While the legalization of adult use of marijuana is currently off the table in New Jersey, New Jersey and other states will have to contemplate taxation in anticipation of future legalization. Determining a “right” sales tax that balances revenue receipts as it serves to eliminate a black market is not an easy task.  The following article sheds light on various marijuana taxation methodologies. (For purposes of this article, local taxes are not being considered.) There are two primary ways states tax the sale of adult use marijuana products: as a percentage of the selling price, similar to sales tax, or by weight. Taxing based on sales is easier to calculate. However, prices will likely decline once the market matures (see FIGURE 1), so tax revenue will decrease as well. As well, vertically integrated businesses could manipulate markups to reduce the tax burden. The Colorado Department of Revenue’s Marijuana Enforcement Division reported pounds of flower and bud sold in 2018 as of the date of the writing of this article. They had not reported revenue.  The Average Market Rate per pound of has been reported and, as shown in FIGURE  1, decreased significantly in 2018, then started to rebound in 2019.  
Weight-based taxes are more complicated in that it requires determining the amount of the tax and when the tax is assessed.  For example, a weight-based tax could be assessed at the cultivator, processing or retail level.  At the retail level, taxes would need to be set at different rates for different types of products: flower, concentrates, edibles. When taxing edibles, how would the non-cannabis ingredients be accounted for?  When taxing tinctures, would the potency and quantity be considered? There are significantly more factors to consider when ‘weighing’ the options of a weight-based tax. History indicates that prices tend to be higher immediately following legalization; lower tax rates can encourage the legal purchase of cannabis.  When prices decline, tax rates could be increased, keeping out-of-pocket costs to consumers the same or almost the same.  If taxes are too high, whether weight-based or assessed as a percent of sales, many customers will continue to purchase through the black market.  States must also consider that when the United States de-schedules or legalizes marijuana, it is highly likely a federal excise tax will be placed on sales of the product.  This will replace the burden of Internal Revenue Code Section 280E currently burdening business taxpayers. What is the effect in dollars of taxing based on a percent of sales versus weight? To illustrate, we analyzed Colorado’s reported sales and the wholesale weight of flowers/buds sold from January 1, 2014, to December 31, 2018.  As Colorado has not yet reported weight data for 2018 yet, we used the 2017 monthly data adjusted for the year-over-year sales increase. These computations are for illustrative purposes only and are subject to the following assumptions:

• includes only the weight of sales of flowers/buds;
• assumes no markup no profit made by the cultivator, distributor, or retailer; and
• ignores local taxes.

FIGURE 2 reflects a computation of tax revenue (medical and adult use) for the first four years of legal adult use in a state with a population of 8.908 million (specifically New Jersey).  
Based on this analysis, total sales tax collected for the five years was $52.8 million greater using a weight-based tax structure of $42 per ounce compared to the 12% percent of sales tax.  Obviously, the 25% tax rate would generate more revenue – but it would likely be a less effective means of eliminating the black market.   Examples of Sales Tax on Marijuana  
As FIGURE 3 shows, the process of taxing marijuana can range from simple to complex and the amounts of tax collected can vary significantly.   Nine states (and Washington DC) do not impose their general sales tax on medical marijuana while four states (Alaska, Delaware, Minnesota, and New Hampshire) do not levy sales taxes. FIGURE 4 illustrates a sample transaction ($250 per ounce based on no markup of product and all taxes being passed through to the consumer) in both medical and adult use markets and the different amounts that would be charged to the ultimate consumer and the taxes collected.  On the medical side, the purchase of an ounce of marijuana results in a purchase price ranging from $250 to $342.50, depending on the state.  For adult use, the price paid would range from $282.50 to $360.75.  
Under the weight-based tax structure ($42 per oz), the consumer’s cost for medical marijuana would be $266.63 (the fourth lowest, with two states levying no taxes).  For adult use, the $42 per ounce tax would result in being at the halfway point compared to other states.  It is very important to realize that the price will not be the same in all states and that this example is presented for comparison purposes only. Sources: Colorado Marijuana Enforcement Division’s Market Size and State Demand for Marijuana in 2017 – Market Update (Aug. 2018) https://www.colorado.gov/pacific/sites/default/files/MED%20Demand%20and%20Market%20%20Study%20%20082018.pdf Colorado Marijuana Enforcement Division: 2016 Annual Report https://www.colorado.gov/pacific/sites/default/files/2016%20MED%20Annual%20Report_Final.pdf Colorado Marijuana Enforcement Division’s Market Demand and Size Study, July 2014 https://www.colorado.gov/pacific/sites/default/files/Market%20Size%20and%20Demand%20Study%2C%20July%209%2C%202014%5B1%5D_3.pdf https://www.colorado.gov/pacific/revenue/colorado-marijuana-tax-data https://www.colorado.gov/pacific/revenue/colorado-marijuana-sales-reports https://www.colorado.gov/Tax/marijuana-taxes-file Economic Impact of Tourism in New Jersey, 2017 – January 2018) https://www.visitnj.org/sites/default/files/2017-nj-economic-impact.pdf

