Skip To The Main Content

Weekly National News

March 24, 2017

News provided by:
InovautusLogo

Ethical Hacking: The Most Important Job No One Talks About

(Dark Reading) By Amit Ashbel, March 16, 2017 – If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers. Great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most commonly, ethical hackers. All these labels mean the same thing: A hacker who helps organizations uncover security issues with the goal of preventing those security flaws from being exploited. If companies don't have an ethical hacker working for them, they're in a one-sided game, only playing defense against attackers.
readmore

 

4% of Chronically Ill Patients Buy Too Much Insurance, Driving Up Costs

(HealthLeaders Media) March 17, 2017 – Many chronically ill patients who would benefit from a medium-coverage health insurance plan and preventative care are instead choosing comprehensive insurance plans, researchers say. Many patients with chronic illness are choosing a pound of cure over an ounce of prevention and driving up medical costs in the process, according to findings in a study examining health insurance choices as they correlate to costs. "Our results indicate that there exists a sizable segment of consumers who purchase more comprehensive plans than needed because of high uncertainty vis-à-vis their health status, and that once in the plan, they opt for curative care even when their illness could be managed through preventive care," the study says.
readmore

 

How Advisers Can Protect Clients' Data from Fraud

(InvestmentNews) March 16, 2017 – Financial advisers work with their clients on a large volume of high-value transactions, which generally contain sensitive information, including Social Security numbers, account numbers, personal information and more. As wealth management services have moved to digital platforms, advisers are faced with the added responsibility of protecting their clients' data in an increasingly threatening environment. Clients trust their advisers to not only give them prudent financial advice but to also protect the sensitive data they disclose to them — that's why it's distressing that at least 88% of broker-dealers and 74% of advisers report they have been targeted in cyberattacks, according to the Securities and Exchange Commission. In an effort to better safeguard clients' data and prevent fraud, many advisers have turned to cloud-based digital signatures — a secure, convenient technology that gives both clients and advisers peace of mind that their data is protected.
readmore

 

Some Contributions to Not-for-Profits Remain Hard to Classify

(CPA Practice Advisor) March 16, 2017 – To nonaccountants the difference between a "restriction" versus a "condition" on a donation to a charity may not sound like that big of a deal. But in U.S. GAAP, the difference determines when an organization can record the revenue from the contribution. The FASB is trying to clarify the distinction so charities, museums, colleges, and other organizations have an easier time applying the board's landmark standard for recognizing revenue.
readmore

 

Report: To Deter Fraud, Companies Should Focus on Complex Accounting Areas

(Anti-Fraud Collaboration) March 16, 2017 – Improved accounting policies and internal controls are key for stemming fraud and reducing the number of financial restatements, according to a new report from the Anti-Fraud Collaboration. The report, Addressing Challenges for Highly Subjective and Complex Accounting Areas, compiles leading-practice recommendations from dozens of company executives, corporate directors, auditors, and regulators who attended two 2016 workshops to discuss ways to help deter fraud and enhance financial reporting.
readmore

 

3 Reasons Why Offering Subscription Accounting Makes Sense for Your Practice

(AccountingWEB) By Sabrina Parsons, March 16, 2017 – Rather than leaning on the flexibility of your hourly-based a la carte services, what if you could set up your practice in such a way that all your clients paid you steadily – month over month, year over year? It’s called subscription accounting, and it may be the best way to boost your income along with your business valuation in 2017. As a CPA, you already help clients solve major pain points other than typical tax dilemmas, including lease negotiations, cash and treasury management, and ongoing cash reporting. What’s more is that you know it takes more than a couple of drop-ins to your office each year to be able to manage these effectively. This is where a subscription-type service can solve a lot of problems.
readmore

 

Tax Rules for Uber, Lyft and Other Ride-Share Drivers

(CPA Practice Advisor) March 15, 2017 – Instead of sitting at home watching TV reruns during their down time, some of your clients are making extra cash by offering their services in the shared economy. One of the most popular methods is to become a driver for a company like Uber or Lyft. Essentially, you operate your own vehicle like a taxi cab, picking up and dropping off fares, utilizing a schedule that’s convenient for your lifestyle. What are the tax consequences? The answer is not quite as simple.
readmore

 

CFOs: Be the Heart of Data Integration

(CFO) By Tom Bogan, March 21, 2017 – The explosive growth of business data has impacted organizations of all sizes and across all functions. But a big and as-yet-untapped opportunity to harness the power of this data may sit with the office of the CFO. Recognizing the benefit that access to data can bring, CFOs must now address a host of new, related challenges. These encompass the selection and rollout of collaboration tools and processes, new technology, training, and staffing. Ultimately, CFOs need to embrace the role of “chief data officer” and elevate their focus from tracking, reporting, and static planning to continual gathering and prioritizing, ongoing management, and active planning.
readmore

 

