Speak to one of our professionals about your organizational needs
"*" indicates required fields
"*" indicates required fields
You’ve likely heard of FaceApp, maybe you have even tried it. It is unquestionably one of the most popular Apps circulating today. It quickly went viral due to the “#AgeChallenge,” where celebrities as well as ordinary folks download it to use an old-age filter generating an image of what a user might look like in a decade or more. Launched by a Russian start-up in 2017, FaceApp has come under fire lately because of fears that user data was being sent to Russian servers. There are other potential privacy concerns as well, including some claims that the App has an ability to access a user’s entire photo gallery.
Is FaceApp safe to use? Probably; though I’m not planning on using it personally, as I have zero interest in seeing what I’ll look like in 20 to 30 years. But as I was watching a TV news report on FaceApp, it reminded me of an important Cybersecurity issue that might fall under the category, “Social Media: Be Careful What You Share.”
When you use FaceApp and agree to its user terms, what are you sanctioning? For one, the App is permitted access to your photos, location information, usage history, and browsing history. During a news report, an executive representing FaceApp told CNBC that it only uploads the photo selected for editing. Further, the FaceApp rep said it does not take other images from a user’s library, and that most images accessed by FaceApp are deleted from its servers within 48 hours. Still, the user agreement allows the developer access to a user’s personal data. And, again, the developers of FaceApp and its Research and Development team are all based in Russia.
The amount and type of personal data we share, especially online, is something to consider. By way of example, the Apple X phone offers facial recognition as an alternative to using a personal identification number or password; does that suggest the Russian FaceApp programmers have developed a way to access a user’s entire online account, since they have access to their photos? Remember that passwords are giving way to other log-in options, including biometrics. Consider the pace of technological development, including artificial intelligence when making decisions about where and how you share your personal information.
While Cybersecurity experts don’t appear particularly nervous about the FaceApp itself, the scenario should give us pause and prompt us to consider the potential ramifications of sharing our personal information.
HBK can help you with your Cybersecurity issues, including protecting your data. For assistance, call 330-758-8613 or email WHeaven@hbkcpa.com. As always, we’re happy to answer your questions and discuss your concerns.
"*" indicates required fields
"*" indicates required fields
There are no more excuses to bury your business’s head in the sand. The data and cyber theft threats are real. And imminent. And not just for big corporations or large government organizations. Attackers are at your front door … or worse.
There are three areas that need your consideration when it comes to protecting your data from cyber attack.
FIRST: To Error is Human: Have your processes and controls assessed and take stock of your level of cyber preparation. Pay special attention to your “human” vulnerabilities, as most cyber thefts are the result of someone either unwittingly or purposely allowing a breach to happen. The best software in the world can’t keep someone inside the organization from gaining access to your systems and processes.
Do it now. If you are defenseless you could have to pay ransomware to stay in business. Or worse, you might not be able to afford to stay in business.
SECOND: Assess your vendors and third-party providers. It’s much like going to a doctor’s office in the morning for a checkup, then having your immune system attacked by the malady of the day by a virus you picked up from someone sitting next to you in the waiting room. It’s the same with vendors and those who service them. They can infect your systems in spite of your best efforts. It was the root cause of the Target data breach in 2013 that extended to as many as 70 million customers. Boeing continues to struggle as its fleet of 737 Max passenger jets – and its stock price – remains grounded due to problems with third party software described as “fatally flawed” and that has been at the root of two major airline catastrophes.
THIRD: Assess the data you transmit, process and store. Make a pecking order of data to determine which are more critical to your operation, and start at the top. Then proceed through it all.
Cybersecurity is no longer a check-the-box process; it is a way of doing business, a part of your business that must be addressed continually and methodically. We can help. Contact HBK Risk Advisory Services at 614-228-4000 or email us at SFranckhauser@hbkcpa.com with your cybersecurity questions and concerns. We can meet with you to discuss precisely when, how, where and why you need to protect your data. You can take baby steps. The one thing you shouldn’t do is nothing.
"*" indicates required fields
There are many approaches to selling but none more effective than consultative sales. At its heart, it simply means putting the customer first, ensuring customers’ concerns are heard. In dealership repair services, this also means making certain customers understand you’re doing everything you can to help find them productive solutions by offering the right experience. In other words, being a true advisor by anticipating your customers’ problems and needs.
