Statement of Cash Flows

Common Pitfalls of this Middle Child

Ahh — the Statement of Cash Flows, the bane of every staff accountant. This article will describe some of the pitfalls of preparing the Statement of Cash Flows. But first, a bit of history.

When I first entered public accounting as a staff accountant during the Accounting Principles Board (APB) era, the Statement of Cash Flows was not a required financial statement. Instead, a Statement of Changes in Financial Position was required under GAAP. This legacy statement focused primarily on changes in working capital rather than cash flows. To the best of my memory, it was a reasonably easy financial statement to prepare. However, during the 1970s and early 1980s, there was growing dissatisfaction with this statement due to the diversity of practice and lack of focus on cash flows.

Accordingly, in 1987, the Financial Accounting Standards Board (successor to the APB) issued Statement of Financial Accounting Standard (SFAS) No. 95 (codified in ASC 230), which replaced the relatively easy-to-prepare (but less useful) Statement of Changes in Financial Position with the more difficult-to-prepare but more useful, Statement of Cash Flows. The Statement of Cash Flows focuses more directly on a company’s cash flows and provides more consistent and pertinent information to the end users.

Navigating the Treacherous Waters of ASC 230

As any seasoned CPA or construction industry CFO knows, preparing a Statement of Cash Flows can feel like trying to build a skyscraper on quicksand. When you think you’ve figured it out, a tricky transaction throws your carefully constructed statement into disarray. Let’s dive into the murky depths of ASC 230 and explore some of the most common pitfalls and challenging aspects of this deceptively complex financial statement.

The Classification Puzzle

The most frequent error in preparing the Statement of Cash Flows is misclassifying cash flows among the three categories of cash flow activities: operating, investing, and financing. Here are some clues for solving this puzzle:

  • Operating activities: Think income statement and changes in current assets and current liabilities
  • Investing activities: Always related to assets, and it is usually associated with long-term assets
  • Financing activities: Always related to liabilities and equity and typically involves changes in long-term liabilities

However, these are only guidelines and do have exceptions. For example, changes in a current bank line of credit are categorized as financing activities.

One of the trickier areas is insurance claims. Cash receipts from insurance claims are generally classified based on the nature of the loss. For example, for an inventory loss, the cash proceeds received on the claim are classified as an operating cash flow. For a loss related to PPE, the insurance proceeds are classified as an investing activity.

Another area to watch is customer notes receivable. They are classified as an operating cash flow instead of an investing activity.

The Non-Cash Transaction Pitfall

Another stumbling block is the treatment of non-cash transactions. It’s easy to fall into the trap of including these in the cash flow statement as if cash changed hands. For example, when you finance the acquisition of a new excavator through a note payable, it’s too easy to present the total purchase price in investing activities and the new note balance in financing activities. However, no cash flowed, except for the possibility of the payment of a deposit on the equipment and other upfront capitalized costs. Otherwise, this transaction shouldn’t appear in the main body of the cash flow statement.

Instead, non-cash transactions should be disclosed separately, either in a narrative at the bottom of the statement or in a separate footnote. It’s essential information but doesn’t belong in the body of the cash flows statement because no cash changed hands.

Getting Snagged in the Improper Netting of Cash Flows

CPAs often mistakenly report the net amount of certain cash receipts and payments. FASB ASC 230-10-45-7 to 230-10-45-9 provides guidance on when it is appropriate to report cash flows on a net basis instead of a gross basis in the statement of cash flows. Generally, reporting on a gross basis is more relevant because it provides greater detail on cash receipts and payments. However, there are circumstances where net reporting is acceptable and sufficient.

  • Quick Turnover: Items with fast turnover rates, large amounts, and short maturities can be netted (e.g., certain investments, loans receivable, and debt)
  • Short-term Maturities: Assets or liabilities with original maturities of three months or less can be reported net. This includes specific items like investments (excluding cash equivalents), loans receivable, and debt.

For purposes of the quick turnover criteria described above, netting may be appropriate regardless of the balance sheet classification as current or long-term.

Here are some examples where the netting of cash receipts and payments is appropriate:

  • Investments: Purchasing and selling a short-term treasury bill with less than three months maturity from the date of acquisition can be netted.
  • Loans Receivable: Issuing and collecting short-term loans due within three months can be netted.
  • Debt: Issuing and repaying short-term debt, such as a loan to a related party, with original maturities of three months or less can be netted. Remember that amounts due on demand are considered (by definition) to have maturities of three months or less. Those with original maturities over three months will present borrowings and payments at the gross amounts in the financing section.

    However, revolving lines of credit may be somewhat more dubious. In practice, some companies that borrow and quickly repay large amounts on their bank line of credit with original maturities greater than three months present the cash flow activity at the net amount in the financing section of the statement. This approach’s rationale is that short-term borrowings with quick turnover are akin to cash management activities rather than long-term financing arrangements. Therefore, reporting them on a net basis clarifies the company’s cash flow dynamics. While this practice is not strictly in line with GAAP, it has become accepted for certain revolving credit facilities. However, companies should carefully consider the materiality and usefulness of information when deciding between gross and net presentation for revolvers.

Misreporting Interest and Taxes Paid

The amount of interest and income taxes paid is often overlooked or improperly reported when using the indirect method. Remember, we’re talking about cash paid, so accrual balances must be adjusted to the cash basis for proper reporting.

Improper Handling of Restricted Cash

ASU 2016-18 requires that total cash and cash equivalents include restricted cash. Failing to do so is a common mistake that can distort a company’s cash position.

Conslusion

Preparing an accurate Statement of Cash Flows under ASC 230 requires attention to detail and a thorough understanding of the guidance. By being aware of these common pitfalls described above, CPAs can improve the quality and reliability of this important financial statement.

Accounting For Investments In Equity Securities

Heads Up -Choose Very Carefully

Under U.S. GAAP, there are three methods of accounting for a company’s investment in equity securities:

  • Fair value method
  • Equity method
  • Consolidation

The method of accounting depends on the level of control or influence the acquiring company has over the investee’s operating and financial policies AND whether the securities acquired have readily determinable fair values. However, remember that the method used is not elective or optional but is a matter of GAAP.

We will discuss consolidations, but this article will focus on the fair value and equity methods.

When the Method is Appropriate

Fair Value Method. The fair value method (FVM) is utilized when the acquiring company does not control or have significant influence over the acquired company AND the acquired company’s securities have readily determinable fair values. For example, you generally will use the FVM when the company invests in the equity of a publicly traded company.

  • If the securities do not have readily determinable fair values but would otherwise be accounted for under the FVM, the alternative method to fair value is appropriate (described below.)

Equity Method. The equity method is utilized when the acquiring company exercises significant influence over the investee but does not control the entity.

Consolidation. Consolidation is utilized when the parent company controls the subsidiary. Consolidated financial statements must be prepared.

