Like Losing Your Wallet – Only Worse

Andrea McLane | July 31st, 2015
Panic Mode - Rea & Associates - Ohio CPA Firm

Typically, owners of businesses and their spouses who fail to file their annual retirement plan returns are in full-scale crisis mode – and rightfully so, since missing this deadline results in a penalty that’s about the size of a small fortune.

For most of us, misplacing our keys, losing sight of our shoes and occasionally forgetting to pay the phone bill on time is not a catastrophic phenomenon. It happens; and most likely we will freak out for a minute, find what we were looking for and move on – only to repeat our dysfunctional routine countless times over the course of a lifetime. Forgetting to file your retirement plan returns on the other hand … well, let’s just say that’s typically not a stress-free event.

Read Also: Do You Know What Your Retirement Plan Is Costing You?

Typically, owners of businesses and their spouses who fail to file their annual retirement plan returns (Form 5500-EZ) are in full-scale crisis mode – and rightfully so, since missing this deadline results in a penalty that’s about the size of a small fortune. To be more precise, in years past, those who failed to meet their filing obligation could face a penalty totaling up to $15,000 per return. Fortunately, the IRS recently announced that instead of facing such an extreme late fee, eligible business owners can take advantage of a “low-cost penalty relief program.”

How Much Would You Pay?

The relief initiative, which started as a one-year pilot program in 2014, was tremendously successful, resulting in the collection of about 12,000 late returns. Because of this success, the program secured it’s permanency in May of this year. According to the news release, the program allows eligible business owners and their spouses to file late returns and only pay a $500 penalty for each return submitted with a maximum of $1,500 per plan. Because the IRS caps the maximum penalty at $1,500, applicants are encouraged to include multiple late returns in a single submission.

Eligibility

The IRS says that businesses with plans that cover the owner or the business’s partners (depending on how the business is set up) and their spouses are eligible to take advantage of this low-cost plan. Complete information about the program can be found by clicking here.

Learn More

Remember, your return must be filed annually no later than the end of the seventh month following the close of your plan year. So, for example, if your plan is governed by the calendar-year, as most are, your 2014 return was due today (Friday, July 31, 2015). Did you fail to file your small business’s annual retirement plan returns? Would you like to find out if you qualify for this program? Email a retirement plan expert at Rea & Associates and take control of your IRS debt now.

By Andrea McLane, QKA (Dublin office)

Want to read more about the importance of Retirement Plan Compliance?
Check out these articles:

401(k) Loans and Keeping Your Plan In Compliance
Retirement Roulette
The ‘Van Halen Philosophy’ of Retirement Plan Compliance

Share Button

How to make your building work for you with a cost segregation study

Matt Sanders | July 29th, 2015

Have you recently purchased commercial real estate or invested in construction? If so, you might want to look into getting a cost segregation study. The benefits of a study can mean tax savings and improved cash flow. Smart Business recently sat down with me to discuss the benefits of a  cost segregation study.

For example, if you buy a building and it’s all capitalized as one lump sum on a business’s tax return, then it can only be depreciated over 27 to 39 years … But if you break it down into cost components, the business owner can depreciate certain costs over five, seven or 15 years to accelerate tax deductions.

To find out what a cost segregation study could do for your recent construction investment or commercial real estate purchase. Read the full article here or read more about cost segregation studies by clicking on the article links below. 

Learn more about cost segregation studies and how they can help your small business:

It’s No Secret – Cost Segregation Studies Can Save Business Owners Money

Uncork Bottled Cash Flow with Cost Segregation Studies

Uncover Tax Savings in Your Real Estate Through Cost Segregation

Share Button

How to set up internal controls on limited resources

Michaela McGinn | July 22nd, 2015

Setting up internal controls in your small or midsized business is no easy task. It can be very time confusing, plus running the day-to-day operations always takes priority. I recently spoke with Smart Business to discuss what businesses and organizations with limited resources can do to implement internal controls.

If I handed you a briefcase of $100,000 and said, ‘Here hold this for me,’ would you be OK with that? … [What] if it was $500,000 or $1 million? That’s what you’re doing when you give full access to information and resources with no one monitoring it.”