A very old study showed that happy clients share their outcomes with about 17 other people, but will tell more than 70 people about a bad experience. And that study was conducted before there was an internet! Consultative selling involves a variety of techniques and activities, but they all come down to caring about the customer, putting the customer’s needs first. If you do that, your customer will have a good experience and you will build your reputation as a trusted advisor.
For more information on consultative repair sales or other dealership-related inquiries, contact Rex Collins at RCollins@hbkcpa.com or 317.504.7900.
"*" indicates required fields
Employers have provided employees with parking at the workplace for many years without a tax cost. It has been considered a non-taxable fringe benefit and rightly so. Now under recent IRS guidance in Notice 2018-99, most every employer, including tax-exempt organizations, will have tax consequences to consider related to providing employee parking.
The 2017 Tax Cuts and Jobs Act changed the law related to employee parking, but most thought this would be an issue if an employer was paying a third-party for employee parking. Under the new law, effective for parking expenses paid or incurred after December 31, 2017, a for-profit employer is not allowed to deduct expenses related to providing employee parking and tax-exempt organization employers must treat the amount paid for employee parking expenses as unrelated business taxable income (UBTI) and will pay an income tax if the amount of employee parking expenses exceeds $1,000.
Fiscal year for for-profit filers for tax returns filed for years ending in 2018 should consider the amount of employee parking expenses paid or incurred after 12/31/2017. Tax-exempt filers for years ending in 2018 should consider the amount of parking expenses paid or incurred after 12/31/2017 as unrelated business income.
There are two notable exceptions to the disallowance rule. The first is if the parking benefit is included in the taxable wages of the employees. The second is if that parking is primarily for the general public and not primarily for employees.
There is an ongoing effort to repeal this tax provision, but passage of repeal faces a number of political hurdles.
What is considered parking expenses?
Parking expenses are not just what is paid to a third party for parking spaces, but expenses an employer incurs for a parking lot owned by an employer or leased by an employer. Parking expenses included a portion of rent or lease payments allocated to parking if not broken out separately, repairs, real estate taxes, insurance among other expenses.
Other expenses related to parking are also to be considered, but depreciation of any costs related to the parking lot or facility is not to be considered.
After identifying all parking expenses, an allocation of those expenses to employee parking must be determined. Typically, an employer will designate parking spaces for visitors and certain others that effect the determination of the amount that is not deductible or is to be considered UBTI by a tax-exempt organization. Additionally, reserved spaces for employees have expenses allocated in a manner different than general parking for employees. Lastly, if parking is primarily used by the general public, rather than employees, then these rules do not apply at all.
The IRS also issued Notice 2018-100, which provides for a waiver of penalties, in certain circumstances, for the failure by tax-exempt employers to make quarterly estimated income tax payments otherwise required to be made on or before December 17, 2018. The penalty relief is available only to tax-exempt employers that were not previously required to file Form 990-T and that underpaid their estimated income tax due to the parking expenses being included in UBTI.
This penalty relief applies only in case of underpayment of quarterly estimates. Tax-exempt employers that fail to timely file Form 990-T or that fail to pay taxes by the original due date are not eligible for the relief. To claim the waiver, the tax-exempt organization must write ‘Notice 2018-100’ on the top of its Form 990-T.
Employer who pays a third party for parking spots.
If an employer pays a third party an amount so that its employees may park at the third party’s parking lot or garage, the disallowance generally is calculated as the employer’s total annual cost of employee parking paid to the third party. However, if the amount the taxpayer pays to a third party for an employee’s parking exceeds a monthly limitation, which for 2018 is $260 per employee, that excess amount must be treated by the taxpayer as compensation and wages to the employee.
Employer who owns or leases all or a portion of a parking lot or facility.
Until further guidance is issued, if a taxpayer owns or leases all or a portion of one or more parking lots or facilities where its employees park, the deduction disallowance and UBTI amount may be calculated using any reasonable method.
Using the “value” of employee parking, rather than an allocation of actual parking expenses, to determine expenses allocable to employee parking in a parking lot or facility owned or leased by the taxpayer is not considered a reasonable method. The IRS guidance provides the following four step methodology that is deemed to be a reasonable method.
