Posts

It’s been observed that detailed tagging can create up to 10 times more tagging concepts than block tagging. Does it mean 10 times the work? It depends. There’s no doubt that detailed tagging creates more complexity, but the workload doesn’t have to grow exponentially.

Why? You can’t simplify XBRL itself, but you can simplify your disclosures. Not all data are created equal—different data points do not necessarily deliver the same value to users and investors. Streamlining your 10-Q and 10-K filings will not only make life easier for you downstream, it can also translate to real value and transparency for your company.

Before you roll your tags forward for the next quarter, whether for block or for detailed tagging, repeat the mantra, “simplify, simplify, simplify,” and consider these tips for boosting your XBRL data efficiency:

Apply your SEC S-X rules for required line items. Determine which line items must be broken out for each financial statement and condense the others, if possible. Check for all comparative periods and your 10-K to ensure consistency.

Maintain the accounting concept in its pure form. Use the narrowest tag definition to map your accounting concept and consider reclassifying immaterial items into a general or miscellaneous category. This will enable “flow-through” elements (facts that appear in multiple places) to tie-out between your core financials and footnotes throughout your XBRL files.

Restructure footnotes and mirror them in accordance with the taxonomy hierarchy. This will avoid the use of unnecessary extensions on footnotes (for example, you might be able to consolidate the different types of stockholders’ equity into one footnote).

Centralize your significant accounting policy under one footnote. Identify all your significant accounting policies embedded in other footnotes and consider reorganizing them into one central footnote to facilitate review and tagging completeness.

Convert numbers within narratives to tables. A picture (or table) is worth a thousand words. This will enhance presentation, tagging completeness and efficiencies.

Last but not least: whatever you do, always get buy-in from your auditors, disclosure/audit committee and investor relations team—you want to reset expectations to avoid surprising them.

There is no cookie-cutter approach to redesigning your SEC filings—it’s more of an art than a science. Remember, it’s quality, not quantity, that counts.

However you look at it, when it comes to XBRL, less is indeed more.

 

In my work with smaller companies I’m seeing that there’s still much more they can do to strengthen their control environment, create efficiencies and reduce compliance costs in their SOX 404 program by taking a top-down risk-based approach—focusing more effort in higher-risk areas and relying on preventive and monitoring controls in lower-risk areas.

While the Dodd-Frank Act of 2010 eliminated the requirement of an external audit of financial reporting controls for nonaccelerated and small-company filers (companies with a public float of less than $75 million), they still need to document, test and certify valid internal controls. And they have to comply with the same complex accounting requirements (revenue recognition, equity accounting, inventory and asset valuation, etc.) that big companies do, but often they have limited technical accounting resources.

If you’re in this category (and even if you’re not), you should take a fresh look each year to identify the processes and controls that pose the greatest risks for errors in your financial statements. When you know where your greatest risks lie, you should spend the most time and resources evaluating the design and operating effectiveness of controls in those areas, and spend less time on those you’ve identifed as lower risk.

Similarly, small companies don’t always have a second set of eyes to review the accounting for highly complex transactions, so it might make sense to consider having an outside expert assist in their review—you can bring in accounting expertise only when you need it and reduce your risk of error.

Because management has greater visibility of activity across the organization in smaller companies, you have the opportunity to identify and leverage entity-level (monitoring) controls that mitigate financial statement risks for lower-risk processes. As an example, you could rely on monitoring controls such as account reconciliations rather than multiple transactional controls. Relying on monitoring controls that are performed on a weekly, monthly or quarterly basis will require less testing than transactional-level controls, saving time and money.

Taking a risk-based approach to SOX 404 gives companies a real opportunity to focus on what matters most and improve ongoing processes. As a bonus, you can save time and money, too.

We tend to assume the worst when we hear the words “material weakness,” and for public companies required to comply with the Sarbanes-Oxley Act, it’s certainly not good news. But in terms of Zynga’s hiccup last week, in which the social media company restated revenues during its IPO filing process, it’s not as bad as it might seem. What did Zynga do, and why it was right in the end? We can draw a lesson from this tale.

First, full disclaimer: RoseRyan has had the honor of working with Zynga on discrete projects, and we respect the work of our colleagues there. We weren’t involved in the work leading up to their IPO (but would have loved that).

Zynga’s situation: they are not alone
Last week, Zynga filed an amendment to its S-1 registration statement, which included restating revenue for the quarter ended March 2011. Here’s why they had to restate:

A portion of Zynga’s revenue is derived from the sale of virtual goods. In accordance with today’s accounting literature, the up-front customer payments for these virtual goods are to be recognized as revenue over the estimated customer relationship period, and the company recognizes this revenue over the average playing period of paying players.

So far so good, right? Not quite. Unfortunately, Zynga did not update its estimates for playing periods associated with two of its games. The result: too little revenue was recognized, and for the March 2011 quarter, the difference was material enough to require that they restate their financial results.

Zynga is not alone in the challenges it faces in pre-IPO finance and accounting work. With innovative business models popping up every day and a continually changing accounting landscape, many companies find themselves in similar situations. The difference is that most of them resolve issues like these before their initial S-1. For Zynga, identifying the issue in the middle of its SEC filing process put them under a huge public microscope.