To find out what your organization can do now and read the full article, visit Smart Business’s website or check out some of the articles below.

By Michaela McGinn, CPA (Dublin office)

Want to learn more about internal controls for your business? Check out these articles:

10 Ways To Implement Internal Controls With Limited Resources

What Are The Top 10 Signs Your Business’s Internal Controls Aren’t Strong?

Does Your Company Have Solid Internal Controls?

Share Button

A Fair Assessment?

Christopher Axene | July 21st, 2015
How Far Back Can The IRS Go To Collect Back Taxes - Rea & Associates - Ohio CPA Firm

When a taxpayer files a false or fraudulent return, the taxpayer waves their right to statute of limitations protection. And if a taxpayer fails to file their income tax return, the IRS is allowed to undertake collection proceedings at any time and without assessment.

Bob recently received a copy of his account transcripts from the IRS. Upon reviewing the paperwork, he noticed that the government agency made note of a “date of assessment,” which prompted him to wonder how the date of assessment was determined? Moreover, he wanted to know what role one’s date of assessment plays with regard to the time frame the government has to collect back taxes.

If you ever find yourself in a situation similar to Bob’s, with questions about your tax history, in addition to speaking with your tax advisor, you can request that a copy of your tax return transcript and tax account transcript be mailed to you. Fill out the online form here, but make sure you are making the request for the current tax year’s transcript or transcripts for three years prior.

If you are requesting transcripts for older tax years or you need a wage and income transcript or verification of non-filing letter, you’ll need to complete Form 4506-T and send it to the address listed on the form’s instructions. Due to a recent security breach, your transcripts will not be sent electronically.

How Far Back Can The IRS Go To Collect Back Taxes?

If the IRS is attempting to collect past due taxes, the agency will assign a date of assessment to your IRS account transcript.

Read Also: IRS Says You Owe More? Don’t Write That Check Yet!

Like many of the invoices you see every day, every item on your transcript will be assigned a code. Your date of assessment is no different. To identify the date of assessment on your account transcript for the tax year in question, look for Transaction Code “150.” Tip: If you are wondering what the other codes on your transcript mean, you can find a comprehensive list here.

As a general rule, the IRS must assess tax, or file suit against the taxpayer to collect the back taxes, within three years after the original tax return was filed. This three-year period of limitation on assessments also applies to penalties. In fact, this rule continues to apply regardless of whether the return was filed on time or not. In general, the statute of limitations will almost always begin the day after the taxpayer files their income tax return.

The Rules May Not Apply

It seems as though there are always exceptions to the rules we work so hard to uphold – taxes are not excluded from this trend. For instance, when a taxpayer files a false or fraudulent return, the taxpayer waves their right to statute of limitations protection. And if a taxpayer fails to file their income tax return, the IRS is allowed to undertake collection proceedings at any time and without assessment.

Parting Shots

While the statute of limitations for assessment is three years after your return has been filed, the IRS still has 10 years to actually collect the assessed tax. Below is an example of the assessment process in action:

  • April 15, 2015 – you filed your 2014 tax return with the IRS
  • March 31, 2018 – the IRS assesses additional taxes on your 2014 tax return
  • The IRS has until March 31, 2028, to collect the additional tax or file suit against you.

While this information may help to shine some light on IRS assessments and statute of limitations rules, every situation is unique and hinges on several specific variables. Your tax advisor can help you sort through codes and details to get you back on the right track. Email Rea & Associates to learn more.

By Christopher Axene, CPA (Dublin office)

Check out these articles to learn more about your responsibilities as a taxpayer:

How Far Back Can The IRS Go For Tax Auditing?

The Truth About Tax Extensions

If Something Happens To me, What Will Happen With My Financial Matters?

Share Button

This Settlement Rocks: Municipalities Can Claim A Portion Of $11.5M

Chad Welty | July 14th, 2015
rock salt settlement - Rea & Associates - Ohio CPA Firm

Photo Courtesy Of WDTN.com
Morton Salt, Inc., and Cargill Inc., the only two companies that mine rock salt in Ohio for commercial sale, agreed to pay a settlement totaling $11.5 million, in an attempt to resolve allegations that the two companies divided rock salt between themselves in an attempt to drive up salt prices.

