The 5 Steps of Internal Controls for Revenue Recognition Standards

The 5 Steps of Internal Controls for Revenue Recognition Standards

Update: This blog post was written before the ASC 606 and IFRS 15 guidance was required to be applied in December 2018.

The company Golden Bear Golf Inc. is named after legendary golfer Jack Nicklaus. Its fully owned subsidiary is Paragon, which builds golf courses. Paragon executives Boyd and Curbello artificially increased revenue. They conducted fraudulent schemes to manipulate revenue by accelerating project progress, inflating expected revenue, creating fictitious contracts, and not recording unexpected project losses. Boyd and Curbello even started accepting a loss contract where the cost of the contract was higher than the price charged. Then, they did not record losses associated with these contracts. This scheme overstated Paragon revenue by more than $25 million.

Fraudulent revenue recognition cases like the Golden Bear Golf case are prevalent. More than 60% of revenue recognition fraud cases are related to revenue recognition according to the Committee of Sponsoring Organization (COSO)1. Revenue is an influential number in financial statements that affects companies’ vital ratios such as profitability, liquidity, and solvency. This paper opens a discussion on proper internal control over the new revenue recognition standard, which is an important and massive topic.

The new revenue recognition standard is a result of collaboration between the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (IASB). The collaboration issued International Financial Reporting Standard (IFRS) 15 and Accounting Standards Codification (ASC) 606 revenue from contracts with customers. The standard will be implemented on January 1, 2018.2

The core principle of IFRS 15 and ASC 606 is “Recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflect the consideration to which the entity expects to be entitled in exchange for those goods or services.”

There are five steps to this principle.

Internal Control

The Committee of Sponsoring Organizations (COSO) developed five related and interconnected components of internal control in its 2013 Internal Control — Integrated Framework. Those components are control environment, risk assessment, control activities, information and communication, and monitoring. We will utilize these components in designing internal control measures for the new revenue recognition standard.

Control Environment

The board would discuss, review, and monitor any significant accounting estimate and accounting assumptions for revenue recognition as well as policy and procedure. For the board to be effective, at least two independent board audit committee members have to be trained on the new revenue recognition standard. These board members should meet regularly with both the external and internal auditors to address revenue recognition. These meetings should be conducted without management to maintain the board’s independence.2

Performance expectations must be clear to personnel. The budgeting process should provide a reasonable expectation of revenue and include variable considerations and evaluation criteria toward satisfaction of performance obligations. In addition, creating a contract budget would help in communicating expectations and evaluation criteria for each contract.

Acquiring and training new talent for implementation is required. This new standard is more complex than the previous one. For this reason, human resources face a challenge in forming a competent team for the new revenue recognition standard’s implementation. The training must include not only technical knowledge about IFRS 15 and ASC 606, but also contract management with variable considerations because these will affect revenue recognition. Variable considerations are the contractual terms used in the entity’s industry that may change consideration (payment) such as sales returns, discounts, and performance bounce.

Risk Assessment

There are two major assertions related to revenue that should be of major concern to management. First, cut off assertion determines if revenue transaction was recorded at the right time. The new revenue standard would bring internal control over timing of revenue recognition. There would be more ways revenue could be advanced or delayed. Also, occurrence assertion, which determines whether revenue transaction has actually occurred, may include double recording of revenue or artificial customers. Companies most frequently violated these two assertions in the reporting of revenue recognitions. There are four reasons why the new revenue recognition standard is risky.

  1. Performance measure. Revenue is the main performance measure for internal or external stockholders. Externally, revenue affects the entity’s ability to attract and retain investors, its credibility, and its tax liability. Internally, when senior management’s compensation and performance measures are linked only to short-term revenue targets, the entity official may misrepresent revenue figures. This is especially true when management has unrealistic expectations. Thus, when the company fails to attain a satisfactory revenue and profit level because of competition, technological changes, changes in consumer demands, or even economic crisis, there is a strong incentive to misreport its revenue.
  2. Override of control by management. If senior officials such as the CEO or the CFO can override controls, which is frequently the case, no matter how strong the entity’s internal control systems, there will be a high risk of revenue fraud.
  3. Any new thing comes with a risk. Employees need experience and knowledge to implement the new standard. The entity may find it difficult to recruit new employees or train their existing employees to comply with standards. Moreover, accountants and auditors do not have experience with contract terms, which is a central component of the new standard. Implementation of the new standard requires detailed understanding of contract terms. Also, there should be a new software application, or at least changes to the existing software, to deal with the new standards.
  4. Judgment and estimation. The new standard allows for more estimates and judgments. This presents opportunities to fabricate numbers or make errors.
    • Innovative industries like online websites and app markets may face difficulty estimating the stand-alone selling price because their products’ features are numerous and their target markets are large. To make it more complex, the stand-alone selling price has to be set at the inception of the contract.
    • It is more risky for industries with long and complex contracts like the construction and the oil and gas industry to estimate and value the progress of the contract because it is a time-intensive activity that requires understanding of contractual terms.

