• A financial statement audit evaluates whether a company’s financials are fairly presented in accordance with applicable accounting standards. An integrated audit also includes an assessment of internal controls over financial reporting.

• Common audit mistakes include late or missing provided-by-client (“PBC”) requested submissions, insufficient or unreliable documentation that hinders effective risk assessment, weak internal and IT controls, and errors in applying accounting standards.

• Preparing early, understanding the internal control environment, and training staff can help your company provide relevant and reliable information, which is critical for assessing audit risk and demonstrating compliance with applicable laws and regulations.

—

Financial statement audits are a critical checkpoint for companies, stakeholders, and investors. While the process has its limitations, the goal of an audit is to provide reasonable assurance that the company’s financial statements are free of material misstatement (whether due to error or fraud).

However, the audit process is only as effective as the broader environment supporting it — including timely and reliable financial information, a well-resourced accounting function, effective oversight by the board or audit committee, and a clear understanding of the entity’s operations and the regulatory landscape of its industry.

Many organizations approach audit season underprepared or unaware of the common pitfalls and complex or nontraditional transactions that can delay the process, increase costs, or raise compliance concerns.

In this article, we explain the financial statement audit process, common mistakes we see companies make during external audits, and best practices that lay the foundation for a smoother audit experience.

Understanding Financial Audits

During a financial statement audit, an independent registered public accounting firm follows generally accepted auditing standards (GAAS) and assesses your company’s financial records, transactions, and reporting processes. Independent auditors gather and evaluate relevant and reliable evidence to determine whether the financial statements are presented fairly — following generally accepted accounting principles (GAAP), international financial reporting standards (IFRS), or another applicable financial reporting framework.

The process typically follows these phases:

1. Audit planning and risk assessment: External auditors work closely with company management to understand the operations of the business, identify significant risk areas, and develop an audit strategy that is unique to the organization.

2. Internal control evaluation: The auditor assesses the design and operating effectiveness of internal controls over financial reporting, often through walkthroughs and targeted testing of key controls. The results of this evaluation directly inform the auditor’s risk assessment and the nature, timing, and extent of substantive audit procedures. In an integrated audit, this process also includes gathering information to develop an opinion on the effectiveness of internal controls. Auditors pay particular attention to information technology general controls (ITGCs), which are foundational to the reliability of automated processes and system-generated reports. If the auditors identify material weaknesses, they may need to disclose them in the financial statement footnotes or the auditor’s report (depending on the severity and context).

3. Substantive testing: The auditor gathers evidence by examining transactions, account balances, and disclosures through sampling, confirmations, and recalculations. Strong internal controls impact the audit team’s risk assessment and may allow the team to reduce the amount of substantive testing required.

4. Conclusion and reporting: The auditor drafts the opinion letter, communicating findings to management and those charged with governance.

10 Common Types of Mistakes Made in Public Audits

Despite best intentions, many organizations encounter issues during the annual audit that delay timelines, increase costs, or raise red flags. Here’s a look at some common mistakes and why they matter:

1. Inadequate Documentation of Internal Controls

Many companies fail to maintain sufficient documentation around their internal control procedures. This lack of documentation makes it difficult for auditors to understand and — if necessary — test the design, implementation, and effectiveness of key controls. As a result, auditors may need to perform additional walkthroughs or expand their substantive testing — potentially increasing audit costs and timelines.

For publicly traded companies, this issue can have additional implications under Section 404 of the Sarbanes-Oxley Act (SOX). Section 404(a) requires management to assess and report on the effectiveness of internal control over financial reporting (ICFR). Section 404(b) requires the independent auditor to attest to and report on management’s assessment for accelerated filers.

If the auditors deem internal controls ineffective, management must disclose material weaknesses in its annual filing with the SEC. This can affect investor confidence, internal resource allocation, and external perceptions of the company’s governance. These findings may also place added pressure on the accounting team to remediate deficiencies under tight deadlines while still managing the financial close and reporting cycle.

2. Late or Incomplete Audit PBC Requests

Prior to audit fieldwork, the audit team sends a “provided by client” (PBC) list to management outlining the documents and financial data auditors need. Submitting incomplete or delayed items stalls fieldwork and may increase audit fees.

3. Improper Revenue Recognition

Misapplying Accounting Standards Codification (“ASC”) 606 or lacking support for revenue transactions — including cutoff periods around year-end — is a recurring audit issue. Companies often struggle to identify and document performance obligations in their contracts with customers and allocate the transaction price appropriately among those obligations.

These issues are especially common in arrangements involving bundled products or services, where the timing and pattern of revenue recognition may differ by deliverable. Inadequate documentation or inconsistent application of these principles can lead to audit adjustments or the need for expanded testing.

4. Weak IT General Controls

Deficiencies in ITGCs — such as user access management, change management, physical security of IT systems, intrusion detection, and system backup and recovery processes — can compromise the integrity of financial reporting systems and result in control deficiencies or audit findings. Increasingly, cybersecurity risk is also a critical area of concern, particularly as companies face heightened exposure to data breaches and unauthorized access.

In cases where companies outsource key processes or use cloud-based platforms that affect financial reporting, it’s important to obtain and evaluate SOC 1 Type 2 reports from service providers. These reports help assess whether the third party’s control environment supports reliable financial reporting. Failing to obtain or properly review these reports can result in audit scope limitations or the need for additional procedures.

5. Errors in Lease Accounting

ASC Topic 842  introduced significant changes to lease accounting — increasing complexity in how companies identify, measure, and disclose lease arrangements. Common mistakes include misclassifying leases, failing to identify embedded leases in service or supply agreements, and incorrectly applying accounting treatment for lease modifications and remeasurement events.

Errors can also arise in calculating the right-of-use asset and lease liability, selecting the appropriate discount rate, and preparing the required footnote disclosures. These issues can lead to material misstatements and require substantial audit follow-up — especially when a company maintains a large or decentralized lease portfolio.

6. Inaccurate or Unsupported Estimates

Many key areas in financial reporting rely on management’s judgment, especially when it comes to technical estimates such as goodwill impairment, valuation of long-lived assets, fair value of debt or equity instruments, and contingent liabilities. These estimates require a disciplined process of identifying the appropriate valuation method, documenting key assumptions, and evaluating both supporting and contradictory information.

Errors often arise when companies fail to update assumptions based on current market conditions, skip critical steps in the impairment testing process, or use inconsistent inputs across related estimates. A lack of documentation or transparency around the basis of these estimates raises audit concerns and can result in restatements or material weaknesses in internal controls over financial reporting.

7. Failure to Perform Timely Reconciliations

Account reconciliations help ensure accuracy and reliability in financial statements by comparing information in your financial records with third-party support — such as bank statements or loan documents. Delayed or inconsistent reconciliations of bank accounts, intercompany balances, and key general ledger accounts can indicate larger issues with the financial close process.

8. Insufficient Segregation of Duties

In smaller or rapidly growing companies, it’s common for individuals to handle multiple steps within a transaction cycle — such as initiating, approving, and recording transactions. This increases the risk of errors and intentional misstatements.

A lack of proper segregation of duties introduces risk at the process level and signals broader weaknesses in the company’s control environment (a key component of internal control frameworks). When auditors identify these gaps, they may reduce their reliance on controls and expand the scope of substantive testing — increasing the time and resources required for the audit and potentially causing delays.

Strengthening segregation of duties supports the integrity of financial reporting and reinforces a culture of accountability.

9. Poor Communication Between Financial Reporting and Operational Teams

A disconnect between accounting and other departments — including operations, legal, and procurement — can result in incomplete or misclassified transactions and missed disclosures. This issue is especially common in areas like inventory management, project accounting, and deferred revenue recognition.

It can also impact the identification and disclosure of related party transactions, legal contingencies, and other matters that require input from departments outside of finance. For example, if legal teams do not communicate the existence of pending or threatened litigation, the accounting team may fail to properly record or disclose a loss contingency — resulting in audit findings or misstatements. Clear, documented communication channels between departments are critical for complete and accurate financial reporting.

10. Lack of Readiness for New Accounting Standards

Companies often underestimate the effort required to adopt new standards — such as those related to segment disclosures (ASU 2023-07), income tax disclosures (ASU 2023-09), and business combinations (ASU 2023-05). Late-stage implementation leads to rushed adjustments and audit stress.

Fortunately, many of these issues are avoidable through proper preparation, communication, documentation, and adherence to regulations.

How to Prepare for a Smoother Audit Season

Here are a few best practices to reduce audit risks and improve efficiency in the financial statement reporting process:

• Start early: Preparing for the year-end audit should begin months in advance. Develop and assign internal timelines for PBC deliverables, reconciliations, and close procedures.

• Assess and document internal controls: Clearly document your control procedures. Perform regular controls testing throughout the year and update them to reflect changes in processes or personnel at year-end.

