Understand CUECs for Effective Lease Accounting Software
Managing lease accounting under ASC 842 often introduces significant complexities, particularly when we're relying on third-party software solutions. For controllers, accounting managers, and auditors, ensuring the accuracy and completeness of lease data processed by these systems is paramount. That objective is directly supported by robust complementary user entity controls (CUECs) for lease software. We define CUECs as the controls an organization (the user entity) implements to supplement its service provider's (the lease software vendor) controls to achieve complete and accurate financial reporting. These controls are critical for maintaining the integrity of lease data, from initial identification to ongoing accounting treatment and disclosure. Without effective CUECs, even the most sophisticated lease accounting software can't fully guarantee compliance with complex standards such as ASC 842. Understanding these controls is also key to assessing ASC 842 controls effectively during an audit. Here, we'll detail what CUECs actually entail, why they're vital for lease accounting compliance, and how auditors evaluate their effectiveness to manage audit risk related to lease accounting.
What Auditors Are Actually Looking For
When we're auditing an entity that uses third-party lease accounting software, we place significant emphasis on the design and operating effectiveness of related controls. This includes both the controls implemented by the service organization (often documented in a SOC 1 report) and the complementary user entity controls (CUECs) for lease software. Auditors aren't just looking for evidence of software use; we're scrutinizing the processes an organization has in place to ensure the software processes data accurately and completely.
The completeness assertion refers to our objective as auditors to verify that all transactions and accounts that should be recorded have been included in the financial statements. For lease accounting, this means ensuring every lease agreement, including embedded lease discovery, is captured. We'll apply a risk-based approach to confirm the lease population is comprehensive. This includes inquiries, reviews of lease agreements, and testing of reconciliation procedures.
✅ Best Practice: Proactive organizations perform regular self-assessments of their CUECs, often aligning with the same criteria auditors use. This helps identify and remediate weaknesses before external audit scrutiny.
Auditors typically examine several key control areas, as highlighted by leading firms like Deloitte1. We assess the control environment, risk assessment processes, control activities, information and communication, and monitoring activities specific to lease accounting.
Q: How do auditors test complementary user entity controls (CUECs) for lease software? A: Auditors test CUECs by examining documentation of control design, performing walkthroughs with staff responsible for executing the controls, inspecting evidence of control performance (e.g., reconciliations, review sign-offs), and re-performing control activities on a sample basis. This includes verifying that inputs to the software are accurate and complete, and outputs are reviewed and reconciled.
Key Audit Focus Areas for Lease Software
Here’s a summary of what we, as auditors, prioritize:
| Audit Focus Area | Description | Audit Procedure Examples |
|---|---|---|
| Completeness | Assurance that all leases are identified and entered into the software. | Review lease abstraction process, trace new contracts to software, lease identification testing. |
| Accuracy | Verification that lease data (start dates, payments, rates) is correctly entered and processed. | Reconcile software output to source documents, recalculate samples of lease schedules. |
| Validity | Confirmation that all recorded leases are real and authorized. | Review lease approvals, match lease entries to physical contracts. |
| Period Cut-off | Ensuring leases and associated expenses are recorded in the correct accounting period. | Examine effective dates, review journal entry posting dates. |
| Disclosure | Checking that all required ASC 842 disclosures are accurate and adequately supported by the software. | Compare disclosures to software reports and underlying data, verify footnote completeness. |
| Segregation of Duties | Evaluating whether incompatible functions are separated within the lease accounting process. | Observe roles and responsibilities, review access rights within the software. |
| Change Management | Assessing controls over modifications to lease terms or software configurations. | Review change logs, verify approval processes for lease amendments. |
To fully address audit expectations, organizations really should review detailed guidance on their ASC 842 internal control framework to ensure their CUECs align with industry best practices and auditor expectations.
Key Risks and Failure Points
Inadequate complementary user entity controls (CUECs) for lease software expose an organization to significant financial reporting risks. These risks often stem from a misunderstanding of the user entity's responsibilities versus the software provider's.
- Incomplete Lease Population: Failing to identify all leases that fall under ASC 842 can lead to material misstatements. This risk is particularly high with embedded leases, which are often overlooked because they aren't explicitly labeled as "leases" in contracts. For example, a contract for cloud services might include the right to use specific servers for a defined period, creating an embedded lease.