Mother Nature has never been shy about hammering Ohio with frigid temperatures and record-breaking snowfalls, which is why rock salt continues to be essential in our battle to keep the state’s roads and bridges free from ice. And if you thought your municipality was paying a premium to beef up its salt reserves in the past, you were probably right.

Get Your Money Back

Last month, Ohio Attorney General Mike DeWine announced that the Ohio Department of Transportation (ODOT), the Ohio Turnpike Commission and local government entities may be entitled to get some of the money back that they spent on rock salt between July 1, 2008, and June 30, 2011.

Morton Salt, Inc., and Cargill Inc., the only two companies that mine rock salt in Ohio for commercial sale, agreed to pay a settlement totaling $11.5 million, in an attempt to resolve allegations that the two companies divided rock salt between themselves in an attempt to drive up salt prices. While the companies continue to deny any wrongdoing, they did agree to pay back some of the funds that were charged to public entities across the state.

According to the Attorney General’s Office, all eligible public entities will receive a payment based upon their share of rock salt purchases.

How To Submit Your Claim

To submit a claim, you must complete the official online claim form or the official mail-in claim form no later than Aug. 7.

Your claim must include:

  • Contact information for the public entity making the claim
  • The details of your entity’s salt purchase for each season, including:
    • The quantity (in tons)
    • The cost per ton
    • Total dollars spent
    • Any additional information that may be relevant to your claim
  • Certification that your claim is correct and that you are authorized to submit the form on behalf of your public entity.

While you do not need to submit invoices or other documentation with your claim, you will likely need this documentation to accurately complete your claim. You can click here for answers to other frequently asked questions.

According to an official news release from the Ohio Attorney General, the antitrust lawsuit was brought against Morton and Cargill in Tuscarawas County on March 21, 2012, and alleged that the two companies agreed not to compete in an attempt to drive up the rock salt prices – a practice that persisted for nearly a decade, ending in 2010. As a result, ODOT, the Ohio Turnpike Commission and local government entities allegedly paid “above-market” prices for their rock salt supply, which is an essential resource that aids in their responsibility to keep all Ohioans safe by helping keep roadways, highways and bridges clear of ice.

“I believe that this settlement is a very positive result for the people of the state of Ohio. The millions that will be distributed to the state and to local governments would never have been returned to them if we had not filed this lawsuit and aggressively pursued this case,” said DeWine.

If you need help determining whether your public entity can claim a portion of this settlement or need help navigating the claims process, email Rea & Associates.

By Chad Welty, CPA (Medina office)

Share Button

Could Your Company Be Ransomware’s Next Victim?

Joe Welker | July 8th, 2015
Preempt A Crisis - Rea & Associates - Ohio CPA Firm

While there is no surefire way to prevent a Ransomware attack on your data, it’s wise to implement the following best practices to reduce the possibility of infection or reinfection.

The malware known as CryptoLocker or CryptoWall continues to be a major concern for individuals and companies alike. So much so, that the FBI saw fit to issue a warning just last month and help raise further awareness about the threat.

According to the FBI, this Ransomware continues to evolve, which helps it avoid user’s virus detection software applications – even if they are current. Since April 2014, reported the FBI, there have been 992 incidents of CryptoLocker reported. These occurrences have resulted in the loss of around $18 million.

Read Also: How Much Is Your Data Worth To Criminals?

The Threat Is Real

Ransomware is a computer infection that’s been programmed to encrypt all files of known file types on your local computer and your server’s shared drives. Once it takes hold, it’s all but impossible for you to regain access to the data that’s been infected. Once this happens, you have one of two choices. You can:

  1. Restore their machine by using backup media, or
  2. Accommodate the hacker’s demands and pay up.

As a direct result of my experience as an IT audit manager, I have been made aware of several situations in which businesses were left with no choice but to succumb to the demands of malicious cybercriminals carrying out Ransomware attacks. And while the companies I have worked with were finally able to obtain their assailant’s encryption key code to unencrypt and regain access to their data after the ransom was paid, others are not as lucky – after all, the FBI has reported $18 million worth of losses in just over a year. Furthermore, there are no guarantees that you won’t be targeted again in the future.

