While an effective internal audit function can help an organization mitigate organizational risks, identify inefficient processes, enhance compliance, and reduce the potential for fraud, it’s important to review the process itself. Reviewing the internal audit process ensures it delivers relevant insights to management and the audit committee.

Taking a step back from the audit’s findings and reviewing its process provides several benefits, including emphasizing the idea that an internal audit is designed to identify opportunities for organizational improvement. By examining the audit as well as the organization’s performance, policies, and procedures, management is highlighting the cultural importance of continuous improvement.

It’s valuable for the audit to be seen as a partnership and a process that adds value to the company by helping it improve, not as a policing exercise for policy violations. This perception will improve the willingness of process owners to cooperate with the audit and increase its overall efficiency.

A valuable first step in enhancing your internal audit process is reviewing its results and insights with company management and the audit committee — not just any deficiencies the audit may have uncovered but the overall results and information provided.

Among the questions to ask include:

It can also be helpful to review the internal audit plan’s initial objectives. Doing so can make sure the goals that were outlined at the beginning of the process have been achieved. These conversations will be beneficial in making sure the audit is providing effective insights to its end users and filling its role in helping the organization address its financial, operational, and compliance risks.

It’s also critical to ensure that the auditors are reviewing the right information. Examining incomplete or inaccurate data will clearly hinder the team’s ability to generate meaningful insights from the audit process.

If deficiencies or improvement opportunities are discovered, it’s also important for the company to give people enough time to complete the necessary changes. This, of course, depends on the severity of the issue. But, in most instances, providing enough time to address an issue reduces the potential for someone to feel stigmatized and increases their trust in the internal auditors.

Changes, including macroeconomic, regulatory, industry space, and even work patterns (including remote work arrangements) create new risks and/or change the level of current risks. Taking time as a high-performing audit function and a team performing a current state analysis is essential to ensuring the audit function continues to evolve and provide the best service to the organization.

Whether you’re looking to establish, enhance, or outsource your internal audit process, we provide ‘right-sized’ audit support to assist you. For more information about optimizing the value of your SOX investment, reach out to our team.

A company’s first financial statement audit can be an administrative challenge. Still, effective planning and implementation tools such as BlackLine can help streamline the process, improve internal controls, and potentially reduce audit fees.

BlackLine and its Modern Accounting Playbook (MAP) framework help growing and mid-sized companies optimize and automate key aspects of their financial close and financial reporting processes. These can include balance sheet and income statement reconciliations, task management functionality to help the finance team remain organized and efficient throughout the close process, and transaction matching for clearing bank to general ledger transactions.

BlackLine helps companies shift their audit preparation from a manual process driven by and reliant on spreadsheets to a largely automated exercise that helps the finance team optimize its efforts to perform quality work efficiently.

One of the most powerful ways BlackLine can help a company prepare for its first financial statement audit is by enabling a centralized repository for its data. Instead of financial and performance data being stored on spreadsheets, potentially in multiple locations, BlackLine offers a secure cloud-based repository that offers a single source of truth for vital information.

A cloud-based repository offers several advantages for the company during the close process, as well as when it prepares for its audit. Data must no longer be compiled and reformatted manually, saving valuable staff time and effort. Additionally, here are other advantages of BlackLine’s centralized data.

The company can give its auditors access to selected data within the cloud-based repository. This can optimize the audit by eliminating the time-consuming aspect of a manual audit in which the auditor requests data that the finance team has to compile and share.

Storing information in a centralized repository also reduces the risk of requested information being challenging to track down. In addition to wasting time and causing frustration within the finance team, searching for missing data can increase the time the audit takes (and create a corresponding increase in audit fees).

In contrast, being able to provide information readily reduces time and increases efficiency, as well as the auditor’s ability to rely on the company’s work. This reliance, in turn, can also help the company reduce audit fees or avoid unexpected overages.

BlackLine also helps a company establish and maintain effective internal controls over financial reporting by automatically creating and enforcing key controls such as segregation of duties. For example, a preparer will not be allowed to approve his or her work, such as an account reconciliation.

These controls are vital for all companies, but building them into a financial reporting platform is especially helpful for newer companies managing vast amounts of information during their initial financial closes and audits.