Fair Value Method

FVM is appropriate when the investor does not control or cannot exercise significant influence over the investee company, and the securities have a readily determinable fair value.

An investor with an ownership of 20% or less is presumed unable to exert significant influence. But 20% is not a bright line. Based on facts and circumstances, an investor with ownership of 20% or less may be able to exert significant influence. In that case, the FVM is not appropriate.

The FVM applies to investments in equity securities (ASC Topic 321) and investments in joint ventures (ASC Topic 323.)

Under the FVM:

  • The original investment is recorded at the acquisition cost plus the cost of any direct transaction fees.
  • Receipt of investment income, such as dividends, is recorded as income and, therefore, does not impact the investment’s carrying amount.
  • The investee’s income and expenses do not affect the carrying amount of the investing company’s investment in the investee.
  • However, the investment should be marked to market at the end of each reporting period with the offset to the income statement’s unrealized gain or unrealized loss accounts.

Alternative to Fair Value Method

When the investing company does not have control or significant influence over the investee, AND the securities don’t have a readily determinable fair value, an “alternative to the fair value method” may be used.

The investing company may elect to record those securities at cost, less impairment.

The election to measure securities using this alternative method is made for each investment separately. Therefore, it is not a “summary of significant accounting policy” disclosure.

HEADS UP: The traditional cost method was replaced under ASU 2016-01 with the FVM. However, the “alternative to the fair value method” can be elected if the investment does not have a readily determinable fair value. It is similar to the traditional cost method. In practice, the “alternative to the fair value method” is often called the cost method.

Equity Method

It is appropriate to use the equity method when the investor exercises significant influence over the operating and financial policies of the investee.

  • Significant influence is presumed when the investor owns 20% to 50% of the investee’s common stock or other securities that grant voting rights.
  • However, 20% to 50% is not a bright-line rule. The presumption of significant influence can be overcome by contrary evidence, such as:
    • The investing company cannot obtain the necessary financial information from the investee company to apply the equity method.
    • The investing company and the investee have an agreement in which the investing company surrenders essential rights as a stockholder.
    • A small group of stockholders collectively own and operate the investee without regard to the investor’s views.
    • The investor cannot obtain representation on the investee’s board.
  • As described above, if the investor cannot obtain sufficient information from the investee to apply the equity method, then the investor does not have sufficient influence. Therefore, the equity method cannot be used. The FVM must be applied instead (or the alternative to the FVM discussed above.)
  • On the flip side, an investor with less than 20% ownership may be able to exert significant influence. That investor should use the equity method instead of the fair value method to account for that particular investment.

Under the Equity Method:

  • The original investment is recorded at the acquisition cost. Any direct transaction fees are added to the investment cost.
    • The total acquisition cost may or may not equal the fair value of the underlying assets and liabilities acquired.
    • HEADS UP: If the acquisition cost is greater than the carrying amounts of the net assets acquired, then the acquisition cost should be allocated to the assets and liabilities of the investee based on their fair values.
    • HEADS UP: The excess of the acquisition cost over the total fair value of the net assets acquired is called equity method goodwill. This equity method goodwill is not reported separately as goodwill on the acquiring company’s balance sheet.
      • Equity method goodwill is not reviewed for impairment.
      • However, the investment accounted for under the equity method is reviewed for impairment.
      • HEADS UP: If a private company has elected the accounting alternative for goodwill, its equity method goodwill must be amortized.
  • The acquiring company will adjust the investment account for its share of the investee’s net income or net loss and present it on the statement of income as a single line item.
  • Any dividends paid by the investee reduce the investment account.
  • Net losses of the acquired company may reduce the investment account to zero. Equity method accounting should be discontinued at that point.
  • HEADS UP: The purchase price allocated to depreciable assets is depreciated in accordance with the investee’s depreciation policies. Note that this is the investee’s depreciation policy, not the depreciation policies of the investing company. The entry will reduce the investment account.
  • HEADS UP: If the investee disposes of an asset to which specific excess amounts have been allocated, the unamortized excess is removed from the investment account and adjusted to income via the equity in the net income of the investee account.
  • HEADS UP: Under the equity method, unrealized intercompany profits are eliminated, much like done with consolidated financial statements, except, under the equity method:
    • When the investee initiates the transaction, only the actual ownership percentage of the intercompany gains and losses are eliminated.
    • However, when the investor initiates the transaction, the entire intercompany gain or loss is eliminated through equity.
  • HEADS UP: If the investor cannot obtain information from the investee company to determine such things as the investee’s depreciation method, etc., then this is an indication that the investor company does not have sufficient influence that is required to use the equity method. As discussed above, the FVM or the alternative to the FVM must be used instead.
  • HEADS UP: A variation of the equity method is available for investment in a construction joint venture in which the investor construction company can exercise significant influence but does not own more than 50%. The method is called proportional consolidation. Its use is limited to specific types of construction joint ventures. See our April 18, 2022, blog for a discussion.

Consolidation

It is a presumption that consolidated financial statements are more meaningful than separate financial statements. However, remember that the equity method is not a substitute for consolidated financial statements, and there are notable differences between the two methods.

For example, unlike the equity method, consolidated financial statements record the original investment at the acquisition cost but do not include direct transaction fees, such as finder’s and accounting fees. They are expensed as incurred.

  • If there is a noncontrolling interest, regardless of ownership interest percentage, the total amounts of the subsidiary’s assets and liabilities are presented on the parent’s financial statements.
  • The noncontrolling interest is reported as one line on the consolidated financial statements (one line on the balance sheet as a component of consolidated stockholders’ equity and one line on the statement of income, generally presented as a deduction in arriving at net income attributed to the controlling interest.)

Contingencies

Maybe Yes, Maybe No, It Ain’t Necessarily So

If you wish to dive into an accounting topic akin to scrambled eggs, then accounting contingencies is a fine choice. It’s scattered, can be a bit messy, and cumbersome to bring it all together.

Underlying Uncertainty

In the Master Glossary of the FASB Codification, contingency is defined as “An existing condition, situation, or set of circumstances involving uncertainty as to possible gain (gain contingency) or loss (loss contingency) to an entity that will ultimately be resolved when one or more future events occur or fail to occur.”

As can be seen, to be accounted for as a contingency under FAS Topic 450, there must be an underlying uncertainty that existed at or before the balance sheet date, which will ultimately be resolved in the future, either by occurring or not occurring.

However, not all uncertainties give rise to a contingency, as defined in FAS Topic 450. It expressly excludes the following uncertainties from consideration under FAS Topic 450:

  • Depreciation. Estimates used to allocate the cost of a depreciable asset over the life of the asset are not a FAS Topic 450 type contingency.
  • Estimates used in accruals. Amounts owed for services received, even if the amounts must be estimated, are not a FAS Topic 450 type contingency.
  • Changes in tax law. Uncertainties related to the possibility of a future change in tax law are not a FAS Topic 450 type contingency.
  • Other similar uncertainties. FAS 450-10-55 clarifies that other variations similar to the above are also excluded from FAS Topic 450 consideration.

