Auditor's Perspective: An Interview with Mike Schamberger, Assurance Partner at Grant Thornton LLP

Michael Schamberger is an Assurance Partner with Grant Thornton LLP and has primary expertise in serving early stage and middle market technology entities, both publicly-held and private, in the telecommunications, software, hardware, IT consulting services and bio-tech industries. He leads the Technology Industry Practice in Chicago and is one of four members of Grant Thornton’s National Technology Industry Practice Leadership Team.

RevenueRecognition.com recently caught up with Mike on his way to a client’s office to ask him for a few insights about things that go wrong and things that go right in the audit process.

Q: What is the homework a client must do before your auditors arrive?

A: Before the auditors arrive the client must first have strong internal controls in place to ensure that the financial statements are free of material misstatements. Secondly, as it relates to the audit itself, planning is a key element in a successful audit process. Before the beginning of the fieldwork, clients must make sure their auditors meet with management and the accounting staff to determine the timing of the audit work to be done. During the planning meeting the auditors will present to management a listing of schedules that are to be prepared by the client. These schedules must be completed before the audit begins and will include spreadsheets, source documents, board of directors meeting minutes, significant contracts – all documentation that essentially supports the financial statements. This is a fairly extensive list and generally takes a client many hours to complete.

Q: What are the top mistakes people tend to make in getting ready for an audit?

A: The top mistake clients make is that they have not closed their books and completed all of their account reconciliations prior to the audit start. As a result, the process becomes inefficient and generally takes longer to complete than originally estimated. And with the auditors there, the client may become rushed in closing their books and may not be rigorous in finishing reconciliations and determining final account balances. When this happens, there is a greater likelihood that material adjustments to the financial statements will be necessary.

A second mistake that clients make is not providing all the auditor-requested schedules at the very beginning of the audit. In my experience I have seen many cases where we start the audit fieldwork and the client has completed only a quarter of the requested schedules, with the goal of feeding us the remainder of the schedules as the audit progresses. We generally complete the auditing of the initial schedules and then wait for the client to complete the remaining schedules. Once again, this makes us less efficient and the audit generally takes longer. Companies need to remember that during busy season the auditors may be working 60 to 80 hours per week and will be auditing client-prepared schedules earlier in the audit process than most companies anticipate.

Q: Of the areas that auditors spend time on, which take the most time?

A: The two areas that take the most time in auditing technology companies are revenue and equity/debt. Revenue takes time to audit as a result of the various accounting pronouncements and interpretations that increase the risk of a material misstatement. Testing generally includes making a selection of contracts entered into during the year and testing the contracts for proper revenue recognition. Revenue testing includes reading the contracts, in detail, and obtaining other supporting documentation. We also find that equity/debt structures are typically more complex in technology companies as compared to other industries -- which increases the risk of errors. Technology companies tend to have multiple funding rounds, both equity and debt, that may include conversion features, options, warrants and puts/calls. The accounting in this area is extremely complex -- we call it hyper-complex accounting.

Q: Can you tell us a little about the process of auditing for revenue recognition?

A: The process begins with a review of the company’s revenue recognition policies and procedures to make sure they are in accordance with the applicable accounting pronouncements and interpretations. Once the auditors are comfortable that the policies and procedures are appropriate, detailed auditing goes down to the contract level. Generally the auditors will make a selection of what they consider material contracts -- that definition differs from firm to firm -- and then they read those contracts in addition to any addendums that were made during the year. The auditors test to make sure the revenue is being recognized properly and that the receivables and deferred revenue are being properly recognized in the financial statements. The auditors will also audit the rollout of the deferred revenue into revenue.

Additionally, auditors will make a selection of smaller contracts to test, even though they are not material, to ensure that revenue is being recognized properly in those as well.

Q: Has Sarbanes-Oxley made this process easier or more difficult?

A: With Sarbanes-Oxley it has become a little bit easier as companies now are drafting revenue recognition policies and procedures and white papers related to specific revenue recognition issues. These increased levels of documentation have helped ensure that revenue is being recognized properly. In addition, revenue recognition policies are being communicated to the sales force. What I see in best practices today is that the sales people understand revenue recognition and how even small changes in a contract may have a large impact on revenue recognition.

Q: Why do you think that is?

A: I think it is the result of Sarbanes-Oxley. Many public companies are making an effort to educate their sales forces.

Q: What issues are most likely to complicate an audit?

A: There is no specific issue, but audits are often complicated by surprises. For example, a company may enter into a particular agreement without fully understanding the accounting consequences. Unfortunately, it’s a fairly common occurrence wherein management is closing the books and suddenly discovers an issue -- or worse -- the auditors discover an issue that the client did not know existed. When this happens, upper levels of management, the audit manager, and the audit partner have to take more time to understand and resolve the situation. The issue may also have to be “run up the flagpole” for the technical people to review. This takes unexpected time and expense.

Q: Does the auditor have a role in helping clients with their process improvements?

A: Yes, we have a role in helping clients with their process improvements. If we encounter policies and procedures that need updating, or if we become aware of a best practice that could be of benefit to a client , then we’ll make those suggestions through letters to management or to the board of directors. That’s a normal part of the audit process.

Q: How’s the role of an auditor materially different with Sarbanes-Oxley?

A: The role of the auditor is materially different under Sarbanes-Oxley in that for clients that are accelerated filers, the auditors are required to express an opinion on management’s assessment and an opinion on the effectiveness of the client’s internal control over financial reporting. Prior to Sarbanes-Oxley this was not required.

Q: So long as you’ve raised the subject of Sarbanes-Oxley, we should finish with one question on that topic. Are most public companies today well along with Sarbanes-Oxley and comfortable with their progress?

A: The answer depends on the company. Accelerated filers who have been under SOX 404 requirements for several years are fairly comfortable. They understand the requirements; they have their controls in place and documented. Additionally, they have been able to delegate SOX 404 responsibilities down to the appropriate level of management and employees. Overall, accelerated filers are quite comfortable with what’s required of management, what’s required of the auditors and with the interaction between management and the auditors.

For non-accelerated public companies there is some hesitation and trepidation. They will be required to comply with Sarbanes-Oxley 404 for the first time in 2007, with their first audit coming up in 2008. There are a number of task forces that have been put together to provide guidance to non-accelerated filers. The SEC and PCAOB are looking into it, and the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”) recently issued an implementation guide for smaller businesses titled “Internal Control over Financial Reporting – Guidance for Smaller Public Companies.”

Q: Is there any indication that private companies may have to comply eventually?

A: Some private companies are already complying voluntarily with SOX 404, but there is no law that requires compliance. Currently it is viewed by private companies as a best practice.