Several SOX challenges can affect a company’s ability to maintain an effective controls framework, or potentially hinder its ability to demonstrate that its ICFR efforts serve their intended purpose.

Management’s commitment to effective controls and financial reporting is a key component to a SOX effort receiving the required time and attention.

It’s essential to understand the company’s risks and to design controls to mitigate those risks, rather than treating SOX as a check-the-box compliance exercise.

Concise documentation that helps staff members and external auditors understand the thinking underlying a process is more effective than trying to capture every potential contingency and nuance (which can divert attention from more important activities).

Along with ensuring the data is accurate, you need to verify that the process used to generate that data is operating effectively.

Management and external auditors should understand the company’s risks to evaluate better the design and the effectiveness of the controls designed to mitigate those risks. Nobody should be surprised during the audit process.

This is typically a culture issue, but team members responsible for controls may not integrate risk and performance of controls as part of their typical activities.

Control activities performed manually, on a repetitive basis come with a greater cost and increased risk of error, when compared to automated controls.

Understanding the requirements of SOX 404(a) and 404(b) and communicating frequently with external auditors about the design and performance of your controls are cornerstones of effective risk management and SOX compliance. Knowing these SOX challenges can help a company with its compliance journey.

For questions or more information about SOX compliance, visit our SOX services page or contact our team.

Sustainability reports explain the impact of an organization’s activities on the economy, environment, and society. During the novel coronavirus (COVID-19) pandemic, stakeholders continue to expect robust, transparent sustainability reporting, with a stronger emphasis on the social and economic impacts of the company’s current operations than on environmental matters.

Investors, lenders, and even the public at large may pressure companies to issue these supplemental reports. But the information they provide isn’t based on U.S. Generally Accepted Accounting Principles (GAAP). So, is it worth the time and effort? One way to make your company’s report more meaningful and reliable is to obtain an external audit of it.

A sustainability report generally focuses on a company’s values and commitment to operating sustainably. It provides a mechanism for communicating sustainability goals and how the company plans to meet them. The report also guides management when evaluating corporate actions and their impact on the economy, environment, and society.

During the COVID-19 crisis, stakeholders want to know how your company handles issues such as public health and safety, supply chain disruptions, strategic resilience, and human resources. For example:

Stakeholders want assurance that companies are engaged in responsible corporate governance in their COVID-19 responses. Sustainability reports can showcase good corporate citizenship during these challenging times.

There aren’t currently any mandatory attestation requirements for sustainability reporting. That means companies can produce reports without engaging an external auditor to review the document for its accuracy and integrity. However, without independent, external oversight, stakeholders may view sustainability reports with a significant degree of skepticism. That’s where audits come into play.

Many organizations have developed standardized sustainability frameworks, including the:

External auditors can verify whether sustainability reports meet the appropriate standards and, if not, adjust them accordingly. In addition, numerous attestation standards govern the audit of a sustainability report, including those from the American Institute of Certified Public Accountants, the International Standard on Assurance Engagements, and the International Organization for Standardization.

Many companies agree that a sustainability report is important to their communications with stakeholders. But there’s little consensus on the approach, topics, or non-GAAP metrics that should appear in sustainability reports. We understand the standards that apply to these supplemental reports and can help you report sustainability matters in a reliable, transparent manner. Contact us today to speak to one of our industry professionals.

As technology startups prepare for their first audits, it’s common to see a number of accounting issues that can potentially increase the time and cost required to complete the audit successfully.

In most instances, these issues result from causes such as the finance team balancing various financial and operational roles, not understanding complex technical accounting guidance, or not having proper systems to account for transactions properly.

Technology firms are often unsure how to account for transactions such as the beneficial conversion features on convertible notes or simple agreements for future equity (SAFEs), warrants, and stock options. Because non-cash equity activity won’t appear on bank statements, those transactions are often not recorded (or are recorded improperly).

