• A financial statement audit evaluates whether a company’s financials are fairly presented in accordance with applicable accounting standards. An integrated audit also includes an assessment of internal controls over financial reporting.

• Common audit mistakes include late or missing provided-by-client (“PBC”) requested submissions, insufficient or unreliable documentation that hinders effective risk assessment, weak internal and IT controls, and errors in applying accounting standards.

• Preparing early, understanding the internal control environment, and training staff can help your company provide relevant and reliable information, which is critical for assessing audit risk and demonstrating compliance with applicable laws and regulations.

—

Financial statement audits are a critical checkpoint for companies, stakeholders, and investors. While the process has its limitations, the goal of an audit is to provide reasonable assurance that the company’s financial statements are free of material misstatement (whether due to error or fraud).

However, the audit process is only as effective as the broader environment supporting it — including timely and reliable financial information, a well-resourced accounting function, effective oversight by the board or audit committee, and a clear understanding of the entity’s operations and the regulatory landscape of its industry.

Many organizations approach audit season underprepared or unaware of the common pitfalls and complex or nontraditional transactions that can delay the process, increase costs, or raise compliance concerns.

In this article, we explain the financial statement audit process, common mistakes we see companies make during external audits, and best practices that lay the foundation for a smoother audit experience.

Understanding Financial Audits

During a financial statement audit, an independent registered public accounting firm follows generally accepted auditing standards (GAAS) and assesses your company’s financial records, transactions, and reporting processes. Independent auditors gather and evaluate relevant and reliable evidence to determine whether the financial statements are presented fairly — following generally accepted accounting principles (GAAP), international financial reporting standards (IFRS), or another applicable financial reporting framework.

The process typically follows these phases:

1. Audit planning and risk assessment: External auditors work closely with company management to understand the operations of the business, identify significant risk areas, and develop an audit strategy that is unique to the organization.

2. Internal control evaluation: The auditor assesses the design and operating effectiveness of internal controls over financial reporting, often through walkthroughs and targeted testing of key controls. The results of this evaluation directly inform the auditor’s risk assessment and the nature, timing, and extent of substantive audit procedures. In an integrated audit, this process also includes gathering information to develop an opinion on the effectiveness of internal controls. Auditors pay particular attention to information technology general controls (ITGCs), which are foundational to the reliability of automated processes and system-generated reports. If the auditors identify material weaknesses, they may need to disclose them in the financial statement footnotes or the auditor’s report (depending on the severity and context).

3. Substantive testing: The auditor gathers evidence by examining transactions, account balances, and disclosures through sampling, confirmations, and recalculations. Strong internal controls impact the audit team’s risk assessment and may allow the team to reduce the amount of substantive testing required.

4. Conclusion and reporting: The auditor drafts the opinion letter, communicating findings to management and those charged with governance.

10 Common Types of Mistakes Made in Public Audits

Despite best intentions, many organizations encounter issues during the annual audit that delay timelines, increase costs, or raise red flags. Here’s a look at some common mistakes and why they matter:

1. Inadequate Documentation of Internal Controls

Many companies fail to maintain sufficient documentation around their internal control procedures. This lack of documentation makes it difficult for auditors to understand and — if necessary — test the design, implementation, and effectiveness of key controls. As a result, auditors may need to perform additional walkthroughs or expand their substantive testing — potentially increasing audit costs and timelines.

For publicly traded companies, this issue can have additional implications under Section 404 of the Sarbanes-Oxley Act (SOX). Section 404(a) requires management to assess and report on the effectiveness of internal control over financial reporting (ICFR). Section 404(b) requires the independent auditor to attest to and report on management’s assessment for accelerated filers.

If the auditors deem internal controls ineffective, management must disclose material weaknesses in its annual filing with the SEC. This can affect investor confidence, internal resource allocation, and external perceptions of the company’s governance. These findings may also place added pressure on the accounting team to remediate deficiencies under tight deadlines while still managing the financial close and reporting cycle.

2. Late or Incomplete Audit PBC Requests

Prior to audit fieldwork, the audit team sends a “provided by client” (PBC) list to management outlining the documents and financial data auditors need. Submitting incomplete or delayed items stalls fieldwork and may increase audit fees.

3. Improper Revenue Recognition

Misapplying Accounting Standards Codification (“ASC”) 606 or lacking support for revenue transactions — including cutoff periods around year-end — is a recurring audit issue. Companies often struggle to identify and document performance obligations in their contracts with customers and allocate the transaction price appropriately among those obligations.

These issues are especially common in arrangements involving bundled products or services, where the timing and pattern of revenue recognition may differ by deliverable. Inadequate documentation or inconsistent application of these principles can lead to audit adjustments or the need for expanded testing.

4. Weak IT General Controls

Deficiencies in ITGCs — such as user access management, change management, physical security of IT systems, intrusion detection, and system backup and recovery processes — can compromise the integrity of financial reporting systems and result in control deficiencies or audit findings. Increasingly, cybersecurity risk is also a critical area of concern, particularly as companies face heightened exposure to data breaches and unauthorized access.

In cases where companies outsource key processes or use cloud-based platforms that affect financial reporting, it’s important to obtain and evaluate SOC 1 Type 2 reports from service providers. These reports help assess whether the third party’s control environment supports reliable financial reporting. Failing to obtain or properly review these reports can result in audit scope limitations or the need for additional procedures.

5. Errors in Lease Accounting

ASC Topic 842  introduced significant changes to lease accounting — increasing complexity in how companies identify, measure, and disclose lease arrangements. Common mistakes include misclassifying leases, failing to identify embedded leases in service or supply agreements, and incorrectly applying accounting treatment for lease modifications and remeasurement events.

Errors can also arise in calculating the right-of-use asset and lease liability, selecting the appropriate discount rate, and preparing the required footnote disclosures. These issues can lead to material misstatements and require substantial audit follow-up — especially when a company maintains a large or decentralized lease portfolio.

6. Inaccurate or Unsupported Estimates

Many key areas in financial reporting rely on management’s judgment, especially when it comes to technical estimates such as goodwill impairment, valuation of long-lived assets, fair value of debt or equity instruments, and contingent liabilities. These estimates require a disciplined process of identifying the appropriate valuation method, documenting key assumptions, and evaluating both supporting and contradictory information.

Errors often arise when companies fail to update assumptions based on current market conditions, skip critical steps in the impairment testing process, or use inconsistent inputs across related estimates. A lack of documentation or transparency around the basis of these estimates raises audit concerns and can result in restatements or material weaknesses in internal controls over financial reporting.