• Invest in training: Your accounting and finance teams should stay current on new standards and audit requirements to reduce the risk of misapplication.

• Leverage technology thoughtfully: Use financial close and compliance tools to streamline workflows, manage documentation, and maintain audit trails.

• Conduct a pre-audit walkthrough: Reviewing key areas of risk, estimates, and controls ahead of time enables your company to address issues before auditors arrive.

• Foster collaboration: Create open channels of communication between auditors, internal accounting functions, IT, operational departments, and the audit committee to minimize misalignment. Collaboration between external auditors and the internal audit team can also be beneficial. However, under the Public Company Accounting Oversight Board’s new QC 1000 standards, internal auditors are considered “other participants” in the audit, which may affect how their work is evaluated and used. Companies should understand the implications of this designation and ensure internal audit activities are properly documented and aligned with audit objectives.

Be Proactive to Prevent Audit Mistakes Before They Happen

A successful audit is more than a compliance milestone. It’s a sign of sound corporate governance. By recognizing common mistakes and addressing them proactively, you can support more accurate and timely financial statements, reduce audit fatigue in your team, and build trust with stakeholders and regulators.

How MGO Can Help

Our Audit and Assurance team supports public companies through every stage of the audit lifecycle — from preparing internal controls documentation to navigating complex accounting standards and responding to auditor inquiries. Our professionals bring deep industry experience to help clients identify risks and streamline financial reporting processes. If you’re approaching audit season or facing challenges with audit readiness, reach out for guidance tailored to your specific needs.

The post 10 Common Public Audit Mistakes That Could Delay Your Timeline appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• An M&A-focused audit begins with a tailored planning process that identifies the areas most relevant to the merger or acquisition.

• Evaluating internal controls helps identify operational and financial risks that could impact negotiations or valuations.

• Insights from the audit can improve financial practices and support a smoother transition after the transaction.

—

When you’re preparing for a merger or acquisition (M&A), every number matters. Potential buyers, investors, and lenders need clarity on your financial statements and the integrity of your entire operation. That’s where an audit plays a crucial role.

A well-executed audit provides a clear, independent view of your financial health. It helps identify potential risks, discrepancies, or issues long before they come to the buyer’s attention and affect valuation, negotiations, or even closing the transaction.

Inside a Well-Executed M&A Audit: 6 Key Steps

Here’s a behind-the-scenes look at an M&A audit. We’ve broken the process down into six essential steps that can help head off surprises and keep your deal on track.

Step 1: Initial Planning and Scoping to Understand Your Business

Before any testing begins, there is a planning phase designed to understand your company’s operations, industry, and the purpose of the audit. In the context of a merger or acquisition, that means focusing on what matters most to the transaction. Typically, this includes revenue, profit, assets, customer contracts, vendor agreements, debt, and contingent liabilities.

During this stage, your auditor will also request a list of documents — such as prior-year financials, trial balances, accounting policies, accounts receivable aging reports, customer lists, depreciation schedules, customer contracts, leases, and loan agreements. They will also request documentation on internal control policies and procedures.

This scoping exercise helps define higher-risk areas, set materiality thresholds, and tailor the audit plan.

Step 2: Risk Assessment and Internal Control Evaluation

During the planning phase, auditors also assess how you design and implement internal controls. This step is a part of any financial statement audit, but it’s especially relevant to M&A audits because weak, inconsistent, or non-existent internal controls can signal broader financial or operational risks that could impact valuation or even derail the deal.

The audit team performs walkthroughs of key processes to understand how you recognize revenue, manage inventory, handle cash, and issue payroll and other disbursements.

If control weaknesses are identified, they are flagged so you can proactively address the issue or prepare to explain mitigating factors to the buyer before they become sticking points in negotiations.

Step 3: Detailed Substantive Testing

Substantive testing is a big part of a financial statement audit. During fieldwork, auditors thoroughly perform testing on financial data to confirm its completeness and accuracy. They’ll test balances and transactions using a combination of sampling, confirmations, analytical procedures, and inspection.

In the context of an M&A deal, substantive testing might include validating:

• Accounts receivable and major customer balances

• Inventory levels and valuation methods

• Fixed asset registers and depreciation schedules

• Outstanding debts, lease obligations, and legal liabilities

• Revenue streams and contract terms

• Adjustments and accruals

Every figure tested helps you (and potential acquirers) gain a clearer picture of your financial position and operational performance. Testing can also align with the acquiring entity’s due diligence needs.

Step 4: Identifying and Communicating Key Findings

As testing progresses, auditors document discrepancies and areas of uncertainty. Rather than waiting until the final report, auditors may share interim findings throughout the audit process and discuss the implications with you.

If issues arise — such as revenue booked before it’s earned, misclassified liabilities, or unrecorded contingent exposures — you have an opportunity to investigate, correct, or clarify questions before the deal proceeds. Early visibility into these findings allows you to improve processes and prepare responses to questions that might arise during the due diligence process.

Step 5: Final Review and Delivering the Audit Report

Once fieldwork is complete, the audit moves into the final review phase. Auditors evaluate the completeness of documentation, tie up any loose ends, and ensure audit workpapers support conclusions before issuing the audit report.

The timing of this report may align with due diligence milestones or closing deadlines for a merger or acquisition. An unqualified opinion, also known as a “clean report”, lends credibility to your financial statements and supports buyer confidence.

If the audit uncovers concerns, your management letter becomes a valuable roadmap for remediation and negotiation.

Step 6: Post-Audit Insights and Transaction Support 

A thorough M&A audit often gives insight beyond the numbers in your balance sheet, income statement, and statement of cash flows.

For example, it may uncover opportunities to strengthen documentation, update internal controls, streamline reconciliations, or improve accounting policies. All of these can prepare you for a liquidity event and serve the organization well post-transaction.

Many companies use the audit findings to prepare for future reporting requirements under a new ownership structure, particularly when transitioning to public-company standards or integrating into a larger corporate environment.

How MGO Can Help

Preparing for a merger or acquisition is a high-stakes, high-visibility moment, and a well-executed audit helps you tell a compelling story about your business.

Working through planning, assessing risk, testing data, communicating findings, delivering the final report, and drawing out insights gives you a better understanding of your position, reduces uncertainty for all parties, and helps you move forward in the transaction with greater confidence.

If you’re considering a merger or acquisition, reach out to MGO’s transaction advisory team early. Preparation is everything, and the cleaner your books, the smoother the road ahead.

The post Preparing for a Merger or Acquisition? Here’s How a CPA Firm Handles the Audit Process appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Strengthen your cannabis business by implementing solid financial controls, accurate reporting, and professional oversight to support long-term growth and investor confidence. 

• Develop proactive tax strategies to navigate 280E and state tax burdens while maintaining full compliance and protecting cash flow. 

• Approach financing and diversification strategically to reduce risk, preserve flexibility, and stay competitive in a fast-changing industry. 

— 

Financial resilience, simply defined, is the ability to withstand and recover from unexpected events and financial shocks. Financial resilience applies to individuals, governments and municipalities, not-for-profit organizations, churches, and many other organizations.  

Overall, cannabis businesses build financial resiliency much like any other business — by identifying risks and implementing strategies to manage financial uncertainty. These strategies include:  

• Strong governance 

• Focus on cash flow and capital structuring management  

• Diversification and performance reporting and monitoring  

However, operating in the cannabis industry means operating in an environment that requires focusing these strategies on challenges that are unique from most industries. A few of the many challenges cannabis businesses experience include: 

• Unique tax burdens: Federal disallowance of certain business deductions (i.e., IRC 280E) and state and local tax (SALT) 

• Fragmented and dynamic regulatory environment: Rules, compliance requirements, and regulations that vary from state-to-state 

• Regularly shifting marketplace: Competition from new operators, impact of non-regulated hemp-derived products, etc. 

With these challenges in mind, here are some practical insights on building a financially resilient cannabis operation: 

Implement Strong Financial Controls and Management 

Perhaps the most critical factor observed in resilient cannabis businesses is financial control and management. The companies that weather industry storms typically share these characteristics: 

• Well-developed business and marketing plans 

• Strong internal controls throughout the organization 

• Sound accounting practices and reliable financial statements  

• Professional financial management and oversight 

When you implement proper controls and focus on reliable financial statements, it improves company value and operational efficiency and provides clearer decision-making insights. This becomes especially important if you’re considering bringing on investors or planning an eventual exit. Buyers and investors will pay a premium for operations with transparent, reliable financial controls and reporting relative to businesses without them.  

The focus on financial controls and management also facilitates internal operational predictability, which improves the ability of management to effectively pivot resources when confronted with unexpected events. 

