Increasing the frequency of SOX audits is a strategic move that helps companies enhance the robustness of their internal controls, improve financial reporting accuracy, and ensure ongoing compliance with regulatory requirements.

Companies typically conduct interim and year-end SOX testing as part of their audit plan, but relying solely on interim and year-end SOX testing may result in limited visibility, delayed issue identification, increased risk exposure, complacency, inadequate response to change, and regulatory scrutiny. 

To mitigate these diverse risks, organizations should complement periodic testing with continuous monitoring and auditing practices to ensure ongoing compliance, enhance control effectiveness, and address emerging risks and issues promptly.

Increasing the frequency of SOX audits can provide several benefits:

Frequent audits allow for the early detection of compliance issues and internal control weaknesses. By identifying problems as they arise, companies can implement corrective actions promptly and reduce the risk of financial misstatements and regulatory penalties.

Increased audit frequency can streamline operations by embedding compliance into daily business processes. This integration fosters a culture of continuous improvement, where compliance becomes a routine part of the organizational workflow rather than a periodic checkpoint.

To fully realize the benefits of more frequent SOX audits, organizations must implement a structured approach that incorporates technology, risk assessment, collaboration, and continuous education.

Here are some essential strategies for increasing the frequency of SOX audits effectively:

Utilize automation and advanced data analytics to facilitate continuous auditing. These tools can monitor transactions and controls in real-time, providing immediate insights and reducing the burden of manual audit tasks.

Focus on high-risk areas that have the greatest potential impact on financial reporting. By prioritizing these areas, companies can allocate resources more effectively and ensure critical risks are identified and addressed promptly.

Foster collaboration between internal audit, compliance, and financial reporting teams. Regular communication and information sharing can help identify and address issues more efficiently, ensuring that all stakeholders are aligned on the organization’s compliance objectives.

Invest in ongoing training for audit and compliance personnel. Keeping staff updated on the latest regulatory changes, auditing techniques, and technological advancements is essential for maintaining an effective continuous auditing program.

Increasing the frequency of SOX auditing offers numerous benefits, from timely issue detection to enhanced operational efficiency. By adopting a more frequent audit schedule, leveraging technology, and focusing on high-risk areas, organizations can strengthen their compliance posture and build a robust framework for financial integrity.

As the business environment continues to evolve, embracing continuous and frequent SOX auditing will be key to staying ahead of the curve and ensuring long-term success. Contact us to explore ways to enhance your internal control program and reduce year-end SOX audit pressures.

Disruptions are inevitable in business and their effects can be quite significant for small to medium businesses (SMBs). By taking the initiative and embracing business continuity planning, SMBs can mitigate risk, navigate uncertainty, and emerge from adverse situations stronger and more resilient.

Larger corporations typically have dedicated resources for risk management, while SMBs do not possess the same level of preparedness. But SMBs are equally vulnerable to disruptions, whether from natural disaster, cyber-attack, power outage, equipment failure, human error, or supply chain disruption that affects critical business operations.

Investing in business continuity is valuable not only in mitigating risks and addressing emerging threats, but also in safeguarding the long-term sustainability of the business and maintaining trust and confidence among customers, investors, and other stakeholders.

Customers and suppliers increasingly want to collaborate with organizations that demonstrate their commitment to reliability, risk management, and responsiveness through an effective business continuity plan (BCP). Customers depend on SMBs to deliver products or services consistently and dependably, while suppliers depend on their customers to maintain stable demand for their offerings.

Internal challenges can pose significant barriers to the successful implementation of business continuity strategies for SMBs. For companies with simple organizational structures and fewer personnel, it can be challenging to identify critical processes, assess risks, and develop mitigation strategies. These obstacles may include:

Business continuity planning involves developing and implementing a comprehensive set of organizational policies and procedures to prevent and recover quickly from crises. Establishing a dedicated Business Continuity Planning Team entrusted with the responsibility to design, implement, and maintain a robust BCP is imperative for an organization’s ongoing success.