Similarly, BlackLine can help the company identify areas of the balance sheet that might be classified as high risk. Designating some accounts, such as cash, as key accounts can help the company focus on those accounts by coordinating activities among different functions or adjusting due dates to ensure control activities are enforced. Automating this monitoring helps the finance team focus time and resources on other areas.

Interested in learning more? Reach out for a demo and see how BlackLine can help automate and centralize tasks within your organization’s financial close.

Creating internal controls over financial reporting (ICFR) is mandated under the Sarbanes-Oxley Act (SOX). SOX internal controls provide important insights into the accuracy and presentation of a company’s financial position while serving as a valuable risk management tool.

Section 404 of the Sarbanes-Oxley Act requires publicly traded companies to establish, assess, and report on the design and operational effectiveness of its internal controls over financial reporting.

The objective of SOX is to protect investors by improving the accuracy and reliability of an organization’s financial position and disclosures. Accuracy and reliability are vital to protect investors and other stakeholders from the risk of loss due to reporting errors or fraud. Errors and fraud may occur if a company does not have adequate policies and procedures over how financial data is recorded, processed, generated, and reported.

Although mandatory for companies publicly traded in the United States, SOX requirements are often followed by private companies that plan to become public (or to be acquired) in the near future, as well as private companies interested in demonstrating strong governance practices to external stakeholders.

It’s important for companies to distinguish their SOX internal controls from other control procedures, including those designed to improve operational efficiency. These controls typically fall outside the scope of an ICFR review under SOX Section 404. The focus of SOX internal controls is on the risk of financial misstatement.

In order to properly manage the risk of financial misstatement, management teams need to adequately identify risks faced by the organization. This is accomplished through a review of the company’s financial statements and significant transactional flows, while considering the people, processes, and systems involved in each. As management and auditors understand the company’s processes, the identification of financial misstatement risks will be defined.

With an understanding of risk, management will perform procedures to identify and assess the risks of material misstatement to the financial statements, whether due to fraud or error. Risks defined as being more significant will be the drivers for where SOX internal control activities are required.

When management and their external auditors have a common understanding of the company’s processes and financial misstatement risks, the next step is to use an agreed-upon system or framework to define control objectives and organize control activities. Together with its external auditors, management will design a risk-based approach to its internal controls, SOX compliance, and the scope of its financial statement audit.

The best approach for developing an organization’s SOX compliance program is the COSO Framework. The COSO Framework provides organizations with principles-based guidance for designing and implementing effective internal controls. While the COSO Framework is generally accepted, there are other control frameworks a company may adopt. However, the COSO framework provides components, principles, and points of focus that are commonly accepted by auditors.

The COSO framework is built around interconnected components that include:

Beyond the COSO Framework, external auditors will likely use the top-down approach recommended by the Public Company Accounting Oversight Board (PCAOB) to select controls for testing. This approach starts at the financial statement level and the auditor’s understanding of the organization’s overall ICFR risks.

The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and relevant assertions, before selecting controls for testing that address the more significant risks of financial misstatement.

This will typically be achieved by reviewing samples of transactions to verify amounts are being recorded accurately. If, for example, the auditor’s testing provides reasonable assurance that revenue transactions are reported reliably, the company can assume its controls are performing as designed and, in turn, the risk is low that its financial statements are materially inaccurate.

These procedures help companies and auditors provide investors with assurance that the company’s financial statements have been reviewed, the reported amounts are correct, and the statement provides an accurate report on the company’s financial performance and balance sheet at the close of the reporting period.

If your company needs assistance with implementing effective SOX internal controls, reach out to our team of audit professionals who can support you throughout the process.

A conflict of interest could impair your auditor’s objectivity and integrity and potentially compromise your company’s financial statements. That’s why it’s important to identify and manage potential conflicts of interest with auditors.

According to the America Institute of Certified Public Accountants (AICPA), “A conflict of interest may occur if a member performs a professional service for a client and the member or his or her firm has a relationship with another person, entity, product or service that could, in the member’s professional judgment, be viewed by the client or other appropriate parties as impairing the member’s objectivity.” Companies should be on the lookout for potential conflicts when:

Determining whether a conflict of interest exists requires an analysis of facts. Some conflicts may be obvious, while others may require in-depth scrutiny.

