Introduction:
In the capital markets, no industry has garnered more attention in the last couple of quarters than the software industry. Historically, these companies, Workday, Salesforce, ServiceNow, Snowflake, and Intuit, to name a few, have received high price-to-sales (P/S) multiples, as investors appreciated the sustainability of their recurring revenue and prospects for future growth. In the last year, however, PS multiples have come down sharply in the ballpark of 20-50% for many of the major players in the space. The revaluation of these names is the result of discount rates being hiked due to the increased risk AI poses to the future revenues of software companies.
With any change in investor behavior, important trends have appeared. Companies with consumption-based pricing models are faring better than those with seat-based pricing models. This is because the cost of AI-powered products is more connected to the amount of compute they require, and that compute derives its costs from semiconductors and electricity (the main inputs of datacenters). Investors don’t want to see a company’s margins shrinking because customers are using more computational energy. Managers of companies like Salesforce and Workday are listening to Wall Street by swiftly transitioning their pricing models to reflect the changing landscape of the software industry.
Now, to be clear, not all software products involve consumption-based pricing. If we take Salesforce, for example, it still employs seat-based pricing for many of its traditional CRM products, but has introduced consumption-based / hybrid pricing for its Agentforce and Data 360 platforms. Due to the highly competitive and fast-changing nature of the industry, Salesforce has been experimenting with a range of different pricing models in the past couple of years. Of course, with massive changes happening to pricing models, the inherent risks of revenue and revenue-adjacent accounts have heightened. In the rest of this article, we will cover how these changing pricing models are affecting audits and their implications for the future.
Risks for Auditors:
When assessing risks, auditors use the audit risk model:
Inherent Risk: Even when an entity poses a low risk for material misstatements, the revenue account is often the single most important account for auditors to give reasonable assurance for. When an entity is experiencing a downturn in financial performance, such as slimmer margins or, in the case of the software industry, decreasing stock prices, the inherent risk of the revenue account increases even more. Additionally, many software companies possess large deferred tax assets (DTAs) from carried forward net operating losses (NOLs) that have provided income tax benefits and promise to lower income tax payable when profit is finally achieved. If future revenues continue to be threatened and actually begin decreasing, valuation allowances for the DTA account will have to be increased, creating a negative flywheel effect.
In the presence of continuously changing pricing models, inherent risk is elevated even more because a change in anything will always introduce more unknowns, mistakes, and opportunities for fraud. Moreover, the recent expansions that companies like Salesforce have made to their products and pricing models have largely increased the number of performance obligations they offer. Instead of simply offering one Agentforce platform for “xxx” amount of dollars per user per month, they offer many different actions, some of which can be seen on their "rate card" below.
Even though the customer buys a digital currency that Salesforce calls “Flex Credits”, delivering the currency to the digital wallet is not the performance obligation; it is delivering the service that the currency pays for. With the pace at which this industry moves, if companies like Salesforce continue to add more “actions” to their repertoire, the inherent risk of revenue and revenue-adjacent accounts will continue to increase. Potential gray areas may arise with how consistent software companies are in assessing the type of action that was done (was it a basic prompt or a standard prompt?).
Control Risk: Highly automated revenue reporting requires auditors to have a complete understanding of an entity’s internal controls. As many software companies are trimming their workforces, control risk may be elevated for certain business processes. Longer-term auditor-entity relationships reduce this risk, so investors should be aware of any companies that sign with a new audit firm.
Detection Risk: The past two risks are considered client risks, while the detection risk falls on the auditor. Based on the client risks (also known as the risk of material misstatement), the auditor sets a detection risk that aligns with what they want the overall audit risk to be. If inherent risk is elevated, detection risk will have to be set lower. The auditor does this by increasing the amount and reliability of testing that they do throughout the audit in relation to higher-risk accounts mentioned previously.
For instance, to test management’s assertions of occurrence, classification, and accuracy for the revenue accounts, as well as completion and accuracy for the cost of revenue accounts, the auditor may add reperformance to the evidence acquired, rather than just inspection of records/documents.
Implications:
The pressure for software companies to perform is immense at this time. This may change, but for the next couple of years, the continuation of this trend seems likely. Their passion and drive to innovate is exactly what makes the US economy strong, but, in the eyes of an auditor, comes with a higher risk for material misstatements to occur. The disaggregation of performance obligations, combined with layered software services that are often intertwined between many different companies, has created a slippery slope towards what could be an environment susceptible to material misstatements. Consolidation of the industry would dampen this risk, but not eliminate it.
The use of substantive analytical procedures will remain vital to providing reasonable assurance to investors and creditors. These procedures help to set expectations about where the numbers should be by unveiling comparisons between financial and non-financial data, the latter of which is harder for companies to manage. For instance, say Salesforce records higher amounts of revenue from the advanced prompt action than from any other action. The auditor could conduct surveys that ask Salesforce’s customers which action they use most often. If discrepancies are found, more testing of details should be conducted. Multiple sources of data should be gathered during this process. Careful steps should also be taken to ensure the independence of the audit firm’s software technology in relation to the software entity being audited.
In conclusion, even with the widespread adoption of AI in all types of businesses, no industry is being affected more than the software industry is currently. AI is not only changing how they themselves code and make improvements to their platforms, but it’s also changing how they deliver performance obligations to their customers. How are the gray areas that are populating in the revenue accounts being accounted for? Was that action billable? Are there discrepancies between platforms? What happens when the rate for an action changes during a contracted period? What is the standalone selling price after that action bundle? Is the third-party at an arm’s length? These are all questions auditors of software companies will be asking themselves in 2026 and beyond. With change comes uncertainty, but also opportunity to advance auditing techniques and maintain confidence in the opinions given on the financial statements of companies trying to navigate and thrive in a changing world.
Supporting Links:
Salesforce Website Rate Cards: https://www.salesforce.com/en-us/wp-content/uploads/sites/4/assets/pdf/agentforce/Flex-Credits-Rate-Card-as-of-02.23.26.pdf
PS Ratio Site: https://companiesmarketcap.com/intuit/ps-ratio/
AI Disclosure: AI was used as a research tool. All content and screenshots were written and taken by the author.
—Written by Chris McFarland
Commentary
Hello World Hello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello Hello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorlHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorlddHello WorldHello WorldHello WorldHello
This is where I want to be
WorldHello WorldWorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello WorldHello World