Similarly, issuance costs for a series of stocks are often recorded improperly as legal expenses, instead of being capitalized as stock issuance costs on the balance sheet.

A common challenge for tech startups is failing to recognize revenue in line with the often-complex provisions within the GAAP standards. Startups may struggle to understand, for instance, precisely what’s being sold within a customer contract or the accounting implications of non-cash measures.

Similarly, startups often lack a policy for recording revenue properly, or there’s inconsistency with different team members recording similar transactions differently. In these situations, the accounting must be adjusted to complete the audit successfully.

Intercompany accounts are often not reconciled, so the auditors may request that a company unwind historic transactions to determine if intercompany balances are appropriate and in line with intercompany cost-plus agreements in place. If a startup has an international entity, such as an offshore development subsidiary, the company needs to be sure any foreign currency translations or remeasurements are calculated properly.

Technology startups face the specific issue that GAAP accounting for software development costs includes complex guidance. Many companies mistakenly expense the costs associated with software development to payroll, but there are fairly complicated rules dictating whether or not you’re allowed to expense those costs or whether you need to capitalize a portion of those costs.

Similarly, many companies lack documentation of the nature of their software development costs, making adjusting the accounting challenging.

If reconciliations aren’t done on a consistent and timely basis, there’s a risk that expense or revenue cutoff dates are missed. As a result, transactions can be recorded in the wrong period, which causes an inaccurate accounting of the organization’s performance in a given period. Common causes for this issue include a lack of proper accounting policies or inconsistent practices among different team members.

While most of these startup challenges can be resolved fairly easily, a consultation with your external auditor as you’re setting up systems, developing accounting policies, and creating the financial infrastructure before a financing round or potential transaction can save time and money while helping you achieve your business goals sooner.

If any of these scenarios sound familiar, don’t hesitate to reach out. Our technology accounting team has helped hundreds of technology startups navigate similar situations, and we look forward to assisting you.

In the first half of 2021, there was a surge in restating financial statements. The reason relates to guidance issued by the Securities and Exchange Commission, requiring special purpose acquisition companies (SPACs) to report warrants as liabilities. SPACs are shell corporations listed on a stock exchange to acquire a private company, making it public without going through the traditional IPO process. Historically, SPACs that offer warrants (which allow investors buy shares at a set price in the future) have reported those instruments as equity.

In this situation, most SPAC investors understood that these restatements were related to a financial reporting technicality that applied to the sector, rather than problems with a particular company or transaction. But some restatements aren’t so innocuous.

The Financial Accounting Standards Board (FASB) defines a restatement as revising a previously issued financial statement to correct an error. Businesses may reissue their financial statements for several “mundane” reasons, whether publicly traded or privately held. Like the recent situation with SPACs, managers might have misinterpreted the accounting standards or made minor mistakes and need to correct them.

Often, restatements happen when the company’s financial statements are subjected to higher scrutiny. For example, restatements may occur when a private company converts from compiled financial statements to audited financial statements, decide to file for an initial public offering — or merges with a SPAC. Restatements also may be needed when the owner brings in additional internal (or external) accounting expertise, such as a new controller or audit firm.

In some cases, financial restatements also can be a sign of incompetence, weak internal controls — or even fraud. Such restatements may signal problems that require corrective actions.

The restatement process can be time-consuming and costly. Regular communication with interested parties — including lenders and investors — can help businesses overcome the negative stigma associated with restatements. Management must also reassure stakeholders that the company is financially sound to ensure their continued support.

We can help accounting personnel understand the evolving accounting and tax rules to minimize the risk of financial restatements. We can also help them effectively manage the restatement process and take corrective actions to minimize the risk of financial restatements going forward.

© 2023

As public companies grow, they may move from one filing status or issuer category to another. Recent and proposed changes to the Securities and Exchange Commission (SEC) rules for some categories could affect your company’s financial reporting and audit procedures.

