I. Introduction
In May 2014, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606) for public business entities, certain not-for-profit entities, and certain employee benefit plans. The amendments become effective for public entities for annual reporting periods beginning after December 15, 2017. In other words, the new Revenue Recognition (“new revenue recognition”) standard which may significantly impact the compliance profession, compliance programs and compliance practitioners going forward is here and ongoing in full force. Matt Kelly and I created a podcast series and audio white paper around this new revenue recognition standard which forms a basis for this article.
FASB recognized that its revenue recognition requirements around U.S. generally accepted accounting principles (GAAP) differed from those in the International Financial Reporting Standards (IFRS) and that both sets of requirements needed improvement. This led to a project by FASB and the International Accounting Standards Board (IASB) to jointly clarify the principles for recognizing revenue and to develop a common converged revenue standard for GAAP and IFRS. Hence the new revenue recognition standard.
One of the key differences in this new revenue recognition standard is that it requires companies to disclose new information beyond data a company might have been required to release in the past. This will put pressure on auditors to get comfortable with what the company provided to them. This will create risks for auditors adjusting to the new revenue recognition standard because as they learn more about the new standard and apply it going forward into 2018, they may have to revisit prior reporting and revise some of it.
The reason this is important to the compliance profession and the compliance practitioner is internal controls over financial reporting involved in implementing this new standard are critical to the effective use of implementation and how you implement. The Securities and Exchange Commission (SEC) has said explicitly in several public statements and through their early comment letters on disclosures made in advance of implementation, that companies must inform the SEC about the accounting policies that they are changing, and how this new standard will affect a company’s accounting processes, and finally how those effects are going to be managed.
Moreover, the SEC has indicated that these disclosures are central to the new revenue recognition standard. If a company previously had a failure in their disclosures for an accounting standard, they were considered under section Sarbanes-Oxley (SOX) Section 302 of the SEC rules which has a lower than the liability that a company might face under SOX Section 404, which has to do with the actual internal controls over financial reporting. In the past, the disclosure of internal controls might not typically bring Section 404 scrutiny; however, under the new revenue recognition standard, they may now do so.
Of course, this is overlaid on the requirements of effective internal controls under the Foreign Corrupt Practices Act (FCPA) and the lack of any materiality standard. One only need to consider the Wells Fargo fraudulent accounts scandal to see how a lack of materiality does not prevent the types of risk from moving forward to become huge public relations disasters, hundreds of millions of dollars in fines and costs estimated at over $1bn for failures of internal controls.
Yet there are other tie-ins into compliance which the compliance practitioner needs to understand and prepare for going forward. The prior revenue recognition standard was rules based. As a lawyer, that was an approach I was quite comfortable with both from a learning stand point and communicating to business folks. But now the standard is much more judgment based and when a standard is more judgment based, there can be more room for manipulation. For a Chief Compliance Officer (CCO), a key task will be to make sure that you have changes in the business processes necessary to gather the information that has not previously been required to continue to monitor; how that information is factoring into the judgements that managers must make as they report their revenue under the new standard; and that those judgements themselves are properly documented.
This final point demonstrates the convergence and overlap between the compliance profession, compliance programs and compliance practitioners going forward. Compliance internal controls are in place to both detect and prevent. Now they can also be used to gather the information which will be presented to auditors under the new revenue recognition standard. Many professionals are focused on the new revenue recognition from the auditing and implementation perspective. However, if you are a Chief Compliance Officer (CCO), you might want to go down the hall and have a cup of coffee with your Chief Financial Officer (CFO) and find out what internal controls might be changing or that they might be adding and consider how that will impact compliance in your organization.
The prior revenue recognition standard was rules-based, while this new revenue recognition standard is principles-based. This was done deliberately as FASB is coordinating this rollout with how revenue is recognized in other parts of the world, specifically IFRS, which are put forth by the International Accounting Standards Board. This was a joint effort to have a one global approach to how companies recognize revenue and the process involves a lot more judgment. Kelly noted, “The good news is that you can exercise a lot more judgment and if you have good judgment you can finesse things to be much more reflective of what's the economics of the deal.”