Navigate Tax Burdens Effectively 

Tax compliance in the cannabis industry crosses into state and local tax (SALT) — such as sales and use tax, manufacturers’ equipment tax, special property tax, and others. But the most prominent tax burden of cannabis operators is federal tax on income.  

Under federal law, businesses operating in the cannabis industry are considered illegal. In 1982, the federal government implemented Internal Revenue Code Section 280E, which, in basic terms, disallowed cannabis operators from taking certain business deductions when reporting taxable income. 

Unless federal tax laws change, IRC 280E will continue to impose an added burden on cannabis businesses resulting from the disallowance of certain business deductions.  

It is common for operators in the cannabis industry to strategically model their projections in anticipation of cannabis businesses being removed from the rules of IRC 280E. But, so far, the short history of the industry has shown us that a rush by the federal government to remove the impacts of IRC 280E is not a priority. Therefore, building a business model around the hope of repeal may be better redirected to focus on proactive strategies that help mitigate its impact while maintaining compliance. 

Partner with cannabis industry-specific tax professionals to: 

• Determine an appropriate allocation of costs between deductible and non-deductible activities 

• Optimize your entity structure to enhance allowable deductions 

• Confirm ongoing compliance while managing overall tax liability 

• Monitor and adapt to evolving state tax laws that may impact profitability and cash flow 

Effective tax planning is a core component of financial resilience in cannabis. If taking uncertain tax positions to mitigate 280E, consider a fund for potential IRS changes coming from a tax audit. 

Be Strategic About Debt and Financing 

Access to capital remains one of the bigger challenges in cannabis. Traditional bank financing is largely unavailable due to the federal status of cannabis, so operators often turn to private lenders, sale-leaseback arrangements, or equity financing. However, each of these options carries trade-offs. 

The cost of capital in the cannabis industry remains high compared to most industries. Whether you’re looking at debt or equity financing, the terms you accept today will shape your business for years to come. 

When considering financing: 

• Be conservative in your projections 

• Carefully evaluate the cost of capital and structure to preserve cash flow 

• Avoid over-leveraging — excessive debt can compromise operational flexibility 

• Align financing terms with the company’s short, medium, and long-term strategic goals 

• Understand how different forms of capital affect valuation and control 

• Don’t base your financial models on regulatory changes that may never come 

Operators who approach financing with discipline and foresight are better equipped to weather market shifts and capitalize on growth opportunities. 

Diversify to Weather Market Shifts 

One of the clearest paths to financial resilience in cannabis is diversification. Relying too heavily on a single revenue stream, product type, or market leaves you vulnerable to changes in regulation, market saturation, or consumer demand. 

Consider diversifying across: 

• Revenue streams: Add branded merchandise, infused products, or service offerings 

• Product mix: Expand into different formats or categories (e.g., beverages, edibles, concentrates) 

• Supply chains: Avoid bottlenecks or disruptions by developing alternate vendors and partners 

• Customer base: Target medical, adult-use, and niche demographics to balance demand 

• Geography: Explore brand licensing in emerging states to expand your footprint without stretching operations 

• Distribution partners: Broaden your network to increase visibility and reduce reliance on any one channel 

Just as important: prepare for frequent regulatory changes and market shifts. States around you may legalize faster than expected. Your region may flood with new competitors. Build flexibility into your model so you can pivot when the environment shifts. 

Operators in mature markets have learned this firsthand. Diversifying into newer markets or adding new product lines can help offset declining margins and regulatory fatigue at home. 

Gain Stability in the Face of Uncertainty 

Financial resilience isn’t just about surviving the next regulatory change or market dip — it’s about building a business that can thrive in a constantly shifting environment. The cannabis industry is marked by rapid change: state-by-state legalization, volatile pricing, and restricted access to capital. Resilient businesses are the ones that anticipate these shifts, diversify thoughtfully, and build strong financial systems that can adapt. 

Whether you’re optimizing tax strategies, strengthening cash flow, or expanding into new markets, each step you take now builds a stronger foundation for whatever comes next. And while cannabis businesses often face added complexities — such as real estate decisions or partnership structures — those risks can be managed with careful planning and professional guidance. 

With the right strategies, you can gain stability in the face of uncertainty. That’s the core of financial resilience. 

How MGO Can Help 

Our dedicated Cannabis practice is here to help your business become more resilient — from getting your financial statements audit-ready and strengthening internal controls to implementing 280E mitigation strategies and managing complex sales and excise tax obligations. Whether you’re expanding into new markets or tightening operations at home, we’ll work with you to build a solid financial foundation. 

Reach out to our team today to start building a stronger, more resilient future for your cannabis business. 

The post How to Make Your Cannabis Business Financially Resilient  appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Fraud risk is constant and evolving, and companies face both internal ethical challenges and external fraud threats, requiring dynamic and proactive risk assessments.  

• Culture and leadership play a critical role, and ethical behavior modeled at the top can help prevent fraud, while weak internal accountability can enable misconduct.  

• Ultimately, fraud prevention requires collaboration, and organizations have to move beyond “check-the-box” compliance and invest in real-time information sharing and interdepartmental coordination.  

—

In today’s world, marked by uncertainty, tightening markets, and rapid technological disruption, fraud is not just a possibility but an ongoing reality that is constantly evolving. Over the past five years, it has become evident that no organization is immune. The increase in global enforcement actions has placed a significant responsibility on senior leadership, from Silicon Valley firms to state-owned banks. Chief financial officers (CFOs), non-executive board members, chief compliance officers (CCOs), and chief internal auditors (CIAs) must act swiftly and proactively. 

There are five critical actions that leaders should prioritize. These steps are grounded in established frameworks and lessons learned from some of the most significant corporate collapses in history. Each step addresses fraud mechanisms and their human and cultural roots. 

1. Identify Internal Ethical Issues and External Fraud Hazards 

Fraud poses both internal and external threats. Internally, perverse incentives and unchecked pressure can lead employees or executives to justify wrongdoing. Externally, increasingly sophisticated global supply chains, cybercrime, and corruption schemes involving third parties are heightening exposure levels. An example is an unauthorized account opening scandal within a U.S. retail bank, driven by internal pressure to meet sales quotas. Similarly, a European fintech firm hired external entities to create ghost assets, which went unnoticed. In both cases, early warning signs were ignored. 

Executives must conduct ongoing, dynamic fraud risk evaluations as part of enterprise-wide risk management, considering emerging digital, geopolitical, and compliance challenges. They must also recognize that reputational damage and loss of shareholder value are genuine costs of inaction. 

2. Investigate Root Causes of Fraudulent Activities 

Understanding why individuals commit fraud is essential to preventing it. Fraudsters are often first-time offenders who feel pressured, notice opportunities, and rationalize their actions. However, the traditional fraud triangle is no longer sufficient. The Fraud Pentagon, developed by BDO’s Jonathan T. Marks, includes capability and arrogance alongside pressure, opportunity, and rationalization, providing a more comprehensive perspective.¹  

A case involving a global aerospace producer revealed how ego and top-down rationalization could undermine protective controls. Executives misled regulators to protect their brand at the expense of public safety. In the failure of a cryptocurrency exchange, fraudsters disguised themselves as altruistic innovators while misappropriating billions of dollars in customer funds. These crises resulted not from a lack of policy but from failing to address root causes like those noted in the Fraud Pentagon. 

Risk modeling and behavioral profiling can help identify at-risk units or individuals. Importantly, companies must foster cultures that encourage accountability and incentivize truthfulness over merely meeting targets. 

3. Evaluate the Impact of Organizational Culture on Fraud Prevention 

Culture is the operating system of any organization. When integrity is modeled at the top, it permeates the organization. Conversely, when fear, ambition, or uncertainty dominate, corners might be cut. 

Examples from a Silicon Valley healthcare startup and a recent electric vehicle startup illustrate how cult-of-personality leadership can stifle dissent. Employees were encouraged to remain silent or repeat falsehoods. Open, transparent, and supportive companies are more likely to detect fraud early. 

Executive boards must formalize ethics programs, enforce desirable norms, and link performance incentives to long-term value creation rather than short-term appearances. Simple yet effective tools like employee surveys, ethics hotlines, and town halls can provide early warnings. Boards should also periodically assess their culture and compare it to industry standards. 

4. Improve Internal Controls and Anti-Corruption Programs 

Effective fraud prevention relies on having robust controls in place and ensuring their implementation. Cases involving an international bank and a derivatives exchange in the crypto space demonstrate that even sophisticated companies can fall victim to inadequately designed anti-money laundering (AML) programs, poor task segregation, or complacent boards. 

Organizations must move beyond a check-the-box mentality. Controls should be risk-driven, regularly tested, and integrated into actual operations. Internal audit staff must be empowered and not bogged down by bureaucracy. Compliance functions should report directly to and have direct access to the board. 

