fbpx

Auditing Cloud Computing Services Companies:
Key Considerations for Hong Kong Auditors

Facebook
Twitter
LinkedIn
WhatsApp
Email
Part 1: Revenue Recognition in Cloud Computing Services​

Accurate revenue recognition is a crucial aspect when auditing cloud computing services companies. HKFRS 15 “Revenue from Contracts with Customers” provides guidance on when and how to recognize revenue. For cloud computing services companies, revenue recognition may involve various considerations, such as subscription-based contracts, usage-based billing, and upfront fees. Key factors to consider include:

1. Identifying the contract: Ensure that a legally enforceable contract exists between the company and its customers, outlining the rights, obligations, and payment terms for all parties involved.

2. Identifying performance obligations: Analyze the goods and services promised to customers and determine if they constitute separate performance obligations. For cloud computing services, this may involve evaluating software licenses, data storage, and support services.

3. Determining the transaction price: Examine the contract to identify the total amount the company expects to receive in exchange for satisfying its performance obligations.

4. Allocating the transaction price: Allocate the transaction price to each performance obligation based on the relative standalone selling price.

5. Recognizing revenue: Recognize revenue when the company satisfies a performance obligation by transferring control of a good or service to the customer. For cloud computing services, this may involve recognizing revenue over time or at a point in time, depending on the nature of the performance obligation.

Illustrative Example 1: Application of HKFRS 15 - Revenue Recognition

For example, Audit Program 3.0 would include the following audit documentation on the Revenue Recognition in the Cloud computing services industry when applying HKFRS as follows.  This documentation would typically be included in the Engagement Planning Meeting Minutes in Section C of the APM:

“Revenue Recognition for a Cloud Computing Services Entity under Hong Kong Financial Reporting Standards (HKFRS)


In a typical mid-sized cloud computing services company with an annual revenue of about $90 million, the revenue recognition process consists of identifying the performance obligations within the customer contracts, determining the transaction price, allocating the transaction price to the performance obligations, and recognizing revenue when the performance obligations are satisfied, in line with HKFRS 15 Revenue from Contracts with Customers.


 Identifying Performance Obligations
A cloud computing services entity typically offers various services, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The contracts with customers may include multiple performance obligations, depending on the specific services provided. Performance obligations are the distinct goods or services promised in a contract.


 Determining the Transaction Price
The transaction price is the amount of consideration the entity expects to receive in exchange for transferring the promised goods or services to the customer. This may include fixed fees, usage-based fees, or a combination of both. The transaction price should be adjusted for any variable consideration, such as discounts or refunds, if there is a high probability that a significant revenue reversal will not occur.


 Allocating the Transaction Price to Performance Obligations
The entity allocates the transaction price to the identified performance obligations based on the relative standalone selling prices of the goods or services. If the standalone selling prices are not directly observable, the entity estimates them using a suitable method, such as the cost-plus margin approach or the adjusted market assessment approach.


 Proper Timing of Revenue Recognition and Application of the Over-Time or Point-in-Time Approach
Under HKFRS 15, revenue is recognized when the performance obligations are satisfied, either over time or at a point in time, depending on the specific services provided.


 Revenue Recognition for IaaS, PaaS, and SaaS Services

  1. IaaS: Revenue is recognized over time, as the customer simultaneously receives and consumes the benefits of the infrastructure resources provided by the entity. The revenue is typically recognized based on the actual usage of resources or on a fixed monthly fee basis.
  2. PaaS: Revenue is recognized over time, as the customer simultaneously receives and consumes the benefits of the platform resources provided by the entity. The revenue is typically recognized based on the actual usage of resources or on a fixed monthly fee basis.
  3. SaaS: Revenue is recognized over time, as the customer simultaneously receives and consumes the benefits of the software service provided by the entity. The revenue is typically recognized based on the number of users, the actual usage of the software, or on a fixed monthly fee basis.


 Documents and Records for Revenue Recognition in a Cloud Computing Services Entity
To accurately recognize revenue, the accounts team should maintain the following documents and records:

1. Customer contracts: These should detail the terms and conditions of the services provided, the fees and payment terms, and any performance-related incentives or penalties. The contracts should be reviewed to identify the performance obligations and to determine the transaction price.

  1. Usage reports: These reports provide detailed information on the actual usage of resources, such as server capacity, data storage, or data transfer, by the customers. These reports are crucial for recognizing revenue based on actual usage in IaaS, PaaS, and SaaS services.
  2. Billing and invoicing records: These records contain information on the fees charged to customers, any discounts or refunds provided, and the payment terms. The accounts team should ensure that the revenue recognized is consistent with the invoiced amounts and that any variable consideration is appropriately accounted for.
  3. Stand-alone selling prices: The accounts team should maintain records of the stand-alone selling prices for the goods or services provided, or the methods used to estimate them. These prices are necessary for allocating the transaction price to the performance obligations.
    In conclusion, revenue recognition for a cloud computing services entity under HKFRS involves identifying the performance obligations, determining the transaction price, allocating the transaction price to the performance obligations, and recognizing revenue when the performance obligations are satisfied. By understanding these principles and maintaining the necessary supporting documents, the accounts team can ensure accurate and timely revenue recognition.
Part 2: Understanding the Design and Implementation of Internal Controls within the Revenue Recognition Business Process

Evaluating the design and implementation of internal controls related to revenue recognition is critical when auditing cloud computing services companies. Key areas to assess include:

1. Segregation of duties: Assess whether there is an appropriate division of responsibilities among employees involved in the revenue recognition process to minimize the risk of errors or fraud.