The new revenue recognition standard is really about a series of performance obligations; what a company is committing to do in delivering a good, delivering a service, or both. Next, has a company fulfilled those performance obligations. Finally, is do these actions give that obligation to a company beyond the contract language? Kelly said, “It's a sweeping standard. The philosophy of when you have a transaction and when you do not, has changed. Different types of industries will be hit by this quite a bit by this new revenue recognition standard, but others will not.”
Kelly said this use of more judgment, than rules cuts, both ways. “If your judgment is not sound or if your judgment could be called into question because you have not properly documented your logic and your chain of thought, your organization is opened itself to questioning your judgment much more than might have happened under the old standard. This means a key will be the logic in determining the transaction price.” In addition to the process aspect, there is the document, document, document process which should warm the heart of every compliance practitioner. As the prior revenue recognition standard was rules based, “you went through all the contortions you come to a number that's the number.” Now, as Kelly noted, “it's down to this is our judgment and if our judgment is good and we can document it here we are.”
Kelly also noted the SEC has gone to great lengths over the past two years at least about this new revenue recognition standard, giving what he termed “gentle nudges and sometimes not gentle nudges to companies that you've got to get on board with this new revenue recognition standard.” The good thing is that while the SEC may well provide a few comment letters, as companies are reporting under the new revenue recognition standards, they will probably not sanction companies for reporting errors for some period of time. Kelly believes, “as long as you are actually trying to embrace the spirit of the new revenue recognition standard” the SEC will not sanction your organization. However, if an organization is “committing accounting fraud you are still going to get nailed.”
Kelly concluded by raising the very interesting question of whether the investor community is ready for this new revenue recognition standard. This may be truer for private equity companies investing in the tech space are the rules around revenue recognition for software companies could be more greatly impacted than other organizations. (We will take up the new revenue recognition standards for software companies in Part 3.) The bottom line is that a wide variety of interests, in a multitude of organizations will be impacted by this new revenue recognition standard; including the compliance profession.
Part II. What the logic of the transaction price?
FASB states that Step 3, determine the transaction price, is the amount of consideration to which an entity expects to be entitled in exchange for transferring promised goods or services to a customer, excluding amounts collected on behalf of third parties. To determine the transaction price, an entity should consider the effects of:
1. Variable consideration - If the amount of consideration in a contract is variable, you must determine the amount to include in the transaction price by estimating either the expected value or the most likely amount.
2. Constraining estimates of variable consideration - An entity should include in the transaction price some, or all, of an estimate of variable consideration only to the extent it is probable that a significant reversal in the amount of cumulative revenue recognized will not occur.
3. The existence of a significant financing component - An entity should adjust the promised amount of consideration for the effects of the time value of money if the timing of the payments agreed upon by the parties to the contract provides the customer or the entity with a significant benefit of financing for the transfer of goods or services to the customer.
4. Noncash consideration - If a customer promises consideration in a form other than cash, an entity should measure the noncash consideration at fair market value.
5. Consideration payable to the customer - If an entity pays, or expects to pay, consideration to a customer in the form of cash or items, such as a credit, a coupon, or a voucher, that the customer can apply against amounts owed to the entity, the entity should account for the payment as a reduction of the transaction price or as a payment for a distinct good or service, or both.
Kelly noted all of this means judgment are going will become more important under the new revenue recognition standard. He said “People should be thinking about that judgment means, who will be able to defend, precisely how your organization is defining the transaction price. That is something that your audit firm will want to look at and you should understand that the audit firms have more pressure to be more skeptical about judgments their clients make.”
One particular problem could be non-cash transactions or even consideration. He advised to think “about the difference between cash and non-cash compensation for a deal. What if some of your payment for a transaction was in Bitcoin; the value of which is literally changing by the day right now. You could have a transaction that you agree to payment on the first of the month and some part of it might be conveyed in Bitcoin at the end of the month. However, the value of bitcoin could change dramatically before the end of the month or the quarter. Further, compensation can come in many forms, such as receipt a patent from a joint venture partner, travel voucher or really anything of value. It will create a requirement to accurately value them and implement that valuation.
