The corporate scandals of Enron, WorldCom, and Tyco in the early 2000s have forever changed how management and investors view risk management programs. Circumventing controls and exposing a business to increased risk is a recipe for disaster that could result in reputational damage.

Despite management’s good faith efforts to implement comprehensive risk assessments and mitigation programs, the percentage of successful implementations remains relatively low. Gladly, there are some clear indicators that your risk assessment may be falling short.

Risk assessments often result in a substantial amount of documentation that is filed away once completed. However, if the risk management process is not incorporated into daily business processes, it becomes a “check-the-box” exercise, and the benefits are never realized. To be effective, it needs to be refreshed as the business changes and should be continuously updated.

When performing risk assessments, companies tend to identify generic risks. For example, they may conclude that there is a “risk or fraud,” which is too generic. Instead, potential fraud scenarios should be identified, including who the likely perpetrators are, how they could conceal the fraud, and how the potential fraud could be prevented.

Many companies utilize a top-down approach, which is great for identifying strategic risks. Others prefer a bottoms-up approach, which is better for identifying operational risks. However, each one provides only a partial view. Having the perspectives of both executive management and operational staff is necessary for developing a holistic view of the organization’s risk exposures and ways to mitigate them.

When issues are identified, remediation efforts often address the symptom but fail to treat the root cause of the problem. As a result, the root cause goes unresolved and the risk of further issues remains high.

Risk assessments are often done by someone independent of the business process, such as the Compliance person, and sometimes without getting buy-in or feedback from the business area. This can result in incorrect assumptions being used, leading to poor process documentation and incorrect controls.

A best practice would be to have three components to your business risk assessment:

Being aware of potential pitfalls is the first step toward effective mitigation. If you would like to learn more about how we can help improve your business’s risk assessment process, please contact us.

In this blog post, we will explain what SOX is and how your business can be compliant. We’ll also provide some resources to help you get started.

Since signed into law in 2002, Sarbanes-Oxley (SOX) compliance has become one of the most historically significant reforms to U.S. security legislation. To increase transparency and create a more formalized system of internal checks and balances, SOX essentially measures how well a company manages its internal controls.

Broad ranged and crucial to success, SOX affects financial governance and accountability, data storage and transmission, and information technology. The goal is to safeguard investors against inaccurate or unreliable corporate disclosures.

Strictly enforced and far-sweeping, SOX has affected global markets far more than expected. In an interdependent world, it has proven critical to understand, implement, and maintain the proper controls and compliance rules set forth by SOX. SOX noncompliance penalties range in severity and can result in fines and removal from the Public Stock Exchange.

To avoid noncompliance issues, it is extremely important to have a well thought out strategy. All SOX implementations and ongoing maintenance will follow these general steps:

Perform a SOX-based risk assessment and determine the scope of business units and processes to be included. Based on an understanding of transactional processes and financial misstatement risk, determine what key controls are required and design them to mitigate significant risks effectively. Considering risk periodically is critical, as a company’s risk profile can change dramatically throughout the year, especially in a high-tech or equally dynamic industry.

Tip: The controls (and thus their design) should be reviewed periodically as circumstances change (i.e., acquisition, new product launch, new markets, growth, or downturn), but at least annually.

Key controls require sufficient documentation so that the process can be properly performed and replicated. Anyone performing control activities should be clear on how to perform and document them consistently, and internal and external auditors should be able to test controls for compliance easily.

Tip: The keyword for documentation is “sufficient.” Over documentation, especially in the first year, is a serious resource consumer. Reaching the documentation balance requires experience and perspective, so be sure to consult with your internal audit and external auditors to stay on track

All key controls must be periodically tested with the appropriate samples to gather evidence and support a conclusion about the effectiveness of management’s controls. The nature and extent of testing should be discussed early in the process, to ensure management and external auditors agree. Having this agreement will enable external auditors to place greater reliance on management’s testing.

Tip: Year after year, testing will consume much of your SOX budget. Spend time and effort to ensure you have the most efficient and effective test resources available. A highly efficient test program will include experienced testers, executing well-developed test plans, utilizing appropriate technology and proven procedures.   

