Settings
Tenant-level configuration. Connect ERP/CRM systems, toggle accounting standards, manage audit team access, configure materiality thresholds, roles, approval chains, fiscal calendar, notifications, and the immutable settings audit log. All changes are logged and may require SOX 404 4-eye approval.
Integrations
— ERP / CRM / billing connectionsN
NetSuite✓CONNECTEDoauth-2.0
Tenant production instance · OAuth 2.0
last sync 2026-05-04 14:22 UTC
S
Salesforce + CPQ✓CONNECTEDoauth-2.0
External Client App · tenant Salesforce org
last sync 2026-05-04 14:18 UTC
St
Stripe Billing✓CONNECTEDapi-key
API key · webhooks active
last sync 2026-05-04 13:55 UTC
Sg
Q
QuickBooks Online◇AVAILABLEoauth-2.0
Connect to import customers + invoices
H
HubSpot via Workato◇MIDDLEWAREmiddleware-workato
10+ triggers via Workato recipe library
Accounting standards
— Per-tenant electionASC 606✓ENABLED4-eye approval
US GAAP — Revenue from Contracts with Customers
ASC 340-40✓ENABLED4-eye approval
Other Assets and Deferred Costs — Contract Costs
IFRS 15◇TOGGLEABLE4-eye approval
IASB — Revenue from Contracts with Customers
ASC 958-605◇OFF4-eye approval
Not-for-Profit — Revenue Recognition (NFP routing)
ASU 2018-08◇OFF4-eye approval
Contributions Received and Made (exchange-vs-contribution)
Audit team access
— Roles, grants, and read-only sessionsRC
Revenue Controller
Controller · preparer + reviewer
Sa
Senior accountant
Preparer
Fd
Finance director
Approver + poster
Ea
External auditor (engagement of record)
Read-only · external audit
Security & compliance
— Encryption, audit trail, retentionTenant encryption key (CMK)
sample/asc606/contract-cmk · KMS · us-east-1
Audit trail retention
S3 Object Lock Compliance mode · 7 years
Merkle anchor
Sigstore Rekor · daily root @ 00:00 UTC
SOC 2 Type II
Audit window: Jan 1 – Dec 31 2026 · in observation
ISO 27001
Stage 1 audit · scheduled Aug 2026
Data residency
us-east-1 · eu-central-1 (read-replica)
CMK rotation cadenceAnnual rotation
CIS Control 5 + NIST SP 800-53 SC-12 baseline
v1: universal annual cadence. Per-tenant cadence deferred to v2 — RESEARCH §11 Q1 prefers per-tenant rotation, but Tenant interface extension is required (out of scope this phase).Password policy
12+ chars · upper+lower+digit+symbol · 90-day max age
MFA enforcement on Approver4-eye approval
Required for Controller / CFO / Tenant Admin / EQR
Materiality thresholds
— SAB 99 + SAB 108 + AS 2105 + AU-C 320Base
Pre-tax income from continuing operations
Quantitative %
5.0%
Computed dollar threshold
Auto-derive from base × %
Performance materiality
75%
Trivial threshold
5%
Per-period reset
Resets every period
4-eye approvalMid-period change is a SOX 404 ICFR change-management event — triggers approver chain + immutable audit-log entry per AS 1215 ¶6 (effective 12/15/2025) (RESEARCH §1.5 + §6.3).
SAB 99 qualitative-factor checklist
Each factor below can render an immaterial misstatement material in context. Document rationale beneath the list.
Roles & permissions
— RBAC for revenue rec — NIST AC-2/AC-5; CIS 5/6Separation of Duties enforced
Preparer ≠ Reviewer ≠ Approver ≠ Tenant Admin on the same period (NIST AC-5; SOX 404 ICFR).
Tenant Admintenant-wide
Permissions
- • Settings r/w
- • Grant/revoke access
- • CMK rotation
- • Role assignment
SoD restrictions
- • Cannot self-approve materiality changes
- • Cannot also be Reviewer or Preparer on same period
Controller / VP Financetenant-wide
Permissions
- • Approve PO judgments
- • Post journal entries
- • Lock period
- • Configure materiality (with 4-eye gate)
SoD restrictions
- • Cannot also be Preparer of same period
- • Cannot grant External-Auditor access without Tenant-Admin co-sign
Reviewerper-period
Permissions
- • View all PO judgments
- • Approve / reject preparer submissions
SoD restrictions
- • Cannot post journal entries
- • Cannot alter materiality
Preparerper-period
Permissions
- • Create / edit PO judgments
- • Request approval
- • Draft journal entries
SoD restrictions
- • Cannot self-approve
- • Cannot post
- • Cannot alter materiality
External Auditor (read-only)time-bounded
Permissions
- • View all data
- • View audit log
- • View judgment overrides
- • Export
SoD restrictions
- • Cannot edit any setting
- • Cannot make any state change
Engagement Quality Reviewerfiscal-year
Permissions
- • Same as External Auditor + concurring approval (SQMS 2 / AS 1220 effective 12/15/2025)
SoD restrictions
- • Not engagement partner of either of the two prior periods (SQMS 2 cooling-off)
- • Partner-equivalent only
Read-only (executive / board)tenant-wide
Permissions
- • Dashboard
- • Reports
SoD restrictions
- • Cannot drill to individual contract
- • Cannot view audit log
MFA required for Approver / Controller / CFO / Tenant Admin (CIS Control 6 IG2).CIS Critical Security Controls v8.1 — Control 6 (Access Control Management) · IG2 baseline
Approval workflow
— Sign-off chain · AS 1220 + AICPA SQMS 1+2 (effective 12/15/2025)Sign-off chain
- 5External AuditorExternal auditor (engagement of record)Attest (read-only)
Soft-warn — AICPA SQMS 2 reviewer eligibility
AICPA SQMS 2 (effective Dec 15, 2025) — Engagement quality reviewer (EQR) cannot have been the engagement partner of either of the prior two periods (cooling-off rule). EQR must be partner-equivalent only. The platform soft-warns on conflicting assignments; configure 'EQR required = false' for engagements where SQMS 2 EQR is not required.
