Private Company Audit Requirements In US


What is Financial accounting standards board? (FASB)

FASB is an independent, non-profit organization that’s responsible for establishing accounting and reporting standards acknowledged by the American Institute of Certified Public Accountants (AIPC). This organization, which was founded in 1973, focuses on setting the accounting standards for public companies in the U.S. and it’s recognized by the SEC.

What are the Generally Accepted Accounting Principles (GAAP)?

The main focus of GAAP principles is to determine both your liabilities and assets by considering various factors that have an impact on your financial health and reporting.

Economic Entity Assumption

There are two different types of business transactions: business owner personal transactions and sole proprietorship. These two should be kept separate under accounting principles.

Monetary Unit Assumption

All currency is measured in USD without taking inflation into account.

Time Period Assumption

All financial statements should clearly mark a start month, day, and year and end month, day, and year.

Cost Principle

Based on the total amount of cash spent at the asset purchase date, this doesn’t reflect increase or decrease in value.

Full Disclosure Principle

You must include a description of any possible impacts to your financial stability, such as data breaches or lawsuits, to the financial statements you provide to lenders or investors.

Going Concern Principle

Based on comparisons between your assets and liabilities, accountants will decide whether or not your business has the capacity to continue functioning.

Matching Principle

Expenses should be matched to revenues. Employee wages should be aligned for when the employees worked, and not when the wages were paid out.

Revenue Recognition Principle

This principle is similar to the matching principle in the sense that revenue must be reported at the time you complete a project, instead of when you receive payment. Also to be included in the revenue is the promise of payment regardless of whether the payment is made or not.


When doing your financial reporting, you can opt to expenditure the whole technology purchase for the year in which you purchased it instead of dividing that cost up for the number of years you make use of the product. And instead of using fractions, dollars are rounded off to the nearest whole number.


This is a principle that calls for net gain or loss be accounted for based on possible outcomes. Since data breaches are always a matter of “when” rather than “if”, conservatism is a major financial reporting concern when it comes to cybersecurity.

When to Apply GAAP

Financial reporting requirements are similar for both privately-held companies and publicly-held companies. Just like publicly-held companies, privately-held companies turn to financial services institutions and investors to finance their businesses.

If you’re a start-up owner or you’re running a privately-held company, you’ll be required to demonstrate that you’re financially stable before you’re approved for a loan or investment. As part of that, GAAP-based financial reporting gives confidence in your business.

How Cybersecurity Applies to Audited Financial Statements

Have you decided to apply GAAP to your organization? If so, you need to have an understanding of how to interpret your cybersecurity risks into lines on your financial statements; an issue you’ll undoubtably tackle if your using the COSO framework.

SEC Cybersecurity Guidance

The February 2018 SEC interpretation on cybersecurity disclosures stipulated that any data breaches affecting public entities require immediate reporting. The SEC noted particularly that not only have a reliance on and exposure to the internet and networked systems increased, but that the frequency of cybersecurity incidents and attendant risks have also increased. Consequently, public entities should disclose risks linked to cybersecurity and cybersecurity incidents.

As for privately-held companies, the guidance provides them with a roadmap for how to evaluate cybersecurity risks as part of their assessment of possible losses. Having a strong security-first approach minimizes the probability of breach, which means that a company’s financial statement can reflect assurance over data protection. This allows such a company to provide investors and financial services institutions with confidence over their assets.

FASB Accounting Standards Codification 606

While GAAP principles were initially released in May 2014, all private entities that make use of the principles have until December 31, 2019 to comply. The guidance, which is titled “Revenue from Contracts with Customers”, offers insights for recognizing revenue.

In matters of cybersecurity, vendors may work with their clients for at least a year. As such, the accounting standards require entities to take the principles-based review of the total amount and timing of revenue. While it was possible for entities to spread out revenue for long-term contracts, that’s no longer an option.

Although it sounds unrelated to cybersecurity, your most recent data collection and information technology systems may not be adequate for evaluating these new costs. With that, it might be necessary for you to involve more vendors. This further calls for extra cybersecurity monitoring to sustain your current security because you then have worry about external parties’ security situation.

Author Bio

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.  Learn more at