Technical solutions like anomaly detection via AI and blockchain technology for supply chain integrity are valuable only when combined with strong human oversight. Controls don’t fail on their own; they are typically overridden at the top level. The focus should be on the durability of controls, not just their existence. 

5. Enhance Collaboration and Communication for Anti-Fraud Efforts 

Preventing fraud requires a collective effort, not isolated actions by individual departments or individuals. Silos within finance, operations, law, and compliance provide opportunities for bad actors. In nearly every major scandal, whether involving a crypto exchange, an international aerospace and defense corporation, or a large U.S.-headquartered retail bank, some individuals were aware but did nothing. 

Organizations must invest in real-time information sharing, collaborative training, and coordinated fraud response mechanisms. Interdepartmental task forces, incident response exercises, and anonymous hotlines are proven tools. Boards should receive regular fraud risk briefs, not just audit results. 

Externally, coordination with regulators, auditors, and peers is essential. In cases involving an international investment bank and a multinational aerospace and defense corporation, FCPA issues were resolved through joint settlements with global regulators, demonstrating the benefits of open cooperation. Companies that resist coordination often face higher fines and greater scrutiny. 

When Controls Fail 

The world has evolved and so has the nature of fraud. Today’s executive leaders must manage fraud as an organizational, behavioral, and systemic risk, not merely as a compliance exercise. By following these five critical steps, CFOs, board members, and compliance leaders can identify vulnerabilities, disrupt fraud channels, and build more robust, reliable institutions. 

Fraud carries an economic cost and a strategic cost. It damages brands, dismantles cultures, and undermines trust. In an age of volatility and accountability, instilling transparency, integrity, and vigilance at every enterprise level is paramount. 

Internal controls don’t fail randomly. Failures occur because controls were not correctly designed, implemented, or respected in the following ways. 

• People: Even the best-designed control depends on people executing it correctly. Controls fail when individuals become confused, skip steps, or bypass procedures. 

• Time: Demanding schedules lead to shortcuts, bypasses, and inadequate controls. 

• Judgment: Discretion is problematic when it results in deviations without proper rationale or documentation. 

• Overriding and Workarounds: Even beneficial workarounds can circumvent critical safeguards. 

• Incentives: Performance-for-reward can encourage dangerous actions unless guardrails are established. 

• Leaders must ask themselves: Are our controls designed with these realities in mind? Are they regularly tested for resilience? 

It’s not about eliminating all risk — that’s impossible. It’s about designing a structure strong enough to withstand stress, impervious to manipulation, yet effective in fulfilling its purpose. Good controls are proactive, effective, and responsive. Controls should be integrated, not added as an afterthought. When controls fail, it’s rarely the structure — it’s the implementation, the environment, or both. 

How MGO Can Help 

At MGO, we understand that combating fraud requires more than just policies—it demands strategic insight, cultural transformation, and hands-on execution. Our team brings deep experience in forensic accounting, internal controls assessment, risk management, and regulatory compliance to help your organization proactively identify any vulnerabilities and strengthen your fraud prevention infrastructure. Whether you’re navigating complex regulatory frameworks or recovering from a control failure, we will help you design resilient frameworks, enhance interdepartmental coordination, and implement proactive, customized solutions that align with your strategic goals. Contact us to learn about how, in a world where trust is currently, MGO helps safeguard your reputation, your people…and your future.  

The post Five Strategic Steps to Combat Fraud in a Time of Market Uncertainty  appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• In times of uncertainty, strong compliance practices provide structure, mitigate risk, and improve your decision-making efficiency.  

• Executives should reinforce ethical behavior through clear communication, proactive risk assessment, and non-retaliatory reporting mechanisms.  

• While regulatory enforcement fluctuates, maintaining compliance safeguards your business against legal risks and enhances operational effectiveness.  

—

In today’s ever-changing business environment, uncertainty and lack of predictability have become constants, posing significant challenges for organizations worldwide. For Chief Compliance Officers, this unpredictability translates into increased inefficiency and discomfort, as the future remains uncertain. Against this backdrop, some companies might be tempted to reduce their focus on and investment in compliance and business integrity, viewing it as an opportunity to cut costs. However, operating in compliance and with business integrity is crucial, especially during times of adversity like these. 

The Essential Questions for Compliance Leaders 

Despite the ongoing changes and uncertainties, organizations continue to rely on their compliance leaders to address five key questions: 

1. What are our most significant compliance risks? 

2. Who owns them? 

3. What are they doing to manage the risks? 

4. Is it working? 

5. How do we know? 

Compliance and business integrity can serve as stabilizing forces for companies and employees during uncertain times. They reinforce clear expectations for employees to act ethically, raise questions, and report concerns. Moreover, they enable companies to evaluate and adjust their risk appetite, leading to fewer mistakes and better, more efficient business decision-making. 

Strategies for Companies Facing Compliance Challenges 

In times of adversity, whether facing a change in the regulatory environment or dealing with an economic downturn, the tone at the top is especially important. Communications from executives and compliance leaders should emphasize that, despite external challenges, the organization’s commitment to compliance and business integrity remains unwavering. These messages can be integrated into existing communication channels, such as town halls, staff meetings, and compliance newsletters. 

Employees are paying attention to leadership’s actions and words. It’s crucial to reinforce your organization’s internal mechanisms for raising compliance questions and reporting concerns. When questions and concerns are raised, make sure they are addressed as part of the overall investigations process, demonstrating seriousness, confidentiality, and appropriate action when allegations of non-compliance are substantiated. Partnering with Human Resources to prevent retaliation for raising compliance concerns in good faith is also vital. 

However uncomfortable it may be, adversity always presents opportunities. The key is to seek it out and to find it. Consider leveraging your compliance risk assessment process or other risk assessment processes (e.g., ERM, internal audit) to uncover opportunities and to identify new or emerging risks, allocate resources efficiently, evaluate control effectiveness, and reassess the organization’s risk appetite. 

Preparing for the Future 

Regulatory enforcement varies with changes in the law and leadership. If an organization is in a lenient regulatory environment today, the pendulum will eventually swing back to a more strict one. Companies engaging in misconduct may not face immediate consequences, but statutes of limitations are long, and whistleblower protections are robust. In the meantime, compliance leaders may be challenged to justify the allocation of resources to the compliance function and program. Compliance leaders must be prepared to demonstrate the return on investment – that is, both the avoidance of fines, penalties and other negative consequences that can result from non-compliance, and the role compliance plays in helping the business run better and more efficiently. Your existing reporting channels – to management, to the Audit Committee and to employees – provide opportunities to demonstrate that return on investment, justify resource allocation, ensuring reporting is concise, relevant, and demonstrates compliance’s value. Sharing stories where compliance involvement led to better business decisions, such as new product development, geographic expansion, or acquisitions, can be compelling. 

Reevaluating metrics and measures of effectiveness, sharpening the message they convey, and leveraging data analytics can further enhance the ability to demonstrate the internal rate of return on compliance investments. 

How MGO Can Help 

At MGO, we understand the immense pressure compliance leaders face in navigating today’s dynamic regulatory landscape. Our team of professionals partners with organizations to build, evaluate, and strengthen your compliance programs so they not only meet regulatory requirements but also add measurable business value. We help you identify and manage key risks, assess the effectiveness of your controls and establish meaningful metrics that resonate with executive leadership. Contact us to learn how we can help your business turn compliance into a source of resilience, efficiency, and competitive advantage.  

Written by Jack Holleran. Copyright © 2025 BDO USA, P.C. All rights reserved. www.bdo.com 

The post Why Compliance and Business Integrity Matter – Now More Than Ever  appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Post-audit season is an ideal time to reassess controls, documentation, and cross-functional accountability. 

• Turn audit findings into action to improve financial reporting and reduce long-term risk exposure. 

• Build a continuous audit-ready culture to support sustainable compliance and operational efficiency. 

—

Audit season is over — but your work isn’t. For your organization, this is the moment to turn regulatory compliance into strategic advantage. Many companies treat the audit as a once-a-year event, but the most resilient, growth-minded businesses know the real opportunity lies in what happens next. 

Here’s how your business can use the post-audit window to strengthen internal controls, mitigate risk, and drive operational improvements that last. 

Audit Findings: A Strategic Starting Point 

Whether your organization’s audit concluded with no identifiable deficiencies or revealed significant control-related concerns, audit findings are more than just a compliance formality. They offer critical insight into the operational integrity of your financial reporting processes. 

Take time to assess not just what deficiencies were found, but why they occurred. Was it a control design gap, a documentation issue, or a resource constraint? Aligning these insights with broader process reviews can turn your audit output into an input for better financial governance. 