Preempt A Crisis

While there is no surefire way to prevent a Ransomware attack on your data, it’s wise to implement the following best practices to reduce the possibility of infection or reinfection.

  • Implement mandatory computer safety training for all employees and implement and test an IT Disaster Recovery Plan in place.
  • Always use reputable antivirus software and a firewall and be sure to keep both up to date.
  • Put your popup blockers to good use. Doing so will help remove the temptation to click on an ad that could infect your computer.
  • Limit access to company’s data by ensuring that only a few employees have access to certain folders and data. You can facilitate this type of action by conducting annual reviews of your company’s employee access rights.
  • Backup all company-owned content. Then if you do become infected, instead of paying the ransom, you can simply have the Ransomware wiped from your system and then reinstall your files once it’s safe again to do so.
  • Never click on suspicious emails or attachments, especially if they come from an email address you don’t recognize. And actively avoid websites that raise suspicion.

Shut Down The Attack

If you are surfing the Web and a popup ad or message appears to alert you that a Ransomware attack is in progress, disconnect from the Internet immediately. Breaking the connection between the hacker and your data could help stop the spread of additional infections or data losses. In addition to informing your company’s IT department about the threat or occurrence, be sure to file a complaint with your local law enforcement agency. The IC3, formerly known as the Internet Fraud Complaint Center, also encourages you to file a report at www.IC3.gov.

Email Rea & Associates to learn more about the importance of your company’s online security.

By Joe Welker, CISA (New Philadelphia office)

 

Related Articles

Beware Of The Small Business Wire Transfer Scam
Could A Cyber-Attack Cripple Your Business In 2015?
8 Tips For Crafting A Strong Password

Share Button

10 Ways To Implement Internal Controls With Limited Resources

Michaela McGinn | July 7th, 2015
How To Implement Internal Controls With Limited Resources - Rea & Associates - Ohio CPA Firm

Putting internal controls to work in your business doesn’t have to be an overwhelming task and you don’t necessarily need to beef up your workforce to get started. Start by simply picking a few key controls that can be easily woven into your daily or monthly processes and begin implementing a few changes at a time.

You’ve probably heard about how critical it is to establish internal controls throughout your business. But if you happen to own a small or midsize company, you may have dismissed this best practice in favor of maintaining your daily operations, optimizing customer service and streamlining your growth initiative. While running a successful business greatly depends on your ability to manage a variety of responsibilities, don’t let yourself become complacent when it comes to protecting your lifework from fraudulent activity. The mistake of ignoring the importance of internal controls in your business could end up costing you greatly.

Read Also: Where There’s Smoke, There’s Fire: 5 Internal Control Tips That Can Save Your Business From Fraud

Who’s Watching Your Money?

Would you be comfortable asking someone to watch a briefcase full of your cash, say $100,000? What if it held $500,000 or $1 million? Are you confident that your money would be there when you returned? Believe it or not, that’s essentially what you are doing every day when you run your business without internal controls – you are willingly handing over full access to your most valuable asset.

How To Address Your Internal Control Needs

Even if you don’t have the resources to implement a comprehensive internal control structure, there are still options available that can effectively provide your business with a level of oversight. Before you get started, be sure to consider the difference between preventative controls and detective controls.

As the owner of a small- to midsize-business, you may want to consider implementing a strategy that takes advantage of detective controls, which are typically put in place for the purpose of reviewing data for human error while ensuring that your assets remain secure. One example of this type of control is when, after your accounts have been reconciled, a reconciliation review is conducted to ensure accuracy.

Because of their size, smaller companies are more likely to give a few individuals full access to their business’s funds. These employees are often in charge of making deposits, issuing checks, managing payroll and performing monthly bank reconciliations. Enacting detective controls will not only provide you with the peace of mind you need, it may help take weight off of the shoulders of a trustworthy employee who would rather not have their trust questioned.

