Q1 Quarterly Accounting & SEC Update
The first quarter of 2023 arrived with a number of changes and announcements, including the IRS issuing guidance on hot topics, that were reviewed in Weaver’s March 23, 2023 Accounting and SEC Update. Deep dives—along with a host of examples—were provided on IT Applications and Audit Risk and Internal Control Over Financial Reporting as well as a summary of recent accounting pronouncements and reminders for proxy season.
SEC Rule Changes:
- Compliance with Listing Standards for Erroneously Awarded Compensation – This applies to accounting restatements and can be referred to as a compensation claw back. Tax implications must also be considered whenever a compensation claw back occurs due to a restatement.
- Insider Trading Plans and Disclosures apply as early as the first filing that covers a full fiscal period that begins on/ after April 1, 2023, or for SRCs, October 1, 2023.
- Electronic filing of Form 144s – Sale of securities electronic filing begins April 2023.
- Amendments to Form N-PX, effective for votes on or after July 1, 2023.
Accounting Updates:
Reference Rate Reform (Topic 848) – ASU 2022-06 updates ASU 2020-04 to revise the sunset date from December 31, 2022 to December 31, 2024.
Accounting for Long Term Duration contracts (LTDI) – ASU 2022-05 (Topic 944) allows insurance entities to make an accounting policy election on a transaction-by-transaction basis to exclude certain contracts from the LDTI retrospective transition method.
Current Expected Credit Losses (CECL) – ASC 326-20 – Effective as of January 1, 2023, the key changes between CECL and legacy GAAP were reviewed.
- CECL allows for the use of current and future information, while legacy does not.
- Legacy GAAP recognized when a loss was probable while CECL requires recognition, even if it is remote.
- Accrual-based entities will typically end up with a day one allowance.
- Pooling of assets and disclosure requirements, as discussed in the Weaver Q4 Accounting and SEC Update, should also be reviewed.
Pay Versus Performance – The SEC released Compliance and Disclosure Interpretations (C&DIs) in February 2023. Tabular, graphical, and/or narrative disclosures are required to tell the story and describe the nature of the relationship between executive compensation actually paid by the registrant and the registrant’s financial performance.
Income Tax Developments:
Research & Development (R&D) Capitalization – As companies close 2022, they should review their Section 174 R&D expenditures that were amortized and capitalized to determine if claiming the R&D tax credit associated with the capitalization is detrimental to cash-flow, even after consideration of the credit.
- Year-end 2022 financials should reflect a deferred tax asset for the difference in book-to-tax basis in the capitalized costs.
- Senate Bill 866 went before the Senate Finance Committee on 3/16/23 to address R&D capitalization issues.
- If the legislation is enacted retroactively, deferred tax balances related to these costs will need to be adjusted during the period in which the legislation is signed into law.
1% Excise Tax on Stock Repurchases – The Inflation Reduction Act (IRA) created Internal Revenue Code (IRC) Section 4105 imposing a 1% excise tax on the repurchase of corporate stock by domestic corporations on a public exchange. The Internal Revenue Service (IRS) published Notice 2023-2 with interim guidance until the regulations are finalized.
Corporate Alternative Minimum Tax (CAMT) –The IRS released IRS Notice 2023-7 providing interim guidance on implementing the CAMT and proposed regulations will address many issues that have been brought forward.
State Law Changes
- Arkansas, Iowa, Nebraska, New Hampshire, and Pennsylvania have corporate income tax reductions for 2023.
- Oklahoma has enacted a permanent 100% bonus depreciation (full expensing) despite the federal government’s phasedown to 80% under Section 168(k).
- Vermont has repealed its throwback rule Vermont SB 53)(2022 and new apportionment analysis will need to be performed as part of Q1 procedures.
IT Applications and Audit Risk
The number of IT applications that are subject to risks arising from the use of IT will vary based on many factors. Characteristics of IT applications more likely to be subject to an audit include:
- They are used to initiate, record, and process entity transactions
- The volume of data (transactions) is significant
- The functionality is complex, such as:
- the application automatically initiates transactions
- a variety of complex calculations underly automated entries or estimates.
- Applications are interfaced
- The application is used for preparation and maintenance of key reports
IT scope considerations extend beyond applications and the supporting infrastructure. They may include emerging technology, such as blockchain, robotics and artificial intelligence. They could also include tools/technology that assist in validations, workflow approvals, transfer of data, and/or documentation of IT activities.
The risks arising from the use of IT may increase as a result of implementation of new systems, changes or interruptions, turnover of IT personnel, integration of applications, or other reasons. Examples of common IT deficiencies that may result include:
- Changes to applications and supporting infrastructure (operating systems and database) are not logged, tested (when applicable), and authorized prior to release to production.