Review and Refresh Internal Controls 

After audit season, your internal control environment is front and center. That makes this an ideal time to examine whether your controls are: 

• Well-designed for today’s reporting environment 

• Operating consistently across departments 

• Supported by documentation that tells the full story 

Give particular attention to controls that depend on subjective judgment, manual intervention, or informal approvals. These may appear sufficient during walkthroughs but can reveal weaknesses under auditor testing or become pressure points as your organization grows or faces heightened regulatory expectations. 

Improve Accountability Across Functions 

Audit preparation tends to highlight fragmented ownership of key financial and operational processes. When legal, reporting, and IT teams work independently during audit season, it can create challenges in data consistency, delays in reconciliation, and conflicting assumptions. 

Use the post-audit periods to establish a framework for cross-functional ownership of areas with elevated risks — such as inventory valuation, regulatory disclosures, or system-generated reporting. Clarifying roles and strengthening collaboration ahead of the next reporting cycle can reduce friction and improve audit readiness. 

Update Risk Assessments and Documentation 

Has your company undergone significant growth, added new systems, or expanded into new markets? If so, your risk profile has likely changed — but your documentation might not reflect that yet. 

Post-audit is the perfect time to: 

• Reevaluate materiality thresholds 

• Refresh control matrices 

• Update process narratives 

• Archive walkthroughs and test results 

Doing this now reduces the burden — and risk — of scrambling to document everything next year. 

Shift Toward Continuous Audit Readiness 

For private companies, audit readiness means more than just preparing once a year. Increasingly, private organizations are adopting a continuous audit ready mindset to reduce year-end surprises and build confidence across internal and external stakeholders. 

Implement quarterly internal control assessments — a standard practice of public companies — or co-source key functions if internal bandwidth is limited. This is especially useful in technical areas like tax, regulatory reporting, valuation inputs, and information technology general controls (ITGCs). 

Make the Most of the Post-Audit Window 

Your company’s ability to act on audit outcomes now will shape the quality and efficiency of next year’s audit — and beyond.  

The post-audit period is a chance to: 

• Convert findings into process improvements 

• Create better alignment across teams 

• Reassess internal controls considering your growth 

• Build confidence among investors, board members, and stakeholders

How MGO Can Help 

MGO works with companies to turn audit season into a launchpad for operational improvement. We serve growing businesses, private equity–backed companies, and public entities across industries — from healthcare to technology to real estate. 

Our teams help you refine internal controls, strengthen financial reporting, and implement scalable processes that reduce risk and support long-term readiness. Whether your organization is addressing audit findings, planning for future growth, or building toward SOX readiness, we bring practical solutions aligned with your business goals.* 

Let’s talk about how we can support your post-audit strategy. 

*for non-assurance clients

The post How Your Business Can Maximize Value Post-Audit appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Adopting strong controls early can ease the transition for IPOs and attract private equity buyers with higher financial reporting expectations.

• Rapidly growing private companies face increased risks of errors and fraud, making structured financial controls essential for sustainable growth.

• Enhanced internal controls improve your credibility with investors, banks, and industry peers, strengthening financial oversight and stakeholder trust.

—

Often viewed as a public company concern, private organizations can benefit from implementing internal controls like Sarbanes-Oxley (SOX) Section 404 requirements. A strong control environment will enhance your accountability, reduce your fraud risk, improve financial processes, and strengthen your board engagement — all of which can be critical for your long-term success. 

Private organizations are not always smaller, but they do often have limited resources in specialized areas like income tax accounting. If your tax functions operate outside the core accounting team — plus combined with the complexity of financial reporting — your private company may be an ideal candidate for enhanced internal controls. Proactively adopting public-company-level controls can provide significant benefits.  

5 Reasons Your Private Company Should Strengthen Its Internal Controls

Here are some scenarios when it might makes sense to invest in public-company-level controls — and the value you stand to gain:

1. You’re Preparing for an Initial Public Offering (IPO)

If an IPO is part of your company’s future, setting up strong internal controls early can create a smoother transition. A phased approach to SOX compliance allows businesses to integrate controls into operations before they are required by regulators. Reports on IPO activity and first-time internal control over financial reporting (ICFR) assessments show that companies are three times more likely to disclose internal control weaknesses during their first assessment. A rushed transition to SOX compliance can put undue pressure on a newly public company. 

2. You’re Wanting to Attract a Private Equity (PE) Investment

For companies considering a sale to a private equity firm, enhanced financial reporting controls can provide added credibility and confidence for potential buyers. Strong internal controls increase transparency and reduce financial risk, making your company a more attractive investment. Additionally, if the PE firm’s exit strategy includes an IPO, SOX-level controls will become necessary in the future. 

3. You’re Interested in Managing Risk During Rapid Growth

If your company is experiencing rapid expansion — whether through organic growth or acquisitions — you’re more susceptible to financial misstatements and fraud. As business complexity increases, the capacity and skill set of internal accounting, finance, and tax teams may lag. Establishing standardized processes with preventive and detective controls can help reduce risk, allowing necessary financial oversight to keep pace with the growth you’re experiencing. 

4. You’re Strengthening Your Credibility with Investors and Lenders

Beyond public shareholders, many private companies have stakeholders who rely on financial information, such as banks, investors, and strategic partners. Enhanced internal controls improve financial reporting accuracy, increasing trust and reducing perceived investment risk. This can lead to lower borrowing costs and stronger relationships with financial institutions. 

5. You’re Interested in Aligning with Industry Best Practices

In certain industries, internal control expectations are shaped by public-company peers. Sectors such as utilities, healthcare, financial services, and technology—where data security and regulatory compliance are critically looking to industry leaders to set control expectations. Private companies operating in these industries can receive help from adopting the same high standards, strengthening their competitive position, and reducing risk exposure. 

Future-Proofing Your Private Company with Stronger Controls 

Private companies face increasing stakeholder scrutiny around accountability, risk management, and financial integrity. Those that proactively adopt stronger internal controls prove long-term strategic thinking, preparing for potential transitions such as an IPO, sale, or industry regulatory changes. 

How MGO Can Help

MGO collaborates with private companies to develop and implement internal controls that improve financial oversight, reduce risk, and align with leading industry practices. Whether you’re preparing for SOX compliance, attracting investors, or strengthening your financial governance, MGO provides tailored solutions that support organizations in building scalable, transparent, and sustainable control environments. 

With a broad background across industries, MGO helps private businesses navigate complex financial landscapes with structured processes, improved oversight, and strengthened financial transparency, positioning them for future opportunities. Contact us to learn more.

The post Why Your Private Company Should Strengthen Its Internal Controls appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• FASB’s ASU 2023-09 requires more detailed tax disclosures, including a breakdown by jurisdiction and a 5% threshold for key items. It applies to both public and private companies, with varying start dates.

• Some older disclosures are removed, while new rules require more detailed reporting on rate reconciliation and domestic versus foreign income (aligning with SEC rules).

• Companies should reassess tax controls to reduce the risk of restatements, material weaknesses, and SEC scrutiny.

—

Correctly accounting for and disclosing income taxes under ASC 740 is complex. This is especially true this year given the effective date of Accounting Standards Update (ASU) No. 2023-09, “Income Taxes (Topic 740): Improvements to Income Tax Disclosures,” which the Financial Accounting Standards Board (FASB) issued in late 2023.

With the potential complexity of the ASU’s new requirements, it’s important to consider whether your processes, systems, and internal controls should be modified to facilitate effective implementation. This article walks you through the most important aspects of the ASU, as well as what to consider in designing strong internal tax controls that can help reduce reporting errors.

FASB Issues Final ASU to Improve Income Tax Disclosures

In response to feedback from the investor community requesting the disclosure of additional information pertaining to income taxes, the FASB issued ASU 2023-09 in December 2023. One of the ASU’s overarching themes is the disaggregation of information that may previously have been aggregated or commingled — a change that’s expected to provide greater transparency and consistency. In particular, the disclosure requirements seek to increase visibility into various income tax components that affect rate reconciliation, as well as the qualitative and quantitative aspects of those components.

Main Provisions

The ASU requires public business entities (PBEs) to disclose additional information in specified categories with respect to the reconciliation of the effective rate to the statutory rate for federal, state, and foreign income taxes. It also requires greater detail about individual reconciling items in the rate reconciliation if the impact of those items exceeds a threshold.

Under the ASU, PBE information pertaining to taxes paid (net of refunds received) must be disaggregated for federal, state, and foreign taxes and further disaggregated for specific jurisdictions if the related amounts exceed a quantitative 5% threshold. That threshold is determined by multiplying 5% by the product of pretax income (or loss) from continuing operations and the applicable federal statutory rate, and it essentially emulates the requirement in SEC Regulation S-X.

The ASU also describes items that need to be disaggregated based on their nature, which is determined by reference to the item’s fundamental or essential characteristics.

Updated Annual Disclosure Requirements

Rate Reconciliation

ASU 2023-09 specifies categories for which disclosures associated with the rate reconciliation are required, and each category has varying degrees of qualitative and/or quantitative disclosure.

