How to stay a step ahead on compliance

As a SaaS finance leader, if it feels like compliance is always putting obstacles in front of you, you’re not alone.

Compliance has morphed into a maze over the years, with each regulatory update adding new twists and turns for companies.

Non-compliance can result in significant financial penalties and even legal consequences, so it’s crucial for CFOs to be proactive rather than reactive, staying a step ahead at all times.

This is especially the case if your company has IPO aspirations.

In this article, we’ll be:

• Mapping out the compliance maze for you.
• Sharing best practices and focus areas.
• Exploring how compliance needs change on the path to an IPO.
• Explaining how to optimize compliance with enterprise software tools

Keep reading if you’re seeking clarity and confidence as you navigate the compliance maze.

Here’s what we’ll cover

Getting your bearings

Before we dive into the strategic side of compliance, it’s important to get the lay of the land.

Below are the main aspects of compliance that SaaS CFOs need to be mindful of.

A slip-up in any of these areas can result in large fines and put you another step behind your goal of unbroken compliance.

Federal and state regulations

SaaS companies need to adhere to all geographically applicable regulations. These can range from laws governing revenue recognition to those spelling out how SaaS companies can and can’t use customers’ data.

Below are some examples of federal and state regulations that apply to SaaS companies:

ASC 606

Accounting Standards Codification 606 (ASC 606) mandates a 5-step revenue recognition process for SaaS companies.

The basic idea is that organizations can’t report revenue from services they haven’t performed yet, even if those services have already been booked.

Otherwise, companies could inflate their profits to attract investors. 

IFRS 15

International Financial Reporting Standard 15 (IFRS 15) governs revenue recognition using many of the same rules as ASC 606, but it applies globally.

There are also minor differences in disclosure requirements and other areas.

CCPA

The California Consumer Protection Act of 2018 (CCPA) establishes consumers’ rights and companies’ obligations around collecting personal data in California.

It outlines disclosures that companies have to make to customers about the information they collect, why it’s necessary, and how they intend to use it.

That’s just the beginning of the compliance maze, though.

Audit requirements

You’ll also need to factor audit requirements and corporate governance into your compliance planning.

Be mindful that SaaS companies have a more complex auditing process than other businesses due to the nuances of operating on a subscription business model.

Cloud accounting software creates an automated audit trail, saving time and money when audit season rolls back around.

Accounting AI also offers detailed drill-down data into every transaction, customer contract adjustment, and deferred revenue waterfall at your company – all of which are important to the SaaS auditing process.

Listing requirements

Companies need to meet certain criteria before they can be publicly listed on a stock exchange.

You’ll need to meet the minimum eligibility standards before your IPO, and then you’ll be required to uphold another set of ongoing trading standards to avoid being delisted from the exchange.

Different exchanges have unique listing requirements but tend to focus on market capitalization, annual revenue, and share liquidity.

Sarbanes-Oxley Act

The SEC implemented the Sarbanes-Oxley Act (SOX) in 2002 after the Enron scandal shook the public’s confidence in securities markets.

SOX compliance involves following certain financial reporting standards and putting internal controls in place, such as:

• Employee access control
• Electronic audit tracking
• Data breach tracking and security

To comply with SOX, CFOs need to personally attest to the accuracy and fairness of their organization’s financial reporting.

CFOs also have to acknowledge personal responsibility over the reporting process, knowing they’ll be held legally accountable for non-compliance.

What priorities should you focus on?

You can simplify your compliance journey significantly by starting out with the right goals and priorities.

Some of your most critical focus areas should include:

Governance

Have you established clear roles, responsibilities, and expectations around your company’s compliance?

Is there a structure in place to monitor compliance progress and performance?

Risk assessment

Do you understand the compliance risks in your organization – financial reporting, fraud, third-party suppliers – and do you have the right people and technology to deal with these risks?

Company culture

Do you go the extra mile to explain to your employees why compliance is vital and provide them with the appropriate regulatory training?

As much as we wish they would, these things don’t magically fall into place.

You need to proactively set yourself up for success. Let’s see what that looks like.

Setting your company up for compliance success

Finding your way through the compliance maze is much easier when you have the right tools, people, and expertise in your department.

Making sure that happens will enable your organization to grow in a way that minimizes operational risks.