Testing results will be compiled and evaluated to determine if there are deficiencies and, if so, their severity. There are three levels of deficiencies:  deficiencies, significant deficiencies, and material weaknesses. There is a lot written about the technical definition of deficiencies, but the practical concerns with each are as follows:

Deficiency – a control did not operate as “advertised,” but the resulting impact is insignificant. Correct the problem and learn from it. Report the issue to management and share it with external auditors.

Significant deficiency – a control did not operate effectively and the impact was close to material, but not quite. This must be reported to management, external auditors, and the audit committee.

Material weakness  – one or more controls failed and the result was, or could have been, a material misstatement to the financials. This level requires full public disclosure in the financial statements.

Tip:  Developing a highly effective test program can help you find issues early, which will help you correct problems before they escalate beyond a simple deficiency.

SOX compliance may seem daunting, but it doesn’t have to be. By following our tips and partnering with a qualified consultant, you can ensure your company is on track for compliance. Have questions about SOX or need more information? Contact us – we’re here to help!

Major events or transactions — such as a natural disaster, a cyberattack, a regulatory change or the loss of a large business contract — may happen after the reporting period ends but before financial statements are finalized. The decision of whether to report these so-called “subsequent events” is one of the gray areas in financial reporting. Here’s some guidance from the AICPA to help you decide.

Financial statements reflect a company’s financial position at a particular date and the operating results and cash flows for a period ended on that date. However, because it takes time to complete financial statements, there may be a gap between the financial statement date and the date the financials are available to be issued. During this period, unforeseeable events may happen in the normal course of business.

Chapter 27 of the AICPA’s Financial Reporting Framework for Small- and Medium-Sized Entities classifies subsequent events into two groups:

Generally, the former must be recorded in the financial statements. The latter events aren’t required to be recorded, but the details may have to be disclosed in the footnotes.

To decide which events to disclose in the footnotes, consider whether omitting the information about them would mislead investors, lenders and other stakeholders. Disclosures should, at a minimum, describe the nature of the event and estimate the financial effect, if possible.

In some extreme cases, the effect of a subsequent event may be so pervasive that your company’s viability is questionable. This may cause your CPA to re-evaluate the going concern assumption that underlies your financial statements.

If you’re unsure how to handle a subsequent event, we can help eliminate the guesswork. Contact us for more information.

© 2023

There are many reasons why a person may choose to work at one company over another. From casual dress codes, unlimited vacation days, and remote work opportunities, today’s job perks run the gamut. But one employee incentive undoubtedly takes the cake regarding recruitment and retention power — equity.

Simply put, having equity in a company means you have a stake in the business and its success. In 2021, major Initial Public Offering (IPOs) like Coinbase, Rivian, and Bumble resulted in thousands of employees owning shares of large enterprises virtually overnight.

With plenty more IPOs on the horizon for 2022, many hopeful employees are considering the likelihood that their stock options and restricted stock units (RSUs) will produce major payouts. Before you start shopping for an island in the Caribbean, there are certain factors to look at when evaluating your equity and your potential benefit.

Equity packages come in many shapes and sizes, from initial signing bonuses to compensation packages and promotions. When considering the pros and cons of joining or staying with a company, you will likely want to evaluate just how lucrative that equity may be in the future. To do that, remember that equity is only valuable if your company is successful; therefore, it’s crucial to think like an investor and consider the company’s growth potential before investing your time and effort.

Return on your equity typically comes as a liquidity action, like an acquisition or IPO. The value produced by one of these exit routes will ultimately drive the return on your equity. Your equity represents a percent of your company, and that ownership as a percentage of the overall company value equals the value of equity you hold.

It’s helpful to look at this in terms of the equation A x B = C, where your percent ownership (A), times the company’s value (B), equals the equity you own (C).

However, due to things like liquidation preferences (which determine who gets paid first and at what return), things may not always be a straightforward equation. Your percentage of ownership is the number of shares you have (or shares you have the option to buy) divided by those fully diluted shares outstanding. While this information is not always readily accessible, you will likely find these figures in your offer letter or the company’s equity management platform, like Carta.

When determining your ownership, it’s also essential to consider the number of shares you own or have the opportunity to own. In this case, vesting and dilution are the two critical things to consider.

Typically, options and RSUs follow a four to six-year vesting schedule, meaning you can’t exercise your option (or pay to turn your option into actual stock) until that vesting date is reached. This comes into play when considering leaving the company before your options are fully vested.