PBEs

The following categories must be included in annual disclosures in the rate reconciliation in tabular form both in amounts in the applicable reporting currency and in percentages:

• State and local income taxes in the country of domicile net of related federal income tax effects.
• Foreign tax effects, including state or local income taxes in foreign jurisdictions. 
  • Reflects income taxes imposed by foreign jurisdictions.  
  • Disaggregation is required when individual reconciling items equal or exceed the 5% threshold. This would include the statutory rate differential between the foreign jurisdiction and that of the county of domicile.  
  • If an individual foreign jurisdiction meets the 5% threshold, it must be separately disclosed as a reconciling item. Further disaggregation is required for that jurisdiction for cross-border tax laws, tax credits, and nontaxable or nondeductible items that meet the 5% threshold.  
• Effects of changes in tax laws or rates enacted in the current period.  
  • Applies to federal taxes of the country of domicile.  
  • Reflects the cumulative tax effects of a change in enacted tax laws or rates on current or deferred tax assets and liabilities at the date of enactment.  
• Effect of cross-border tax laws. 
  • Applies to incremental income taxes imposed by the jurisdiction of domicile on income earned in foreign jurisdictions. When the country of domicile taxes cross-border income but also provides a tax credit on the same income during the same reporting period, the tax effect of both the cross-border tax and its related tax credit may be presented on a net basis.  
  • Disaggregation required when individual reconciling items equal or exceed the 5% threshold and by nature of the item.  
• Tax credits. 
  • Applies to federal taxes of the country of domicile.  
  • Disaggregation required when individual reconciling items equal or exceed the 5% threshold and by nature of the item.  
  • This category does not include foreign tax credits.  
• Changes in valuation allowances. 
  • Applies to federal taxes of the country of domicile. For example, any change in valuation allowance in a foreign jurisdiction would be included in the foreign tax effects category and separately disclosed as a reconciling item if greater than the 5% threshold.  
• Nontaxable or nondeductible items.  
  • Applies to federal taxes of the country of domicile.  
  • Disaggregation required when individual reconciling items equal or exceed the 5% threshold and by nature of the item.  
• Changes in unrecognized tax benefits.  
  • Aggregate disclosure of changes in unrecognized tax benefits is allowed for all jurisdictions.  
  • This category reflects reconciling items resulting from changes in judgment related to tax positions taken in prior annual reporting periods.  
  • When an unrecognized tax benefit is recorded in the current annual reporting period for a tax position taken or expected to be taken in the same reporting period, the unrecognized tax benefit and its related tax position may be presented on a net basis in the category in which the tax position is presented.  

The FASB has determined all reconciling items should be presented on a gross basis. However, it will allow net presentation of the effects of specific cross-border tax laws and the associated effects of foreign tax credits, as well as the netting of current-year uncertain tax positions and current-year tax positions against the relevant category. If a foreign jurisdiction meets the 5% threshold, it must be disclosed as a reconciling item. Irrespective of whether any foreign jurisdiction satisfies the 5% threshold, any individual item meeting the 5% threshold must be disclosed by nature.

PBEs must disclose the state and local jurisdictions that contribute to the majority (greater than 50%) of the effect of the state and local tax category, beginning with the state or local jurisdiction having the largest effect and proceeding in descending order.

If the information is not otherwise evident, PBEs must explain any disclosed reconciling items in the categories above, including their nature, effect, and underlying causes, as well as the judgment used in categorizing them.

It is noteworthy that the FASB decided to align the disclosure requirements with those in SEC Regulation S-X Rule 4-08(h)(2). The federal rate for a foreign entity should normally be that of the entity’s jurisdiction of domicile. However, if that rate is other than the U.S. corporate rate, both the rate and the basis for its use must be disclosed.

Entities Other Than PBEs

For entities other than PBEs, a qualitative disclosure of the nature and effect of the categories of items discussed above is required along with the individual jurisdictions that result in a significant difference between the statutory and effective tax rates. A numerical reconciliation is not required.

Income Taxes Paid

The ASU requires that all entities annually disclose the amount of income taxes paid (net of refunds received) disaggregated by federal, state, and foreign jurisdictions. It requires further disaggregation for any jurisdiction where the amount of income taxes paid is at least 5% of the total income taxes paid. In quantifying the 5% threshold for income taxes paid, the numerator of the fraction should be the absolute value of any net income taxes paid or income taxes received for each jurisdiction and the denominator should be the absolute value of total income taxes paid or refunds received for all jurisdictions in the aggregate.

Income Statement

The ASU makes some minor changes to the required income statement disclosures relating to income taxes, stipulating that income (loss) from continuing operations before income tax expense (benefit) be disclosed and disaggregated between domestic and foreign sources. It mandates the disclosure of income tax expense (benefit) from continuing operations disaggregated by federal, state, and foreign jurisdictions. Income tax expense and taxes paid relating to foreign earnings that are imposed by the entity’s country of domicile would be included in tax expense and taxes paid for the country of domicile.

Eliminated Disclosures  

ASU 2023-09 eliminates the historic requirement that entities disclose information concerning unrecognized tax benefits having a reasonable possibility of significantly increasing or decreasing in the 12 months following the reporting date. It also removes the requirement to disclose the cumulative amount of each type of temporary difference when a deferred tax liability is not recognized because of the exceptions to comprehensive recognition of deferred taxes related to subsidiaries and corporate joint ventures. Entities should continue to disclose the types of temporary differences for which deferred tax liabilities have not been recognized under ASC 740-30-50-2(a), (c), and (d).  

Effective Dates and Transition  

All entities should apply the ASU prospectively with an option for retroactive application to each period in the financial statements. For PBEs, the guidance will be effective for fiscal years beginning after December 15, 2024, and for interim periods for fiscal years beginning after December 15, 2025. For entities other than PBEs, the guidance will be effective for fiscal years beginning after December 15, 2025, and for interim periods beginning with fiscal years beginning after December 15, 2026. Early adoption is allowed. 

When developing a plan to implement the new disclosure requirements, consider whether amounts meeting the 5% threshold are material to help guide an assessment of the jurisdictions and items that will be disaggregated in the disclosures. Specifically, it may be prudent to quantify those amounts in order to effectively assess the materiality of the amounts disaggregated. 

Given the potential complexity of, and the resources necessary to satisfy, the new requirements established by the ASU, consider whether adoption will be made prospectively or retrospectively. Also contemplate the modifications to processes, procedures, systems, and internal controls that will be necessary to facilitate an effective implementation process. Those considerations will be of particular importance for entities with foreign operations. 

Reducing Risk with Tax Internal Controls  

Two decades after the enactment of Section 404 of the Sarbanes-Oxley (SOX) Act, income-tax-related material weaknesses continue to plague companies — with a recent report showing that tax-related restatements account for approximately 12% of all restatements. 

Without proper internal controls, companies may be susceptible to reporting errors, which can lead to reputational risk and financial burdens stemming from remediation. Companies with strained or limited in-house resources must prioritize income tax accounting and reporting before it is too late.  

Correctly accounting for and disclosing income taxes under ASC 740 is increasingly important to mitigate a company’s risk of restatement, material weakness, and SEC comments. In-depth knowledge of tax and financial reporting, proper audit documentation, and clear and transparent disclosures can help reduce income reporting risk.  

While all public companies must be SOX compliant, many have not refreshed income tax controls since initial implementation, and new guidance has changed the standards required for compliance.  

Controls often fail because they are not adequately designed or operating as intended. For instance, it is unlikely that one overarching management review control can cover all the areas of an income tax provision or clearly identify the nature of the review procedures for each key provision component. Controls also might lack supporting evidence of performance and review. 

How MGO Can Help

Our dedicated team of tax professionals stays ahead of emerging guidance — such as FASB’s new ASU 2023-09 — to help your organization navigate complex requirements. We provide end-to-end support, from assessing current processes and strengthening internal controls to optimizing disclosure practices in line with the latest standards. By leveraging our practical experience and technical insights, we can help you mitigate risk, streamline reporting, and maintain robust compliance strategies to meet both immediate and long-term financial goals. Contact us today to stay ahead of these developments.  

The post FASB ASU 2023-09: Income Tax Disclosure Updates to ASC 740 appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Confirm the new auditor meets industry regulations and independence standards to keep compliance and avoid potential concerns. 

• Selecting an auditor with relevant experience supports financial reporting accuracy and a better understanding of industry requirements. 

• A structured transition process supports a smooth change, reducing potential disruptions and keeping financial reporting on track. 

—

Changing auditors is a significant decision for any business, whether private or publicly traded. The choice affects regulatory compliance, financial reporting quality, and stakeholder confidence. If your company is considering a change, these key factors can help you navigate the transition effectively: 

1. Regulatory and Compliance Considerations 

Publicly traded companies must follow oversight and reporting requirements set by the Public Company Accounting Oversight Board (PCAOB) and the U.S. Securities and Exchange Commission (SEC). Auditor independence, rotation, and reporting timelines are critical factors. 

Private companies, while not subject to the same requirements, still need to follow American Institute of Certified Public Accountants (AICPA) standards. Reviewing whether a new audit firm meets industry-specific rules and regulatory expectations helps avoid compliance risks. 

2. Industry Knowledge and Specialization 

An audit firm with experience in your industry may offer deeper insights into accounting standards, risks, and financial reporting challenges. Businesses in technology, healthcare, real estate, or manufacturing face unique regulatory and financial considerations. 

Auditors with a background in industry-specific frameworks — such as Financial Accounting Standards Board (FASB)  or Governmental Accounting Standards Board (GASB) rules for public entities — can help the process. 

3. Transition and Onboarding Process 

Switching auditors involves transferring financial records, adapting to new audit methodologies, and maintaining reporting consistency. A well-organized transition reduces potential delays and misalignment between financial teams and the new audit firm. 

Your company should evaluate how the new auditor will handle the onboarding process — including access to prior audit documentation, risk assessments, and compliance reporting. A structured plan can help minimize disruptions. 

4. Audit Fees and Cost Transparency 

Audit fees vary based on factors such as company size, industry complexity, and added reporting requirements. While cost should not be the only consideration, understanding the full pricing structure is important to avoid unexpected charges. 

Some firms offer a base audit fee but charge separately for added services — including internal controls testing, risk management assessments, or regulatory filings. Requesting a detailed breakdown of fees allows for better budgeting and cost planning. 

5. Reputation and Stability of the Audit Firm 

The reputation and financial stability of an audit firm can change external feelings, especially for publicly traded companies. If an auditor has been involved in regulatory investigations, PCAOB deficiencies, or high-profile audit restatements, it may raise concerns for investors and stakeholders. 

Your company can review an audit firm’s regulatory history, inspection reports, and client feedback to assess its standing in the industry. A well-established firm with a history of quality audits may provide greater reliability in financial reporting. 

6. Technology and Data Security in Audits 

Advancements in audit technology have improved efficiency, accuracy, and risk assessment. Some firms use data analytics, AI-driven audit tools, and cloud-based financial reporting platforms to enhance the audit process. 

If a company handles sensitive financial or customer data, evaluating an audit firm’s cybersecurity measures is essential. Strong data security protocols help reduce risks related to unauthorized access or breaches. 

7. Communication and Audit Process Alignment 

The relationship between a company and its auditor should involve clear expectations around reporting timelines, issue resolution, and overall communication. 

Some auditors take a more proactive approach, providing regular updates, insights into financial risks, and recommendations for process improvements. Others may follow a more structured, compliance-only framework. Your business should assess which approach aligns best with your needs. 

8. Independence and Potential Conflicts of Interest 

Audit firms must follow strict independent guidelines to avoid conflicts of interest. Regulations limit non-audit services provided to clients — such as consulting, tax advisory, or internal controls assessments — to prevent potential bias in audit opinions. 

Both public and private companies should review whether a prospective auditor has existing relationships that could affect objectivity. The SEC and PCAOB provide guidance on situations that may impair independence. 

Think Ahead for a Smooth Auditor Transition 

Changing auditors is a significant decision that affects financial reporting, regulatory compliance, and stakeholder trust. Whether your company is looking for a different audit approach, advanced technology, or a firm with deeper industry knowledge, selecting the right provider is critical to a smooth transition. 

If your business is evaluating a new audit firm, researching regulatory history, pricing transparency, and service capabilities can help set up a solid foundation for the next audit cycle. 

Consider MGO for Your Next Audit 

At MGO, we bring extensive experience across multiple industries — offering audit and assurance services tailored to public and private companies, government entities, and high-growth organizations. We combine regulatory knowledge, advanced audit technology, and a commitment to transparency to help your business navigate the complex financial reporting landscape. Our approach goes beyond compliance by delivering meaningful insights that support financial accuracy, risk management, and long-term success. Contact us today.

The post 8 Key Considerations When You’re Changing Auditors appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• To stay compliant, it’s important that you maintain accurate records, robust internal controls, and ongoing employee training.

• Risk mitigation is key, and proactive measures such as whistleblower hotlines and internal audits can help identify and address potential violations early on.

• Legal adherence is also important — make sure your compliance program aligns with all DOJ and SEC regulations to avoid severe penalties.

—

The Foreign Corrupt Practices Act (FCPA), a U.S. law enacted in 1977, targets bribery and corruption in international business transactions. The FCPA generally applies to any U.S. business entity but becomes more relevant to companies operating in foreign countries and certain foreign companies operating in the United States. The law’s accounting provisions require entities covered by the FCPA to keep accurate books and records and maintain adequate internal accounting controls. 

The Securities and Exchange Commission (SEC) and U.S. Department of Justice (DOJ) enforce the FCPA. Violations of the FCPA can result in fines, penalties, and criminal charges. Enforcement of the FCPA has increased considerably over the past decades, and both the DOJ and the SEC have expanded their roles from enforcer of anti-bribery laws to compliance regulators. Both private and public corporations are increasingly expected to adhere to a specific standard of FCPA compliance and are expected to have compliance programs that are effective and hold up to DOJ’s scrutiny. 

U.S. companies operating on the international playing field and foreign companies operating in the U.S. are both subject to the FCPA. In recent years, penalties exceeding $2 billion have been assessed against companies for FCPA violations. In 2023 alone, the SEC’s Division of Enforcement filed 784 enforcement actions, obtained nearly $5 billion in financial remedies, and awarded nearly $600 million to whistleblowers who reported their employers’ illegal activity. In this article, we provide insights into dealing with violations and offer practical ideas for mitigating risk. 

Addressing FCPA Risks 

The path to FCPA compliance is both proactive and reactive.  

A compliance program must align with the DOJ’s Evaluation of an Effective Compliance Program (as updated on Sept. 23, 2024), which serves as the Criminal Division’s guidance for prosecutors evaluating such programs. In addition, the DOJ has continued to enhance its expectations around effective corporate compliance by creating additional incentives for individuals to report information about criminal conduct directly to the DOJ. 

Determining if your company’s compliance program is well designed, resourced, and working provides a basis for evaluating the program’s effectiveness. Strong internal controls and whistleblower hotlines can help organizations identify and address problems at the earliest stages, which may then allow the organization to self-report to the SEC and the DOJ. A robust compliance program that also includes ongoing employee training can reduce the potential for FCPA violations.  

Discovering FCPA Violations 

Although effective internal controls and continuous monitoring of certain activities or transactions might catch potential acts of non-compliance, FCPA violations may come to light through various channels, including the following:   

• Whistleblower hotlines: Employees may report potentially illegal or non-compliant activities through their organization’s whistleblower hotline or other reporting mechanisms that allow them to anonymously share their concerns about potential illegal acts, including FCPA violations. Routine monitoring, triage, and escalation of these reporting channels can increase an organization’s opportunities for early identification of potentially illegal activities. 

• Employee exit interviews: Some employees may feel uncomfortable discussing their observations of allegedly illicit activity while still employed or, in certain instances, may not know about the organization’s whistleblower mechanism. Others may innocently report on illegal transactions during an exit interview. Finally, some may be unaware of the appropriate whistleblower mechanism in place. Information that comes to light during employee exit interviews must be appropriately triaged and forwarded to the proper internal parties.   

• Internal audits: Companies may develop and maintain protocols designed to uncover potential regulatory violations or non-compliance, including internal controls evaluations; financial record reviews; third-party due diligence investigations; reviews of gift, travel, and entertainment expenses; and employee training opportunities. 

• Routine business activities: During the regular course of business, an organization’s employees may notice suspicious activities that require further review. In some cases, the information may pass through the normal chain of command until a reasonable explanation is offered or an internal investigation is triggered. 

• SEC or DOJ notifications: Occasionally, the SEC or DOJ will have been notified of potential illegal activities through their respective whistleblower awards programs: the SEC Whistleblower Program and the DOJ’s Corporate Whistleblower Awards Pilot Program. In such instances, both agencies can initiate contact with an organization through informal means, such as phone calls or emails. More formal notifications — such as a Wells Notice, a Target Letter, a subpoena, or a civil complaint — alert an organization that an enforcement action is imminent or ongoing.  

Regrettably, an organization’s first notice of an FCPA violation may arrive as a result of a whistleblower report made directly to the SEC or DOJ or arise from another investigation implicating a different organization. Both the existing SEC and new DOJ whistleblower programs have further incentivized individuals to notify them of potential illegal activities and violations.  

Understanding SEC and DOJ Whistleblower Programs 

Reports of suspicious activity received through internal channels can be evaluated through substantive internal investigative work; self-reporting may then become an option. However, possible illegal behavior can be directly reported to regulatory bodies — and updated FCPA and anti-bribery anti-corruption regulations have made the process easier and more lucrative for whistleblowers. 

The SEC’s whistleblower program, created by the Dodd-Frank Act, encourages individuals to report illegal activities directly to the SEC. In return, people who divulge high-quality information that leads to an SEC enforcement action may receive between 10% and 30% of the money the SEC collects. For example, the SEC announced in August 2024 that it will be awarding two whistleblowers the sums of $4 million and $20 million, respectively, for their pivotal roles in an SEC enforcement action. 

The DOJ’s Criminal Division Corporate Whistleblower Awards Pilot Program is designed to mirror and supplement other successful whistleblower programs managed by the SEC, the Commodity Futures Trading Commission (CFTC), and the Financial Crimes Enforcement Network (FinCEN) and is specifically targeted at private non-public health care programs, privately held companies and others that are not publicly traded as well as cryptocurrency businesses. Information provided by the whistleblower through this program is intended to fill the gaps in other agencies’ whistleblower programs by advancing criminal investigations and prosecutions pertaining to compliance violations by financial institutions, foreign and domestic corruption, including violations of the FCPA and Foreign Extortion Prevention Act (FEPA), as well as specific health care fraud that is not covered by the False Claims Act qui tam program. Similar to other programs, the whistleblower may receive a percentage of any civil or criminal forfeitures that result from a successful DOJ prosecution. However, certain conditions will apply. Additionally, the DOJ may decline to prosecute companies that voluntarily self-report potential violations in a timely manner. 

Whether the FCPA violation is discovered through an internal or external channel, the organization’s leaders must respond in a manner that can withstand the scrutiny of investigators and be responsive to the organization’s stakeholders. 

Making an Organized Response to an FCPA Violation 

Reacting to a potential FCPA violation appropriately and in a defensible manner can significantly impact the outcome, the decision to self-disclose, and the resolution of the matter. In addition, amendments to the Corporate Whistleblower Awards Pilot Program give companies 120 days to self-disclose from the point of receiving a whistleblower allegation in order to benefit from the program’s presumption of declination (subject to other qualifying elements). An orderly response to any allegation often stems from plans established well before an incident occurs. Given the implications of self-disclosure, whether formal protocols are in place or not, the following eight tasks should be considered part of an organization’s course of action after learning of a potential FCPA violation:  

1. Notify the Legal Department: A company’s general counsel or outside counsel should be involved as soon as an FCPA compliance issue is suspected or identified. Not only can counsel provide legal guidance at the outset of the process, but their work is generally protected by attorney-client privilege and the work-product doctrine. Early access to the situation can also help prepare counsel for any internal investigations or litigation that may arise from the incident, as well as providing the background information needed to make an informed decision regarding self-disclosure. 
2. Identify the parties involved: Although the investigation process will be fluid and expanding, it’s crucial to gain an early understanding of the parties within the organization who were involved with any suspicious payments or activities. Learning who knew of and authorized the payments in question may significantly impact the scope of any current or future investigations. 
3. Capture the data: One of the first things legal counsel will typically do is issue a legal hold to anyone associated with the identified potential issue or with knowledge about any transactions. This notifies them to preserve certain items that could be evidence that is needed during an investigation. These types of litigation holds are instrumental in gathering the facts and circumstances needed to understand a potential FCPA non-compliance.  
4. Consider hiring independent expertise: Navigating potential FCPA violations requires the knowledge of complex laws and regulations that outside counsel may provide. Such expertise can assist in the investigative process and during potential interactions with the regulatory and enforcement authorities. In addition, evaluating the facts and circumstances surrounding any suspicious transactions will likely require the type of deep dive into the organization’s accounting systems and internal controls that typically is best handled by forensic accounting and investigations professionals.  
5. Perform a preliminary investigation: Forming a plan of action requires knowledge of the facts and circumstances surrounding the suspected illicit activity. Consider using internal groups, such as the audit department, to gather transactional data for review. Be mindful of the independence of the internal team(s) used to perform such a preliminary review, as this might impact the reliance on their findings. 
6. Inform key stakeholders: It is critical to inform the organization’s Board of Directors and Audit Committee about the possible incident early in the process. In addition, briefing the auditor can help them understand the company’s response to the allegations, as well as the potential impact on the current or past audits and help address the auditors’ obligations when such a disclosure is made.  
7. Assess the organization’s compliance programs: The strength of an organization’s compliance program may affect the outcome of an SEC or DOJ investigation. Questions regarding the effectiveness of the compliance program should include: Does the program include up-to-date training in FCPA compliance for employees? Is a whistleblower hotline in place? Has the organization engaged in due diligence for resellers and third-party vendors? Evidence of attempts to maintain good corporate governance can mitigate penalties in most cases. 
8. Keep communication channels open: In situations such as this, the organization’s reputation and financial well-being are at risk. As the investigation proceeds, communicate frequently with key stakeholders, including the Audit Committee, the Board of Directors, the C-suite, the Human Resources Department, compliance leadership, and the company’s auditors.  

Independent and thorough investigation of an FCPA violation demonstrates an understanding of the importance of internal controls, compliance programs, tone at the top, and training. Additionally, an organized response aids company leaders in developing a well-documented and defensible response to inquiries from government regulatory bodies. The results of an internal investigation may also steer the company toward self-reporting the incident through proper channels. 

Mitigating the Risks of Future FCPA Violations 

Assessment and remediation after a regulatory investigation can enhance an organization’s compliance program and, despite the human error element, can help reduce the risk of future violations. Taking a proactive approach can result in a robust compliance program that is rigorously enforced, updated, and maintained, signaling a developed culture of compliance within the organization. While there is no guarantee of leniency, the SEC and DOJ do consider the existence and effectiveness of compliance programs when determining penalties for FCPA violations. 

Organizations may focus on several key areas to mitigate potential FCPA risks, including the following: 

• Compliance program maturity: An organization may begin by evaluating the maturity of its compliance program, focusing particularly on whether the program addresses its true compliance risks. Efficient allocation of limited resources hinges on a thorough review of the current compliance program to expose any existing vulnerabilities. 

• Transactions monitoring: Failure to implement strategies and technology for data analytics and continuous transactions monitoring can be costly in the long run when not aligned with current regulatory expectations.  

• Reporting mechanisms: Employees need an accessible, confidential way to report potential violations. A working whistleblower program or similar mechanism is a critical part of an effective compliance program. 

• Training: Up-to-date training about FCPA compliance for employees and third parties not only can decrease the risk of non-compliant behavior but also demonstrates to regulators the organization’s proactive manner of addressing these risks. 

• Third-party due diligence: Organizations generally are held accountable for FCPA compliance failures that occur through third parties, including vendors and resellers. A thorough due diligence process is a must. Noncompliant and ill-trained third parties — especially when weak compliance measures are in place — can result in significant fines and legal action against the organization. 

Compliance is a critical component of ethical business conduct, relying on thorough assessment of an organization’s processes to help ensure alignment with laws and regulations. 

Is Your Organization Prepared to Manage FCPA Compliance? 

Swift, decisive action is necessary when an organization identifies a potential FCPA violation. However, a robust compliance program can proactively address the risks associated with doing business in today’s strict regulatory landscape.  

Our Forensics team members have the experience and skill to assist in both proactive and reactive situations. Before trouble strikes, we can conduct strategic evaluations of your organization and your compliance ecosystems to address overall risk. We also can help prepare your response to government enforcement and inquiries from the DOJ, SEC, or foreign regulators.  

Our professionals come from forensic, accounting, regulatory, investigative, enforcement, litigation support and operational backgrounds, with extensive experience working with counsel and regulators. As accountants and forensic specialists, we can help you navigate highly technical and operational elements in a manner that is effective, defensible, and responsive to regulatory standards and expectations. 

Written by Didier Lavion. Copyright © 2024 BDO USA, P.C. All rights reserved. www.bdo.com 

How MGO Can Help 

MGO’s team of forensic accountants can assist you in navigating the complexities of FCPA regulations, making sure you implement and maintain robust compliance programs. From conducting internal audits and risk assessments to developing whistleblower programs and providing employer training, we can provide you with tailored solutions to help your organization proactively manage the full spectrum of FCPA risks.

By leveraging our deep industry experience and regulatory insights, you can enhance your internal controls, respond effectively to potential violations, and safeguard your operations from costly penalties. Contact us to learn more.  

The post FCPA Compliance: A Practical Guide for Identifying and Mitigating the Risk of Violations appeared first on MGO CPA | Tax, Audit, and Consulting Services.