Under existing rules, public companies fall into different SEC filing status categories, based on their public “float” (the amount of shares available to the public for trading):

What is an emerging growth company (EGC)? Generally, an EGC is a new public company that has gross revenues under $1 billion in its most recent fiscal year and meets certain other requirements. EGCs enjoy a variety of benefits during their first five years of existence, including scaled-back disclosures and exemption from the auditor attestation of a company’s internal control over financial reporting as required by Section 404(b) of the Sarbanes-Oxley Act.

A company that ceases to be an EGC must begin complying with Sec. 404(b), except for nonaccelerated filers, which are exempt from that requirement unless they become accelerated or large accelerated filers. (Congress currently is considering legislation that would extend the exemption for certain companies, however.)

On June 28, 2018, the SEC voted unanimously to issue the final rule in Release No. 33-10513, Amendments to Smaller Reporting Company Definition. The rule increases the public float threshold for SRCs to $100 million and nonaccelerated filers to $250 million.

To complicate matters, the SEC did not make conforming changes to the definition of an accelerated filer. Rather, it eliminated the automatic exclusion of SRCs in the definitions of accelerated and large accelerated filers. As a result, a registrant could be both an SRC and an accelerated filer. As an accelerated filer, a company would still be required to comply with Sec. 404(b).

The new SEC rule will be effective 60 days after publication in the Federal Register, which normally occurs a few weeks after a rule is posted on the SEC’s website. The SEC said 966 additional companies will be eligible for smaller company status in the first year of the new threshold.

Changes in filing status affect the form, content and timing of financial reports, as well as the extent of external audit procedures. So, it’s a good idea to re-evaluate your company’s status well before the end of each fiscal year. We can help you evaluate your filing status based on the SEC’s evolving guidelines. If a change is anticipated, we can help you prepare for new filing, disclosure and audit requirements. Contact us for more information on SEC filing status.

© 2023

Auditors typically deliver financial statements to calendar-year businesses in the spring. A useful tool that accompanies the annual report is the management letter. It may provide suggestions — based on industry best practices — on how to fortify internal control systems, streamline operations and reduce expenses.

Managers generally appreciate the suggestions found in management letters. But, realistically, they may not have time to implement those suggestions, because they’re focusing on daily business operations. Don’t let this happen at your company!

A management letter may address a broad range of topics, including segregation of duties, account reconciliations, physical asset security, credit policies, employee performance, safety, internet use, and expense reduction. In general, the write-up for each deficiency includes the following elements:

The auditor describes the condition, identifies the cause (if possible) and explains why it needs improvement.

This section quantifies the problem’s potential monetary effects and identifies any qualitative effects, such as decreased employee morale or delayed financial reporting.

Here, the auditor suggests a solution or lists alternative approaches if the appropriate course of action is unclear.

Some letters present deficiencies in order of significance or the potential for cost reduction. Others organize comments based on functional area or location.

AICPA standards specifically require auditors to communicate two types of internal control deficiencies to management in writing:

1. Material weaknesses. These are defined as “a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the organization’s financial statements will not be prevented or detected and corrected on a timely basis.”

2. Significant deficiencies. These are “less severe than a material weakness, yet important enough to merit attention by those charged with governance.”

Operating inefficiencies and other deficiencies in internal control systems aren’t necessarily required to be communicated in writing. However, most auditors include these less significant items in their management letters to inform their clients about risks and opportunities to improve operations.

When you review last year’s management letter, consider comparing it to the letters you received for 2019 (and earlier). Often, the same items recur year after year. Comparing consecutive management letters can help track the results over time. But, be aware: Certain issues may autocorrect — or worsen — based on factors outside of management’s control, such as changes in technology or external market conditions. If you’re unsure how to implement a particular suggestion from your management letter, reach out to your audit team for more information.

