AICPA Unveils Cybersecurity Risk Management

BY Nathan Kalepp

One only needs to skim the daily news to realize that hackers are getting better and cybersecurity is more important than ever. The most recent cyberattack was a strain of ransomware that spread itself across all workstations in a network, causing a global epidemic. It is estimated that this attack impacted more than 200,000 victims in at least 150 countries. Luckily, a programmer developed an internal “kill switch,” which disabled the malware from spreading any further. Regardless of whether your system was impacted by this outbreak or not, there are many lessons to be learned; principally, the need to reinforce fundamental security practices to prepare for the future.

Taking these recent outbreaks into consideration, it is evident that organizations need to make cybersecurity risk management a top priority. To help leaders in the accounting profession reach this goal, the American Institute of Certified Public Accountants (AICPA) has unveiled a cybersecurity risk management reporting framework that will help companies and auditors communicate cyber risk readiness to stakeholders. The framework is long overdue. Until now, a common language for companies to communicate about their cybersecurity risk management was non-existent. The AICPA’s new framework includes three main resources:

  1. Description criteria used by management to explain the organization’s cybersecurity risk management program in a consistent manner and for use by CPAs to report on management’s description.
  2. Control criteria used by CPAs providing advisory or attestation services to evaluate and report on the effectiveness of the controls within a client’s program.
  3. Attest Guide, Reporting on an Entity’s Cybersecurity Risk Management Program and Controls, will be used to assist CPAs engaged to examine and report on an entity’s cybersecurity risk management program.

Cyber threats are constantly evolving; and unfortunately, your cash and customer information are desirable targets. Providing assurance to your team and stakeholders requires intentionality and a plan. Having strong cybersecurity measures in place will help safeguard sensitive information, and the AICPA’s new reporting framework will help you better communicate your preparedness to key stakeholders. If you need any guidance in this area, please reach out to one of our professional staff.

New Form I-9 for Employment Eligibility Verification, Effective 1/22/2017

BY Bernie Hull

Congress passed the IRCA (Immigration Reform and Control Act) in 1986, which required the use of the Form I-9 to verify identity and employment authorization for all new employees, including U.S. citizens hired after November 6, 1986. New hires are required to complete this form within three (3) business days of the date of hire. Employers are required to retain the completed Forms I-9 for all employees, as long as the individuals work for the employer and until one year after the date the employment is terminated or three years after date of hire, whichever is later.

On November 14, 2016, USCIS (U.S. Citizenship and Immigration Services), published a revised version of the Form I-9. Employers must begin using the new version by January 22, 2017.  The form has been modified to make it easier to complete on a computer, including prompts to ensure information is entered correctly and drop down lists and other enhancements.

You may obtain a copy of the new form (paper version and fillable PDF version) and a copy of the Handbook for Employers—Guidance for Completing Form I-9 (publication M-274) at the official website www.uscis.gov/i-9.  There is no fee to obtain these forms via this website.

Preparing Your Business for the New 2017 Filing Deadlines

BY Brittany Gerth

This is a reminder to employers and small businesses of the new January 31 filing deadline for Form W-2.  A new federal law, aimed at making it easier for the IRS to detect and prevent refund fraud, will accelerate by a month the W-2 filing deadline for employers from February 28 to January 31.

The Protecting Americans from Tax Hikes (PATH) Act, enacted last December, includes a new requirement for employers. They are now required to file their copies of Form W-2, submitted to the Social Security Administration, by January 31. The new January 31 filing deadline also applies to certain Forms 1099-MISC reporting non-employee compensation such as payments to independent contractors. As it relates to Form 1099-MISC, the new filing deadline will only impact filers that report nonemployee compensation payments in box 7.

In the past, employers typically had until the end of February, if filing on paper, or the end of March, if filing electronically, to submit their copies of these forms. Also, there are changes in requesting an extension to file the Form W-2. Only one 30-day extension to file Form W-2 is available, and this extension is not automatic. If an extension is needed, a Form 8809 Application for Extension of Time to File Information Returns must be completed as soon as you know an extension is necessary, but by no later than January 31.