Developing an effective BCP requires a thorough understanding of the organization’s operations and dependencies, and the recognition of potential vulnerabilities. In most cases, SMBs choose to optimize the expertise of consultants that specialize in the complex planning involved with BCPs. Consultants partner with the organization and serve as a key advisor, offering guidance on effective BCP strategies and implementation.

Key components integral to business continuity planning that consultants often tailor to the needs of specific companies include:

Planning for these actions before a disruption resulting from a disaster or other unplanned event is critical to help mitigate risk and ensure the availability of potentially scarce resources when they’re needed most in the immediate aftermath of a crisis.

Contact us for innovative solutions and actionable strategies to help prepare your business for the unexpected.

As 401(k) plan sponsors plan for 2024 and subsequent years, they can take advantage of several improvements to the 2022 SECURE Act (known collectively as SECURE 2.0). These changes simplify plan administration while making retirement plans more accessible and attractive to employees.

Some of the key provisions affecting plan sponsors include:

Plan managers need to understand the SECURE 2.0 changes to 401(k) administration to ensure compliance with the changed regulations and their ability to meet their existing responsibilities.

SECURE 2.0 allows plan sponsors to make discretionary amendments to increase participant benefits for a previous plan year. Effective Dec. 31, 2023, changes will be permitted after the end of a plan year, provided the amendments are adopted by the due date of the sponsor’s next federal tax return. This changes the current requirement that plan amendments be adopted by the end of a plan year in which the amendment is effective.

In late August, the IRS announced a two-year delay in implementing SECURE 2.0 regulations that would have required employees older than 50 and earning more than $145,000 annually to make “catch-up” contributions only via Roth IRA post-tax accounts.

These provisions were delayed until 2026 after feedback from employers and retirement program managers. The employers and managers said they would not be able to implement the provision in time, given the administrative complexities of setting up systems to ensure highly compensated employees would only be making Roth catch-up contributions.

Under current law, employees who have attained age 50 are permitted to make catch-up contributions more than the otherwise applicable limits. Section 109 increases limits to the greater of $10,000 or 50% more than the regular catch-up amount in 2025 for individuals who have attained ages 60, 61, 62 and 63. The increased amounts are indexed for inflation after 2025.

Under current law, participants are generally required to begin taking distributions from their retirement plans at age 72. SECURE 2.0 increased the required minimum distribution (RMD) age for participants to 73 starting on Jan. 1, 2023, and increases the age further to 75 starting on Jan. 1, 2033. IRS Notice 2023-54 provides interim transition relief for plan administrators, payors, participants, IRA owners, and beneficiaries in connection with the change in the required beginning date for RMDs.

Section 350 provides a grace period of 9-1/2 months after a plan year ends for sponsors to correct, without penalty, errors associated with the automatic enrollment of employees into a plan. The grace period also applies to errors related to the automatic escalation of contribution amounts or contribution matches for current plan participants.

Section 350 is effective to errors after Dec. 31, 2023, and should provide peace of mind for HR professionals who may have been worried about potential penalties under the current regulations.

Starting Jan. 1, 2024, plans will be required to allow employees who have worked more than 500 hours in three consecutive 12-month periods to contribute elective deferrals to the plan.

Employers are not required to make matching contributions on behalf of these employees, but may choose to do so.

This change means employers will have to track employee hire dates and hours worked dating back to Jan. 1, 2021, to determine the eligibility of specific employees. Employers need to consider the implications this broader eligibility may have for plan administration. It may be easier, for instance, to allow all employees to contribute rather than tracking hours to determine eligibility.

Starting in 2025, the three-year threshold for part-time eligibility will decrease to two consecutive 12-month periods.

New SECURE 2.0 provisions allow workers to withdraw up to $1,000 from their savings penalty-free to meet personal or family emergencies. Only one withdrawal is allowed per year and employees have the option to repay the withdrawal over three years, but are not required to.