However, many companies have accelerated vesting or early exercise options where options may vest quicker than the typical four-year minimum or become 100% vested in the event of an acquisition. The vesting schedule and terms will be spelled out in your option grant details.

Dilution causes your ownership percentage to shrink, consequently reducing your equity value (think back to the equity equation). Early-stage companies raise multiple financing rounds, thus diluting your piece of the pie as more and more shares are issued to investors. The same thing also happens when more stock options or RSUs are granted to employees.

Not to worry, dilution isn’t all bad news. With early-stage companies, each round of financing creates new value within the company. As the company’s value goes up, your piece of the pie can grow exponentially. Therefore, considering the potential growth and value of your company in the future, particularly at the time of an acquisition or IPO, is a significant factor in examining what your equity may be worth.

Need advice on using equity as an employee benefit? Get in touch with our team of employee benefit experts today.

New standards have been released for reporting on financial statements of employee benefit plans (EBP). The changes are intended to enhance the quality and transparency of ERISA plans for both the participants and reporting agencies (i.e. ERISA, DOL, etc.) by prescribing certain audit procedures.

Under the new standard, “limited-scope” audits will now be referred to as “ERISA Section 103(a)(3)(c)”. This change is effective for all EBP plans with years ending after December 15, 2021. The changes will largely impact the audit’s presentation and documentation but should have no significant changes to the requirements of the plan administrator.

There are new requirements for plan auditors in all phases of the audit. Areas with key changes include:

Before engagement acceptance, auditors are now required to obtain management’s written acknowledgment of their responsibility in the following:

When management elects to have an ERISA Section 103(a)(3)(c) audit, the auditor must:

Plan management will need to provide a substantially complete draft of Form 5500 prior to dating the auditor’s report.

At the conclusion of the engagement, the auditor will request written acknowledgment from management of the same matters obtained before engagement acceptance. In addition, management will need to provide written acknowledgment that they have provided the auditor with the most current plan instrument for the audit period, including plan amendments.

Auditors must now evaluate whether certain matters identified during the audit result in “reportable findings”. Reportable findings include:

Auditors and plan management may establish what would be considered a reportable finding during the engagement planning process. The auditor must communicate in writing to those charged with governance, on a timely basis, reportable findings from the audit procedures performed. The written communication should include a description of the reportable findings, the context for the communication, and an explanation of the potential effects of the reportable findings.

Get in touch with our EBP team today if you have any questions about ERISA Section 103(a)(3)(c) or if you would like to talk about your company’s plan. Our team of experienced employee benefit plan auditors makes the 401(k) audit process simple and efficient. Our goal is to offer you a streamlined process with third-party communication — giving you more time to focus on your business, not filing through compliance documents.

Cryptocurrency is a form of money available in a digital or electronic form, also known as a Digital Asset. The AICPA classifies cryptocurrency as a ‘Digital Asset,’ which it defines as “A digital record that is made for verification and security purposes. Digital assets are also referred to as cryptocurrencies, such as Bitcoin. These new digital assets are in digitized form and are recorded and stored on a distributed ledger, known as a blockchain.”

Bitcoin and other digital assets can be used for investment, operational and transactional purposes. Large companies such as Starbucks, AT&T, and PayPal have started accepting various cryptocurrencies as payment for their goods and services. Wikipedia also allows donations in Bitcoin, and Microsoft accepts Bitcoin payments to top up your Microsoft account.

As of 2021, there are over 31K crypto ATMs worldwide where you can purchase Bitcoin and other digital assets with deposited cash.

Cryptocurrencies have become popular for their ability to transfer assets in real-time with little to no transaction fees. The network structure is “peer-to-peer,” so there is no middleman, no brokerage fees, and usually no transaction commissions. The nature of the blockchain ledger provides a level of transparency and clarity in transacting that allows for easily established audit trails. Transaction information is cemented in the blockchain and cannot be edited or deleted after the transaction.

Cryptocurrency also allows you to send and receive currencies internationally in an easier and more cost-effective way. By their nature, cryptocurrencies are not subject to exchange rates and costly transaction charges common in the international marketplace.

The cryptocurrency and digital asset space changes every day. Not even the most highly knowledgeable individuals can predict where this innovative technology is heading. Many feel that digital assets will change the modern financial banking system as we know it. Others think that factors such as governmental regulation will slow or even eliminate growth and adoption.

