Fixed asset registers that survive the audit

Financial firms do not have factories — their fixed asset estate is offices, branches, leasehold improvements and an enormous IT fleet. That mix fails in a characteristic way: office moves and refits orphan whole floors of assets; leasehold improvements are capitalised against premises the firm has since exited; laptops churn through joiners and leavers faster than any register updates; and the lease portfolio lives in a different spreadsheet from the assets it relates to. None of it is dramatic — until the auditor samples ten assets and can locate six.

CPCON rebuilds that picture from the floor up. Our teams verify and tag the estate — head office, branch network, data rooms — and reconcile what physically exists against the fixed asset register, the lease register and, for IT, the CMDB. The physical × logical × CMDB reconciliation is the differentiator: one field pass, three record sets aligned, with every exception documented in a posting-ready schedule your auditor can trace. More than 30 years of international experience and over 4,500 delivered inventory and asset projects sit behind that method, executed by our own vetted teams rather than ad-hoc labour.

Where the value concentrates

Why the financial-services register fails differently

An industrial company’s register is dominated by a few high-value, long-lived, immovable assets — a press line stays where it was bolted down. A financial firm’s register is the opposite: a very large number of relatively low-value, highly mobile assets — laptops, monitors, phones, furniture — spread across many premises and churning constantly through joiners, leavers and office moves. That profile defeats a register maintained only by additions: assets are recorded when bought and almost never derecognised when disposed, so the book population inflates year on year with ghost assets while the real estate quietly drifts beneath it.

The only reliable correction is a physical baseline: a wall-to-wall verification that establishes what genuinely exists, where, and in what ownership category, against which the book record is reconciled. Everything else — the write-off schedule, the addition schedule, the tagging that makes next year a scan — flows from that single field truth.

The estate, asset class by asset class

FRS 102, IFRS — and the 2026 lease change

UK financial firms report under FRS 102 or UK-adopted IFRS, and the asset data requirement is converging. IFRS 16 put leases on-balance-sheet in 2019, recognising a right-of-use asset and a corresponding lease liability for substantially all leases. The FRS 102 Periodic Review now brings most leases on-balance-sheet for periods beginning on or after 1 January 2026, in a new Section 20 modelled closely on IFRS 16. For a bank or insurer with a large leased branch and office portfolio, that is a material change: a population that used to sit off-balance-sheet as an operating-lease note becomes a recognised asset class that has to be measured, depreciated, reviewed for impairment when space is vacated, and — crucially — proven to exist and be complete.

Right-of-use assets need the same discipline as owned ones — asset numbers, locations, impairment review when space is vacated — and building the opening balances is, at heart, a completeness exercise over the physical estate: reconciling the lease register against the premises and equipment that are actually occupied and in use. Our fixed asset register guide covers what the register must hold; the field verification is how it becomes true. Where space is being exited, the same survey informs the dilapidations and impairment positions, because both depend on knowing what was physically removed.

Whichever regime applies, the underlying task is the same: prove that the leased population recorded on the balance sheet exists, is complete, and is correctly located — and identify the right-of-use assets that should be impaired because the space behind them has been vacated. That is a physical-estate question before it is an accounting one, and it is answered by walking the estate, not by re-reading the lease file.

How a CPCON financial-services verification runs

A register that has drifted for years is rebuilt with a controlled field programme, designed so that it slots into both the audit file and the firm’s security regime. We run it in five stages.

1. Scoping & extracts. We agree the estate and asset classes in scope, pull the fixed asset register, the lease register and the CMDB/ITAM extract, and define how owned, leased and right-of-use categories will be recorded and reconciled.
2. Security & clearance. Named, vetted staff lists are provided in advance, confidentiality undertakings signed, and access arranged under your procedures — escorted where required, with equipment restrictions in dealing rooms and data centres respected.
3. Field verification & tagging. Our teams capture each asset once — tag, serial, model, location, user, ownership category, photograph, verification date — across head office, branch network and data estate.
4. Triple reconciliation. Findings are matched against the fixed asset register, the lease register and the CMDB, with every exception classified and documented: ghost assets for write-off, found-not-recorded assets for addition, ownership mismatches resolved.
5. Posting-ready deliverable. Write-off and addition schedules with a clear trail from the floor to the ledger, plus the tagged baseline and movement procedures that stop the finding recurring.