The new accelerated deadline is intended to help the IRS improve its efforts to spot errors on taxpayer filed returns. Receiving W-2s and 1099s earlier will make it easier for the IRS to verify the legitimacy of tax returns and properly issue refunds to taxpayers eligible to receive them. According to, the IRS it will make it easier to release tax refunds more quickly.  The January 31 deadline remains unchanged and has long applied to employers furnishing copies of these forms to their employees.

We anticipate the new deadline will increase your businesses workload. To minimize stress, we recommend the following steps:

  • Verify your employee filing status and confirm their mailing addresses before December 31, 2016.
  • Verify form W-9 information (for your 1099-Misc contractors) is completely up-to-date and accurate.
  • Collect all the necessary information to ensure your forms are “good-to-go” on or about Monday, January 2, 2017.

The professionals in our office can answer any questions you may have about the new filing deadlines and how they will impact your business, call us today.

Tips to Avoid Embezzlement

BY Bernie Hull

Why does something like this happen to good people—Trust. According to FBI profiles, an embezzler is typically an employee with 5-6 years of experience, often described as good-to-above average, highly desirable, reliable, bright, motivated, trustworthy, and an achiever with good self-control. The typical motive is the need for money caused by a specific problem.”

Potential warning signs:

  • Unusual behaviors—for example, making sure she always gets the mail, intercepts phone calls, never takes vacation—even when on vacation, etc.
  • Lack of timeliness in updating/reconciling the accounting records

Do you have to stop trusting people to avoid such a thing from happening to you? No, but you need to implement good internal controls to reduce the risks. In my opinion, an honest bookkeeper would welcome the fact that controls are put in place—if for no other reason than to avoid the risk of ever being accused of wrongdoing.

Tips to consider:

  • Hire smart—develop accurate job descriptions and MUST do reference checking. During reference checking, make sure you ask former employers, “Would you rehire this person?”
  • Evaluate your internal controls—either on your own, or with the help of your CPA. (IC questionnaire)
  • Remember that as a manager or small business owner you are ultimately responsible for the numbers—so get involved in the process
  • Receive all mail—consider having post office hold mail until you return from vacation, if office is closed in your absence.
  • Review statements from vendors. Many vendors have stopped sending statements, but they will send late notices. Make sure your business is in good standing with vendors. Long overdue invoices may be an indication that a check you thought was going to a vendor actually went in someone else’s pocket, or that an invoice had been overlooked.
  • Receive bank statements directly, unopened. Insist on cancelled checks or check copies. Review cancelled checks for reasonableness of date, payee, amount, authorized signature and endorsement on the back of the check.
  • Review the bank reconciliation every month. This step is particularly important if you have one person doing the bookkeeping, writing checks, posting entries, preparing financial statements. Look closely at any adjustments to the bank accounts. Are there any old outstanding checks/deposits listed on the bank rec.?
  • Scan the check register periodically (every 3-4 months) to verify all payees and amounts paid make sense. Multiple checks written around the same time to the same vendor could be an indication that funds are being diverted—or just an inefficient use of time to write and code multiple checks. Verify check number sequences.
  • Review all credit card statements—are all charges authorized? Look for unusual late fees and finance charges. Pay off credit card balances monthly to avoid late fees. (Financial management point—check into lining up a line of credit with your bank—before you need the money, to manage short term cash flow/seasonal issues—at a lower rate and fees than a credit card.)
  • Review all payroll tax reports—consult with your CPA to verify deadlines and make sure that all reports are filed on time. Consider asking for account transcripts from the IRS and contact WDR at least annually to verify that all taxes were paid on a timely basis and that there are no balances outstanding.
  • Review payroll registers – review frequency of paychecks and amounts paid for reasonableness. Hand out pay checks/ pay stubs.
  • Review your accounts receivable aging summary schedule on a regular basis. This is beneficial not only to determine if you have any slow paying customers. It may also disclose if any customer payments have been misapplied.
  • Evaluate controls over inventory. Establish records to properly and consistently track inventory. Do period physical inventory counts and compare to your perpetual inventory system. Are controls implemented to reduce risk of theft?
  • DON’T EVER pre-sign blank checks. Keep all blank checks in a secured location—with you controlling the key/combination. (Anyone can forge a check.)
  • Make sure employees who can handle cash are bonded. Do you have embezzlement/theft insurance in place? Is it adequate to cover a potential loss and professional fees to determine amounts taken?