Samsung Enhances Transparency Over Financial Donations

(Compliance Week) March 13, 2017 – Amid an investigation over bribery claims involving some of its top executives, Samsung Electronics recently announced a series of measures it intends to take to bring greater transparency and accountability in managing financial donations and monetary support for corporate social responsibility-related activities and funds. The measures are aimed at strengthening the review and approval process for donations and payments to corporate social responsibility-related projects. The company said it will also enhance the review of how these projects are being executed.
readmore

 

Internal Audit’s Success with Analytics Depends on Strategy, Planning

(CGMA) March 20, 2017 – As a whole, internal audit has embraced the power and speed of data analytics in performing audit functions. But the specific strategies and applications of data analytics help play a role in separating high-performing auditors from their lower-performing peers. The internal audit groups viewed as more valuable are finding more uses for data analytics while putting processes in place to adapt to ever-changing business conditions. Two recent survey reports underscore the importance of data analytics in effective internal auditing that goes beyond basic assurance.
readmore

 

 

 

 

 

Ethical Hacking: The Most Important Job No One Talks About

(Dark Reading) By Amit Ashbel, March 16, 2017 – If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.

With great power comes with great responsibility, and all heroes face the decision of using their powers for good or evil. These heroes I speak of are called white hat hackers, legal hackers, or, most commonly, ethical hackers. All these labels mean the same thing: A hacker who helps organizations uncover security issues with the goal of preventing those security flaws from being exploited. If companies don't have an ethical hacker working for them, they're in a one-sided game, only playing defense against attackers.

Meet the Hackers

Companies house both developer and security teams to build out codes, but unfortunately, there often is little communication between the two teams until code is in its final stages. DevSecOps — developer and security teams — incorporates both sides throughout all of the coding process to catch vulnerabilities early on, as opposed to at the end, when making updates becomes harder for developers.

Although secure coding practices and code analysis should be automated-  and a standard step in the development process - hackers will always try to leverage other techniques if they can't find code vulnerabilities. Ethical hackers, as part of the DevSecOps team, enhance the secure coding practices of the developers because of the knowledge sharing and testing for vulnerabilities that can be easily taken advantage of by someone outside the company.

Take, for example, Jared Demott. Microsoft hosts the BlueHat competition for ethical hackers to find bugs in its coding, and Demott found a way to bypass all of the company's security measures. Let that sink in for a moment — he found a way to bypass all of Microsoft's security measures. Can you imagine the repercussions if that flaw had been discovered by a malicious hacker?

Let the Hackers Hack

Security solutions (such as application security testing and intrusion detection and prevention systems) are a company's first line of defense because they're important for automatically cleaning out most risks, leaving the more unique attack techniques for the ethical hackers to expose. These could include things such as social engineering or logical flaws that expose a risk. Mature application security programs will use ethical hackers to ensure continuous security throughout the organization and its applications. Many organizations also use them to ensure compliance with regulatory standards such as PCI-DSS and HIPAA, alongside defensive techniques, including static application security testing.

You may be thinking, "What about security audits? Wouldn't they do the trick?" No, not fully. Ethical hacking is used to build real-world potential attacks on an application or the organization as a whole, as opposed to the more analytical and risk-based analysis achieved through security audits. As an ethical hacker, the goal is to find as many vulnerabilities as possible, no matter the risk level, and report them back to the organization.

Another advantage is that once hackers detect a risk, vendors can add the detection capability to their products, thus enhancing detection quality in the long run. For example, David Sopas, security research team leader for Checkmarx, discovered a potentially malicious hack within a LinkedIn reflected filename download. This hack could have had a number of potential outcomes, including a full-blown hijacking of a victims' computers if they had run the file. It's probably safe to say that just the audit wouldn't have identified this hidden flaw.

How to Hack

The good news for companies searching for someone to fill this role is that there are several resources for their own employees to learn more about ethical hacking and become a more-valuable asset. The first step is to get certified. EC-Council has resources and certifications available, and if you want to continue brushing up on your ethical hacking skills, OWASP has you covered. While getting certified isn't a requirement, I highly recommend this, because getting the basics down will help to provide a foundation on which to build. After you have the basics down, there are many tools and automated processes that can be utilized, but ethical hackers usually use penetration testing and other, mostly offensive, techniques to probe an organization's networks, systems, and applications. In essence, ethical hackers use the same techniques, tools, and methods that malicious hackers use to find real vulnerabilities.

One Small Step for Companies, One Giant Leap for Hackers

What does this all mean for companies? Well, companies must first acknowledge how ethical hackers can help them. Strong application security programs need to focus both on the code security as it's being developed, as well as in its running state — and that's where ethical hacking comes into play. Nothing beats secure coding from the get-go, but mistakes do happen along the way, and that's where ethical hacking experts can make a difference in an organization.

At the next meeting on staffing, ethical hackers should be right at the top of the list of priorities to keep your company, and its data, safe.

