There are rules in life that keep things running smoothly and minimize harm. For example, traffic lights and stop signs help prevent accidents on the road. Following the rules ensures that the system works and people are safe.
In finance and accounting, rules, often known as standards, ensure that companies comply with the law and the practices of their particular industry. Most businesses need to comply with accounting and finance standards to keep accurate records and minimize the risk of wrong-doing.
Learn more about accounting regulations in our guide to financial compliance.
What Is Compliance in Accounting?
So, what is financial compliance? In finance, compliance has two meanings — it often refers to the standards a company needs to follow and a company’s actions to ensure it complies with said standards. There are compliance standards and compliance in action.
A standard is an agreed-upon way of doing something. In accounting, a compliance standard is a set of policies and rules that help companies maintain relevancy and accuracy. Additionally, compliance standards protect a company’s security.
Of course, standards are only practical when they are observed and enforced. A company must know what it needs to do to comply with standards and why. Some questions to consider when deciding whether a compliance standard is relevant for your business include:
- What will happen if you don’t comply?
- Is the standard designed for your industry?
- Does the standard benefit your team members?
- Does the standard address a concern your company wants to address?
Compliance in Action
Recognizing that compliance standards exist is just part of the equation. On the other side is the need to put said standards into action. The term “compliance in action” refers to your organization’s efforts to ensure it complies with the standards created by the government or other relevant agencies.
For example, you might need to maintain a ledger or have safeguards in place to ensure only authorized individuals can view certain pieces of data. If your company doesn’t put compliance into action, it could face consequences, ranging from fines to legal action.
Risks in Accounting: Why Compliance Matters
Keeping up with financial compliance regulations helps your organization in several ways. Complying with any relevant standards and principles saves your company time and money in the long run. You’ll reduce the risk of being fined and have an accurate system for keeping track of transactions.
Following accounting compliance standards helps you detect issues before they become considerable concerns. For example, you notice that your company is having cash flow problems. A look at your records might show that there have been unauthorized withdrawals from an account or unapproved purchases charged to a company credit card. With that information, you can track down the source of the issue and decide what to do before your company ends up in the red.
Complying with financial regulations also helps your organization steer clear of legal issues. If the standards outline a method of keeping clients’ financial data secure and confidential and your company doesn’t follow those standards, clients can sue you if they find out. Lawsuits cost your company time and money and can damage your reputation.
It takes much less effort to follow the rules and comply with regulations than to undo the damage caused by bad press, legal actions and fines.
Types of Compliance in Accounting
One way to ensure your organization follows the rules expected of it is to conduct an audit. Before you conduct an audit or hire an external auditor, you should know the type of standard you follow and the expectations it has. While some standards apply to every company, others are designed for businesses in specific industries.
During a compliance audit, you can expect the individual conducting it to examine the following:
- Financial records
- Human resources
- Management standards
- Health and safety policies and procedures
- Data security
Let’s take a closer look at some of the types of compliance in finance your company might need to follow.
GAAP Compliance Overview
Generally accepted accounting principles (GAAP) are accounting standards and rules that companies often use when creating financial reports. The Securities and Exchange Commission (SEC) has adopted GAAP. The Financial Accounting Standards Board (FASB) also uses GAAP to develop its accounting practices and methods.
GAAP consists of fundamental principles and several rules specific to certain industries. The 10 basic rules under GAAP are:
- Economic Entity Assumption: A company should be kept separate from its owners and any associated individuals.
- Monetary Unit Assumption: The financial information a company uses should be in the relevant local currency.
- Time Period Assumption: Any financial statements prepared by an organization need to be presented in a timely fashion.
- Cost Principle: A company needs to record the price it paid for items, not the market value of those items when recording a transaction.
- Full Disclosure Principle: A company needs to reveal any information that a person reading a financial statement might find relevant. For example, if a company is involved in a lawsuit, that should be noted on the financial statement.
- Going Concern Principle: Unless the goal is to cease operations or liquidate a business, a company should assume it will continue to operate for the foreseeable future.
- Matching Principle: A company needs to match its expenses to its revenue, meaning it needs to record expenses when it earns the respective revenue. For example, sales commissions need to be recorded when the company earns revenue from those sales.
- Revenue Recognition Principle: Companies need to record revenue when they earn it, even if they don’t receive payment until later.
- Materiality: A company needs to provide all relevant information and can’t withhold or misstate any details that might influence a person reading a financial statement.
- Conservatism: A company needs to err on the side of conservativism when making decisions. For example, it needs to choose the option that provides the lower asset value or net income when given two choices.
In addition to the basic principles, GAAP also includes generally accepted industry practices and FASB standards and rules.