For example, if an auditor recommends accounting software to an audit client and receives a commission from the software provider, a conflict of interest likely exists. Why? While the software may suit the company’s needs, the commission payment calls into question the auditor’s motivation in making the recommendation. That’s why the AICPA prohibits an audit firm from accepting commissions from a third party when it involves a company the firm audits.

Now consider a situation in which a company approaches an audit firm to provide assistance in a legal dispute with another company that’s an existing audit client. Here, given the inside knowledge the audit firm possesses of the company it audits, a conflict of interest likely exists. The audit firm can’t serve both parties to the lawsuit and comply with the AICPA’s ethical and professional standards.

AICPA standards require audit firms to be vigilant about avoiding potential conflicts. If a potential conflict is unearthed, audit firms have the following options:

Ask your auditors about the mechanisms the firm has implemented to identify and manage potential conflicts of interest before and during an engagement. For example, partners and staff members are usually required to complete annual compliance-related questionnaires and participate in education programs that cover conflicts of interest. Firms should monitor conflicts regularly, because circumstances may change over time, such as employee turnover or M&A activity.

Conflicts of interest are one of the gray areas in auditing. But it’s an issue our firm takes seriously and proactively safeguards against. If you suspect a conflict exists, contact us to discuss it and determine the most appropriate way to handle it.

Under U.S. Generally Accepted Accounting Principles (GAAP), financial statements are normally prepared based on the assumption that the company will continue normal business operations into the future. When liquidation is imminent, the liquidation basis of accounting may be used instead.

It’s up to the company’s management to decide whether there’s a so-called “going concern” issue and to provide related footnote disclosures. But auditors still must evaluate the appropriateness of management’s assessment. Here are the factors that go into a going concern assessment.

The responsibility for making a final determination about a company’s continued viability shifted from external auditors to the company’s management under Accounting Standards Update (ASU) No. 2014-15, Presentation of Financial Statements — Going Concern (Subtopic 205-40): Disclosure of Uncertainties About an Entity’s Ability to Continue as a Going Concern. The updated guidance requires management to decide whether there are conditions or events that raise substantial doubt about the company’s ability to continue as a going concern within one year after the date that the financial statements are issued (or within one year after the date that the financial statements are available to be issued, to prevent auditors from holding financial statements for several months after year end to see if the company survives).

Substantial doubt exists when relevant conditions and events, considered in the aggregate, indicate that it’s probable that the company won’t be able to meet its current obligations as they become due. Examples of adverse conditions or events that might cause management to doubt the going concern assumption include:

After management identifies that a going concern issue exists, it should consider whether any mitigating plans will alleviate the substantial doubt. Examples of corrective actions include plans to raise equity, borrow money, restructure debt, cut costs, or dispose of an asset or business line.

After the FASB updated its guidance on the going concern assessment, the Auditing Standards Board (ASB) unanimously voted to issue a final going concern standard. The ASB’s Statement on Auditing Standards (SAS) No. 132, The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern, was designed to promote consistency between the auditing standards and accounting guidance under U.S. GAAP.

The updated guidance requires auditors to obtain sufficient appropriate audit evidence regarding management’s use of the going concern basis of accounting in the preparation of the financial statements. It also addresses uncertainties auditors face when the going concern basis of accounting isn’t applied or may not be relevant.

For example, SAS No. 132 doesn’t apply to audits of single financial statements, such as balance sheets and specific elements, accounts, or items of a financial statement. Some auditors contend that the evaluation of whether there’s substantial doubt about a company’s ability to continue as a going concern can be performed only on a complete set of financial statements at an enterprise level.

With increased market volatility, rising inflation, supply chain disruptions, labor shortages and skyrocketing interest rates, the going concern assumption can’t be taken for granted. Management must take current and expected market conditions into account when making this call — and be prepared to provide auditors with the appropriate documentation. Contact us before year end if you have concerns about your company’s going concern assessment. We can provide objective market data to help evaluate your situation.

© 2023

Every financial transaction your company records generates non-financial information that doesn’t have a dollar value assigned to it. Though auditors may spend most of their time analyzing financial records, non-financial data can also help them analyze your business from multiple angles.