© 2023

Analytical software tools will never fully replace auditors, but they can help auditors do their work more efficiently and effectively. Here’s an overview of how data analytics — such as outlier detection, regression analysis and semantic modeling — can enhance the audit process.

When it’s appropriate, instead of manually testing a representative data sample, auditors can use analytical software tools to compare an entire data population against selected criteria. This process quickly identifies anomalies hidden in large amounts of data that can be tagged for further examination by auditors during fieldwork. Analytical software tools can test various kinds of data, including accounting, internal communications and documents, and external benchmarking data.

If unusual transactions or trends are found, auditors will investigate them further using the following procedures:

In addition, confirmations and representation letters from attorneys, customers and other external parties may corroborate what management says and external research reveals.

Often, auditors conclude that irregularities have reasonable explanations. For instance, they may be due to an unexpected change in the company’s operations or external market conditions. If a change is expected to continue, it may alter the auditor’s expectations about the company’s operations going forward. Sometimes, a change discovered while auditing one part of the financials may affect audit procedures (including analytics) that will be performed on other accounts.

Alternatively, auditors may attribute some irregularities to inadvertent mistakes or intentional fraud schemes. Auditors usually communicate with the audit committee or the company’s owners as soon as possible if they discover any material errors or fraud. These irregularities might require adjustments to the financial statements. The company also might need to take action to mitigate financial losses and prevent the problem from recurring.

For example, the controller may need additional training on recent changes to the tax and accounting rules. Or management may need to implement additional internal control procedures to safeguard against dishonest behaviors. Or the owner may need to contact the company’s attorney and hire a forensic accountant to perform a formal fraud investigation.

Today, companies generate, process and store massive amounts of electronic data on their networks. Increasingly, auditors are using analytical tools on this data to conduct basic audit procedures, such as vouching transactions and comparing data to external benchmarks. This frees up auditors to focus their efforts on complex transactions, suspicious relationships and high-risk accounts. Contact us for more information about how our auditors use analytical software tools in the field.

© 2023

Many types of businesses — such as homebuilders and manufacturers — turn raw materials into finished products for customers. Production is a continuous process. So, any work that’s been started but isn’t yet completed before the end of the accounting period is reported as work in progress (WIP) under U.S. Generally Accepted Accounting Principles (GAAP).

The value of WIP relies on management’s estimates. Auditors often give special attention to these estimates during fieldwork. Here’s what to expect during a financial statement audit.

Inventory is classified as a current asset on the balance sheet under GAAP. There are three types of inventory:

When a company produces large volumes of the same product, management allocates costs as each phase of the production process is completed. This is known as standard costing. For example, if a production process involves eight steps, the company might allocate 50% of its costs to the product once the fourth stage is completed.

On the other hand, when a company produces unique products — such as the construction of a factory or made-to-order parts — a job costing system is typically used to allocate materials, labor, and overhead costs as incurred.

Most experienced managers use realistic estimates, but inexperienced or dishonest managers may inflate WIP values. This can make a company appear healthier than it really is by overstating the value of inventory at the end of the period and understating cost of goods sold during the current accounting period.

Auditors focus significant effort on analyzing how companies quantify and allocate their costs. Under standard costing, companies typically record inventory (including WIP) at cost, and then recognize revenue once they sell finished goods. The WIP balance grows based on the number of steps completed in the production process. Auditors analyze the methods used to quantify a product’s standard costs, as well as how the company allocates the costs corresponding to each phase of production.

Conversely, with job costing, revenue recognition happens based on the percentage-of-completion or completed-contract method. Auditors analyze the process to allocate materials, labor, and overhead to each job. In particular, they test to ensure that costs assigned to a particular product or project correspond to that job.

Under both methods, accounting for WIP affects the balance sheet and the income statement. We can help determine whether your company’s WIP estimates are reasonable and whether your accounting practices comply with the recent changes to the revenue recognition rules for long-term contracts, if applicable. Contact us for more information on auditing work in progress.