Preventative controls, on the other hand, are established by companies seeking to ensure that something doesn’t happen in advance. An example of a preventative control is when transaction limits and segregation of duties are established. This type of control can be very effective, but are oftentimes more difficult for smaller companies to establish due to the lack of resources they can commit to such a strategy.

10 Ways To Implement Internal Controls In Your Business

  1. Document and re-evaluate your operational processes (at least) annually.
  2. Make sure that more than one employee is familiar with your company’s operational processes to protect your business against unforeseeable circumstances, such as sickness, job loss or death.
  3. Conduct monthly reconciliations of key accounts (i.e. receivables, cash, inventory, payables, payroll costs, etc.) Then have these monthly reconciliations independently reviewed.
  4. Implement an approval process for employee spending.
  5. Establish transaction limits.
  6. Restrict access to your company’s general ledger to only a few key individuals.
  7. Review your vendor lists to ensure that they are current and accurate.
  8. Assign someone to review standard and nonstandard journal entries.
  9. Form a policy for creating credit limits for customers – and review it regularly.
  10. Review whether there are other areas unique to your business where employees may be able to manipulate information and identify how to monitor them.

Putting internal controls to work in your business doesn’t have to be an overwhelming task and you don’t necessarily need to beef up your workforce to get started. Start by simply picking a few key controls that can be easily woven into your daily or monthly processes and begin implementing a few changes at a time. Before you know it, aspects of your internal control strategy will become so commonplace that you may begin to wonder how you ever got by without them.

Email Rea & Associates to learn more about the benefits of an internal control strategy.

By Michaela McGinn, CPA (Dublin office)

 

Related Articles

What Are The Top 10 Signs Your Business’s Internal Controls Aren’t Strong?

Does Your Audit Process Protect You From Fraud?

Does Your Company Have Solid Internal Controls?

Share Button

Don’t Turn A Blind Eye To PCI Compliance

Joe Welker | July 2nd, 2015
PCI Compliance and Data Security - Rea & Associates - Ohio CPA Firm

Although you may employ a vendor to process credit card payments, it is still your client’s data and the ultimate need to protect that data is assumed by you.

You probably don’t have a lot of spare time on your hands. Between managing your business and employees, to ensuring your clients’ needs are being met. The last thing you might be concerned about is adhering to Payment Card Industry (PCI) Data Security compliance standards. But hold up. If your business (or any of your vendors) deals with client cardholder data or stores this information anywhere in your business’s IT systems, PCI standards are not something to ignore. It could be the difference between your business surviving and thriving or going down the drain.

PCI Data Security Best Practices

In November 2013, the Payment Card Industry (PCI) Data Security Standard version 3 was released. There were five requirements defined as “best practices.” And as of June 30, 2015, these requirements are mandatory and may affect your organization.

The Payment Card Industry (PCI) Data Security Standard v3.0 data sheet describes the need for compliance as: “All applications that store, process, or transmit cardholder data are in scope for an entity’s PCI DSS assessment, including applications that have been validated to PA-DSS.”

The two requirements that could most affect your organization are Requirements 12.9 and 9.9.

  • Requirement 12.9 – Additional requirements for service providers: Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.
  • Requirement: 9.9 – Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution.

So what exactly do these requirements mean for you (and your vendor)? In essence, Requirement 12.9 requires third parties to provide in writing the details of its role in providing PCI compliancy, as well as any requirements of your organization. Requirement 12.9 is relevant to Requirement 9.9 as it relates to devices used to scan or input credit card information. The vendor’s compliancy requirements could require the entity to adhere to Requirement 9.9 by protecting and monitoring devices used by the entity to scan or input credit card information. And because it’s ultimately the responsibility of your organization to protect client credit card information, it is important that your business obtain the PCI requirements of any vendors you work with and adhere to the requirements of their PCI Compliancy Standards.  It is always best practice to document in detail when testing for PCI or communicating with your vendor.

Remaining Three Best Practice PCI Compliance Requirements

The other three PCI compliance “best practice” requirements are listed below. These may or may not be items to be addressed by your organization depending on your current PCI classification. It’s best to review and determine if your entity needs to add to your current PCI testing procedures.

