The ASC 842 Opportunity: Improve SOX Internal Controls for New Lease Accounting Standards by Leveraging an Updated COSO Framework

Developing adequate SOX §404 controls for leased asset accounting requires identifying control points that, due to the variety of leased asset actors across a company, may be very new and different.


Leased assets are everywhere

Under the new lease accounting standards, ASC 842 and IFRS 16, companies are required to calculate and document right-of-use asset valuations and corresponding liabilities on company balance sheets. This has focused accounting executives not only on improving their leased asset accounting to meet the audit requirements for their financial statements but also improving their process controls to meet their SOX audit requirements. Given the complexity of the new standards, these improvements will necessarily involve deploying a lease accounting software system and employing that software system to automate controls across a company and throughout the lifecycle of the leased assets.

However, in large, Fortune 1000 companies, discerning the proper control points and defining the controls from scratch takes some collaborative internal dialogue and thinking. Until now, control-based compliance for leasing was seemingly beyond the scope of financial executives as many of those activities (such as procurement, use, and existence of leased assets) are highly decentralized. Yet, compliance implies knowing the attributes of an asset and related financial obligations at least on a monthly basis with any changes captured in a monthly close.

Developing adequate SOX §404 controls for leased asset accounting is challenging.  It requires identifying control points that, due to the variety of leased asset actors across a company, may be very new and different. The controls required are specific to the leasing process for each lease type (real-state, equipment, and embedded leases) within a company. Different actors with different interests and expertise in each lease type transact the leases and often other actors become custodians or fiduciaries for those leased assets over their lives.

Leased asset management is fundamental to accounting

To implement the new standards, accounting organizations have started collecting their lease information for real estate, fleet, IT and other equipment.  To gather the necessary data, accountants need to reach far beyond corporate headquarters into business units around the world.  Many project teams are finding that the the documentation and data available are incomplete and/or difficult to translate.  Early movers have articulated these three realizations:

First, data collection is going to be a huge effort involving many people. The initial lease data collection effort could consume many months.  By the end of the process, Controllers are coming to a second realization - many leased assets that they were accounting for no longer exist or have moved. This leads to the third, and arguably most important, realization: To maintain the completeness and accuracy of lease data on a monthly basis organizations will require markedly improved policies and processes around lease management leading to new, increased, and improved controls.

Policies, processes and controls for leased assets

ASC 842 and IFRS 16 are explicit about the requirement to measure assets and liabilities at the asset level. Lease agreements can contain many individual assets which vary in their status and behavior over time. In the case of a real estate schedule, dozens of discrete assets (multiple spaces on different floors in a building, parking spaces, signage rights, etc.) and modifications are common over the life the assets. Service contracts can also have many disparate, embedded leased assets, including printers, vessels, trucks, warehouses, and aircraft. A contract for leased equipment often contains hundreds and even thousands of assets, e.g. laptops. The only way to accurately monitor and manage the existence of these leased assets and maintain the completeness and accuracy of your data on a monthly basis is to initiate new policies, standards, processes, and controls for lease management. In principal, this should happen prior to determining right-of-use and valuation or performing calculations for financial disclosure to ensure you are reflecting the monthly changes in your leased asset portfolio.

Pursuant to the new standards, each of these lease accounting activities and analyses below, whether they are real estate, equipment, or embedded leases, must be performed at the asset-level:

  • Differences among lease start date (payment), asset availability date (amortization start), in-service date (depreciation start).
  • Payment breakdown is based on stand-alone observable price rather than contract specs
  • Classification
  • Mid-Term Events
  • Location Changes
  • Tax Timing Differences
  • Reassessments
  • Modifications
  • Usage Parameterization
  • Non-Lease Components
  • Penalties
  • Residual Guarantee
  • Purchase Option
  • Term
  • Partial EOT Events
In order to operationalize and “proceduralize” the standard, Controllers need to determine how to enable the stakeholders in their company to provide them with these judgements, decisions, events, and attribute changes at the asset level each month in a controlled environment. In short, if you cannot manage the leased assets and the changes to those assets on a monthly basis with the help of stakeholders responsible for the assets, you cannot account for them properly. The financial statement audit depends on the success of the SOX audit.

SOX §404 compliance for ASC 842 and IFRS 16 will require new and heightened explicit assertions to those right-of-use asset and liability balances as well as the associated disclosures. This “clean-slate” perspective affords Controllers and internal auditors the opportunity to embed controls in the new processes so that the linkages are apparent, meaningful, and achieve their stated purposes.

Out with the old and in with the new

Controllerships are transforming their current state to achieve compliance with the new standard, in part, by embedding new SOX controls into the future state and automating as many of the controls as possible. This adds asset-level SOX control requirements, including lifecycle asset management, to the list of accounting and reporting requirements for software – a new category of software designed for Corporate Controllerships referred to as Enterprise Lease Accounting (ELA) software-as-a-service. Controllers want controls systematically and consistently applied through software, including user access controls, workflow, and automated audit trail documentation.  ELA software applications automatically generate journal entries for all lease types at the asset-level but can also offer inherent separation of duties and automated policy enforcement that can be applied globally. For example, consider lease classification. Employing a system where classification policies are standardized by asset type and then applied to the individual assets as required under the new lease accounting standards would logically minimize any deficiencies and result in far less substantive testing. This is a core feature of an ELA solution.

The new lease accounting standard change creates an opportunity for companies to enhance Internal Controls for Financial Reporting (ICFR) by leveraging the latest 2013 COSO framework alongside of a qualified ELA solution. Companies can adopt and apply the 2013 framework for Internal Controls to increase the level of scrutiny on documention of policies and processes as well as on testing to enforce them, achieving two important goals: A) to ensure the proper transition accounting (e.g. 840 à842) and B) to ensure the proper [ongoing] transactional and operational accounting (e.g. monthly close procedures) to generate required financial reports and disclosures.

Avoiding the current SOX pain points: COSO framework plus ELA solution

Public companies have shared the most noted changes to their SOX programs – those requiring extensive or substantial changes due to heightened scrutiny:

  • Process control documentation,
  • Auditor testing of exceptions and deficiencies,
  • Expansion of documentation related to the entity-level control environment,
  • Controls for management judgements and estimates,
  • “Walkthroughs” of key business processes,
  • Segregation of duties,
  • Changes in the internal control environment from a system implementation, and
  • Coverage and scope related to international/remote/non-HQ locations.
It is logical to expect these to apply to the new lease accounting standards. Ask your ELA vendor to demonstrate how their software addresses these at the leased asset-level.

Despite the increased scrutiny, 70 percent of public companies report that the SOX compliance process is a catalyst for continued improvements of their business processes. This again indicates an opportunity for Controller organizations to use the change in lease accounting to improve their policies, standards, processes, and control environment to elevate their overall business while pro-actively addressing those expected areas of intense auditor scrutiny.

An ELA platform providing for straight-through-processing and minimal intervention would promote meeting objectives for internal controls and adhering to the principles of the COSO framework.

Alex Klein, CPA is a Lease Accounting Solutions Consultant at LeaseAccelerator, Inc.