In November 2021, the Infrastructure Investment and Jobs Act (H.R. 3684) was voted into law, which included Section 80603, “Information Reporting for Brokers and Digital Assets”. This law section created various new rules and requirements for cryptocurrency exchanges.

Namely, all US cryptocurrency exchanges (such as Robinhood, Coinbase, and BinanceUS) are now considered brokers under the traditional sense of the term. This means these cryptocurrency exchanges will now be regulated by the same laws as household name brokers such as TD Ameritrade or Charles Schwab.

Another result of this new law states that Digital Assets will be treated like all other securities regarding capital gains and losses. Digital Assets will be regulated like stocks and bonds under the Securities and Exchange Commission (SEC).

Reporting requirements under the new law have also been strengthened considerably. Cryptocurrency exchanges are now required to report specific information to both the IRS and their customers. Required information includes gross proceeds of the sale of digital assets, capital gains and losses, and other customer information such as name, address, and phone number of investors.

These new requirements change the landscape of the cryptocurrency space in the United States. Are cryptocurrency exchanges in a position to abide by these new reporting conditions? Is it plausible to put the onus on exchanges to accurately track and report gains and losses for every single customer transaction on their platform so early in the development of the industry? These questions are top of mind for all cryptocurrency advocates, investors, and professionals.

Section 80603 of the Infrastructure Investment and Jobs Act will be enforced federally, and adhering to these increased regulations may send entrepreneurs and innovators abroad to more easily build and develop their cryptocurrency technology.

With the uncertainty surrounding the industry, it is extremely difficult to predict where the space is truly heading. Being informed about cryptocurrency’s meteoric rise onto the financial world stage can position you in a way to more easily adapt to the continually changing technology.

We have seen the growth of Cryptocurrency and how much it has affected today’s economy. Currently, we do not offer cryptocurrency-specific services, but our practice staff has experience working with and auditing cryptocurrency. Visit our audit page to see the services we offer or contact us.

Working with an auditor for the first time can be intimidating. Due to the nature of an independent auditor’s role, many people assume that they are solely out to find the mistakes and errors you’ve made. The reality is that the relationship is all about collaboration and joint problem solving.

When you work with us on an attest engagement there is no contentious environment, we’re there to help you through it as a trusted advisor. You can rest easy knowing that we are on the same team with our shared efforts of accurate financial reporting and helping your company reach its goals.

We are available year-round for support. Working with your auditor outside of the traditional season is a great way to ensure nothing goes amiss come the official audit. Throughout the year, you can lean on us for assistance and to discuss any issues you’re trying to overcome.

Discussing unusual and complex transactions with the our team in real time is a great way to avoid adjustments. Proactively involving your auditors early in the process gives us the insight to be predictive in our efforts to assist you, instead of being reactive to past events.

If you’ve entered into an unusual transaction, we recommend reaching out to your audit team so it can be accounted for correctly the first time around, as opposed to adjustments being made after year end while we perform our testing procedures.

While the list is vast, a few areas to involve your auditors would include:

Revenue recognition under Topic 606, Revenue from Contracts with Customers, was a huge undertaking for many private companies when the standard went into effect in 2019. If your company implements new streams of revenue during the year, or enters into unusual contracts with customers, proactively reaching out to your audit team to understand how and when those contracts should be recognized is a great way to avoid mishaps after year end.

If you purchase a business, you’ll need support to correctly account for the transaction using the acquisition method. We can help you through the complex and multi-step process of identifying the acquired assets and liabilities at the proper value, and accounting for any gain or loss on the transaction.

Whether your company is changing an accounting principal due to an allowance and voluntary change in preference, or due to a mandatory change required by an update to accounting standards, it is best to involve your auditors in the adoption of the principal as they can be difficult to implement or have a significant impact on prior and future fiscal periods.

Your audit team will obtain a current understanding of your controls to best assess your business. We will perform “walkthroughs” to identify key internal controls, how controls are implemented, and any areas where controls need improvement. We’ll provide information on where fraudulent items or errors might be able to break through your controls can be strengthened. With our help you can increase your confidence in your controls, and spend less time worrying about financial matters and more time on the things you enjoy.

At Sensiba, we focus on providing businesses with personalized audit and assurance services designed to enhance strategic planning and ease the stress of compliance and reporting. We will help you assess and strengthen the quality of information you use to make critical decisions, formulate solutions to your business problems, and evaluate your company’s financial performance.