There are no more excuses to bury your business’s head in the sand. The data and cyber theft threats are real. And imminent. And not just for big corporations or large government organizations. Attackers are at your front door … or worse.

There are three areas that need your consideration when it comes to protecting your data from cyber attack.

FIRST: To Error is Human: Have your processes and controls assessed and take stock of your level of cyber preparation. Pay special attention to your “human” vulnerabilities, as most cyber thefts are the result of someone either unwittingly or purposely allowing a breach to happen. The best software in the world can’t keep someone inside the organization from gaining access to your systems and processes.

Do it now. If you are defenseless you could have to pay ransomware to stay in business. Or worse, you might not be able to afford to stay in business.

SECOND: Assess your vendors and third-party providers. It’s much like going to a doctor’s office in the morning for a checkup, then having your immune system attacked by the malady of the day by a virus you picked up from someone sitting next to you in the waiting room. It’s the same with vendors and those who service them. They can infect your systems in spite of your best efforts. It was the root cause of the Target data breach in 2013 that extended to as many as 70 million customers. Boeing continues to struggle as its fleet of 737 Max passenger jets – and its stock price – remains grounded due to problems with third party software described as “fatally flawed” and that has been at the root of two major airline catastrophes.

THIRD: Assess the data you transmit, process and store. Make a pecking order of data to determine which are more critical to your operation, and start at the top. Then proceed through it all.

Cybersecurity is no longer a check-the-box process; it is a way of doing business, a part of your business that must be addressed continually and methodically. We can help. Contact HBK Risk Advisory Services at 614-228-4000 or email us at SFranckhauser@hbkcpa.com with your cybersecurity questions and concerns. We can meet with you to discuss precisely when, how, where and why you need to protect your data. You can take baby steps. The one thing you shouldn’t do is nothing.

This is an update to the original INSIGHT article Are You Cyber Secure?, which was published in July 2017.

System and Organization Controls 1 or SOC 1 (SOC) report provides assurance over controls at a service organization which are relevant to user entities’ internal control over financial reporting. Obtaining a SOC for Cybersecurity report can prove that a cybersecurity risk management program is designed and functioning effectively. It can also reassure everyone a member of a board of directors to a potential customer that information with which your company has been entrusted is being handled in accordance with cybersecurity best practices.

No matter your business or industry, cybersecurity is a concern. If you operate in cyberspace – and what business doesn’t? – you are vulnerable. To guard against the many risks ranging from exposure of confidential information to loss of business reputation, every organization should have a cybersecurity risk management program. However, conveying the maturity of your risk management program to stakeholders is a challenge that needs overcome.