Similarly, an employee affected by domestic violence can withdraw the lesser of $10,000 or, or 50% of their account balance, without incurring a tax penalty. This provision also includes a three-year repayment period.

Participants affected by natural disasters can withdraw up to $22,000 penalty-free. The amount taken must be repaid within three years, or the participant can pay taxes on a non-repaid distribution over three years.

For plan administrators, the penalty-free feature of these provisions reduces the need to calculate and assess the 10% additional tax typically associated with early withdrawals.

Section 101 requires 401(k) plans to automatically enroll participants upon becoming eligible (the employees may opt out of participation). All current 401(k) plans are grandfathered. The initial automatic enrollment amount is at least 3% but not more than 10%, and will increase each year by 1% until it reaches at least 10%, but not more than 15%. Section 101 is effective for plan years beginning after Dec. 31, 2024.

SECURE 2.0 also authorizes, for plan years that began January 1, 2024, the creation of pension-linked emergency savings accounts (PLESAs) by non-highly compensated employees. The U.S. Department of Labor (DOL) defines PLESAs as “short-term savings accounts established and maintained within a defined contribution plan.”

Employers can offer to enroll eligible participants in these accounts beginning in 2024 or can automatically enroll participants.

Some key provisions:

Section 110 permits an employer to make matching contributions under a 401(k) plan with respect to “qualified student loan payments.” For purposes of the nondiscrimination test applicable to elective contributions, Section 110 permits a plan to test separately the employees who receive matching contributions on student loan repayments.

To understand potential 401(k) plan audit implications going forward, contact us.

Timely financial reporting is key to making informed business decisions. Managers must know what’s in the pipeline to respond promptly and decisively. Unfortunately, preparing financial statements under U.S. Generally Accepted Accounting Principles (GAAP) typically takes several weeks. And many companies only produce GAAP financials at the end of the quarter or year. In the meantime, managers may turn their attention to simple “flash” reports.

There are no standards to follow when preparing financial flash reports. But they typically take less than an hour to prepare and rarely exceed one sheet of paper. The goal is to provide management with a snapshot of key financial figures, such as cash balances, accounts receivable aging, collections, and payroll, weekly. Some metrics might even be tracked daily — including sales, shipments, and deposits. This is especially critical during seasonal peaks or when a company has recently restructured.

Each company’s flash reports contain different information. For instance, billable hours might be more relevant to a law firm, and machine utilization rates more relevant to a manufacturer.

Flash reports hone in on what items matter most and how to draw management’s attention. Consider a restaurant, for example. Weekly revenues might be broken down by day of the week or between alcohol and food sales. Restaurateurs also keep close tabs on labor, food, and liquor costs, as well as gross margins.

Comparative flash reports identify trends and exceptions that may need corrective action. For example, you might compare the current numbers to the previous week, the same week in the previous year, or budgeted amounts.

When a company is starting up, aggressively expanding, or struggling, lenders and investors may request copies of flash reports — especially if management has previously failed to meet projections for growth and profitability. But sharing this information can be perilous if stakeholders don’t understand that flash reports are designed for internal purposes only.

Flash reports provide a rough performance measure and are seldom 100% accurate. Adjustments are often made when preparing GAAP financials. In addition, it’s normal for cash to ebb and flow throughout the month, depending on billing cycles.

Managers who rely on stale financial information may be blindsided by unexpected threats and miss out on time-sensitive opportunities. If you understand their limitations, financial flash reports can help bridge the timing gap between daily operations and receipt of GAAP statements. Contact us to help design a flash reporting format that meets your business’s current needs.

© 2023

The Research and Development tax credit is a great way for companies to reduce their tax liability and generate savings that can be reinvested in the businesses. Companies who claim the R&D tax credit must be prepared for a potential audit. Not being ready for an R&D tax credit audit could result in a reduction or complete loss of the credit, plus penalties and interest.