7. Failure to Perform Timely Reconciliations

Account reconciliations help ensure accuracy and reliability in financial statements by comparing information in your financial records with third-party support — such as bank statements or loan documents. Delayed or inconsistent reconciliations of bank accounts, intercompany balances, and key general ledger accounts can indicate larger issues with the financial close process.

8. Insufficient Segregation of Duties

In smaller or rapidly growing companies, it’s common for individuals to handle multiple steps within a transaction cycle — such as initiating, approving, and recording transactions. This increases the risk of errors and intentional misstatements.

A lack of proper segregation of duties introduces risk at the process level and signals broader weaknesses in the company’s control environment (a key component of internal control frameworks). When auditors identify these gaps, they may reduce their reliance on controls and expand the scope of substantive testing — increasing the time and resources required for the audit and potentially causing delays.

Strengthening segregation of duties supports the integrity of financial reporting and reinforces a culture of accountability.

9. Poor Communication Between Financial Reporting and Operational Teams

A disconnect between accounting and other departments — including operations, legal, and procurement — can result in incomplete or misclassified transactions and missed disclosures. This issue is especially common in areas like inventory management, project accounting, and deferred revenue recognition.

It can also impact the identification and disclosure of related party transactions, legal contingencies, and other matters that require input from departments outside of finance. For example, if legal teams do not communicate the existence of pending or threatened litigation, the accounting team may fail to properly record or disclose a loss contingency — resulting in audit findings or misstatements. Clear, documented communication channels between departments are critical for complete and accurate financial reporting.

10. Lack of Readiness for New Accounting Standards

Companies often underestimate the effort required to adopt new standards — such as those related to segment disclosures (ASU 2023-07), income tax disclosures (ASU 2023-09), and business combinations (ASU 2023-05). Late-stage implementation leads to rushed adjustments and audit stress.

Fortunately, many of these issues are avoidable through proper preparation, communication, documentation, and adherence to regulations.

How to Prepare for a Smoother Audit Season

Here are a few best practices to reduce audit risks and improve efficiency in the financial statement reporting process:

• Start early: Preparing for the year-end audit should begin months in advance. Develop and assign internal timelines for PBC deliverables, reconciliations, and close procedures.

• Assess and document internal controls: Clearly document your control procedures. Perform regular controls testing throughout the year and update them to reflect changes in processes or personnel at year-end.

• Invest in training: Your accounting and finance teams should stay current on new standards and audit requirements to reduce the risk of misapplication.

• Leverage technology thoughtfully: Use financial close and compliance tools to streamline workflows, manage documentation, and maintain audit trails.

• Conduct a pre-audit walkthrough: Reviewing key areas of risk, estimates, and controls ahead of time enables your company to address issues before auditors arrive.

• Foster collaboration: Create open channels of communication between auditors, internal accounting functions, IT, operational departments, and the audit committee to minimize misalignment. Collaboration between external auditors and the internal audit team can also be beneficial. However, under the Public Company Accounting Oversight Board’s new QC 1000 standards, internal auditors are considered “other participants” in the audit, which may affect how their work is evaluated and used. Companies should understand the implications of this designation and ensure internal audit activities are properly documented and aligned with audit objectives.

Be Proactive to Prevent Audit Mistakes Before They Happen

A successful audit is more than a compliance milestone. It’s a sign of sound corporate governance. By recognizing common mistakes and addressing them proactively, you can support more accurate and timely financial statements, reduce audit fatigue in your team, and build trust with stakeholders and regulators.

How MGO Can Help

Our Audit and Assurance team supports public companies through every stage of the audit lifecycle — from preparing internal controls documentation to navigating complex accounting standards and responding to auditor inquiries. Our professionals bring deep industry experience to help clients identify risks and streamline financial reporting processes. If you’re approaching audit season or facing challenges with audit readiness, reach out for guidance tailored to your specific needs.

The post 10 Common Public Audit Mistakes That Could Delay Your Timeline appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• FASB’s ASU 2023-09 requires more detailed tax disclosures, including a breakdown by jurisdiction and a 5% threshold for key items. It applies to both public and private companies, with varying start dates.

• Some older disclosures are removed, while new rules require more detailed reporting on rate reconciliation and domestic versus foreign income (aligning with SEC rules).

• Companies should reassess tax controls to reduce the risk of restatements, material weaknesses, and SEC scrutiny.

—

Correctly accounting for and disclosing income taxes under ASC 740 is complex. This is especially true this year given the effective date of Accounting Standards Update (ASU) No. 2023-09, “Income Taxes (Topic 740): Improvements to Income Tax Disclosures,” which the Financial Accounting Standards Board (FASB) issued in late 2023.

With the potential complexity of the ASU’s new requirements, it’s important to consider whether your processes, systems, and internal controls should be modified to facilitate effective implementation. This article walks you through the most important aspects of the ASU, as well as what to consider in designing strong internal tax controls that can help reduce reporting errors.

FASB Issues Final ASU to Improve Income Tax Disclosures

In response to feedback from the investor community requesting the disclosure of additional information pertaining to income taxes, the FASB issued ASU 2023-09 in December 2023. One of the ASU’s overarching themes is the disaggregation of information that may previously have been aggregated or commingled — a change that’s expected to provide greater transparency and consistency. In particular, the disclosure requirements seek to increase visibility into various income tax components that affect rate reconciliation, as well as the qualitative and quantitative aspects of those components.

Main Provisions

The ASU requires public business entities (PBEs) to disclose additional information in specified categories with respect to the reconciliation of the effective rate to the statutory rate for federal, state, and foreign income taxes. It also requires greater detail about individual reconciling items in the rate reconciliation if the impact of those items exceeds a threshold.

Under the ASU, PBE information pertaining to taxes paid (net of refunds received) must be disaggregated for federal, state, and foreign taxes and further disaggregated for specific jurisdictions if the related amounts exceed a quantitative 5% threshold. That threshold is determined by multiplying 5% by the product of pretax income (or loss) from continuing operations and the applicable federal statutory rate, and it essentially emulates the requirement in SEC Regulation S-X.

The ASU also describes items that need to be disaggregated based on their nature, which is determined by reference to the item’s fundamental or essential characteristics.

Updated Annual Disclosure Requirements

Rate Reconciliation

ASU 2023-09 specifies categories for which disclosures associated with the rate reconciliation are required, and each category has varying degrees of qualitative and/or quantitative disclosure.

