Most public companies are preparing to adopt the Financial Accounting Standards Board’s (FASB’s) new revenue recognition standard, which applies to annual reporting periods beginning after December 15, 2017. As you make the transition, it’s critical to evaluate whether the standard introduces new risks — including fraud risks — and, most likely, to update your internal controls. Revenue recognition is a common area where auditors and analysts discover material weaknesses.
Make the judgment call
The new revenue recognition standard is principles-based, rather than rules-based, and requires management to exercise significant judgment. For example, management will be expected to:
- Identify separate performance obligations — discrete promises to transfer goods or services — within contracts with customers,
- Allocate the transaction price among the various performance obligations in a contract,
- Determine when a performance obligation has been satisfied, and
- Estimate expected variable consideration that should be included in the transaction price.
With regard to the last item, consideration may vary because of discounts, rebates, refunds, credits, price concessions, performance bonuses, penalties, contingencies or other events that are unknown when the contract is executed. Management will include these amounts in the transaction price only to the extent that it’s “probable that a significant reversal in the amount of cumulative revenue recognized will not occur in the future.” Each of these judgment calls is susceptible to management bias or manipulation.
Evaluate your internal controls
As the implementation date approaches, most companies are focused on ensuring that their accounting policies, processes and systems are equipped to capture information to comply with the new revenue recognition standard and meet their disclosure obligations. But it’s also critical to conduct a thorough assessment of your company’s risks, both during and after adopting the new standard. New risk exposures demand updated internal controls to mitigate potential risks.
In a recent speech at a conference on revenue recognition, Sylvia Alicea, a Professional Accounting Fellow of the SEC’s Office of the Chief Accountant (OCA), urged management of public companies to conduct a risk assessment to meet their financial reporting responsibilities under the new standard. Specifically, she asked management to “carefully consider whether the transition (or consistent application of the standard once implemented) results in new risks or changes to previously identified risks, including fraud risks.”
Examples of high-risk judgment calls include identifying performance obligations, estimating standalone selling prices for distinct goods and services, and estimating variable consideration when determining the transaction price. When deciding if new or modified internal controls are needed, management might consider establishing a framework that defines how it will exercise judgments regarding revenue recognition to ensure consistent application of the standard.
Oversight is key
Most public companies use the Internal Control — Integrated Framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). This framework helps management assess fraud risks, design internal controls and evaluate their effectiveness. The COSO framework and other sources of guidance emphasize the importance of an appropriate oversight function, including an audit committee, to reduce fraud risks.
As the deadline for implementing the new revenue recognition standard nears, engage your company’s audit committee in the risk assessment process and start conversations with your auditors as it relates to changes in your internal controls.