To meet that need the American Institute of Certified Public Accountants (AICPA), the certification and standards organization governing the practice of accounting, has introduced Systems and Organization Controls (SOC) for Cybersecurity. Building upon the profession’s experience in auditing system and organization controls, SOC for Cybersecurity enables CPAs to examine and report on an organization’s cybersecurity risk management program.

HBK CPAs & Consultants (HBK) has been performing SOC 1 and SOC 2 attestations since they replaced the SAS 70 report in 2010. In the area of SOC for Cybersecuity, we offer management two types of assurance services, advisory and attestation.

In an advisory role, we perform a readiness assessment, which helps businesses assess their cybersecurity program against the industry’s leading frameworks, and more appropriately, against the AICPA Cybersecurity criteria. We assist with identifying gaps in the framework and remediating those gaps to further develop or implement an effective cybersecurity program. For more established programs, we help organizations formally align the existing program with the three criteria as established by the AICPA:

• Security – The system is protected, both logically and physically, against unauthorized access.

• Availability – The system is available for operation and use

• Confidentiality – Information designated as confidential is protected as committed or agreed

In an attestation engagement, we examine your cybersecurity program and provide an opinion on whether it is effective. We map your controls to ensure your program complies with the AICPA-established criteria. We review your description of how those criteria are accommodated, then test and validate the effectiveness of these controls and issue a report.

A cybersecurity risk management examination report includes the following three key components:

• Management’s description of the entity’s cybersecurity risk management program. The first component is a management-prepared narrative description of its cybersecurity risk management program, The report provides information on how the company identifies its information assets, how it manages the cybersecurity risks that threaten it, and the policies and processes implemented and operated to protect its information assets against those risks.

• Management’s assertion. The second component is an assertion provided by management that the description is presented in accordance with the description criteria and the controls within the company’s cybersecurity risk management program achieve its cybersecurity objectives.

• Practitioner’s report. The third component is a practitioner’s report, which contains an opinion on whether management’s description is presented in accordance with the description criteria and the controls within the company’s cybersecurity risk management program achieve its cybersecurity objectives.

Our attestation is justification management can use to demonstrate to everyone from the board of directors to a potential customer that their cybersecurity program is in accordance with best practices. The AICPA logo of SOC Cybersecurity certification is a key differentiator for a business, assuring stakeholders the security of the information they handle.

All organizations should have a cybersecurity program in place. Having it assessed for readiness, that is, ensuring your controls are aligned with the AICPA-defined standard and criteria, will afford assurance that it is designed appropriately. Receiving official attestation demonstrates the design is functioning as it should, and only makes sense in providing a level of confidence to your stakeholders that you are a business that has implemented a robust and comprehensive cybersecurity program, that your organization is cyber secure.

HBK CPAs & Consultants (HBK) announced the signing of a conclusive merger agreement with the Spire Group of Clark, New Jersey. The merger gives HBK its northernmost office and the newest office in its mid-Atlantic region, which is comprised of Princeton and Cherry Hill in New Jersey and Blue Bell, Pennsylvania.

“We are pleased to welcome the Spire Group team to HBK,” noted HBK Mid-Atlantic Principal-in-Charge, Jim Bartolomei, who made the announcement. “They are a group of outstanding and accomplished professionals who will strengthen our position in the region.”

The Spire Group is comprised of 50 team members, five of whom are joining HBK as Principals. The firm has operated as the Spire Group since 2012 with the merger of two of the region’s leading full-service CPA and consulting firms, SGA Group of Clark, and Carr Daley Sullivan & Weir of Livingston, New Jersey.

“The Spire Group was built on the pillars of client service, entrepreneurship and a culture that is centered around our team members’ success,” noted Spire Managing Principal Tom Angelo. “We found those same pillars in the HBK family. We are excited to be able to bring our talents and expertise to scale collectively with the breadth and depth of HBK. Together, we will bring tremendous opportunities to our clients and our team members in the years to come.”