Preparing Your Business for New Filing Deadlines

BY Robert Sorensen

In July of 2015, President Obama signed into law a new Highway Funding Bill. Section 2006 of that bill modifies the tax filing due dates for tax years beginning after December 31, 2015. The filing deadlines for a variety of entities, including partnerships and C corporations, will change.

As a business owner, it is important to be aware of the new filing deadlines to make sure you are submitting tax returns timely. The following two questions will determine your due date:

  1.  What entity is your business considered?
  2.  When is your tax year end date?

The new due dates are effective for tax years beginning after December 31, 2015 with the exception of C Corporations with fiscal years ending on June 30 (new due dates for June 30 year ends will go into effect for returns with taxable years beginning after December 31, 2025).

We have highlighted below some of the major changes. For a complete list of new due dates, please refer to our giveaway this month, a copy of the AICPA’s resource which includes a list of all original and extended tax return due dates.

Return Type Prior Due Dates New Due Dates
Partnership (calendar year) April 15 March 15
S Corporation (calendar year) March 15 No change
C Corporation (calendar year) March 15 April 15
FinCEN Report 114

(Replaces FBAR return)

June 30 April 15
Individual Form 1040 April 15 No change
 

Extension Modifications for Calendar Year Filers

Form Extension
1065 6 Months
1041 5 ½ months
5500 3 ½ months
990 6 months
3520-A and 3520 6 months
FinCEN report 114 6 months
 

Extension Modifications for C Corporations

June 30 FYE 7 months
December 31 FYE 5 months
All other FYE’s 6 months
After 12/31/25 All revert back to 6 months

Will individual tax filers be affected by the new due dates?

Yes, those who file foreign bank account reports will notice a change. The due date for FBARs will move from June 30 to April 15. FBAR filers are also applicable to receive a six-month extension, similar to tax returns.

 Trust Returns

The extension dates for trust returns are receiving an extension. Trust returns are still due in April, but the extension will change from September 15 to September 30.

You will want to review your return-filing procedures and determine what changes need to be made to comply with the new dates. The professionals in our office can help you understand how this will affect your business; call on us today.

Bauman Associates Announces Expansion of Hudson Office

BY Bauman Associates

Hudson, WI – November 23, 2015: Bauman Associates plans to expand its Hudson office by combining employees from its neighboring River Falls office. According to Managing Principal John Satre, this move will help the firm better serve clients in both the River Falls and Hudson markets.

By combining the River Falls and Hudson teams in one location, clients of both offices will benefit from larger client service teams and broader industry expertise. Additionally, consolidating the two offices into one will also help the firm to reduce overhead costs and allow the firm to maintain its competitive billing rates.

By December 1st, the firm plans to close its River Falls office and relocate all of these employees to its Hudson office. The address for the Bauman Associates expanded Hudson office will remain the same: 816 Dominion Drive, Suite 201, Hudson, WI 54016. The office main phone line is 715.386.8181.

About Bauman Associates, Ltd
Bauman Associates was founded in 1947 as a certified public accounting firm and has offices in Eau Claire and Hudson, Wisconsin. The firm provides multi-discipline professional services to businesses and individuals including business consulting; technology training; human resource consulting; tax strategy, planning and preparation; accounting and auditing services; and estate, trust and retirement planning. For more information, visit www.baumancpa.com or call 888-952-2866.

###

A Story About Employee Embezzlement

BY Bernie Hull

(The names in this story have been changed to protect the innocent and allegedly guilty…)

On Saturday, May 17, 2008, I received a call from Jane Victim, a client and a friend. She said, “I need your help.” I just learned that my long-time office manager, Sally Sly, has been stealing from me. “ It was hard to believe—I mean, Sally, was the typical “girl next door”, Jane’s right-hand woman, and someone who was believed to be one of Jane’s best friends. (Heck, I would say that she is one of the nicest people you could ever meet.)