An ancillary result will be that many non-accountants are going to find that they get pulled into these conversations that you probably have not had much experience with before over revenue recognition. Lawyers and compliance practitioners, for instance may well be a part of these conversations going forward. They typically have not been a part of the discussion to determine the transaction price in the past. That is really going to be the tricky part of defining what a transaction is under this new revenue recognition standard.
For the compliance practitioner, it is not simply being able to read a spreadsheet anymore. It is understanding the underlying basis of that spreadsheet and are those underlying bases defensible. Consider in the FCPA and greater compliance ream, you may be required to justify the values assigned to either discounts, rebates or some other form of payment variance. In the overall context of an FCPA investigation, under the books and records provisions, a compliance professional may well have to take a much more detailed view of this to determine the transaction price when you sit down across the table from somebody at the DOJ.
Kelly concluded, “in the grand scheme what FASB wanted to achieve with this new revenue recognition standard was to bring more transparency to the logic of the economic action.” You will need to be able to justify where did these numbers come from related to this business transaction the companies are engaged in going forward. It is certainly going to be a very different world for some people.
Part III. Contracts
The key to understanding the new revenue recognition standard is that it is judgment based, not rules based. This will allow more room for interpretation but also allows for more room for manipulation. This is where the new revenue recognition standard intersects with compliance and where the compliance practitioner needs to not only understand the new revenue recognition standard but also understand the role that internal controls will play in complying with this new standard going forward.
There are five elements that you must consider to make a determination of whether revenue can be recognized. FASB identifies these five elements as the following:
FASB states that Step 1: Identify the Contract with a Customer, as follows:
A contract is an agreement between two or more parties that creates enforceable rights and obligations. An entity should apply the requirements to each contract that meets the following criteria:
-
Approval and commitment of the parties
-
Identification of the rights of the parties
-
Identification of the payment terms
-
The contract has commercial substance
-
It is probable that the entity will collect the consideration to which it will be entitled in exchange for the goods or services that will be transferred to the customer
Joe Howell, EVP at Workiva said, “The first step is to figure out what the contract is, and the most important point there is that contracts do not need to be written. The key about what is the contract means that if your business practices differ from what’s written in the contract, you have to make a judgment about which survives. For example, if you have a contract that says you have 90-day return privileges but you as a business practice always give 360 or 365 days’ return, what’s the contract? Is the contract the 90 days that’s written or is the contract the 365 days that you’re actually giving?” Obviously in the compliance world, the failure to follow the contract terms and conditions can raise one very large red flag as it might signify conduct the compliance function has not evaluated or approved.
But Howell points out how the failure to follow one of the most basic compliance requirements, i.e. following the terms of a contract, can negatively impact a company’s ability to recognize revenue under this new standard. “If you don’t have a contract, if you legitimately don’t have a contract, then you can’t recognize revenue until you actually get the cash. This can most often occur when a company follows a business practice that is not recorded or written. One would determine that the company has a business practice that was simply not written down. Of course, there are companies which ship based upon POs alone but in that case, you must discuss any pricing concessions that might be given in the PO and from that point try and determine what that actual contract might be going forward. This means your company may have a contract of some kind, but it may be enforceable only as a business practice not as a written contract.”
Howell also noted another important consideration is that a written contract represents the performance obligations of both parties. Moreover, there may “be some sort of credit factor that is considered in the contract and that’s something that’s quite new that changes the way the judgments need to be formed. In the past, you would have reserves for bad debt now you need to factor in to the actual revenue the amount of the revenue that could be affected by lack of ability to perform through any revenue that could be recognized until you actually collect it.”
Given that a written contract is specified in the Ten Hallmarks of an Effective Compliance Program as a key internal control, you can easily see how the lack of such a written agreement can fall into the realm of compliance. Even FCPA enforcement actions are relevant here as one of the well-known bribe-funding tactics is to provide a discount to a customer but not credit the company’s books but instead take the actual discounted amount and give to a corrupt official as a bribe. With this first element of the new revenue recognition standard apparently recognizing that the lack of a contract is not an impediment to eventually recognizing revenue, compliance practitioners may well need to more thoroughly review contracts with governmental entities or state-owned enterprises.
