Mitigating The Risk of a Remediation and Restatement: Tackling Issues with Purpose and a More Proactive Approach

Something unusual occurred earlier this year: More companies issued financial restatements this year than in the previous year; more than any year since 2013.

Few companies expect to find themselves needing to remediate their accounting and financial reporting — much less restate their financial results — but as this year shows, surprises do occur. For example, one leading cause behind the rise in restatements is new guidance from the SEC affecting an area of accounting applicable to an increasingly popular investment vehicle

A recent Deloitte poll found that nearly 60 percent of companies had significantly revised or remediated their financial processes in the past 12 months. Furthermore, more than half of the companies polled said they expected remediation activities in the next 12 months.

While there isn’t much that can be done to influence certain events in the external environment, companies can control how they deal with them. First, they should be aware of conditions that can have a destabilizing effect on operations and raise the risk of a future remediation. These include:

• Changing economic environment. The pandemic upended numerous assumptions about business operations, from consumer behavior to workforce norms and the global supply chain. This has challenged planning and forecasting efforts, along with the ability to develop accounting judgments and estimates.
• Digital transformation. Companies are accelerating their use of technology to improve the customer experience, make operations more efficient, streamline administrative functions, and more. At the same time, system updates or implementations can expose shortcomings with data organization and integrity.
• New standards and regulations. The Financial Accounting Standards Board continues updating accounting standards in the interest of providing decision-useful information at home and harmonization with standard-setters abroad. Similarly, regulators such as the SEC are issuing new rules and adjusting areas of focus as companies and markets evolve. Each change demands time and attention as companies work through the nuances of compliance.
• Nonrecurring transactions. Unique transactions are surging as companies pursue faster routes to growth (traditional mergers and acquisitions), seek a vehicle to enter the public markets (initial public offerings and special-purpose acquisition companies), or combine forces to gain scale (stock-for-stock mergers). Each brings new revenue streams and other transactions under the CFO’s purview. Even complementary businesses can introduce processes that the acquiring company’s systems and controls aren’t designed to handle.
• Employee turnover. Companies are enhancing compensation and career paths in a bid to acquire new talent and retain the employees they have. But an elevated resignation rate can mean greater misalignment of skills and loss of institutional knowledge.

It is also helpful for companies to be familiar with the areas in which the errors are occurring. Some of the most common ones are: recognition errors, meaning failure to identify an accounting event in a timely manner; misclassifications in the income statement and balance sheet or related to classification of cash flows (e.g., investing, financing, or operating within the statement of cash flows); areas involving estimates and valuation, such as project accounting, impairment of long-lived assets, and contingencies; and complex equity transactions, such as convertible securities, incentive compensation, and accounting for warrants in special-purpose acquisition companies.

To help avoid these issues, companies can leverage response frameworks to build an accounting organization that’s resilient to change. The framework should be based on people, processes, and technology.

• People should be agile, empowered, and ready to respond to issues that arise. Cross-training is essential to interpret— and challenge — assumptions about internal and external conditions that raise the risk of remediation and restatement.
• Standard, but flexible processes should center around monitoring to provide early warning of potential issues. Internally, companies should look for changes in the business and how they may affect financial information.
• Technology refers to the way your company applies its digital capabilities. A proactive company utilizes technology to innovate while maintaining effective data management policies, keeping in mind that they should afford enough time to new systems implementations to reduce the risk of future remediation.

However, even the most proactive of companies can find themselves in a remediation situation. When this occurs, companies need to act quickly and methodically utilizing a response framework such as:

• Create a plan. Set up tools and a process for status tracking and reporting; assign resources while making sure to allow enough time for each workstream. Remember to include communications in the plan, too.
• Assess resources. Get sufficient people involved -- internally and externally -- including specialists or third-party organizations if needed.
• Evaluate the issue. Investigate the nature and cause while considering risks in adjacent areas. Quantify any potential misstatements and determine if a restatement is necessary, including the impact on account balances and other areas within financial statements.
• Determine if and why internal controls failed. Identify any control deficiencies, focusing on the root cause, and prepare a control deficiency assessment with an eye to developing a remediation plan. Keep in mind that the root cause may affect other controls and processes, including some that don’t directly relate to the area being remediated.
• Execute the communication plan. Bring the company’s auditors and board of directors along on the journey with frequent updates. Simultaneously, proactively manage communications to other stakeholders, such as investors, regulators (including the Securities and Exchange Commission), and banks.
• Complete the reporting. Determine filing requirements with banks and regulators. Prepare necessary filings throughout the event. Follow up with additional external communications as appropriate.
• Repair and improve. Determine the key learnings from the event, along with opportunities for improvement. Identify other areas of risk, then update internal controls and the company’s response framework. Beyond that, consider steps for continuous improvement.

In a rapidly evolving business environment, companies face more instances requiring remediation of financial processes, technology, and internal controls. An effective way to reduce this risk is by actively monitoring for changes in the internal and external environments. 

It is also prudent to have a well-thought-out response framework in place. Should the need for remediation arise, this framework provides a roadmap to reach resolution as soon as possible. It also helps to view the setback as an opportunity to review and systematically improve various processes. By putting the two together, monitoring the environment and building a culture of continuous improvement, the accounting organization can become more resilient to change, reducing the likelihood that other remediations may become necessary later.

Pam Duzik is an Audit & Assurance Partner with Deloitte & Touche LLP, as well as a national and local leader of Deloitte’s Accounting and Reporting Advisory Services practice. Matt Hurley is a Deloitte Risk & Financial Advisory senior manager in the Controllership practice, Deloitte & Touche LLP.