PBEs

The following categories must be included in annual disclosures in the rate reconciliation in tabular form both in amounts in the applicable reporting currency and in percentages:

• State and local income taxes in the country of domicile net of related federal income tax effects.
• Foreign tax effects, including state or local income taxes in foreign jurisdictions. 
  • Reflects income taxes imposed by foreign jurisdictions.  
  • Disaggregation is required when individual reconciling items equal or exceed the 5% threshold. This would include the statutory rate differential between the foreign jurisdiction and that of the county of domicile.  
  • If an individual foreign jurisdiction meets the 5% threshold, it must be separately disclosed as a reconciling item. Further disaggregation is required for that jurisdiction for cross-border tax laws, tax credits, and nontaxable or nondeductible items that meet the 5% threshold.  
• Effects of changes in tax laws or rates enacted in the current period.  
  • Applies to federal taxes of the country of domicile.  
  • Reflects the cumulative tax effects of a change in enacted tax laws or rates on current or deferred tax assets and liabilities at the date of enactment.  
• Effect of cross-border tax laws. 
  • Applies to incremental income taxes imposed by the jurisdiction of domicile on income earned in foreign jurisdictions. When the country of domicile taxes cross-border income but also provides a tax credit on the same income during the same reporting period, the tax effect of both the cross-border tax and its related tax credit may be presented on a net basis.  
  • Disaggregation required when individual reconciling items equal or exceed the 5% threshold and by nature of the item.  
• Tax credits. 
  • Applies to federal taxes of the country of domicile.  
  • Disaggregation required when individual reconciling items equal or exceed the 5% threshold and by nature of the item.  
  • This category does not include foreign tax credits.  
• Changes in valuation allowances. 
  • Applies to federal taxes of the country of domicile. For example, any change in valuation allowance in a foreign jurisdiction would be included in the foreign tax effects category and separately disclosed as a reconciling item if greater than the 5% threshold.  
• Nontaxable or nondeductible items.  
  • Applies to federal taxes of the country of domicile.  
  • Disaggregation required when individual reconciling items equal or exceed the 5% threshold and by nature of the item.  
• Changes in unrecognized tax benefits.  
  • Aggregate disclosure of changes in unrecognized tax benefits is allowed for all jurisdictions.  
  • This category reflects reconciling items resulting from changes in judgment related to tax positions taken in prior annual reporting periods.  
  • When an unrecognized tax benefit is recorded in the current annual reporting period for a tax position taken or expected to be taken in the same reporting period, the unrecognized tax benefit and its related tax position may be presented on a net basis in the category in which the tax position is presented.  

The FASB has determined all reconciling items should be presented on a gross basis. However, it will allow net presentation of the effects of specific cross-border tax laws and the associated effects of foreign tax credits, as well as the netting of current-year uncertain tax positions and current-year tax positions against the relevant category. If a foreign jurisdiction meets the 5% threshold, it must be disclosed as a reconciling item. Irrespective of whether any foreign jurisdiction satisfies the 5% threshold, any individual item meeting the 5% threshold must be disclosed by nature.

PBEs must disclose the state and local jurisdictions that contribute to the majority (greater than 50%) of the effect of the state and local tax category, beginning with the state or local jurisdiction having the largest effect and proceeding in descending order.

If the information is not otherwise evident, PBEs must explain any disclosed reconciling items in the categories above, including their nature, effect, and underlying causes, as well as the judgment used in categorizing them.

It is noteworthy that the FASB decided to align the disclosure requirements with those in SEC Regulation S-X Rule 4-08(h)(2). The federal rate for a foreign entity should normally be that of the entity’s jurisdiction of domicile. However, if that rate is other than the U.S. corporate rate, both the rate and the basis for its use must be disclosed.

Entities Other Than PBEs

For entities other than PBEs, a qualitative disclosure of the nature and effect of the categories of items discussed above is required along with the individual jurisdictions that result in a significant difference between the statutory and effective tax rates. A numerical reconciliation is not required.

Income Taxes Paid

The ASU requires that all entities annually disclose the amount of income taxes paid (net of refunds received) disaggregated by federal, state, and foreign jurisdictions. It requires further disaggregation for any jurisdiction where the amount of income taxes paid is at least 5% of the total income taxes paid. In quantifying the 5% threshold for income taxes paid, the numerator of the fraction should be the absolute value of any net income taxes paid or income taxes received for each jurisdiction and the denominator should be the absolute value of total income taxes paid or refunds received for all jurisdictions in the aggregate.

Income Statement

The ASU makes some minor changes to the required income statement disclosures relating to income taxes, stipulating that income (loss) from continuing operations before income tax expense (benefit) be disclosed and disaggregated between domestic and foreign sources. It mandates the disclosure of income tax expense (benefit) from continuing operations disaggregated by federal, state, and foreign jurisdictions. Income tax expense and taxes paid relating to foreign earnings that are imposed by the entity’s country of domicile would be included in tax expense and taxes paid for the country of domicile.

Eliminated Disclosures  

ASU 2023-09 eliminates the historic requirement that entities disclose information concerning unrecognized tax benefits having a reasonable possibility of significantly increasing or decreasing in the 12 months following the reporting date. It also removes the requirement to disclose the cumulative amount of each type of temporary difference when a deferred tax liability is not recognized because of the exceptions to comprehensive recognition of deferred taxes related to subsidiaries and corporate joint ventures. Entities should continue to disclose the types of temporary differences for which deferred tax liabilities have not been recognized under ASC 740-30-50-2(a), (c), and (d).  

Effective Dates and Transition  

All entities should apply the ASU prospectively with an option for retroactive application to each period in the financial statements. For PBEs, the guidance will be effective for fiscal years beginning after December 15, 2024, and for interim periods for fiscal years beginning after December 15, 2025. For entities other than PBEs, the guidance will be effective for fiscal years beginning after December 15, 2025, and for interim periods beginning with fiscal years beginning after December 15, 2026. Early adoption is allowed. 

When developing a plan to implement the new disclosure requirements, consider whether amounts meeting the 5% threshold are material to help guide an assessment of the jurisdictions and items that will be disaggregated in the disclosures. Specifically, it may be prudent to quantify those amounts in order to effectively assess the materiality of the amounts disaggregated. 

Given the potential complexity of, and the resources necessary to satisfy, the new requirements established by the ASU, consider whether adoption will be made prospectively or retrospectively. Also contemplate the modifications to processes, procedures, systems, and internal controls that will be necessary to facilitate an effective implementation process. Those considerations will be of particular importance for entities with foreign operations. 