IV. Performance Obligations
FASB states that Step 2: Identify the Performance Obligations in the Contract, requires the following:
A performance obligation is a promise in a contract with a customer to transfer a good or service to the customer. If an entity promises in a contract to transfer more than one good or service to the customer, the entity should account for each promised good or service as a performance obligation only if it is (1) distinct or (2) a series of distinct goods or services that are substantially the same and have the same pattern of transfer.
A good or service is distinct if both of the following criteria are met:
-
Capable of being distinct—The customer can benefit from the good or service either on its own or together with other resources that are readily available to the customer.
-
Distinct within the context of the contract—The promise to transfer the good or service is separately identifiable from other promises in the contract.
A good or service that is not distinct should be combined with other promised goods or services until the entity identifies a bundle of goods or services that is distinct.
Howell said, “The second step is to determine what are the performance obligations. Again, those performance obligations may not be immediately obvious to the casual observer and the contract needs to be picked apart to determine if those performance obligations are such that you would recognize that or complete that at a point in time, or if you’re going to be performing those over a period of time. If it’s for a period of time, what period of time?”
Obviously with any type of revenue recognition standard, “there are judgments made about the performance obligations themselves, if they’re performed at a point, if there’s some period of time, what is that period of time? Those all need to be documented and you need to have a process to monitor the future contracts that are going to be entered into by the company or any modifications to the contract or to the performance obligations.”
These time points are critical as obligations that are performed can be satisfied revenue recognized over time or at a point in time. One commentator has stated, “Performance obligations are satisfied over time if one of the following criteria is met: (1) The customer simultaneously receives and consumes the benefit as the entity performs; (2) The performance creates or enhances an asset that the customer controls; (3) The asset created has no alternative use to the entity and the entity has an enforceable right to payment for performance completed to date.” Somewhat surprisingly and not consistent with prior revenue recognition rules, the possibility of the contract with the customer being terminated should not be considered relevant.
For a contract that has FCPA implications and scrutiny, this new element may well cause consternation. Typically, when a party performs, payment is due. However, under this element there can be partial performance, a rolling performance or something altogether different. Some third-party representatives may have contracts that read more like customer agreements contemplated under Topic 606, for example commissioned sales agents and distributors are two which come to mind. If there is now more flexibility on payment, will it allow nefarious actors to manipulate both data and financials to hide the creation of pots of money to pay bribes? Chief Compliance Officers and compliance practitioners need to consider these issues in the context of compliance internal controls going forward.
V. Determining the Transaction Price
FASB states that Step 3, determine the transaction price, is the amount of consideration to which an entity expects to be entitled in exchange for transferring promised goods or services to a customer, excluding amounts collected on behalf of third parties. To determine the transaction price, an entity should consider the effects of:
-
Variable consideration - If the amount of consideration in a contract is variable, you must determine the amount to include in the transaction price by estimating either the expected value or the most likely amount, depending on which method the entity expects to better predict the amount of consideration to which the entity will be entitled.
-
Constraining estimates of variable consideration - An entity should include in the transaction price some, or all, of an estimate of variable consideration only to the extent it is probable that a significant reversal in the amount of cumulative revenue recognized will not occur when the uncertainty associated is subsequently resolved.
-
The existence of a significant financing component - An entity should adjust the promised amount of consideration for the effects of the time value of money if the timing of the payments agreed upon by the parties to the contract provides the customer or the entity with a significant benefit of financing for the transfer of goods or services to the customer. In assessing whether a financing component exists and is significant to a contract, an entity should consider various factors. However, an entity need not assess whether a contract has a significant financing component if the entity expects at contract inception that the period between payment by the customer and the transfer of the promised goods or services to the customer will be one year or less.
-
Noncash consideration - If a customer promises consideration in a form other than cash, an entity should measure the noncash consideration at fair market value. If an entity cannot reasonably estimate the fair market value of the noncash consideration, it should measure the consideration indirectly by reference to the standalone selling price of the goods or services promised in exchange for the consideration. If the noncash consideration is variable, an entity should consider the guidance on constraining estimates of variable consideration.
