You are about to do an acquisition and are wondering, “What are the top tips that you should be looking out for so you can successfully pass internal controls, or SOX compliance, at the end of the transaction?”
We have written up the key points from the video below and show three sample flowcharts to assist in your SOX compliance work. Ready? Let’s get started!
M&A Control Activities
While your process may be slightly different, most M&As are about 80% the same. The type of acquisition you are doing, and its size, will determine the details you use in your process.
When you are operating a public company there is a system of checks and balances you must put in place. These are known as “internal controls.” The framework most companies use for their internal controls is called COSO.
In order to be SOX compliant, a company must design its internal controls and provide supporting documentation to external auditors.
Internal controls are designed to reduce risk to investors. Controls include making sure there is a reviewer of financial statements and an approver of transactions separate from the preparer. These internal controls prevent transactions from being recorded incorrectly, whether accidentally or fraudulently.
There are three main objectives of internal controls for SOX 404:
- Was it appropriately authorized or approved?
- Was the information complete?
- Was the information accurate?
An M&A transaction will begin with sourcing your deal, including identifying investment opportunities, researching the best candidates, reviewing potential transactions for potential business synergies and growth, identifying the best candidates, and proceeding to due diligence. There are no key SOX controls to document in this phase.
Once you decide to move on to the Due Diligence phase, there will be a team of experts to ensure the transaction is successful. They will negotiate the final price, assets, and liabilities they want.
The board, CEO or CFO usually have been given the authority to sign significant investments or M&As. Many companies have an approval matrix that says that deals under a certain amount can be approved by the CEO and CFO without the approval of the board. Once the transaction is approved, then the contract can be approved.
Once the contract is signed, then the finance team puts together the final due diligence and purchase accounting workbook. The FP&A team will review income statement projections to assess how it integrates from a revenue or expense perspective and how it will impact the company going forward. This information is given to the third-party valuation firm to determine the allocation of the purchase price to individual asset or liability for your transaction.
The next step is to evaluate the valuation assumptions and results. There will probably be multiple people doing this review, including your controller and technical accounting or SEC reporting person. If there is accounting research that needs to be done in terms of how to treat contingent payouts, in-process R&D, or any type of potential impairments because you bought something you know you will not use going forward – that work is usually done by the director or a technical accounting person.
You will also put together a purchase price allocation workbook. Typically the controller is the reviewer of this workbook. If there are any tax implications, a third-party expert will prepare a workbook for you. If that affects the purchase allocation, then the controller will review the workbook again.
You then prepare the purchase price memo and the resulting journal entries. These are typically reviewed and approved by the controller to ensure the accounting treatment is correct. Someone will then prepare the journal entry to record in the books, and this will be reviewed and approved by the controller.
Note: On the flowchart, pay particular attention to the areas with keys next to the boxes. Those keys indicate that the person in this step is in charge of retaining the evidence of review and retaining the evidence of approval. Retaining the right documentation helps you avoid mistakes and allows you to easily pass SOX 404 compliance.