Reducing Risk with Tax Internal Controls  

Two decades after the enactment of Section 404 of the Sarbanes-Oxley (SOX) Act, income-tax-related material weaknesses continue to plague companies — with a recent report showing that tax-related restatements account for approximately 12% of all restatements. 

Without proper internal controls, companies may be susceptible to reporting errors, which can lead to reputational risk and financial burdens stemming from remediation. Companies with strained or limited in-house resources must prioritize income tax accounting and reporting before it is too late.  

Correctly accounting for and disclosing income taxes under ASC 740 is increasingly important to mitigate a company’s risk of restatement, material weakness, and SEC comments. In-depth knowledge of tax and financial reporting, proper audit documentation, and clear and transparent disclosures can help reduce income reporting risk.  

While all public companies must be SOX compliant, many have not refreshed income tax controls since initial implementation, and new guidance has changed the standards required for compliance.  

Controls often fail because they are not adequately designed or operating as intended. For instance, it is unlikely that one overarching management review control can cover all the areas of an income tax provision or clearly identify the nature of the review procedures for each key provision component. Controls also might lack supporting evidence of performance and review. 

How MGO Can Help

Our dedicated team of tax professionals stays ahead of emerging guidance — such as FASB’s new ASU 2023-09 — to help your organization navigate complex requirements. We provide end-to-end support, from assessing current processes and strengthening internal controls to optimizing disclosure practices in line with the latest standards. By leveraging our practical experience and technical insights, we can help you mitigate risk, streamline reporting, and maintain robust compliance strategies to meet both immediate and long-term financial goals. Contact us today to stay ahead of these developments.  

The post FASB ASU 2023-09: Income Tax Disclosure Updates to ASC 740 appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• SOX requires CEOs/CFOs to certify financials, creating top-down accountability in reporting.
• Continuous monitoring and tech updates are vital to maintain SOX compliance in a dynamic regulatory landscape.
• Embedding SOX compliance into daily operations builds transparency and reduces risk.

—

Reliable financial reporting can protect companies and their investors from fraudulent activities. In fact, the C-Suite is held to stringent requirements imposed by the intricate provisions of the Sarbanes-Oxley Act of 2002 (SOX), making transparency and accountability essential components of corporate governance.

Despite the serious consequences of noncompliance — including fines, criminal charges, loss of reputation, and delisting — SOX compliance may be shuffled behind a myriad of competing corporate initiatives. Taking a proactive approach is generally best, and it begins with gaining a deeper understanding of what SOX compliance means to members of the C-suite.

SOX Compliance Relevance to the C-Suite

Prior to 2002, a series of financial scandals eroded investor confidence and exposed significant flaws in corporate governance. The Sarbanes-Oxley Act was the government’s response.

Complying with SOX has become a crucial component of contemporary corporate governance. SOX establishes legal accountability for senior executives, who can be held personally responsible for inaccuracies and misstatements of the financial statements they certify. The financial integrity of a company hinges on its accurate financials; unreliable financial reporting can erode the trust of investors and tarnish the company’s reputation in the market. Strong internal controls can streamline processes, provide the C-suite with reliable data, and help mitigate risk.

Key C-Suite Responsibilities

SOX contains two sections that are particularly relevant to the C-suite and have led to significant changes in corporate governance.

• Section 302 mandates that senior executives certify the accuracy of financial reports. The CEO and CFO sign personal attestations as to the accuracy and completeness of the reports, which makes them accountable for the integrity of the company’s financial reporting.
• Section 404 requires that senior executives establish and maintain robust internal controls, continuously monitoring and updating them as needed.

It’s important to note here that senior executives like the CFO and CEO may not participate in the writing of financial reports or the design and implementation of internal controls. However, they do oversee such activities and, more importantly, provide an overall “tone from the top” that promotes integrity and ethical behavior.

Building a SOX-Compliant Culture

SOX compliance depends on the company’s culture of compliance, something that can be built into the company’s day-to-day operations. Just as the responsibility for compliance falls to the C-suite, senior executives are also responsible for taking the steps needed to build a SOX-compliance culture. Developing that environment starts with the C-suite leading by example and demonstrating a commitment to ethical behavior and transparency.

Employees are another key component to SOX compliance. Training and awareness programs help educate them about SOX requirements and inculcates the importance of compliance. Staff also should feel comfortable reporting their concerns about suspicious activities to their superiors without fear of retaliation.

While complying with SOX, senior executives can help ensure that employees understand and use the internal controls they approve; procedures that become part of the process are easier for employees to embrace. Instead of approaching compliance as a separate “exercise,” frame it as a normal part of doing business.

Finally, the board of directors and audit committee members contribute to the company’s governance and its culture of transparency.

Implement Effective Internal Controls

Internal controls provide a framework for ensuring the integrity of financial reporting and compliance with regulatory requirements. Such controls help the company:

• Comply with regulations and laws.
• Prevent and detect fraud.
• Enhance reliability of financial records.
• Identify and help mitigate risk.
• Provide clear guidance on accountability within the organization.
• Present accurate and complete financial information.
• Promote a corporate culture of transparency, integrity, and ethical behavior.

Before designing and implementing internal controls, it’s important to start with a comprehensive risk assessment to help identify potential vulnerabilities. Control procedures then can be developed and documented, with clear guidance on the assignment of responsibilities.

Even after internal controls are in place, the work continues. Monitoring people, processes, and systems in any organization is an ongoing process. Changes to any of those categories — such as employee turnover or implementation of new processes — could result in weakened controls, but periodic reviews and testing can help identify and address critical situations. Another way to improve compliance and reduce human error is by leveraging technology and automation. Companies that lack the in-house capabilities to implement such technology should consider outsourcing this critical function.

Challenges and Best Practices for SOX Compliance

Companies with poor Internal Controls over Financial Reporting (ICFR) are missing a critical component of the company’s corporate governance. ICFR processes are designed to help ensure the reliability of financial reporting, and SOX controls are focused on the production of accurate financial statements. Senior executives on the path to SOX compliance will face challenges, but it is well worth the effort to overcome them.

Lack of awareness, especially among the C-suite, can be the first issue to address. If senior executives do not understand the serious consequences of noncompliance, then building compliance into the company’s culture can become a nonissue. Understanding SOX requirements is an important first step.

Employees often resist changes to established procedures. But a “we’ve always done it this way” mindset can stand in the way of progress that leads to SOX compliance. Senior executives can lead by exhibiting a willingness to change and an expectation that others will align their actions with the company’s culture of compliance.