Loss Contingencies

The guidance on contingencies is situated in the Liability section of the Codification, thus providing a clue that the FASB places greater emphasis on loss contingencies over its fraternal twin of gain contingencies. And, obviously, perhaps, the accounting treatment for a loss contingency is different than that of a gain, with the conservative principle coming front and center.

Definition of Loss Contingency

The Master Glossary defines a loss contingency as “An existing condition, situation, or set of circumstances involving uncertainty as to possible loss to an entity that will ultimately be resolved when one or more future events occur or fail to occur. The term loss is used for convenience to include many charges against income that are commonly referred to as expenses and others that are commonly referred to as losses.”

The loss could result in the impairment of an asset or the incurrence of a liability.

Examples

  • Litigation exposure
  • Guarantees of indebtedness of others
  • Obligations related to product warranties and product defects
  • Sales and use tax audits
  • Fire losses
  • Environmental Remediation

What is Excluded from Contingency Losses under ASC Topic 450?

In general, areas discussed by other sections of the Codification are excluded from contingency loss considerations under ASC Topic 450, such as:

  • Measurement of credit losses for instruments within its scope, such as accounts receivable (Topic 326) (Credit losses are discussed at the end of this article.)
  • Stock issued to employees (ASC Topic 718)
  • Employment-related costs, including deferred compensation contracts (ASC Topics 710, 712, 715)
  • Uncertainty in income taxes (ASC Section 740-10-25)
  • Accounting and reporting by insurance entities (ASC Topic 944)

How is the Likelihood of Loss Measured

ASC 450-20-25-1 states that “(w)hen a loss contingency exists, the likelihood that the future event or events will confirm the loss or impairment of an asset or the incurrence of a liability can range from probable to remote.”…

“The Contingencies Topic uses the terms probable, reasonably possible, and remote to identify three areas within that range.”

  • Probable is defined as the future event or events are likely to occur. (Think in terms of 75% or greater chance of happening.)
  • Remote is defined as the chance of the future event or events occurring is slight (think in terms of 10% or less chance of occurring.)
  • Reasonably possible is defined as the chance of the future event or events occurring is more than remote but less than likely. In other words, it ranges in that broad area between probable and remote.

What are the Two Considerations for Contingency Loss Recognition

If the underlying loss event happened on or prior to the balance sheet date, ASC 450-20-25 requires two criteria for recognition of a loss contingency:

  1. It must be probable that the loss will occur.
  2. The amount of the loss must be reasonably estimable using a fair-value objective, which would be the most probable amount at which the contingent liability would be settled.
    • Notice that this fair value objective measurement differs from the one in ASC Topic 820, defined as the exit price in a hypothetical orderly transaction between market participants.
    • The amount of the loss should be estimated and evaluated independent of any claim for recovery.
    • The contingent liability is generally not discounted. But there are exceptions. See ASC 835-30-15-2.

If both of the above criteria are met, and the reasonably estimable loss is a range, the standard requires accrual of the amount that appears to be the better estimate within the range, or accrual of the minimum amount in the range if no amount within the range is a better estimate than any other amount.

In rare cases where the probable loss cannot be reasonably estimated, no loss accrual is made. Of course, disclosure is required describing the contingency and the fact that the company could not reasonably estimate the loss amount.

When is There No Accrual of Loss, but Disclosure Is Required

As described above, if an underlying loss event happened on or prior to the balance sheet date, a loss contingency is recognized in the balance sheet when two criteria are met: 1) It is probable that a loss will occur, and 2) the amount of the loss is reasonably estimable.

But when is disclosure only required?

If an underlying loss event happened on or before the balance sheet date, but it is only reasonably possible that the loss will occur (i.e., it does not rise to the probable threshold but is more than remote), then the loss is not accrued, but disclosure is required.

The company should disclose the nature of the contingency and provide an estimate of the possible loss or the range of loss or disclose that such an estimate cannot be made.

When is No Recognition of Loss and No Disclosure Required

As described in ASC 450-20, loss recognition and disclosure are not required when a loss is remote, defined as a slight chance of occurrence. A slight chance of a loss occurrence is generally considered to be 10% or less.

Disclosure is still permissible and may sometimes be necessary, depending on the situation. Whether to disclose a potential loss whose occurrence is considered remote is based on the fairness principle; i.e., is it information that a reasonable user of the financial statements would find meaningful?

What About Unasserted Claims

An unasserted claim is one not asserted by the potential claimant. Perhaps the potential claimant is unaware of the matter. Or, maybe the potential claimant is aware of the matter but has not pursued it.

That raises the question of whether a claim or lawsuit will be filed. If it is determined that it is probable a claim or suit will be filed, then the unasserted claim contingency is evaluated the same way as any other contingency under ASC Topic 450.

On the other hand, if it is determined that the likelihood of a suit or claim being asserted is only reasonably possible or remote, then the evaluation under ASC Topic 450 is not necessary for those unasserted claims.

Gain Contingencies

The Master Glossary defines a gain contingency as “(a)n existing condition, situation, or set of circumstances involving uncertainty as to possible gain to an entity that will ultimately be resolved when one or more future events occur or fail to occur.

Examples of gain contingencies include:

  • Legal settlements where the company is the plaintiff and expects to win the case, resulting in a monetary award
  • Insurance claims if the company has suffered a loss and expects to receive insurance proceeds exceeding the carrying amount of the damaged assets.

The polar star principle for gain contingencies is found at ASC 450-30-25-1. “A contingency that might result in a gain usually should not be reflected in the financial statements because to do so might be to recognize revenue before its realization.”

ASC 450-30-50-1 further provides that “(a)dequate disclosure shall be made of a contingency that might result in a gain, but care shall be exercised to avoid misleading implications as to the likelihood of realization.

The accounting principle of conservatism is heard loud and clear when it comes to recognizing a gain related to the resolution of future events. Gain contingencies should not be recognized on the balance sheet before their realization. This realization principle also encompasses a recovery related to a loss contingency, such as an insurance recovery, which is considered a contingency gain.

So, when is realization? It’s when the company has resolved all uncertainties and contingencies related to the receipt of cash. In short, gain contingencies are not recognized on the balance sheet until all contingencies are resolved. It’s rare to see a gain contingency on a company’s balance sheet.

The possible exception to the realization principle stated in the paragraph immediately above relates to the recovery of a contingent loss recognized on the balance sheet. Recovery (such as insurance proceeds) of a contingent loss may be recognized, but only to the extent of the contingent loss, if the recovery’s realization is considered probable and the amount of recovery can be reasonably estimated. However, amounts recovered in excess of the related recognized contingency loss can only be recognized as a gain contingency when all contingencies related to the contingency are resolved. (In other words, the excess gain contingency is usually unrecognized.)