Businesses rely on internal controls to help ensure the accuracy and integrity of their financial statements, as well as prevent fraud, waste, and abuse. Given their importance, internal controls are a key area of focus for internal and external auditors. Many auditors use detailed internal control questionnaires to help evaluate the internal control environment — and ensure a comprehensive assessment. Although some audit teams still use paper-based questionnaires, many prefer an electronic format. Here’s an overview of the types of questions that may be included and how the questionnaire may be used during an audit.

The contents of internal control questionnaires vary from one audit firm to the next. They also may be customized for a particular industry or business. Most include general questions pertaining to the company’s mission, control environment, and compliance situation. There also may be sections dedicated to mission-critical or fraud-prone elements of the company’s operations, such as:

Questionnaires usually don’t take long to complete, because most questions are closed-ended, requiring only yes-or-no answers. For example, a question might ask: Is a physical inventory count conducted annually? However, there also may be space for open-ended responses. For instance, a question might ask for a list of controls that limit physical access to the company’s inventory.

Internal control questionnaires are generally administered using one of the following three approaches:

Here, management completes the questionnaire independently. The audit team might request the company’s organization chart to ensure that the appropriate individuals are selected to participate. Auditors also might conduct preliminary interviews to confirm their selections before assigning the questionnaire.

Under this approach, the auditor meets with company personnel to discuss a particular element of the internal control environment. Then the auditor completes the relevant section of the questionnaire and asks the people who were interviewed to review and validate the responses.

Here, the auditor completes the questionnaire after observing and testing the internal control environment. Once auditors complete the questionnaire, they typically ask management to review and validate the responses.

The purpose of the internal control questionnaire is to help the audit team assess your company’s internal control system. Coupled with the audit team’s training, expertise, and analysis, the questionnaire can help produce accurate, insightful audit reports. The insight gained from the questionnaire can also add value to your business by revealing holes in the control system that may need to be patched to prevent fraud, waste, and abuse. Contact us for more information.

Audit committees face many challenges. As the economy rebounds from the COVID-19 pandemic, there are new dimensions to the oversight roles and responsibilities of the audit committees. Consider taking these following four steps to fortify your committee’s effectiveness.

Once you’ve wrapped up the financial reporting process for this fiscal year, take the time to revisit goals and expectations to develop an agenda for next year that directs the audit committee’s attention back to the basics. The committee is responsible for oversight of the following key areas:

Each agenda item before the audit committee should ideally relate to one of these areas.

Periodically, it’s appropriate to assess the level of financial expertise that each member of the committee possesses, especially if the composition of the group has recently changed. If the company anticipates significant changes in the regulatory environment under the Biden administration, now may be the time to add suitably qualified members to the audit committee. At least one member of the audit committee should possess in-depth financial expertise. (Publicly traded companies have specific “financial literacy” requirements.)

Today, companies are increasingly recognizing the value of adding gender and racial diversity to decision-making bodies, including audit committees. These companies believe diversity is a strength that leads to better-informed decisions and fresh perspectives.

Your company’s risk profile may have changed during the pandemic. For example, you may have temporarily cut staff or deferred capital investments to preserve cash flow during uncertain times.

However, these crisis-driven decisions may adversely affect the company’s long-term financial performance. The audit committee should consider asking management to review significant operational decisions made in the last year to determine if excess risk was created and whether it’s time to change course.

In addition, operational changes and increased financial pressures on accounting staff may expose the company to increased risk of internal and external fraud. And remote working arrangements could lead to cyberattacks and theft of intellectual property. It’s a good time to request that internal auditors commission a fraud and cyber-risk assessment. Proactively assessing these issues can dramatically reduce the probability of losses occurring.

The pandemic also may have affected certain suppliers and customers, especially those located overseas or in states with COVID 19 restrictions on business operations. The audit committee should evaluate whether management has identified the company’s material relationships and the potential financial and operational impact if any of those businesses close or file for bankruptcy.