Audits are common for certain tax credits, and the R&D credit is usually on the IRS’s “Dirty Dozen” list. Here are some tips to keep in mind if the IRS or state tax officials select your claim for an audit:

Don’t enter your audit on the defensive or assume this will be an adversarial interaction. You should go in with a positive and collaborative attitude. The goal is to work with the auditor to demonstrate your claim’s validity.

The R&D tax credit was designed to support companies investing in their businesses. It helps to remember that auditors are doing their job to ensure the credit goes to the right companies.

You should provide accurate and complete information and be prepared to answer the auditor’s questions. Keep in mind that the IRS is looking for substance over form, so companies should ensure their R&D activities are well-documented and substantive.

You should ensure you are following the R&D tax credit regulations. This includes ensuring all claimed R&D activities meet the appropriate criteria and that you are recording their R&D expenses properly.

It is crucial to keep proper R&D documentation of all activities and expenses. This should include project descriptions, project timelines, employee time records, and invoices. The documentation should be well-organized, easily accessible, and up-to-date.

Using the wrong percentage for the alternative simplified method or improper use of the fixed base percentage are common mistakes. Similarly, completing the federal or state forms incorrectly is a red flag.

Adjustments to the base period methodology are not unusual as new guidance is released by the IRS or following tax court decisions, but yearly changes are another red flag for auditors. The fixed base percentage under start-up rules is intended to stabilize 11 years after a company’s start of qualified expenditures and revenue. Established companies, barring acquisitions or dispositions, will have a stable percentage starting by the 11^th year of eligibility.

Whoever compiles your credit should use engineers to evaluate and test the credit claim against the requirements, just as the IRS will do during an audit. In-depth interviews with key personnel help the team evaluate activities, making sure only eligible projects are included.

Time-tracking data is the preferred way to determine personnel percentage, but often this isn’t available. It can be tempting to apply a blanket percentage to employees or departments. Individually evaluating personnel is the only viable method. Interviews can help support this detailed approach.

Even if you’ve done an excellent job of segregating costs, entire GL accounts are rarely fully qualified. In many cases, items may be appropriately allocated to a certain cost center, although not all of the items are actually eligible for the R&D credit.

R&D credit audits are not uncommon. To be better prepared, you should keep proper documentation, perform a thorough study, be honest and transparent, and work with qualified professionals.

By following these recommendations, you can help ensure that you are properly claiming the credit and reduce the risk of an IRS or state audit reducing or denying the credit amount. Contact us today to learn more about how we can help your company be better prepared for an R&D tax credit audit.

Data Visualization in accounting and auditing has become increasingly important in recent years. Graphs, performance dashboards, and other visual aids can help managers, investors, and lenders digest complex financial information. Likewise, auditors use visual aids during a financial statement audit to quickly identify trends and anomalies that warrant attention.

Your auditor uses many tools and techniques to validate the accuracy and integrity of your company’s financial records. Data visualization — using a picture to show a relationship between two accounts or how a metric has changed over time — can help improve the efficiency and effectiveness of your audit.

Microsoft Excel and other dedicated data visualization software solutions can generate various graphs and charts that facilitate audit planning. These tools can also help managers and executives understand the nature of the auditor’s testing and inquiry procedures — and provide insight into potential threats and opportunities.

Line graphs and pie charts can help auditors analyze the number, timing, and value of journal entries completed by each employee in your accounting department. Such analysis may uncover an unfair allocation of work in the department — or employee involvement in adjusting entries outside their assigned responsibility area. Managers can then use these tools to reassign work in the accounting department, pursue a fraud investigation or improve internal controls.

Auditors closely monitor certain high-risk accounts for fraud and errors. For example, data visualization can spotlight the timing and magnitude of refunds and discounts, highlight employees involved in each transaction, and potentially uncover anomalies for additional scrutiny.

Auditors analyze and confirm the timing and magnitude of your journal entries leading up to a month-end or year-end close. Timeline charts and other data visualization tools can help auditors understand trends in your company’s activity during a month, quarter, or year.