An audit aims to determine whether your financial statements are “fairly presented in all material respects, compliant with Generally Accepted Accounting Principles (GAAP) and free from material misstatement.” To thoroughly assess these issues, auditors must expand their procedures beyond the line items recorded in your company’s financial statements.

Nonfinancial information helps auditors understand your business and how it operates. During planning, inquiry, analytics and testing procedures, auditors will be on the lookout for inconsistencies between financial and non-financial measures. This information also helps auditors test the accuracy and reasonableness of the amounts recorded on your financial statements.

A good starting point is a tour of your facilities to observe how and where the company spends its money. The number of machines operating, the amount of inventory in the warehouse, the number of employees and even the overall morale of your staff can help bring to life the amounts shown in your company’s financial statements.

Auditors also may ask questions during fieldwork to help determine the reasonableness of financial measures. For instance, they may ask you for detailed information about a key vendor when analyzing accounts payable. This might include the vendor’s ownership structure, its location, copies of email communications between company personnel and vendor reps, and the name of the person who selected the vendor. Such information can give the auditor insight into the size of the relationship and whether the timing and magnitude of vendor payments appear accurate and appropriate.

Your auditor may even look outside your company for non-financial information. Many websites allow customers and employees to submit reviews of the company. These reviews can provide valuable insight regarding the company’s inner workings. If the reviews uncover consistent themes — such as an unwillingness to honor product guarantees or allegations of illegal business practices — it may signal deep-seated problems that require further analysis.

Auditors typically ask lots of questions and request specific documentation to test the accuracy and integrity of a company’s financial records. While these procedures may seem probing or superfluous, analyzing non-financial information is critical to issuing a nonqualified audit opinion. Let’s work together to get it right!

@ 2023

You’ve heard the words in business circles —COSO, ERM, SOX, and COBIT. Looks like alphabet soup. But what do they mean? If you think these all relate to risk management, you are on the right track. The difference lies in their primary focus/objective and the methodology. Before we dig deeper into the different frameworks, let’s first define what risk management is.

Risk management is the process of identifying, assessing and controlling financial, legal, strategic, and security risks to an organization’s financial reporting, capital, and earnings. Risks originate from many sources, including financial reporting errors, fraud, legal, statutory, strategic management errors, cyber threats, and/or natural disasters.

A successful risk management program will enable management teams to consider a broad range of risks an organization faces. Risk management also considers the relationship between risks – and the cascading impact they could have on an organization’s strategic goals.

To reduce risk, management teams need to effectively implement internal controls to minimize, monitor, and control the impact of threats.

If you are curious about the unusual name, here is the explanation. The COSO internal control framework was introduced in 1992 and then overhauled to a more modern, comprehensive version in 2013. The framework was sponsored and funded by five accounting and auditing associations:

The commission was led by James Treadway, the former SEC commissioner.

COSO is recognized as the leading framework for designing, implementing, and assessing the effectiveness of internal controls. Its objective was to provide reasonable assurance regarding achieving organizational objectives in the following categories: operational effectiveness and efficiency, financial reporting reliability, compliance with applicable laws and regulations, and asset safeguarding.

SOX is a legislation passed by the U.S. Congress in 2002 and was sponsored in Congress by Senator Sarbanes and Representative Oxley. One of the features of this law was the addition of a requirement for management to certify and the independent auditor to attest to the effectiveness of a company’s internal control system. The goal was to protect shareholders and the public from fraudulent financial reporting practices. Among the COSO objectives, SOX’s focus was on the financial objective.

The ERM framework, issued in 2004, added a focus on the strategic objective (i.e., high-level goals that support the organization’s mission) to COSO’s operational, financial, and compliance objectives.

ERM expanded on COSO’s risk management focus to seize opportunities for achieving organizational objectives such as enhancing profits. ERM considers both positive risks (i.e., business opportunities) and negative risks (i.e., business threats).

COBIT is the IT equivalent of COSO. It is a framework created by ISACA (Information Systems Audit and Control Association) for information technology management and governance. It aimed to link business risks, control requirements, and the technical infrastructure. It is used for the governance of both IT implementations and ongoing operations.