The Spire Group was recognized as one of the “Top 50 Best Workplaces of 2017” by Inc. magazine, was a “Best Firms to Work For” selection for the past four years by Accounting Today, and was chosen as one of the “Best Places to Work” for the past four years by NJBIZ.

In addition to its tax, advisory and assurance practice, Spire operates Spire IT. Spire IT was founded in 2010 to provide businesses reliable technology and consulting services.

“We are excited to welcome these proven leaders to our growing team,” said Christopher M. Allegretti, CPA, CEO and Managing Principal of HBK. “The Spire Group has succeeded at building an award-winning culture and growing a highly-respected office in a very competitive market. And their successful IT practice is proof of their innovative and entrepreneurial practice style.”

HBK CPAs & Consultants (HBK) is one of the fastest growing CPA firms in the country according to the 2018 Inside Public Accounting (IPA) magazine poll.

The survey, which calculates firm size based on reported growth in net revenue, ranks HBK as the fourth fastest-growing CPA firm in the Great Lakes region. The region includes firms in Illinois, Indiana, Michigan, Ohio and Wisconsin.

HBK has consistently been listed in the IPA’s “Top 100 CPA Firms” over the past two decades. Additionally, HBK is a perennial “Top 100 Accounting Firm” according to Accounting Today (AT) magazine rankings. In 2014 and 2017, AT also listed HBK as one of the fastest growing firms in the U.S.

HBK CEO and Managing Principal Christopher Allegretti, CPA, credits his team’s efforts to work in collaboration across specialty and industry-specific service lines and throughout widespread geographic regions.

“Our focus is collaboration, working together,” he said. “We tap the depth of our resources to their fullest extent, the collective expertise of hundreds professionals in five states.”

Allegretti added that collaboration contributes to the firm’s strength in developing all-inclusive solutions. “Developing a comprehensive understanding of a client’s financial circumstances as a basis for helping them grow and protect their wealth is a hallmark of our practice and has been a great differentiator for us.”

Knowledge management is the process of recording and managing an organization’s mission-critical knowledge.

One way to use it is to mitigate the ill effects of turnover. How? First collect and categorize knowledge as either explicit (already documented) or tacit (only in employees’ heads).

To gather tacit knowledge, get employees’ buy-in, conduct interviews and use an intranet to facilitate online discussions.

With all this information, you can more quickly disseminate a departing employee’s know-how and more easily train new hires.

2018 marks the 15th consecutive, annual observation of October as Cyber Security Month, as sponsored by the Department of Homeland Security.

The goal of the campaign is to raise awareness about the importance of cyber security.

Did You Know:

1. Last year, employee errors were at the heart of 17% of breaches (including: failing to shred confidential information, sending an email to the wrong person, or misconfiguring a web server).

2. Ransomware, which initially appeared in 2013, is the top variety of malicious software prevalent today.

3. Statistically, about 22% of people click on phishing emails sent to them. Unfortunately, those who opt to click on phishing emails are highly likely to continue doing so.

Important Steps to Take:

1. Implement a Cyber Security Awareness Campaign within your organization.

2. Back up your data and verify the completeness and accuracy of individual and company backups.

3. Update your hardware and software with vendor-supplied updates on a timely basis.

HBK can assist you with any cyber security topics or questions. Please contact Matt Schiavone at mschiavone@hbkcpa.com, Bill Heaven at wheaven@hbkcpa.com, or Steve Franckhauser at sfranckhauser@hbkcpa.com for assistance.

Source of Statistics – 2018 Verizon Data Breach Investigations Report (DBIR)

Just as you plan to protect your dealership from unpredictable events like storms and fires, you need to be prepared for what might happen to your business should the economy stall. In fact, current indicators for our industry are concerning. Interest rates are headed up, tariffs are driving prices higher, and housing starts, a leading economic indicator for our industry, are down.

Like the weather, you want to know what it’s going to be like out there, and have a plan for dealing with it. Unlike the weather, there are many factors to concern yourself with in forecasting the future for your dealership, more variables with much greater impact.