Line graphs and bar charts can show how your company’s actual performance compares to budgets and forecasts. This can help confirm that you’re on track to meet your goals for the period. Conversely, these tools can also uncover significant deviations that require further analysis to determine whether the cause is internal (for instance, fraud or inefficiency) or external (for instance, cost increases or deteriorating market conditions). In some cases, management will need to revise budgets based on the findings of this analysis — and potentially take corrective measures.

Data visualization allows your data to talk. Auditors use these tools to understand your operations better and guide their risk assessment, inquiries, and testing procedures. They also use visual aids to explain complex matters and highlight trends and anomalies to management during the audit process. Some graphs and charts can be added to financial statement disclosures to communicate more effectively with stakeholders. Contact us for more information about using data visualization in accounting and auditing.

© 2023

Graphs, charts, tables, and other data visualizations can be inserted in your financial statement disclosures to improve transparency and draw attention to key accomplishments. By pairing visual aids with verbal explanations, you can increase the likelihood others understand the information you are sharing. As your organization prepares its year-end or quarterly financials, consider presenting some information in a more user-friendly, visual format.

In business, using so-called “infographics” started with product marketing. By combining images with written text, these data visualizations can draw readers in and evoke emotion. They can breathe life into content otherwise considered boring or dry.

Annual reports are traditionally lengthy and heavy with numbers and text. Some organizations now use visual aids to disclose critical financial information to investors and other stakeholders. In this context, infographics help stakeholders digest complex information and retain key points.

Examples of formats that might be appropriate in financial reporting include:

These graphics can be used to show financial metrics, such as revenue and expenses over time. They can help identify trends, like seasonality and growth rates (or decline), which can be used to interpret historical performance and project it into the future.

Here, data is grouped into rectangular bars in lengths proportionate to the values they represent so data can be compared and contrasted. A company might use this type of graph to show revenue by product line or geographic region to determine what (or who) is selling the most.

These circular models show parts of a whole, dividing data into slices like a pizza. They might be used in financial reporting to show the composition of a company’s operating expenses for budgeting or cost-cutting projects.

This simple format presents key figures in a table with rows and columns. A table can be an effective way to summarize complex time-series data, for example. It can provide a quick reference for information investors may want to refer to in the future, such as gross margin or EBITDA over the last five years.

Effective visualizations avoid “chart junk.” That is, unnecessary elements — such as excessive use of color, icons, or text — that detract from the value of the data presentation. Ideally, each graphic should present one or two ideas, simply and concisely. The information also should be timely and relevant. Too many pictures can become just as overwhelming to a reader as too much text.

In addition to using infographics in financial statements, management may create data visualizations for other financial purposes. For example, they could be given to lenders when applying for loans or to prospective buyers in M&A discussions. An infographic could also be used in-house to help the management team make strategic decisions.

Additionally, nonprofits often use infographics to create an emotional connection with donors. If effective, this outreach may encourage additional contributions for the nonprofit’s cause.

By supplementing text and numeric presentations with visual elements, your organization can communicate more effectively with investors, lenders, donors, and other stakeholders. Contact us to decide how visual aids can help you drive home key points and clarify complex matters.

© 2023

Understanding your objectives, identifying organizational risk, enlisting executive support, and evaluating internal controls are among the keys to developing an effective internal audit function.

Internal audit provides the company, on an ongoing basis, with insights into its performance, policies, and procedures that can improve operational, compliance, and financial risks. Common objectives for an internal audit include:

The first step in developing an effective internal audit function is developing a framework that defines management’s needs and expectations. This will vary depending on the company’s industry but will typically include examining the various categories of risk the organization faces, as well as any specific compliance requirements.

This step should be followed by conversations with leaders in different business units — finance, planning, operations, the audit committee, and others — as the first stages of a broader risk assessment. This will involve asking questions about the organization’s risks and whether the implications of a given risk are material.