While there are many frameworks to choose from, it is important to find the right one for your company and ensure compliance. Our Internal Audit team has extensive knowledge of risk management frameworks and can work with you to select the best option for your business and guide you through compliance. Reach out to speak to our team and get started.

Over the past decade, business owners have become quite privy to the dangers and signs of fraud schemes. While credit card alerts and vendor screenings have become almost second nature, business owners often overlook one of the most common sources of fraudulent activity — their employees.

From high mortgage debts, climbing costs of living, budget cuts, and increasing costs of health care, there’s a clear (potential) motive for employees to turn to fraudulent behavior. A 2022 study by the Association of Certified Fraud Examiners (ACFE) revealed more than $4.7 trillion is lost annually to occupational fraud worldwide.

So what can you do to protect your company? Having a strong set of internal controls is the most effective and efficient way of protecting yourself against those looking to skim money off your bottom line. This does not need to be a complete internal control evaluation and implementation, but evaluating critical transaction cycles and putting controls in specific key steps can go a long way to mitigating the risk of employee theft.

Here are ten signs that there may be an issue with financial fraud in your company – stay vigilant and watch out for these warning signals.

Even if your company has a squeaky-clean fraud history, it’s a good idea to have the right controls in place to prevent attacks from happening in the future. There are two categories of controls: passive and active. Passive controls exist to prevent someone from having the opportunity to commit fraud, while active controls prevent the possibility of fraud from occurring.

It’s important to remember that internal controls are a process, not a means to an end. They must be properly communicated, remain consistent and always stay enforced. To work effectively, internal controls must be persistently followed by every employee, manager, and even owners. If your employees believe that someone is paying attention, then the chances of them attempting fraud will be moderated.

Protecting your business from financial fraud is crucial for its growth and stability. By implementing these ten best practices, you can reduce the risk of fraudulent activities within your organization.

While these best practices are a great start to building a strong safeguard, it’s a good idea to leverage a third-party to review your business and uncover potential problems. If you’d like to learn more about how an internal audit can help strengthen your company’s infrastructure, one of our internal control specialists is here to help.

The corporate scandals of Enron, WorldCom, and Tyco in the early 2000s have forever changed how management and investors view risk management programs. Circumventing controls and exposing a business to increased risk is a recipe for disaster that could result in reputational damage.

Despite management’s good faith efforts to implement comprehensive risk assessments and mitigation programs, the percentage of successful implementations remains relatively low. Gladly, there are some clear indicators that your risk assessment may be falling short.

Risk assessments often result in a substantial amount of documentation that is filed away once completed. However, if the risk management process is not incorporated into daily business processes, it becomes a “check-the-box” exercise, and the benefits are never realized. To be effective, it needs to be refreshed as the business changes and should be continuously updated.

When performing risk assessments, companies tend to identify generic risks. For example, they may conclude that there is a “risk or fraud,” which is too generic. Instead, potential fraud scenarios should be identified, including who the likely perpetrators are, how they could conceal the fraud, and how the potential fraud could be prevented.

Many companies utilize a top-down approach, which is great for identifying strategic risks. Others prefer a bottoms-up approach, which is better for identifying operational risks. However, each one provides only a partial view. Having the perspectives of both executive management and operational staff is necessary for developing a holistic view of the organization’s risk exposures and ways to mitigate them.

When issues are identified, remediation efforts often address the symptom but fail to treat the root cause of the problem. As a result, the root cause goes unresolved and the risk of further issues remains high.

Risk assessments are often done by someone independent of the business process, such as the Compliance person, and sometimes without getting buy-in or feedback from the business area. This can result in incorrect assumptions being used, leading to poor process documentation and incorrect controls.

A best practice would be to have three components to your business risk assessment:

Being aware of potential pitfalls is the first step toward effective mitigation. If you would like to learn more about how we can help improve your business’s risk assessment process, please contact us.

In this blog post, we will explain what SOX is and how your business can be compliant. We’ll also provide some resources to help you get started.

Since signed into law in 2002, Sarbanes-Oxley (SOX) compliance has become one of the most historically significant reforms to U.S. security legislation. To increase transparency and create a more formalized system of internal checks and balances, SOX essentially measures how well a company manages its internal controls.

Broad ranged and crucial to success, SOX affects financial governance and accountability, data storage and transmission, and information technology. The goal is to safeguard investors against inaccurate or unreliable corporate disclosures.