 

 

 

 

 

4% of Chronically Ill Patients Buy Too Much Insurance, Driving Up Costs

(HealthLeaders Media) March 17, 2017 – Many chronically ill patients who would benefit from a medium-coverage health insurance plan and preventative care are instead choosing comprehensive insurance plans, researchers say.

Many patients with chronic illness are choosing a pound of cure over an ounce of prevention and driving up medical costs in the process, according to findings in a study examining health insurance choices as they correlate to costs.

"Our results indicate that there exists a sizable segment of consumers who purchase more comprehensive plans than needed because of high uncertainty vis-à-vis their health status, and that once in the plan, they opt for curative care even when their illness could be managed through preventive care," the study says.

Chronic medical conditions such as heart disease, cancer, hypertension, respiratory diseases, diabetes, Alzheimer's disease, and kidney disease account for 75% of healthcare expenditures in the United States.

Individuals with chronic diseases can consume three types of healthcare services:

  • Secondary preventive care, which includes diagnostic tests
  • Primary preventive care, which includes drugs that help prevent progression of a disease
  • Curative care, which includes surgeries and expensive drugs that boost a patient's health

After analyzing three years of data from a health insurer that offered basic, medium, and comprehensive coverage Preferred Provider Organization plans to customers through their employers, researchers found that of the 3,000 people whose data was analyzed, about 14% would have been good matches for a medium coverage plan and preventive care, but they elected the more costly comprehensive plans and curative care instead.

A 'Moral Hazard'

Going from basic, to medium, to comprehensive, the annual premium increased. But the deductible, co-insurance rate, and out-of-pocket maximum decreased.

Johns Hopkins University researcher Jian Ni, PhD, an associate professor in the Johns Hopkins Carey Business School is one of the study's authors.

In a news release, he called this escalation a "moral hazard." The individual doesn't mind choosing a more costly, but unnecessary plan, because he or she knows the insurer will pay for the bulk of it.

"Certainly, some people with more serious conditions will benefit from a comprehensive plan and curative care, but the 14% in our study pose the kind of moral hazard that contributes to health care expenses in the U.S. that are higher than they probably should be, roughly a fifth of gross domestic product," Ni, said in the statement.

The study authors suggest that if physicians and insurers provide consumers with clearer instruction and guidance individuals would be more likely to select a health care plan that better fit their health status which would help contain costs to consumers and insurers.

 

 

 

 

 

 

How Advisers Can Protect Clients' Data from Fraud

(InvestmentNews) March 16, 2017 – Financial advisers work with their clients on a large volume of high-value transactions, which generally contain sensitive information, including Social Security numbers, account numbers, personal information and more. As wealth management services have moved to digital platforms, advisers are faced with the added responsibility of protecting their clients' data in an increasingly threatening environment. Clients trust their advisers to not only give them prudent financial advice but to also protect the sensitive data they disclose to them - that's why it's distressing that at least 88% of broker-dealers and 74% of advisers report they have been targeted in cyberattacks, according to the Securities and Exchange Commission.

In an effort to better safeguard clients' data and prevent fraud, many advisers have turned to cloud-based digital signatures - a secure, convenient technology that gives both clients and advisers peace of mind that their data is protected.

To effectively defend against fraud and meet industry regulations, the right digital signature for advisers should include the following components:

1. Identity authentication

To protect the integrity of a sensitive document, you must be able to verify the identity of the signer. According to the SEC, 25% of cybersecurity incidents in wealth management that led to losses were a result of employees not following stated identity authentication procedures.

Different identity authentication methods are available, and many firms require signers to utilize two or more authentication methods before accessing private documents, a process known as multi-factor authentication. Some of the most common identity authentication methods include:

  •   Email authentication: The signer receives an email with a link to access the document, proving his identity by having access to the email account.
  •  
  •     Knowledge-based authentication: Before accessing the document, the signer is given multiple questions about information found in 30 years of public records, including credit reports, town hall records and more. The signer must correctly answer a certain number of questions within a designated time frame in order to gain access to the document.
  •  
  •  Short message service authentication: SMS authentication requires the signer to supply a one-time passcode sent to his mobile phone before he can open the document.

2. Tamper evidence and tamper proofing

Tamper evidence detects any unauthorized change to any part of the document and gives proof that tampering has occurred. Some e-signature technologies provide this once the document is final, but a true digital signature should apply a tamper-evident seal with each and every signature, making every version of the document tamper evident throughout the signing process.

Additionally, select digital signature technologies can also apply a tamper-proof seal, which turns off all future editing capabilities within the document. This gives you peace of mind that the final document cannot be altered in any way after execution.

3. Legal evidence

If your clients' e-signatures are ever challenged in court, you want to have evidence to support your claim that they are valid and legally binding. With digital signatures, the evidence of the signature is permanently embedded into the signed document—meaning you own the evidence and are not dependent on your relationship with the vendor to prove the validity of a document, even years after the transaction has taken place.

