Every few years, a game-changing event materializes that generates a significant impact on the internal audit profession. Take, for example, the U.S. Sarbanes-Oxley Act of 2002 and similar legislation around the world enacted more than a decade ago. Usually, we immediately recognize the importance of such an event, the risks it creates for our organization, and how it will impact our internal audit functions.
When Sarbanes-Oxley became the "Next Big Thing" in internal auditing, almost all of us anticipated the call for immediate action. We sharpened our pencils, headed off for training, and renewed our focus on assessing the effectiveness of financial controls.
Because we promptly took action, we were well-prepared to provide assurance about our organizations' readiness to members of management and the board. We also stepped to the plate when COSO 2013 was released. But Sarbanes-Oxley and COSO 2013 both focused on internal controls; and internal auditors are control experts. When the Next Big Thing in internal auditing is not specifically about internal controls, will we be ready?
Well, heads up! The Next Big Thing is here for many companies and their internal audit functions.
Recently announced changes to rules regarding revenue recognition — "Revenue from Contracts with Customers" — may, at first glance, seem to be little more than an issue for accounting. Indeed, the new standards aren't specifically about internal controls. But if you don't think this is important for internal auditors, think again. And it's something that offers extraordinary opportunities for us to give senior management and our boards much-needed assurance.
The new standards are not simply a fine-tuning of some old rules. They replace more than 200 pronouncements from both the U.S. Financial Accounting Standards Board and the International Accounting Standards Board, and they will cause sweeping changes in accounting practices in a number of industries.
Revenue-recognition issues rank among the most common causes of restatements of financial statements. So, where do internal auditors come in? One of the primary purposes of internal auditing is to offer independent, objective assurance. Our senior management teams and governing bodies are going to need such assurance that the new rules are being implemented appropriately. So, if you haven't included adequate coverage of revenue recognition in your audit plans, you are not serving your organization well and, worse, you could be putting it at risk.
To be sure, internal auditors know that control breakdowns often occur when changes are made. Given the extent of the revisions in revenue-recognition practices, it's inevitable there will be some major bumps in the road. Your senior management team and board need to know your organization will not be one making headlines for the wrong reasons. Companies in software development, telecommunications, real estate, and asset management will likely see a major overhaul of accounting methods and systems, but all audit executives should become fluent with the new requirements.
If you are not yet up to speed on the new rules, you might want to start by reading summaries of the new standards by PricewaterhouseCoopers and Crowe Horwath. You also will find insight in industry publications including Compliance Week and Accountancy Age, as well as Financial Times and CFO Journal.
The new rules don't take effect immediately, but like Sarbanes-Oxley and COSO, it will take time to lay the proper groundwork for this Next Big Thing. Odds are, the subject of revenue recognition will come up in the executive offices at your organization. Will you be leading or following that conversation?
I'd like to hear from you on how to prepare for the Next Big Thing, whether it's revenue recognition or another milestone issue.