C-suite members must understand that reactive compliance is generally more costly than proactive compliance. Poor ICFR processes can lead to material weaknesses and irregularities in financial reporting, which in turn can lead to loss of reputation, loss of stakeholder trust, and potential delisting. The culture of transparency and compliance should permeate the entire company, and that can be accomplished with programs that are comprehensive, consistent, and routine.

Continuous Improvement and Adaptation

The corporate environment is not static. Emerging risks and regulatory changes can affect a company’s preparation and filing of financial reporting. The C-suite must stay informed about changes and adapt their compliance strategies accordingly.

For example, trends that may affect SOX compliance processes include increased use of technology — including AI and automation — and a greater emphasis on data analytics. Regulatory bodies may alter their regulatory requirements, which means evaluating and realigning processes to remain in compliance.
SOX compliance requires on-going evaluation. As senior executives lead their companies to full compliance, the following steps are needed to maintain the right program for the current environment:

• Monitor your internal processes and controls.
• Refresh them as needed.
• Check with auditors to learn how they assess financial reporting.

Finally, obtaining objective opinions and advice from third party professionals can assist the C-suite in making informed decisions as they move toward SOX compliance.

How MGO Can Help

MGO supports your C-suite with tailored SOX compliance solutions, emphasizing robust internal controls and fostering a culture of transparency and accountability. Our team provides guidance in developing customized internal control frameworks that promote reliable financial reporting and SOX compliance. We also offer comprehensive training programs for executives and staff, embedding a compliance-focused culture throughout the organization. Additionally, MGO offers ongoing monitoring and advisory services, with regular assessments and strategic adjustments to keep compliance aligned with evolving regulations. Contact us to learn more.

Written by Dawn Williford and Sucheta Atre. Copyright © 2024 BDO USA, P.C. All rights reserved. www.bdo.com

The post SOX Compliance Tips to Build Transparency Culture appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• More than 20 years after SOX Section 404 was enacted, income tax-related material weaknesses continue to challenge companies — showing there is a need for strengthened internal controls in this area.

• Many companies have not updated their income tax controls since initial SOX compliance, leaving them vulnerable to compliance issues amid new standards.

• Issues often arise because tax controls are inadequately designed or poorly executed; to mitigate risks and maintain compliance, companies should periodically review/refresh internal controls.

—

Two decades after the enactment of Section 404 of the Sarbanes-Oxley (SOX) Act, income tax-related material weaknesses continue to be a major issue for companies. With the costly ramifications of a weakness, the obvious question is: “How does a company prevent such an occurrence?” The simple answer is by implementing effective internal controls.

While all public companies must be SOX compliant, many have not refreshed income tax controls since initial implementation — which is a cause for concern. Several new items of guidance and alerts on internal controls have been issued by the Public Company Accounting Oversight Board (PCAOB). This new guidance has significantly changed the standards required to be SOX compliant. With an ever-changing tax compliance landscape, optimizing internal controls that can scale with your business can help you navigate challenges, mitigate risk, and maintain compliance.

Common Reasons Tax Controls Fail to Be SOX Compliant

Income tax is often seen as a separate, specialized area of a company’s financial statements. The preparation activities and control responsibility for income tax often lies outside the core accounting team with professionals who have deep technical tax knowledge but less experience with or visibility into auditing and internal controls procedures. Further, companies with strained or limited in-house tax resources may not prioritize income tax accounting and reporting until it is too late. In such an environment, setting time aside to refresh an area that isn’t seen as broken is difficult.

Common Flaws with Income Tax Controls

When tax controls fail, it occurs in one of two key areas: Either the controls are not adequately designed or they are not operating as intended. Income tax controls are often heavily focused on management review procedures. While management review controls can be efficient, it is critical that they are designed appropriately, documented thoroughly, and executed effectively. There are five common pitfalls in the design of tax controls:

1. Missing control(s): The income tax provision comprises numerous calculations affecting all areas of the financial statements. Many of these calculations require significant judgment and technical knowledge. Sufficient control procedures to cover all material areas of the provision and all areas of significant judgment should be in place. However, it is unlikely that one overarching management review control can cover all the areas of an income tax provision.

2. Lack of adequately defined procedures: With so many unique calculations and judgment items within the income tax provision, companies may attempt to write one vague control that doesn’t clearly identify the nature of the review procedures performed on each key component of the income tax provision. Simply stating something along the lines of “management reviews the calculations” doesn’t provide sufficient detail about the procedures a reviewer performs to gain confidence in the calculation. 

3. Undefined investigation criteria or precision: The controls don’t clearly indicate what events or characteristics (e.g., dollar amount, percentage) will trigger further investigation into items within the income tax provision. For consistency in monitoring, it’s important to clearly define what factors will cause the reviewer to explore the cause of the outlier identified.    

4. Lack of supporting evidence of review: While effective procedures may be designed and performed, in some instances, the actual activities performed and reviewed are not captured, documented, and retained. For example, initials on a workpaper are not an indication of the actual activities that were performed or adequate evidence of management review.  

5. Appropriate Information Produced/Provided by the Entity (IPE): IPE is considered any information, regardless of the form, produced by the entity’s personnel, information systems (including report writers), or third-party service organizations used by the entity as part of its internal control process. Controls may lack specificity on what evidence is available to support that the control was performed and reviewed by management, which includes validation of the completeness and accuracy of the IPE (e.g., reports used with parameters retained, validation of spreadsheets).

Time to Refresh

If this sounds familiar, it’s probably time to take a closer look at your internal controls procedures. Improper design and execution of internal controls can result in material weaknesses leading to costly remediation, even if management review procedures are in place. Because many tax departments do not have the bandwidth to focus on the income tax provision, co-sourcing services and working with income tax professionals to address these issues can fix those flaws and help you establish proper processes and procedures in place.

How MGO Can Help

Our team of experienced tax and advisory professionals understands the complexity and ever-evolving requirements of SOX compliance — as well as the challenges you face with income tax controls. We offer tailored services to assist you in assessing, designing, and implementing robust internal control frameworks that align with current PCAOB standards. Whether you are interested in co-sourcing or fully managing your income tax provision needs, we provide support to help strengthen your controls and reduce the risk of costly material weaknesses. Reach out to our team today to learn how we can help you.