  • Requirement: 6.5.10 – Broken authentication and session management. Secure authentication and session management prevents unauthorized individuals from compromising legitimate account credentials, keys, or session tokens that would otherwise enable the intruder to assume the identity of an authorized user.
  • Requirement: 8.5.1 – Service providers with remote access to customer premises (for example,  for support of POS systems or servers) must use a unique authentication credential (such as a password/phrase) for each customer.
  • Requirement: P. 93 11.3 P. 55 6.5 – Implement a methodology for Penetration testing.  See P. 93 of the Payment Card Industry (PCI) Data Security Standard v3.0 data sheet for details.

The End of Outdated Secure Sockets Layer Encryption Protocol

Finally, in April 2015 the PCI Security Standards Council published a new version of the Payment Card Data Security Standard that calls for ending the use of the outdated Secure Sockets Layer (SSL) encryption protocol. The new standard requires that the use of SSL be discontinued and replaced by the use of the more secure Transport Layer Security (TLS) protocol. The deadline for this change has been set at June 2016.

Remember, although you may employ a vendor to process credit card payments, it is still your client’s data and the ultimate need to protect that data is assumed by you.

We hear of new breaches daily, so it’s in the best interest of your organization to know the responsibilities of your organization for PCI Compliancy.  Don’t assume that all the responsibility is on a third party vendor because it is all of our responsibility to maintain security and keep the integrity of our data secure.

By Joe Welker, CISA (New Philadelphia office)

 

Related Articles

Do You Know Who Has Access To Your IT Network?

How Can I Protect My Business From A Data Security Breach?

How Much Is Your Data Worth To Criminals?

Share Button

Obamacare Lives Another Day

Joe Popp | June 25th, 2015
United States Supreme Court Says Obamacare Will Live Another Day - Rea & Associates - Ohio CPA Firm

Certainly, for those who will retain their health care as a result of the Supreme Court’s decision, the outcome was optimal. But if you’re a business owner, you may not agree with the ruling.

The United States Supreme Court upheld a key provision of the Affordable Care Act Thursday after the justices released its 6-3 ruling on King v. Burwell, which will leave the law in tact in its current form. The four-word statutory passage – “established by the State” – stood at the heart of the case and the nine justices set to deliberate the interpretation of these words.

If taken literally, they would have rendered Obamacare immobile in many states. However, the judges opted to look beyond these words and interpret them in light of the rest of the law – which left healthcare subsidies intact for individuals and families throughout the nation.

Read Also: Obamacare: Discrimination Is Not An Option

“This case is about whether the Act’s interlocking reforms apply equally in each State no matter who establishes the State’s Exchange,” according to the official Opinion of the Court, which points to the provision that allows the federal government to establish a state’s exchange if the state fails to establish its own.

After much deliberation, the court found that phrase in question should be interpreted in context. According to the court’s formal opinion, the law “allows tax credits for insurance purchased on any Exchange created under the Act. Those credits are necessary for the Federal Exchanges to function like their State Exchange counterparts, and to avoid the type of calamitous result that congress plainly meant to avoid.”

“We don’t look at four words, said Justice Elena Kagan. “We look at the whole text, the particular context” to gain “an understanding of the law as a whole.”

The Right Decision?

Was the decision of our nation’s highest court the right one? Well, as always, it depends who you’re asking.

Certainly, for those who will retain their health care as a result of the Supreme Court’s decision, the outcome was optimal. But if you’re a business owner, you may not agree with the ruling.

What is clear is that (at least for now) Obamacare is here to stay. Business owners and professional service providers must continue to work to understand it and to identify the best way to work in tandem with its multitude of provisions.

To learn more about your responsibilities under the Affordable Care Act, email Rea & Associates.

By Joseph Popp, JD, LLM (Dublin office)

 

Related Articles

Are You Prepared To Pay? Obamacare’s Shared Responsibility Provision
Health Insurance Options: Shop, Drop, or Self-Insure?
How Will ACA Federal Exchange Premiums Affect Ohio Small Businesses And Consumers?

Share Button