Working inside the firm’s security regime

Financial premises are among the most access-controlled environments we work in — dealing floors, data centres, cash-handling areas, client-data zones — and a credible verification has to operate inside those controls rather than around them. We provide named, vetted staff lists ahead of mobilisation, sign the confidentiality undertakings the firm requires, accept equipment and photography restrictions in sensitive areas, and work under escort wherever the firm’s policy demands it. Verification is non-intrusive: we identify, record and tag; we do not interfere with systems or data. That discipline is precisely what lets the same exercise reach the secure areas where high-value plant and IT actually sit and where registers are therefore least likely to have been checked.

Timing the verification around the audit cycle

When the verification happens shapes how much value it adds to the audit. Run too close to the year-end and there is no time to investigate exceptions, agree write-offs and post adjustments before the accounts are finalised; run with sensible lead time and the verified register, the write-off and addition schedules and the lease and CMDB reconciliations are all in place when the auditor arrives, so the fieldwork tests a register that is already true. For firms with a hard reporting calendar — listed groups, regulated entities, anyone consolidating into a group audit — we plan the programme backwards from the year-end and the audit timetable, phasing the estate so the highest-value and most-sampled locations are verified first.

For multi-site estates this phasing is also how a large programme stays manageable: a several-hundred-site network does not have to be counted in a single window, but it does have to be sequenced so that the population the auditor will sample is complete and reconciled by the time it is needed. That scheduling discipline is part of what turns a verification from an operational tidy-up into genuine audit evidence.

Stopping the finding from coming back

Clearing an audit point once is easy; stopping it recurring is the real deliverable. A fixed asset finding recurs because nothing changed the mechanism that produced it — assets are still recorded on purchase and never derecognised on disposal, and no physical baseline anchors the book record. We break that cycle in three ways: a clean verified baseline so the starting point is true; durable asset tagging so every asset carries a unique, scannable identity; and documented movement procedures so additions, transfers and disposals are captured as they happen. The effect is that next year’s verification is a scan against a known baseline, not another archaeological dig — and the auditor’s sample lands on assets that are exactly where the register says they are.

IT is a fixed asset and a controlled inventory at once

In a financial firm the IT estate is simultaneously the largest line in the fixed asset register by count and a regulated inventory in its own right. It should never be two projects. One physical pass captures each device once — tag, serial, model, location, user, ownership category — and produces two reconciled outputs: the fixed asset existence-and-completeness evidence the auditor wants, and the serial-level device record the technology function reconciles to its IT asset inventory and configuration management database.

That CMDB reconciliation matters well beyond finance. The inventory of hardware assets is foundational evidence for operational resilience and for security assessments such as ISO 27001 or Cyber Essentials — those frameworks expect an organisation to know what it owns before it can claim to protect it. Our ITAM / CMDB audit and ISO 27001 asset inventory services exist precisely to deliver that verified device-level layer. The certifications themselves are granted by your assessors and certification bodies; what we provide is the inventory they sample against.

What an audit-ready register actually holds

“Audit-ready” is not a slogan; it is a specific data standard. When an auditor samples the register, they pull a line and expect to be walked to the asset — and, conversely, to pick an asset off the floor and find it on the register. A register that can satisfy both directions of that test holds, for every asset, a defined set of attributes captured at the point of verification.

Office moves, exits and dilapidations

Premises change is the single biggest source of register error in financial services, because a move or consolidation breaks the link between assets and the place they were recorded. When a firm vacates a floor or closes a branch, three things go wrong at once: physical assets are abandoned, donated or scrapped without a disposal entry, so the register keeps depreciating ghosts; leasehold improvements remain capitalised against premises the firm no longer occupies, with no impairment recognised; and the dilapidations liability — the cost of reinstating leased space to its original condition — is estimated without a reliable record of what was installed and what was removed.

