Highlights from the August 24, 2022, webinar hosted by William J. Heaven, Senior Director, HBK Risk Advisory Services, with guests Justin Krentz, Senior Manager, Vertilocity, and Josh Prager, vCIO, Vertilocity

Watch On-Demand.

The How and Why of Ransomware Attacks

Ransomware is a virus that affects your devices, that can stop a device from working until you pay a ransom. They commonly come through malicious websites, email attachments to fake emails, links on emails, and downloadable applications. Paying a ransom doesn’t mean they’ll fix your computer or remove the virus and could even make you a target for more attacks.

Internal threats:

External threats:

Why businesses don’t have the security they need – common misconceptions:

Preventive options: Seven layers of cybersecurity:

Surviving an Attack

Ransomware threat report: 2021-22

Highlights from the August 17, 2022, webinar hosted by James Dascenzo, CPA, Principal, and National Director of HBK Manufacturing Solutions, and Nicholas Demetrious, CPA, MBA, Principal, HBK Tax Advisory Group

The events of recent years relative to the pandemic have heightened the need to increase chip production in the U.S. U.S. share is currently 12 percent, down from 37 percent in 1990. China wants to control space by 2030. Most advanced chips are made in Taiwan. The CHIPS + Science Act, signed into law on August 9, commits $280 billion, much of which is not appropriated, to bolstering chip production in the U.S.

The bill had bipartisan support in the House and also in the Senate, indicating politicians on both sides of the aisle recognized the need to step up efforts for on-shoring chip production.

The CHIPS Act and Inflation Reduction Act complement each other. How politics and business go together is an interesting study.

CHIPS Act

Chips for America Fund; creates incentives to produce semiconductors. Total of $52.7 billion, $39 billion of which is set aside for incentive programs to promote manufacturing. $37 billion for assistance for construction and expansion of semiconductor fabrication facilities.

Plus:

The biggest chunk of $200 billion is designated to support R&D in advance and emerging technologies. Much of the money will go to the National Science Foundation to increase research. The U.S. Energy Department’s Office of Science will receive up to $50 billion to enhance a series of programs focused on clean energy, nuclear physics and high-intensive lasers as they relate to semiconductor manufacturing. Also, the bill will establish 20 regional technology hubs to create more chip manufacturing employment.

The bill also includes money for NASA for research that will lead to bringing Americans to Mars and put the first woman and first person of color on the Moon.

The advance manufacturing investment credit: a 25% tax credit on qualifying investments or tangible property

CHIPS Act investments should free us from exposure to Chinese supply chain issues and restore manufacturing jobs in U.S., including 3,000 new jobs with Intel in Ohio. That and spinoff businesses and employment combine for a potential boon to Ohio’s economy and other Midwest states. Likely to take three to five years to build Intel plant and get it running. South Korea will spend 450 billion and China will invest $1 trillion in semiconductor production over the next ten years. These investments will improve our viability in this very important industry.

Inflation Reduction Act

Signed into law August 16 by President Biden.

Returns a corporate minimum tax of 15 percent of the corporations’ adjusted financial statement income (AFSI) over its corporate AMT foreign tax credit. Applies to C-corps with an average annual incomes of more than $1 billion AFSI.

Excise tax of 1 percent on stock buy-backs by publicly traded corporations for tax years after 2022. Should not affect small, closely held businesses.

Extends excess business loss limitation for non-corporate taxpayers two years. Won’t be able to take a business loss deduction of more than $524,000 for joint filers, $262,000, filing individually. Any excess carries forward like a net operating loss. Excess business loss limitation was included in the Tax Cuts and Jobs Act.

IRS funding:

The Act also:

Electric Vehicle tax credits

Clean energy tax credits:

-Deduction for energy improvements in commercial buildings

-R&D tax credits of up to $250,000 against payroll taxes for businesses with less than $5 million gross receipts and less than five years old

Many of the tax increases that were included in the Build Back Better plan are not in the Inflation Reduction Act.