- Inaccurate Lease Data: Data entry errors, incorrect lease classifications, or the use of outdated information can result in miscalculated ROU asset controls and lease liability balances. If the initial data abstracted from a lease agreement is erroneous, the software will process flawed data, leading to incorrect accounting.
- Lack of Reconciliation: Without periodic reconciliation of software outputs to the general ledger and supporting documentation, discrepancies can go undetected. This can mask underlying issues with data integrity or software processing.
- Ineffective Review Processes: Merely running reports from lease software without a thorough, documented review by qualified personnel constitutes a control weakness. This can result in financial statements containing undetected errors relating to lease expenses, ROU asset amortization, and liability accretion.
- Insufficient Change Management: Changes to lease terms (e.g., extensions, modifications, terminations) or software configurations without proper authorization and testing can lead to inaccurate financial reporting. This is a common pitfall that often results in audit findings.
⚠️ Risk Alert: A common audit finding we see relates to companies overlooking service contracts for embedded lease discovery. Many organizations only review traditional real estate or equipment leases, missing significant embedded lease exposures. This can directly impact the completeness assertion.
Consider a retail company with hundreds of store leases and vehicle leases. If their process for on-boarding new leases involves only the real estate department and doesn't explicitly involve accounting review of the underlying documents for lease components, there's a high risk of material leases or modifications not making it into the lease software. This is a CUEC failure that impairs the accuracy of ROU assets and lease liabilities on the balance sheet. For more insights, refer to common mistakes in lease control documentation.
Calculation Example: Impact of an Unidentified Embedded Lease
Scenario: A company enters into a five-year contract for dedicated warehouse space within a larger logistics facility. The operations team classifies the contract as a service agreement. However, the company implicitly controls the use of an identified asset (specific bays in the warehouse) for a period of time, making it an embedded lease under ASC 842. The annual lease payments are $60,000, and the incremental borrowing rate is 5%.
| Component | Value | Calculation |
|---|---|---|
| Annual Lease Payment | $60,000 | Given |
| Number of Years | 5 | Given |
| Incremental Borrowing Rate | 5% | Given |
| Present Value Factor (5 yrs, 5%) | 4.329477 | Calculated (PVAF = (1 - (1 + i)^-n) / i) |
| Initial Lease Liability | $259,769 | $60,000 x 4.329477 (Initial lease liability should reflect current value of future payments) |
| Initial ROU Asset Value | $259,769 | Generally equal to initial lease liability for operating leases, before initial direct costs or incentives. |
Key Takeaway: If this embedded lease isn't identified and recorded in the lease software, the company's balance sheet will be understated by $259,769 for both the ROU asset and lease liability. This represents a material misstatement that auditors would identify through lease identification testing, highlighting the criticality of effective CUECs.
Practical Checklist for Effective CUECs
Implementing robust complementary user entity controls (CUECs) for lease software requires a structured approach. This checklist provides a framework for controllers and accounting managers to ensure their controls are effective and meet audit expectations.
| Control Area | Checklist Item | Evidence of Control Performance |
|---|---|---|
| Lease Identification | Establish formal procedures for reviewing ALL new and existing contracts for embedded lease discovery. | Documented contract review checklists, meeting minutes, communication with procurement/legal. |
| Data Input & Abstraction | Implement a standardized lease abstraction process, capturing all required data elements accurately. | Abstraction templates, completed abstraction forms, dual-reviewer sign-offs. |
| Classification & Remeasurement | Ensure criteria for lease classification (operating/finance) and remeasurement events are uniformly applied. | Documented classification decision trees, audit logs of software changes, review records. |
| Software Configuration | Maintain documentation of all critical software configurations and settings, with authorized changes only. | Configuration logs, change request forms, documented approval for changes. |
| Output Reconciliation | Perform monthly/quarterly reconciliation of lease software outputs (e.g., journal entries) to the general ledger. | Reconciliation worksheets, variance analysis, GL tie-out documentation. |
| Financial Reporting Review | Implement a multi-level review process for all lease-related financial statements and disclosures. | Reviewer sign-offs on reports, management review meeting minutes. |
| Data Security & Access | Ensure appropriate user access controls are in place for the lease software, adhering to company policies. | User access reviews, access matrices, audit logs for sensitive data changes. |
| Training & Competence | Provide regular training to personnel involved in lease accounting on ASC 842 and software usage. | Training logs, competency assessments. |
💡 Key Takeaway: For lease accounting compliance, simply owning software is insufficient. The effectiveness relies on the human processes (CUECs) surrounding its use. This checklist helps ensure these processes are robust.