Strictly enforced and far-sweeping, SOX has affected global markets far more than expected. In an interdependent world, it has proven critical to understand, implement, and maintain the proper controls and compliance rules set forth by SOX. SOX noncompliance penalties range in severity and can result in fines and removal from the Public Stock Exchange.

To avoid noncompliance issues, it is extremely important to have a well thought out strategy. All SOX implementations and ongoing maintenance will follow these general steps:

Perform a SOX-based risk assessment and determine the scope of business units and processes to be included. Based on an understanding of transactional processes and financial misstatement risk, determine what key controls are required and design them to mitigate significant risks effectively. Considering risk periodically is critical, as a company’s risk profile can change dramatically throughout the year, especially in a high-tech or equally dynamic industry.

Tip: The controls (and thus their design) should be reviewed periodically as circumstances change (i.e., acquisition, new product launch, new markets, growth, or downturn), but at least annually.

Key controls require sufficient documentation so that the process can be properly performed and replicated. Anyone performing control activities should be clear on how to perform and document them consistently, and internal and external auditors should be able to test controls for compliance easily.

Tip: The keyword for documentation is “sufficient.” Over documentation, especially in the first year, is a serious resource consumer. Reaching the documentation balance requires experience and perspective, so be sure to consult with your internal audit and external auditors to stay on track

All key controls must be periodically tested with the appropriate samples to gather evidence and support a conclusion about the effectiveness of management’s controls. The nature and extent of testing should be discussed early in the process, to ensure management and external auditors agree. Having this agreement will enable external auditors to place greater reliance on management’s testing.

Tip: Year after year, testing will consume much of your SOX budget. Spend time and effort to ensure you have the most efficient and effective test resources available. A highly efficient test program will include experienced testers, executing well-developed test plans, utilizing appropriate technology and proven procedures.   

Testing results will be compiled and evaluated to determine if there are deficiencies and, if so, their severity. There are three levels of deficiencies:  deficiencies, significant deficiencies, and material weaknesses. There is a lot written about the technical definition of deficiencies, but the practical concerns with each are as follows:

Deficiency – a control did not operate as “advertised,” but the resulting impact is insignificant. Correct the problem and learn from it. Report the issue to management and share it with external auditors.

Significant deficiency – a control did not operate effectively and the impact was close to material, but not quite. This must be reported to management, external auditors, and the audit committee.

Material weakness  – one or more controls failed and the result was, or could have been, a material misstatement to the financials. This level requires full public disclosure in the financial statements.

Tip:  Developing a highly effective test program can help you find issues early, which will help you correct problems before they escalate beyond a simple deficiency.

SOX compliance may seem daunting, but it doesn’t have to be. By following our tips and partnering with a qualified consultant, you can ensure your company is on track for compliance. Have questions about SOX or need more information? Contact us – we’re here to help!

Major events or transactions — such as a natural disaster, a cyberattack, a regulatory change or the loss of a large business contract — may happen after the reporting period ends but before financial statements are finalized. The decision of whether to report these so-called “subsequent events” is one of the gray areas in financial reporting. Here’s some guidance from the AICPA to help you decide.

Financial statements reflect a company’s financial position at a particular date and the operating results and cash flows for a period ended on that date. However, because it takes time to complete financial statements, there may be a gap between the financial statement date and the date the financials are available to be issued. During this period, unforeseeable events may happen in the normal course of business.

Chapter 27 of the AICPA’s Financial Reporting Framework for Small- and Medium-Sized Entities classifies subsequent events into two groups:

Generally, the former must be recorded in the financial statements. The latter events aren’t required to be recorded, but the details may have to be disclosed in the footnotes.

To decide which events to disclose in the footnotes, consider whether omitting the information about them would mislead investors, lenders and other stakeholders. Disclosures should, at a minimum, describe the nature of the event and estimate the financial effect, if possible.

In some extreme cases, the effect of a subsequent event may be so pervasive that your company’s viability is questionable. This may cause your CPA to re-evaluate the going concern assumption that underlies your financial statements.

If you’re unsure how to handle a subsequent event, we can help eliminate the guesswork. Contact us for more information.