Our team of knowledgeable professionals is here to make your audit process smooth, approachable and suited to your business structure. Reach out today to get started.

Along with providing an infusion of capital to a growing company, going public brings strict financial reporting and compliance requirements that must be in place well before the offering.

To meet investor expectations for a timely closing and regulatory requirements to provide accurate disclosures, pre-IPO companies need to have the right people, processes, and technology in place to meet their needs as a public company.

An important early step is assessing the skills and capabilities of the organization’s finance team. Management needs to be sure the team can meet the complex reporting and compliance needs of a public company, such as developing adequate internal controls and preparing accurate financial reports on a timely basis.

Financial planning and analysis skills are also critical since investors expect accurate forecasts about key metrics such as the company’s revenue, business outlook, net income, and operating cash flow. Being able to develop and share accurate forecasts is valuable in informing investors and avoiding potential surprises.

Perhaps the most obvious difference between public and private companies is the requirement to report financial and operating results quarterly. The finance team must close the books and report the company’s results quickly and accurately. It will need to develop and follow an efficient, repeatable process.

At least a year before the offering, it’s important to schedule quarterly rehearsals of the reporting process as if the company were public. Practice the multiple steps in closing the books, preparing an earnings release, and holding a mock investor call. This ensures the company’s finance team and management are familiar with the process when they must disclose actual earnings after the offering.

Another important part of the reporting process is establishing metrics to help management explain the company’s results to investors. Along with determining the most appropriate metrics, management should be ready to explain why they chose a specific metric and why it’s helping in understanding the company’s performance.

Similarly, the company will need to establish and document its internal controls, as well as the reasons behind the controls they create.

Another critical step in preparing for an IPO is upgrading the company’s financial tools to support these new reporting requirements and regulatory disclosures. Spreadsheets, for example, that may have been sufficient in the early stages of the company won’t allow the finance team and management to develop reports quickly. This will likely require manual workarounds (such as copying data between applications and reformatting documents) that take time and can introduce errors and delay the close process.

It’s more effective and efficient to implement a scalable financial management solution such as Sage Intacct that enables companies to automate the reporting process and general ledger entries, and to help the finance team close the books and prepare quarterly reports more rapidly and accurately.

Effective financial management will also provide management with daily visibility into the company’s revenue and treasury activities, and will offer data analysis and reporting tools to speed the closing process, offer insights into the company’s performance and trends, and support more strategic decision-making.

Overall, pre-IPO companies must act as if they are public before the initial public offering. Creating and honing the company’s processes and technology tools will help it be better able to operate as a public company and be ready and able to meet strict disclosure requirements and satisfy investor expectations.

For more information on preparing for IPO with Sage Intacct, reach out to our team for a consultation and demo.

Private or smaller publicly traded companies that proactively employ internal controls over financial reporting benefit from the following:

Formalizing or enhancing internal controls, like those expected of larger public companies, results in more reliable financial reporting and increases the credibility of management’s operations for bankers, investors, regulators, and other stakeholders.

Providing reliable financial information enables the company to produce financial statements with greater integrity and transparency. Internally, management can also make more effective decisions about the organization’s strategy, critical to maintaining a competitive advantage and potentially preparing for a public offering or a strategic transaction.

Understanding and documenting the company’s transactional flows, leads to a clearer understanding of financial risk. This, in turn, enables management to focus on control design. Effective controls help management realize and focus on the highest-risk areas – to optimize its financial reporting, operations, and compliance.

Through this analysis, management can better identify, streamline, and potentially automate, processes that divert staff attention from critical activities. One additional benefit – by centralizing process and controls documentation, management can reduce audit-related expenses.

That said, obtaining and reporting the right financial information depends partly on how well management identifies and mitigates financial statement risks. This may seem complex and challenging. However, it becomes manageable with the right messaging, methodology, and discipline across the organization — regardless of the company’s size, complexity, or structure.

For private companies that often lack a dedicated compliance resource, we recommend enlisting the help of experienced SOX advisors who will work with you to outline a roadmap, mitigate disruptions, and bring expertise to streamline the process and train staff.

For questions or more information related to an internal audit, controls optimization, or SOX compliance, contact our team.