Q: How to identify embedded leases in contracts?
A: Identifying embedded leases requires a systematic review of all service, supply, and outsourcing agreements. Look for provisions that grant the right to use a specific asset (e.g., particular manufacturing equipment, designated data center servers, specific transportation vehicles) for a period of time, where your entity controls how and for what purpose that asset is used. Keywords like "dedicated," "exclusive use," or "specific capacity" can be indicators.
How Accounting Teams Should Validate Their Approach
Validation of CUECs is an ongoing process, not a one-time event. Accounting teams must establish a clear methodology to confirm their controls are operating as intended, generating reliable lease accounting data. This proactive validation is critical for a smooth audit and for ensuring accurate financial reporting.
One key aspect of validation is lease identification testing. This involves periodically taking a sample of contracts that were initially not classified as leases and re-evaluating them for lease components. This helps confirm the effectiveness of the initial screening process for embedded lease discovery. For instance, an internal audit team or an independent accounting function could select a sample of 25-50 new service contracts annually and verify the initial lease assessment.
Essential validation steps include:
- Documentation Review: Periodically review and update all control documentation, including process narratives, flowcharts, and control matrices. Ensure they accurately reflect current operations.
- Walkthroughs: Conduct regular walkthroughs of the lease accounting process with relevant personnel. This verifies that controls are being performed as documented and identifies potential disconnects between policy and practice.
- Independent Recalculation: Select a sample of lease agreements and independently recalculate initial ROU asset and lease liability measurements, as well as subsequent amortization and accretion schedules. Compare these to the software's output. Any material differences should trigger further investigation.
- Reconciliation Verification: Not only performing reconciliations but also verifying the reconciliation process itself. This means reviewing prior reconciliations for outstanding items, unresolved discrepancies, and timely follow-up.
- Output Review & Analytical Procedures: Critically review the financial reports and disclosures generated by the lease software in conjunction with financial statement analytics. Significant fluctuations or unexpected trends in lease expense, ROU assets, or lease liabilities should be investigated.
- User Access Reviews: Periodically review who has access to the lease software and what level of permissions they possess, ensuring appropriate segregation of duties.
The Financial Accounting Standards Board (FASB) provides guidance on lease accounting in ASC 842-10-15 2, which sets the stage for what needs to be controlled. Adherence to this guidance, coupled with strong internal controls, forms the backbone of reliable lease accounting. For example, ensuring that the software's classification output aligns with the ASC 842-10-15 definition of a finance or operating lease is a key validation step.
Common Mistakes and How to Avoid Them
Even with dedicated lease software, organizations often make common mistakes in their complementary user entity controls (CUECs) for lease software controls that can lead to audit scrutiny and financial misstatements. Understanding these pitfalls is the first step toward avoidance and strengthening overall lease accounting compliance.
