Philadelphia Passes Tax Cuts and Breaks for Businesses and Residents

Date June 29, 2022
Categories
Article Authors

Philadelphia’s 2023 budget, passed by the City Council on June 23, will include tax cuts on business income and wages. The city’s business income and receipts tax rate will be reduced from 6.2 percent to 5.99 percent. Taxes on wages are being reduced as of July 1, 2022, for residents from 3.8398 percent to 3.79 percent, and for non-residents from 3.4481 to 3.44 percent. Mayor Jim Kenney heralded the changes to wage taxes, considered among the highest in the nation, as being reduced to their lowest levels in more than 50 years.

In a related move, the Council passed an ordinance designed to move the city toward market-based sourcing for business income and receipts taxes on sales of intangibles and services by providing exclusions for receipts on intangibles used outside the city limits.

Market-based sourcing generally taxes services based on where the benefit of the service is received. In moving toward market-based sourcing, service businesses in Philadelphia will only be required to pay business income and receipts tax on sales delivered to customers located within the city. Market-based sourcing is the trend in state and local taxation. The transition to market-based sourcing should help level the playing field for Philadelphia-based service providers with companies located outside of Philadelphia.

For more information on how rulings and legislation related to state and local taxes might impact your business, contact us at hbksalt@hbkcpa.com or visit our website here.

Speak to one of our professionals about your organizational needs

"*" indicates required fields



New Round of Ohio TechCred is Now Open

Date May 6, 2022
Categories
Article Authors

Eligible Ohio employers looking for financial support to train or upskill employees will have another opportunity to use the Ohio TechCred program. From May 2 through May 31, 2022 at 3:00 PM, eligible employers may submit applications to obtain approval for future reimbursements through this program.

Why TechCred?

Ohio has approved funding that allows Ohio businesses, including manufacturers, to receive reimbursement for certain industry-recognized, technology-focused, and short-term credentials or certificates. Many manufacturers throughout the state continue to struggle finding labor, both skilled and unskilled. TechCred can support the employee recruitment and retention process by:

  • Providing funding (through reimbursement) to support the development of employees’ skills.
  • Supporting the business’s goals, including improving productivity and customer satisfaction.
  • Differentiating the company from others who may not provide similar training, thereby attracting talent.

How to Apply

Interested employers should consider eligibility criteria, including that the business is registered in Ohio and employs Ohio resident W-2 employees. Employers should also review the credential list here. Employers may request approval for credentials not included by selecting “Credential Not Listed” on the application form and answering questions about the credential. All credentials must be a certificate or credential that is industry-recognized, technology-focused, and short-term. Additional information can be found here.

When ready to apply, eligible businesses should submit an application via https://techcred.ohio.gov/apply. Users must have an OH|ID in order to log in to the application.

Other Resources

In addition to TechCred, businesses or individuals seeking assistance in the job market should consider the following resources:

  • Individual Microcredential Assistance Program helps low-income, partially unemployed, or completely unemployed Ohioans participate in training programs.
  • Ohio to Work connects job seekers with employers specifically in the fields of information technology, manufacturing, and healthcare.
  • Ohio In-Demand Jobs Week, from May 2-May 6, focuses on current career opportunities with businesses that are hiring. Organizations participating should visit topjobs.ohio.gov to ensure their event is listed.
  • Ohio Means Jobs offers resources for job seekers, employers, and students in the job market.

For more information regarding these programs or to discuss how labor availability and skills are affecting your business, contact a member of HBK Manufacturing Solutions at manufacturing@hbkcpa.com or 330-758-8613.
Speak to one of our professionals about your organizational needs

"*" indicates required fields



SOC 2 Readiness: Preparing for Your Audit

Date November 3, 2021
Article Authors
HBK CPAs & Consultants

A few tips to make preparations easier.

Preparing for a security audit, or any audit for that matter can be a daunting and complicated task. Smaller organizations may find themselves with limited resources and very few if any, formalized policies and procedures. Conversely, the magnitudes of technologies, processes, and people in larger enterprises can complicate scoping, buy-in, and a host of other issues, even in organizations with an established security program.

But the hurdles your organization must clear aren’t going away. Nor are your customers’ or business partners’ requests for evidence of your security audit or current security practices. Third-party risk security questionnaires and requests for SSAE-18, SOC 1, SOC 2, or ISO certification are here to stay.

Through our extensive work helping organizations overcome the confusion and uncertainty of SOC 1 and SOC 2 audit readiness and preparation, we have encountered and addressed a wide range of client concerns and stumbling blocks. Here are a few tips we have picked up along the way that should make preparing for your next readiness assessment easier.