© 2023

There are many reasons why a person may choose to work at one company over another. From casual dress codes, unlimited vacation days, and remote work opportunities, today’s job perks run the gamut. But one employee incentive undoubtedly takes the cake regarding recruitment and retention power — equity.

Simply put, having equity in a company means you have a stake in the business and its success. In 2021, major Initial Public Offering (IPOs) like Coinbase, Rivian, and Bumble resulted in thousands of employees owning shares of large enterprises virtually overnight.

With plenty more IPOs on the horizon for 2022, many hopeful employees are considering the likelihood that their stock options and restricted stock units (RSUs) will produce major payouts. Before you start shopping for an island in the Caribbean, there are certain factors to look at when evaluating your equity and your potential benefit.

Equity packages come in many shapes and sizes, from initial signing bonuses to compensation packages and promotions. When considering the pros and cons of joining or staying with a company, you will likely want to evaluate just how lucrative that equity may be in the future. To do that, remember that equity is only valuable if your company is successful; therefore, it’s crucial to think like an investor and consider the company’s growth potential before investing your time and effort.

Return on your equity typically comes as a liquidity action, like an acquisition or IPO. The value produced by one of these exit routes will ultimately drive the return on your equity. Your equity represents a percent of your company, and that ownership as a percentage of the overall company value equals the value of equity you hold.

It’s helpful to look at this in terms of the equation A x B = C, where your percent ownership (A), times the company’s value (B), equals the equity you own (C).

However, due to things like liquidation preferences (which determine who gets paid first and at what return), things may not always be a straightforward equation. Your percentage of ownership is the number of shares you have (or shares you have the option to buy) divided by those fully diluted shares outstanding. While this information is not always readily accessible, you will likely find these figures in your offer letter or the company’s equity management platform, like Carta.

When determining your ownership, it’s also essential to consider the number of shares you own or have the opportunity to own. In this case, vesting and dilution are the two critical things to consider.

Typically, options and RSUs follow a four to six-year vesting schedule, meaning you can’t exercise your option (or pay to turn your option into actual stock) until that vesting date is reached. This comes into play when considering leaving the company before your options are fully vested.

However, many companies have accelerated vesting or early exercise options where options may vest quicker than the typical four-year minimum or become 100% vested in the event of an acquisition. The vesting schedule and terms will be spelled out in your option grant details.

Dilution causes your ownership percentage to shrink, consequently reducing your equity value (think back to the equity equation). Early-stage companies raise multiple financing rounds, thus diluting your piece of the pie as more and more shares are issued to investors. The same thing also happens when more stock options or RSUs are granted to employees.

Not to worry, dilution isn’t all bad news. With early-stage companies, each round of financing creates new value within the company. As the company’s value goes up, your piece of the pie can grow exponentially. Therefore, considering the potential growth and value of your company in the future, particularly at the time of an acquisition or IPO, is a significant factor in examining what your equity may be worth.

Need advice on using equity as an employee benefit? Get in touch with our team of employee benefit experts today.

New standards have been released for reporting on financial statements of employee benefit plans (EBP). The changes are intended to enhance the quality and transparency of ERISA plans for both the participants and reporting agencies (i.e. ERISA, DOL, etc.) by prescribing certain audit procedures.

Under the new standard, “limited-scope” audits will now be referred to as “ERISA Section 103(a)(3)(c)”. This change is effective for all EBP plans with years ending after December 15, 2021. The changes will largely impact the audit’s presentation and documentation but should have no significant changes to the requirements of the plan administrator.

There are new requirements for plan auditors in all phases of the audit. Areas with key changes include:

Before engagement acceptance, auditors are now required to obtain management’s written acknowledgment of their responsibility in the following:

When management elects to have an ERISA Section 103(a)(3)(c) audit, the auditor must:

Plan management will need to provide a substantially complete draft of Form 5500 prior to dating the auditor’s report.

At the conclusion of the engagement, the auditor will request written acknowledgment from management of the same matters obtained before engagement acceptance. In addition, management will need to provide written acknowledgment that they have provided the auditor with the most current plan instrument for the audit period, including plan amendments.