Please contact us about your specific situation so we can assist you to comply with these requirements. We have developed an approach to determine what a reasonable approach to allocate expenses to employee parking. We will keep you informed of possible changes to this parking tax.
"*" indicates required fields
This is an update to the original INSIGHT article Are You Cyber Secure?, which was published in July 2017.
System and Organization Controls 1 or SOC 1 (SOC) report provides assurance over controls at a service organization which are relevant to user entities’ internal control over financial reporting. Obtaining a SOC for Cybersecurity report can prove that a cybersecurity risk management program is designed and functioning effectively. It can also reassure everyone a member of a board of directors to a potential customer that information with which your company has been entrusted is being handled in accordance with cybersecurity best practices.
No matter your business or industry, cybersecurity is a concern. If you operate in cyberspace – and what business doesn’t? – you are vulnerable. To guard against the many risks ranging from exposure of confidential information to loss of business reputation, every organization should have a cybersecurity risk management program. However, conveying the maturity of your risk management program to stakeholders is a challenge that needs overcome.
To meet that need the American Institute of Certified Public Accountants (AICPA), the certification and standards organization governing the practice of accounting, has introduced Systems and Organization Controls (SOC) for Cybersecurity. Building upon the profession’s experience in auditing system and organization controls, SOC for Cybersecurity enables CPAs to examine and report on an organization’s cybersecurity risk management program.
HBK CPAs & Consultants (HBK) has been performing SOC 1 and SOC 2 attestations since they replaced the SAS 70 report in 2010. In the area of SOC for Cybersecuity, we offer management two types of assurance services, advisory and attestation.
In an advisory role, we perform a readiness assessment, which helps businesses assess their cybersecurity program against the industry’s leading frameworks, and more appropriately, against the AICPA Cybersecurity criteria. We assist with identifying gaps in the framework and remediating those gaps to further develop or implement an effective cybersecurity program. For more established programs, we help organizations formally align the existing program with the three criteria as established by the AICPA:
• Security – The system is protected, both logically and physically, against unauthorized access.
• Availability – The system is available for operation and use
• Confidentiality – Information designated as confidential is protected as committed or agreed
In an attestation engagement, we examine your cybersecurity program and provide an opinion on whether it is effective. We map your controls to ensure your program complies with the AICPA-established criteria. We review your description of how those criteria are accommodated, then test and validate the effectiveness of these controls and issue a report.
A cybersecurity risk management examination report includes the following three key components:
• Management’s description of the entity’s cybersecurity risk management program. The first component is a management-prepared narrative description of its cybersecurity risk management program, The report provides information on how the company identifies its information assets, how it manages the cybersecurity risks that threaten it, and the policies and processes implemented and operated to protect its information assets against those risks.
• Management’s assertion. The second component is an assertion provided by management that the description is presented in accordance with the description criteria and the controls within the company’s cybersecurity risk management program achieve its cybersecurity objectives.
• Practitioner’s report. The third component is a practitioner’s report, which contains an opinion on whether management’s description is presented in accordance with the description criteria and the controls within the company’s cybersecurity risk management program achieve its cybersecurity objectives.
Our attestation is justification management can use to demonstrate to everyone from the board of directors to a potential customer that their cybersecurity program is in accordance with best practices. The AICPA logo of SOC Cybersecurity certification is a key differentiator for a business, assuring stakeholders the security of the information they handle.
All organizations should have a cybersecurity program in place. Having it assessed for readiness, that is, ensuring your controls are aligned with the AICPA-defined standard and criteria, will afford assurance that it is designed appropriately. Receiving official attestation demonstrates the design is functioning as it should, and only makes sense in providing a level of confidence to your stakeholders that you are a business that has implemented a robust and comprehensive cybersecurity program, that your organization is cyber secure.
"*" indicates required fields
On June 21, 2018, the Supreme Court of the United States overruled the 1992 decision in Quill Corp. v. North Dakota, requiring physical presence for sales taxation, removing the barrier states faced in imposing sales tax on out-of-state retailers in this age of e-commerce. In the months following the Court’s ruling on that case, South Dakota v. Wayfair, Inc., over 30 states have enacted or proposed economic nexus provisions in an attempt to reap sales tax from qualifying out-of-state retailers.
