Executive Summary:

• The Sarbanes-Oxley (SOX) Act established stricter financial reporting requirements for public companies, leading to increased scrutiny of Information Produced by the Entity (IPE).
• IPE carries different levels of risk depending on whether it is system-generated and manually prepared IPE. Strong documentation is key to validating completeness and accuracy of IPE.
• Best practices for IPE documentation include identifying the source, parameters, and format of reports; validating totals and counts; retaining screenshots; and having knowledgeable reviewers.

~

Passed by Congress in 2002, the Sarbanes-Oxley (SOX) Act revolutionized public company audits by introducing financial reporting requirements aimed at increasing transparency and preventing fraud. Most notably, the SOX Act established the Public Company Accounting Oversight Board (PCAOB), a nonprofit organization that oversees the audits of public companies to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports.  

The PCAOB refines its auditing standards annually and, in recent years, the organization has placed greater scrutiny on the work of external auditors. To keep up with PCAOB compliance, external auditors have imposed more rigorous documentation requirements on companies. As a result, companies have felt pressure to provide more expansive Information Produced by the Entity (IPE).

If external auditors have applied greater scrutiny on your reporting, you may be wondering: What level of documentation is sufficient? How can you improve your documentation to avoid deficiencies and provide greater clarity? In this article, we will discuss: 1) what IPE is, 2) the risks associated with different IPE, and 3) how to document your IPE thoroughly.

What is IPE?

IPE is any information created by a company used as part of audit evidence. Audit evidence may be used to support an underlying internal control or as part of a substantive audit. Although there are documentation and risk severity differences between system-generated and manually prepared IPE, the fundamental questions that need to be addressed are the same:

1. Is the data complete?  

2. Is the data accurate?

Risk Levels of Different IPE

Here is an overview of how risk levels vary for different types of information you report to auditors:  

Low Risk

“Out of the box” reports carry the lowest risk. These reports are also referred to as “standard” or “canned” reports. Standard reports have been developed by software companies — such as Oracle NetSuite, QAD, or SAP — as part of their enterprise resource planning (ERP) systems. Typically, the end user (you) and even your IT team cannot modify these reports. Given the constrained editability, greater reliance is placed on these reports.   

Medium Risk

Custom reports are typically driven by the business team and developed in-house by your company’s IT team. When your company’s ERP system does not have a report that would provide sufficient data, the in-house developers create a custom report. The IT team follows their change management process when developing the request report. If the report results do not align with your business team’s expectations, the query is refined, and the process is repeated until it does.  

High Risk   

A manually prepared workbook or an ad-hoc query are inherently the riskiest documentation. A manually prepared workbook may be a debt reconciliation prepared by your staff accountant, or a list of litigations the company is involved in drafted by your legal department. Given that these are manually drafted, the margin of error may be high.  

An ad-hoc query is considered high risk since the report is not subject to IT General Controls (ITGC) testing. The end user may input any parameters to generate the report. Since no control testing is performed by your company, external auditors would need to rely on their own IT team to vet the nonstandard query. 

How to Document IPE? 

Your documentation will vary to a certain degree depending on whether the IPE is manually prepared or system generated. In either case, it is important to be as thorough as possible when documenting your procedures.  

Manual IPE

For a manually prepared workbook, provide thorough documentation about the origins of the data. It is ideal to have someone who is privy to the information review the workbook.  

When the reconciliation is comprised of debt instruments, the reviewer should do the following:   

1. Match the list of individual debt instruments to the signed agreements.  

2. Validate the reconciliation and each individual schedule for mathematical accuracy.  

3. Confirm ending principal balances with creditors (where possible).  

If the list consists of litigations compiled by the legal department, the reviewer should do the following:   

1. Send confirmations to outside counsel (where possible).  

2. Obtain a list of commitments and contingency journal entries made to an accrual.    

These additional steps provide greater comfort that the list compiled is complete and accurate.   