Highlights from the July 27, 2022, webinar hosted by William J. Heaven, Senior Director, HBK Risk Advisory Services, with guest Joel Van Horn, CAP/CITP, CISA, Senior Manager, HBK Risk Advisory Services

Watch On Demand.

While the discussion relates to retirement plans, the information and tips apply broadly to industries and businesses.

EBSA Guidance split into three forms:

1. Tips for hiring a service provider

2. Cybersecurity program best practices

3. Online security tips

Employee Retirement Income Security Act of 1974 (ERISA) sets the minimum standards for most voluntarily established benefit plans, like 401ks and 403bs. ERISA is split into four titles, including Title I: rules for reporting, disclosures, vesting, participation, and other regulations specific to retirement plans. It is administered by the U.S. Department of Labor (DOL), which is in charge of enforcing Title 1.

The IRS is involved with ERISA, but if there is an issue that involves plan participants the DOL can step in.

ERISA established fiduciary responsibilities and defines them.

A fiduciary is a person or entity with discretionary authority to control and manage the operation and administration of a benefit plan covered by ERISA.

Fiduciary responsibilities include:

Employee Benefits Security Administration (EBSA):

EBSA issued cybersecurity guidance in 2021 to help safeguard retirement benefits and personal information:

EBSA Form 1: Tips for hiring a service provider

Many functions of plans are outsourced to third-party service providers, who should have strong cybersecurity programs.

Information security standards

SOC 2 is a comprehensive report on third parties that lists procedures in place, tests the procedures, and lists any exception and how management will address them.

Validation of practices

Track vendor’s record in their industry

Ask about data breaches

Insurance policies

Service provider contracts

EBSA Form 2: best practices

Have a formal, well-documented cybersecurity program:

Have a reliable, annual third-party audit of security controls.

Clearly define and assign information security roles and responsibilities.

Have strong access control procedures.

Ensure that any assets or data stored in a cloud or managed by a third part service provider are subject to appropriate security reviews and independent assessments.

Conduct periodic cybersecurity awareness training.

Implement a secure system development life cycle program.

Have an effective business resiliency program addressing business continuity, disaster recovery, and incident response.

Encrypt sensitive data, stores and in transit.

Implement and update strong technical controls in accordance with best practices.

Appropriately respond to any past cybersecurity incidents:

Register, set up, and routinely monitor your online account.

Use strong and unique passwords.

Use multi-factor authentication.

Keep personal and contact information current.

Close or delete unused accounts.

Be wary of free wi-fi; don’t log into accounts from public wi-fi.

Beware of phishing attacks: how most attacks originate.

Use antivirus software and keep apps and software current.

Know where and how to report identity theft and cybersecurity incidents, internally and externally.

Following EBSA best practices will help you ensure the fiduciary responsibilities required by ERISA are met.

Date: July 27, 2022

Time: 10:00 – 11:00 am ET

Host: William J. Heaven, CPA/CITP, CISA, CSCP, Senior Director and Joel Van Horn, CPA/CITP, CISA, Senior Manager

On July 27, our webinar will feature a review of the Employee Benefits Security Administration’s (EBSA) Cybersecurity Guidelines. The U.S. Department of Labor released the guidance to protect the retirement benefits of America’s workers, who combined count more than $9.3 trillion in retirement assets. The guidance is directed at plan sponsors, plan fiduciaries, record keepers and plan participants.

The EBSA cybersecurity guidance is provided in three forms: Tips for hiring a service provider, Cybersecurity best practices, and Online security tips.

We will cover:

• The cybersecurity guidance forms recommended by EBSA
• EBSA estimates of covered plan participants and assets
• How to identify service providers with stringent cybersecurity practices
• Best practices designed to assist plan fiduciaries and record keepers with managing cybersecurity risk
• Tips to help retirement participants and beneficiaries reduce the risk of online fraud

Join us on July 27, 2022, for a discussion of how the suggested guidance can mitigate risk for the retirement industry and plan participants as well as improve your business’s cybersecurity posture.