One of the goals of GAAP is to eliminate financial reporting practices that can mislead. An organization that doesn’t follow GAAP could theoretically present its financial information in a way that makes the company’s financial health look better than it is.
SOX Compliance Overview
The Sarbanes-Oxley Act of 2002 (SOX) was passed in response to several financial scandals at the start of the 21st century. The goal of SOX is to boost investor confidence through reforms and additions in four principal areas:
- Corporate responsibility
- Increased criminal punishment
- Accounting regulation
- New protections
To do that, it increased corporations’ oversight responsibilities. Auditors are now more independent, reducing conflicts of interest. SOX also introduced stricter penalties for companies that misbehave financially.
While GAAP is a collection of generally accepted principles, SOX is a law. Companies need to follow it to stay on the right side of the legal fence.
SOX contains 11 sections:
- Title I: Public Company Accounting Oversight Board (PCAOB): The first part of SOX created the PCAOB. The PCAOB is in charge of keeping an eye on auditors. It develops regulations for auditors and also oversees and inspects them.
- Title II: Auditor Independence: The second section of SOX limits an auditing firm’s services to its clients. Before SOX, auditors could perform other types of paid work for the clients they audited, creating conflicts of interest and potentially biasing the auditors toward their clients. Along with restricting the work auditors can do, section two also introduced other requirements to ensure auditor independence.
- Title III: Corporate Responsibility: Under the third part of SOX, the CEO and CFO of an organization are responsible for the completeness and accuracy of their company’s financial reports. If the report needs to be revised due to misbehavior on the CEO or CFO’s part, the executives need to forfeit bonuses and other compensation. Part three also states that companies need to create independent audit committees with members who have no financial connections to the organization.
- Title IV: Enhanced Financial Disclosure: The fourth section of SOX requires corporations to report certain transactions to the public. Those transactions include any that occur off the balance sheet and stock trading by corporate officers. Companies also need to report internal controls on their annual reports.
- Title V: Analyst Conflicts of Interest: A securities analyst needs to list conflicts of interests that could bias them toward a company. The disclosure gives the public the chance to consider the weight of a bias. The fifth section of SOX gives analysts a reason to remain unbiased.
- Title VI: Commission Resources and Authority: The sixth part of SOX aims to increase investor confidence further. It outlines the SEC’s authority to keep securities professionals from participating in the industry if they break the rules.
- Title VII: Studies and Reports: In the seventh section of SOX, you’ll find various reports the SEC and the Comptroller General have to perform to ensure financial institutions like investment banks aren’t participating in illegal activities.
- Title VIII: Corporate and Criminal Fraud Accountability: Section eight makes it a felony to interfere with a federal investigation. It also protects whistleblowers.
- Title IX: White Collar Crime Penalty Enhancement: Under the ninth section, the punishment for conspiracy to commit a financial crime and the commitment of a financial crime is increased.
- Title X: Corporate Tax Returns: The tenth section of SOX requires a CEO to sign a corporate tax return to increase responsibility and transparency.
- Title XI: Corporate Fraud Accountability: The final section of SOX enhances the sentencing and penalty guidelines for records tampering and corporate fraud. It also aids the SEC in investigating fraud.
PCI Compliance Overview
The Payment Card Industry’s Data Security Standard (PCI DSS) is a set of regulations created by credit card issuers, American Express, Discover, Visa, MasterCard and JCB. The goal of PCI DSS is to protect cardholder information. PCI DSS aims to prevent data breaches and protect any information should a breach occur.
PCI contains several protections that aim to enhance physical security and improve technology to keep cardholders’ details from being revealed or misused. The following are some of the requirements under the standard:
- The use of approved point of sale (POS) devices for PIN entry
- The use of a firewall on computers and networks
- The use of a password to protect access to a wireless router
- The use of strong passwords
- Employee training programs to ensure everyone understands the standard
- Not using computers or paper to store confidential data, such as card numbers
Companies that need to comply with PCI DSS can use encryption to protect customers’ data and ensure that all software and hardware are current. Keeping hardware and software current can mean installing security patches and updates as needed.
If a company collects credit card information and doesn’t comply with PCI DSS, the penalties can be severe. A company might need to pay a hefty monthly fine until it addresses the issue. It risks having its merchant account closed by the card companies, meaning it won’t be able to accept cards as payment. Companies that don’t comply with the standard are also more likely to be audited frequently.
You can complete a self-assessment questionnaire to see if your business complies with PCI DSS. The type of questionnaire you need to complete depends on your card transaction volume and the type of transactions your company processes.
Tax Compliance Overview
Quite simply, tax compliance means understanding the tax rules, including at the federal, state and local levels. The first step to tax compliance is knowing what taxes your business needs to pay and when to pay them.
