As companies pick up the pace in preparing to implement the new revenue recognition accounting standard, audit leaders are issuing some guidance to help companies keep audit risks in mind.
The American Institute of Certified Public Accountants issued a 110-page audit alert on the new revenue recognition standard to assure preparers understand the concerns auditors will raise as they dig into the new financial statement assertions prepared under the new accounting guidance. The alert explains the new revenue recognition standard, highlights differences between existing and new requirements, and outlines the many auditing considerations that companies should keep in mind as they adopt the new rule.
While the alert helps companies understand the accounting and financial reporting impacts of the new guidance, the real value is in its focus on helping companies identify where they may have risks of misstatement as a result of adopting the new accounting requirements. A 7-page Protiviti summary of the AICPA alert says preparers and auditors will need to consider whether the company properly applied the new GAAP, whether the company properly applied its own internal accounting policies, the risk of misstatement associated with the nature of the company’s goods and services, and the structure and complexity of the company’s contracts with customers.
Calling it one of the more comprehensive pieces of implementation guidance issued to date, Chris Wright, managing director at Protiviti, says the alert as well as other circumstances have prodded some companies into action preparing for the new standard. “It is prompting companies that hadn’t started to begin looking at doing the diagnostic work,” he says. Companies need to get through the diagnostics to “demystify” their impressions of whether the implementation will be difficult or simple, he says.
While the alert calls attention to possible risks associated with the five steps of the new revenue recognition model, it also raises an eyebrow around fraud risks. Companies need to adopt the standard with some key fraud risks in mind, like whether management or other employees have an incentive or a reason to commit fraud, or any circumstances that provide an opportunity for fraud, such as through lax controls. With fraud and audit risks in mind, the AICPA alert suggests controls companies should consider related to each of the five steps of the new revenue recognition model.
“Anytime you add new rules for areas that are subjective, there is the possibility that some people at companies or their advisors might be looking for ways to game the system,” says Wright. “Companies need to keep an eye on fraud risk in an area as subjective and as important as revenue.”
Compared with roughly six months ago, Wright says he sees corporate activity picking up in preparing for the new standard. “It cuts across all industries and all geographies,” he says. “It does seem with the guidance that is coming out and with the year-end financial reporting season for calendar-year companies behind them that companies are beginning to focus on this.”
The standard takes effect Jan. 1, 2018, so companies will be required to provide data for 2016, 2017 and 2018 under the new rules at that time. “Because of that, companies are paying more attention to it now,” says Wright.