-
Consideration payable to the customer - If an entity pays, or expects to pay, consideration to a customer in the form of cash or items, such as a credit, a coupon, or a voucher, that the customer can apply against amounts owed to the entity, the entity should account for the payment as a reduction of the transaction price or as a payment for a distinct good or service, or both. If the consideration payable to a customer is a variable amount and accounted for as a reduction in the transaction price, an entity should consider the guidance on constraining estimates of variable consideration.
Howell said one of the keys is to determine if there is some period “where you create some sort of discount in the future to determine the transaction price?” from there you move to the next question, “Is the transaction price fixed and determinable or is there some variable component?” He went to explain that if there are volume purchase discounts that you will provide in the future “and they’re related to the activity you’re undertaking today, what is the potential impact on the revenue over that period of time?”
For a contract that has Foreign Corrupt Practices Act implications and scrutiny, this new element speaks directly to a wide variety of corruption risk. Typically, only attorneys are concerned with such arcane topics as ‘consideration’. However now a judgment call must be made regarding the consideration that can be expected to be achieved. This would seem to provide a clear area for possible manipulation unless there are sufficient controls in place. While this might not seem like a compliance control, such detect and prevent controls could alert relevant employees, both in finance and compliance, if excessive evaluation or variance was assigned to a large contract with a state-owned enterprise or foreign government.
Finally, this is where the documentation required under a best practices compliance program is so critical. Not only is it evidence to present to a regulator of compliance but it also will form an internal database that a company (or its auditors) can measure against for reasonableness of such variations going forward. Chief Compliance Officers and compliance practitioners need to consider these issues in the context of compliance internal controls going forward.
VI. Allocation and Revenue Recognition
FASB states Step 4: Allocate the Transaction Price to the Performance Obligations in the Contract with the following:
If a contract has more than one performance obligation, an entity should allocate the transaction price to each performance obligation in an amount that depicts the amount of consideration to which the entity expects to be entitled in exchange for satisfying each performance obligation.
To allocate an appropriate amount of consideration to each performance obligation, an entity must determine the standalone selling price at contract inception of the distinct goods or services underlying each performance obligation and would typically allocate the transaction price on a relative standalone selling price basis. If a standalone selling price is not observable, an entity must estimate it. Sometimes, the transaction price includes a discount or variable consideration that relates entirely to one of the performance obligations in a contract. The requirements specify when an entity should allocate the discount or variable consideration to one (or some) performance obligation(s) rather than to all performance obligations in the contract.
An entity should allocate to the performance obligations in the contract any subsequent changes in the transaction price on the same basis as at contract inception. Amounts allocated to a satisfied performance obligation should be recognized as revenue, or as a reduction of revenue, in the period in which the transaction price changes.
FASB states Step 5: Recognize Revenue When (or as) the Entity Satisfies a Performance Obligation with the following:
An entity should recognize revenue when (or as) it satisfies a performance obligation by transferring a promised good or service to a customer. A good or service is transferred when (or as) the customer obtains control of that good or service.
For each performance obligation, an entity should determine whether the entity satisfies the performance obligation over time by transferring control of a good or service over time. If an entity does not satisfy a performance obligation over time, the performance obligation is satisfied at a point in time.
Step four requires a company to allocate the transaction price to the performance obligations and five then follows to recognize the revenue after a business has satisfied it the performance obligation. According to Howell, this “means you have to figure out what is the ability to judge if what’s going to be returned. If you’re just starting out and they have a right to return, and then you have no transaction history, then it’s really hard to build the case that it’s not impossible but it’s harder to build a case that you can recognize some part of that revenue.”
As you might guess at this point the key is to document evidence of the performance obligations to support your conclusions. This means Document, Document, and Document are still the three most important things. But here Howell noted that this requirement does not fall solely on the shoulders of the accounting function of an organization. He stated that a company must “build processes with their sales organization, their sales op organization, their marketing organization, their legal department to figure out what is the evidence. Now, this requires that the accountants have conversations with your sales team early on to figure this out but also as we talked about the capturing the judgments related to the cost to acquire the contracts, that they work closely with the sales organization on these commissions.” This is another way of saying “operationalize the process.”