Register today!

Highlights from the July 20, 2022, webinar hosted by Corey Shaner, HBK Director of Business Intelligence, and Amy Reynallt, MBA, Senior Manager, HBK Manufacturing Solutions.

Business Intelligence is a new service offering at HBK designed to help businesses understand the value of leveraging data to drive decision-making and improve performance. Recognizing the value of connecting tables of data, businesses can create a dashboard using a tool called Power BI that allows business to spend time spotting and acting on trends in their businesses rather than analyzing data.

“What gets measured gets managed.” – Peter Drucker

As an organization matures, there is a need for more information, but it may not exist because it wasn’t measured. There is an opportunity to put in place a way to capture data points that will allow you to measure a process or person better.

Our lives are becoming increasingly connected by the devices we use for work and leisure each day. If data can be harnessed and packaged appropriately, we can deliver the information we need to enhance the performance of our organization.

By 2025 the world will create 181 zettabytes of data annually, so much data it would require seven Empire State buildings full of servers to capture it all.

Business Intelligence helps organizations analyze historical and current data so they can quickly uncover insights for making strategic decisions. Business intelligence tools make that possible by processing large data sets across multiple sources and presenting the findings in visual formats easy to understand and share.

Start the process of implementing business intelligence tools by understanding the wants and needs of key stakeholders in order to complete a Business Requirement Document as the roadmap for the project. The completed document will include identification of the software program needed to complete the process. Once the software vendors have amassed the data and granted access, the developers will create APIs that extract the client’s data from the vendor’s database, which can then be transformed if needed and loaded into a data warehouse where BI tools can be used to display the performance metrics. The warehouse can be hosted on a client-owned server or in a cloud-based environment, most commonly a SQL warehouse.

In the warehouse we’ll see multiple tables of data. Each table has a primary key structure, which allow us to connect tables and pull previously unrelated information together. The discovered relationships should be documented in a catalog that acts as the playbook for developers and helps keep projects on track in case of employee turnover.

The dashboard and reports provide real-time insights into the performance of the business, real-time analytics that highlight opportunities and potential problems as they occur so decision makers can make data-driven decisions faster, including creating predictive models that can be used for budgeting and forecasting.

Two platforms for dashboards and reports are Power BI and Tableau. They allow the used to consume the information and make data-driven decisions in real time.

Power BI: Power BI is the preferred application, for one, because it allows integration seamlessly with other Microsoft products. Features includes:

• Power Apps for application development
• Power Automate for process automation based on triggers
• Power Virtual Agent: an AI-based tool that connects consumers with staff by recognizing keywords

Power BI is extremely efficient in the way it stores and displays large amounts of data. Dashboards are completely customizable, including changing formats to accommodate whatever level you are targeting or benchmarking.

The process produces reports that can be saved in a variety of ways, including producing an app, a preferred way to get information to the user. The reports could generate questions about employees or processes. Whatever the case is, there’s a way to measure it and eliminate future problems. Power BI can be used to measure any kind of information, financial or operational, for which data exists.

Highlights from the June 22 HBK Risk Advisory Series webinar hosted by William J. Heaven, CPA/CITP, CISA, CSCP, Senior Director, HBK Risk Advisory, and featuring guest speaker Tyler M. Gargano, CFE, Director of Risk Compliance and Controls, HBK Risk Advisory Services

Watch On Demand

Operational and financial excellence is a perfect world: all operations running smoothly, without hiccups, from moving inventory to corporate strategy to payroll processing. Financial excellence is having a grasp on what is allowing for financial success and what is causing problems.

All companies have issues in their operations and financials. What they must do well is collaborate. Most important is how the people work together to close operational gaps and understand what’s going on in operations and financials. The key aspect is having the right people in the right positions.

Operational Excellence

Defined: the philosophy that integrates problem solving and leadership to ensure continuous improvement. The goal is to be “clean and clear.” Have to have a clear understanding of what’s going on in terms of transactions and what that is going to look like in the next three to five years.

