Top Risks and Considera ons for Your SOX Process · Example #1 Controls over contract iden!fica!on...
Transcript of Top Risks and Considera ons for Your SOX Process · Example #1 Controls over contract iden!fica!on...
The contents of this presenta!on are confiden!al. Copyright © 2017 Workiva.
Top Risks and Considera!ons for Your SOX Process Joe Howell, Workiva Jeremy Sucharski, Armanino Greg Wilson, former PCAOB September 2017
Speakers
Greg Wilson, CPA Re!red EY audit partner, former Deputy Director of PCAOB Inspec!ons Division
Joe Howell Cofounder and Execu!ve Vice President, Workiva
Jeremy Sucharski Partner, Armanino LLP
Agenda
• What new risk?
• Nature and significance
• Recommenda!ons
• Ques!ons
What New Risk?
• ASC 606–revenue recogni!on
• Cri!cal role of SOX and audit teams
• Failure to engage SOX and audit teams early
Background
• Extremely complex and significant new requirements
• Most companies behind on implementa!on
• Many underes!mate poten!al impact
• Most SOX and audit teams are not yet engaged
Polling Ques!on #1
Our SOX and audit teams have been ac!vely engaged in the implementa!on of ASC 606.
a) Strongly agree
b) Somewhat agree
c) Neither agree nor disagree (or don’t know)
d) Somewhat disagree
e) Strongly disagree
Recent Survey*
7
Interviews with 100 public companies:
Confident have enough !me 70%
Undecided on transi!on method 65%
Consider it a high priority 36%
Started design and test of controls 10%
* Compliance Week/Workiva, April 2017
Cri!cal Role of SOX and Audit
• SEC Chief Accountant: func!on of ICFR
• SEC comment le"ers: focus on policy and procedure
• Change stresses system: deficiency/weakness
• Implementa!on and understanding: WIP
SEC View on ICFR
“Management’s ability to successfully transi!on to the new standard will depend, to a large degree, on the effec!ve design and opera!on
of internal control over financial repor!ng (ICFR).”
– James Schnurr, SEC Chief Accountant March 22, 2016
SEC Early Comment Le"er
“You state that you are in the process of evalua!ng the impact that the amended revenue recogni!on guidance in Topic 606.”
– Unpublished SEC comment le!er related to 2016 10-K
Focus on Policy and Process
“Please revise to … include a descrip!on of the effects of the accoun!ng policies that you expect to apply, if determined,
and a comparison to your current revenue recogni!on policies.”
– Unpublished SEC comment le!er related to 2016 10-K
Impact on SOX and Audit Teams
• Even if numbers don’t change, processes must
• New disclosure and ICFR requirements
• High risk of missing something important
• Li"le !me le$ to consider, update, and test controls
• High risk of last-minute changes
Bo"om Line
• Disclosure control vs. ICFR
• Significant deficiency
• Material weakness
Polling Ques!on #2
My company has begun to revise our accoun!ng policies and controls related to ASC 606.
a) Strongly agree
b) Somewhat agree
c) Neither agree nor disagree (or don’t know)
d) Somewhat disagree
e) Strongly disagree
Responsibili!es
Accoun!ng team Opera!ng teams SOX & audit teams
Gather and analyze Provide informa!on Assess and document risks Conclude and document Implement change
Design and document controls
Assure compliance Execute and comply Design and execute tests
Report Report Evaluate and report
Responsibili!es
Accoun!ng team Opera!ng teams SOX & audit teams
Gather and analyze Provide informa!on Assess and document risks Conclude and document Implement change
Design and document controls
Assure compliance Execute and comply Design and execute tests
Report Report Evaluate and report
Must be sustainable
Areas and Nature of Risk
Area of risk Nature of risk
Policies and procedures Complexity è Last minute change
Risk assessment and controls Last minute change è Important miss
Systems: IPE, ITGC Important miss è Manual override
Audit programs and evidence Manual override è Delayed start
Change management Delayed start è Omission and inconsistency
Example #1
Controls over contract iden!fica!on
1. Business prac!ce vs. wri"en agreement
2. Modifica!ons, returns, and variable component
3. Ability to perform, credit, and collect
4. Point in !me vs. period of !me
My company is well-prepared for ICFR related to ASC 606 for our Q1 disclosures in 2018.
a) Strongly agree
b) Somewhat agree
c) Neither agree nor disagree (or don’t know)
d) Somewhat disagree
e) Strongly disagree
Polling Ques!on #3
Example #2
Controls over expense recogni!on
1. Iden!fica!on—completeness and accuracy
2. Alloca!on to contract
3. Deferral and matching
Example #3
Controls over dual repor!ng
1. Changes to ini!al balance sheet
2. Dual track
3. Contract modifica!ons and other changes
4. Changes in business prac!ces
Example #4
Controls over new disclosures
1. Disaggrega!on of revenue
2. Contract balances and reconcilia!ons
3. Performance obliga!ons
4. Alloca!on of transac!on prices and periods
Stuff Subject to Change
1. Accoun!ng memos and informa!on requirements
2. Policy and procedure documents
3. Risk assessment and control documenta!on
4. Automated and manual informa!on systems
5. Audit plan, program, and evidence
Recommenda!on: 5-Point Plan
1. Get to the table
2. Iden!fy all of the things that could change
3. Make prac!ce runs
4. Look for ways to accelerate
5. Recognize the risk of going cheap
How have you invested in your control environment over the past 2 years?
a) Engaged advisors to assist in implementa!on of ASC 606
b) Increased internal staffing for SOX and internal audit
c) Devoted more !me from exis!ng staff
d) Added so$ware to assist with SOX documenta!on and/or audit
e) None of the above
f) Don’t know
Polling Ques!on #4
Your Ques!ons
Conclusion
Final Thoughts
Three legs of “control stool”
1. People
2. Process
3. Technology
Speakers
Greg Wilson, CPA Re!red EY audit partner, former Deputy Director of PCAOB Inspec!ons Division
Joe Howell Cofounder and Execu!ve Vice President, Workiva
Jeremy Sucharski Partner, Armanino LLP
The contents of this presenta!on are confiden!al. Copyright © 2017 Workiva.
Ques!ons?