These final two elements demonstrate the convergence between the new revenue recognition standard and overlap of the compliance profession, compliance programs and compliance practitioners going forward. Compliance internal controls are in place to both detect and prevent. Now they can also be used to gather the information which will be presented to auditors under the new revenue recognition standard. Many professionals are focused on the new revenue recognition from the auditing and implementation perspective.
Part VII. Shaking Up the Software Industry?
One of the industries which may greatly feel the impact of the new revenue recognition standards is the software industry. Kelly noted, the new revenue recognition rule will ultimately allow some portion of the software sector to recognize more of their long-term contract revenue immediately. He believes they initially may think something along the lines of “Hey that's sounds good right. We can hit our quarterly numbers. However, that then brings about bigger strategic questions.” So, the reality may be somewhat different as a software company might need to think about this might well drive much more volatile revenue patterns over a multi-year period.
Kelly provided an example of the volatility from one of the companies he has studied, Microsoft. He stated that “when Microsoft adopted the revenue recognition standard earlier this summer, it actually pushed its revenues up because all those liabilities that would have been deferred revenue on the balance sheet recognized them all at once. Microsoft's total revenue for 2017 went from $8.9bn to $26.5bn.” All that just because of a change in revenue recognition.
He then gave a more tangible example of a specific contract, where a company entered into a contract for five years, paying $500,000 and receiving 1000 seat licenses and four years of updates. Under the prior revenue recognition standards, the software company recognized a $100,000 in that first year when they signed the deal and then they had $400,000 of deferred revenue, which they recognized in chunks of $100,000 per year. Now a software company under the same scenario could recognized the entire $500,000 in the first year. While this may look great, it has serious implications. First and foremost, it will impact the software company’s balance sheet for the final four years of the five-year contract. It will seem most bare, with no deferred revenue. Kelly concluded “that's the sort of thing that the software companies sector is going to go through a bit of a blender in early 2018 as people start to realize what all this means.”
Another obvious area of change will be in commission payments for sales persons and third parties. Previously they may have been paid when the revenue was recognized over the life of a contract. Now it may be all up front in the first year. This could cause a commission payment to be made in Year 1 of a 5-year contract. This would present the same cash flow issue for a sales person. Now consider this in a FCPA context. The five-year split of a commission payment has acted as an internal compliance control to keep such payments low enough so as not to create a fund for bribery. Now that type of internal control may not be available to the Chief Compliance Officer.
In a white paper for CalcBench, Kelly and Pranav Ghai found several themes emerging for software companies under the new revenue recognition standard.
First, software companies expect the new standard to accelerate revenue recognition for some long-term software contracts, where previously the revenue would have been recognized in increments across the life of the contract. This is because the new standard eliminates the need for “vendor-specific objective evidence” (VSOE). With the VSOE requirement gone, the new standard will allow firms to recognize more of the revenue from a long-term contract immediately.
Second, numerous firms said the new standard will change how they account for sales commissions, which qualify as costs of obtaining contracts. Under the new standard, sales commissions can be capitalized over the term of a contract, rather than expensed immediately.
That means deferred commissions will increase as an asset on the balance sheet, and the amortization costs will be expensed over the term of the contract.
Finally, the data does raise questions about how well-prepared some software firms are for the new standard. While numerous firms say they plan to implement the standard by Jan. 1, 2018— but still report that they are uncertain about its possible effect, or even what adoption method they will use.
Perhaps one of the most unintended consequences will be for software companies looking for some sort of a merger, exit or those looking for an investment round from private equity or venture capital. The difficulty for PE or VC will be to determine what a software company’s value might be over a period of time. This may end up being one of the most critical questions facing software companies and those who invest in them.
Part VIII. Auditors, the PCAOB and Disclosures?
Kelly identified three areas where he sees immediate auditor impact. The first is that the audit firms’ regulator, the PCAOB has clearly communicated to auditors they must pay attention to this new revenue recognition standard. One of the clear themes throughout this podcast series has been the increased amount of judgment which will come into these calculations going forward. This means companies will need to have more complete documentation which can then be reviewed and tested by their auditors. Add to this PCAOB auditing standards and there may well be a time for some sorting out of what will be required going forward.