Accounts Receivables and Current Expected Credit Losses

Before ASU No. 2016-13 – Financial Instruments – Credit Losses (codified in ASC Topic 326), the collectability of accounts receivables was evaluated under the ASC 450 contingency model. Accordingly, an allowance for doubtful accounts was not recognized unless it was probable that a loss would be incurred (i.e., a 75% or better chance the receivable would not be collected.)

However, that approach changed on the effective date of ASU No. 2016-13 (beginning with 2023, calendar year-ends.) The Incurred Loss model, which used the probable loss recognition method, was replaced with the CECL (current expected credit loss) model, which uses the expected loss recognition method.

Under the CECL model, losses expected to be incurred will result in loss recognition, even if the loss is remote (remember that remote is as low as 10% or less.) So, the standard has dropped from a probable loss threshold for loss recognition to a remote loss threshold for recognition of the loss. Therefore, a loss must be recognized even if the risk for loss is as low as 10%.

Here is an illustration. Suppose there is a 95% chance that accounts receivable of $1,000,000 will be entirely collected and a 5% chance that none will be collected. A CECL allowance for credit losses of $50,000 should be recognized.

Under the old and now retired incurred loss model previously used to determine the bad debt loss, no loss would have been recognized because it was not probable that a loss would be incurred (75% or greater chance of loss.)

Just a heads-up here. Under the CECL expected loss approach, credit losses will be recognized sooner, and a zero allowance for credit losses is questionable.

SAS 145 Audit Risk Assessment

All Together Now

Now that our firm has been through a few months of audit risk assessment under SAS 145, we felt it beneficial to identify key takeaways to keep in mind as we go forward. To give a frame of reference for our outline below, our clientele is concentrated in the construction industry, and we use Checkpoint Engage for our risk analysis. Hopefully, this outline will help bring the various pieces of the risk assessment process together.

  1. Risk of material misstatements (RMM). Remember that we, as auditors, are searching for areas of the financial statements that may be materially misstated.
    • We tailor the audit program to address the identified risks, especially those we identified as significant risks.
      • Checkpoint Engage is the tool we use to tailor the audit program.
    • Not all risks are created equal. To be a RMM, there must be:
      • A reasonable possibility of a misstatement occurring and
      • If a misstatement were to occur, there must be a reasonable possibility it would be material.
      • Reasonable possibility means there is more than a remote chance (a very low threshold.)
      • Remember the formula: RMM = Occurrence + Magnitude

    The two types of risk are:

    • At the financial statement level,
    • At the assertion level

  2. Risks at the financial statement level. Risks of a material misstatement at the financial statement level are pervasive to the financial statements as a whole.
    • All audit engagements have the overall financial statement risk of management overriding controls. This risk and the audit response are automatically populated in Part I of the Risk Assessment Summary Form.
    • Some companies may have additional overall risks at the financial statement level, such as:
      • Going concern issues
      • Pressure to meet or exceed debt covenants and
      • Lack of qualified accounting personnel.
    • These risks and the audit responses should also be included in Part I of the Risk Assessment Summary Form.

  3. Risks at the assertion level. A risk of material misstatement at the assertion level is a risk that is not pervasive at the financial statement level. It’s a risk at the assertion level for a particular class of transactions (such as revenue), account balance (such as accounts payable), or disclosure (such as those provided for financial loan covenants.)
    • Every engagement is presumed to identify improper revenue recognition as a fraud and significant risk at the assertion level in Part II of the Risk Assessment Summary Form.
    • The peer review expectation is that almost all engagements will have at least one or more additional risks (in addition to improper revenue recognition) that are identified as significant risks (those on the upper end of the spectrum in inherent risk), which should be added to Part II of the Risk Assessment Summary Form.

  4. Inherent risk (IR). Inherent risk is assessed as LOW, MODERATE, HIGH, or NOT RELEVANT.
    • IR is the susceptibility of an assertion to a material misstatement, ignoring any controls the company has in place.
    • An assertion is NOT RELEVANT if the risk of a material misstatement is remote or there is no risk because, due to the nature of the assertion, it does not apply to the class of transactions, account balance, or disclosure. For example, due to the nature of cash, the valuation assertion is NOT RELEVANT.
    • Inherent risk factors include: Size, volume, and composition of items; Susceptibility to theft or fraud, management bias, and obsolescence; Complexity; Subjectivity; Uncertainty; Changes in business environment, operations, and personnel.
    • CON-CX-7.2 Inherent Risk Assessment Form is an excellent way to document your reasoning for IR assessment.

  5. Relevant assertion. A relevant assertion (for IR) has one or more identified risks of material misstatement (an identified RMM.)
    • Rarely are all assertions relevant to an account balance, class of transactions, or disclosures. Usually, one or more assertions are relevant (i.e., have an identified RMM), but not all.
      • The IR for assertions that do not have an identified RMM are assessed as NOT RELEVANT when:
        • The risk of misstatement is remote, or
        • The assertion is not applicable due to the nature of the audit area.

          NOTE: See # 12 below for a further description of LOW inherent risk as it relates to the spectrum of IR.

      • The assertions used by PPC are:
        • Existence or occurrence
        • Completeness
        • Rights or obligations
        • Accuracy, classification, or presentation
        • Valuation or allocation
        • Cutoff

  6. Identified risk (a.k.a. Identified RMM). If the inherent risk for an assertion is assessed as either MODERATE or HIGH, you must specifically identify the risk (“identified risk”) on Part II of the Risk Assessment Summary Form (or elsewhere in the risk assessment workpapers.) If done elsewhere in the workpapers, you must link it to the Risk Assessment Summary Form. This specific identification of the risk is required under the new standard.
    • Scalability. SAS 145 requires auditors to document the identified risk for all relevant assertions. Under PPC methodology, an identified risk can be LOW, MODERATE, or HIGH RMMs. However, relying on the standard’s concept of scalability, we only need to clearly document the identified risks for MODERATE AND HIGH risks of material misstatements.

  7. Significant risk. A significant risk is an identified risk of material misstatement at the higher end of the spectrum of inherent risk. It’s a RMM on steroids.
    • What you are looking to dig out are the significant risks.
    • Significant risks are high-end risks (the upper end of the spectrum of inherent risk) whose related controls must be tested for design and implementation.

  8. Control risk. Remember that we assess all control risks at the assertion level as HIGH unless the IR assertion is NOT RELEVANT. In that case, the CR will also automatically be assessed as NOT RELEVANT.

  9. Combined risk. Since we assess all control risks as HIGH, then, per SAS 145, the combined risk MUST be assessed the same as the inherent risk. For example, if IR is LOW and CR is HIGH, the assessment for the combined risk must be LOW. In that case, by definition, it cannot be MODERATE.