System-Generated IPE

For system-generated IPE, there are a handful of questions to keep in mind:   

1. Have you identified the report or saved search that was used?   

2. What parameters were used to generate this report?   

3. In what format is the data exported?   

4. After you run your report and confirm the parameters are correct, what format should be utilized for your export?  

Exported Data

Most ERP systems allow the exporting of data in the following four formats:   

1. PDF (portable document format) 

2. Excel  

3. CSV (comma-separated values)   

4. Text file   

One major drawback in an Excel, CSV, and text file is that, by their nature, they are editable upon export. An additional drawback of a text file is that it does not contain formatting. As the volume of data grows, proving out the completeness and accuracy becomes more challenging. For these reasons, a PDF export is typically preferred.  

After the data is exported in one of the four formats, you want to ensure that it agrees back to the system (completeness and accuracy). Here are a few ways to do that:     

1. Does the exported data have dollar amount totals? If so, agree the total dollar amount to the system.  

2. Does the exported data have hash totals? An example of a hash total is employee ID numbers which in aggregate have no real value other than providing confirmation that the data is complete and accurate.   

3. Does the report have a total line count? If totals are not available, line counts may be used. However, it is important to note that while the line count may agree, the data itself could have still been inadvertently manipulated.  

Screenshots of Data

Retaining screenshots is imperative for documentation. A detailed screenshot should include some (if not all) of the following:  

1. Totals (dollar amounts, hash amounts, etc.)   

2. Lines count   

3. Parameters utilized 

4. Time and date stamp 

The first three items validate the completeness and accuracy of the exported data. The fourth item confirms when the report was run and if it was timely. There are many reports that are point-in-time and may not be recreated at a future date. Knowing the constraints of the reports you use is important. Retaining screenshots cannot be overemphasized, especially for point-in-time reports.   

Certain ERP systems or online portals do not provide a preview of the report prior to the export. This puts a constraint on the validation of completeness and accuracy, as it inhibits screenshots from being taken. In this case, as part of the review, the reviewer should re-run the report and validate that the original report used matches the information in the re-run report.

Strengthen Your SOX Compliance by Implementing Best Practices  

There is no perfect science to IPE documentation. But the end goal is to be as detailed as possible. By simply focusing on the fundamental questions and ensuring that your documentation addresses them, your documentation will inevitably improve.   

Developing best practices for your team is the cornerstone for any successful audit. Ensure you have the right guidance to make it happen. Our Audit and Assurance team can tailor a SOX environment to meet your needs. Contact us today to learn more.

The Governmental Audit Quality Center (GAQC) promotes the importance of quality governmental audits and the value of such audits to purchasers of governmental audit services. GAQC is a voluntary membership center for CPA firms and state audit organizations that perform governmental audits. The GASB Matters section of the GAQC site highlights key interest areas, key resources, and advocacy efforts related to state and local government engagements.

Pension-related matters

GASB Pensions: Issues & Resources page of the GAQC Web site consolidates the various resources available to practitioners to assist with understanding the new standards and developing appropriate audit strategies. This page also includes links to various whitepapers and related auditing interpretations addressing cost-sharing and agent multiple-employer plans.
Comment Letters

• September 16, 2019 comment letter on GASB’s Exposure Draft, Public-Private and Public-Public Partnerships and Availability Payment Arrangements
• September 16, 2019 comment letter on GASB’s Exposure Draft, Omnibus 20XX
• April 30, 2019 comment letter on GASB’s Exposure Draft, Leases Implementation Guide
• March 8, 2019 comment letter on GASB’s Exposure Draft, Fiduciary Activities Implementation Guide
• February 14, 2019 comment letter on GASB’s Financial Reporting Model Improvements & Recognition of Elements of Financial Statements

Specific scams that mask as abusive or fraudulent tax avoidance strategies to be aware of include concealing assets in offshore accounts and improper reporting of digital assets, manipulation of high-income taxpayers to file their tax returns, abusive syndicated conservation easements, and abusive micro-captive insurance arrangements. Read more to round out the annual list for the 2022 filing season.

Tips for taxpayers on emerging scams

To avoid compromising yourself with these “too good to be true” schemes, taxpayers should stay wary, as these scams adopt a wide range of communication methods, including:

• Emails
• Phone calls
• Social media posts
• Targeted online advertisements

You must also consider each source before putting any of these arrangements on your tax returns — because ultimately, you are the one responsible for what is on the return, not the promoter who reached out to you and made a promise they failed to uphold. To mitigate risk, an anxious taxpayer should turn to trustworthy tax professionals to assist with their returns.