Secondly, with this new emphasis on judgment, auditors will have a renewed emphasis on fraud detection. There may be some incentives for sales executives to manipulate the numbers a bit or to close the deal more quickly to hit a bonus. Such pressure could transgress into fraud and as Kelly noted “auditors will be looking more closely at fraud risk because there could well be circumstances where sales commissions could be higher because of the new revenue standard; that would let some firms recognize more of a transaction more quickly.” Finally, Kelly also noted the International Controls for Financial Reporting will have renewed focus from auditing firms.
Kelly pointed to the straightforward issue of whether a contract exists and then posed some of the questions auditors may be asking going forward: How do we know the organization’s contracts are complete and accurate? How does a company demonstrate its contract management system has not be tampered with after execution? What are the controls around these programs you might use to manage your financial transactions? Are we capturing all of the contracts that our employees are generating and that employees are not generating some contracts, have not informed management or that the company’s contract management system has not captured them? Finally, is there contract system security to insure there is no manipulation after the contract is signed?
Another key area for auditing will be whether the pattern and practice of doing business is the same as the contract performance terms and conditions. One immediate area is payment terms. Most contracts specify 30 days net payment terms. However often this date may slip 30, 60 days or even longer. Now take this same concept into the FCPA realm around vague deliverables in third party agent’s agreement and you begin to see some additional issues. If the performance deliverable terms are so vague as to render them meaningless, how will that be handled under this new revenue recognition standard.
My observation is there is a continuum, working backward from the PCAOB, to auditors and audits to the disclosures companies may have to make. Under GAAP, a disclosure may only need to be made if it is material. Yet in the FCPA world there is no materiality standard. At what point does the lack of materiality of a contract outside the United States make your books and records not correct leading to a potential exposure under a law unrelated to traditional revenue recognition; IE., the FCPA? Kelly concluded by noting that companies need to be (or have been in) discussions with their audit firm for to plan these things out as “these sorts of complexities are not to be dismissed because we don't know when they might boil up and suddenly grab you in the rear end. And when that happens it will happen at the least convenient time and cause the most pain.” (ouch!)
Part IX. What does it all mean?
As you might expect from the Compliance Evangelist, I see most issues through the lens of compliance practitioner. A key reason this is so important in the compliance area is because the internal controls over financial reporting involved in implementing this new standard are critical to effective implementation. The SEC has said explicitly in several public statements, and through their early comment letters on disclosures made in advance of implementation, that companies must inform the SEC about the accounting policies that they are changing, and how this new standard will affect a company’s accounting processes, and finally how those effects are going to be managed. This makes it clear to me that this is a really a compliance issue.
Moreover, the SEC has indicated that these disclosures are central to the new revenue recognition standard. This is because if a company has some sort of failure in their disclosures for an accounting standard, they are treated under section Sarbanes-Oxley (SOX) Section 302 of the SEC rules, and that has a level of significance or liability, which is much lower than the liability that a company might face under SOX Section 404, which has to do with the actual internal controls over financial reporting. While disclosure of internal controls might not typically bring Section 404 scrutiny, under the new revenue recognition standard, they may now do so. Kelly stated, the SEC has made it “clear that it will be watching this first year of financial statements under the new standard closely.”
There are several key issues which I believe will become critical for the compliance practitioner going forward. The first is under step 1, you must identify the written contract and who your counter-party is. While the answer to the inquiry of Who is the customer? may seem straight-forward in the compliance arena, it may not be so clear. A third-party sales agent contract or even a distributor agreement may have elements which might fall under the new revenue recognition standard and hence require a different analysis and internal controls standard. Further, as written contracts are specified in the Ten Hallmarks of an Effective Compliance Program as a key internal control, you can easily see how the lack of such a written agreement can fall into the realm of compliance. Even FCPA enforcement actions are relevant here as one of the well-known bribe-funding tactics is to provide a discount to a customer but not credit the company’s books but instead take the actual discounted amount and give to a corrupt official as a bribe. With this first step of the new revenue recognition standard apparently recognizing that the lack of a contract is not an impediment to eventually recognizing revenue, compliance practitioners may well need to more thoroughly review contracts with governmental entities or state-owned enterprises.