Brickwork of foundational success:

Enablers of operational and financial growth:

Financial Excellence

Consider both mindsets, focus on internal goals, and tactical, the things you do

Tactical items:

Mindset items:

Have to understand where you are today and where you want to be and how are we going to get there.

Operational jealousy is real: what you are doing to be the best, understanding why you are making changes.

Enhancing Internal methodology

Three key questions related to methodology maintenance:

Risk assessment evaluation and creation

There are many different risk assessment strategies, but four primary factors:

Rate the risks according to high, medium, or low.

Risk assessments should be completed every year for every company.

Takeaways

How can I best communicate and implement strategies into my company’s best practices? Use strategies that work for you, which is different for each company. Understand how we benefit by identifying the strategies we employ in operational and financial management.

Industry trends: Understand what’s going on in your industry from a financial and operational standpoint.

Controls have changed significantly over the past years. Your business might have changed from what it was with you noticing it as you responded to your changing market.

Company culture makes a vital contribution: being able to work collaboratively and have discussions around changes is key to successful change implementation of changes.

Strategy Execution

Key questions:

Highlights from the June 15 webinar hosted by Amy Reynallt, Senior Manager and Co-Director, HBK Manufacturing Solutions

Manufacturer Challenges

The surprise is not about the challenges themselves, including labor shortages, supply chain interruptions, and inflation, but how long they have persisted.

Manufacturers are struggling to hire as well as maintain workers. We are seeing higher turnover numbers because of:

• increases in compensation
• workers seeking a different environment or looking for more flexible workplaces, which is hard to offer for many manufacturers, including those with continuous processes.

Unemployment is low, at 3.6 percent at the end of May; anticipating unemployment will remain below 4 percent through 2024.

Growing compensation: Wage growth is slowing, but manufacturers have seen compensation increase dramatically in the past year. It continues growing if at a slower pace.

Supply chain disruption continues and the question now is how long into 2023 before we see some relief; the timeline is being extended. Imports are back up, but manufacturers using domestic suppliers still face significant challenges in terms of delays and cost increases.

Current trends:

• away from single source supply to having a second or third source to ensure availability
• away from just-in-time to just-in-case inventory

Costs and inflation:

• Cost of freight and fuel increasing significantly, but also for raw materials and labor—costs across the board
• Government will continue to make adjustments in an effort to address inflation, but increased interest rates will make borrowing more expensive.
• Capital purchases remain strong, but increased interest rates may level or decrease capital purchases

Increasing Prices

Considerations include the cost of making products is increasing due to increases in costs of materials, competitors’ pricing, customers’ demands, customers’ alternatives, contractual obligations which prevent manufacturers from changing prices, and projected costs. We look at these issues even under normal circumstances, but more critically in the current environment.

Customers expect price increases, so manufacturers shouldn’t have trouble passing along their increased costs. But it could be challenging with certain types of customers, such as larger customers.

Ways to increase prices:

• Some are using a surcharge as a way to pass along increased costs, such as a fuel surcharge; surcharges might be a quicker way to increase prices than raising product prices.
• Some tie increases to an index, but have to be careful about the timing of the index release and its relevance to your operation.
• Some are working escalator clauses into a contract for automatic price rises as certain costs increase.

Be cautious about using volume-based pricing in light of labor or supply chain disruption which could leave you unable to fulfill the volume discount.

Need to mitigate supply chain disruption:

• Forecasting will help you look for the best way to keep costs as close to current as possible.
• Quick pay discounts are a win-win option.
• Blanket orders have been a popular way to plan future needs, but manufacturers need to ensure you can meet blanket orders before offering them.
• Pressures on supply chains lead to questioning the value of lead-time penalties that could damage relationships with suppliers.

Best practices include giving advance notice to customers on upcoming price increases. But have to consider how to adjust when the trend turns around to decreasing prices.