Generally speaking, the tax filing deadline is April 15 annually. But there are likely other deadlines that apply to your company. For example, you might have to pay quarterly estimated taxes. If you have employees, you also need to pay payroll taxes.
Your tax obligations can include income tax, payroll tax, unemployment tax and sales tax. If your company is based in a state with income tax, you’ll also need to pay that and file the appropriate tax forms. You might also have to file and pay taxes at the municipal or local level.
Also, part of tax compliance is reporting the correct income. Your business can most likely deduct certain expenses from its taxable income. You need to have accurate records for those expenses and proof of them. The expenses also need to be necessary and ordinary for your industry. A “necessary” expense is appropriate for your business, while an “ordinary” expense is typical and accepted in your industry.
Industry-Specific Compliance Overview
Depending on your business’s industry, it might have to follow a particular compliance framework that doesn’t apply to other sectors. Some examples of industry-specific compliance standards are:
- The American Institute of Certified Public Accountants (AICPA): The AICPA sets ethical standards that member accountants need to follow. It also sets auditor standards for the government, private companies and nonprofits.
- The Federal Accounting Standards Advisory Board (FASAB): The FASAB develops accounting standards for government agencies in the U.S.
- The Defence Contract Audit Agency (DCAA): The DCAA audits contracts for the Department of Defense and other government agencies. It aims to determine if a contract’s costs are reasonable, allowable and allocable.
- The Securities and Exchange Commission (SEC): The SEC has standards that anyone who works in the securities industry needs to follow. The standards apply to brokers, advisers and mutual funds.
HIPAA Compliance Overview
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) might not look like an accounting and financial standard at first glance. However, HIPAA does contain some financial elements, particularly concerning payment information for services patients receive. According to the U.S. Department of Health and Human Services, HIPAA applies to three types of entities:
- Healthcare clearinghouses
- Health plans
- Healthcare providers who perform some administrative and financial transactions electronically
HIPAA creates a set of standards designed to prevent the disclosure of patient information without their consent or knowledge. It consists of two parts, the Privacy Rule and the Security Rule.
Under the Privacy Rule, there are only a few instances when a covered entity can disclose protected health information without getting consent from the individual first. Those instances include treatment and payment, disclosure to the individual themselves or if the individual has the opportunity to object or agree to the disclosure.
If the disclosure would benefit public health and public interest, an entity can disclose it without the permission or authorization of the individual. For example, disclosure is allowed in the event of a judicial proceeding or if the person is a victim of domestic violence or abuse.
The Security Rule is the other half of HIPAA. It protects a certain type of information covered by the Privacy Rule — all identifiable health information that’s in electronic form. It doesn’t apply to oral or written protected health information.
An entity needs to do the following to comply with the Security Rule:
- Keep all electronic protected health information (e-PHI) confidential and available
- Ensure the integrity of e-PHI
- Safeguard against potential security threats
- Detect security threats
- Protect against unallowed disclosure of e-PHI
- Ensure the workforce is compliant
Accounting Compliance Best Practices
No matter your industry, complying with financial regulations and upholding accounting standards is a must. There are a few things your organization can do to ensure it avoids compliance risks in accounting.
- Prevent misconduct:Often, prevention is the best policy. Instituting training programs that teach employees the basics of accounting principles and compliance issues in finance will help to nip any potentially bad behavior in the bud.
- Detect misconduct:If misconduct does occur, whether intentional or not, you need a way to spot it quickly. This can mean performing internal audits regularly to keep tabs on your company’s financial documents. It also means leaving a door open to encourage employees to report any signs of misconduct.
- Correct issues: Sometimes, misconduct isn’t intentional. An employee could be ignorant of the correct way of performing something or there could be a glitch in the system. Having a plan in place to correct any issues that come up will help your business maintain compliance. That plan can involve remedial training as needed and disciplinary action when appropriate.
- Know the standards: You need to know what the standards are to comply with them. Review any applicable standards, such as GAAP or SOX, and keep up with any industry-specific regulations.
- Be audit-ready: It pays to be prepared. If you were to be audited tomorrow, what would happen? It can be a good idea to conduct an internal audit to evaluate where your company stands and correct any issues before a genuine audit occurs.
- Choose the right tech: The right software and technology can make a significant difference when it comes to compliance. A cloud-based ERP software program can give you business insights and helps you keep on top of your core accounting functions. It allows you to be audit-ready and compliant, no matter what comes your way.
Maintain Compliance With Multiview Cloud ERP
Multiview Cloud ERP is a fully-managed cloud software application that offers several modules to help you leverage your financial data effectively. Using Multiview ERP, you can improve your work output and respond to challenges quickly. The platform is designed for use by various industries, including healthcare, financial services, education and nonprofits and others.
To learn more about how it works and how it can help you follow finance compliance regulations, schedule a demo today.