The 2nd element may well cause the compliance professional consternation. Usually, when a party performs, payment is due. However, under this element there can be partial performance, a rolling performance or something altogether different. Some third-party representatives may have contracts that read more like customer agreements contemplated under Topic 606, for example commissioned sales agents and distributors are two which come to mind. If there is now more flexibility on payment, will it allow nefarious actors to manipulate both data and financials to hide the creation of pots of money to pay bribes? CCOs and compliance practitioners need to consider these issues in the context of compliance internal controls going forward.
Step 3 speaks directly to a wide variety of corruption risk. Typically, only attorneys are concerned with such arcane topics as ‘consideration’. However now a judgment call must be made regarding the consideration that can be expected to be achieved. This would seem to provide a clear area for possible manipulation unless there are sufficient internal controls in place. While this might not seem like a compliance internal control, such detect and prevent controls could alert relevant employees, both in finance and compliance, if excessive evaluation or variance was assigned to a large contract with a state-owned enterprise or foreign government.
This is where the documentation required under a best practices compliance program is so critical. Not only is it evidence to present to a regulator of compliance, but it also will form an internal database that a company (or its auditors) can measure against for reasonableness of such variations going forward. CCOs and compliance practitioners need to consider these issues in the context of compliance internal controls going forward.
Step 4 presaged the theme of the Department of Justice’s (DOJ’s) Evaluation of Corporate Compliance Programs and new FCPA Corporate Enforcement Policy of operationalization of compliance and firmly demonstrates the convergence between the new revenue recognition standard and compliance overlap going forward. Compliance internal controls are in place to both detect and prevent. Now they can also be used to gather the information which will be presented to auditors under the new revenue recognition standard. Many professionals are focused on the new revenue recognition from the auditing and implementation perspective.
Step 5th is to recognize the revenue as appropriate. Yet this seems to me to emphasize the over-arching requirement of this new revenue recognition standard: Document, Document, and Document. The key is to document evidence of the performance obligations to support your conclusions. Yet, as Joe Howell made clear throughout this series, this requirement does not fall solely on the shoulders of accounting. He stated that a company must “build processes with their sales organization, their sales op organization, their marketing organization, their legal department to figure out what is the evidence. This requires that the accountants have conversations with your sales team early on to figure this out but also as we talked about the capturing the judgments related to the cost to acquire the contracts, that they work closely with the sales organization on these commissions.” This is another way of saying “operationalize the process.”
This new revenue recognition standards intertwines two concepts. This first is the convergence and overlap between the compliance profession, compliance programs and compliance practitioners with internal controls. While largely seen as financial in nature, compliance internal controls are in place to both detect and prevent. Now compliance internal controls can also be used to gather the information which will be presented to auditors under the new revenue recognition standard. Many professionals are focused on the new revenue recognition from the auditing and implementation perspective. However, if you are a CCO, you might want to go down the hall and have a cup of coffee with your Chief Financial Officer (CFO) and find out what internal controls might be changing or that they might be adding and consider how that will impact compliance in your organization.
The second concept is the continued operationalization of compliance. During my tenure in compliance, you rarely heard a CCO consider revenue recognition as a compliance related issue. By going into detail, we have shown how this new revenue recognition standard can change the manner in which a company might recognize revenue, leading to a greater risk of the obfuscation of payments for bribery by corrupt employees. This means as a CCO you must not only be aware of the risk to manage it, but you also must take active steps to mitigate against it.
This new revenue recognition standard means a lot of work for probably the next 12 months, or at least through the end of this year. It is difficult to say how many companies will go through all of this to find that actually their numbers will not change to any material amount. However, for many companies, they may not be able to quantify it, but their internal mechanisms are going to get a lot more scrutiny. There will be pressure on the internal financial controls and processes to determine how a business is justifying what is being audited and reported to investors.
Kelly concluded by adding that, at the end of the day, “revenue recognition is a financial process. It is a financial issue. This standard really gets to how are you justifying the process of putting forth these numbers. It is about documenting your judgment. It is about making sure the processes you use are full and complete and sound. Who is the one who makes sure that people understand what the process is the process is well thought out and correct and sturdy.”