South Dakota’s economic nexus provision imposes a sales tax registration and filing obligation on any out-of-state retailer lacking a physical presence if they have more than $100,000 in gross sales or 200 or more transactions into the state. Out-of-state retailers exceeding either threshold will be required to register with the state, and collect and remit sales tax.
Many states have used South Dakota’s law as a road map, enacting laws with similar or identical thresholds; twenty-five states currently have adopted thresholds identical to South Dakota’s. States that had economic nexus provisions set prior to the decision in Wayfair were encouraged by the Court to impose these standards only going forward, not retroactively. Several states such as Georgia, Massachusetts, Ohio and Texas, have thresholds higher than the majority of states. Ohio for instance has a $500,000 threshold, and is one of a few that have added “software” and “network” nexus provisions to their standard. Alternatively, Pennsylvania, and Oklahoma have the lowest thresholds at just $10,000 in sales. While the majority of states will have economic nexus thresholds in place before 2019, there are several states who have taken a wait-and-see approach, such as Arizona, Kansas, Missouri, New Mexico, Idaho and Virginia, all of whom have yet to propose economic nexus legislation.
While taking the wait-and-see approach, Florida has been vocal with regards to its stance on the Wayfair decision, especially in terms of retroactivity. Although the state has yet to formally propose any legislation, Florida Attorney General Pamela Bondi said that state attorneys would be permitted to apply the Wayfair decision retroactively to defend against refund claims, or tax assessment challenges. As noted in an August 9, 2018 court filing, “Wayfair controls the outcome of this matter, and there is no reason that case should not be applied retrospectively as well as prospectively.” Bondi acknowledged that South Dakota’s economic nexus law “expressly forbids retroactive application,” but insisted “this was hardly the basis for the court’s decision.” Florida is an outlier in this view, as many states have abided by the Courts words and focused on perspectivity in their economic nexus provisions. Florida’s opposition to following the crowd on this issue is surprising. Florida is also one of the few states that is neither a member of the Multistate Tax Commission (MTC) nor the Streamlined Sales Tax Governing Board (SST). Both of these organizations, originating long before Wayfair was decided, were created in an attempt to bring states and businesses together under simplified, and uniform taxing provisions.
What This Means for Retailers
As a result of the Wayfair decision, businesses will need to change the way they view sales tax. For better or worse the landscape has changed, and this will mean an increased filing obligation on retailers selling into multiple states in amounts exceeding their economic nexus thresholds. Prior to Wayfair the standard set by the 1992 Supreme Court in Quill mandated that an out-of-state retailer have physical presence in a state before that state was permitted to impose a taxing obligation on that retailer. Since 1992, retailers have used Quill to shape how they comply with their out-of-state taxing obligations. The decision to overturn that physical presence standard will impact businesses of every size and will require businesses to more-closely track their out-of-state footprint.
Businesses should start by examining their national footprint, by looking at their sales by state: both the total dollar amount as well as the number of transactions. In states where businesses have sales exceeding the economic nexus threshold amounts on or after the dates of enactment their nexus laws (see the chart below), those businesses now have a potential registration and sales tax collection and filing obligation. Some businesses could be lapsing on these obligations currently, had they exceeded the threshold and failed to register, collect and file by the date of enactment.
While the vast majority of states have agreed to follow the Court and implement economic nexus only prospectively, that does alleviate potential liability. If a business has exceeded the economic nexus threshold in a state on its date of enactment, it has a liability to that state from the date of enactment. For example, if your Florida-based business sold more than $100,000 into Maryland between October 2018 and December 2018 – Maryland’s economic nexus enactment date is October 1, 2018 – and you failed to register, collect and remit starting on October 1, 2018, you have an outstanding obligation to Maryland on those sales since October 1, 2018. You could also be assessed penalties and interest on taxes you should have been collecting and remitting. Once a threshold has been met, the business is liable for the tax. A failure to register does not eliminate any outstanding obligations to the state.
There is no way to know how aggressively states will enforce these lapses in collection. Many sales tax registration forms require an entity to record their “first day doing business” in the state. So, if you are a business that decides to register for every state come January 1, 2019, but you were doing business in those states as of October 1, 2018, you can be held liable for any owed tax for that period plus penalties and interest. There are also opportunities for businesses who have lapsed in their registration and collection obligations to “self-audit” and pay back taxes owed through Voluntary Disclosure Programs (VDAs or VDPs). These programs have the benefit of a limited lookback period and reduced or eliminated penalties.
