Printer Friendly

Where IT accounting raises compliance issues.

Governance of information technology (IT) has emerged as a key CFO issue in the past several years, for a variety of reasons, including information security, financial reporting and portfolio management. Sarbanes-Oxley mandates have significantly raised the stakes, both from a corporate and personal perspective, for any shortcomings in IT governance of financial data.


The good news is that most companies have responded positively and thoroughly to the IT controls issues raised by Sarbanes-Oxley. The bad news is that there are other IT Sarbanes-Oxley problems lurking out there that are not on the radar screens of many CFOs.

When it comes to Sections 302 and 404, most CFOs have focused their attention on ensuring that effective controls are in place over the operations of IT systems that support financial reporting. However, a separate matter that can also result in significant errors in financial reporting concerns arrangements entered into by the company to acquire IT services and systems. Specifically, the issue is whether transactions to acquire IT services and systems have been correctly recorded from a financial statement perspective.

This is no small matter, not just because of the potential size of these transactions, but also because the complexity of the arrangements often fogs the financial essence of what is taking place. Moreover, many finance departments are not involved in the negotiations of these arrangements, since purchases of IT goods and services have traditionally been the domain of IT and procurement. There can be more to an IT transaction than initially meets the eye and, in the age of Sarbanes-Oxley, that can make it prudent for the CFO to obtain a deeper understanding.

Examples of such transactions are:

* a company's treatment of the hardware and other assets it uses in an outsourcing arrangement with a third party;

* a company's treatment of a professional services contract with a software development or maintenance firm; and

* a company's treatment of a third-party entity that is providing outsourcing services, such as business process outsourcing of HR or customer service.

Getting to the Substance

There are several challenges a CFO faces in ensuring that IT transactions have been properly accounted for in accordance with generally accepted accounting principles (GAAP). First, these arrangements are technically complex, and it is not always obvious how different sections of a technology contract relate in order to form a judgment on the underlying financial substance.

Second, it has historically been the domain of IT and procurement to negotiate and approve IT contracts, with little knowledge on their part of the potential financial statement implications. And third, the accounting regulatory bodies have given relatively little interpretive guidance on the more complex nuances of most technology contracts. Clearly, CFOs can benefit from gaining insight into potential issues to be found in the substance of various IT transactions, and to learn how to penetrate some of these issues, which include:

* Data Center Outsourcing. The most straightforward example occurs when a company contracts with a third party to outsource its data center. Typically, the service provider will own assets like computer hardware, disk drive storage, etc. that are used under the service agreement. Ordinarily, there are contractual terms defining the assets, and how increases or decreases in capacity will be accomplished. What the CFO needs to be alert to is whether the arrangement, regardless of the payment terms of the contract, constitutes an economic lease of the assets, and if so, whether the lease is a capital lease.

This question essentially turns on the issue of who controls the use of the assets, and generic guidance to help answer this question can be found in FAS 13 and EITF 01-8. It would certainly not be uncommon for a company to be considered in control over the assets used in fulfilling an outsourcing arrangement.

* Software Development. Another common form of outsourcing occurs when a third-party vendor is contracted to develop software according to the company's specifications. Often, these arrangements span multiple years and include a core "package" of software (such as an enterprise resource planning. or ERP, system) which the vendor enhances according to the company's specifications. The cost of these enhancements very often dwarfs the core-package license cost.

The potential issue here is how the enhancement costs are accounted for under GAAP. Regardless of the payment terms of the contract, which may contain "sweeteners" to load payments to one end or the other of the contract term, what the CFO needs to look for is whether costs are being accrued in a manner representative of the obligation incurred. If not, what may be occurring, in essence, is an off-balance-sheet financing arrangement.

Of course, most contracts do not contain warning lights that indicate a financing arrangement is present, and therefore it must be deduced from an examination of the contract provisions for Payment, Deliverables, Acceptance and Termination. Where termination charges are present, the question should be, "Why would there be an unmet cost obligation at time of termination?" Note that this is entirely separate from the question of whether the costs can be capitalized, for which guidance is given in SOP 98-1.

* Software Maintenance. Many companies have a substantial amount of "legacy" software developed over the years, and it is an unfortunate fact that software maintenance--the cost to update software to meet customer or regulatory demands--eats up much of the IT budget. This has spurred many companies to outsource the maintenance of their software in order to reduce costs.