Expenses
A good place to begin preparing for an uncertain future is to take a hard look at expenses. Start with the big five – data processing, insurance, personnel, advertising and interest – but don’t ignore the small stuff. You will be surprised to see how much expense you can cut by attending to the littlest things – paperclips, notepads, etc. Examine every line item for efficiencies. We recently found a half million dollars in savings for a dealer by doing a cost study that addressed every expense item.

Work with your managers to determine what can be done to control and reduce costs, everything from utility bills to workers comp claims. Inventory your fixed assets to determine if there are assets on your books that you no longer own. If so, take the tax related deduction, but also notify your insurance provider so they can adjust your premiums – no sense in protecting assets you don’t have.

Forecasting
Forecasting is vital. Look to your future with a critical eye. Get your managers’ views on what they think will happen in their departments in the coming year, then determine what you can spend. You need to match your expense structure to expected income, then convert that to a cash flow analysis. As cash flow is the lifeblood of the dealership, examine your needs in detail – mortgage, credit, capital loans. In a recent engagement we were able to save a dealership in excess of $300,000 in annual cash flow simply by renegotiating the terms of their loans.

Forecasting sales and cash flows is neither easy nor an exact science – and the uncertainty on our economic horizon makes the process even more difficult. Here are a few things to do to help you develop a forecast you can use to plan your year:

• Personnel. Look at doing more with less. We recently surveyed our dealer-clients and learned that many are cutting staff, increasing their gross profit per employee per month. They are also implementing new technology to improve efficiency.


• Plan for the worst but also forecast for the best. We typically develop two or three forecast versions for our dealer-clients. We have a plan for what to do in a worst-case scenario, but also enough product and staff to support best-case scenarios.


• An annual forecast is helpful, but predictions go stale. Your plan should be revisited periodically throughout the year. The economy can turn on a dime, as we were reminded so vividly in September 2008. We saw the signs – in particular, too many unqualified buyers getting loans – but who could have predicted the magnitude and scope of the downturn. Consider the potential impact of a tariff war, which is already driving up the cost of steel. Plan to revise your forecast at least quarterly; it has to remain valid for you to run your business accordingly.


• Interest rates. We might not know when, but we do know interest rates are on their way up. That’s a double whammy for dealerships, increased operating costs you and higher monthly payments for your customers.


• Set goals. Goals play an important role in every part of your business, not only for departments, but for marketing, sales, succession planning. They provide direction and motivation, and measure your forward progress. They allow you to stay focused on the big picture. Involve your mangers by having them identify one or two SMART (Specific, Measurable, Attainable, Relevant and Time-based) goals for the coming year. Brainstorm the possibilities, but also consider what is realistic and what you can afford to support.


• Identify obstacles and assign responsibility. Determine the resources you need to accomplish your goals. Set steps along the way and meet with your managers to ensure a steady climb. Prioritize goals by their importance to your bottom line. Chart your progress and share the results with staff; it’s important to all because that’s where their bonuses will come from.


• Create an action plan. Focus on today. What are you and your managers going to do today to move your dealership toward achieving your goals. You need to work on tasks at hand. Convert goals into an action plan then to tasks.


• Know your business and your customers’ businesses. The more you know about your customers’ businesses, the more accurately you will be able to forecast, and set achievable goals.

Expect the unexpected. Plan for a best-case scenario, but be wary of typhoons and tariffs. Your bottom line, even your survival, depends on it.

The HBK Dealership Industry Group helps dealers identify costs and savings strategies with customized cost study programs. The group typically provides dealers with a 20:1 ROI when performing these customized cost study programs. If you would like to talk to us about doing a cost study for your dealership, contact Rex by email at rcollins@hbkcpa.com; or by phone at 317-504-7900.

Words have power. This is especially true when it comes to defining roles and responsibilities in an organization.