By taking proactive measures, your audit committee can help improve your company’s performance as the economy returns to full capacity. Contact us to help position your company to minimize risks and maximize value-added opportunities in 2023 and beyond.

As many businesses are closed or are limiting third-party access due to COVID-19 surges across the United States, auditors will be less likely to visit in person in 2021. Many services, such as year-end inventory observations, management inquiries, and audit testing, must be performed remotely.

You may have already worked remotely with your auditor on your audit, review, or compilation during the pandemic. However, if you haven’t had that pleasure, you will want to consider the tips below to ensure your audit, review, or compilation goes smoothly this year.

Unlike past years, you will not have the pressure of knowing the “auditors” will be here on “x” date. Set a reminder appointment on your calendar when your audit, review, or compilation will be performed. Discuss with your auditor what time of the day works best for everyone before fieldwork begins. Schedule 30-minute check-in calls each day during fieldwork to go over minor questions from both teams and to discuss general progress so everyone is on the same page.

As you most likely will not get the pleasure of seeing your auditor in person during your upcoming engagement, it will be important to know how best to communicate and let your auditor know this upfront. Communication will be the key to keeping your engagement together. Timely responses from you and your team will be even more important in this remote environment. If you know you communicate best with your auditors through email, tell them that. If you prefer phone calls, tell them that. Determining this upfront will help reduce stress later on.

Video meetings, like Zoom, will be the primary way to communicate during your upcoming engagement. Your accountant will use video calls to screen share and ask questions. They may also use video to perform walkthroughs of internal controls with you and your team. You might be asked to share your screen to show how a particular process operates in real-time. If you are new to video conferencing, please let your auditor know, and they can schedule a meeting to walk you through how to use video tools during your upcoming fieldwork best.

In past years, you may have dropped huge piles of testing support in front of your auditors. However, ensure you are well versed in scanning your documents to your computer this year. Unless there is a specific reason you cannot scan documents for your auditor, your auditor will be asking you to scan and upload everything to a secure portal for review. If there is a reason that warrants not scanning, work with your team to get those documents sent via postal mail to the accounting office. However, this should be avoided to reduce the risk of records getting lost during transit.

Most inventory observations completed this year will have to be done remotely. However, there may be other options open to you, and if you have concerns, discuss them immediately with the manager or partner on the engagement. The key to having these observations go smoothly is a strong wireless internet connection throughout your warehouse and having two employees involved in the observation (one to hold the camera and one to physically count the items in the video). Your audit team can schedule a video conference test run to try things out before the big day to ensure things will run smoothly.

This year will be a learning experience for us all, but have confidence that together you and your audit team can make this transition as seamless as possible. For questions about working remotely with your auditor, contact us.

Recent hard times are causing private companies to re-evaluate the type of financial statements they should generate. Some are considering downgrading to lower levels of assurance to reduce financial reporting costs — but a downgrade may compromise financial reporting quality and reliability. Others recognize there are additional risks, leading them to upgrade their assurance level to help prevent and detect potential fraud and financial misstatement schemes.

When deciding what’s appropriate for your company, it’s important to factor in the needs of creditors or investors, as well as the size, complexity and risk level of your organization. Some companies also worry that major changes to U.S. Generally Accepted Accounting Principles (GAAP) and federal tax laws in recent years may be overwhelming internal accounting personnel — and additional guidance from external accountants is a welcome resource for them to rely on while implementing the changes.

In plain English, the term “assurance” refers to how confident (or assured) you are that your financial reports are reliable, timely and relevant. In order of increasing level of rigor, accountants generally offer three types of assurance services:

Reviewed statements always include footnote disclosures and a statement of cash flows. But the accountant isn’t required to evaluate internal controls, verify information with third parties or physically inspect assets.