You have worked hard to develop your business, and your efforts have paid off! Now you have a thriving business. You employ lots of employees, have a wider geographical reach, and have built relationships with lots of vendors. You have always been involved in every aspect of your business, but now it is too big for you to be directly involved with every part of the operations. Do you find yourself asking these types of questions?

If any of the above or similar thoughts have been weighing on you, having an internal audit might give you peace of mind.  So, what is involved with having an internal audit?

The internal audit process is not a cookie-cutter, one size fits all process. The process can be tailored to the specific needs of the organization. With that said, it would generally include some basic steps that will be discussed below.

The first step is to identify the key risks inherent to the organization that could prevent it from achieving its goals. This phase identifies “what can go wrong?” And if they do go wrong, would it have a high, moderate, or low negative impact? This phase is accomplished with the involvement of the key people in the organization who are knowledgeable about its various processes. The company’s management is usually aware of the various risks, but there could be important risks that are being overlooked.

The second step involves identifying what internal controls were implemented to mitigate the various risks faced by the organization. This exercise is intended to highlight if there are gaps (risks where no mitigating controls have been implemented). A side benefit is the identification of redundancies — risks where there are too many controls implemented, usually resulting in the cost of the controls outweighing the expected benefits. A comparison of the inherent risks and the controls in place results in the residual or net risk.

The internal auditor determines what areas will be included in the audit testing. Audit coverage usually focuses on the higher risk areas and the related key controls in those areas. If the internal audit is conducted in an advisory capacity for management, the nature and scope of the testing are subject to agreement with management. In this phase, various administrative tasks are performed, such as identifying and scheduling the internal audit resources with the requisite knowledge to perform the testing.

The internal audit function can serve as the eyes and ears of management. They can serve in an advisory capacity to management by performing testing to determine if the implemented controls are actually in place and working as intended. The methods used by the internal auditors to obtain evidence to support their conclusions are: inquiry, observations, inspections of records, and reperformance. Inquiry is the weakest form of audit evidence while inspection of records and reperformance are considered the strongest.

In this step, the results of the audit testing are summarized. The internal auditor determines if the exceptions represent a trend or are isolated cases. Exceptions that are pervasive (represent a pattern or trend) are then communicated to management.

Remediation is management’s responsibility. The internal audit usually comes in after corrective actions have been implemented and performed testing to verify that remediation efforts are successful in addressing the issues that were identified. Since remediation efforts can be like a New Year’s resolution that is practiced for one or two months and then forgotten for the rest of the year, an internal audit lets the newly implemented control mature before performing follow-up testing.

Read our article “How to Improve Your Internal Audit Process” to take your process to the next level.

If you would like more information about how an internal audit can help your company or would like a brief demonstration to experience how we operate, don’t hesitate to get in touch with us for a free consultation.

Your business needs financial statements so management can monitor performance, attract investment capital and borrow money from a bank or other lender. But not all financial statements are created equal. Audited statements are considered the “gold standard” in financial reporting. While public companies are required to issue audited statements, smaller, privately held organizations have options. CPAs provide three other types of financial statements, which, in order of descending level of diligence, are: reviews, compilations and preparations.

Here’s some insight into the newest and most basic financial reporting service available to private businesses — preparations — and how these engagements differ from compilations.

Financial statement preparations are often created as part of bookkeeping or tax-related work. While some lenders may accept preparations in support of small lending arrangements, preparations are generally reserved for internal purposes to provide information on the business’s current financial condition and as a basis of comparison against future accounting periods.

Preparations provide no assurance regarding the accuracy and completeness of the financial statements. Assurance is critical if you plan to share the financial statements with third parties. Generally speaking, the greater the level of assurance, the more trust a reader will have in the accuracy and integrity of your company’s financial statements.

In addition, professional standards don’t require CPAs to be independent of a business when preparing its financial statements. In other words, it’s OK for an accountant to have a financial interest in a company that he or she prepares financial statements for.

To avoid misleading any third parties who might receive a copy of these statements, each page of a prepared financial statement must include a disclaimer or legend stating that no CPA provides any assurance on the financial statements. In addition, prepared financial statements must adequately refer to or describe the applicable financial reporting framework that’s used and disclose any known departures from that framework.

Like preparations, compilations provide no assurance that the financial statements are accurate and complete. And independence isn’t required when issuing compiled financial statements. But there are subtle differences when moving from a preparation to a compilation.

