors face when the going concern basis of accounting isn’t applied or may not be relevant.

For example, SAS No. 132 doesn’t apply to audits of single financial statements, such as balance sheets and specific elements, accounts, or items of a financial statement. Some auditors contend that the evaluation of whether there’s substantial doubt about a company’s ability to continue as a going concern can be performed only on a complete set of financial statements at an enterprise level.

With increased market volatility, rising inflation, supply chain disruptions, labor shortages and skyrocketing interest rates, the going concern assumption can’t be taken for granted. Management must take current and expected market conditions into account when making this call — and be prepared to provide auditors with the appropriate documentation. Contact us before year end if you have concerns about your company’s going concern assessment. We can provide objective market data to help evaluate your situation.

© 2023

If your company offers a 401(k) retirement plan, you understand the extraordinary benefits it can offer your workforce. What many companies don’t realize is that your company’s size dictates whether or not your 401(k) plan requires a third-party audit.

Ensuring your plan is up-to-date with compliance standards is key, and there are often overlooked issues that serve as red flags for the Department of Labor (DOL) and/or the IRS. To make your audit process as smooth as possible, there are some critical points to consider when preparing for your retirement plan audit and having 401(k) compliance.

Generally, a plan is considered a “large” plan and requires an audit when there are more than 100 participants on the first day of the plan year. If the plan had less than 100 participants the previous year but still has less than 120 participants in the current year, it can still be filed as a small plan and forego the audit requirement. This rule applies so long as the eligible participant count remains less than 120.

Whether or not every employee chooses to participate in the 401(k) plan, any employee eligible to participate is considered an eligible participant. This includes terminated and deceased employees with a balance in their plan.

Under Section 412 of the Employee Retirement Income Security Act (ERISA), a fidelity bond must cover at least 10% of the plan’s assets in case of fraud or dishonesty. As plan assets increase each year, an increase in coverage could be required if the bond no longer meets the 10% minimum requirement.

It’s important to ensure that all deferred compensation falls under the eligible compensation outlined in the plan documentation. Furthermore, all other forms of compensation (such as allowances) are not calculated in the deferrals.

Always keep your plan documentation updated with the most current compliance standards and laws. It’s helpful to keep records and make the documentation of all amendments easily accessible. This allows all participants to fully benefit from the plan, particularly when the documentation has not been recently revised. (Example: starting in 2015, the maximum contribution to a 401(k) plan was increased to $18,000).

It’s a good idea to draft and record your annual 401(k) committee meeting to help prove and defend any allegations of breach of duty.

Ensure that employee contributions are deposited within a reasonable amount of time. This can be either a timeframe outlined in the plan’s documentation or, at a maximum, the 15th business day of the following month when the deferral was withheld. Businesses with less than 100 participants are eligible for a seven business day safe harbor rule.

There is a legal cap placed on the dollar amount participants are allowed to contribute to their 401(k) plan each year. If an excess contribution is found, necessary actions must be taken to remove the excess contribution and avoid penalties.

If your company offers employer matching, it is important to note any maximums on your plan documentation, as well as not surpass the legal matching cap. There is also a limit placed on the combined contribution of employee and employer. This cap often changes and should be monitored each year to ensure compliance.

When employees are offered the option of managing their investment portfolio, make sure they are given adequate information on the investment choices as well as the fees associated with those options. To avoid liability issues, there must also be a statement from the committee relieving themselves of fiduciary duty.

For companies that require an audit, Form 5500 is due by the last day of the seventh month after the plan’s year-end. For example, if the plan’s year ends on December 31, Form 5500 will be due on July 31, with an optional extension through October 15 (Form 5558).

If you would like to learn more about the rules and regulations surrounding 401(k) compliance, or if you want to find out how Sensiba can help make your 401(k) plan audit as seamless as possible, don’t hesitate to get in touch with one of our audit specialists.

Every financial transaction your company records generates non-financial information that doesn’t have a dollar value assigned to it. Though auditors may spend most of their time analyzing financial records, non-financial data can also help them analyze your business from multiple angles.

An audit aims to determine whether your financial statements are “fairly presented in all material respects, compliant with Generally Accepted Accounting Principles (GAAP) and free from material misstatement.” To thoroughly assess these issues, auditors must expand their procedures beyond the line items recorded in your company’s financial statements.

Nonfinancial information helps auditors understand your business and how it operates. During planning, inquiry, analytics and testing procedures, auditors will be on the lookout for inconsistencies between financial and non-financial measures. This information also helps auditors test the accuracy and reasonableness of the amounts recorded on your financial statements.

A good starting point is a tour of your facilities to observe how and where the company spends its money. The number of machines operating, the amount of inventory in the warehouse, the number of employees and even the overall morale of your staff can help bring to life the amounts shown in your company’s financial statements.

Auditors also may ask questions during fieldwork to help determine the reasonableness of financial measures. For instance, they may ask you for detailed information about a key vendor when analyzing accounts payable. This might include the vendor’s ownership structure, its location, copies of email communications between company personnel and vendor reps, and the name of the person who selected the vendor. Such information can give the auditor insight into the size of the relationship and whether the timing and magnitude of vendor payments appear accurate and appropriate.

