10 compliance threats to smaller companies
The research was compiled aggregating the results of 148 first time companies with revenues under $100 million (using Audit Analytics and our experience in assisting smaller public clients). Clients with clean internal controls were excluded from this study.
This list provides crucial data that you can use in developing your strategy to assess high level risks within your company. The following are the ten leading material weaknesses in Lord & Benoit’s study:
1. Accounting and disclosure controls
Perhaps the biggest surprise to smaller public companies may be that they are expected to have no significant auditor adjustments. Therefore we found that of the 148 companies we reviewed with material weaknesses, nearly two thirds or 94 had issues relating to accounting and disclosure controls. Included were a number of departures from GAAP, income tax accounting and inadequate or inaccurate financial statement disclosures.
The next level of material weakness noted was in the process level control area of Treasury. There were 92 findings noted in this category including accounting for stock, debt, investments, derivatives and cash controls. Common in the cash area were lack of separation of duties between signing checks and access to accounting records. Wire transfers with only one person involved was also noted in many instances.
3. Competency and training of accounting personnel
The third highest number of material weaknesses were in the area of adequate training and competency of accounting personnel. The lack of management commitment to the competency and formal training program were described as the root cause for 85 instances of improper accounting and disclosures.
4. Control environment
The fourth greatest threat facing smaller companies in their first year of compliance relates to Audit Committee effectiveness, lack of effective internal audit function, ineffective monitoring of code of ethics and ineffective technical review of financial statements leading to financial restatements. Nearly half of the companies fell into this category.
5. Design of controls/lack of effective compensating controls
About 60 companies reported issues with regards to proper segregation of duties. When we drilled down, we found the cause was not only segregation of duties but the breakdown in the compensating controls that were designed to mitigate the preventive control. In other words, what management thought was happening was different than what was really happening.
6. Revenue recognition
About one third of the companies in the study had improper revenue recognition. The issues mainly dealt with proper cut off and timing of transactions.
7. Financial closing process
About a third of the companies struggled with weaknesses in their financial closing processes. For a number of reasons the financial closing processes did not identify non-recurring and adjusting journal entries that should have been made. Consequently material audit adjustments were necessary leading to material weaknesses in internal controls over financial reporting.
8. Inadequate account reconciliations
In addition to the closing process mentioned in item 7 above, a number of account reconciliation deficiencies were noted in our study. There were 47 instances of material inadequate account reconciliations noted.
9. Information technology
Access controls, change controls, ineffective application controls, and critical spreadsheet controls were some of the points contributing to 45 companies having material IT weaknesses.
10. Consolidations, mergers, intercompany accounts
Another 43 companies had material weaknesses in the mergers and acquisitions, intercompany accounting controls, consolidations and foreign exchange translation gains and losses.
In conclusion, our recommendation would be to use this list as a starting point for a macro level risk assessment within your company. We recommend that you review this list carefully, identify potential concerns that apply and develop an action plan to remediate these identified risks as quickly as possible. Quick action could minimize the likelihood of an adverse Section 404 report at the end of your first year of compliance.