Auditors must now evaluate whether certain matters identified during the audit result in “reportable findings”. Reportable findings include:

Auditors and plan management may establish what would be considered a reportable finding during the engagement planning process. The auditor must communicate in writing to those charged with governance, on a timely basis, reportable findings from the audit procedures performed. The written communication should include a description of the reportable findings, the context for the communication, and an explanation of the potential effects of the reportable findings.

Get in touch with our EBP team today if you have any questions about ERISA Section 103(a)(3)(c) or if you would like to talk about your company’s plan. Our team of experienced employee benefit plan auditors makes the 401(k) audit process simple and efficient. Our goal is to offer you a streamlined process with third-party communication — giving you more time to focus on your business, not filing through compliance documents.

Cryptocurrency is a form of money available in a digital or electronic form, also known as a Digital Asset. The AICPA classifies cryptocurrency as a ‘Digital Asset,’ which it defines as “A digital record that is made for verification and security purposes. Digital assets are also referred to as cryptocurrencies, such as Bitcoin. These new digital assets are in digitized form and are recorded and stored on a distributed ledger, known as a blockchain.”

Bitcoin and other digital assets can be used for investment, operational and transactional purposes. Large companies such as Starbucks, AT&T, and PayPal have started accepting various cryptocurrencies as payment for their goods and services. Wikipedia also allows donations in Bitcoin, and Microsoft accepts Bitcoin payments to top up your Microsoft account.

As of 2021, there are over 31K crypto ATMs worldwide where you can purchase Bitcoin and other digital assets with deposited cash.

Cryptocurrencies have become popular for their ability to transfer assets in real-time with little to no transaction fees. The network structure is “peer-to-peer,” so there is no middleman, no brokerage fees, and usually no transaction commissions. The nature of the blockchain ledger provides a level of transparency and clarity in transacting that allows for easily established audit trails. Transaction information is cemented in the blockchain and cannot be edited or deleted after the transaction.

Cryptocurrency also allows you to send and receive currencies internationally in an easier and more cost-effective way. By their nature, cryptocurrencies are not subject to exchange rates and costly transaction charges common in the international marketplace.

The cryptocurrency and digital asset space changes every day. Not even the most highly knowledgeable individuals can predict where this innovative technology is heading. Many feel that digital assets will change the modern financial banking system as we know it. Others think that factors such as governmental regulation will slow or even eliminate growth and adoption.

In November 2021, the Infrastructure Investment and Jobs Act (H.R. 3684) was voted into law, which included Section 80603, “Information Reporting for Brokers and Digital Assets”. This law section created various new rules and requirements for cryptocurrency exchanges.

Namely, all US cryptocurrency exchanges (such as Robinhood, Coinbase, and BinanceUS) are now considered brokers under the traditional sense of the term. This means these cryptocurrency exchanges will now be regulated by the same laws as household name brokers such as TD Ameritrade or Charles Schwab.

Another result of this new law states that Digital Assets will be treated like all other securities regarding capital gains and losses. Digital Assets will be regulated like stocks and bonds under the Securities and Exchange Commission (SEC).

Reporting requirements under the new law have also been strengthened considerably. Cryptocurrency exchanges are now required to report specific information to both the IRS and their customers. Required information includes gross proceeds of the sale of digital assets, capital gains and losses, and other customer information such as name, address, and phone number of investors.

These new requirements change the landscape of the cryptocurrency space in the United States. Are cryptocurrency exchanges in a position to abide by these new reporting conditions? Is it plausible to put the onus on exchanges to accurately track and report gains and losses for every single customer transaction on their platform so early in the development of the industry? These questions are top of mind for all cryptocurrency advocates, investors, and professionals.

Section 80603 of the Infrastructure Investment and Jobs Act will be enforced federally, and adhering to these increased regulations may send entrepreneurs and innovators abroad to more easily build and develop their cryptocurrency technology.

With the uncertainty surrounding the industry, it is extremely difficult to predict where the space is truly heading. Being informed about cryptocurrency’s meteoric rise onto the financial world stage can position you in a way to more easily adapt to the continually changing technology.

We have seen the growth of Cryptocurrency and how much it has affected today’s economy. Currently, we do not offer cryptocurrency-specific services, but our practice staff has experience working with and auditing cryptocurrency. Visit our audit page to see the services we offer or contact us.