Period-lock state machine
Re-opening a closed period triggers ASC 855 subsequent-events review.
Open
Edit: Preparer
Unlock: n/a (already open)
In review
Edit: Preparer (read-only after submit)
Unlock: Reviewer
Approved
Edit: Locked from preparer
Unlock: Controller
Locked
Edit: No one
Unlock: CFO + Audit Committee (4-eye)
Re-openedMerkle-anchored
Edit: Preparer (post-unlock)
Unlock: Triggers ASC 855 subsequent-events disclosure review
Fiscal calendar
— Period close · cutoff grace · auto-lock · ASC 855 subsequent eventsFiscal year-end
Dec 31
Reporting cadence
Quarterly (10-Q)
Period-cutoff grace
5 business days
Materiality reset cadence
Per-quarter
Auto-lock after period close
30 days
Calendar / fiscal alignment
Calendar quarters align with fiscal quarters.
4-eye approvalFY year-end change is a SOX 404 ICFR change-management event — must be approved by Tenant Admin + CFO + audit-committee notification.
AS 2105 — Consideration of Materiality in Planning and Performing an Audit · AS 2810 + ASC 855Re-opening a closed period is a subsequent-events disclosure trigger (ASC 855).
Notification preferences
— Events × channels matrix · control events are non-mute-ableChannels marked non-mute-able cannot be opted out — these are control events under SAB 99 / SOX 404 (RESEARCH §5.3).
Event
Default recipient
Channels
Escalation
Authority
Low-confidence judgment posted
Reviewer
in-appemail
24h
Override applied to platform recommendation
Controller
in-appemailaudit-log-onlyNon-mute-able
—
Materiality threshold change proposed
CFO
emailslackaudit-log-onlyNon-mute-able
48h
Period-lock approaching
Preparer
in-appsms
—
Disclosure-pack drift detected
Controller
in-appemailNon-mute-able
—
Reg FD risk on IR draft
Disclosure Cmte
emailaudit-log-onlyNon-mute-able
—
Engagement quality reviewer concurring approval pending
EQR
email
—
External-auditor access expiring
Tenant Admin
emailNon-mute-able
—
Settings change requires 4-eye approval
Tenant Admin
in-appemailNon-mute-able
72h
CAM linkage needs attention
Controller
in-appaudit-log-onlyNon-mute-able
—
EQR cooling-off conflict detected
Tenant Admin
in-appemailaudit-log-onlyNon-mute-able
—
Settings audit log
— Append-only · AS 1215 ¶6 + ¶14 (effective 12/15/2025) · 7-year retentionLog is append-only. A 'correction' produces a NEW entry that supersedes — never overwrites the prior row. Every row has a Sigstore Rekor proof URL (Phase 02 anchor pattern reused).
2026-04-22T15:42:00Z
Casey Walters
CFO
MATERIALITY_THRESHOLD_CHANGED
Before: {"base":"pre-tax-income","quantitativePct":7.5}
After: {"base":"pre-tax-income","quantitativePct":5}
Tighten materiality post-PIR to align with KPMG benchmark for SaaS peers (5% pre-tax baseline).
Casey Walters· CFOapproveExternal auditor (engagement of record)· External Auditorattest
2026-03-15T09:12:00Z
Casey Walters
CFO
STANDARD_TOGGLED
Before: {"code":"IFRS 15","state":"off"}
After: {"code":"IFRS 15","state":"enabled"}
Enable IFRS 15 dual-reporting for the EU subsidiary consolidation; coordinate with KPMG on transition.
Casey Walters· CFOapprove
2026-02-08T11:30:00Z
Casey Walters
CFO
AUDITOR_ACCESS_GRANTED
Before: —
After: {"team":"FY2026 audit team","expires":"2026-08-15","accessRole":"external-auditor"}
Grant FY2026 audit team read-only access through Aug 15, 2026.
Casey Walters· CFOapprove