top of page

Close the Books process

1

0

0


The Sarbanes-Oxley (SOX) Act was passed in 2002 in response to corporate scandals like Enron and WorldCom. One of its key provisions mandates that companies establish and maintain adequate internal controls over financial reporting (ICFR). The "close the book" process, or financial close process, is a critical aspect of financial reporting and is subject to scrutiny under SOX.

The close the book process involves several key components that are essential for accurate and timely financial reporting. These components typically include:


1. Pre-Close Activities:


  • Reviewing outstanding transactions: Ensuring that all transactions for the period are recorded and accounted for.

  • Accruals and adjustments: Making necessary adjustments for expenses, revenues, and other financial items that have not yet been recorded.

  • Reconciliation of accounts: Ensuring that balances in accounts reconcile with supporting documentation and subsidiary ledgers. 


2. Closing Entries:


  • Recording closing entries: Posting adjustments to the general ledger to close temporary accounts (e.g., revenue and expense accounts) and transfer their balances to permanent accounts (e.g., retained earnings).

  • Allocating expenses: Allocating shared expenses (e.g., overhead costs) to appropriate departments or cost centers.


3. Financial Reporting:


  • Preparation of financial statements: Generating financial statements such as the income statement, balance sheet, and cash flow statement based on the adjusted trial balance.

  • Variance analysis: Analyzing differences between current period financials and budgeted or prior period figures to identify trends, anomalies, or areas needing further investigation.

  • Management reporting: Compiling additional reports or analyses for management to aid in decision-making or performance evaluation.


4. Compliance and Review:


  • SOX compliance checks: Ensuring compliance with Sarbanes-Oxley Act requirements, including internal control testing and documentation.

  • Review by management: Reviewing financial statements and supporting schedules for accuracy and completeness before final approval.

  • External audit review: Providing auditors with necessary documentation and explanations to support financial statements and disclosures.


5. Post-Close Activities:


  • Archiving documentation: Retaining records and documentation related to the close process for future reference and audit purposes.

  • Analysis and insights: Conducting post-close analysis to identify areas for improvement in the close process or financial performance.

  • Communication: Communicating financial results to stakeholders, including management, investors, regulatory agencies, and other relevant parties.


These components collectively ensure that financial information is accurately recorded, reported, and communicated to stakeholders in accordance with regulatory requirements and organizational policies. Effective execution of the close the book process is essential for maintaining transparency, accountability, and trust in financial reporting.


Risks:


Here's the associated risks to the close the book process:


  1. Material Misstatement: Errors or omissions in financial statements that could mislead investors and other stakeholders.


  2. Fraud: Intentional misrepresentation of financial information for personal gain or to conceal financial problems.


  3. Compliance Violations: Failure to comply with regulatory requirements, including accounting standards and reporting deadlines.


  4. Data Integrity: Inaccurate or incomplete data used in financial reporting, leading to erroneous financial statements. 


  5. Process Inefficiencies: Inefficient close processes leading to delays in financial reporting and increased risk of errors.


Controls to Mitigate Risks:

Implementing the following controls helps organizations mitigate risks associated with the close the book process and ensures the integrity and reliability of financial reporting, thereby meeting SOX compliance requirements:


  1. Segregation of Duties: Assign different individuals to key tasks such as data preparation, review, and approval to prevent fraud and errors. As a general rule, the employees that can record journal entries and perform account reconciliations should be restricted from updating sensitive master files. This includes the Employee, Customer, Vendor, Pricing, Fixed Asset, Bill of Material and Inventory master files. Where necessary read-only access can be granted (normally in accordance with an IT Policy). Any exceptions should be documented; compensating controls must also be established. Journal entries, account reconciliations, credit memos and debit memos must be reviewed independently of the preparer. Entities are free to establish approval thresholds for credit and debit memos; however, the thresholds must be reasonable and in line with normal business practices. Banking activities such as deposits, withdrawals, checks, wire payments and bank transfers must be accompanied by two signatures. Please note that employees that can update the Vendor or Customer master files must be restricted from processing cash receipts, cash disbursements or any other forms of payment. The same holds true for employees that are responsible for reconciling bank accounts. Members of the Finance/Accounting team should be restricted from retaining administrative access to finance systems. Administrative access includes the ability to add user accounts or change technical system parameters. Normally, this access is controlled and monitored in accordance with an IT Policy.


  2. Reconciliation Procedures: Regular reconciliation of accounts to ensure accuracy and completeness of financial data.


  3. Automated Controls: Utilize automated systems for data validation, calculation, and reporting to improve accuracy and efficiency.


  4. Documentation and Review: Document close procedures and conduct regular reviews to ensure compliance with internal policies and regulatory requirements.


  5. Management Oversight: Oversight by senior management and the audit committee to monitor the close process and address any issues promptly.


  6. Training and Awareness: Provide training to employees involved in the close process to ensure they understand their roles and responsibilities.


  7. Continuous Improvement: Regularly evaluate and improve the close process based on feedback and changes in business operations or regulations.


Small Independent Applications


Small Independent Applications (SIAs) include spreadsheets or local databases that are maintained by the Finance Organization with little or no assistance from IT. By definition, SIAs include complex formulas that cannot be processed with a four-function calculator. Examples may include: Macros, V-Lookups, Pivot Tables and Present Value calculations. Generally, SIAs should be tested upon use or in conjunction with control execution. Common testing procedures include footing, cross-footing, formula reviews and data verification.