  10. Significant audit area. A significant audit area has nothing to do with materiality, as it did under the prior standard. Under SAS 145, a significant audit area has one or more assertions with an identified risk of a material misstatement (a.k.a “relevant assertion” – see #5 above.)
    • Most audit areas will be marked as significant audit areas since the risk threshold is so low under the new standard. All it takes is one assertion with a low risk that is reasonably possible of materially misstating the financial statements. (See #11 directly below.)
    • You must apply substantive procedures for each relevant assertion of significant audit areas.
    • If the audit area is a significant audit area, you cannot only apply limited procedures. (Limited procedures are preliminary and final analytical, as well as other risk assessment procedures).
    • Stand back requirements. Auditors are required, at some point during the audit, to “stand back” and consider if their original assessment of what is regarded as a significant audit area is still appropriate – or should additional areas also be deemed significant. You indicate that you did this by signing off on the appropriate step (generally step 13b) of Checkpoint Engage program AP-10:General Planning Procedures.

  11. Risk of material misstatement. A risk of a material misstatement is a risk that has more than a remote chance (i.e., “reasonably possible” chance) of occurring and, if it does happen, has more than a remote chance of being material.

  12. Low inherent risk vs. Not relevant. An assertion with a LOW inherent RMM is deemed a relevant assertion because, under PPC’s methodology, LOW-risk designation is one in which the risk of a material misstatement of the financial statements is reasonably possible (more than remote) but does not rise to the level of MODERATE or HIGH on the spectrum of inherent risk.

    On the other hand, under PPC’s methodology, if the risk is remote or less, then inherent risk should be marked as NOT RELEVANT instead of LOW.

    • Marking an assertion with a remote risk as NOT RELEVANT is important because PPC will only permit you to perform limited procedures when all assertions are marked as NOT RELEVANT. You cannot perform limited procedures if one or more assertions are marked as LOW, MODERATE, or HIGH inherent risk of material misstatement.

  13. High inherent risk. An assertion assessed as a HIGH inherent risk of material misstatement may or may not be a significant risk of material misstatement.
    • If the risk is on the upper end of the spectrum of inherent risk, it is considered a significant risk of material misstatement, subject to design and implementation testing.
    • PPC only provides three risk categories: LOW, MODERATE, and HIGH. So, an inherent risk can be assessed as a HIGH risk but not be on the upper end of the spectrum of IR and, therefore, not be considered a significant risk under the standard.
    • If you have inherent risks assessed as HIGH but not identified as significant risks, it would be prudent to note in the comment section of the Risk Assessment Summary Form that IR is on the lower end of the high section of the spectrum of IR and, therefore, the risk is HIGH, but is not considered high enough on the spectrum of IR to be a significant risk.

  14. IMPORTANT! Identified controls (previously key controls). Identified controls must be tested for design and implementation. Identified controls are controls that address the following three high-end risk categories:
    • Significant risks. As stated in 3b, 7b, & 13a above, significant risks are inherent risks on the upper end of the spectrum of inherent risks. Therefore, controls over significant risks are identified controls subject to design and implementation testing.
    • Journal entries and adjustments. Controls over journal entries are identified controls and must be tested for design and implementation.
    • Risks from the use of IT. General IT controls that address a significant risk of material misstatement arising from the use of IT are also a type of identified controls subject to design and implementation testing.
      • For all identified controls, AU-C 315.28–.29 requires the auditor to identify related IT applications and other aspects of the IT environment subject to risks related to the use of IT, as well as general IT controls that address such risks.
      • This identification may affect the testing of the design and implementation of the required identified control(s). It may have broader implications on the audit strategy, including the design of further audit procedures. For instance, if information-processing controls depend on general IT controls, and the auditor determines that general IT controls are expected to be ineffective, the related risks arising from the use of IT may need to be addressed through the design of substantive procedures.
      • For example, the company’s use of Excel to calculate POC revenue presents a risk from the use of IT. General IT controls, such as the following, may be subject to design and implementation:
        • Access control – Limit who can change formulas, cell protection, etc.
        • Passwords
        • Data backup and recovery
        • Physical security
        • Segregation of duties
        • IT Governance
        • Vulnerability management
        • Security awareness training
      • Another example may relate to the significant risk of cost shifting by a project manager. In this example, the risk from the use of IT relates to the job cost module and who uses and has IT rights to the module. The possible general IT controls subject to design and implementation testing are:
        • Access control
        • Passwords
        • User authentication
        • Segregation of duties
        • Security awareness training
      • Complete Checkpoint Engage form CON-CX-4.2.2: Internal Control Documentation—IT Environment and General IT Controls.
      • e. Consider using Part 1 of Checkpoint Engage form CX-4.2.3:Internal Control Documentation –Evaluation of the Design and Implementation of Identified Controls to document the identified controls subject to design and implementation testing.
        • Parts II & III can also be used to describe the design and implementation, but narratives and walkthroughs are probably the better and more efficient way to do each of those procedures.

  15. COSO internal control components. SAS 145 requires us to gain an understanding of the five components of the company’s system of internal controls
    • “Gain an understanding” means becoming knowledgeably aware of the company’s policies and procedures for each of the five internal control components.
    • The five COSO internal control components are:
      • Control environment (tone at the top)
      • Risk assessment (i.e., the assessment performed by the company.)
      • Monitoring
      • Information and communication
      • Activity level controls and information processing
    • However, as described above in #14, certain activity level controls and information processing require more than a mere understanding.
      • For identified controls, the auditor is required to:
        • Evaluate the design of the control,
        • And to determine whether the control has been implemented.
      • IMPORTANT. If identified controls are not properly designed, or controls have not been implemented, or both, then the auditor MUST consider the need to expand substantive testing for the assertions affected.

Update on March Blog regarding TN HB 1893 and SB 2103

Significant Refund Opportunity Created

It’s a done deal! Tennessee has changed its franchise tax by removing the property measure. The bills making this change authorize refunds to certain taxpayers. Namely, those taxpayers who paid franchise tax based on the value of real or tangible property owned or rented in the state for all applicable open years (2020-2023).

Effective for tax years ending on or after January 1, 2024, the legislation removes the property measure from the Tennessee franchise tax base. Additionally, taxpayers who paid franchise tax on the greater property measure can recalculate the tax using the apportioned net worth and file refund claims for the difference in tax paid. To the extent a taxpayer utilized credits on the return, the credits will be reinstated but won’t be paid as a refund. The franchise tax subject to refund must have been reported on a Tennessee return filed on or after January 1, 2021, covering a tax period that ended on or after March 31, 2020.

Effective for tax years ending on or after January 1, 2024, the legislation removes the property measure from the Tennessee franchise tax base.