The most legally defensible e-signature products provide a comprehensive audit trail that captures information from the entire signing process, including the date and time a document was submitted for signature, the signer's consent, the IP address of the signer and each step of the entire signing process.

With a versatile and secure digital signature, advisers can strengthen their fraud mitigation efforts and take advantage of the technology in ways that best suit their clients' needs. A standalone, cloud-based digital signature platform can be activated and used immediately. Or for a more automated process, a digital signature can be integrated into existing platforms to create ready-to-sign documents, allowing you to limit manual preparation, incorporate your own branding, take advantage of document workflow features and more.

 

 

 

 

 

Some Contributions to Not-for-Profits Remain Hard to Classify

(CPA Practice Advisor) By Nicola White, March 16, 2017 – To nonaccountants the difference between a "restriction" versus a "condition" on a donation to a charity may not sound like that big of a deal. But in U.S. GAAP, the difference determines when an organization can record the revenue from the contribution. The FASB is trying to clarify the distinction so charities, museums, colleges, and other organizations have an easier time applying the board's landmark standard for recognizing revenue.

Individuals, companies, and foundations that donate money to a charity and earmark it for a specific program or scholarship are making restricted or conditional contributions, according to U.S. GAAP.

But differentiating between a restriction and a condition for accounting purposes is no easy matter, and yet it is a substantial issue for the not-for-profit receiving the funds because it affects when it can record the revenue. Many organizations have a hard time making the distinction, and judging from the tenor of the FASB's recent discussions about the issue, they cannot expect clear answers from U.S. GAAP's standard-setter. Whatever the FASB decides, organizations will have to rely on the judgment of the people preparing their financial reports, said FASB Assistant Director Jeffrey Mechanick during a March 3, 2017, meeting of the FASB and its Not-for-Profit Advisory Committee.

"This is an area where there's already a great deal of judgment out there in practice", Mechanick said. "We're trying to give better guidance to provide the framework for making that judgment."

The Not-for-Profit Advisory Committee consists of universities, charities, foundations, and watchdog groups, and they had varying degrees of comfort with the plan the FASB is drawing up. The board has tentatively decided that for a donor-imposed condition to exist, a right of return - the ability for the donor to ask for his or her money back — must exist, and the agreement must include a "barrier". The FASB has a draft list of indicators to describe the barriers. If a not-for-profit group must perform a measurable task, such as erecting a building or creating a scholarship, the organization has limited discretion about how the money can be spent.

To some members of the group, the existence of a right-of-return agreement should not be required to meet the definition of a donor-imposed condition.

Andrew Prather, a shareholder at Clark Nuber P.S., a CPA and consulting firm, said a right-of-return should be a strong indicator versus a requirement. Others said a right-of-return typically was not a legally enforceable agreement. Most gifts are received with the idea that if an organization does not follow through on the terms of the gift, the donor has the right to get its money back.

Mary Connick, senior vice president, finance and corporate controller for Dignity Health, said organizations felt a moral obligation to use funds as intended, regardless of whether there was a written agreement or other formal document stipulating that money could be returned.

"Recipients intend to follow donors' requests or make other arrangements, not just pocket it and run along", Connick said.

Without a right-of-return stipulation, however, FASB member Christine Botosan questioned how the board could distinguish between conditional and restricted gifts.

"It's almost saying we should get rid of the concept of conditional", Botosan said. "I still think there is an important difference between being entitled to money and being told how to spend it versus not yet being entitled to the money."

The discussion was part of the FASB's project to clear up how to recognize not-for-profit grants and contracts more broadly. In addition to clearing up the difference between conditions and restrictions, the accounting board wants to clarify whether to characterize grants and other contracts with government agencies or foundations as exchanges or contributions.

Distinguishing between exchanges, which are often called reciprocal transactions, and contributions, which are called nonreciprocal transactions, is sometimes a difficult task for not-for-profits receiving funds, goods, and services. For example, if a government agency grants money to a group to conduct cancer research, it could be interpreted as a reciprocal transaction — a purchase, essentially, of the organization's research services — or as a contribution to provide financial support for a worthy cause.

The difference is important because contributions must follow Subtopic 958-605, Not-for-Profit Entities—Revenue Recognition, while exchanges must follow the revenue standard, which was published in May 2014 as Accounting Standard Update (ASU) No. 2014-09, Revenue From Contracts With Customers (Topic 606). The guidance from ASU No. 2014-09 goes into effect for not-for-profit organizations in 2018.

The FASB hopes to issue a proposal by midyear.