Prior to Wayfair many businesses took a passive approach to sales tax registration and collection in states where they lacked physical presence. But a passive approach will no longer work. Businesses are also seeing increased scrutiny on exemption certificate use, drop-shipment relationships and FOB shipments. The implications of Wayfair are widespread and increasing as states begin to develop laws in response to the Court’s decision. The landscape has changed, and in order to minimize the costs of complying with Wayfair, the more proactive a business is in getting a handle on its presence across state lines the better.
If you have questions about how Wayfair impacts your business, please contact us.
Please note that this is the latest article on this topic from our Tax Advisory Group. You can review the previous publications at the following links for a comprehensive overview of the case and rulings.
Supreme Court Rules in Favor of State in Wayfair v. South Dakota
New Jersey Reacts to South Dakota v. Wayfair Remote Sales Ruling
"*" indicates required fields
HBK CPAs & Consultants (HBK) announced the signing of a conclusive merger agreement with the Spire Group of Clark, New Jersey. The merger gives HBK its northernmost office and the newest office in its mid-Atlantic region, which is comprised of Princeton and Cherry Hill in New Jersey and Blue Bell, Pennsylvania.
“We are pleased to welcome the Spire Group team to HBK,” noted HBK Mid-Atlantic Principal-in-Charge, Jim Bartolomei, who made the announcement. “They are a group of outstanding and accomplished professionals who will strengthen our position in the region.”
The Spire Group is comprised of 50 team members, five of whom are joining HBK as Principals. The firm has operated as the Spire Group since 2012 with the merger of two of the region’s leading full-service CPA and consulting firms, SGA Group of Clark, and Carr Daley Sullivan & Weir of Livingston, New Jersey.
“The Spire Group was built on the pillars of client service, entrepreneurship and a culture that is centered around our team members’ success,” noted Spire Managing Principal Tom Angelo. “We found those same pillars in the HBK family. We are excited to be able to bring our talents and expertise to scale collectively with the breadth and depth of HBK. Together, we will bring tremendous opportunities to our clients and our team members in the years to come.”
The Spire Group was recognized as one of the “Top 50 Best Workplaces of 2017” by Inc. magazine, was a “Best Firms to Work For” selection for the past four years by Accounting Today, and was chosen as one of the “Best Places to Work” for the past four years by NJBIZ.
In addition to its tax, advisory and assurance practice, Spire operates Spire IT. Spire IT was founded in 2010 to provide businesses reliable technology and consulting services.
“We are excited to welcome these proven leaders to our growing team,” said Christopher M. Allegretti, CPA, CEO and Managing Principal of HBK. “The Spire Group has succeeded at building an award-winning culture and growing a highly-respected office in a very competitive market. And their successful IT practice is proof of their innovative and entrepreneurial practice style.”
"*" indicates required fields
HBK CPAs & Consultants (HBK) is one of the fastest growing CPA firms in the country according to the 2018 Inside Public Accounting (IPA) magazine poll.
The survey, which calculates firm size based on reported growth in net revenue, ranks HBK as the fourth fastest-growing CPA firm in the Great Lakes region. The region includes firms in Illinois, Indiana, Michigan, Ohio and Wisconsin.
HBK has consistently been listed in the IPA’s “Top 100 CPA Firms” over the past two decades. Additionally, HBK is a perennial “Top 100 Accounting Firm” according to Accounting Today (AT) magazine rankings. In 2014 and 2017, AT also listed HBK as one of the fastest growing firms in the U.S.
HBK CEO and Managing Principal Christopher Allegretti, CPA, credits his team’s efforts to work in collaboration across specialty and industry-specific service lines and throughout widespread geographic regions.
“Our focus is collaboration, working together,” he said. “We tap the depth of our resources to their fullest extent, the collective expertise of hundreds professionals in five states.”
Allegretti added that collaboration contributes to the firm’s strength in developing all-inclusive solutions. “Developing a comprehensive understanding of a client’s financial circumstances as a basis for helping them grow and protect their wealth is a hallmark of our practice and has been a great differentiator for us.”
"*" indicates required fields