We are proactively starting the refund process for all our affected clients. Refund claims must be filed between May 15 and November 30, 2024. The process involves first amending the returns for all four affected years, then submitting one Claim for Refund of Franchise Tax Paid on the Department’s special Property Measure form. This can all be accomplished electronically in TNTAP. By filing the refund claim, the taxpayer is affirmatively waiving any claim by the taxpayer or the right to file suit alleging that the franchise tax under prior law was unconstitutional by failing the internal consistency test.

Interest will be computed beginning 90 days after Tennessee receives the refund claim and proper proof to verify the refund.

As stated in the March Blog, this will significantly impact you, our clients, and our workload in getting those refunds back for you. Please do not hesitate to contact us with any questions you may have.

SAS 145 Audit Risk Assessment

Information Technology

This blog is about a particular topic of SAS 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, which largely stays hidden in plain sight. That topic is audit risk assessment related to information technology (“IT”). Risks related to IT are often (intentionally) overlooked. It’s problematic because some auditors don’t exactly feel IT-empowered, myself included. And even though IT requirements have been there for some time now, we find that SAS 145 has given it particular emphasis, perhaps to draw our attention to its importance. It will be no surprise if IT risk assessment is a target for peer review engagements in 2024 and several years after.

SAS 145 requires auditors to consider IT controls that address risks of material misstatement at the assertion level. The standard breaks this down to 1) the risk of use of IT and 2) the general IT controls that address those risks.

In the codification of auditing standards, AU-C Glossary – Glossary of Terms defines the two related aspects of IT risk assessment as follows:

  • Risks arising from the use of IT. Susceptibility of information-processing controls to ineffective design or operation, or risks to the integrity of information in the entity’s information system, due to ineffective design or operation of controls in the entity’s IT processes.
  • General IT controls. Controls over the entity’s IT processes that support the continued proper operation of the IT environment, including the continued effective functioning of information-processing controls and the integrity of information in the entity’s information system.

Risks arising from the use of IT

Some IT systems inherently have more risk than other systems. Canned software for which the company cannot access the source code is inherently less risky than larger, more complex, internally developed systems subject to source code modifications.

Interfacing applications inherently have more risk of material misstatement than packages that integrate the various applications.

A partial list of risks arising from the use of IT are:

  • Miscalculations: Coding errors could cause miscalculations of the financial data.
  • Unauthorized Access: Weak controls related to data entry or bugs in the system could compromise the financial data.
  • Data Loss or Corruption: System crashes, cyberattacks, and other failures could lead to the loss of critical financial data.
  • Failure to Update Software: Old versions of accounting software could lead to a host of risks, such as security and compatibility issues
  • Limited Data Backup and Recovery. Again, this could lead to the loss of critical financial data.

Electronic Spreadsheet Risk of Use

A particular IT category inherently prone to greater risk of material misstatements is the use of electronic spreadsheets, such as Excel.

Here are two examples of risks arising from the use of IT as it relates to electronic spreadsheets:

  • Example 1: Material Misstatement of Construction Revenue. An Excel spreadsheet is a type of IT tool. Many contractors use it to calculate the percentage-of-completion revenue measurement of individual construction contracts. Such spreadsheets may contain numerous contracts rolled over from period to period. Contract information is often imported from the job activity ledgers, but some companies may manually input the data. The calculations are complex and data intensive.
  • Example 2: Material Misstatement of Accrued Loss on Uncompleted Contracts. Certain contractors also use Excel to pull takeoffs from specs and drawings. The takeoff information is summarized in Excel, and formulas and perhaps pivot tables are used to create a summarized bid for a prospective construction project.

The risks arising from the use of IT associated with Excel in the above two examples are extensive. It includes potential design and operation errors, such as incorrect cell formulas, cells not being protected whereby formulas can be accidentally or intentionally deleted, manual input errors, and human misunderstanding of Excel functionality.

For the first example, there is a significant risk of a material misstatement of construction revenue. The relevant assertions primarily affected by this significant risk of a material misstatement are accuracy and occurrence.

In the second example, there is a significant risk of material misstatement due to the potential failure to record the total amount of the accrued loss on the contract obtained (because, at inception, the bidding error was not discovered by management). The relevant assertions primarily affected by this significant risk of a material misstatement are accuracy and completeness.

General IT Controls

Here is a list of broad general IT controls (not all-inclusive) that auditors should be aware of:

  • Logical Access Controls: Ensure proper access rights and permissions are assigned to appropriate users based on their roles.
  • Change Management: Ensures that software, hardware, and configuration changes are approved and monitored.
  • Data Backup and Recovery: Regularly back up critical data and test the recovery process.
  • Network Security Management: Implement firewalls, intrusion detection systems, and secure network architecture.
  • User Authentication: Use robust authentication methods (e.g., multi-factor authentication) to verify user identities.
  • Physical Security: Safeguard physical access to servers, data centers, and other IT infrastructure.
  • Security Awareness Training: A formalized program to educate employees about security best practices.

Now, here’s the thing that you do not want to miss. General IT controls that address a significant risk of material misstatement arising from the use of IT are subject to design and implementation testing.

For the sake of bringing it all together, general IT controls that address the risk of the use of IT related to electronic spreadsheets (and are subject to design and implementation testing) are:

  • Logical access controls (restrictions as to who can use the worksheet)
  • Change management (controls over who can change the formulas and other functionality of the spreadsheets)
  • Data backup and recovery (always important to make sure these are in place)

Since the above general IT controls address significant risks of a material misstatement from the use of IT (i.e., electronic spreadsheets) to calculate construction revenue and the accrued losses on uncompleted contracts, the auditor should evaluate the design of those identified controls and determine if such controls have been implemented. This evaluation and determination are customarily done through narratives (perhaps internal control questionnaires) and walkthroughs.

Proposed Franchise Tax TN HB 1893 and SB 2103

Proposed Franchise Tax Would Generate Significant Refund Opportunities

Current Tennessee Franchise and Excise Tax law requires that entities (corporations, subchapter S corporations, limited liability companies, professional limited liability companies, registered limited liability partnerships, professional registered limited liability partnerships, limited partnerships, cooperatives, joint-stock associations, business trusts, regulated investment companies, REITs, state-chartered or national banks, and state-chartered or federally chartered savings and loan associations) pay a Franchise Tax equal to 25 cents of every $100 of the greater of the entities Total Net Worth or Total Real & Tangible Personal Property.

Example of an actual client:
  1. Total net worth Schedule F1, Line 5…………………………….-304,227
  2. Total real and tangible personal property, Sch. G……………5,456,297
  3. Franchise tax (25 cents per $100 on the greater)…………………13,641

In a nutshell, these bills, if passed into law, would change the present law and remove the alternative tangible/realty property base from the Tennessee franchise tax (basically Schedule G). Additionally, the bills would require the payment of refunds for open years for taxpayers who paid on the tangible property base. The bills provide that the refund amount would be limited to the difference in tax between what was paid on the tangible/real property base and what would have been paid using the apportioned net worth base. In this example, the entire amount.