  • Proper scoping: Every project begins with scoping. Your audit preparations are no different. When scoping your SOC reports, limit the scope to the systems and processes you use to deliver your client services. Document the infrastructure, software, data, and people that support those services. Information security should be instilled throughout your organization, but remember your audience. The final SOC report is intended for your customers and business partners, and their biggest concerns are the systems and processes you use to provision your services and the risk to their organizations.
  • Trust service criteria: When scoping your SOC 2 report, you’ll have to determine which Trust Service Criteria you want to attest to security, availability, confidentiality, processing integrity, or privacy. Note that only security is required. As such, we recommend that you start small. Include only security in the readiness assessment and first-year audit (unless you get specific requests to include other criteria). Starting small helps to reduce costs and upfront workloads. Additionally, you can more easily familiarize your organization with the audit process and requirements, and establish a baseline you can build on.
  • Software: Software can help, but is not necessary. You’ll find many governances, risk and compliance, and assurance software providers who will claim they can automate your SOC process or complete your assessment within weeks. However, many of these companies will not and cannot perform your audits. SOC reports must be issued by a CPA who must adhere to strict guidance and reporting standards, which, in part, is what makes these reports so valuable. Software can help you organize your documentation or map your controls, but at the end of the day, your documentation will have to stand up to the scrutiny of a professional auditor. As will the sufficiency of your controls.
  • Getting started: You probably don’t have to start from scratch. The security criterion includes nine additional “common criteria” that you are likely well on your way to achieving. Remember, SOC reports are more a communication tool than a strict framework. As such, there is no checklist of items that must be included. There are, however, some common themes. Access management, for example. Your organization likely has onboarding and termination processes. But how are they evidenced? Is the process repeatable? Is there a formalized policy? There is no one-size-fits-all access management process, so during the readiness assessment, you’ll want to determine if you can evidence yours to sufficiently meet audit standards.
  • Support: Don’t be afraid to ask for help—and use a professional. Too many organizations spin their wheels for months, even years. First, they try to conduct the readiness assessment themselves, but to no avail due to organizational limitations or a lack of internal resources. Secondly, they’ll bring in a security consultant, skilled perhaps in creating policies and procedures but unskilled in mapping them to the SOC criteria and determining your existing gaps and weaknesses.

Eventually, you’ll find yourself face-to-face with your auditor, there to assess the results of your internal or security consultant-produced readiness assessment, or to finish the readiness assessment, or to conduct the audit. From the beginning, that auditor could have been helping you prepare for your readiness assessment and become familiar with your environment.

Note: you might choose to use two different entities to perform the readiness and audit functions. That often proves beneficial in terms of segregating duties or having two sets of eyes examining your documentation. Still, it is key to use professionals with experience in SOC 2, not just security. Doing so will deliver benefits beyond the assessment and audit. For example, upon the conclusion of our readiness assessment, we provide our clients actionable recommendations that leverage their existing technology and resources to keep the audit process cost-effective.

Readiness assessments are step one in your SOC 2 journey and can take up to 60 days to complete—and that won’t include the audit or the time it takes to remediate gaps and weaknesses, which depends on the significance and number of gaps and weaknesses identified.

Key takeaways:

  • Get it right from the beginning and nail down your scope.
  • Don’t be fooled by automated tools or ads claiming SOC reports can be produced in less than 30 days. I can promise your readers won’t be fooled.
  • Engage your professional advisors sooner rather than later; anything worth doing is worth doing right.
  • Have trust in yourself and your organization. You’re further along than you think. You just have to get started to know where you need to go.

Speak to one of our professionals about your organizational needs

"*" indicates required fields



Ohio Bill Would Establish Data Rights and Set Standards for Businesses

Date July 20, 2021
Article Authors
HBK CPAs & Consultants

Calling it “landmark data privacy legislation,” Ohio legislators have introduced a bill that “would establish data rights for Ohioans while requiring businesses to adhere to specific data standards.” House Bill 376, or the Ohio Personal Privacy Act (OPPA), was announced July 13 by State Representatives Rick Carfagna and Thomas Hall and Lt. Gov. Jon Husted. If the legislation passes, Ohio will join more than 20 other states enacting data privacy legislation and standards.

The Act “would primarily apply to businesses with $25 million or more in gross revenue in Ohio or businesses that control or process large amounts of data,” according to the Ohio House of Representatives’ press release. The bill includes a list of requirements for businesses, including “posting privacy notices and disclosing where data is being sold,” the release noted. There will be certain exemptions for businesses and industries with data privacy standards already in place in accordance with such regulations as the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach Bliley Act requiring financial institutions to explain their information-sharing practices with consumers.