The post 5 Common Flaws to Avoid in Your Income Tax Controls appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• Implementing public-company-level internal controls early on can help your private company prepare for a potential IPO or acquisition, ultimately reducing the risk of adverse disclosures and easing your transition.
• Private companies experiencing fast growth can benefit from stronger controls to prevent fraud and other errors, so that financial data remains reliable no matter how big they scale.
• If you enhance your internal controls, you can increase your credibility with investors, banks, and other stakeholders — potentially lowering costs and adding financial security.
• If you are in an industry with public peers or high security standards (like utilities or tech), you might benefit from adopting similar control measures to maintain competitiveness and stakeholder confidence.

~

Often viewed as a “public company problem,” private organizations may want to consider implementing internal controls similar to Sarbanes-Oxley (SOX) Section 404 requirements. The inherent benefits of a strong control environment may be significant to a private company; they enhance accountability throughout the organization, reduce risk of fraud, improve processes and financial reporting, and provide more effective engagement with the board of directors. 

While not always smaller, private organizations often have limited resources in specialty areas, including accounting for income tax. This resource constraint — with the work being performed outside the core accounting team — combined with the complexity of the issues means private companies are ideal candidates for, and can achieve significant benefit from, internal controls enhancements.

Thinking ahead, there are five reasons private companies may want to adopt public-company-level controls:

1. Initial Public Offering (IPO) — Walk before you run! If the company believes an IPO may be in its future, it’s better to “practice” before the company is required to be SOX compliant. A phased approach to implementation can drive important changes in company culture as it prepares to become a public organization. Recently published reports analyzing IPO activity and first-time internal control over financial reporting (ICFR) assessments reveal that adverse disclosures on internal controls are three times more likely to be made during a first-time assessment. Making a rapid change to SOX compliance without proper planning can place a heavy burden on a newly public company.
2. Private Equity (PE) Buyer — If it is possible that the company will be sold to a PE buyer, enhanced financial reporting controls can provide the potential buyer with an added layer of security or confidence regarding the company’s financial position. Further, if the PE firm has an exit strategy that involves an IPO, the requirement for strong internal controls may be on the horizon.
3. Rapid Growth — Private companies that are growing rapidly, either organically or through acquisition, are susceptible to errors and fraud. The sophistication of these organizations often outpaces the skills and capacity of their support functions, including accounting, finance, and tax. Standard processes with preventive and detective controls can mitigate the risk that comes with rapid growth.
4. Assurance for Private Investors and Banks — Many users other than public shareholders may rely on financial information. The added security and accountability of having controls in place is a benefit to these users because the enhanced credibility may affect the organization’s cost of borrowing.
5. Peer-Focused Industries — While not all industries are peer-focused, some place significant weight on the leading practices of their peers. Further, some industries require enhanced levels of security and control. For example, utility companies, industries with sensitive customer data (financial or medical), and tech companies that handle customer data often look to their peer groups for leading practices, including their control environment. When the peer group is a mix of public and private companies, a private company can benefit from keeping pace with the leading practices of their public peers.

Private companies are not immune from intense stakeholder scrutiny into accountability and risk. Companies with a clear understanding of the inherent risks that come from negligible accounting practices demonstrate the ability to think beyond the present and to be better prepared for future growth or change in ownership.

How MGO Can Help

We offer a comprehensive approach to internal control implementation, personalized to meet your private company’s unique needs. Our team’s experience in audit, risk management, and advisory can help your business establish robust controls that enhance accountability, reduce fraud risk, and prepare for the future — whether that looks like growth or a public offering.

Whether you are preparing for an IPO, meeting private equity expectations, or merely enhancing your operational efficiency, our team provides the guidance and the tools needed to help you navigate any complexity with confidence. To learn more about how we can assist your business, reach out to us today.

The post Why Private Firms Benefit from Public Controls appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• For tech founders, taking a company public can provide significant benefits like increased capital, visibility, and liquidity, but the process is complex and comes with risks, such as increased regulatory scrutiny and reduced control.
• There are several common pitfalls to avoid during the IPO journey, including underestimating timelines, not building a strong financial foundation, and not having the right leadership in place.
• Tech companies should focus on a few things to facilitate post-IPO success as a public entity: investor relations, internal controls, and cultural shifts. These maintain trust and compliance across the board.

—

For many tech founders, the prestige and promised rewards of taking a company public are strong motivators to pursue an initial public offering (IPO).

But IPOs, however attractive, are extremely complicated and can be overwhelming — especially if you’re not a transaction expert and have never navigated the full process. Without the right information, tech founders are liable to experience delays, derailments, and disappointments on their road to an IPO.

Are you a tech founder looking to IPO for the first time? Read our guide to understand what the IPO process looks like for tech companies like yours — and what pitfalls you’ll need to avoid along the way.

Should You Go Public?

While an IPO can be a great avenue to grow your business, it isn’t the right strategy for every company — or every founder. To make an informed decision, you need to understand the benefits and drawbacks of pursuing an IPO.

Benefits

• Increased access to capital. An IPO can offer a massive influx of capital, enabling substantial, accelerated growth.
• Greater visibility. Going public can improve a tech company’s market visibility and credibility, which can in turn improve brand reputation and recognition.
• Increased liquidity for shareholders. An IPO allows early investors to cash out, while stock options remain an incredibly attractive incentive for many employees, even during times of market volatility. The stock options unlocked by an IPO can be key to attracting and retaining top talent.
• Access to a market valuation. Being listed on the stock market means the public markets offer a valuation of the tech company, which may be seen as more objective and credible than a privately sourced valuation.

Drawbacks

• Greater regulatory and compliance requirements. Publicly traded tech companies are subject to more regulatory and compliance requirements than their privately owned counterparts, and the transition to a publicly traded company can cause compliance costs to skyrocket. Public companies also face scrutiny from regulatory bodies like the SEC. Any mistake, like a reporting misstatement, is highly public and can damage the company’s reputation — and stock price.
• Less control. Public tech companies must answer to shareholders and regulators, impacting how much control a founder will have over their company. Founders also often find they have less control over their finances after going public, as the IPO process can “lock up” their cash.
• Vulnerability to market volatility. Market conditions and other external factors can cause stock prices to fluctuate, whereas private company valuations are more insulated from such forces.
• Increased disclosure requirements. Public tech companies have additional disclosure requirements, which means competitors will have access to more information about the company. This dynamic could impact a company’s competitive advantage in the marketplace.

Are You Asking the Right IPO Questions?

Preparing for an IPO means investigating every aspect of your business. Asking the right questions will help you see beyond the obvious to gain an in-depth understanding of how investors will think about your company and how you can set yourself up for success throughout the IPO process.

Ready to get started?

