Like most businesses, you’ve probably experienced a significant increase in the number of customers who prefer to make cashless payments. And you may be wondering: How does the acceptance of these types of transactions affect the auditing of your financial statements?
Cashless transactions require the exchange of digital information to facilitate payments. Instead of focusing on the collection and recording of physical cash, your auditors will spend significant time analyzing your company’s electronic sales records. This requires four specific procedures.
1. Identifying accepted payment methods
Auditors will ask for a list of the types of payments your company accepts and the process maps for each payment vehicle. Examples of cashless payment methods include:
- Credit and debit cards,
- Mobile wallets (such as Venmo),
- Digital currencies (such as Bitcoin),
- Automated Clearing House (ACH) payments,
- Wire transfers, and
- Payments via intermediaries (such as PayPal).
Be prepared to provide documents detailing how the receipt of cashless payments works and how the funds end up in your company’s bank account.
2. Evaluating roles and responsibilities
Your auditors will request a list of employees involved in the receipt, recording, reporting and analysis of cashless transactions. They will also want to see how your company manages and monitors employee access to every technology platform connected to cashless payments.
Evaluating who handles each aspect of the cashless payment cycle helps auditors confirm whether you have the appropriate level of security and segregation of duties to prevent fraud and misstatement.
3. Testing the reconciliation process
Auditors will review prior sales reconciliations to test their accuracy and ensure appropriate recognition of revenue. This may be especially challenging as companies implement the new accounting rules on revenue recognition for long-term contracts. Auditors also will test accounting entries related to such accounts as inventory, deferred revenue and accounts receivable.
4. Analyzing trends
Cashless transactions create an electronic audit trail. So, there’s ample data for auditors to analyze. To uncover anomalies, auditors may, for example, analyze sales by payment vehicle, over different time periods and according to each employee’s sales activity.
If your company has experienced payment fraud, it’s important to share that information with your audit team. Also tell them about steps you took to remediate the problem and recover losses.
Preparing for a cashless future
Before we arrive to conduct fieldwork, let’s discuss the types of cashless payments you now accept — or plan to accept in the future. Depending on the number of cashless methods, we’ll amend our audit program to review them in detail.
Many companies, especially those that operate in areas prone to natural disasters, should consider business interruption insurance. Unlike a commercial property policy, which may cover certain repairs of damaged property, this coverage generally provides the cash flow to cover revenues lost and expenses incurred while normal operations are suspended because of an applicable event.
But be warned: Business interruption insurance is arguably among the most complicated types of coverage on the market today. Submitting a claim can be time-consuming and requires careful preparation. Here are some best practices to keep in mind:
Notify your insurer immediately. Contact your insurance rep by phone as soon as possible to describe the damage. If your policy has been water-damaged or destroyed, ask him or her to send you a copy.
Review your policy. Read your policy in its entirety to determine how to best present your claim. It’s important to understand the policy’s limits and deductibles before spending time documenting losses that may not be covered.
Practice careful recordkeeping. Maintain accurate records to support your claim. Reorganize your bookkeeping to segregate costs related to the business interruption and keep supporting invoices. Among the necessary documents are:
- Predisaster financial statements and income tax returns,
- Postdisaster business records,
- Copies of current utility bills, employee wage and benefit statements, and other records showing continuing operating expenses,
- Receipts for building materials, a portable generator and other supplies needed for immediate repairs,
- Paid invoices from contractors, security personnel, media outlets and other service providers, and
- Receipts for rental payments, if you move your business to a temporary location.
While the Tax Cuts and Jobs Act (TCJA) reduces most income tax rates and expands some tax breaks, it limits or eliminates several itemized deductions that have been valuable to many individual taxpayers. Here are five deductions you may see shrink or disappear when you file your 2018 income tax return:
1. State and local tax deduction. For 2018 through 2025, your total itemized deduction for all state and local taxes combined — including property tax — is limited to $10,000 ($5,000 if you’re married and filing separately). You still must choose between deducting income and sales tax; you can’t deduct both, even if your total state and local tax deduction wouldn’t exceed $10,000.
2. Mortgage interest deduction. You generally can claim an itemized deduction for interest on mortgage debt incurred to purchase, build or improve your principal residence and a second residence. Points paid related to your principal residence also may be deductible. For 2018 through 2025, the TCJA reduces the mortgage debt limit from $1 million to $750,000 for debt incurred after Dec. 15, 2017, with some limited exceptions.
3. Home equity debt interest deduction. Before the TCJA, an itemized deduction could be claimed for interest on up to $100,000 of home equity debt used for any purpose, such as to pay off credit cards (for which interest isn’t deductible). The TCJA effectively limits the home equity interest deduction for 2018 through 2025 to debt that would qualify for the home mortgage interest deduction.