The OPPA offers additional incentives for all businesses. It would change laws and incentivize businesses to be proactive by providing for an “affirmative defense” against legal claims for businesses that develop and implement their own data privacy programs that meet the standards as set forth in the latest version of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (https://www.nist.gov/privacy-framework/privacy-framework).

The NIST framework, like other NIST frameworks, does not offer a third-party assurance program to standardize and oversee reporting. So the question remains: How will businesses demonstrate their “compliance” with the NIST framework and what evidence will be sufficient? And to what degree do we trust self-reporting? The lack of trustworthy and valid self-reporting of the NIST 171 guidelines under DFARS 252.204-7012 is essentially what prompted the U.S. Department of Defense’s Cybersecurity Maturity Model Certification.

Other “privacy frameworks,” such as ISO 27701, offer certification or third-party assurance, allowing businesses to demonstrate the effectiveness of their privacy standards, which is particularly useful should they need to take advantage of the affirmative action’s safe harbor provisions in the event of a breach. As well, the latest version of the American Institute of CPAs’ SOC 2 Trust Services Criteria includes “privacy” as a criterion for businesses and their auditors to report on and communicate an organization’s ability to meet privacy standards. However, it is unclear if any of these mechanisms will suffice to meet OPPA requirements, and to what extent an organization will have to demonstrate its compliance with the NIST Privacy program.

As we await clarity on these issues, one thing is for certain: State regulations are shifting and most businesses will need to implement and maintain a data privacy program. To what degree they will need to communicate assurances to stakeholders is unclear, but something you should be discussing with your advisors.

Speak to one of our professionals about your organizational needs

"*" indicates required fields



The Trump Administration & Tax Reform: A Moving Target

Date March 9, 2017
Categories
Article Authors

Since President Donald Trump was on the campaign trail, there have been varying reports regarding his overall tax plan. From the beginning, there has been a lack of detail, which has lead to uncertainty in tax planning for individuals and businesses alike.

To add to the confusion, Representative Paul Ryan (R-WI), the speaker of the House of Representatives, has pushed forward his own version of tax reform under his overall plan titled “A Better Way.” While some provisions of the Trump plan are similar to the Ryan plan, they are by no means the same.

In early February, President Trump indicated that a major tax announcement will be made within the coming few weeks. What this will look like is anyone’s guess, but it’s likely to have many of the same provisions that President Trump has previously provided.

A large focus of his plans have been a decrease in tax rates, resulting in a top income tax rate of 33 percent for individuals and 20 percent for businesses, and an overall simplification of the tax code. President Trump also indicated that major tax reform will be achieved through the budget reconciliation process.

What Is Budget Reconciliation?

Budget Reconciliation is a Senate legislative process created by the Congressional Budget Act of 1974. The process provides a faster method of instituting legislation concerning taxes, spending and debt limits. Legislation passed through the reconciliation process is not subject to filibuster in the Senate – meaning that the legislation can pass the Senate with a simple majority vote, rather than 60 votes that would be necessary to avoid a defeat through a filibuster. Legislation passed through this process is subject to a 10-year limitation.

Why Will the Trump Administration Use Budget Reconciliation?

The simple answer here is that it provides an easier way of enacting tax reform legislation without having to compromise with the Democrats on specific tax provisions. The Republican Party currently holds a majority in both the House and the Senate. To pass the House, tax reform legislation will simply need a majority vote.

However, in the Senate the Republican Party only controls 52 seats. This means, to avoid a filibuster, President Trump would need to get the support of eight Democrats and/or Independents. This is not likely to happen without significant compromise.

What Is the Downside of Budget Reconciliation?

Again, any legislation passed through this process will be limited to a 10-year period. That means this type of tax reform is simply a patch, and 10 years down the road we’ll be dealing with a new tax overhaul with a new administration and new agenda. This will continue to create uncertainty in planning for both individuals and businesses.

How Can Individuals and Businesses Plan for Tax Reform?

Right now, the best strategy is to wait and see what happens, and continue to utilize the same planning techniques that have been available in the past. While some form of change is likely to occur, this change will probably not affect the 2017 tax year. Many believe tax reform legislation may pass in the fall of 2017, which will give us plenty of time for tax planning before the year ends. As new details continue to come out, we’ll keep our clients informed.

This is an HBK Tax Advisory Group publication.

Speak to one of our professionals about your organizational needs

"*" indicates required fields