Internal Control Activity

Because of the nature of the new revenue recognition standards, which allow more estimation and judgments, adherence to the four qualitative objectives of IASB and FASB is critical. The higher the degree of estimation and judgments, the higher the risk of fraudulent financial reporting and error. For this reason, accountants should be objective when exercising judgments or estimations. Internal controls activity must be present to prevent bias and lack of objectivity. Thus, entities should keep these four qualitative objectives in mind when designing their internal controls over the new revenue recognition standards.

There are four qualitative objectives of IASB and FASB.

  • Understandability
  • Relevance
  • Reliability
  • Comparability

To achieve these objectives, the entity must compare its practice with competitors’ practices. The best sources would be an external auditor, internal auditor, or consultant who has experience with the entity’s industry and the financial reports of publicly traded companies in same industry. Performance expectations must be clear to personnel. The budgeting process should provide reasonable expectations of revenue and include variable considerations and measurable objectives for satisfaction of performance obligations.

Creating a budget for each contract helps communication expectations and evaluation criteria for contracts and reduces concerns about contracts with multiple performance obligations and variability considerations. The budget should be updated at least annually and as major changes happen. In addition, comparing contract progress to other similar contracts is helpful. This is critical to detect and prevent inflating the contract’s revenue numbers, which is a common fraudulent practice.

Segregating duties is essential for effective internal control. Several departments have major roles in internal control systems related to the new revenue recognition standard. An entity should segregate the following duties:

  • Sales: Obtain contracts, allocate the transaction price
  • Contract management: Identify performance obligations, identify contracts, and determine the transaction price
  • Operations: Deliver goods or render services to customers; satisfy performance obligations
  • Accounting: maintain records and report financial transactions

Proper authorization procedures for entries, estimates, and judgment should be established. Extra authorization on adjustment entries should be enforced because significant entries can be made to artificially increase the revenue number. Moreover, an extra authorization should be enforced on the satisfaction of performance obligations, stand-alone selling prices, and allocating the transaction price.

To ensure proper cut off procedures, the revenue is recognized in the correct periods. Delivery documentation should reflect each performance obligation. There should be a delivery form approved by the customer. There should be ongoing verification of the delivery documents, invoices, and inventory records. Employees under long-term contracts should shift positions regularly, and no one person should stay in his jobs for too long.

Information and Communication

For each judgment and estimate, compiling additional documentation is necessary. Documentation like detailed meeting minutes, email exchanges, and market research results will help improve internal control and provide enough evidence of the effectiveness of internal control for internal and external auditors. This is especially important to companies reporting in the United States because of the PCAOB Practice Alert number 11.3

The Public Company Accounting Oversight Board (PCAOB) Practice Alert number 11 audit of internal control over financial reporting requires an auditor to audit internal controls.4 There should be adequate evidence that internal control is working. This is why documentation is more important than before.

This new standard requires an extensive amount of disclosure. The disclosure should be written by a revenue accountant based on information collected about contract terms and conditions, progress reports, and much more. Also, the disclosure should be reviewed and authorized by management. This disclosure terms in IFRS 15 and ASC 606 require it to be comprehensive. Moreover, I think the disclosure provide an internal control tool. The disclosure is supposed to present valuable information about contract details, accounting judgments, and estimation used to recognize revenue. It is also important to keep affected employee informed about the new revenue standards implementation plan, progress, and any new policies and procedures related to revenue recognitions.


Monitoring the external environment is critical especially in industries with long-term contracts. The monitoring system should detect any external factors that affect the entity’s ability to satisfy its performance obligations, such as an increase in the price of materials or new regulations like decreasing CO2 emissions. Monitoring the internal factors that can affect satisfaction of the contract is important too. These factors include unexpected urgent maintenance, or employee resignations. Some of these factors are not directly related to reporting of revenue, but if left unnoticed, can put pressure on management to fabricate revenue numbers.

Internal and external audits are part of monitoring. For internal audits and external auditors, it is advisable to spend more time in auditing revenue. Auditors monitor the satisfaction of the performance obligation and look for any unusual entries.



1Committee of Sponsoring Organizations of the Treadway Commission. (2013, may). Internal Control — Integrated Framework. Retrieved from The Committee of Sponsoring Organizations’ (COSO):

2deloitte. (2016, sep 28). A roadmap to applying the new revenue recognition standard . Retrieved from deloitte:


4Public Company Accounting Oversight Board. (2014, SEP 9). STAFF AUDIT PRACTICE ALERT NO. 12 MATTERS RELATED TO AUDITING REVENUE IN AN AUDIT OF FINAN. Retrieved from PCAOB:

5SECURITIES AND EXCHANGE COMMISSION vs JOHN R. BOYD, and CHRISTOPHER CURBELLO , 02-80726-Civ-(Hurley USDJ) (united states district court for the southern district of flordia).

Subscribe to the SOFTRAX Blog
Popular Posts
A SaaS Company’s Revenue Management Journey – From Start-up to Enterprise