The internal audit is seldom talked about, yet undeniably essential to maintaining financial integrity in any SaaS company. It’s the independent voice that helps your organization understand risks and get assurance that your internal controls are working.
When you consider the work that goes into a single audit, it’s tempting to “save time” by painting your financial processes in broad strokes and ignoring the fine details. (This is especially true for early-stage SaaS companies that are solely focused on finding product/market fit and generating positive cash flow each month.)
Don’t fall into this trap.
The earlier you start building out an internal auditing function in your organization, the easier it will be to justify the numbers on your balance sheet when an external auditor starts running through your financials with a fine-tooth comb.
Here’s everything you need to get started with conducting regular internal financial audits in your SaaS business.
What is an internal audit?
An internal audit is the process of identifying flaws in your organization’s internal controls and financial processes, so they can be corrected prior to an external audit. This provides leadership with a safety net (i.e. risk management) from inaccurate financials during an external audit or during due diligence with potential investors.
To conduct an internal audit successfully, you’ll need to dig deep into your company’s financial situation. Probe accounting records. Review internal control policies, cash holdings, and other sensitive financial areas that would be subject to review by an external auditor.
Goals of an internal audit
Unlike external audits, internal audits don’t conclude with an audit report. It’s a preventative measure obtain evidence related to compliance with regulatory requirements provided by GAAP or IFRS. It’s not a pass/fail activity. The internal auditor is usually tasked with providing recommendations to improve and correct inefficiencies in an organization’s existing financial procedures.
SaaS audit financial structure
The structure of your internal audit is not bound to a specific set of laws or regulations, so there really are no “rules.” Here’s how we recommend SaaS businesses plan and perform an internal audit from start to finish.
1. Draft your auditing plan
First things first, create an audit schedule and communicate it to everyone involved. You can draft your own audit programs and tests, or you can use resources provided by the Institute of Internal Auditors (IIA), a professional association that advocates and promotes the importance of internal audits.
2. Review previous audits
Next, you’ll want to review the results of any previous internal audits. This will make it easier to identify potential deficiencies or areas of concern in your company’s financial operations and internal controls.
Pay special attention to any failures in following accounting principles and accounting standards.
Startups tend to take shortcuts when it comes to compliance with the Generally Accepted Accounting Principles (GAAP) or the International Financial Reporting Standards (IFRS). Compliant financial statements are not their primary focus, so they’re often inclined to use the cheapest accounting solution. But all companies—yes, even startups—should think long-term about their financial future and whether they should raise a funding round, continue to scale, or prepare to sell. Such strategic events generally require compliance with required standards, and having reliable reports ready when requested during due diligence is critical.
3. Gather financial documents
Grab the financials documents that would be subject to an external review: signed customer contracts, addendums, SOWs, POs, vendor contracts, invoices, batch deposit support, bank statements, time entry reports tracking time for capitalized software, and percentage-of-complete revenue.
4. Keep financial records up to date
Without timely and reliable information, accounting records can become unreliable themselves, creating discrepancies in your company’s financial records. Your bookkeeping can be done manually, however, it’s not time-efficient and could leave your auditing procedure prone to human error.
Using financial operations software like Maxio enables you to sync data between your CRM and general ledger in real time, ensuring that all your financial records are readily available and up-to-date.
5. Review your accounting system
It’s finally time to start the auditing process!
First, identify and review each element of your company’s accounting system, including individual T-accounts (debits and credits), journal entries, the general ledger, and current financial statements. Systematically work through the accounting system to ensure all necessary accounts are present, journal entries are posted to the general ledger in a timely manner, and your accounting system has the ability to support upcoming changes in the accounting standards like ASC-606 and ASC-842 (i.e. a forward-thinking accounting system).
Here’s a quick list of the features you should have at your disposal:
Automate basic tasks such as billings, sub-ledger to main ledger reconciliation, and running reports based on customized queries.
The option to set up standard protocols to prevent unauthorized transactions such as deleting records, or creating a duplicate journal entry.
A backup plan to safeguard financial records against server crashes, accidentally deleted files, etc.
Restrict access to specific modules so that only the appropriate people have access to the data they need. (For example, the sales team shouldn’t be able to prepare bank reconciliation or cut checks.)
Ability to handle recurring revenues, subscriptions, SOW, sales orders, products, services, and unexpected deals separately
6. Review your internal control policies
Do your internal controls provide adequate protection against instances of potential theft or fraud? Internal control policies typically include the separation of accounting duties between different employees, locked safes for holding pending bank deposits, and individual permissions for password-protected accounting software.
7. Compare internal and external records
After you’ve reviewed your internal control policies, you’ll need to compare your internal records of cash holdings, income, and expenses against external records, such as bank statements and tax records. Similarly, you can also compare your company’s stored external records against internal records.
8. Look at tax records
Analyze your company’s internal tax records and official tax returns. According to the IRS, you should hold onto records for at least three years, unless you filed a fraudulent return—in this case, you should hold onto your tax records indefinitely.
Browse through your company’s tax receipts from the IRS and compare them against records of tax liabilities and taxes paid in your company’s accounting records. You should also review the range of credits and deductions claimed on your most recent tax return, looking for discrepancies in your company’s financial reporting, such as inflated expense numbers.
Where can errors occur?
Internal audits are not regulated and are, therefore, more flexible. Without strict auditing procedures in place, the integrity of your audit can suffer.
In lieu of strict laws or regulations, you’ll want to create your own set of auditing procedures for internal use so that your employees are holding each other accountable for the quality of your audit.
Accounting software can help fill in the gaps, reducing potential errors caused by playing loose and fast with your auditing procedures. If you want to conduct a successful audit, consistency is key. Adopting a FinOps tool that acts as a single source of truth for your financial records makes this much easier. Read our recent article, The Pros and Cons of Point Solutions of Billing and FinOps, to learn more about the benefits of investing in tools to support internal audits and other key accounting activities.
How do you measure the success of an internal audit?
At the end of your audit, you need to be able to answer the following questions:
Are you managing various risks effectively (e.g. internal controls working properly, reduced risk of fraud, no discrepancies between internal and external financial records, etc.)
Are you applying financial policies and procedures correctly to maintain compliance? (e.g. GAAP, IFRS, and ASC 606)
How can you improve processes to reach your financial goals? (e.g. Accurate financial reporting, maintain a financials and metrics dashboard, eliminate manual processes by investing in a dedicated accounting system)
At the end of your audit, consider compiling an unofficial report of all your audit findings. Not only can you use it as a resource when planning future audits, but it also provides your company with an actionable list of “fixes” to your internal controls and financial processes before an external auditor enters the scene.
Getting started with your next audit
Before you prepare for your next audit, all your financial records and accounts should be easily accessible in one place. We built this chart of accounts specifically for SaaS teams so you can view, organize, and manage all your asset, liability, equity, revenue, and expense accounts in one place.