Verifying the estate around a move turns each of those into a documented position. We produce the disposal and write-off schedules that clear abandoned assets, identify the leasehold improvements on exited premises that should be derecognised or impaired, and give the property and finance teams a physical record of what was removed and what remains to inform the dilapidations provision. Done before a move, it tells the firm what it is carrying; done as part of one, it keeps the register honest through the disruption that would otherwise corrupt it for years.

Banks, insurers and investment firms have different estates

“Financial services” covers materially different asset profiles, and a credible programme is shaped to each.

• Retail and commercial banks are dominated by a large, dispersed branch network plus head-office and data-centre estates — a multi-site programme where consistency across hundreds of locations is the whole challenge.
• Insurers carry substantial office estates, large IT and data-processing fleets, and frequently a portfolio acquired and reshaped through mergers — exactly the conditions under which registers from different legacy entities never get reconciled to one standard.
• Investment firms, asset managers and trading houses concentrate value in dealing rooms and data centres — high-density, high-value, access-restricted environments where the kit is expensive, refreshed often, and rarely re-verified because getting in is hard.
• Payments and fintech operations run infrastructure-heavy data estates where the line between fixed asset, IT inventory and security-controlled hardware effectively disappears, making the single-pass triple reconciliation especially valuable.

In every case the method is the same and the framing differs: one field pass, reconciled across the fixed asset register, the lease register and the CMDB, scoped to the estate the firm actually runs.

Internal control, governance and SOX-like assurance

A physically verified register is more than a tidy balance sheet — it is a key internal control. Existence and completeness are fundamental assertions over property, plant and equipment, and an independent verification is the control activity that evidences both. For UK-listed groups, and for US-listed or SEC-registered institutions operating under a Sarbanes-Oxley-style control regime, that evidence has to be documented well enough to be tested: a clear trail from the asset on the floor, through the reconciliation, to the posting in the ledger. We deliver the count, the reconciliation and the exception schedules in exactly that form, so the fixed asset control can be shown to be operating effectively, not merely designed on paper.

• Existence. Every book asset traced to a physical item, every physical item traced back to the register.
• Completeness. Found-not-recorded assets surfaced and added; ghost assets identified for write-off.
• Ownership & classification. Owned, leased and right-of-use categories recorded and reconciled to the lease register.
• Auditable trail. Posting-ready write-off and addition schedules with photographic and verification-date evidence behind each line.

Branches, head offices and exits — a multi-site programme

A retail bank or insurer is a multi-site estate before it is anything else, and the register only becomes reliable when every location is verified to the same standard. We wave the branch and office network by region, deploy the same briefed teams against the same method, and aggregate into one comparable dataset — so a large branch estate produces a single league of accuracy and exceptions rather than hundreds of incompatible local files. The same programme absorbs the hardest case in this sector — premises exits and consolidations — by surveying the estate around the move so that orphaned assets are written off, leasehold improvements on exited premises are derecognised, and the dilapidations exposure is informed by what was actually removed.

Reconciling to the lease register in practice

With most leases on-balance-sheet under both IFRS 16 and the revised FRS 102, the lease register has become a financial-reporting record that has to be reconciled to physical reality — and the two most common failures are mirror images of each other. A lease can exist on the register for premises or equipment the firm has stopped using, inflating right-of-use assets that should be impaired; or premises and equipment can be in active use with no corresponding right-of-use asset recognised, understating the balance sheet. Only a physical pass settles which is which. We record an ownership category for every asset we find and reconcile the occupied, in-use estate against the lease register, surfacing both the leases without a home and the homes without a lease — the completeness check that the standard ultimately depends on.

A verified baseline beats a rolling guess

Some firms try to keep the register current by maintaining it from transactions alone — recording purchases, trusting that disposals get entered — and never go back to the floor. It does not hold, because the failure mode is structural: purchases are reliably recorded because they are paid for, but disposals, transfers and scrappages are not, so the register drifts in one direction and the gap widens every year. A periodic physical baseline resets that drift to zero, and the tagged, procedure-backed estate it leaves behind makes the years in between maintainable by exception. For the device-heavy IT population, that ongoing discipline is exactly what an ITAM / CMDB audit cadence delivers; for the wider estate it is a verification every few years against the tagged baseline rather than a perennial reconstruction from scratch.