Material weakness: yes or no?
Zynga’s amended S-1 filing disclosed the restatement snafu as a “material weakness” in its internal control structure in the context of its risk factors. In other words, they highlighted the issue as an example of one way in which the accuracy of their financial statements could be at risk. As with most companies, this risk factor is just one of a laundry list of risk disclosures provided to investors.

Technically speaking, Zynga is not yet required to comply with the reporting requirements relating to internal controls. And once they go public, they’ll have until their second annual report to tackle this reporting requirement. In the meantime, however, they are still required to maintain effective internal controls to ensure accuracy in their financial statements.

Having said all that, I believe calling out their material weakness was the right thing to do. Putting their cards on the table shows that Zynga takes this mistake seriously, and transparent financial disclosure certainly builds credibility and trust with investors and analysts.

Moral of the story
If you’re planning an IPO, start early and give yourself enough time to sweep under the bed and take care of those dust bunnies before you’re under the microscope. Investing in preparation will pay dividends … we promise.

At RoseRyan we live and breathe these issues every day. We know most companies aren’t there—and I mean the vast majority. But we keep talking about it, pushing our clients in this direction and helping with their housecleaning.

And we give kudos to companies like Zynga that provide transparency to the issues they face.

To learn more about what we advise for pre-IPO companies, check out our recent intelligence reports, IPO in Your Future? and Ace Your IPO Filing.

When I talk with finance executives about implementing XBRL, nearly everyone asks, “What will auditors be looking for? Do they care about XBRL?” The answer is no, they don’t. But they do care about your controls, and that relates directly to how you design and document your due diligence in XBRL creation process. Ultimately, as XBRL gets built into your close process, the more it may start to fall into the SOX environment.

While XBRL exhibits are not subject to SOX 404 internal controls over financial reporting, they are nevertheless subject to disclosure controls and procedures (DC&P). This means that management is responsible for the implementation of controls over the XBRL creation process as well as documentation that the DC&P are performed and reviewed. How can companies provide evidence to their auditors that management, including the CEO and CFO, have evaluated the effectiveness of the design and operation of DC&P?

To design proper DC&P controls, you first need to ask, “How do you know your XBRL files are complete, accurate, consistently mapped and comply with the mandated XBRL structure?” A best practice is to develop an XBRL technical and compliance checklist to document every aspect of your XBRL creation process, from taxonomy mapping and appropriate extensions to common error reviews, technical and SEC validations, structure compliance issues. You may also want to involve your disclosure or audit committee in the review and consideration of your DC&P process and get them on board with your XBRL strategy.

As XBRL technology becomes more embedded into your overall financial reporting process and integrated into the creation and preparation of your financial statements, XBRL controls may start to fall within the scope of SOX 404. As this happens, you should reevaluate your XBRL controls under SOX 404 framework.

I’ve been working in corporate governance, SOX compliance, for almost four years now and the most difficult task for any company has been the development of the SOX narrative.

The narrative is the framework for understanding how your controls fit into the business process.  Depending on your preference, this may take the form of a flowchart or a Word document. In companies new to SOX compliance, there is an eagerness to detail every step that they take in a process. They want to tell you everything that they do; but that isn’t the point of a narrative—that’s a desk procedure.

In my opinion, the narrative is the starting point for understanding your controls, whether they are key or nonkey. Key controls are the gatekeepers, the ones that keep your process in check and on track. For example: within your financial statement close process, a journal entry is supported by documentation and then reviewed and approved. The review and approval, which is by someone other than the preparer, is the key control. The approver is the one who verifies that the JE is properly supported, is a valid entry, is in compliance with company policy, and that the JE is affecting the appropriate accounts.

By documenting how your process works from a high level, the controls, or absence of controls, will stand out for you. You can determine which controls are the gatekeepers and what evidence there is that the control is in place.

Writing the narrative takes time and effort, and may often feel like a tooth extraction. But when it’s done correctly, it will save you time and money because you will be testing a smaller set of controls.

The new rev rec guidelines have made for some labor-intensive process changes in some of the client companies that we work for.

It took me back in time to the initiation of Sarbanes-Oxley (SOX) compliance and how it made stress levels skyrocket. Fears of the additional headcount that would be needed just to get the job done, what would happen if they didn’t comply, how they would disclose deficiencies and what affect that would have on the company, confusion about how to write a narrative or test plan and what’s a key vs. nonkey control.

Now, years later, working in the corporate governance line of business, I see an entirely different story. SOX has become so much a part of the fabric of the process within a company, that when a company is considering a process change, we actually hear “How will that affect the SOX testing?”

I think we would all agree that fear of the unknown is always greater than the fear of the known. As we work to make SOX controls part of our everyday life and the process becomes repeatable, the fear evaporates. The controls identified in the narrative have become part of the day-to-day process, employees are educated on controls and many companies have found that outsourcing SOX testing to companies like RoseRyan has been the right decision for their business.

This same approach will work for implementing the new rev rec guidance. Getting outside expert advice or implementation help, using some of the software tools that already exist (rather than re-creating the wheel) and looking for the simplest approach in implementation (not to mention taking a deep breath on a frequent basis), will all make the changes easier. And before you know it, you’ll be through the worst of it and it will feel like it was always a part of your process.

This just reaffirms how adaptable we all are. And isn’t it wonderful how time changes everything?