Read on to learn about these Dirty Dozen scams targeted primarily to high-net-worth individuals who may be trying to knowingly — or unknowingly — avoid filing.

Scam #9: Concealing Assets in Offshore Accounts and the Improper Reporting of Digital Assets

We hear Switzerland is beautiful this time of year … and so do some high-net-worth individuals looking to conceal their assets in offshore accounts (and yes, that does include cryptocurrency and other digital assets). As more taxpayers look to complex international tax avoidance schemes, the IRS is more determined than ever to “protect the integrity of the U.S. tax system” by enforcing tax responsibilities.

Whether it entails offshore banks, brokerage accounts, nominee entities, employee leasing schemes, foreign trusts, structured transactions, or private annuities, all are designed to hide the true owner of an account — which is illegal, considering U.S. taxpayers are taxed on all the income they make, not just what they keep in the country. But scammers know you may not want to give up some of your hard-earned assets to Uncle Sam. So, what do they do? They sell you a convincing story: you can easily evade the government and hide your assets through digital asset holdings; they claim these are “undetectable by tax authorities.” The catch? They are definitely detectable. By believing these fraudsters, you run the risk of being criminally charged or penalized, so in the end, it is better to report your assets — yes, all of them — when you file.

Scam #10: High-Income Individuals Who Don’t File Tax Returns

Believe it or not, there are some taxpayers who choose to just … not file a tax return. And believe it or not, there are scamming professionals out there aiming to convince you this is a good idea. The IRS takes this seriously. If you are considering this option, remember the Failure to File Penalty is higher than the Failure to Pay Penalty, meaning you are better off filing an accurate, timely return (and setting up a payment plan, if you are concerned about that) rather than not filing and hoping you get out of paying whatever taxes you owe.

Scam #11: Abusive Syndicated Conservation Easements

In this scam, dishonest promoters manipulate a part of the tax law that allows for conservation easements by inflating appraisals of underdeveloped land (i.e., the guise of a real estate investment) and engaging in bogus partnerships without a business purpose. These “deals” rarely help you out; instead, they benefit the promoters, who charge high fees, and clog the tax system with fraudulent tax deductions. (In the last five years, the IRS determined billions of dollars of deductions were wrongly claimed!) And if you are caught — which, you should expect to be, because the IRS takes a microscope to every single one of these “deals” — you can expect large fines and potential time in court.

Scam #12: Abusive Micro-Captive Insurance Arrangements

A high priority for the IRS, this scam sees professionals like accountants and wealth planners convince entity owners to pay for what they believe to be insurance coverage against unlikely events, events that are already being covered, or disingenuous business needs. Complete with sky-high premiums, the abusive structure does the opposite of protecting your organization’s tax safety — it opens you up to more risk as a ”micro-captive” to these “professionals” taking advantage of you. Be on the lookout for an offshore version of this too.

Consequences of falling for a Dirty Dozen scheme

It is important for taxpayers who have already taken part in transactions like these — or those who are thinking about doing so — to consult a tax professional before claiming any tax benefits they think they are owed.

Those taxpayers who have already claimed the purported tax benefits of one of these four “Dirty Dozen” arrangements on a tax return should file an amended return and go to an independent professional for guidance. If necessary, the IRS will examine the tax benefits from transactions like the ones depicted in the list and inflict penalties related to accuracy ranging from 20% to 40%, or a civil fraud penalty of 75% on any taxpayer who underpaid.

Our perspective on the latest batch of “Dirty Dozen” scams

This is not, of course, an exhaustive list of every scam the IRS has its eye on this year. But it does include some of the more common trends. The best advice we can give? If something looks too good to be true … it probably is. Consult your tax professional for guidance and know that it is in your best interest to stay aware of these nefarious arrangements, so you do not fall susceptible to additional penalties.

And remember, you cannot hide income from the IRS!

MGO’s Tax team brings more than 30 years of experience and is well versed in reviewing your return for compliance. We also stay up to date on the risks, pitfalls, and warnings issued by the IRS so you don’t have to. If you think you have been involved in or are in the process of being involved in one of the Dirty Dozen scams, we can help. Contact us today.

Who is your grant administrator?