What you receive

The deliverable is built to satisfy the auditor, the control file and the finance team in one pass.

• A verified, tagged fixed asset register — every asset carrying tag, serial, location, ownership category, photograph and verification date.
• Posting-ready write-off and addition schedules — ghost assets identified for derecognition, found-not-recorded assets ready to capitalise, each with its evidence.
• A lease-register reconciliation — right-of-use and leased assets matched to the physical estate, with mismatches in both directions surfaced.
• A CMDB/ITAM reconciliation — serial-level device data aligned to the configuration database for the IT population.
• Movement procedures — the lightweight process that keeps additions, transfers and disposals current so the finding does not return.

The questions we answer in the same engagement

Around the register sit the adjacent questions we answer in the same engagement: dilapidations exposure on exited premises informed by what was actually removed, valuations for insurance and fair value support, durable tagging so next year’s verification is a scan rather than a project, and — where merchandise-style stock or consumable inventories exist in the operation — independent stocktaking. Where collateral or asset-backed lending needs independent existence checks, our independent stock audit service gives lenders third-party field evidence. The register is the spine; verification is how every one of these adjacent positions gets a defensible factual base.

The asset data itself is sensitive

A device-level inventory of a bank or insurer is not neutral information. A complete list of servers, network hardware, security systems and the data rooms that house them is exactly the kind of map a firm protects, and a verification exercise that is careless with its own output can create a risk even as it closes an accounting one. We treat the inventory we build as confidential client data throughout: it is handled under the confidentiality undertakings signed at the outset, restricted to the named team, and delivered through the secure channels the firm specifies. The point of the engagement is to strengthen the firm’s control over its assets, never to scatter a sensitive estate map in the process — a discipline that matters most for the data-centre and dealing-floor populations where the value and the sensitivity both concentrate.

How often the estate should be re-verified

A baseline is not a one-off cure if the estate keeps moving — and a financial firm’s estate moves constantly through joiners, leavers, refreshes and office changes. The right cadence depends on how volatile each population is. The IT and end-user device fleet churns fastest and benefits from continuous, tooling-supported tracking validated by periodic physical checks; the wider fixed estate — furniture, fit-out, branch infrastructure — is more stable and is well served by a full re-verification every few years against the tagged baseline, with movement procedures handling the gaps in between. Office moves, branch closures and acquisitions are the trigger events that justify an out-of-cycle verification regardless of the calendar, because each one is precisely the disruption that corrupts the register fastest.

The economics favour this rhythm. Re-verifying against a known, tagged baseline is a fraction of the cost of the first reconstruction, because the work becomes confirmation and exception-handling rather than discovery. The first programme pays for the baseline; every subsequent one protects the investment for a modest, predictable outlay — which is the difference between a register that stays audit-ready and one that has to be rebuilt from scratch every time the auditor pushes back.

One method, applied across sectors

The physical × logical × CMDB approach we bring to financial services is the same rigorous method we apply wherever registers drift from reality — the framing simply changes with the estate. Asset-heavy infrastructure businesses meet it as componentised plant verification in energy & utilities; multi-site stock and equipment estates meet it in retail and logistics & warehousing. For financial firms the value lands on the audit file, the lease completeness check and the IT inventory — three outputs from a single field pass.

Why financial firms choose CPCON

We bring more than 30 years of international experience and over 4,500 delivered projects, resourced by our own vetted teams who work inside your security and clearance procedures as a matter of course. Our differentiator is the reconciliation of physical × logical × CMDB in a single field pass — what exists, what the fixed asset and lease registers claim, and what the configuration database holds for IT — delivered as posting-ready, auditable schedules. The outcome is a register that survives the audit, supports the control environment, and stops the same finding recurring year after year.