Right now, “open” years would include 2020, meaning the taxpayer could potentially apply for five years’ worth of refunds. If these bills are passed this year, as expected, the taxpayer will have until December 31, 2024, to file for 2020 before it drops off of the statute of limitations.

The refund is subject to the following provisions:

(1) The refund must be claimed within three years from December 31 of the year in which the payment was made or within any period covered by an extension permitted by existing law;

(2) The claim for refund, including information necessary to determine the proper amount due, must be filed on a form prescribed by the commissioner exclusively for the purpose of seeking a refund pursuant to this bill and must not include a claim for refund on any other basis. A claim on any other basis must be filed separately under existing law. The commissioner is also authorized to refund, under this bill, a claim timely filed under existing law and filed before January 1, 2024, that alleges that the franchise tax in the franchise tax law of 1999 or any provision of the franchise tax law of 1999, is unconstitutional by failing the internal consistency test. The commissioner is not authorized to make a refund under this bill unless a claim is filed;

(3) As used in this bill, “tax actually paid” includes any credits applied on the return. Credits must be reinstated but not paid as a refund;

(4) This bill does not prevent the commissioner from auditing the refund claim, appropriately adjusting or denying the claim, or auditing the amount of tax otherwise due under the franchise tax law of 1999 within the applicable statute of limitations;

(5) A refund due under this bill must first be used to offset any outstanding tax liabilities and is subject to the report of debts requirements in existing law;

(6) A denial of a refund claimed under this bill is subject to the remedies provided in existing law regarding taxpayer remedies for disputed taxes.

(7) Interest at the rate established by determination of rate of interest under the Internal Revenue Code for a large corporate overpayment in the amount of the federal short-term rate plus five-tenths of a percentage point must be added to the amount refunded under this bill beginning 90 days from the date the commissioner receives the refund claim and proper proof to verify that the refund or credit is due and payable; and

(8) Attorneys’ fees must not be added to the amount of refund due.

This will significantly impact you, our clients, and our workload to get those refunds back for you. We will be keeping a watchful eye on how this develops.

The Secret 280A Deduction

Holding Business Meetings for Your Business at Your Personal Residence

In the ordinary course of business, some companies, due to their structure, are required by law to hold meetings for their entities. Others hold meetings for a variety of purposes, including educational workshops, Christmas parties, or even regular staff meetings.

Tax Code Section 280A contains provisions allowing a business owner to conduct regular meetings at his or her residence.

Traditionally, business meetings are held on office premises or rented spaces such as a Board Room at a Hotel or Conference Center. The expense of conducting these meetings in an outside venue can be significant, with the national average cost approaching $1,500 per day. This cost is based upon accommodating the Officers, Stockholders, Directors, Managers, Principals, Members, and Employees while providing two meals, break expenses, audio-visual and internet access support, etc. However, self-employed owners are specifically excluded.

In Nashville, costs range from $1,800 to $2,000 per day for comparable facilities.

These expenses are tax deductible for your business but are not considered taxable income on your personal return under Tax Code Section 280A.

Whether these meetings are a requirement by law for your practice or other purposes, these meetings can and should be conducted at your home.

However, your business entity must have principals, directors, or board members to qualify for the tax deduction. This means your business entity must be organized as something more than a sole proprietorship, such as an LLC, PLLC, S-Corporation, C-Corporation, or partnership.

There are certain requirements for conducting these business meetings. While each entity will have its specific Agenda items to cover and determining the meeting frequency will be a personal decision, certain topics should be covered annually, semi-annually, and· every time a meeting is held. There may also be a need to conduct Special Meetings to adopt resolutions, change practice direction, adopt a new program of significant impact, re-finance for strategic purposes, expend or commit a material practice resource, or make significant personnel or ownership adjustments.

Under Code Section 280, you can rent your home up to 14 days per year without having to recognize personal income. This could cover up to 12 monthly sessions plus a Semi-Annual and Annual meeting if you so desire. The scenario for the rental is as follows:

As a business owner, you would rent from you, the homeowner, the Fair Market Value of area meeting space for up to 14 days per year. The total you spend as the business owner is written off as rental expenses, while this same income to you as the homeowner is non-taxable rental income.
Taking the lower Nashville area figure of $1,800 per meeting, your business would spend $25,200 for 14 meetings. The estimated potential tax savings for your business to conduct these required meetings could be up to $9,324, with no tax due on the $25,200 paid to you for renting your home.

There are specific requirements for conducting these business meetings. If this is of interest to you, we would be happy to guide you through the process to make your meetings run smoothly, comply with all regulations, and maintain deductibility over the course of a year.

Remember, you must maintain the correct documentation.

SAS 145 Audit Risk Assessment

Just a Bit More

Well, let’s add a bit more about SAS 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement. And let’s do it in a question-and-answer format. This SAS is enormous – it’s over 250 pages long. Those in public accounting must understand its implications since understanding the entity, environment, and financial statement risks is the heart and soul of financial audits. An understanding of the risk of misstatements is what drives the remainder of the audit engagement. So, with that being said, let’s begin.

  1. Is SAS 145 principle-based, and is the methodology neutral?

    Yes. The standard is principle and does not prescribe a particular way to accomplish the objectives. Accordingly, much is open to the auditor’s experience and professional judgment.

  2. Are there some specific vital concepts that must be understood to wrap your head around SAS 145?

    Yes. Here are the ones that you must understand. Some are familiar concepts from the previous standard, and some are new.

    Assertions -These are representations made by the entity’s management (explicit or otherwise) about amounts and disclosures in their financial statements.

    Inherent Risk -SAS 145 states that inherent risk is the susceptibility of an assertion to a material misstatement. Inherent risk is determined before consideration of the entity’s control risk. The standard lists some inherent risk factors to be considered.

    Control Risk -The risk that a potential misstatement in an assertion won’t be timely prevented or detected and corrected by the internal control system.

    Relevant Assertion – An assertion with an identified risk of material misstatement (also known as a RMM).

    Risk of a Material Misstatement – A RMM exists when there is a reasonable possibility of a material misstatement occurring. A RMM combines a reasonable possibility of occurrence and a reasonable possibility that if a misstatement occurs, it will be material. Said another way, a RMM means it’s reasonably possible that a misstatement can happen, and if it does, it’s reasonably possible it will be material.

    Significant Class of Transactions, Account Balance, or Disclosure -It’s an audit area with at least one relevant assertion and, therefore, a significant audit area.

    Identified Risk – An identified risk is another name for a RMM – except the risk of a misstatement has been specifically identified. It’s a known RMM.

    Spectrum of Inherent Risk – The spectrum of inherent risk is the extent to which inherent risk varies – i.e., inherently from low to high risk.

