By Marc Blythe, Dwayne Carey and Christopher Royalty
In 2020, SPACs made up most of the growth in the U.S. IPO market compared with last year’s level. So far this year, SPACs have raised $111 billion from 362 counts (as of June 30, 2021), surpassing the record $13.6 billion raised in 2019 (from 59 IPOs).
The number of newly public companies that achieved this significant milestone in record time is astounding. In just the first six months of the year, over 519 companies have gone public in the U.S., representing a significant increase over 2020, which had 450 IPOs over the entire year.
However, many of these companies have found themselves unprepared for the strict reporting requirements of a public company. If your company has recently gone public through a SPAC transaction or is in the process of doing so, it’s essential to look at the people, processes and technology in place and assess the following four key areas.
Perspective from Dwayne Carey & Christopher Royalty
1. Understand Regulatory and Compliance Requirements
Investors are increasingly requiring more comprehensive financial data to assess company performance. For private companies preparing for IPOs or SPACs, being able to demonstrate reliable financial and operational information is paramount.
Governance, risk, and compliance (GRC) is an organizational strategy for managing governance, risk management, and compliance with industry and government regulations. It helps companies effectively manage risk, reduce costs, and meet requirements for compliance. It also helps improve company-wide strategy and performance outcomes.
Once a company becomes public, compliance with various new regulations, legislation and filing deadlines is required. For example, extensive financial and Sarbanes Oxley (SOX) reporting. Sarbanes-Oxley requires public companies to report on their internal controls for financial reporting annually. This is intended to assure the adequacy of controls in place and prevent fraud and financial misstatement. Public companies are required to comply with SOX, but compliance is often overlooked in the midst of preparing to go public. Newly public companies must meet SOX requirements by the final day of the first year after a company goes public, so it’s crucial to get the proper internal controls in place early on.
Many companies assess their internal controls before they go public to avoid reporting material weaknesses after the fact. The effort required of SOX compliance initiatives should not be underestimated.
Although private companies may have no standard requirements to establish internal controls, setting up formal rules can provide a strong foundation for private companies as they move toward public company status.
Companies should have the following internal controls in place:
- Segregation of duties
- Reconciliation controls
- Physical inventory counts
- Periodic review of organizational performance
- IT controls, including system access and program changes
The company’s CEO and CFO are responsible for and must individually certify the effectiveness and accuracy of all financial information. Immediately after going public, there needs to be a focus on the robustness of the internal controls environment.
2. Assess Compliance Gaps and Needs
After a SPAC is completed, it’s important to perform an updated, post-public risk assessment. A risk assessment can help identify which critical processes might be vulnerable to errors and consequently create significant risks.
Assessing the company’s business processes and deciding which entities and procedures need to be evaluated is a key step. Internal controls may not be in place where needed, or on the other hand, may not be necessary and justified for all areas. Different levels of control material may already exist – some developing and some more mature. A post-public risk assessment will help identify areas that need to be improved or strengthened.
Once potential risks are identified, it’s important to understand the type and extent of exposure. That means analyzing related processes and identifying gaps or weaknesses that might lead to problems. Then you can refine processes and implement controls where necessary.
Risk assessment requirements are significantly expanded for public companies. For example, valuation requirements, use of control frameworks like COSO 2013 and other internal control assessments change.
Starting with a risk assessment allows the results to guide the development of your internal controls framework, enabling you to design controls specifically tailored to your organization.
3. Accounting & Financial Reporting
Private companies are often limited in their accounting and financial reporting capabilities, given their growth stage, small staff and often inadequate resources.
Pro forma accounting is a financial reporting method often used by private companies. After a company becomes public, it must follow Generally Accepted Accounting Principles (GAAP) when compiling financial statements. Conducting a thorough GAAP analysis will enable you to identify any ‘soft spots’ and evaluate the control maturity of each process. There may be financial areas that need to be addressed. GAAP and other compliance conversions may offer more robust, long-term solutions.
Public companies must meet SEC requirements, such as filing Q’s and K’s. These quarterly financial reporting processes are new and must be documented. It’s often a challenge to document processes in a way that will allow them to pass an audit. If the company can’t show evidence that controls are in place, then they are not considered to be taking place. A company can have an unofficial process in place, however, if it’s not documented, it doesn’t count.
The first step is to develop an action plan that specifies what processes need to be documented and then determine how to document them to be audited. It’s important to ensure that the processes in place are robust and all risk ramifications are addressed to support external financial reporting. A scoping process will help identify areas of concern that need to be modified to ensure complete and accurate financial reports.