A compilation involves the assurance of a formal report by a CPA who’s required to read the statements and evaluate whether they’re free from obvious material errors. The CPA’s report appears on the first page, before the financial statements. If the CPA isn’t independent of the business, he or she must disclose this fact in the report.

Notably, the use of a compilation of financial statements can extend beyond the business owner to third parties, including investors, business partners and lenders who may view the input of a CPA as beneficial.

Preparations may be a cost-effective way for small business owners to monitor performance. But they provide limited usefulness as a business grows and needs to interact with third parties. Eventually, prepared statements may need to be upgraded to a compilation, review or audit to give stakeholders greater assurance about the company’s financial results. Contact us to determine which type of financial statement is right for your current situation.

© 2023

For years, manufacturers have had an increasingly difficult time finding, attracting, and retaining skilled laborers. In the wake of the COVID-19 pandemic, these concerns have become even more pressing. A recent Reuters article notes that while the manufacturing industry continues to bounce back from pandemic uncertainties and demand slowdowns, potential growth is being limited by a continued labor shortage despite a record number of job openings.

This labor shortage is worsening an already fractured supply chain, as the shipping and warehousing industry has been hit particularly hard by the ‘Great Resignation’, which has seen a record number of workers leave their jobs in the midst of the pandemic. In a recent survey by the US Chamber of Commerce, over 90% of state and local chambers identify labor shortages as a factor limiting economic growth.

But in the face of so much economic uncertainty, what can be done to ease these concerns?

Retaining existing employees is more efficient and cost effective than hiring new employees. The Society for Human Resource Management (SHRM) estimates the average cost to replace an employee at up to 6-9 months of their salary in recruiting and training costs, which can cost the overall U.S. economy over a trillion dollars per year. Understanding why employees leave, and perhaps even more importantly why they stay, can be vital for an organization to understand where their strengths are, and where any shortfalls may lie.

A potential solution to the mismatch between available positions and finding workers willing and able to fulfill them might lie in expanding a company’s understanding of what is considered as the available pool of workers. One creative strategy noted by Brooke Sutherland in a recent Bloomberg article highlights the benefits of broadening such definitions of available workers. This can include revamping the company’s public image to appeal more widely to a younger audience base, expanding the use of government assisted training programs to help promote investment in a workforce, and working to move past the social stigma surrounding hiring certain individuals such as those with a previous criminal record.

If the pandemic has shown us nothing else, as we were ‘sheltered-in-place’ throughout much of 2020 and beyond, companies have been able to see how many jobs are able to be performed from home – a home that can be located anywhere with a stable internet connection. Recruitment efforts for many increasingly computer dependent positions, particularly as more and more companies are able to operate in cloud-based environments, are no longer required to be tied to a company’s physical location.

Through utilizing professional employer organizations (PEO’s), recruitment efforts can be expanded internationally based on the needs of a business, regardless of where potential candidates may be located. While it is true that it is certainly easier to outsource some jobs more than others, where efficiencies can be gained, expanding these perspectives can offer invaluable insights. Particularly where professional services are concerned, many firms offer a sliding scale of support from part time assistance with data entry or customer collections and vendor payments, to fully outsourced controller services and other types of executive management assistance.

In these unprecedented times, there has never been a better opportunity for unique and vast changes to occur. With so much uncertainty surrounding daily life, it can feel like too big of a risk to enter any additional unknowns into the equation, but that is exactly why those risks must be taken. A company’s workforce can be the greatest reason behind its success or its largest liability leading to its failure. The difference between the two lies in a willingness to think outside the box, open new doors, and redefine what a modern-day workforce may entail.

Need More Support? Contact us for more information.

Beyond regulatory requirements, developing an effective internal controls framework is valuable in helping your company manage risk.

Identifying and mitigating the company’s financial and operational risks under the Sarbanes Oxley Act’s (SOX) Section 404 requirements can also be a prudent investment in improving efficiency by aligning management’s priorities with the organization’s internal processes and operations.

One of the keys to successful SOX compliance is understanding whether your company falls under the reporting requirements of 404 Section (a) or Section (b). While management must certify the effectiveness of its internal controls in either case, Section (b) adds the requirement (based on the company’s capitalization and revenue) for your external auditor to attest to that effectiveness.

