A correction of an error--also referred to as a prior period adjustment--is sometimes necessary. But when should such a correction be made? And are there situations where a prior period adjustment is improper? 

Below I explain what a correction of an error is, when it's appropriate, disclosure requirements, and implications for auditors.

Correction of an Error

In comparative statements (when two or more years are presented), the correction of a prior period error affects the prior period financial statements and opening balances in the current year. In single-year statements, the correction affects opening balances. Here's an example.

If Mountain Bikes, Inc. failed to accrue it's last two weeks’ payables in the prior year, a correction might be needed. Why do I say might? Well, if the amount is not material, then the correction of the error may not be required. If the amount is material, then a correction is necessary. 

Suppose you are auditing the financial statements of Mountain Bikes, Inc. for the year ended December 31, 2019, and you discover an error made in the December 31, 2018 financial statements. December 31, 2018 payables of $1 million were not accrued (and the amount is material). In this example, the invoices supporting the $1 million error existed and were on hand during last year’s audit, but, for whatever reason, the amount was not accrued. And the misstatement was not detected by the audit. Now, it's necessary to make a prior period adjustment.

If Mountain Bikes, Inc. provides comparative financial statements, the restated 2018 numbers must reflect the additional $1 million in payables and expenses. This adjustment will of course decrease net income for 2018 and retained earnings. So opening retained earnings (January 1, 2019) will decrease $1 million. The adjustment should not affect net income in 2019. 

Before suggesting any corrections, discuss them with your audit client.

Discuss the Error with Management

It’s time to discuss the error with management or the owners. Why? You want to make sure the error is real. If management disagrees, they will tell you, and they will provide an explanation. But if management agrees, it’s time to propose a prior period adjustment (technically referred to as a restatement in the FASB Codification).

Correction of Error Defined

FASB defines a correction of an error as follows:

An error in recognition, measurement, presentation, or disclosure in financial statements resulting from:

• mathematical mistakes, 
• mistakes in the application of generally accepted accounting principles (GAAP), or 
• oversight or misuse of facts that existed at the time the financial statements were prepared. 

Correction of an Error Disclosures

If Mountain Bikes, Inc. presents single year financial statements, the prior period adjustment affects just the opening balance of retained earnings (January 1, 2019, in this example). The company should still provide a disclosure explaining the prior period adjustment.  

What should be in the note?

Provide a description of the nature of the error. For example, "The Company failed to record $1 million in payables as of December 31, 2018."

When comparative statements are provided, disclose the prior year numbers compared to the corrected numbers for each affected financial statement line items. (Consider displaying three columns: the uncorrected numbers as stated previously, the corrected numbers, and the difference.) FASB specifically requires disclosure of changes to retained earnings or other equity accounts for each prior period presented. 

If a single period financial statement is issued, disclose the effects of the restatement on beginning retained earnings and net income from the preceding period. 

Correction of Errors and Auditing

If you are the auditor, consider whether the error was intentional (fraudulent). What if, for example, the recording of the 2018 payables would have adversely affected the company's compliance with debt covenants? Then the understatement of payables may have been intentional.

Regardless, now that the misstatement is known, a prior period adjustment is necessary. Either management makes (accepts) the adjustment or you will need to qualify your opinion. Or, depending on the facts, withdrawal might be necessary. If the prior period adjustment is not made, you may need to contact your attorney and insurance company.

Additionally, if fraud is suspected in the prior period (2018, for example), it will have a bearing on the current year planning and risk assessment. You may be thinking, “But what if I discovered the error while performing the 2019 audit?” In other words, this potential fraud was not known during your 2019 audit planning. What then? Return to your audit plan and adjust accordingly. The audit plan is not static. It is living. The plan should reflect the facts, regardless of when they are discovered—in the early stage of the engagement or later.  

If you believe the prior year misstatement was intentional (fraudulent), then incorporate this element in your current year audit planning and responses.  

When a Prior Period Adjustment is not Merited 

Sometimes there is no error as defined above. If so, a prior period adjustment should not be made. For example, suppose the allowance for uncollectibles as of December 31, 2018 was adequate based on the facts that existed when the financial statements were created. However, in August 2019 (after the issuance of the 2018 statements) the company realizes it will not collect a material 2018 receivable, one that was previously believed to be collectible. Now what? Well, the allowance for uncollectibles should be adjusted in August 2019. A prior period adjustment should not be made. Changes in estimates are prospective. 