This seems like a simple question, but if an organization only has a few grants, grant administration may be one of many roles. Or, responsibility may be shared among several roles. That situation works until the size of the organization and the complexity of the grants make responsible grant management impossible.

When the responsibility and complexity of grant management becomes too demanding to include as one of many responsibilities, it’s time to identify one person to take the lead. Eventually, that person may build the team responsible for overseeing and coordinating grant administration.

It is easy to see the benefits of having one person develop the full knowledge of grant requirements and take responsibility for establishing policies and procedures for the organization. This person provides guidance for the organization and monitors compliance requirements. They also serve as the point person for grant related audits.

Do you have policies and procedures for grant administration?

A grant administrator’s first priority is to develop policies and procedures that outline each step in the lifecycle of the grant. Typically, this document will answer the following questions:

• Who approves grant applications?
• Who executes grant agreements?
• What systems will be used to track grant activities, such as qualifying expenses, reporting dates, performance metrics (both financial and programmatic)?
• What documentation is required for compliance?
• Who reviews and approves grant activities to ensure compliance?
• Who develops and manages a schedule and process for annual financial reporting (financial statements and grant reporting, e.g., single audit)?
• Who is responsible for training staff in grant requirements?
• Are subrecipient contracts standardized, and do they comply with your responsibilities as a grantor?
• Who is responsible for resolving audit findings?

Are you prepared for grant reporting?

One of the key responsibilities of a grant administrator is to manage deadlines (monthly, quarterly, biannually, annually, and grant close out). In addition to the initial application deadline, grants require consistent attention. You need to file updates and reports throughout the life of the grant, and they will often require specific documentation. The information in these reports must be complete, accurate, and filed promptly. If they are not, you can count on the grantor requiring you to follow-up and resolve the issues.

Do you have the resources to monitor activities?

It’s true, monitoring grants is a full-time job. Or it should be.

Being awarded a grant is the first chapter of a long story. The rest of the tale involves using the grant for its intended purposes and documenting that fact. Responsible monitoring and documentation require time, energy, systems, and personnel.

Someone should be assigned responsibility for the continuous monitoring and evaluation of grant administrative policies and procedures. This involves looking for changes in grant requirements communicated by the grantor.

For subrecipients, the grant administrator must convey the expectations about their activities and then monitor the progress toward the stated goals. On-site visits will sometimes be necessary and require time. Verifying the status of periodic reporting responsibilities can also take up resources that may already be scarce.

The final chapter of monitoring activities is to develop a clearly defined plan for responding to audit findings. Depending on the complexity of the findings, resolving these issues can require rewriting procedures, documenting changes, and verifying the implementation.

Are you ready for an audit?

While this may seem obvious, knowing your requirements should be the first step in preparing for the possibility of an audit.

In addition to reviewing grant requirements, look back at your prior year findings to confirm that they were fully resolved. If they were not, they need to be addressed immediately.

The next step in being prepared for an audit is to ensure all necessary documentation is complete and accurate. Your documentation should demonstrate compliance with the grant requirements. Usually, your materials will need to include evidence of internal controls that supports the process of reviews and approvals. Internal policies and procedures should be easily accessible. (Thankfully, once this document is complete, it only needs to be updated going forward.) When these items are assembled, make sure all reconciliations connected to the grant are complete.

Once the preparations are made, the hardest part of an audit is done. You will still need to meet with auditors and discuss expectations, timelines, and requests for information, but these are more scheduling and time management issues. If your paperwork and systems are in good order, your work will consist mainly of providing evidentiary support, and possibly providing explanations on details that may not appear obvious to an outsider.

Continuously improving your grant compliance processes

With a lot of subjectivity in the process of managing grants, along with requirements changing on a regular basis, it is important to continuously evaluate the adequacy of your grant administration policies and procedures. So, no matter what your situation is, your processes can always improve, and any deficiencies can be remediated. But it takes commitment as an organization to devote the resources to do the ongoing work of grant compliance.

Many state and local governments have compliance questions about the federal grants that were distributed during the pandemic. The reporting rules of these programs are complex, and requirements continue to evolve.

MGO’s state and local government professionals can help answer questions about these federal grants and help organizations document their systems of internal controls, improve their audit preparation, and address audit findings. Contact Linda Hurley at +1 (949) 296-4340 or lhurley@mgocpa.com for more information on how to improve your grant compliance processes.