    Significant Risk – A significant risk is an identified risk of material misstatement at the higher end of the spectrum of inherent risk. In other words, it is a RMM on steroids.

    Identified Controls – Identified controls are controls for which SAS 145 requires the auditor to evaluate the design and determine the implementation using procedures beyond inquiry.

  3. As a result of risk assessment, should every audit program be tailored to address the identified risks?

    Yes. The primary purpose of risk assessment is to design procedures to address the risk identified. An unmodified one-size-fits-all audit program is suspect. It gives the impression that little thought was given to the linkage of identified risks to procedures that address those risks. Accordingly, unmodified programs may be a peer review finding.

  4. Are all material accounts considered a RMM?

    No. A risk of material misstatement exists when:

    • There is a reasonable possibility of a misstatement occurring, and
    • There is a reasonable possibility it would be material if it did occur.

    In other words, RMM equals Occurrence + Magnitude. Therefore, an account can be material but not have a RMM when there is no reasonable possibility of a misstatement, or if there is a reasonable possibility of a misstatement, there is no reasonable possibility it would be material.

  5. What does reasonable possibility mean?

    Reasonable possibility means there is more than a remote chance of happening. It is based on inherent risk only, without regard to internal controls. Inherent risk is king.

  6. How does “reasonable possibility” align within GAAP’s risk progression?

    Reasonable possibility is a low threshold. It progresses as follows:

    Remote -> Reasonable possibility > More Likely Than Not > Probable > Reasonably certain.

    Therefore, the risk of a material misstatement is only slightly more than a remote risk. It’s a low threshold.

  7. So, inherent risk is king? What are some of the inherent risk factors to be considered?

    • Size, volume, and composition of items
    • Susceptibility of theft or fraud
    • Complexity
    • Subjectivity
    • Uncertainty
    • Changes in business environment, operations, and personnel.

  8. Why are relevant assertions important?

    Remember, a relevant assertion has a RMM attached to it. A significant audit area has at least one relevant assertion and, therefore, at least one risk of a material misstatement. Why is this important? Because substantive procedures must be applied to this area. Limited procedures are insufficient.

  9. Must you assess inherent risk and control risk for each account and each assertion?

    • No. However, you must assess inherent risk and control risk for each identified RMM at the assertion level.

  10. If, as a matter of policy, an auditor assesses all control risks at maximum risk under SAS 145, must the combined RMM have the same assessment as the inherent risk assessment?

    Yes. It’s the math. If control risk is assessed at 100%, and inherent risk is assessed at 50%, then the combined risk, mathematically, must equal 50%. (1.0 x .5 = .5 or 50%.)

  11. What is so significant about a significant risk?

    Remember, a significant risk is a risk on steroids. It is located at the upper end of the spectrum of inherent risk. Therefore, the auditor must:

    • Evaluate the design of the control (often done with narratives) and
    • Determine if the control has been implemented (often done by walk-throughs.)

Corporate Transparency Act

An Important Heads Up

  1. What is the Corporate Transparency Act?

    The Corporate Transparency Act authorizes the Financial Crimes Enforcement Network to collect certain identifying information about the beneficial owners and company applicants. The Act applies to domestic corporations, LLCs, and any entity created by the Secretary of State (or similar office) in any state or tribal jurisdiction, as well as foreign entities registered to do business in any state or tribal jurisdiction.

  2. Who Must Report?

    • All domestic corporations, LLCs, and other entities created by filing with a Secretary of State or similar office
    • All foreign corporations, LLCs, and other entities created under the laws of foreign countries and registered in any state or tribal jurisdiction to do business.

  3. Who is Exempt from Reporting?

    There are several entities exempt from reporting, including but not limited to:

    • Large Operating Company

      • A large operating company is an entity that:
        • Employs more than 20 full-time employees (30+ hours per week)
        • Conducts operations at a physical office within the United States
        • Filed a US federal income tax or information return for the previous year with more than $5,000,000 in gross receipts or sales, net of returns and allowances, excluding gross receipts or sales from sources outside the United States.
      • Tax-exempt entity (described in Sec. 501(c) and exempt from tax under Sec. 501(a) of the IRC)
      • Inactive entity (as defined)
      • Securities reporting issuer
      • Governmental authority
      • Bank
      • Credit union
      • Depository institution holding company
      • Money services business
      • Broker or dealer in securities
      • Securities exchange or clearing agency
      • Other Exchange Act registered entity
      • Investment company or investment adviser
      • Venture capital fund adviser
      • Insurance company
      • State-licensed insurance producer
      • Commodity Exchange Act registered entity
      • Accounting firm (if registered in accordance with Sec. 102 of the Sarbanes-Oxley Act of 2002)
      • Public utility
      • Financial market utility
      • Pooled investment vehicle
      • Entity assisting a tax-exempt entity
      • Subsidiary of certain exempt-from-reporting entities

  4. What Must be Reported?

    Beneficial owners must be reported. A beneficial owner is any individual who owns or controls at least 25% of the ownership interest or, directly or indirectly, exercises substantial control over the reporting company. The individual has substantial control if any of the following apply:

    • Serves as a senior officer of the reporting company
    • Has authority to appoint or remove any senior officer or majority of the directors
    • Directs, determines, or has substantial influence over important decisions, including:
      • Nature, scope, and attributes of the business
      • Reorganization, dissolution, or merger
      • Major expenditures or investments, issuance of equity, debt, operating budget
      • Selection or termination of business lines or ventures or geographic focus
      • Compensation and incentives for senior officers
      • Entry into or termination of significant contracts
      • Amendments to governance documents
    • Has any other form of substantial control over the reporting company

    Company applicants must be reported. Company applicants may be:

    • Individuals who directly file the document that creates the reporting company
    • Individuals who are primarily responsible for directing or controlling the filing of those documents.

  5. Where is the Information Reported?

    The information is reported on the Financial Crimes Enforcement Network and can be found at https://fincen.gov/boi. The website also provides a large amount of other helpful information.

  6. When is Reporting Required?

    • Companies created or registered with a Secretary of State or similar office before January 1, 2024, must report beneficial owner information between January 1, 2024 and December 31, 2024. Company applicant information is not required to be reported.
    • Companies created or registered with a Secretary of State or similar office on or after January 1, 2024, must report beneficial owner information and company applicant information within 90 days of creation or registration.
    • ALERT: In certain situations, reporting must be updated.

  7. Why Report?

    If the requirements are met, reporting is required. Failure to do so can result in substantial civil and criminal penalties.

    The Act’s intent is to help prevent illicit activity such as money laundering, financing of terrorism, tax evasion, fraud, and other illegal activity. It also promotes corporate transparency and accountability.


This blog does not cover all aspects of the Corporate Transparency Act. Please see the official documentation or consult a legal professional for more detailed information. It is highly recommended that companies seek legal advice for assistance and help in understanding and complying with these requirements.

Show Buttons
Hide Buttons