Read This IPO Checklist

Stage 1

IPO Readiness Assessment

A readiness assessment can help you identify gaps or issues that could prevent your organization from successfully operating as a public company. For most tech companies, the readiness assessment will uncover substantial changes required to facilitate a transition to a public company, such as implementing more robust internal controls or developing specialized accounting capabilities in house. BDO recommends clients assess readiness in the following key areas:

• Accounting & SEC reporting
• Ta
• Risk
• Technology
• Operations
• People
• Financial planning & analysis

Common Pitfalls:

1. Failure to develop a compelling story. Before a leader even considers pursuing an IPO, they need to create a narrative that gets potential investors excited about the future of the company. They must define success, determine what metrics will be used to track it, and put systems in place to measure and report on progress. These steps are key to securing investor interest and confidence. Common success metrics for tech companies include annual recurring revenue (ARR), customer retention, the Rule of 40, customer acquisition costs, daily active users, and monthly active users.
2. Overestimating existing resources. Tech companies often fail to understand what resources they already have and what resources they still need to secure. For example, pursuing an IPO requires specialized skills related to investor relations, treasury, income tax, technical accounting, SEC reporting, and internal controls, which most private tech companies don’t have in house. Failing to conduct a proper resource assessment can lead to a delayed IPO filing, as the company will have to make up ground and secure those resources later.
3. Lack of IPO experience. As they prepare for an IPO, tech founders should prioritize building a leadership team that includes professionals who have experience taking tech companies public. IPO veterans can help guide the rest of the team through the process while identifying and addressing potential issues before they happen.
4. Relying on private-company experience. Private tech company founders sometimes underestimate the depth and breadth of the requirements that come with going public. They may even make the mistake of believing that a private company approach will be sufficient post IPO. Instead of relying on what they already know, founders must continuously assess their policies, procedures, and governance structures and compare them to public-company requirements to identify and proactively address gaps.
5. Failure to protect intellectual property (IP). IP is a major asset for many tech companies and can significantly impact their valuations. Before tech leaders take their company public, they must assess their current protections and deploy tactics like developing a strong patent portfolio to ensure their IP is secure.

Stage 2

Roadmap and Program Management

Once you understand your current state, it’s time to develop a roadmap to guide your transformation from a privately held company to a public company. A strong roadmap will require input from numerous people and functions across the company, as well as reasonable estimates around the time and effort required to meet your objectives. Effective program management is critical to developing your roadmap as quickly and efficiently as possible.

Common Pitfalls:

1. Underestimating timelines. Tech leaders often underestimate the time needed to prepare a company for an IPO, which can take as long as 18-24 months. A successful transformation depends on a realistic and carefully planned timeline. Attempting to rush the process can lead to expensive and public mistakes like financial misstatements.
2. Missing inputs. A successful IPO process relies on participation from the full organization. Failing to include specific departments or professionals in the roadmap stage can lead to process gaps that later derail progress. For example, failure to include IT in the roadmap stage can lead to errors when it comes time to upgrade or rationalize back-office technology in advance of the IPO filing.
3. Lack of a change management plan. Poor change management can lead to unnecessary disruption. For example, lack of a change management plan can create employee discontent during the transition, causing the company to lose key talent and disrupting operations at a crucial juncture.
   

Stage 3

March to IPO

At this stage, your goal is to get ready for the IPO filing, which entails executing your roadmap to prepare your organization to operate as a public company. This is also the point at which you will begin preparing for the IPO filing process itself, including selecting an underwriter, pricing the IPO, and conducting a roadshow.

Common Pitfalls:

1. Failure to build a strong financial foundation. Tech companies preparing to go public need to review their financial statements to verify they are accurate, audited, and up to date. Many tech leaders opt to review three years of financials, even if regulations allow for fewer, to help bolster investor and regulator confidence. Failure to build a strong financial foundation can delay SEC filings, which may impact filing status and result in expensive fines.
2. Inadequate pro forma reporting plans. Tech company leaders must vet their post-IPO reporting plans against SEC reporting rules to ensure they will meet all relevant requirements. They must also design a comprehensive reporting process, building in checks and balances to ensure all numbers are accurate.
3. Misaligning compensation structures. As tech leaders revisit their compensation structures, they must make sure that compensation plans don’t conflict with shareholder interests. For example, option-based compensation for CEOs can encourage excessive risk-taking behavior that may damage customer relationships and firm performance, decreasing shareholder value.
4. Skipping the trial run. Tech companies should practice operating like a public company before filing for an IPO. This trial run can help uncover hidden or overlooked issues like a lack of uniform controls and reporting policies. Companies that skip the trial run often find themselves surprised by requirements and challenges post IPO, which can take significant time and money to address.

Stage 4

Post-IPO Support

After the IPO has been filed, it’s time for your tech company to start operating as a public company. At this stage, you need to ensure you are delivering on your promises, managing expectations with your new shareholders, and meeting your new reporting requirements as a public company.

Common Pitfalls:

1. Lack of forecasting capabilities. As private companies transform themselves to prepare for an IPO, they need to adopt strong revenue forecasting capabilities. Unfortunately, newly public tech companies often struggle with revenue forecasting, which can cause investor distrust and reputational damage.
2. Failure to maintain investor relations. Investor expectations will expand after going public, as shareholders await regular updates on company performance. Failing to build strong relationships with investors through proactive, comprehensive communication can breed mistrust.
3. Failure to manage the cultural shift. When private tech businesses transition into public companies, a major cultural shift often follows. Failure to manage that shift correctly can lead to employee dissatisfaction and talent retention issues.
4. Poor internal controls. Once a tech company goes public, it will have to comply with new reporting requirements and regulations, notably Sarbanes-Oxley (SOX). Prior to filing the IPO, the company should have all necessary internal controls in place — without them, the company may experience issues like material misstatements that can negatively impact stock price.
   

How MGO Can Help

There’s no question that going public is an exciting “next step” in your company’s evolution. With an IPO comes additional opportunities to transform the business, but it can also come with more challenges. MGO’s team is here to support you at every stage, from IPO planning and readiness assessments to execution and post-IPO acquisition services.

With today’s rapidly evolving technology, you want to stay at the forefront of developing products that transform how we work, think, and engage with the world. Reach out to our Technology team today to find out how we can help you achieve your goals.

Written by Hank Galligan and Jim Clayton. Copyright © 2024 BDO USA, P.C. All rights reserved. www.bdo.com

The post Tech IPOs: Steering Clear of Common Pitfalls on Your Path to Becoming a Public Company appeared first on MGO CPA | Tax, Audit, and Consulting Services.