Sometimes a company might desire a prior period adjustment though one is not merited. Why? It’s a way to sweep problems under the rug. Consider the example in the prior paragraph. If the company incorrectly records the bad debt as a restatement of the January 1, 2019 retained earnings, the expense does not appear in the 2019 income statement. Now, if a single-year presentation is provided, the bad debt expense does not appear in the 2018 or 2019 income statements. (A correction of an error disclosure is required. But some companies don’t mind as long as net income isn't adversely affected.) 

Consider that bonuses may be based on net income. If so, this slight of hand could result in extra (fraudulent) compensation. A prior period adjustment might be desired for other reasons as well. Maybe the owners are sensitive to net income or management doesn’t want the embarrassment of declining net income. Whatever the reason, a correction of error should be made only when required by generally accepted accounting principles.

Many CPAs don't understand internal controls. Sure, we know that segregation of duties is a positive, but we are sometimes unaware of internal control weaknesses though they lie right before us. Why is this? Well, there are about a million ways that an accounting system can be designed, and no two businesses are the same. So seeing control weaknesses can be challenging. 

If you work for a business, you need to understand controls so you can build a safer accounting system.

If you are an auditor, you need to understand controls so you can appropriately design your audit. 

Today, I show you how to design an accounting system with sound internal controls. And if you are an auditor, you'll better understand how to see control weaknesses. We'll start with the COSO framework and later we'll examine the importance of separation of duties.

The focus of this article is building an internal control structure that ensures financial statement accuracy and prevents fraud.

COSO Internal Control Framework

COSO provides a framework for developing internal controls. Think of this framework as your ecosystem to ensure a healthy internal control system. The five elements of the framework are:

1. Control environment
2. Risk assessment
3. Control activities
4. Monitoring 
5. Communication and information

Though accountants and auditors tend to focus on the third element, control activities, all five are important in the development of a sound internal control system. 

1. Control Environment

Control environment is often referred to as tone at the top. It's the leadership part of the organization, and it's here that internal controls live or die. 

If you are a board member, demand internal control reports from management. Those reports should explain the organization's processes and controls as well as monitoring activities. In other words, management should demonstrate not only that controls exist, but that they are working.

My experience with boards is they often don't think about internal controls until it's too late. When fraud happens, then the board wants to know how it happened and why. Boards need to know what is happening and why, before theft occurs. Then they can devote enough resources---hire the right people with the right experience--to ensure system development and monitoring. 

Developing a strong internal control system is an ongoing process. Companies need to constantly evaluate their accounting system and its operation. How? First, by performing risk assessments. 

2. Risk Assessment

An organization should determine if its accounting system allows misstatements. How? By examining the various transaction cycles such as billing and receipting; payables and disbursements; and payroll. As you examine each transaction cycle, ask what can go wrong?  Then create controls to address accounting system weaknesses.

Are daily receipts being reconciled to the general ledger? If not, then develop a control requiring that this be done. Are new vendors vetted for appropriateness? If not, require procedures to ensure the propriety of new vendors. (My book, The Why and How of Auditing, provides lists of questions to ask by transaction cycle. You'll find it on Amazon.)

The risk assessment process naturally leads to the develop of appropriate controls. Once you know what can go wrong, you fix it by developing a control. This is the third element of COSO: control activities. 

3. Control Activities

Control activities is the core component of internal controls. This is where the action is, where you develop your controls. The other four components of COSO (control environment, risk assessment, monitoring, and communication) support this central core. Examples of control activities include:

• Bank reconciliations
• Purchase orders
• Signatures on checks by authorized personnel
• Review of cash receipting activity by the receipts supervisor (after cash drawers are balanced at the end of a shift)
• Periodic physical inventories of plant, property, and equipment 
• Reconciliation of debt in the general ledger to amortization schedules

In risk assessment, we determine what could go wrong? Now we create a control to lessen the risk that the event could occur. For instance, with regard to cash, we might think, "cash balances could be incorrectly stated." Therefore, we implement a control--bank reconciliations--to ensure correctness. 

Separation of accounting duties is important in regard to control development. We'll discuss that area in more detail below.

4. Monitoring

Once controls are in place, you want to monitor them to ensure their use. What good is a control if it is not performed? An example of monitoring is having a supervisor inspect bank reconciliations to ensure that they were created (and that they are correct). 

So, the idea here is you develop internal controls and then monitor them. Why? To ensure the control is in use and that it is performed correctly.