Simple Spreadsheets


Spreadsheets are often used to house, collate and sort data for the purposes of supporting a financial transaction. If a spreadsheet does not include a complex calculation, it should be classified as a Simple Spreadsheet and not as an SIA. However, all spreadsheets that support the financial reporting process must be verified for accuracy upon use or in conjunction with control execution. Refer to the following best practices provided for guidance on how to control spreadsheets.


  • Versioning should be used on all spreadsheet changes. Changes to a spreadsheet should include a unique identifier that can be used to differentiate between versions.


  • All changes to a spreadsheet should be reviewed and approved. This should be performed by someone other than the person who made the change. The review should verify functionality for the changes, as part of the review process.


  • Spreadsheets should reside on a server. The production copies of critical spreadsheets should never be stored on an employee’s computer in case of hard drive malfunction.


  • Spreadsheet files should be protected with some form of access control. Users without a business need to access a spreadsheet should be prevented from doing so. This can be done by password protecting the spreadsheet or by restricting access to the folder where it is stored.


  • Non-input fields should be password-protected. All fields that do not need to be edited by the user, but are necessary for the spreadsheet’s use should be password-protected to prevent unauthorized changes.


  • All columns and rows should be visible (not hidden). All data should be visible to reduce the risk that pertinent data is omitted from an analysis and any subsequent journal entry.


Effective Review Procedures


Many of the controls previously listed involve independent review-type procedures which determine whether a control sufficiently mitigates a financial reporting risk. The following provides clarity on how to execute these procedures, specific requirements are outlined for the following areas: (1) Account Reconciliations, (2) Journal Entries, (3) Calculations and (4) Reports.


In all cases, the reviewers must:


  • Possess the experience and skills necessary for the area under review.

  • Have the proper authority to approve the transaction(s).

  • Understand the purpose of the transaction(s).

  • Be capable of identifying errors, irregularities or unusual items.


Account Reconciliations


At a minimum, account reconciliations should meet the following criteria:


  • Responsibility for reconciliation preparation must be clearly assigned. 

  • Proper reconciliation approach and documentation must be used.

  • Reconciling items must be identified, validated and reported in a timely manner. 

  • Account classification must be properly used.

  • Reconciliations must be performed in a timely manner.

  • Reconciliations must be reviewed and approved in a timely manner.

  • Reconciliations must not contain aged reconciling items.


When reviewing account reconciliations, specific attention should be given to the following elements to ensure operating effectiveness:


  • The reconciled balance is tied to the general ledger.

  • All reconciling items are supported by adequate documentation.

  • The reconciliation is footed and all formulas are reviewed for accuracy.

  • Correcting journal entries should be prepared and reviewed.

  • The reconciliation is signed and dated independent of the preparer.


Evidential Requirements: The evidence retained for the reconciliation should provide sufficient support for the actions described. The evidence should be well-organized and cataloged for reference.


Journal Entries


Journal entries must be accurate, posted in the proper period, and supported by sufficient documentation. When reviewing a journal entry, give specific attention to the following:


  • The balances on the journal entry tie to supporting documentation.

  • Analyses are footed and all formulas are reviewed for accuracy should be reviewed for reasonableness.

  • Booking, responsibility and account codes are accurate.

  • The journal entry is signed and dated independent of the preparer.


Evidential Requirements: The evidence retained for the journal entry should provide sufficient support for the actions described. The evidence should be well-organized and cataloged for reference.


Calculations


Financial transactions may involve complex calculations. In all cases the individuals reviewing calculations must possess adequate technical skills and also be familiar with the area under review. When reviewing a calculation, give specific attention to the following:


  • The calculation is footed and all formulas are reviewed for accuracy.

  • Data must be vouched and traced (where applicable) to the source.

  • The calculation is signed and dated independent of the preparer.


Evidential Requirements: The evidence retained for the calculation should provide sufficient support for the actions described. The evidence should be well-organized and cataloged for reference.


Reports


The reports that are used to support a financial transaction must be reviewed for accuracy each time the report is generated. All reports should be scanned for unusual items that may indicate an error or discrepancy. The items presented on the report should be reviewed to ensure that the data is relevant for the transaction. Any items requiring investigation or explanation should be accompanied with notes that include an explanation as to its disposition (where applicable). All reports that support a financial transaction or control should be signed and dated.


Evidence Retention


A control must be accompanied by sufficient documentation before it is deemed effective. The evidence should allow an outside examiner to review and understand the control. The evidence should be well organized, collated and cataloged so that it can be retrieved on a timely basis. Evidence can be presented in various forms, including:


  • Electronic (scanned documents, email, screen shots).

  • Hard Copy (printed review evidence, system reports).

  • Soft Copy (formula review in Excel, data extraction).


The Evidence that is retained should substantiate that (1) the control has been executed in accordance with its design and (2) adequate review procedures have been performed. Please note that the following items do NOT constitute effective evidence.


  • Implicit approvals (cc’s on emails).

  • Reports with lack of evidence of review.


The Company’s retention schedule should specify how long records need to be retained to satisfy legal, regulatory and business requirements. Records must also be discarded promptly when retention periods elapse. As a best practice, policies related to Information Retention and Retention/Destruction of Company Records should exist.


Overall, a robust control environment in the close the book process is essential for ensuring the integrity, accuracy, and compliance of financial reporting, thereby safeguarding organizational assets, reputation, and stakeholder trust.


Comments
Share Your ThoughtsBe the first to write a comment.
bottom of page