Therefore, it follows that up-to-date, accurate job descriptions form the foundation of every organization’s staffing efforts. Without clear, focused documentation of what each position entails and its corresponding expectations/objectives, you may struggle to hire and retain good employees. This may drastically undermine productivity.

Look at everything

The solution is relatively simple: Regularly review your job descriptions to ensure they are current and comprehensive. Check to see whether they list outdated procedures or other outmoded elements, such as software that you have since phased out.

If you do not already have written job descriptions for each position, you need not panic. Ask employees in those jobs to document their responsibilities and everyday duties. Each worker’s manager should then verify and, if necessary, help revise the description.

Turn information into improvements

After you have updated your job descriptions, you can use them to increase organizational efficiency. Weed out the marginal duties from essential ones. Eliminate superfluous and redundant tasks, focusing each position on activities that generate revenue or eliminate expenses. You may be able to make improvements in other areas, too, such as:

Workload distribution: Are workloads properly distributed among employees? If not, rearrange them. You may find this necessary when job duties change.

Cross-training: Can your employees handle their co-workers’ responsibilities? In emergencies, and as a fraud-prevention measure, having workers who can handle each other’s jobs temporarily can serve an organization well.

Recruiting: Are you hiring people with the right skills? Up-to-date job descriptions provide a better road map for finding ideal candidates to fill your open positions.

Performance evaluations: Are employees doing their best? Detailed job descriptions allow managers to better determine whether workers are completing their assigned duties and if they’re meeting — or exceeding — expectations.

Get started soon
The longer you wait to review and rewrite job descriptions, the harder it will be to revise them. Once you’ve got them up to date, the task becomes much easier from year to year.

It’s easy to get frustrated when an employee is failing to produce the volume or quality of work a business owner expects. Sometimes leaders or managers of a company are tempted to play the blame game. However, pointing a finger at a struggling worker only exacerbates a bad situation.

In truth, performance improvement must be a two-way street. There’s no doubt that an under-achieving team member must step up and do better. But it is incumbent on an employer to provide information, tools and support to help his or her improvement efforts.

Map the Route

To get started, before addressing an employee, fully investigate the performance issue. This means first defining the nature and degree of the problem and then determining whether or not management has done the best job possible in helping the employee to be successful. For example, when and how well was the employee trained? Someone hired years ago may have been taught to do a job differently than it now needs to be done today.

Also, is the employee aware that his or her work is considered subpar? Has anyone discussed the problem with the employee or put it in writing? Staff members who aren’t sure whether they’re on the right track often wait for feedback, rather than proactively seeking guidance. That means a company leader may need to act at the first sign an employee isn’t meeting expectations, rather than hoping the situation will remedy itself.

Embark on the Journey

Once the issue has been established, the manager needs to meet with the employee, clearly and specifically stating performance concerns and informing him or her know that the objective is to work together to find a solution.

After naming the specific performance issues, it is best to ask the employee how he or she feels the situation can be corrected, including offering predetermined suggestions. There may be issues a leader is not aware of, such as tools that are in disrepair or missing, or poor lighting in the employee’s workspace. It’s crucial for a manager to be open to such input. If the employee attributes the subpar performance to lack of clarity about expectations, the remedy might be as simple as weekly meetings with his or her manager to go over what needs to be accomplished. If the employee reports feeling overwhelmed and unable to prioritize tasks, additional training on organizational skills or better use of technology may be in order.

Arrive at the Destination

Work with the employee to create a performance improvement plan that includes specific goals and a timeline for achieving them. Then follow up regularly. If the goals and timeline are met, the benefits of having a more productive team member are tremendous. If they aren’t met, it is up to a company leader to consider what further action to take. Finally, it is important to date and document meetings and conversations regarding an employee’s performance as a standing practice.

Employee retention isn’t about only strong compensation packages and company-wide recognition. It’s also about making the effort to help struggling employees find success. When the person in question is, underneath it all, a good worker, it’s a trip well worth taking.