Evaluating Performance

Carefully monitor key indicators of performance, including:

• Raw material costs as a percentage of sales
• Raw material price various/usage variance compared to price increases, including considering alternative materials. Have to keep an eye on the impact of changes on your costs, including overhead costs.
• Total compensation as a percentage of sales
• Labor costs variance: what you were paying previously versus now, but also other pieces than just wages, like increased employee taxes and employee insurance costs
• Freight costs vs. reimbursements: what you are being charged as well as what you are charging customers
• Margins: to ensure profitability levels are what they need to be
• Absorption vs. variable costing: a variable costs model as a management tool; determine contribution margin, then how fixed overhead and SGA costs impact that to determine operating income.

Forward-thinking

Use a continuous or rolling budget for a future focus:

• Similar to looking at trailing 12 months, but looking forward, changing the budget month by month
• Allows for continuously changing and updating for new circumstances.
• More time-consuming than calendar-year budgets, but a mechanism to accommodate changes and ultimately plan for what’s ahead

Keys Takeways:

• Continue to communicate with customers and suppliers.
• Actively manage your financial situation.
• Look at how your costs are changing, the impact on your business, and how to increase customer prices as quickly and effectively as possible.

Date: June 22, 2022

Time: 10:00 – 11:00 am ET

Host: William J. Heaven, CPA/CITP, CISA, CSCP, Senior Director, with guest Tyler Gargano, CFE, Director of HBK Risk, Compliance, and Controls

Our June 22 webinar, “Using Internal Processes and Controls to Encourage Operational and Financial Growth,” will feature a discussion of how management can access internal functions to create efficiencies and strengthen internal processes and controls.

We will cover:

• Operational excellence
• Internal controls/internal frameworks
• Resource utilization
• Industry trends
• Reporting functions
• Company culture

HBK Risk, Compliance, and Controls offers solutions ranging from operational guidance to full audit procedures. We work to solve the question of “what keeps you up at night?” In our June 22 webinar, we will discuss process and control issues companies of all sizes face and how to mitigate the related risks through internal tailored solutions.

Register today!

Highlights from the May 25 HBK Risk Advisory Services webinar featuring William J. Heaven, CPA/CITP, CISA, CSCP; Senior Director, IT.

This year is 15th consecutive year Verizon has released the DBIR. The 2022 report was released May 24, 2022.

Types of breaches include:

Terminology:

Most common types of breaches by industry sector

Most common incidents by industry sector:

The DBIR is important because the more you know about the cyber threats you face, the better your chances of keeping your data secure. Whether an organization will be attacked is unpredictable. You also have a common language and helps you to report consistently. Also provides links to other useful databases.

You can get the Verizon DBIR through Verson.com/dbir: the full report, which is 108 pages, or an executive summary, which is 20 pages. You can view the report online or download it. The executive summary provides a great deal of information, and you can go to the full report to look deeper into something specific.

Key paths to your data. Need to address all of these:

Major takeaway from DBIR: ransomware continued its upward trend, currently 25 percent of all breaches, a 13 percent increase over 2021, and as many as the previous five years combined.

Supply chain breaches can be a force multiplier, and were 61 percent of this year’s report incidents. Try to vet third party vendors to ensure they are as secure as possible.

Errors accounted for 14 percent of all breaches. They are starting to level out. But humans remain weakest link in protection chain. Human element is responsible for 82 percent of breaches.

The gap between large and small companies is closing. Payoffs are not as great from small companies but easier for hackers. Ransomware and phishing are having the biggest impact on small businesses.

Attack pattern summary for selected industries:

Financial gain is the main actor motivation. Threats are coming more from external actors than internal, though internal threats are more prominent in healthcare and financial services than other industries due to curiosity about certain individuals who are patients or clients.

Every business should do a risk assessment at least annually. The DBIR will help you identify and analyze your risks.

The top 18 CIS controls are available free for risk mitigation. The DBIR provides a priority list of controls by industry. Security awareness training is one of the easiest ways to prevent system breaches to help create an environment of skepticism. Make sure you create user awareness, have data backed up, and patch your vulnerabilities.