4. Miscellaneous itemized deductions subject to the 2% floor. This deduction for expenses such as certain professional fees, investment expenses and unreimbursed employee business expenses is suspended for 2018 through 2025. If you’re an employee and work from home, this includes the home office deduction. (Business owners and the self-employed may still be able to claim a home office deduction against their business or self-employment income.)
5. Personal casualty and theft loss deduction. For 2018 through 2025, this itemized deduction is suspended except if the loss was due to an event officially declared a disaster by the President.
Be aware that additional rules and limits apply to many of these deductions. Also keep in mind that the TCJA nearly doubles the standard deduction. The combination of a much larger standard deduction and the reduction or elimination of many itemized deductions means that, even if itemizing has typically benefited you in the past, you might be better off taking the standard deduction when you file your 2018 return. Please contact us with any questions you have.
Investors, lenders and other stakeholders have been vocal in recent years about pushing companies to provide more information in their financial reports about cybersecurity. Could your company do a better job disclosing cyberrisks and recent hacks?
Most public companies could do better, according to recent testimony during congressional hearings by Jay Clayton, Chairman of the Securities and Exchange Commission (SEC). Here are ways his agency is attempting to “refresh” the disclosure guidance.
Updating the guidance
The SEC doesn’t expect to overhaul its Disclosure Guidance: Topic No. 2, Cybersecurity. Rather, it plans to consider whether important information about cybersecurity should be disclosed to stakeholders within the context of the existing rules. For example, companies may need to beef up their management’s discussion and analysis (MD&A) and footnote disclosures to reflect potential cyberrisks and material financial implications of data breaches.
The current guidance on cybersecurity, which was published in 2011, doesn’t include a specific requirement for companies to disclose computer system intrusions. The SEC’s effort to update the guidance comes amid concerns that more public companies have been experiencing attacks to their computer systems, but their disclosures haven’t been timely or informative enough.
Changes in the works
Regulators in the SEC don’t know whether the update will be issued in the form of staff-level guidance or a regulatory release approved by the SEC’s commissioners. But they’ve decided to address two key areas in the update:
- Financial reporting controls and procedures that identify and disclose cybersecurity threats in a timely manner, and
- Corporate strategies and policies regarding cybersecurity prevention, detection and breach response.
On the one hand, companies feel a responsibility to share relevant information openly and honestly with stakeholders. On the other, they don’t want to prematurely disclose information about a breach before they know the extent of the damage or to release inaccurate information that later needs to be revised. Company insiders may also be working with law enforcement, in which case they don’t want to disclose information that could compromise the investigation.
Regardless of whether your business is public or private, it’s important to assemble a team of professional advisors — including legal, insurance and financial experts — to identify risk factors and to handle breach response, measure the impact and mitigate potential losses. We can help you provide transparent and timely information to your stakeholders.
Private companies that follow U.S. Generally Accepted Accounting Principles (GAAP) must comply with the landmark new revenue recognition standard in 2019. Many private company CFOs and controllers report that they still have significant work to do to meet the demands of the sweeping rules. If you haven’t started the implementation process, it’s time to get the ball rolling.
Lessons from public company peers
Affected private companies must start following Accounting Standards Update (ASU) No. 2014-09, Revenue from Contracts with Customers (Accounting Standards Codification Topic 606), the first time they issue financial statements in 2019. For private companies with a fiscal year end or issuing quarterly statements under U.S. GAAP, that could be within the next few months. Other private companies have until the end of the year or even early 2020. No matter what, it’s crunch time.
Public companies, which had to begin following the standard in 2018, reported that, even if the new accounting didn’t radically change the number they reported in the top line of their income statements, it changed the method by which they had to calculate it. They had to comb through contracts and offer paper trails to back up their estimates to auditors. Public companies largely reported that the standard was more work than they anticipated. Private companies can expect the same challenges.
The revenue recognition standard erases reams of industry-specific revenue guidance in U.S. GAAP and attempts to come up with the following five-step revenue recognition model for most businesses worldwide:
1. Identify the contracts with a customer.2. Identify the performance obligations in the contract.3. Determine the transaction price.4. Allocate the transaction price to the performance obligations.5. Recognize revenue as the entity satisfies a performance obligation.
In many cases, the revenue a company reports under the new guidance won’t differ much from what it reported under old rules. But the timing of when a company can record revenues may be affected, particularly for long-term, multi-part arrangements. Companies also must assess:
- The extent by which payments could vary due to such terms as bonuses, discounts, rebates and refunds,
- The extent that collected payments from customers is “probable” and won’t result in a significant reversal in the future, and
- The time value of money to determine the transaction price.
We can help
Our accounting experts can help you avoid a “fire drill” right before your implementation deadline and employ best practices learned from public companies that made the switch in 2018. Contact us for help getting your revenue reporting systems, processes and policies up to speed.