The issue here is similar to the software development example above: is the payment arrangement, often contractually committed for five years or more, representative of the time-specific benefit received? The CFO should look for clear justification in cases where the payment stream is not straight-line, especially where it increases over time. Of course, getting to the answer will require unraveling contract terms that provide for increases and decreases in capacity, and the proportion of on-shore vs. offshore labor.

Generally speaking, the cost to maintain a constant amount of software with a constant amount of yearly enhancement will decrease over time, due to efficiencies achieved. Again, as noted above, where termination charges are called for, the question should be, "Why would there be an unmet cost obligation at the time of termination?"

* Business Process Outsourcing. Assume a company outsources one of its internal business functions, such as HR or customer service, to a third-party entity. Although business process outsourcing is not an IT transaction, it is a close cousin, and many of the firms that offer it also offer IT outsourcing.

In addition to the payment-stream concerns described in the previous two scenarios, another matter that the CFO must focus on is whether the company has inadvertently entered into a situation where the third-party outsourcing entity could be construed as a variable-interest entity ("VIE," which is the new math term for the old special-purpose entity, or SPE) that must be consolidated by the company, and certified pursuant to Sarbanes-Oxley Section 404.

The issue turns not on ownership of voting stock or legal authority, but on whether the company has the majority of the risks and rewards of ownership of the VIE. FIN 46R is the appropriate accounting guidance and may result in many companies consolidating (and certifying) some VIEs that they don't control since, under Sarbanes-Oxley, their certifications must cover all consolidated entities.

* Capitalization of Software for Internal Use. This subject doesn't really belong as part of a discussion of transaction scenarios with third parties, but it is highly complementary since missteps here can also significantly impact the balance sheet. As stated previously, the costs associated with development of internal-use software may be capitalized pursuant to SOP 98-1.

From a CFO perspective, it is particularly vital that the company has sufficient controls to establish when in the software development life cycle capitalization begins and ends; that it has a certifiable project cost accounting system to document the nature and timing of the charges; and that it has sufficient controls to detect when capitalized projects have become impaired and must be written off.

Time For Action

There is a revolutionary movement in GAAP to develop complex accounting models to address perceived abuses, resulting in new accounting standards such as the ones cited above.

Unfortunately, these bring into scope the accounting treatment for many transactions, including those discussed here. Materiality and substance will increasingly be the standard pursued by regulators. Witness the Off Balance Sheet Report issued by the Securities and Exchange Commission in June 2005, followed thereafter by several public statements of support by the Financial Accounting Standards Board. At the same time, complex technology contracts are becoming increasingly prevalent, and bring with them significant balance sheet and financial reporting implications to which CFOs, more than ever, should be observant.

Dr. Scott Gordon is CEO of Princeton Control LLC, a Princeton, N.J., firm specializing in IT governance and control issues. He can be reached at 609.806.3929 or


* Sarbanes-Oxley mandates have significantly raised the stakes, both from a corporate and personal perspective, for any shortcomings in IT governance of financial data.

* One issue that may not be getting enough attention concerns arrangements entered into by the company to acquire IT services and systems. Specifically, the issue is whether those IT transactions have been correctly booked from a balance-sheet perspective.

* Critical areas to focus on from an accounting perspective include data-center outsourcing, contracted software development, business process outsourcing and capitalization of software for internal use.
COPYRIGHT 2006 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:it governance
Author:Gordon, Scott
Publication:Financial Executive
Geographic Code:1USA
Date:Oct 1, 2006
Previous Article:Ten best practices for audit committees: the public company audit committee now has an enhanced role and needs to revise some of its practices. Here...
Next Article:Unlocking greater profitability from receivables management: executing well on three basic processes can do a lot to clear disputes, reduce...

Related Articles
Governance reform gathers more momentum. (President's Page).
Where CFOS stand: today's key issues for financial executives. (President's Page).
The 'compliance industry' is going too far.
The key to compliance.
Compliance expertise pays for next generation of accountants.
When accounting practices go under the microscope: once a financial investigation has begun, it's time for an all-hands-on-deck alert. Time is...
A strategic player: hiring and inspiring a chief audit executive.
A 360-degree approach to data governance.
Corporate tax governance for CFOs: a practical approach: CFOs don't have to be tax experts, but they do need a basic understanding of the income tax...

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |