Auditors assess revenue recognition controls by combining a standards-based risk assessment with targeted control testing to determine whether revenue is fairly presented under applicable rules. Guidance from PCAOB staff Public Company Accounting Oversight Board emphasizes integrated tests of controls and financial statement assertions, while FASB staff Financial Accounting Standards Board provides the accounting framework such as ASC 606 that defines when revenue should be recognized. Practical guidance from KPMG LLP supplements these sources with industry examples auditors often follow.
Assessing design and implementation
The auditor first evaluates the design of controls to see whether they could prevent or detect material misstatements. This involves understanding the revenue cycle, reviewing policies that map transactions to ASC 606 criteria, and performing walkthroughs that trace sample transactions from contract initiation through invoicing and cash receipt. Walkthroughs test whether controls are implemented as described and reveal process variations across product lines or territories that may require different tests. Auditors will also consider the control environment, segregation of duties, and IT systems that route contracts and billing—areas where IT general controls often determine whether automated controls are reliable.
Testing operating effectiveness
After design assessment, auditors test the operating effectiveness of key controls. Procedures commonly include reperformance of reconciliations, inspection of authorization evidence, observation of control performance, and sampling of transactions for cutoff accuracy. When controls are absent or deemed ineffective, auditors increase substantive testing, using analytical procedures, contract inspection, and third-party confirmations to obtain evidence about timing and measurement of revenue. Because revenue often involves estimates and judgment, auditors focus on management override risks and the controls around estimates, disclosures, and related-party contracts.
Consequences of weak revenue controls include heightened risk of material misstatement, regulatory scrutiny, restatements, and reputational harm. In cross-border operations, auditors must also account for differing legal frameworks and cultural incentives such as performance-based compensation that may pressure revenue recognition. Careful documentation of procedures and reliance on authoritative guidance from PCAOB staff Public Company Accounting Oversight Board and FASB staff Financial Accounting Standards Board, alongside firm-level guidance like that from KPMG LLP, strengthens audit defensibility and public trust.