The most interesting aspects of the 2022 DBIR are the details on ransomware and the fact that with migration to the cloud you have to keep an eye on what’s going on there.

Highlights from the May 18 webinar hosted by Amy Reynallt, Senior Manager and Co-Director of HBK Manufacturing Solutions; and featuring Source Advisors executives Al Schmitt, Director for the Midwest, Great Lakes Region; Brian Coddington, Director, Tax Accounting Methods & Credits; and Jordan Fazio, Director, R&D Tax Credit Consulting. Source Advisors is an HBK partner and specializes in tax credits and strategies to reduce tax liabilities, including LIFO inventory valuation and R&D credits.

R&D Tax Credit

Enacted in 1981 to encourage American investment in innovation, to keep manufacturing in the U.S. as opposed to going offshore. Has evolved over time to become more applicable and beneficial to many more companies. Was renewed year to year, but is now permanent. The TCJA helped increase the net credit amount from 5 to 6.5 percent to 10 percent of qualified research expenses and had a positive impact on use of the credits by both C-corps and pass-throughs. Permitted Purpose: making a new product or process, or improving a product or process

Qualifying research expenditures include salaries and wages, which are typically the largest cost, but also supplies, contractor/outsourced assistance, and computer rental and cloud costs.

Credits can be carried back one year and forward up to two years. Can amend back three years.

R&D lifecycle often starts in sales and marketing, then goes to research and design, testing and prototyping, and can extend to production. Production doesn’t typically qualify, but some things done in production and manufacturing can qualify as process improvements.

Understanding how to feather out and incorporate all individuals touching R&D tends to lead to a better and more accurate tax credit.

Two main qualifying industry buckets: manufacturing—making something work faster, better, safer, cheaper, more reliably—and software development

There is no correlation to revenue or sales but is about the people doing the work and the type of work being done.

There are also state credits available, though not in all states. Generally, just for the technical people working in that particular state.

Qualifying manufacturing activities include but are not limited to:

The general rule of thumb for qualifying software is that it will need to be the development of proprietary software, not implementing software generated by a third party. Have to own the rights to the software; must carry the financial risk and rights.

Potential challenges

LIFO

An accounting methodology that allows companies to reduce taxable income by the inflation cost in ending-year inventory, removing the negative effect of inflation on inventory costs. It assumes older, less expensive inventory remains on hand for the calculation of taxable income. It is an annual adjustment that does not affect daily operations. It involves comparing costs of inventory at a certain point with costs for prior years to calculate an inflation index.

There have been discussions over the past 20 years of getting rid of LIFO, but tax reform rendered the threat to LIFO no longer present.

Any company not on LIFO but with considerable inventory should consider it.

Misconceptions about using LIFO include:

None of these are generally relevant.

Can elect to be on LIFO for tax and book purposes. IRS allows you to get off LIFO after five years, so we look at LIFO as a five-year commitment. But the IRS does allow the taxpayer to submit a manual accounting method change and pay a user fee, and they’ll review the facts to determine if they can go off LIFO before five years. But those requests don’t often occur, because LIFO tends to be beneficial.

Companies on LIFO should look at the IPIC (Inventory Price Index Computation) method. Sometimes referred to as external vs. the traditional LIFO internal index method. Analyze internal vs. IPIC methods to maximize the tax benefit.

Often IPIC reveals more inflation than people are typically seeing. Most years companies should consider both methods, but IPIC has been better from a tax perspective in recent years.

Internal method measures year-ending actual cost as an inflation factor. With IPIC there are sub-methodologies that can provide benefits and options to maximize the tax benefit over and above the traditional method.

Traditional LIFO method:

The lower your inventory the higher inflation has to be to maximize the LIFO tax benefit.

LIFO can produce significant tax benefits at times of high inflation.

Adoption and ongoing calculation of LIFO requires minimal investment in time.