 

 

 

 

 

Report: To Deter Fraud, Companies Should Focus on Complex Accounting Areas

(Anti-Fraud Collaboration) March 16, 2017 – Improved accounting policies and internal controls are key for stemming fraud and reducing the number of financial restatements, according to a new report from the Anti-Fraud Collaboration. The report, Addressing Challenges for Highly Subjective and Complex Accounting Areas, compiles leading-practice recommendations from dozens of company executives, corporate directors, auditors, and regulators who attended two 2016 workshops to discuss ways to help deter fraud and enhance financial reporting.

“Companies are sharing leading practices and voluntarily working with regulators to help deter and detect financial reporting fraud,” said Cindy Fornelli, executive director of the Center for Audit Quality (CAQ), on behalf of the Anti-Fraud Collaboration. “The Anti-Fraud Collaboration is pleased to present these recommendations to help companies improve their accounting policies and system of internal controls. Investors, our capital markets, and public companies all win when we work together to combat fraud.”

The Anti-Fraud Collaboration held workshops in New York and San Francisco that brought together members of the financial reporting supply chain, including regulators, audit committee members, financial executives, internal auditors, and external auditors.

The workshops explored issues that were identified in an analysis of enforcement actions in which the U.S. Securities and Exchange Commission (SEC) took an action against an issuer or individual because of a securities violation and asserted that there were serious issues with the companies’ internal controls. The workshops also examined case studies as a catalyst for the discussions.

The report makes key recommendations concerning company accounting policies:

  • Accounting policies must adhere to technical accounting guidance. Supervisors and managers are responsible for implementation. It is critical that these policies be understandable to non-accountants who may not be conversant in the nuances of technical accounting.
  • Process must be married to policies. Accounting policies must be reviewed at regular intervals and address how to uncover and monitor changes in activities that impact accounting.
  • Policies must be tested in the field prior to implementation, and then monitored for compliance post-implementation.
  • Accounting policies in regards to revenue recognition should be granular because even slight changes in contract terms can have a major impact on revenue.

The report also outlines key recommendations regarding internal control over financial reporting (ICFR):

  • Tone at the top is an essential component of an ICFR regime.
  • A risk-based evaluation is the best approach for achieving effectiveness and efficiency in ICFR.
  • Internal controls over unusual and nonroutine transactions are sometimes overlooked or given less attention than core processes when developing an effective ICFR regime.

“Our members are highly committed to the deterrence and detection of fraud and are focused on their responsibility toward that effort, which includes overseeing the preparation of accurate financial information and the importance of designing, monitoring, and maintaining effective internal control over financial reporting,” said Andrej Suskavcevic, CAE, president and CEO, Financial Executives International (FEI). “We fully support the efforts of the SEC to promote cooperation and self-reporting.”

“Successfully battling fraud in financial reporting requires strong collaboration among all the principal players,” said Institute of Internal Auditors (IIA) President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. “This report is built on such collaboration and offers valuable direction and insight on improving accounting policies and internal control over financial reporting.”

“The sharing of leading governance practices is an essential element of effective board leadership,” said National Association of Corporate Directors (NACD) President and CEO Peter Gleason. “While this report is an important guide for all corporate directors, it will be especially of interest to our public company audit committee members.”

 

 

 

 

 

3 Reasons Why Offering Subscription Accounting Makes Sense for Your Practice

(AccountingWEB) By Sabrina Parsons, March 16, 2017 – Rather than leaning on the flexibility of your hourly-based a la carte services, what if you could set up your practice in such a way that all your clients paid you steadily – month over month, year over year?

It’s called subscription accounting, and it may be the best way to boost your income along with your business valuation in 2017. As a CPA, you already help clients solve major pain points other than typical tax dilemmas, including lease negotiations, cash and treasury management, and ongoing cash reporting.

What’s more is that you know it takes more than a couple of drop-ins to your office each year to be able to manage these effectively. This is where a subscription-type service can solve a lot of problems.

While subscription models were once limited to magazines and gym memberships, now there’s a subscription service for just about anything and accounting is not one to be excluded. In fact, I’m not sure why it hasn’t already become the new norm for the industry.

I know that making a change to your business model can be daunting, and if it’s not broken then why fix it? However, as a small business owner who values my own relationship with my accountant, I challenge you to check the facts.

If you find yourself answering “yes” to these three questions, then offering a subscription accounting service is right for you:

1. Have your margins flat-lined despite years of onboarding new clients? The proof is in the profits. Without transitioning to a subscription-based service, you are never going to be able to create a margin big enough to actually grow your practice.

If done efficiently, the recurring work can be streamlined and a greater profit can be made. Yes, it involves setup, and yes, that means a bit more work in the first month to do the necessary planning and discovery.

However, I can assure you that the work following this initial push will be significantly less. And it will be more palatable for your clients, as well, because the upfront work will guide your success.

Billing services through hourly caps at a maximum rate can come with sticker shock. Regular, monthly fixed fees allow your clients the breathing room and flexibility they need to truly appreciate your service – and most importantly, keep them coming back for more.

