Entity Certification: The Final Gate Before You Close the Books

Entity certification is the formal process by which a local controller or finance lead attests that their entity's books for the period are complete, accurate, and ready for consolidation. It is the last gate before individual entity data flows into the consolidated financial statements, and in a SOX environment, it is a key internal control.

Without certification, there is no way to know whether the consolidated financials are built on complete data. With it, you have a documented, auditable confirmation from every entity that their numbers are final.

Why certification matters

In small organizations, the controller knows the books are done because they did the work. There is no ambiguity. At 5 entities, the controller might check in with each team. At 20 or 50 or 200 entities, checking in is not a strategy. It is a bottleneck.

Certification solves three problems:

Completeness assurance. Without a formal sign-off, the consolidation team has to trust that every entity has finished their work. Certification replaces trust with a documented assertion. If Entity 14 has not certified, their books are not final, and the consolidation team knows exactly where the gap is.

Accountability. Certification attaches a name, a date, and a timestamp to the assertion that the books are complete. When an error surfaces in consolidated financials, the audit trail shows who certified and when, enabling root cause analysis and process improvement.

SOX compliance. For public companies under the Sarbanes-Oxley Act, internal controls over financial reporting (ICFR) must be documented, tested, and attested. Entity certification is a management review control. It provides evidence that each reporting unit's financials were reviewed and approved by an authorized individual before consolidation. Missing or incomplete certifications are control deficiencies that auditors flag.

The 5-stage lifecycle

A well-designed certification process follows five stages:

Stage 1: Open. The period opens for the entity. Sub-ledger close activities, reconciliations, and adjusting entries are in progress. The entity is not yet ready for certification. The certification status is visible to the consolidation team as "In Progress."

Stage 2: Prerequisites complete. All required activities for the entity (reconciliations, journal entries, flux analysis, management review), are marked as done. The system validates that every prerequisite task has been completed before allowing certification to proceed. This is the enforcement mechanism that prevents premature sign-off.

Stage 3: Self-certification. The entity controller or designated certifier reviews the entity's financials and certifies that the books are complete and accurate for the period. The certification includes:

• A checklist of items the certifier is attesting to (all reconciliations complete, all adjustments posted, all intercompany transactions recorded)
• Any exceptions or known issues documented as part of the certification
• The certifier's identity, timestamp, and digital signature

Stage 4: Review certification. For organizations with multi-level review, a regional controller or senior finance leader reviews the entity certification and provides a second-level sign-off. This is common in large enterprises where entity-level controllers report to regional finance leads who report to the group controller.

Stage 5: Locked. Once certified (and reviewed, if applicable), the entity's books are locked for the period. No further journal entries, reconciliation changes, or adjustments can be posted without decertification. This ensures that the data flowing into consolidation is the same data the controller certified.

Prerequisite enforcement

Prerequisite enforcement is what separates a certification process from a checkbox exercise. Without it, certification is just a formality, a controller clicks "certify" without verifying that the underlying work is actually done.

With prerequisite enforcement, the system validates that every required task has been completed before the certification option becomes available:

• All assigned account reconciliations are completed and approved
• All required close tasks are marked done
• All adjusting journals are posted and approved
• Intercompany balances are matched within tolerance
• Flux analysis is completed for material accounts
• Sub-ledger data loads are confirmed

If any prerequisite is incomplete, the certifier sees exactly which items are outstanding. Not a generic error, but a specific list of blocking tasks. This eliminates the "I thought we were done" conversations that delay the close.

The entity certification module in Arvexi enforces prerequisites automatically based on rules you configure. Different entity types can have different prerequisite sets, a holding company has different requirements than an operating subsidiary.

Multi-level review

For large organizations, a single level of certification is not sufficient. The consolidation team needs assurance not just from the entity controller, but from someone with visibility across multiple entities.

Multi-level review typically works as follows:

• Level 1: Entity controller certifies the individual entity's books
• Level 2: Regional controller reviews certifications for all entities in their region, confirms consistency, and certifies at the regional level
• Level 3: Group controller reviews regional certifications and certifies that the consolidated data is ready for reporting

Each level has visibility into the certifications below it. A regional controller can see which entity controllers have certified, which have not, and which have documented exceptions. This cascading visibility replaces the status-update meetings and email chains that consume hours every close.

Decertification on material changes

What happens when a certified entity discovers an error? Decertification.

The key scenarios that trigger decertification:

• Late-arriving transactions. A significant invoice arrives after certification. The transaction is material and must be recorded in the current period.
• Audit adjustments. External auditors identify an adjustment that affects a previously certified entity.
• Intercompany disputes. A counterparty entity identifies a mismatch that requires the certified entity to post a correction.
• Error discovery. A review of consolidated data reveals an error traceable to a specific entity.

Decertification reopens the entity for the period, allowing changes. Once the correction is made, the entity goes through the full certification lifecycle again: prerequisites are re-validated, the controller re-certifies, and the reviewer re-approves.

The system logs every decertification with the reason, the requestor, the changes made, and the re-certification. This audit trail is essential for SOX. It demonstrates that even when changes occur after certification, the control environment remained intact.

What this means for your close

Entity certification is not bureaucracy. It is the mechanism that lets the consolidation team proceed with confidence. When every entity's green light is backed by prerequisite enforcement, multi-level review, and a complete audit trail, the CFO can sign the consolidated financials knowing that the underlying data has been reviewed, certified, and locked at every level.

The financial close platform from Arvexi integrates certification into the close workflow. It is not a separate system or a standalone checklist. Certification status feeds directly into the close dashboard, consolidation readiness indicators, and board reporting timelines.

If your current certification process is a spreadsheet tracker or an email from each entity controller, you have a documentation exercise, not a control. Software turns it into both. Explore entity certification in Arvexi's financial close platform, or request a demo to see prerequisite enforcement and multi-level review in action.