In practice, we often see companies that are not required to file under Section (b) scale back their compliance efforts by trimming assessments to the bare bones and eliminating internal testing — yet continuing to issue certifications.

This may seem like a cost-savings move, but the company may run into significant deficiencies and material weaknesses that are discovered during the year-end external audit. This, in turn, leads to additional remediation steps that must be implemented quickly. More importantly, these deficiencies can reduce confidence in the quality of the company’s financial reporting and internal controls from auditors, the board, and potentially investors.

Taking the time to develop an effective compliance framework and culture helps your company manage risk more effectively while also satisfying your regulatory obligations.

It’s critical for your company’s management to identify the most important risks to the quality and accuracy of your financial statements, and to focus attention and resources on the areas that represent the most important risk.

The COSO Enterprise Risk Management – Integrated Framework offers a good starting point for developing an effective internal controls system. The framework offers 17 principles embedded within five components outlining your controls environment, risk assessment, control activities, and other key aspects.

To learn more, you can view a recording of our webinar, Navigating SOX 404a Compliance.

Similarly, it’s helpful to understand that, over time, the company’s risk profile is going to evolve in response to market conditions as well as organizational changes. Part of an effective risk assessment strategy is understanding those changes, the potential impacts on the company, and the processes and controls that must be adjusted as a result.

Optimizing the value of your SOX investment, like your compliance effort, also depends on management setting an effective tone highlighting the importance of risk management and ethical behavior.

Management needs to stress the importance of compliance and risk management company-wide, and to back up those statements with internal training and quarterly check-ins to ensure management identifies and controls its most important financial statement risks.

Department leaders also need to understand that compliance isn’t a once-and-done or periodic activity, but rather an ongoing process of identifying risk, establishing effective controls, testing those controls, and making necessary corrections.

An effective compliance culture will improve risk management and cost savings by helping the company minimize last-minute surprises with its audit committee and auditors.

In addition, management can focus on the most direct risk to its financials, create appropriate controls, and produce the high-quality financial data the organization needs for external and internal reporting.

Whether you’re looking to establish, enhance, or outsource your internal audit function, we provide ‘right-sized’ audit support to assist you. For more information about optimizing the value of your SOX investment, reach out to our team.

The process of building a sustainable, comprehensive internal control environment sufficient to comply with the Sarbanes-Oxley act of 2002 (SOX) requires a significant investment of organizational resources. We have created the Zero to SOX implementation process to assist organizations in this endeavor.

On March 12, 2020, the SEC issued a ruling – Amendments to the Accelerated Filer and Large Accelerated Filer Definitions.  The effect of the changes was to reduce the burden and compliance costs for certain smaller registrants.  Under the new rules, certain low-revenue registrants no longer are required to have their assessment of the effectiveness of internal control over financial reporting (ICFR) attested and reported on by their independent auditors. The figure below from the U.S. Securities and Exchange Commission shows a detail of thresholds between Small Reporting Companies (SRCs) and Non-SRC organizations.

While the burden may have been lifted for smaller organizations, the requirement of a comprehensive internal control environment remain. An emerging growth company’s annual report still must contain an internal control report which:

During the five years following an IPO, a Small Reporting Company should take a risk-focused approach to SOX compliance by specifically identifying, implementing and monitoring those internal controls that enable management to achieve these regulatory requirements with confidence.

Activities in the first post-IPO year are focused upon the identification of HIGH Risk processes and the implementation of the documentation and monitoring activities necessary to support management’s annual reporting requirements under Section 404.

Activities in the second and third post- IPO year are focused upon evaluating and understanding the company’s internal control priorities in light of the company’s growth and evolution.  Monitoring activities necessary to support management’s annual reporting requirements under Section 404 continue.

Activities in the fourth post-IPO year add the additional objective of documentation and assessment of the MODERATE and LOW risk processes.

Evaluating and understanding the company’s internal control priorities in light of the company’s growth and evolution continues along with monitoring activities necessary to support management’s annual reporting requirements under Section 404.

Activities in the fifth post-IPO year are focused upon the monitoring activities necessary to support management’s annual reporting requirements under Section 404 continue and those necessary to support the integrated audit work of the company’s external auditors.

The Zero to SOX process designed with clearly defined goals, executed by experienced team members will lay the foundation to meet your company’s regulatory compliance requirements as well as practice effective corporate governance now and into the future.

For more information on our SOX Services, contact our team.