4. Evaluate Your Staffing Needs
Many private companies are not staffed for the rigors of a public company. Your company has likely undergone extensive changes internally through the process of going public. Now it’s time to evaluate if current staffing is adequate to fulfill audit and public company requirements. If not, what is the plan to bring the team up to where they need to be? Are you going to absorb this work internally by shifting responsibilities among the current team, or do you need to add people with different areas of expertise? You may need to enhance your team by adding people with expertise in accounting and reporting, legal, tax, internal audit, financial planning and analysis, investor relations and human resources.
You need a team of management and advisors that includes people with SEC financial reporting and regulatory knowledge and experience interfacing with investors and the Big 4 accounting firms.
5. Assess IT Systems and Infrastructure
IT systems and infrastructure are critical to adhere to the increased reporting requirements of a public company. It’s essential to review and evaluate your systems for enterprise resource planning, human resources, tax software and contract management, information technology (IT), compliance, and cybersecurity.
There is often friction between how a system is intended to work from a business perspective and how it needs to work from a compliance perspective. When developing systems, it’s important to be extremely aware of regulatory requirements.
Companies should assess:
- Do we have the systems in place to support people and processes?
- Are we able to get actionable data?
- Is the data complete and accurate?
- How do we know that it is complete and correct?
- Do our systems support internal control standards out of the box, or will they require substantial investment to meet IT control needs?
Many private companies rely heavily on Excel spreadsheets to organize their data, creating an inefficient workflow and making it difficult to audit. Working with disparate IT systems that don’t interface with one another is another common issue. Furthermore, meeting PCAOB hot topic audit standards over Completeness and Accuracy of data (C&A) and Information Used in the Control (IUC) may be next to impossible and very inefficient to demonstrate when working out of Excel and in end-user desktop files.
Fraud and error risks are far more likely without a clearly delineated separation of responsibilities for key processes. Segregation of Duties (SOD) is crucial to reduce risk exposure. Legacy users often have too much access to information that’s not necessary for them to do their jobs. Ensuring that no single person has complete control of a process protects an organization from significant risk. We often see private companies with one or two accounting people assigned to do everything, with no definitive separation of roles and responsibilities. A user provision system will designate the roles and responsibilities of users and determine how to grant access. To demonstrate control compliance and leading practices, there may be a need to move current application access from a “grant-all” permission posture, to “deny-all” default within the system when provisioning user security. Each application user should be granted only the least amount of privileges necessary to do their job effectively.
The accounting systems that private companies typically make use of to cut cost and complexity are often non-conducive to public company compliance and scalability preferences (e.g., QuickBooks). Look closely at the current IT systems your company currently has in place – can they reasonably support the company’s compliance and scalability plans and needs? If not, can they be made compliant with a reasonable effort and spend? Determine if the effort needed to become compliant with current systems is justified. Are various system components able to scale to the goals outlined in the business plan, such as projected sales, new service lines, markets, geographies and other growth plan factors/trajectories? Is the current IT stack and organization geared to meet the direction the company is taking toward Financial Planning and Analysis, inventory management/supply chain, big data, or other anticipated Enterprise GRC needs?
Evaluate that the current physical infrastructure, such as the office, warehouse and total usable space, is adequate to meet future footprint needs. Is the employee desk space, manufacturing space and geographical proximity align with the business plan and scalability? Make sure there is an infrastructure development plan in place that you can implement as the company grows, as well as a Business Continuity Plan and Disaster Recovery team and policy which will adapt as the company evolves and scales.
Final Thoughts From Marc
If your company has recently undergone an IPO or SPAC transaction and has found itself unprepared for the strict reporting requirements of a public company, take a careful look at the people, processes and technology that are currently in place.
- Technology Construction Company – Financial statement uplift for two fiscal years and most recent Q2 audit support, technical accounting, quarterly presentation, segment reporting & SOX preparedness.
- Multinational Battery Technology Company – Financial statement uplift for two fiscal years and most recent Q2 audit support, technical accounting, quarterly presentation, segment reporting & SOX preparedness.
- Multinational Hybrid Automotive Company – Financial statement uplift for two fiscal years and most recent Q2 audit support, technical accounting, quarterly presentation, segment reporting & SOX preparedness.
- Aerospace Company (Rocket manufacturer) – Financial statement uplift for two fiscal years and most recent Q2 audit support, technical accounting, quarterly presentation and segment reporting.
- National EV Charging Company – Financial statement uplift for two fiscal years and most recent Q2 audit support, technical accounting, quarterly presentation and segment reporting.
To learn more about Blythe Global Advisors, our solutions and BlytheTeam®
visit our web site or call us at one of the location below.
Irvine (HQ) 949-757-4180 Los Angeles 213-228-5002 San Diego 619-391-7385