You can’t eliminate risk completely, but instead, you want to develop a cross-functional view of the appropriate thresholds, so you’re devoting time and resources most effectively during the internal audit.

It’s also important for the organization to designate an executive sponsor of the internal audit function to highlight unequivocally the organization’s commitment to compliance and ethical behavior. Everyone participating in or supporting the audit needs to understand the organization will accept any findings and address shortcomings discovered during the audit process. If people believe the audit will not result in action, the process can become an unproductive exercise that wastes time and money.

Together, these steps will help the company define the scope of the internal audit and optimize management’s risk tolerance, as well as the thresholds for testing during the audit. For example, reviewing the approval of $49 transactions may not be an appropriate use of internal audit’s time.

This discussion also will help you design the objectives and attributes of the tests you will perform during the audit process. This may include, for example:

The next step is scheduling time with management, process owners, and other key participants to align the audit process with the organization’s calendar to avoid intrusions during busy seasons or other important periods. You probably can’t eliminate the perception that the audit is interrupting routine work, but working to accommodate peak periods will improve cooperation and the effectiveness of the audit overall.

With this plan in place, you can launch an internal audit process knowing that it’s backed by a carefully designed, well-reasoned plan that’s aligned with the company’s financial, operational, and compliance risk management objectives.

Whether you’re looking to establish, enhance, or outsource your internal audit function, we provide ‘right-sized’ audit support to assist you. For more information about optimizing the value of your SOX investment, reach out to our team.

Technology companies often operate at a loss, especially in their early stages, as they work to develop their product or service and grow their revenue. When this is the case, the company’s auditor will likely place a heavy emphasis on evaluating the company’s going concern disclosures.

To remain a going concern, a company must have the resources to continue its operations for the foreseeable future. Financial statements are generally prepared using the assumption that a business will continue to be a going concern.

Management is required to assess whether there are existing conditions that raise substantial doubt about the company’s ability to continue as a going concern. If substantial doubt exists, management must evaluate its plans (and the effectiveness of those plans) to alleviate this risk. This assessment will then be evaluated by the company’s external auditor.

The going concern assessment should be based on whether it is likely the company will not be able to fulfill its obligations within one year of the date the financial statements were issued.

Under U.S. accounting standards, certain disclosures are required if any conditions give rise to substantial doubt about the company’s ability to continue as a going concern. The disclosures should include:

If management’s plans do not alleviate the substantial doubt, the disclosures must also include a statement that there is substantial doubt about the company’s ability to continue as a going concern. In this circumstance, the audit report will also include an emphasis on the matter paragraph regarding the existence of substantial doubt.

A company’s auditor will be required to obtain appropriate evidence to evaluate management’s assessment regarding its ability to remain a going concern. To obtain this evidence, an auditor will likely request the following information from management:

If your business needs assistance regarding your going concern disclosures or assessment, contact us. Our auditors can help you understand how the assessment will affect your financial statement disclosures.

If you have declining profits compared to revenue and assets, your financial statements may provide insight into what’s happening and how to improve your performance.

As you sell more and invest in additional assets, profits should, in theory, increase proportionately. However, that’s not always the case. Ratios to watch for a decline include:

For all three profitability ratios, look at two key elements: changes between accounting periods and differences from industry averages.

If these ratios are declining, it’s important to find the cause. If the whole industry suffers, the decline is likely part of an external trend. If the industry is healthy, yet a company’s margins are falling, perhaps management has lost control of costs — or maybe vendor or receivables fraud is to blame. To find the root cause, it’s often helpful to study the main components of the income statement.

If the top line (gross sales or revenue) has declined, your overall profit margin will fall because there is less revenue to spread fixed costs over. To determine if this trend is company-specific or industrywide, look at revenue trends of public companies in the same industry. Also, monitor trade publications, trade associations, and relevant online sources for information.

This category of expenses is a function of raw materials, labor, and overhead elements. Direct materials and labor should be controllable and historically represent a consistent percentage of revenue.

