How to minimise financial statement risk

In a complex world of evolving standards and technology, there are many risks associated with financial statements.

Fortunately, there are things financial executives can do to minimise the unintended errors that can lead to a misstatement and restatement.

Bill Schneider, CPA, CGMA, the director of accounting for multinational telecommunications giant AT&T, has insight on these risks after serving on the advisory panel for the 2013 update of the internal control framework of the Committee of Sponsoring Organizations of the Treadway Commission. He also serves on the Professional Accountants in Business Committee of the International Federation of Accountants.

Below, in his own words, Schneider shares his perspectives on some of the areas in financial reporting that carry the most risk:

REVENUE RECOGNITION

Everybody is starting with inexperience in the new, converged revenue recognition standard, which was developed jointly by the International Accounting Standards Board and the Financial Accounting Standards Board to provide principles- based guidance with the goal of enhancing comparability across jurisdictions and industries. The standard, which was released in May 2014 but had its effective date delayed and still is being amended, will create significant changes in my industry and some others, but fewer changes in other industries.

Even where there are changes, you can still lean back on a lot of what you have learned. For example, a promise is similar to a deliverable, and a performance obligation is similar to a separate unit of account. There are some differences arising from the new standard, but at its core, based on experience, you should have a concept of what a performance obligation is. But still, the lack of knowledge or experience with the standard is going to cause more errors and restatements when it’s in place, and not because anybody is trying to defraud everybody. It’s because no one knows all the answers yet.

There are some common concepts that a lot of people are going to have to focus on, and one is deferral of costs, which is an area that may surprise people in a revenue recognition standard. You may find yourself wondering, “If I defer costs, I have to figure out, what period do I amortise it over? In fact, are those costs recoverable in the first place?”

Businesses may have to figure out how to adapt their internal costing systems to this deferral process. Your costing system and the way you look at costs internally may not comply with the new standard’s requirements. Or maybe because your system has been internal, it has not been set up with the same rigour and controls that an external reporting process is required to have. There are a lot of things you have to look at, and that’s going to surprise some companies, because you’re dealing with costs in a revenue standard.

SPREADSHEETS

We all love our spreadsheets, but once they start getting a little complex, they are prone to errors. You hope that they’re immaterial. You hope you find them and correct them. But there are constantly errors in spreadsheets. Fortunately, there are ways to minimise them.

First, you have to make sure spreadsheets don’t have errors in them when you set them up. Then, you have to control the spreadsheets after you set them up. This is an access issue. You have to do something to protect a spreadsheet so people can’t change it. Maybe they can read it, but they can’t change it. There are some simple techniques you can use to help set up that control and make it less likely that errors will be created through the process of working on a spreadsheet.

If you have shared drives, everybody in the finance department probably doesn’t need access to every spreadsheet. So divide those up. Create one shared drive for the budget group, another for the accounts payable group, and another for the general ledger. If you’ve got a really small finance department, you can’t do that. Simple password protection can help instead. As you scale up, start dividing up who has access to what, and it can be very beneficial.

IT ACCESS

This can be a challenge for any business with more than a couple dozen employees. It’s important to practise the concept of providing the minimum access that’s necessary for people. You don’t want to have a lot of people with write access to systems when they only need to be able to have read access and searchability on the systems. You don’t want to give a lot of people the authority to go in and change and add things to the general ledger. Therefore, you should also consider limiting access to certain individuals during certain periods; for example, access to record specific types of entries may be restricted.

With the constant churn in employment these days, it’s difficult enough for businesses of any size just to make sure that when somebody leaves a business, the IT department removes them from the systems. The real trick is when somebody changes jobs within the company, you not only give them access to new systems, but you also may need to cut off their access to the old systems. Although 99% of employees are not going to do anything bad, you have to have the controls for that bad apple out there.

VARIANCE ANALYSIS

This is something a lot of businesses do. You compare month over month, current versus budgeted, and other various metrics, and it tells you if something’s outside a normal range and warrants a closer look. It can be a very powerful tool. But a lot of companies that rely on this control may not use it as well as they should.

If you’re going to use this control, you need to have very specific thresholds that trigger further investigation. If you just “eyeball it”, it’s hard to identify that as a control. You have to set a percentage or dollar amount for variance that calls for a closer look and stick to it.

Another question: Is your variance analysis finding anything? If it’s never finding anything, maybe your thresholds are too high. If you never find anything to investigate in a whole year, that should raise suspicion, because most people’s accounting systems are not that perfect.

When you do find a variance, you need to react properly. Fixing it is just the first step. The next step is to find out why the error happened in the first place. Was there a breakdown in control further up the chain that you need to find?

The final aspect of variance analysis is not relying too heavily on automatically produced reports. How do you know those reports are right? You’d better have some controls around making sure that report is right and is actually pulling the information you want. If you’re pulling the information through some sort of data query, if somebody adds a column or changes things in a database, your report may not work right anymore. So you have to be careful about the reports themselves and make sure that they’re still pulling accurate information in the way that you want.

VALUATION

This is an area where judgement really comes into play. While it’s not your job to be a valuation expert, you at least need to understand how the valuation experts’ model works. You need to know what the critical assumptions are. And you need to know how sensitive those assumptions are. If one assumption varies the valuation by 50%, you obviously want to make sure you’re really comfortable with that assumption.

You have to ask the right questions of the valuation experts and learn in that process. That’s the key, being willing to ask those questions, not expecting to be the expert in everything, and being humble enough to say, “Explain this to me, and maybe explain it again.” Because you are responsible for the results of those numbers that are going in the financial statements.

Finally, valuation is something everybody should have at least some knowledge of. You need to have an idea of what the major types of valuation are in your field … so when the valuation expert comes to you, you can know whether the valuation methods they used make sense for your business.

PERSONAL BIAS

We all have to worry about our own unintentional biases. It’s easy to explain something away to yourself: “Oh, I’m doing this for this reason. I’m doing that for that reason. It makes sense.” And before you know it, you’ve crossed the line, and everybody is saying, “How could you possibly make that decision?”

If you’re a little humble, you don’t think you have the answer to everything, and you rely on others; a lot of times that will keep you out of trouble. But don’t be so humble and so reliant that you subvert your judgement to others. You still have to be smart enough and confident enough to ultimately make those good judgements, so there’s a balancing act there. And keeping that balance throughout your career is very important.

Trouble with fair value

Respondents who said the issue would be the most prevalent financial statement misrepresentation issue in the next two to five years.

Source: The 2014 AICPA Survey on International Trends in Forensic and Valuation Services.