# SEC 10-K — MD&A and Financial Statement Notes Drafter

> Draft and validate the Management Discussion & Analysis (MD&A) section and key financial statement footnotes of the SEC Form 10-K annual report. Ensures compliance with Regulation S-K Items 303 (2021 amended structure), 305, 105, and 106 (cybersecurity, effective December 15, 2023), Reg G/Item 10(e) non-GAAP measure rules, SEC interpretive guidance, and PCAOB expectations for critical accounting estimates. Covers all required US GAAP footnote topics including EPS (ASC 260), subsequent events (ASC 855), and related parties (ASC 850).



Tags: SEC, 10-K, Financial Reporting, MD&A, United States, Footnotes, GAAP, Reg S-K, Critical Accounting Estimates, PCAOB, Cybersecurity, Non-GAAP


## Example Prompts

- Draft the MD&A results of operations section with year-over-year variance analysis
- Prepare critical accounting estimates disclosure with sensitivity and period-over-period methodology comparison
- Update risk factors (Item 105) and validate MD&A completeness for our 10-K filing
- Draft key footnotes (revenue recognition, leases, credit losses, income taxes, EPS, subsequent events) for Form 10-K
- Draft Item 106 cybersecurity risk management and governance disclosures for our 10-K
- Prepare non-GAAP reconciliation with equal-prominence compliant GAAP presentation under Reg G/Item 10(e)
- Draft ASC 820 fair value hierarchy footnote with Level 3 rollforward

URL: https://rakenne.app/skills/sec-10k-mda-notes-drafter/index.md

Try this skill: https://rakenne.app/a/?skill=sec-10k-mda-notes-drafter


## Overview

Draft and validate the Management Discussion & Analysis (MD&A) section and key financial statement footnotes of the SEC Form 10-K annual report. Built for US domestic registrants filing under US GAAP, this skill covers the full 11-step workflow from executive overview through final validation.

### What It Covers

- **MD&A sections** — Executive overview, results of operations with quantified YoY variance, liquidity and capital resources (narrative format per 2021 amendments), critical accounting estimates with sensitivity and period-over-period methodology comparison
- **Item 305** — Quantitative and qualitative market risk disclosures (interest rate, FX, commodity, equity price)
- **Item 106** — Cybersecurity risk management and governance disclosures (mandatory for all registrants, including SRCs, for fiscal years ending on or after December 15, 2024)
- **Item 105** — Risk factor drafting and prioritization (Part I, Item 1A) with Item 106 cross-consistency checks
- **Non-GAAP measures** — Reg G / Item 10(e) reconciliation compliance, equal-or-greater GAAP prominence, CDI 102.10(e) item-by-item tax effects
- **Forward-looking safe harbor** — PSLRA cautionary language with specific risk factor identification
- **Financial statement footnotes** — All required ASC topics (606, 260, 842, 740, 450, 280, 855, 850) plus situational topics (326/CECL, 350, 805, 820, 470, 718, 715)
- **ASU 2023-09** — Income tax disaggregation requirements for FY2025 10-Ks (rate reconciliation with dollar amounts by jurisdiction, disaggregated taxes paid schedule)
- **PCAOB AS 2501** — Revised critical estimate audit expectations (effective for fiscal years beginning on or after December 15, 2025)

## Example Conversation

> **You:** We need to draft the MD&A and key footnotes for our FY2025 10-K. Our fiscal year ended December 31, 2025. We have the prior-year 10-K, current trial balance, and consolidated financials uploaded. We use two non-GAAP measures (Adjusted EBITDA and non-GAAP operating income).

> **Agent:** I'll work through the full 11-step workflow. Starting with the executive overview and results of operations using your financials to compute year-over-year variances. Since you have non-GAAP measures, I'll include the Reg G / Item 10(e) reconciliation step with GAAP-first presentation.

> **You:** For critical accounting estimates, our main ones are goodwill impairment (we have three reporting units) and the allowance for credit losses under CECL.