2. Are your clients always in crisis mode? Most of the time, clients will approach their CPAs when they’re already in too deep and need help putting out a fire. Have you ever taken the time to think about why this might be?

To them, your relationship has been bought, not earned or formed over time. They’re afraid of calling you because they feel like every time they pick up the phone, they will be billed – so they wait until it’s only absolutely necessary.

A subscription-based monthly process allows you to have regular touch points with your client to address major problems before they arise and support a stronger advisor relationship overall.

Once your client is free of the worry of calling you, it will reduce the need for crisis control. If they have regular meetings with you, the seasonal spikes and crisis management will naturally disappear. Sounds pretty good, right?

3. Are you finding yourself bound by the billable hour? Too often, CPAs get wrapped up in the notion that if their clients aren’t paying them to do a specified task, they can’t spend their time doing it. Or, if they do something that doesn’t fall into their level of service or doesn’t have an immediate, positive effect, it’s not worth pursuing.

The problem is, this sets the CPA up to really be chasing their customers around, responding to requests, which makes for a very inefficient and confusing work environment. The benefit of the subscription model is that it allows the CPA some breathing room to give a little extra within a framework of things that happen monthly.

This “extra” positions you as a valued resource to your client and sets the stage for a more productive ongoing relationship. Your clients may be surprised to find how much value their CPA really holds.

Business Growth and Expansion

Ultimately, the best part of subscription services is that once a client signs up, the corresponding revenue can be projected for months – and potentially years. Clients tend to stick around longer in a subscription model because the relationship is regular and they know what to expect, which also affects cash flow.

Instead of chasing payments after every random check-in, your clients will pay regularly each month. All of this equates to growth in your practice and a stronger valuation over time.

The key to success with subscription accounting is to be sure you maintain your value and continue to impress clients with the resources and results they don’t just want, but need, to grow their business – and your own.

 

 

 

 

 

Tax Rules for Uber, Lyft and Other Ride-Share Drivers

(CPA Practice Advisor) March 15, 2017 – Instead of sitting at home watching TV reruns during their down time, some of your clients are making extra cash by offering their services in the shared economy. One of the most popular methods is to become a driver for a company like Uber or Lyft. Essentially, you operate your own vehicle like a taxi cab, picking up and dropping off fares, utilizing a schedule that’s convenient for your lifestyle.

What are the tax consequences? The answer is not quite as simple.

When you’re a driver for Uber or Lyft, you receive a 1099 from the company, indicating the compensation received during the year. This is the amount you must report to the IRS, and any appropriate states, as taxable income. So there’s no such thing as a “free ride.” The type of form depends on the volume of your activities, Typically, the company will provide a 1099-MISC for low-to-middle-volume drivers, but a 1099-K if you had more than 200 transactions and $20,000 in payments.

As far as the IRS is concerned, you’re treated like any other self-employed individual, which means you file a Schedule C with your return and transfer the figures from your 1099s. In addition to reporting income from your car driving activities, you’re responsible for paying self-employment tax, the equivalent of payroll tax for employees. The amount is double the usual 7.65 percent rate for employees, subject to the same “wage base” as employees ($127,200 in 2017). For amounts above the wage base, the rate is 2.9 percent (again, double the payroll tax rate for employees).

Furthermore, you’re required to pay tax in quarterly installments during the year, since there is no tax withholding. The due dates are April 15, June 15, September 15, and January 15 of the following year. If the due date falls on a weekend or holiday, it’s moved to the following business day.

That’s the bad news. The good news is that you’re entitled to deduct expenses to offset your taxable income.

For starters, the biggest expense will likely be the depreciation of your vehicle. The deduction is based on the amounts available for business use, including the limits for so-called “luxury cars.” For instance, if you use the car 75 percent as an Uber or Lyft driver and 25 percent personally, the depreciation deduction is based on 75 percent use. Similarly, you can deduct other expenses of operating the vehicle – oil, gas, insurance, repairs, etc. – based on the percentage of business use.

As an alternative to the detailed recordkeeping required for deducting actual expenses, you can use the IRS-approved standard mileage rate. The standard mileage rate for business driving in 2017 is 53.5 cents per mile. In this case, however, you still must keep records of all your business trips. With either deduction method, you can fully deduct the tolls and parking fees incurred when providing the service.

Also, you can deduct half of the self-employment tax you’re required to pay (see above). This takes some of the sting out of having to pay double the usual rate.

Finally, don’t forget to deduct all those little “extra” expenses you have as a driver. Frequently, drivers provide snacks and water bottles and other goodies for passengers and use of a cellphone is needed for communication. As with other expenses, your deduction is limited to the costs attributable to business use only. To simplify matters, you might acquire a phone to be used 100 percent for this purpose.

Uber and Lyft are the two most well-known companies in this field, but there are a number of other platforms and apps for car services, including Turo, Gett, HopSkipDrive, Lift Hero, Curb, Wingz, USERV and GroundLink. For instance, with Turo, you rent out a car you barely use for cash, while GroundLink offers chauffeured black car service targeted to high-end corporate clients. The options are continuing to expand.