Next, document the accounting system and controls to make them understandable. 

5. Communication and Information

In the fifth COSO element, we are documenting the internal control system. You can document the controls in several different ways including:

• Memos
• Flowcharts
• Formal manuals
• In Excel workbooks
• Mindmaps

Which is best? That depends on the complexity of your system. Small organizations can use simple memos. Large entities should create formal manuals. 

What is the goal? To make sure everyone understands how controls work and the reason for their existence.

In many organizations (especially smaller ones), controls are never written down. They are passed down. What do I mean? When a new accountant is hired, he or she is told what to do. Often there is no manual explaining procedures and controls. These oral instructions may not explain why internal controls are performed or how they interact with other parts of the accounting system. Consequently, new employees blindly follow oral instructions without understanding their importance. Worse yet, some don't perform the controls at all. 

An added benefit of documenting controls is it makes system weaknessses more transparent. For instance, if you are documenting your accounts payable system, you might realize that an inappropriate person can add vendors. Or you might see that the payables process lacks segregation of duties. 

Now let's take a look at a key feature of developing an internal control system: separation of accounting duties. 

Separation of Accounting Duties

In the third COSO element above (control activities), we mentioned separation of accounting duties (also known as segregation of duties). What is this? It's dividing accounting responsibilities among multiple people in order to enhance safety. More eyes equals greater safety. Why? Well, if a mistake or theft occurs, it is more likely to be seen. 

There are four actions that are performed in most accounting transaction cycles. They are:

1. Authorization
2. Bookkeeping
3. Custody
4. Reconciliation

A potential fraud danger exists when one person performs two or more of the above. For example, if Mark enters payments in the accounting system (bookkeeping) and signs checks (authorization), there is a threat that Mark will write checks to myself--especially if he knows that no one compares cleared checks to the general ledger.

The determination of whether danger exists is dependent on the full picture. If Mark knows that Joan--the person reconciling the bank statement--compares cleared checks to the general ledger and that she reviews the payee's on each check, then the danger of theft goes down. If Joan just compares the amount on the bank statement to the general ledger (and does not review the payee on the cleared check), the danger increases.

If all four of the above actions are performed by one person, then a significant control weakness exists. Auditors call this a material weakness. In such situations, it's advisable to include additional personnel in the accounting system. Why? So duties can be separated among various people. 

Some companies are unable create separation of duties. Why? There may not be enough people to do so (it's hard to segregate duties with only one person in accounting) and it costs money to hire additional personnel. Without a sufficient number of people, it is difficult to design a safe environment. Even so, there are still ways to make your accounting system safer. 

Financial Statement Misstatements

There are two ways that financial statements can be misstated: one is by mistake, and the second is intentionally. The first is just part of being human, the second is fraud. We need a system that reduces both threats. 

Misstatements Due to Mistakes

We all make mistakes. Entries are coded to the wrong chart of accounts line. We forget to enter an invoice in payables. We fail to reconcile our bank accounts. We use inappropropriate revenue recognition methods. 

How do we become aware of our mistakes? By review. These reviews are performed by the person that does the initial accounting work and by others--a supervisor, for example. The supervisor's review is an internal control. 

Some accounting systems point out our errors in real time. For example, if I try to enter the same invoice twice, the system will tell me. The accounting system notice is an internal control. 

So, internal controls can involve both humans (the review) and computers (input notices). The purpose of each is to ensure the correction of errors. 

Misstatements that are Intentional

Sometimes companies intentionally misstate their numbers. Why? Usually to make themselves look better than they are. If profits are declining, the CEO or CFO might pressure the staff to create fictitious entries. Consider that an organization can make one journal entry on the last day of a year to inflate it's profits such as:

                                            Dr.                                  Cr.

Receivables                    10,000,000

Revenue                                                    10,000,000

This is an example of financial statement fraud. Know that there are hundreds of ways that financial statement fraud can occur. Also understand that when assets are stolen from a business, fraudsters often hide theft with false accounting entries. 

In developing internal controls, you want to create a system that prevents these types of intentional misstatements. Even when a good accounting system exists, management override is always a concern. Consider the WorldCom fraud. What is management override? It's when management forces staff members to ignore internal controls and perform inappropriate procedures. 

Closing Comments

Now you have a better understanding of internal controls.

If you work for a business, nonprofit, or government, make your system better by applying these ideas.

If you're auditor, use the above to assist you in your risk assessments and walkthroughs. (See my article about documenting your walkthroughs.)