• The Sarbanes-Oxley (SOX) Act established stricter financial reporting requirements for public companies, leading to increased scrutiny of Information Produced by the Entity (IPE).
• IPE carries different levels of risk depending on whether it is system-generated and manually prepared IPE. Strong documentation is key to validating completeness and accuracy of IPE.
• Best practices for IPE documentation include identifying the source, parameters, and format of reports; validating totals and counts; retaining screenshots; and having knowledgeable reviewers.

—

Passed by Congress in 2002, the Sarbanes-Oxley (SOX) Act revolutionized public company audits by introducing financial reporting requirements aimed at increasing transparency and preventing fraud. Most notably, the SOX Act established the Public Company Accounting Oversight Board (PCAOB), a nonprofit organization that oversees the audits of public companies to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports.  

The PCAOB refines its auditing standards annually and, in recent years, the organization has placed greater scrutiny on the work of external auditors. To keep up with PCAOB compliance, external auditors have imposed more rigorous documentation requirements on companies. As a result, companies have felt pressure to provide more expansive Information Produced by the Entity (IPE).

If external auditors have applied greater scrutiny on your reporting, you may be wondering: What level of documentation is sufficient? How can you improve your documentation to avoid deficiencies and provide greater clarity? In this article, we will discuss: 1) what IPE is, 2) the risks associated with different IPE, and 3) how to document your IPE thoroughly.

What Is IPE?

IPE is any information created by a company used as part of audit evidence. Audit evidence may be used to support an underlying internal control or as part of a substantive audit. Although there are documentation and risk severity differences between system-generated and manually prepared IPE, the fundamental questions that need to be addressed are the same:

1. Is the data complete?  

2. Is the data accurate?

Risk Levels of Different IPE

Here is an overview of how risk levels vary for different types of information you report to auditors:  

Low Risk

“Out of the box” reports carry the lowest risk. These reports are also referred to as “standard” or “canned” reports. Standard reports have been developed by software companies — such as Oracle NetSuite, QAD, or SAP — as part of their enterprise resource planning (ERP) systems. Typically, the end user (you) and even your IT team cannot modify these reports. Given the constrained editability, greater reliance is placed on these reports.   

Medium Risk

Custom reports are typically driven by the business team and developed in-house by your company’s IT team. When your company’s ERP system does not have a report that would provide sufficient data, the in-house developers create a custom report. The IT team follows their change management process when developing the request report. If the report results do not align with your business team’s expectations, the query is refined, and the process is repeated until it does.  

High Risk

A manually prepared workbook or an ad-hoc query are inherently the riskiest documentation. A manually prepared workbook may be a debt reconciliation prepared by your staff accountant, or a list of litigations the company is involved in drafted by your legal department. Given that these are manually drafted, the margin of error may be high.  

An ad-hoc query is considered high risk since the report is not subject to IT General Controls (ITGC) testing. The end user may input any parameters to generate the report. Since no control testing is performed by your company, external auditors would need to rely on their own IT team to vet the nonstandard query. 

How to Document IPE

Your documentation will vary to a certain degree depending on whether the IPE is manually prepared or system generated. In either case, it is important to be as thorough as possible when documenting your procedures.

Manual IPE

For a manually prepared workbook, provide thorough documentation about the origins of the data. It is ideal to have someone who is privy to the information review the workbook.  

When the reconciliation is comprised of debt instruments, the reviewer should do the following:   

1. Match the list of individual debt instruments to the signed agreements.  

2. Validate the reconciliation and each individual schedule for mathematical accuracy.  

3. Confirm ending principal balances with creditors (where possible).  

If the list consists of litigations compiled by the legal department, the reviewer should do the following:   

1. Send confirmations to outside counsel (where possible).  

2. Obtain a list of commitments and contingency journal entries made to an accrual.    

These additional steps provide greater comfort that the list compiled is complete and accurate.   

System-Generated IPE

For system-generated IPE, there are a handful of questions to keep in mind:   

1. Have you identified the report or saved search that was used?   

2. What parameters were used to generate this report?   

3. In what format is the data exported?   

4. After you run your report and confirm the parameters are correct, what format should be utilized for your export?  

Exported Data

Most ERP systems allow the exporting of data in the following four formats:   

1. PDF (portable document format) 

2. Excel  

3. CSV (comma-separated values)   

4. Text file   

One major drawback in an Excel, CSV, and text file is that, by their nature, they are editable upon export. An additional drawback of a text file is that it does not contain formatting. As the volume of data grows, proving out the completeness and accuracy becomes more challenging. For these reasons, a PDF export is typically preferred.  

After the data is exported in one of the four formats, you want to ensure that it agrees back to the system (completeness and accuracy). Here are a few ways to do that:     

1. Does the exported data have dollar amount totals? If so, agree the total dollar amount to the system.  

2. Does the exported data have hash totals? An example of a hash total is employee ID numbers which in aggregate have no real value other than providing confirmation that the data is complete and accurate.   

3. Does the report have a total line count? If totals are not available, line counts may be used. However, it is important to note that while the line count may agree, the data itself could have still been inadvertently manipulated.  

Screenshots of Data

Retaining screenshots is imperative for documentation. A detailed screenshot should include some (if not all) of the following:  

1. Totals (dollar amounts, hash amounts, etc.)   

2. Lines count   

3. Parameters utilized 

4. Time and date stamp 

The first three items validate the completeness and accuracy of the exported data. The fourth item confirms when the report was run and if it was timely. There are many reports that are point-in-time and may not be recreated at a future date. Knowing the constraints of the reports you use is important. Retaining screenshots cannot be overemphasized, especially for point-in-time reports.   

Certain ERP systems or online portals do not provide a preview of the report prior to the export. This puts a constraint on the validation of completeness and accuracy, as it inhibits screenshots from being taken. In this case, as part of the review, the reviewer should re-run the report and validate that the original report used matches the information in the re-run report.

Strengthen Your SOX Compliance by Implementing Best Practices  

There is no perfect science to IPE documentation. But the end goal is to be as detailed as possible. By simply focusing on the fundamental questions and ensuring that your documentation addresses them, your documentation will inevitably improve.

Developing best practices for your team is the cornerstone for any successful audit. Ensure you have the right guidance to make it happen. Our Audit and Assurance team can tailor a SOX environment to meet your needs. Contact us today to learn more.

The post How to Elevate Your IPE Documentation to Optimize SOX Compliance appeared first on MGO CPA | Tax, Audit, and Consulting Services.