> **Agent:** I'll draft the critical estimates section for both. For goodwill, I'll include the single-step quantitative impairment test per ASU 2017-04, fair value methodology, and sensitivity analysis for each reporting unit. For CECL, I'll cover the methodology, key assumptions, portfolio segments, and period-over-period comparison of how our loss rate assumptions changed. Item 303(b)(3) requires this comparison even when dollar amounts haven't changed.

> **Agent:** I've drafted the full MD&A and footnotes in `mda-draft.md`. Running `mda_completeness_checker` with `fiscal_year_end: "2025-12-31"` and `has_non_gaap: true`...

> **Agent:** The checker returned **FAIL** on one item: the Item 106 cybersecurity section is missing third-party service provider oversight language. I'll add a paragraph describing your vendor cybersecurity assessment process and re-run.

> **Agent:** Re-ran the checker — **PASS** across all 10 validation categories. The draft is ready for review by your financial reporting team and securities counsel before filing.

## Sample Output Excerpt

Excerpt from a generated MD&A draft showing key sections.

---

## Executive Overview

For the fiscal year ended December 31, 2025, Acme Corp delivered total revenue of $4.2 billion, an increase of 14% compared to $3.7 billion in fiscal 2024. The increase was primarily driven by $340 million in growth from our Cloud Services segment and $180 million from expanded enterprise licensing. Operating income improved to $890 million from $720 million, reflecting operating leverage and disciplined cost management despite continued investment in AI infrastructure.

## Results of Operations

### Revenue

Total revenue for the year ended December 31, 2025 was $4,210 million, an increase of $530 million, or 14%, compared to $3,680 million in fiscal 2024. The increase was primarily attributable to:

- **Cloud Services** — revenue increased $340 million, or 22%, to $1,890 million, driven by net new customer additions (approximately 2,400 enterprise accounts) and average contract value expansion of 9% among existing customers.
- **Enterprise Licensing** — revenue increased $180 million, or 11%, to $1,810 million, reflecting multi-year renewal cycles and price increases effective July 1, 2025.
- **Professional Services** — revenue increased $10 million, or 2%, to $510 million, as higher utilization rates were partially offset by a shift toward fixed-fee engagements with lower average billing rates.

Cost of revenue was $2,190 million, an increase of $230 million, or 12%, compared to $1,960 million in fiscal 2024. Gross margin expanded to 48.0% from 46.7%, as cloud infrastructure efficiencies and licensing scale more than offset $65 million in incremental data center depreciation.

### Known Trends and Uncertainties

We anticipate continued growth in Cloud Services revenue driven by enterprise migration to hybrid cloud architectures; however, macroeconomic conditions, including elevated interest rates, are expected to impact customer purchasing timelines in the first half of fiscal 2026. We are also monitoring the impact of recent tariff changes on our hardware procurement costs, which could increase capital expenditures by an estimated 8-12% in fiscal 2026 if current rates remain in effect.

## Critical Accounting Estimates

### Goodwill — Reporting Unit Fair Value

We test goodwill for impairment annually as of October 1, or more frequently if triggering events occur, using a quantitative single-step impairment test comparing each reporting unit's estimated fair value to its carrying amount. We estimate fair value using a combination of the income approach (discounted cash flow) and the market approach (guideline public company multiples), weighted 60%/40%.

**Change from prior period:** In fiscal 2024, we applied a 50%/50% weighting. The shift to 60%/40% reflects improved comparability of our discounted cash flow projections following the completion of our strategic restructuring.

**Sensitivity:** For our Enterprise Solutions reporting unit (carrying value: $1.2 billion; estimated fair value: $1.5 billion; excess: 25%), a 100 basis point increase in the discount rate would reduce estimated fair value by approximately $140 million, narrowing the excess to approximately 5%. A simultaneous 100 basis point increase in the discount rate and 200 basis point reduction in the terminal growth rate would result in an estimated fair value approximately equal to carrying value.