Overhead is mostly fixed and shouldn’t significantly increase unless the company has changed (for example, purchased new equipment, changed its depreciation policy, or relocated its production facility). Examine those elements to determine whether overhead is increasing or decreasing and how the ebb and flow applies to the gross margin, which is simply revenue minus cost of goods sold.

Check whether selling and administrative cost items increased significantly. This section of the income statement can also reveal if you’re trying to determine whether a profit margin decline arose from deteriorating industry conditions or weak management.

Need help solving the mystery of your disappearing profits? Our auditors can use your financial statements to help compute financial statement ratios, identify problem areas and find solutions to get your performance back on track. Contact us to get help with your declining profits.

© 2023

Analytical procedures can make audits more efficient and effective. First, they can help during the planning and review stages of the audit. However, analytics can have an even bigger impact when supplementing substantive testing during fieldwork.

The Association of International Certified Professional Accountants (AICPA) auditing standards define analytical procedures as “evaluations of financial information through analysis of plausible relationships among financial and nonfinancial data.” Analytical procedures also investigate “identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount.” Examples of analytical tests include trend, ratio, and regression analysis.

During fieldwork, auditors can use analytical procedures to obtain evidence, sometimes in combination with other substantive testing procedures, that identify misstatements in account balances. Analytics are often more efficient than traditional, manual audit testing procedures that typically require the business to be audited to produce significant paperwork. Traditional procedures also usually require substantial time to verify account balances and transactions.

Analytical procedures generally follow these five steps:

When using analytics, the auditor must establish a threshold that can be accepted without further investigation. This threshold is a matter of professional judgment, but it’s influenced primarily by materiality and the desired level of assurance.

For differences due to misstatement (rather than a plausible explanation), the auditor must decide whether the misstatement is material (individually or in the aggregate). Material misstatements typically require adjustments to the amount reported and may also necessitate additional audit procedures to determine the scope of the misstatement.

Done right, analytical procedures can help make your audit less time-consuming, less expensive, and more effective at detecting errors and omissions. However, it’s important to notify your auditor about any major changes to your operations, accounting methods, or market conditions during the current accounting period.

This insight can help auditors develop more reliable expectations for analytical testing and identify plausible explanations for significant changes from the balance reported in prior periods. Moreover, now that you understand the role analytical procedures play in an audit, you can anticipate audit inquiries, prepare explanations, and compile supporting documents before fieldwork starts.

Looking for guidance on how to integrate analytical procedures into your audit process? Our experienced professionals are here to help. Contact us now to get started.

© 2023

The IRS uses Audit Techniques Guides (ATGs) to help IRS examiners get ready for audits. Your business can use the same guides to gain insight into what the IRS is looking for in terms of compliance with tax laws and regulations.

Many ATGs target specific industries or businesses, such as construction, aerospace, art galleries, child care providers, and veterinary medicine. Others address issues that frequently arise in audits, such as executive compensation, passive activity losses, and capitalization of tangible property.

The IRS compiles information obtained from past examinations of taxpayers and publishes its findings in ATGs. Typically, these publications explain:

By using a specific ATG, an examiner may, for example, be able to reconcile discrepancies when reported income or expenses aren’t consistent with what’s normal for the industry or to identify anomalies within the geographic area in which the taxpayer resides.

ATGs cover the types of documentation IRS examiners should request from taxpayers and what relevant information might be uncovered during a tour of the business premises. These guides are intended in part to help examiners identify potential sources of income that could otherwise slip through the cracks.

Other issues that ATGs might instruct examiners to inquire about include:

One Audit Technique Guide focuses specifically on cash-intensive businesses, such as auto repair shops, check-cashing operations, gas stations, liquor stores, restaurants and bars, and salons. It highlights the importance of reviewing cash receipts and cash register tapes for these types of businesses.

Cash-intensive businesses may be tempted to underreport their cash receipts, but franchised operations may have internal controls in place to deter such “skimming.” For instance, a franchisee may be required to purchase products or goods from the franchisor, which provides a paper trail that can be used to verify sales records.