Your auditor may even look outside your company for non-financial information. Many websites allow customers and employees to submit reviews of the company. These reviews can provide valuable insight regarding the company’s inner workings. If the reviews uncover consistent themes — such as an unwillingness to honor product guarantees or allegations of illegal business practices — it may signal deep-seated problems that require further analysis.

Auditors typically ask lots of questions and request specific documentation to test the accuracy and integrity of a company’s financial records. While these procedures may seem probing or superfluous, analyzing non-financial information is critical to issuing a nonqualified audit opinion. Let’s work together to get it right!

@ 2023

You’ve heard the words in business circles —COSO, ERM, SOX, and COBIT. Looks like alphabet soup. But what do they mean? If you think these all relate to risk management, you are on the right track. The difference lies in their primary focus/objective and the methodology. Before we dig deeper into the different frameworks, let’s first define what risk management is.

Risk management is the process of identifying, assessing and controlling financial, legal, strategic, and security risks to an organization’s financial reporting, capital, and earnings. Risks originate from many sources, including financial reporting errors, fraud, legal, statutory, strategic management errors, cyber threats, and/or natural disasters.

A successful risk management program will enable management teams to consider a broad range of risks an organization faces. Risk management also considers the relationship between risks – and the cascading impact they could have on an organization’s strategic goals.

To reduce risk, management teams need to effectively implement internal controls to minimize, monitor, and control the impact of threats.

If you are curious about the unusual name, here is the explanation. The COSO internal control framework was introduced in 1992 and then overhauled to a more modern, comprehensive version in 2013. The framework was sponsored and funded by five accounting and auditing associations:

The commission was led by James Treadway, the former SEC commissioner.

COSO is recognized as the leading framework for designing, implementing, and assessing the effectiveness of internal controls. Its objective was to provide reasonable assurance regarding achieving organizational objectives in the following categories: operational effectiveness and efficiency, financial reporting reliability, compliance with applicable laws and regulations, and asset safeguarding.

SOX is a legislation passed by the U.S. Congress in 2002 and was sponsored in Congress by Senator Sarbanes and Representative Oxley. One of the features of this law was the addition of a requirement for management to certify and the independent auditor to attest to the effectiveness of a company’s internal control system. The goal was to protect shareholders and the public from fraudulent financial reporting practices. Among the COSO objectives, SOX’s focus was on the financial objective.

The ERM framework, issued in 2004, added a focus on the strategic objective (i.e., high-level goals that support the organization’s mission) to COSO’s operational, financial, and compliance objectives.

ERM expanded on COSO’s risk management focus to seize opportunities for achieving organizational objectives such as enhancing profits. ERM considers both positive risks (i.e., business opportunities) and negative risks (i.e., business threats).

COBIT is the IT equivalent of COSO. It is a framework created by ISACA (Information Systems Audit and Control Association) for information technology management and governance. It aimed to link business risks, control requirements, and the technical infrastructure. It is used for the governance of both IT implementations and ongoing operations.

While there are many frameworks to choose from, it is important to find the right one for your company and ensure compliance. Our Internal Audit team has extensive knowledge of risk management frameworks and can work with you to select the best option for your business and guide you through compliance. Reach out to speak to our team and get started.

Over the past decade, business owners have become quite privy to the dangers and signs of fraud schemes. While credit card alerts and vendor screenings have become almost second nature, business owners often overlook one of the most common sources of fraudulent activity — their employees.

From high mortgage debts, climbing costs of living, budget cuts, and increasing costs of health care, there’s a clear (potential) motive for employees to turn to fraudulent behavior. A 2022 study by the Association of Certified Fraud Examiners (ACFE) revealed more than $4.7 trillion is lost annually to occupational fraud worldwide.

So what can you do to protect your company? Having a strong set of internal controls is the most effective and efficient way of protecting yourself against those looking to skim money off your bottom line. This does not need to be a complete internal control evaluation and implementation, but evaluating critical transaction cycles and putting controls in specific key steps can go a long way to mitigating the risk of employee theft.

Here are ten signs that there may be an issue with financial fraud in your company – stay vigilant and watch out for these warning signals.

Even if your company has a squeaky-clean fraud history, it’s a good idea to have the right controls in place to prevent attacks from happening in the future. There are two categories of controls: passive and active. Passive controls exist to prevent someone from having the opportunity to commit fraud, while active controls prevent the possibility of fraud from occurring.

It’s important to remember that internal controls are a process, not a means to an end. They must be properly communicated, remain consistent and always stay enforced. To work effectively, internal controls must be persistently followed by every employee, manager, and even owners. If your employees believe that someone is paying attention, then the chances of them attempting fraud will be moderated.

Protecting your business from financial fraud is crucial for its growth and stability. By implementing these ten best practices, you can reduce the risk of fraudulent activities within your organization.

While these best practices are a great start to building a strong safeguard, it’s a good idea to leverage a third-party to review your business and uncover potential problems. If you’d like to learn more about how an internal audit can help strengthen your company’s infrastructure, one of our internal control specialists is here to help.