Jane had been contacted by an associate who shared the same office building as Jane. The associate told her that she had heard from their office staff that Sally had been acting strangely, and apparently had been hiding things from Jane. For example, did Jane know that an IRS agent had stopped by the office last December with the threat of a tax lien to be levied against Jane’s business assets? And did Jane know that her business trust account had been overdrawn at one point and that a letter had been received from the state with a warning?

Jane confronted Sally and asked her to tell her what had been happening and why Sally hadn’t told her. Sally started sobbing and saying, “I don’t want to go to jail.” Jane asked, “Why do you think you would go to jail?” Sally admitted, ”…because I stole money from you.”

“How did you do it?” Jane asked.

“You know those checks you would sign and leave with me when you went on vacation? I wrote those checks to myself,” Sally confessed.

“How long have you been doing this?” Jane asked.

“Just a few months in 2007,” Sally replied.

“Any in 2008?” Jane asked. “No.” “Any other year?” “No,” Sally repeated.

So, how much did she take, and how did she do it?

I began the investigation by looking at the accounting records, bank statements and cancelled check copies to look for checks issued to Sally. The more we looked, the more we found. (I was told that the rule of thumb for embezzlement is that you take the amount given by the embezzler and multiply it by 5 or 10 times the amount—that it ALWAYS turns out to be more than you would expect. Unfortunately the rule was on target…

The results of the testing indicated that:

* More than $85,000 was discovered to have been taken by Sally from 2001 to 2008.—via checks issued to Sally or her husband—some as extra paychecks, some as checks actually issued to her, but recorded as to another vendor, etc. Additional amounts could have been taken—potentially through petty cash, cash receipts from clients that were never deposited, etc. The ways that it was covered up was truly masterful, in my opinion—in a nauseating sort of way…

But Jane incurred more losses than the amount determined to have been taken by Sally:

  • Sally transferred money from the trust account to the operating account to fund the amounts she took—they were recorded in the accounting records as “income.” Jane needed to borrow more than $75,000 to cover the accumulated deficit in this account.
  • We discovered that a business charge card that Jane had thought had been cancelled, was still open and accumulating large finance charges and late fees of more than $8.000 from 2006-2008.
  • The accounting records showed that the payroll taxes were being paid in a timely manner. Because she didn’t file all payroll tax reports on time and stopped paying the payroll taxes for a while, interest and penalties had accrued to over $6,000 for 9/30/06 through 2007. (Sally had paid these amounts after the visit from the IRS agent, and coded the checks to “office expense.”)
  • And she lost a “trusted friend”…

So, why does something like this happen to good people—Trust. According to FBI profiles, an embezzler is typically an employee with 5-6 years of experience, often described as good-to-above average, highly desirable, reliable, bright, motivated, trustworthy, and an achiever with good self-control. The typical motive is the need for money caused by a specific problem.”

So, do you have to stop trusting people to avoid such a thing from happening to you? No, but you need to implement good internal controls to reduce the risks. In my opinion, an honest bookkeeper would welcome the fact that controls are put in place—if for no other reason than to avoid the risk of ever being accused of wrongdoing.

Tips to consider:

  • Hire smart—develop accurate job descriptions and MUST do reference checking
  • Evaluate your internal controls—either on your own, or with the help of your CPA
  • Remember that as a manager or small business owner you are ultimately responsible for the numbers—so get involved in the process
  • Receive bank statements directly, unopened. Insist on cancelled checks or check copies. Review cancelled checks for reasonableness of date, payee, amount, authorized signature and endorsement on the back of the check
  • Review all credit card statements—are all charges authorized? Look for unusual late fees and finance charges
  • Review all payroll tax reports—consult with your CPA to verify deadlines and make sure that all reports are filed on time
  • DON’T EVER pre-sign blank checks

There are many more tips, but not enough time to present them today.