Audit requirements – Private US companies
After the release of the Commission Statement and Guidance on Public Company Cybersecurity Disclosures by Securities and Exchange Commission (SEC) in February 2018, every private entity said: “No, that is not my problem,” however, is of a different opinion, whereby in the United States audit requirements directs for predominant alignment among private companies as is the case with many of the public companies requirements.
Understand the Financial Accounting Standards Board (FASB)
FASB is a private non-profit organization founded in 1973. It is involved in the establishment of reporting and accounting standards fully recognized by the American Institute of Certified Public Accountants (AICPA). It is also recognized by SEC and focuses on setting accounting standards for public companies in the US.
The General Accepting Accounting Principles (GAAP)
These are principles focused on determining liabilities, an asset impacting health and financial reporting.
Economic Entity Assumption
There is a big difference between the transactions of a business owner and the sole proprietorship. As far as accounting principles are concerned, the two have to be separated.
Monetary Unit Assumption
Money, in this case, is measured regarding US dollars without inflation accountability.
Time Period Assumption
Every financial statement must be labeled clearly under the month, year, and day.
The money you spend when obtaining an asset does not show any decrease or increase value.
Full Disclosure Principle
Lenders and investors are required to include a description of potential impacts on the financial statement including data breaches and lawsuits.
Going Concern Principle
The work of the accountants is to determine if a business will be able to function well. This is based on the assets under the liabilities.
Expenses must be matched to revenues. Employee wages regarding the period worked and not when they were paid must be aligned. For instance, bonuses should be reported for the promised year.
Revenue Recognition Principle
Given that you need to report revenue for the time a project is completed and not when you get paid, revenue recognition aligns to the matching principle. Revenue focuses on the payment promised even when it is yet to be made.
Instead of splitting the cost for the number of years the product is used, you could expense the whole technology purchase for the year bought as part of your financial reporting. It means rounding off dollars to the nearest number and not using fractions.
Conservatism is a principle that requires you to give a net loss or gain account based on expected outcomes. It is a primary financial reporting concern as far as cybersecurity is concerned given that data breaches are a “when” question.
When To Apply GAAP
If yours is a private company, you might assume that you have different financial reporting requirements from those of public companies. Understand that you need to prove your financial stability before you can receive a loan or investment from anyone
Audited Financial Statements and Cybersecurity
If you have already applied for GAAP, it is vital that you also understand how cybersecurity risks can be translated into lines.
SEC Cybersecurity Guidance
The SEC interpretation of cybersecurity February 2018 provides that any data breaches should be reported immediately. The report also notes that that company exposure and reliance on the internet and network systems have been on the increase, with cybersecurity and attendant risk incidences rising at an alarming rate.
This is why public bodies are required to disclose risks linked to cybersecurity. Private companies, on the other hand, have been provided with a guidance map that helps in the assessment of cybersecurity risks. With a firm security-first approach, the potential breach is lessened which means that the financial statement of a company gets to reflect assurance over data protection.
FASB Accounting Standards Codification 606
All private entities using GAAP principles are required to comply by “Revenue from Contracts with Customers” guidance released in May 2014. This guidance gives insight for revenue recognition requiring the bodies to account for evidence of service delivery, arrangement, ability to collect, and fixed prices. Vendors can work with their customers for a whole year in cybersecurity. As such, accounting standards require companies to take principle-based reviews.
FASB Accounting Standards Update 2018-15
The current status of the August 2018 Accounting Updates (ASU), emphasizes how cloud computing agreements are reported. The updates provide that a company can spread costs out linked to integration and testing to reflect changes in the market and security threats.
As part of the vendor managerial program, the cybersecurity levels aligning to risk tolerance can be maintained by the software. ASU now allows companies to integrate upgrades and re-engineering in the financial report.
How Private Companies Meet Audit Standards
This product gives room to task prioritization allowing companies to track compliance activities thus reducing vulnerabilities. This is done by monitoring and scheduling reviews against their completion date.
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
- Risk management plan – What it is for?
- Internal audit effectiveness data analytics strategy
- Prioritizing risk in project management
Editor’s Note: Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more about IT compliance at ReciprocityLabs.com.