2. Authorization and approval: Verify that contracts, pricing changes, and discounts are authorized and approved by the appropriate personnel.

3. Revenue recognition policies and procedures: Review the company’s policies and procedures for recognizing revenue to ensure they comply with HKFRS 15 requirements.

4. Periodic review and reconciliation: Confirm that revenue transactions are periodically reviewed and reconciled to supporting documentation, such as customer contracts and usage data.

5. Monitoring and review of estimates: Examine the company’s process for reviewing and updating estimates used in the revenue recognition process, such as the standalone selling price and the expected duration of customer contracts.

Understanding the intricacies of revenue recognition and internal controls in cloud computing services companies can help auditors provide valuable insights and support to their clients.

Illustrative Example 2: System Notes on Internal Controls in Revenue Business Process

For example, Audit Program 3.0 would include the following illustrative audit documentation when understanding the internal controls in the revenue business process of a client operating in the Cloud computing services industry when applying HKFRS as follows.  This documentation would typically be included in section C5.1 of the APM:

“  1. Control: Review and Approval of Customer Contracts
Type of control: Preventive
Frequency: As and when contracts are entered into
Person responsible: Accounts Manager
Walkthrough:
1. The Operations Manager negotiates and finalizes the terms and conditions of a customer contract.
2. The Operations Manager sends the finalized contract to the Accounts Manager for review.
3. The Accounts Manager reviews the contract to ensure that the terms and conditions, fees, payment terms, and any performance-related incentives or penalties are accurate and complete.
4. The Accounts Manager approves the contract and informs the Operations Manager.
5. The Operations Manager proceeds with the execution of the contract.

  1. Control: Identification of Performance Obligations and Calculation of Transaction Prices
    Type of control: Preventive
    Frequency: Monthly
    Person responsible: Accounts Manager
    Walkthrough:
    1. The Accounts Manager reviews the approved customer contracts to identify the performance obligations, in line with HKFRS 15 Revenue from Contracts with Customers.
    2. The Accounts Manager calculates the transaction prices for each contract, considering fixed fees, usage-based fees, and any variable consideration.
    3. The Accounts Manager documents the performance obligations and transaction prices in a revenue recognition worksheet.
  2. Control: Allocation of Transaction Prices to Performance Obligations
    Type of control: Preventive
    Frequency: Monthly
    Person responsible: Accounts Manager
    Walkthrough:
    1. The Accounts Manager reviews the stand-alone selling prices of the goods or services provided, or the methods used to estimate them.
    2. The Accounts Manager allocates the transaction prices to the identified performance obligations based on the relative stand-alone selling prices, in line with HKFRS 15.
    3. The Accounts Manager updates the revenue recognition worksheet with the allocated transaction prices.

  3.  Control: Timely Revenue Recognition
    Type of control: Detective
    Frequency: Monthly
    Person responsible: Accounts Manager
    Walkthrough:
    1. The Accounts Manager reviews the usage reports provided by the Operations Manager, documenting the actual usage of resources by the customers for IaaS, PaaS, and SaaS services.
    2. The Accounts Manager recognizes revenue when the performance obligations are satisfied, in line with HKFRS 15. This is typically done on an over-time basis for IaaS, PaaS, and SaaS services.
    3. The Accounts Manager updates the revenue recognition worksheet with the recognized revenue amounts.
  4. Control: Reconciliation of Invoices and Revenue Recognition
    Type of control: Detective
    Frequency: Monthly
    Person responsible: Accounts Clerk
    Walkthrough:
    1. The Accounts Clerk prepares a monthly sales register, detailing the invoiced amounts for each customer.
    2. The Accounts Clerk reconciles the sales register with the revenue recognition worksheet prepared by the Accounts Manager, ensuring that the recognized revenue amounts are consistent with the invoiced amounts and that any variable consideration is appropriately accounted for.
    3. The Accounts Clerk reports any discrepancies to the Accounts Manager for investigation and resolution.
  5. Control: Review and Approval of Journal Entries
    Type of control: Preventive
    Frequency: Monthly
    Person responsible: Director
    Walkthrough:
    1. The Accounts Manager prepares journal entries for revenue recognition, sales receipts, and sales posting based on the reconciled revenue recognition worksheet.
    2. The Accounts Manager submits the journal entries to the Director for review and approval.
    3. The Director reviews the journal entries to ensure that they are accurate, complete, and compliant with HKFRS.
    4. The Director approves the journal entries and informs the Accounts Manager.
    5. The Accounts Manager posts the approved journal entries to the general ledger.
    In conclusion, this documentation provides a detailed walkthrough of the internal controls related to revenue recognition, sales receipts, and sales posting for a small-sized cloud computing services entity, compliant with HKFRS. By following these controls, the entity can effectively prevent, detect, and correct misstatements in its financial statements.”



Now, let’s discuss the transformative capabilities of Audit Program 3.0. This innovative software automates the generation of customized audit programs, risk identification and assessments, and internal control documentation. By selecting the client’s industry and financial reporting framework, Audit Program 3.0 creates tailored working papers that save time and effort while ensuring compliance with AFRC standards.



In conclusion, understanding revenue recognition and internal controls is crucial when auditing cloud computing services companies adopting HKFRS. By leveraging the power of Audit Program 3.0, Hong Kong auditors can streamline their work, enhance efficiency, and elevate audit quality to new heights. Experience the transformative impact of Audit Program 3.0 on your practice and watch your client relationships thrive.



PHP Code Snippets Powered By : XYZScripts.com
Scroll to Top
× Contact us!