The Securities and Exchange Commission requires public companies to have an annual audit. Larger private companies also may opt for this service to satisfy outside lenders and investors. Audited financial statements are the only type of report to include an express opinion about whether the financial statements are fairly presented and conform with GAAP.

Beyond the analytical and inquiry steps taken in a review, auditors perform “search and verification” procedures. They also review internal control systems, tailor audit programs for potential risks of material misstatement and report on control weaknesses when they deliver the audit report.

Not every business needs audited financial statements, and audits don’t guarantee against fraud or financial misstatement. But the higher the level of assurance you choose, the more confidence you’ll have that the financial statements fairly present your company’s performance. Contact us to learn more about which of the three levels of assurance is right for your business or for more information on our risk assurance services.

Audit season is right around the corner for calendar-year entities. Here’s what your auditor is doing behind the scenes during the risk assessment process — and how you can help facilitate the planning process.

Every audit starts with assessing “audit risk.” This refers to the likelihood that the auditor will issue an adverse opinion when the financial statements are actually in accordance with U.S. Generally Accepted Accounting Principles (GAAP) or (more likely) an unqualified opinion when the opinion should be either modified or adverse.

Auditors can’t test every transaction, recalculate every estimate, or examine every external document. Instead, they tailor their audit procedures and assign audit personnel to keep audit risk as low as possible.

The auditor’s role is to attest to your company’s financial statements. Specifically, your audit firm assures that your financial statements are “fairly presented in all material respects, compliant with GAAP, and free from material misstatement.”

Unqualified (or clean) audit opinions require detailed substantive procedures, such as confirming accounts receivable balances with customers and conducting test counts of inventory in the company’s warehouse. Generally, the more rigorous the auditor’s substantive procedures, the lower the likelihood of the audit team failing to detect a material misstatement.

Auditors evaluate two types of risk:

Separate risk assessments are done at the financial statement level and then for each major account — such as cash, receivables, inventory, fixed assets, other assets, payables, accrued expenses, long-term debt, equity, and revenue and expenses. A high-risk account (say, inventory) might warrant more extensive audit procedures and be assigned to more experienced audit team members than one with lower risk (say, equity).

New risk assessments must be done yearly, even if the company has had the same auditor for many years. That’s because internal and external factors may change over time. For example, new government or accounting regulations may be implemented, and company personnel or accounting software may change, causing the company’s risk assessment to change. As a result, audit procedures may vary yearly or from one audit firm to the next.

The risk assessment process starts with an auditing checklist and, for existing audit clients, last year’s work papers. However, auditors must dig deeper to determine current risk levels. In addition to researching public sources of information, including your company’s website, your auditor may call you with a list of open-ended questions (inquiries) and request a walk-through to evaluate whether your internal controls are operating as designed. Timely responses can help auditors plan their procedures to minimize audit risk.

Audit fieldwork is only as effective as the risk assessment. Evidence obtained from further audit procedures may be ineffective if it’s not properly linked to the assessed risks. So, it’s important for you to help the audit team understand the risks your business is currently facing and the challenges you’ve experienced reporting financial performance, especially as companies implement updated accounting rules in the coming years.

Contact us to get help with your risk assessment process.

In July, the (PCAOB) published two guides to help clarify a new rule that requires auditors of public companies to disclose critical audit matters (CAMs) in their audit reports. The rule represents a major change to the brief pass-fail auditor reports that have been in place for decades. One PCAOB guide is intended for investors, the other for audit committees. Both provide answers to frequently asked questions about CAMs.

CAMs are the sole responsibility of the auditor, not the audit committee or the company’s management. The PCAOB defines CAMs as issues that:

Examples might include complex valuations of indefinite-lived intangible assets, uncertain tax positions and goodwill impairment.

Critical audit matters aren’t intended to reflect negatively on the company or indicate that the auditor found a misstatement or deficiencies in internal control over financial reporting. They don’t alter the auditor’s opinion on the financial statements.