Otherwise, the larger your company becomes, the harder it will be to manage compliance at scale.

You can set your company up for compliance success by:

Getting stakeholders on board

When you get other stakeholders at your company to understand the value of compliance, everyone can rally behind a shared vision.

You’ll also encounter less stakeholder resistance around investing in compliance tools and automation.

Being clear on the benefits

The benefits of compliance extend far beyond compliance itself.

You’re not looking to tick boxes here. You’re setting up a framework to minimize your company’s financial and legal risks.

The more you can get stakeholders to understand that, the smoother your compliance journey will likely be.

Getting started now

When it comes to SaaS compliance, it’s all about being proactive.

Remember, non-compliance fines add up quickly and can be accompanied by legal trouble.

If you’re considering an IPO, the stakes are even higher, and the maze gets a few more twists and turns.

Luckily, we’ve got a roadmap for you.

Your IPO action timeline

As your company approaches the IPO stage, you need to empower yourself and your team to handle the compliance challenges of going public.

Dividing the process of IPO compliance into a 24-month timeline can make it much easier to manage.

Every company’s IPO journey is unique, so the three phases below will look slightly different for every organization.

But they’re still a useful roadmap to help you navigate a stressful – though exciting – time in your company’s evolution. 

Mobilize

This stage is where roles and responsibilities are assigned and clarified.

You’ll also scope out your organization’s overall IPO compliance needs and evaluate your company’s existing compliance infrastructure.

It occupies the first six months of our 24-month timeline. 

Execute

The execution phase comes next.

It involves documenting your compliance risks and controls, making necessary changes, and taking care of the administrative side of your compliance program.

The execution phase is the longest of the three, occupying twelve months of our IPO timeline.

Embed

The last stage is about making your new compliance program feel like business as usual.

You should emphasize robust employee training, fine-tune your control and compliance frameworks, and continue to monitor your results.

No matter where you are on the IPO timeline, it’s crucial to equip your department with the right tools to handle the increased compliance demands placed on public companies.

Manage compliance in real time with Sage Intacct

SOX compliance is crucial for public companies and organizations approaching an IPO.

Leading CFOs are turning to cloud financial management tools equipped with AI to help them stay a step ahead on compliance. 

Sage Intacct has everything you need to manage SOX compliance, including section 302, which regulates corporate responsibility for financial reports.

The software gives CFOs and other stakeholders access to:

Robust financial reporting

Sage Intacct delivers detailed income statements, balance sheets, and cash flow reports, along with consolidated reporting and business intelligence reports.

Flexible AI-powered revenue recognition

Automatically create revenue postings at pre-defined intervals that match your customer contracts.

Finance teams can associate revenue recognition with contract records or sales transactions.

Automated audit trails

Maintain unbroken compliance with a 24/7 audit trail.

Every API call is logged and reported, and you’ll also have an advanced audit trail for HIPAA compliance.

Role-based access

Users are assigned permission based on their role. User permissions create a firm segregation of duties.

For example, an individual who creates a vendor account will need someone else in the accounting department to authorize payments to that vendor.

Having the right accounting software makes all the difference as you approach an IPO.

PwC Control Insights for Sage Intacct

Sage Intacct also integrates with PwC Control Insights, a cloud-based tool that summarizes the health of your control environment in an intuitive dashboard.

Control Insights seamlessly connects with your company’s Sage Intacct data to help you:

• Gain insights into your financial controls, with prioritized steps for action.
• Build the resilience and maturity of your finance function as you scale.
• Form the foundation of a compelling equity and investment story.

Together, Sage Intacct and PwC Control Insights can keep you compliant at every stage of your IPO journey.

Learn the latest compliance best practices

The compliance landscape is constantly shifting for SaaS and tech companies.

That’s why compliance best practices were a major topic of discussion at the Modern SaaS Finance Forum.

Hosted by Sage Intacct in June, the full-day digital event was attended by 2,000+ SaaS industry leaders, investors, and experts eager to discuss the latest tools, trends, and best practices.

The conference was divided into twenty-minute sessions, with three different learning tracks for CFOs, RevOps managers, and controllers at SaaS, high-tech, and AI companies.

After receiving phenomenal feedback, we’ve made the forum sessions digitally available to anyone who wants to listen and learn.

Feel free to download as many as you’d like.

You can check them out here.