| Common Mistake | How to Avoid / Best Practice | Audit Impact |
|---|---|---|
| Reliance solely on software vendor's SOC 1 report. | Understand the scope of the SOC 1 report and explicitly define internal CUECs to cover what the report doesn't. | Auditor will question the completeness and adequacy of user controls for areas not covered by SOC 1. |
| Lack of formal control over data input. | Implement a standardized, documented lease abstraction and input process with review/approval steps. Make sure lease controls procedures are followed. | Risk of material misstatement due to inaccurate ROU assets and lease liabilities. |
| Ignoring lease modifications or remeasurements. | Establish clear triggers and processes for capturing and processing lease modifications promptly within the software. | Incorrect lease expense, ROU asset, and liability balances; non-compliance with ASC 842 guidance. |
| Inadequate reconciliation of software output to general ledger. | Perform and document regular, detailed reconciliations. Investigate and resolve variances immediately. | Undetected errors in lease accounting; auditor difficulties in vouching balances. |
| Insufficient review of generated reports and disclosures. | Mandate and document a robust review process by knowledgeable personnel for all lease reports and disclosures. | Inaccurate financial statement disclosures, potentially misleading users of financial statements. |
| Poor change management over lease terms or software settings. | Implement formal change control procedures for lease software configurations and lease agreements. | Inconsistency in lease accounting, potential for unauthorized changes or errors. |
| Lack of clear roles and responsibilities for lease accounting. | Define specific roles, responsibilities, and segregation of duties for all lease accounting activities. | Control environment weaknesses, increased risk of error or fraud. |
🚨 Critical: Failure to identify all leases, particularly embedded leases, is a prevalent and significant audit finding. It impacts the completeness assertion and can lead to material understatement of both assets and liabilities on the balance sheet.
Q: What documentation is required for complementary user entity controls (CUECs) for lease software? A: Key documentation includes detailed process narratives, control matrices, evidence of control performance (e.g., signed reconciliation reports, review checklists), training records, change management logs for software configurations, and user access review reports. This verifiable documentation demonstrates the operating effectiveness of controls to auditors.
What Strong Execution Looks Like in Practice
Organizations that excel in implementing complementary user entity controls (CUECs) for lease software experience smoother audits and more reliable financial reporting. This strong execution translates into fewer audit findings, quicker sign-offs, and increased confidence from stakeholders. It moves beyond merely having the controls in place to demonstrating their consistent and effective operation.
A well-executed CUEC environment means:
- Timely Lease Identification: All new contracts are systematically reviewed, and any lease components, including embedded lease discovery, are identified and abstracted into the lease software within a defined timeframe, e.g., 30 days of contract execution. This prevents the "what are the risks of incomplete lease population" scenario.
- Accurate Data Entry: Lease data is consistently abstracted and validated against source documents with a low error rate (e.g., less than 1% detected errors upon review).
- Automated Workflows with Human Oversight: Leveraging the software's automation features for calculations and journal entries, coupled with a robust, documented human review and approval process before posting.
- Proactive Issue Resolution: Any discrepancies identified during reconciliation or review processes are investigated, documented, and resolved promptly, with root causes addressed to prevent recurrence.
- Continuous Improvement: Regular assessments of CUEC effectiveness are performed, leading to iterative improvements in processes and documentation. This might involve an internal audit review every 12-18 months.
- Clear Communication with Auditors: Providing auditors with readily available, comprehensive documentation of CUECs, including proof of execution, significantly streamlines the audit process. PwC, for instance, emphasizes the importance of clear audit trails for lease accounting3.
Consider a manufacturing company that processes hundreds of equipment leases and maintains numerous embedded leases within supply contracts. With strong CUECs, their accounting team uses a centralized contract review system that automatically flags contracts over a certain dollar threshold for lease component analysis. Abstracted lease data is peer-reviewed before software input. Each month, the lease accounting manager reviews the software-generated journal entries and performs a reconciliation to the general ledger, investigating any variance over $500. This disciplined process ensures accurate ROU assets, ROU asset controls, and lease liabilities, leading to a clean audit opinion on their lease accounting. This commitment results in strong lease accounting compliance.
Next Steps
Establishing and maintaining effective complementary user entity controls (CUECs) for lease software is an ongoing process. To strengthen your organization's lease accounting and ensure audit readiness, consider these immediate actions:
- Review your current lease identification process for completeness, paying special attention to service contracts that may contain embedded leases.
- Document or update your CUECs, ensuring they address data input, processing, and output reconciliation activities performed by your accounting team.
- Plan and execute a walkthrough of your end-to-end lease accounting process, from contract inception to financial statement disclosure, challenging each control point.
Related Articles
- Implementing Top 10 Lease Accounting Internal Controls
- Auditing ASC 842 Lease Accounting: An Auditor’s Guide
- SOC 1 for Lease Accounting Software: What You Need to Know
- Ultimate Guide to ASC 842 Lease Accounting