Instead, CAMs provide information to stakeholders about issues that came up during the audit that required especially challenging, subjective or complex auditor judgment. Auditors also must describe how the CAMs were addressed in the audit and identify relevant financial statement accounts or disclosures that relate to the CAM.

CAMs vary depending on the nature and complexity of the audit. Auditors for companies within the same industry may report different CAMs. And auditors may encounter different CAMs for the same company from year to year.

For example, as a company is implementing a new accounting standard, the issue may be reported as a CAM, because it requires complex auditor judgment. This issue may not require the same level of auditor judgment the next year, or it might be a CAM for different reasons than in the year of implementation.

Disclosure of CAMs in audit reports will be required for audits of fiscal years ending on or after June 30, 2019, for large accelerated filers, and for fiscal years ending on or after December 15, 2020, for all other companies to which the requirement applies.

The new rule doesn’t apply to audits of emerging growth companies (EGCs), which are companies that have less than $1 billion in revenue and meet certain other requirements. This class of companies gets a host of regulatory breaks for five years after becoming public, under the Jumpstart Our Business Startups (JOBS) Act.

Critical audit matters may change from year to year, based on audit complexity, changing risk environments and new accounting standards. Each year, auditors determine and communicate CAMs in connection with the audit of the company’s financial statements for the current period.

A significant event — such as a cybersecurity breach, a hurricane or the COVID-19 pandemic — may cause the auditor to report new CAMs. Though such an event itself may not be a CAM, it may be a principal consideration in the auditor’s determination of whether a CAM exists. And such events may affect how CAMs were addressed in the audit.

For more information on critical audit matter reporting contact us.

Auditors must test the effectiveness of internal controls before signing off on your financial statements. But it’s impossible to analyze every transaction that’s posted to the general ledger, due to time and budget constraints. Instead, auditors select and analyze a representative sample of transactions to make assertions about the entire population. Here’s more on how sampling works — along with the pros and cons of using it during internal control testing.

Auditors may use statistical techniques to develop a sample of transactions to test. For example, an auditor might select enough transactions to represent a specific percentage of 1) the total transactions in an account, or 2) the company’s total assets or revenue. Alternatively, a sample of transactions may be pulled randomly using statistical sampling software.

Auditors also can use nonstatistical sampling techniques based on a dollar threshold or professional judgment. These techniques tend to be more effective when the CPA has many years of audit experience to ensure that the sample chosen is representative of the population of transactions.

Before analyzing a sample, your auditor has expectations about the number of “exceptions” (such as errors and omissions) that will appear in the sample. If the actual exceptions exceed the auditor’s expectation, he or she may need to perform additional procedures. For instance, your auditor might expand the sample and conduct more testing to assess the degree of noncompliance.

Ultimately, your auditor might conclude that your internal controls are ineffective. If so, he or she will perform more work to estimate the magnitude of the control failure.

Sampling helps keep audit costs down by streamlining the internal control testing process. It also reduces disruptions to business operations during audit fieldwork. When applied correctly, the results of sampling are theoretically as accurate as if the audit team had analyzed every transaction posted to the general ledger. But, in practice, sampling can sometimes cause problems during internal controls testing.

For example, sampling presumes that controls function consistently across the whole population of transactions. If an exception doesn’t appear in the sample — because the sample was too small or otherwise unrepresentative of the entire population — your audit team could reach the wrong conclusion about the effectiveness of your internal controls.

There’s also a risk that your internal audit team could rely too heavily on nonstatistical sampling. Relying more on judgment than statistical methods could result in errors, especially if an auditor lacks professional experience.

You can help maximize the benefits of sampling by providing the audit team with document requests in a timely manner and following up on your auditor’s management points at the end of each year’s audit. It’s frustrating to both auditors and business owners when internal control weaknesses recur year after year. Our auditors have extensive experience testing internal controls, and we’d be happy to answer any questions you have on testing and sampling techniques. Contact us to get started.