 

 

 

 

 

CFOs: Be the Heart of Data Integration

(CFO) By Tom Bogan, March 21, 2017 – The explosive growth of business data has impacted organizations of all sizes and across all functions. But a big and as-yet-untapped opportunity to harness the power of this data may sit with the office of the CFO.

Recognizing the benefit that access to data can bring, CFOs must now address a host of new, related challenges. These encompass the selection and rollout of collaboration tools and processes, new technology, training, and staffing.

Big data doesn’t distill itself into actionable information. But the ability to take a deep dive into the data that matters most, at the time when it’s most critical, can be invaluable. And this is becoming increasingly vital in the rapidly changing marketplace and dynamic regulatory environments.

Ultimately, CFOs need to embrace the role of “chief data officer” and elevate their focus from tracking, reporting, and static planning to continual gathering and prioritizing, ongoing management, and active planning.

This shift in data ownership is putting CFOs at the heart of data integration. Finance leaders today face rising demand for the intelligent combining of both financial and non-financial data. Increasingly, finance executives require access to — and the power to — utilize all categories of data to get a clear and holistic view of the health of the business, identify areas for improvement and change, and develop the best game-plan based on current conditions.

At the same time, companies of all sizes are increasing the frequency with which they access data. In large part that’s due to the cloud, which creates an expectation for accurate, up-to-the minute, consistent data across divisions, business units, and geographic locations around the globe.

Every day, more CFOs are responsible for incorporating non-financial KPIs into their metrics, to realistically assess the entire business and provide strategic guidance on achieving and sustaining performance. A recent survey found that 76% of CFOs say they are currently tracking non-financial KPIs.

But gathering and assembling operational data — from customer satisfaction to sales pipeline to supply chain performance — is often a manual and cumbersome process, as the data resides in siloed data warehouses.

The data is compartmentalized, but organizations look to the office of the CFO to initiate integration of various systems in order to operate from a single version of truth.

With both process and technology updates, many areas of the business have been automated that weren’t previously, such as customer relationship management (CRM) and marketing automation software. These systems hold rich data that can impact performance and must be aggregated with financial metrics in order to accurately identify key areas for growth, opportunity, and change.

But until that data is integrated, its true value can’t be realized. And, the resulting value that finance teams can deliver to the company in terms of accurate forecasting, reporting, and business-critical decision making in light of sometimes volatile market conditions, becomes a true competitive advantage.

To accommodate these increased demands, CFOs must consider the following three areas:

  1. Process. Integration of data requires teams to develop a new process in how data is gathered, aggregated, shared, reported, and analyzed. Breaking down silos — both from a personnel and system perspective — will be required for organizations looking to embrace an integrated data model.
  2. Technology. The need to incorporate data from disparate systems requires CFOs to gain a better understanding of how to combine critical financial data from their ERP systems with other financial and non-financial systems. New technologies are available that can help CFOs and their teams integrate this data and get a holistic view of the business, but CFOs will need to champion the effort in their organizations.
  3. Talent. The increased collaboration required to successfully work with non-financial data puts new demands on the finance team. The need for “soft skills” to integrate with other functions and business units, as well as a macro view of the business, is changing what it takes to be a leading CFO of the future.

In short, the pace of data accumulation has already surpassed our wildest expectations. Now it is up to organizations to determine how to make efficient and strategic use of the data while it is still fresh and relevant. And successful CFOs will be at the heart of the integration required to realize ongoing, real-time analysis and smarter decision-making.

With the right process, technology and talent in place, the CFO’s role becomes truly transformational for any organization in a fast-paced, competitive industry.

 

 

 

 

 

Samsung Enhances Transparency Over Financial Donations

(Compliance Week) March 13, 2017 – Amid an investigation over bribery claims involving some of its top executives, Samsung Electronics recently announced a series of measures it intends to take to bring greater transparency and accountability in managing financial donations and monetary support for corporate social responsibility (CSR)-related activities and funds.

The measures are aimed at strengthening the review and approval process for donations and payments to CSR-related projects. The company said it will also enhance the review of how these projects are being executed.

Board approval for donations over one billion won. All financial donations and CSR funding amounting to more than 1 billion won (approximately U.S. $871,800) will require the approval from the company’s board of directors.

“This is to enhance the transparency of the management of such donations and funds and to strengthen the compliance by requiring the approval of the board, which is comprised of a majority of outside directors,” Samsung stated.

To date, Samsung only required board approval for endowments that were more than 0.5% of the company’s shareholder equity. Currently, 0.5% of the shareholder equity is approximately 680 billion won (US$592.8 million).

Public disclosure of the resolution. Samsung will disclose details of the financial donations and CSR funding agreed at the board through the DART, the electronic disclosure system operated by the Financial Supervisory Service. Related details will also be made available in quarterly business reports, as well as the annual sustainability report.