## Item 106 — Cybersecurity Risk Management and Governance

### Risk Management and Strategy

We maintain a cybersecurity risk management program integrated into our enterprise risk management framework. The program includes regular vulnerability assessments, penetration testing by both internal and external teams, and continuous monitoring through our Security Operations Center. We engage third-party cybersecurity assessment firms annually to evaluate the effectiveness of our controls and benchmark our posture against industry standards (NIST CSF). Our third-party vendor management program requires cybersecurity due diligence assessments for all vendors with access to sensitive data or critical systems.

No cybersecurity incidents have materially affected or are reasonably likely to materially affect the Company's business strategy, results of operations, or financial condition during fiscal 2025.

### Governance

Our Board's Audit Committee oversees cybersecurity risk as part of its broader risk oversight responsibilities and receives quarterly briefings from the Chief Information Security Officer (CISO). Our CISO, who has over 15 years of experience in information security and holds CISSP and CISM certifications, leads day-to-day cybersecurity risk management and reports directly to the Chief Technology Officer.

<!-- /excerpt -->

## Extension Tools

**`mda_completeness_checker`** validates your draft against 10 categories of SEC disclosure requirements. It accepts the document path, an optional fiscal year end date (to determine whether Item 106 is required), and an optional non-GAAP flag.

### What It Checks

| Category | What It Validates |
|---|---|
| **Item 303 topics** | Results of operations, liquidity and capital resources, off-balance-sheet arrangements, material cash requirements, critical accounting estimates (2021 amended structure) |
| **YoY variance** | Quantified year-over-year comparisons (dollar/percentage) scoped to the results of operations section |
| **Known trends** | Forward-looking trend and uncertainty language per Item 303(b)(1) and (b)(2) — a top SEC staff comment area |
| **Critical estimates** | Methodology, sensitivity analysis, *and* period-over-period comparison of assumptions (all three required by Item 303(b)(3)) |
| **Item 305** | Market risk disclosures (interest rate, FX, commodity, equity price) |
| **Item 106** | Five cybersecurity sub-elements: risk management process, board oversight, management expertise, third-party oversight, material impact assessment — requires 4 of 5 for PASS |
| **Non-GAAP** | Reconciliation to GAAP, equal-or-greater GAAP prominence, usefulness explanation (only enforced when `has_non_gaap: true` or non-GAAP language detected) |
| **Safe harbor** | PSLRA forward-looking statement cautionary language with identified risk factors |
| **Item 105** | Risk factor section references (informational — risk factors appear in Part I, Item 1A, not inside MD&A) |
| **ASC footnotes** | References to core ASC topics (606, 260, 842, 740 required; plus 450, 280, 855, 850, 326) |

### Parameters

- **`path`** (required) — Path to the MD&A or 10-K section document
- **`fiscal_year_end`** (optional) — Date in `YYYY-MM-DD` format. Determines whether Item 106 is required (mandatory for fiscal years ending on or after 2023-12-15). If omitted, Item 106 issues are reported as warnings
- **`has_non_gaap`** (optional) — Set to `true` if the filing includes non-GAAP measures to enforce Reg G / Item 10(e) compliance checks

### How to Read Results

The checker outputs **PASS** or **FAIL** with a line-by-line breakdown of each category. FAIL means at least one required element is missing — fix the flagged gaps and re-run until the check passes. The checker validates structural completeness and key-phrase presence only; qualitative review by a financial reporting professional remains required.

## Getting Started

Upload your source materials to the project workspace:

- **Prior-year 10-K** — for comparative period data and disclosure language baseline
- **Current-year consolidated financials** — income statement, balance sheet, cash flow statement, and trial balance
- **Risk factor drafts** — existing Item 1A risk factors for update and prioritization
- **Non-GAAP schedules** (if applicable) — current non-GAAP measures and reconciliation tables
- **Cybersecurity program documentation** — risk management framework, governance structure, incident history

Then activate the *SEC 10-K — MD&A and Financial Statement Notes Drafter* skill. The agent walks through each of the 11 workflow steps — from executive overview through footnotes — and runs `mda_completeness_checker` to validate the draft before you hand it off for professional review.


---

Back to [Skill Library](https://rakenne.app/skills/index.md)