Likewise, for gas stations, examiners must check the methods of determining income, rebates and other incentives. Restaurants and bars should be asked about net profits compared to the industry average, spillage, pouring averages and tipping.

Some guides were written several years ago and others are relatively new. There is no guide for every industry. Here are some of the guide titles that have been revised or added this year:

To access the complete list of ATGs, visit the IRS website.

Although Audit Techniques Guides were created to enhance IRS examiner proficiency, they also can help small businesses ensure they aren’t engaging in practices that could raise red flags with the IRS. For more information on the IRS red flags that may be relevant to your business and your right ATG, contact us.

© 2023

An organization’s internal controls are the rules, policies, and procedures specifying how various functions are carried out, as well as measures designed to verify those procedures are being performed effectively.

Management is responsible for developing an appropriate system of internal controls, but every employee is responsible for following and applying those practices. They are established to help an organization achieve its objectives supported by strategic, financial, and operational initiatives. At a tactical level, internal controls help organizations and management prevent errors in routine functions, reduce fraud risk, and identify and correct any problems that may arise.

Internal controls typically fall into two broad categories, which include preventive and detective controls.

Preventive controls are designed to avoid errors or misclassifications. This includes the segregation of duties designed to reduce fraud risk. For example, having someone reviewing invoices and someone else sending payments.

Detective controls are designed to identify an error or misclassification after it has occurred. Common measures include records reviews, account reconciliations, and physical inventories. One example is reconciling the general ledger to various accounts, such as reconciling cash to ensure the balance on the organization’s books matches its bank balance.

Beyond a compliance focus, organizations that support strong governance, internal controls, and risk management demonstrate stronger performance than their peers that ignore these important success factors.

A strong system of internal control will depend on identifying, establishing, and maintaining controls based on certain key components. There are several established control frameworks to aid management. No specific framework is required, and management may utilize any of their choice.

Leveraging from an established and commonly used control framework adds to the flexibility, reliability, and cost-effectiveness of management’s approach to the design and evaluation of internal controls. An example is the 2013 COSO Framework (Committee of Sponsoring Organizations of the Treadway Commission), which focuses on five components of internal control detailed below.

Often described as “tone at the top,” the control environment describes a set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.

The risk assessment forms the basis for determining how risks will be managed. A risk is defined as the possibility that an event will occur and adversely affect the achievement of organizational objectives. Risk assessment requires management to consider the impact of possible changes in the internal and external environment and to potentially take action to manage the impact.

Control activities are actions (generally described in policies, procedures, and standards) that help management mitigate risks in order to ensure the achievement of objectives. These can include segregating duties, transaction review and approval, and routine account reconciliation.

Information is obtained or generated by management from both internal and external sources in order to support internal control components. Communication based on internal and external sources is used to disseminate information throughout and outside of the organization, as needed to respond to and support meeting requirements and expectations. The internal communication of information throughout an organization also allows management to demonstrate to employees that control activities should be taken seriously.

Monitoring activities are periodic or ongoing evaluations to verify that each of the five components of internal control, including the controls that affect the principles within each component, are present and functioning.

In addition to a strong control environment, an organization should have an internal audit function (either on a staff or outsourced basis) to verify the effectiveness of its internal controls. For example, internal auditors will help management assess the design of the controls as well as the organization’s risks, and update management and the audit committee on the performance of those controls. Internal auditors can also help the organization prepare for its external audit.

Vital internal audit functions include:

No system of internal controls is perfect. However, there are conditions that may undermine internal controls, which include:

Communication and monitoring must be consistent to ensure gaps in internal control do not occur. This is a task made more complex as an organization’s control environment is constantly evolving.

Whether you’re looking to establish, enhance, or outsource your internal audit function, we provide ‘right-sized’ audit support to assist you. For more information about optimizing the value of your SOX investment or want to learn more about internal controls, contact our team.