Controls for Financial Statements (#78)
/In this podcast episode, we discuss the controls that apply specifically to the creation of financial statements. Key points made are noted below.
Financial statements are the summarization of all kinds of different transaction streams. If there’s a problem in any one of those transaction streams, then the error appears in the financials. However, I’m not going to talk about controls over those types of errors. That’s already covered in episodes 1 through 15, where I’ve laid out control systems for all kinds of accounting transactions. Instead, I’m going to talk about controls over creating the financial statements themselves. So let’s get right into it.
Controls Over the Creation of Financial Statements
First is the error of non-inclusion. This means that you just flat-out forgot to enter something in the financials. Maybe it was a special journal entry. Happens all the time. The best control over this is a standard closing checklist that forces you to look at and sign off on any of the dozens of steps needed to close the books. For more information about the checklist, go to episodes 16 through 25, which address the fast close.
Second, always document your journal entries. Otherwise, you end up with journal entries for which there’s no support at all, which drives auditors crazy. Your best bet is to create a standard journal entry form that requires the signature of a senior-level accounting person. This means that a second pair of eyes gets to review everything, and that catches a lot of errors.
And yes, this means that you need a closing binder. This should contain tabs by month, and behind each tab is all of the supporting documentation for every entry for that month.
Third, designate some entries as high-risk entries. This usually means that it’s something that’s had a high error level in the past, or which involves so much money that any error at all would seriously impact the financials. For these entries, require a really senior-level reviewer, such as the controller.
Fourth, once you have all of those approved journal entries, only allow one person to record them in the accounting system. That way, there’s less risk of duplicating or missing an entry.
Fifth, reconcile all of the major balance sheet accounts. This doesn’t mean piddly accounts, like sales taxes payable, but ones where there’s a serious risk that something is there that shouldn’t be. I find that accounts like “prepaid assets” or “other liabilities” are just poisonous. For these accounts, there’s sometimes not just a reconciliation, but also a formal meeting every quarter, just to make absolutely certain about what can be retained and what should be written off.
Spreadsheet Controls
And what about spreadsheets? There are lots of journal entries that are built on top of spreadsheets, and those spreadsheets can be incorrect. There’re several controls to consider here. One is to archive all spreadsheets used in the financials at the end of each month. I do this. We store the complete set of spreadsheets in a separate archive subdirectory, and we put password access on them.
By doing so, we have a really good record of what happened in previous months, so we can go back and research the numbers, if we need to. It also means that we have a presumably clean spreadsheet version, in case the current one was messed up during an update for the most recent month.
Another possibility with spreadsheet controls is to do an annual review of the structure of each one. This means that someone who doesn’t normally use the spreadsheets takes a look at them from the perspective of content, and formula accuracy, and ease of use. Sometimes, it can be quite a surprise when the reviewer finds that a spreadsheet not only has a bad formula, but has also had a bad formula for a long time – which you can trace back with the spreadsheet archives that I already mentioned.
Analytical Reviews
Another control that very few companies do is the analytical review. This means that you compare accounts across different periods, just to see if they’re reasonable. Auditors make you do it all the time, so why wait for them to show up and put you through the embarrassment of explaining away an obvious mistake? Just do the review yourself to spot errors.
Now, there’s an easy way to do this, and a hard way. The hard way is the auditor’s approach, which is to transfer account balances into a separate spreadsheet, and manually compare everything about six different ways. That is both slow and painful.
I use the easy method, which is to have the accounting software print out period ending balances for every account for each of the last 12 months. Then I just skim through this trailing-12 report to see where the blips are. I circle anything that looks odd, and then hand the report off to an assistant controller to research. Takes me about 10 minutes.
Public Company Controls
If you’re a public company, then consider this control. You write up a disclosure memo and send it to the disclosure committee for review. The memo covers the big topics, like whether you have goodwill impairment, or how you’re justifying the accrual of revenue, or risk analysis. The disclosure committee is usually the corporate attorney, the CEO, and perhaps an outside accounting expert. These people bring a different perspective on the main issues, and every now and then they come up with a really good point. So, this is not a tactical control, it’s a strategic one.
Again if you’re a public company, there’s also a potential for issuing financials that don’t match your trial balance. This is pretty much impossible for a private firm, because the financials are generated directly from the trial balance. The problem for public companies is that the information is translated into a quarterly 10Q or annual 10K report, and it’s surprisingly easy to lose some numbers during the translation. Consequently, before issuing any public reports, make sure that you match the financial statements to the trial balance.
After-the-Fact Controls
Now, after the financials are issued, there’s an after-the-fact control, which is to specifically ask the recipients of the financials to contact you if they have any comments. Company managers are very interested in the financials, since their performance is based on the numbers, so you should create a feedback loop and get people to use it.
And there’s the really after-the-fact control, which is the post mortem. This means that you get the accounting team together to discuss what went wrong and what went right. If something worked well, then lock it into the financial statements procedure. If not, then document what you want to do differently the next time, and create a memo or e-mail that states who is responsible for the new system.