Establishment of a review council for preliminary review. To strengthen the preliminary review process, Samsung will establish a review council comprised of the head executives of legal, financial, human resources, and communication departments. The council will meet once a week to review the proposed projects. Any financial donation or CSR funding amounting to more than 10 million won (approximately US$8,718) will be subject to review and will be transferred to the next process only after approval from the review council.

Quarterly review of project execution. The operation of approved financial donations and CSR funding will be reviewed every quarter not only by the review council and management, but also the audit committee of the board. The review by the board’s audit committee, comprised solely of outside directors, will help toward improving transparency related to the execution of financial donations and CSR funding.

 

 

 

 

 

Internal Audit’s Success with Analytics Depends on Strategy, Planning

(CGMA) March 20, 2017 – As a whole, internal audit has embraced the power and speed of data analytics in performing audit functions.

But the specific strategies and applications of data analytics help play a role in separating high-performing auditors from their lower-performing peers. The internal audit groups viewed as more valuable are finding more uses for data analytics while putting processes in place to adapt to ever-changing business conditions.

Two recent survey reports underscore the importance of data analytics in effective internal auditing that goes beyond basic assurance. The Institute of Internal Auditors (IIA) released its annual North American Pulse of Internal Audit survey, and PwC unveiled its annual State of the Internal Audit Profession Study.

Fewer than half of audit leaders in the IIA survey say they use data analytics extensively or occasionally in developing a department audit plan. A far greater percentage use data analytics for risk assessments in specific audit engagements or direct testing of internal controls.

Those who are frequently using data analytics are, essentially, better planners than those who use analytics sparingly.

“You need to have the right people, you need to plan this out, and you need to pick the right technology,” said Doug Anderson, the IIA’s managing director for CAE solutions. “If you don’t, you can easily fall in the trap of wasting your time.”

Wasting time on poor design of data analytics is common in the survey: 58% said it had led to extra work.

Part of that concern is related to the fact that technology is changing quickly. Organizations must continue to invest in tools and staff training, or they risk falling behind. The internal audit skill that is most often cited as one in which staff need more training is data mining and analytics, chosen by 67% of respondents.

“There’s a correlation with how effective they are with how much they invest time and resources in using these tools,” said Richard Chambers, the CEO of the IIA.

Internal audit functions that regularly use data analytics can provide a greater degree of assurance, he said. Just 31% of chief audit executives said they extensively or frequently use data analytics to fully test the accuracy of transactional or other data.

Becoming more agile auditors

PwC’s survey showed that high-performing internal audit functions take a more strategic approach to the use of data mining and analytics: 47% of “agile” internal audit functions have increased the use of data mining and data analytics for continuous auditing, monitoring of trends, and assessing potential impacts of disruption. That’s compared with 35% of lower-performing peers.

PwC defined “agile” internal auditors using two criteria: They have provided significant value to their stakeholders related to helping them deal with disruptive events, and they provide value beyond just executing the internal audit plan on a basic level.

As few in the PwC survey (9%) believe their internal audit departments have achieved trusted adviser status, PwC asked one critical question: What does internal audit need to do to disrupt itself?

“If you keep doing what you’re doing and making incremental change, even if the incremental change provides improvement, is that enough?” said Mark Kristall, a partner in PwC’s Internal Audit, Compliance & Risk Management Solutions practice.

One way to stay at least on pace with a changing business environment is to stay up to date on industry trends. In the PwC survey, 55% said subject-matter knowledge was lacking amongst internal audit to address disruption. That’s not necessarily because of a failure on the part of internal audit leaders, according to Kristall.

“Because of the pace of disruption, it’s hard for internal audit groups – from a staffing perspective – to be able to keep pace with that change,” Kristall said. “One disruptor we talk about is changes to the business. If an organization is going to change its business strategy … internal audit has to make sure it has the skillsets to be able to address the risks associated with that change. That’s a very hard thing.”

That fast-changing environment is one reason the perceived value of the internal audit function has dropped. In the 2016 PwC survey, 54% thought that internal audit offered significant value. In 2017, that perception was shared by just 44% of respondents in the global survey of nearly 1,900 executives.

The IIA survey showed that:

  • 29% of respondents said they increased internal audit staff in 2016, compared with 14% who decreased staff.
  • 30% of respondents expect to increase internal audit staff in 2017, compared with 5% who plan a decrease. That’s up from 25% who planned for a staff increase in 2016.
  • Internal audit focuses 19% of its time on operations, compared with 14% on financial reporting (including Sarbanes-Oxley testing) and 13% on compliance not related to financial reporting.
  • The top five internal audit skills that need more training are data mining and analytics (67%), cyber-security and privacy (52%), analytical or critical-thinking skills (49%), communication skills (45%), and industry-specific knowledge (36%).