- Business users (such as the CFO or Controller) have administrative privileges within the system, creating a lack of segregation of duties.
- Incidents are not monitored/resolved and/or an incident has occurred that resulted in a failure of a financial information system (i.e. system functionality, system unavailability, inaccurate processing).
- Third party reports (for outsourced services):
- are not available
- are reported with a qualified opinion or exceptions that impact the company’s internal controls
- do not cover nine months or more of the financial period
- are limited to a SOC 2 and the controls do not cover the financial reporting risks
- are not reviewed by Management, including the adherence to the complementary user entity controls (CUEC)
“An IT general control exception alone doesn’t typically result in a material misstatement or weakness; rather it’s a combination of IT and related business control failures that are of the greatest concern.”
Brett Nabors
Weaver Partner, IT Advisory Services
Internal Control Over Financial Reporting (ICFR)
Deficiencies can occur within activities that are otherwise very routine, but occasionally overlooked or assumed to be operating more effectively than they actually are. Deficiencies can also arise in activities that are likely to change over time but not monitored regularly
Some examples include:
Entity Level Controls (ELCs) are typically indirect controls, but nonetheless important as they establish many of the governance and foundational control environments for an organization. These controls require some regular attention to ensure that they do not fall through the cracks.
- Confirm that senior leaders and directors know and regularly certify the controls they own.
- Hotline and whistleblower controls must not only exist, but submissions should be monitored, managed, and documented.
Account Reconciliations are lynchpin controls for financial reporting in most companies. It is a routine activity that can, if not monitored, become too routine and therefore lose effectiveness. To keep your account reconciliation practices diligent and effective, add specificity to the expectations for how reconciliations are executed.
- Identify the most critical reconciliations in your environment and establish specific review procedures that are relevant to the nature of the activity in the account.
SOX Scoping and Risk Assessment requires regular updates and should be forward-looking, rather than only focused on historical activity. Utilize materiality and your scoping analysis to link key accounts, financial statement line items, and disclosures to the underlying processes that support those transactions and activities. Ensure that processes address all accounts and transactions, groupings are appropriate, and accounts are accurately mapped to processes and transaction flow. Consider changes regularly and ensure that accounts and activity that may have been previously scoped out are still justified, and new activities and accounts are adequately considered.
Segregation of Duties (SOD) requires continuous monitoring as it can change quickly. Turnover, promotions, and acquisitions present opportunities for conflicts to arise, both in assigned responsibilities and access provisioning. Develop a method of routinely updating segregation of duties analyses that considers both user-specific and role-based provisions. Focus the analysis on activities that are higher in risk to internal control over financial reporting or create a fraud risk.
Control Precision and Information Produced by the Entity (IPE) is often interpreted inconsistently and the expectations for the specificity and level of details associated with these attributes of a control continue to expand.
- Precision is the specific action or actions performed when executing a control. It includes thresholds for variances and fluctuations but is not limited to values. Precision includes specificity of the individual components of review and validation performed when executing a control.
- Completeness and accuracy of IPE is a form of precision and an important one. Many organizations struggle with IPE-associated control activities because they are not specifically considered as part of the control execution, and more importantly, the evidence of performance.
Acquisition Integration – Substantial planning goes into integrating an acquired entity into your internal control structure. There are some preliminary questions and considerations that should be clarified early on in the integration, such as how many control environments will exist within the organization post-integration? How similar or different are the underlying processes and activities of the acquired company compared to those of the acquirer? A detailed plan is needed to ensure that the overall control structure of the consolidated entity is appropriate. This is especially significant when the acquired company was not previously publicly traded.
Managing Deficiencies – The accounting and finance teams at most public companies are very busy in Q1 and early Q2 as they complete year-end reporting for the prior year and immediately go into closing and reporting on the first quarter of the current year. Somewhere in this cycle, it is important to evaluate any known deficiencies and determine a path forward to remediation.
- Even small deficiencies should be remediated as soon as it is practical. Deficiencies that are individually not significant could become more significant if new issues arise that compound existing or known deficiencies.
- Link identified accounting and financial reporting errors to control deficiencies, either in design or effectiveness.
- Remember, having a plan to remediate a control deficiency is not sufficient to claim a control is remediated. Once the new, improved or revised control activity has operated and is confirmed as effective, it can be considered remediated.
Weaver’s Executive Resource Center publishes its “Topics for Your Next Board Meeting” quarterly to help you guide conversations around meaningful topics that inform the board and allow executive leadership to share their knowledge and insights.
©2023
Weaver’s Accounting and SEC Update
Sign up for our quarterly series to stay informed!