With the year-end looming, businesses must take steps to ensure internal reporting and audit deadlines are met without compromising the health and safety of anyone. In the following, we will layout out some preferable alternatives to on-site inventory counting that protect your time while ensuring auditing and reporting standards are satisfied.

Video-enabled facility tours

Depending on the nature of the industry you operate in, there may be an opportunity to collaborate with your internal inventory count team and/or audit provider to conduct inventory observations via video or photography. It is possible to schedule a live call on a video application like Facetime or Zoom and conduct a live video tour of your facility, walking the inventory count team through the appropriate areas, answering questions as they come up, and satisfying any requests for other perspectives or information. Whenever possible, it is recommended that you record the footage for future reference, this is especially valuable in the case of an audit. The best practice, in this situation, would be to have an impartial third-party hold the camera and coordinate the video process, but this may not be possible depending on the COVID-19 restrictions in place.

Another possibility for inventory observations would be to take detailed and comprehensive photographs of inventory, with time stamps. These are likely to be adequate for internal reporting reasons, but may not satisfy audit requirements.

Implement cycle counting processes

The reasons for needing an accurate inventory count go far beyond annual audit needs. If your organization is preparing for a major event, like a merger or acquisition, restructuring, or an exit, inventory counts will be a central process for verifying the value of your operation.

In the absence of a comprehensive inventory count, it may be permissible to implement cycle counting processes. Cycle counts are a common inventory management technique where subsets of inventory are counted on a regular schedule. There are a number of cycle count methods that could be employed:

• Control Group Count: Often used initially to establish an appropriate cycle counting method, Control Groups focus on small groupings of items counted frequently until a technique provides an accurate count.
• Random Sample Count: A random number or item type is counted regularly to extrapolate inventory numbers. You can take a constant population approach, where the type of item counted is random, but the same number is counted each time, or diminished population approach, where counted items are excluded from future counts until all items are counted.

The efficacy of cycle counting is predicated on repetition and regular reports. This makes cycle counts not entirely viable as a short-term inventory count solution. But if you aren’t racing against an immediate deadline, you can collaborate with your internal inventory count team to establish optimal cycle count processes and gain the operational advantages while avoiding future inventory observation issues.

Implement an inventory roll forward or roll back

Another option employs the not-unusual method of performing an inventory roll forward or roll back. This is a common practice that external auditors undertake when they are brought it after year-end and need inventory counts to perform the audit. This works by taking current count and perform additional testing on sales and purchases subsequent to year end. It is possible to do this the other direction as well, using the most recent inventory count prior to year-end, and account for sales and purchases.

To support a roll forward/back, it is recommended that you prepare essential documentation that will validate calculations. This includes detailed receipts/invoices of sales and purchases, and shipping manifests and other documentation supporting transactions. Transfers from different inventory categories should also be tracked, for example: raw materials, work in process, and finished goods.

Prepare additional supporting evidence

Collaborating with and agreeing on an approach with your inventory count team and/or audit provider is central to all of these methods. But one thing you can start doing immediately, and will help in all circumstances, is start building a library of supporting evidence. Consider the functionality of your systems – do certain reports need to be run on specific dates if there is not historical reporting capabilities? Ideally, you’ll have internal control processes that may not directly count inventory, but from which you can infer or support count estimates. These can include analytical reviews, sales trends, previous inventory counts, etc.

How MGO can help

As businesses across the globe face emerging financial, operational and reporting challenges, collaborating with a professional services provider like MGO can help uncover new solutions and opportunities. If you’re facing difficulty with inventory counts, or anything else, please reach out to us for a consultation.

The GASB responded by adding a project to its March 2020 agenda to consider these requests. As a result, the Board of GASB issued Statement No. 95, Postponement of the Effective Dates of Certain Authoritative Guidance, on May 8, 2020.

The Statement postpones the effective dates of certain provisions of the following by one year:

• Statement No. 83, Certain Asset Retirement Obligations
• Statement No. 84, Fiduciary Activities
• Statement No. 88, Certain Disclosures Related to Debt, including Direct Borrowings and Direct Placements
• Statement No. 89, Accounting for Interest Cost Incurred before the End of a Construction Period
• Statement No. 90, Majority Equity Interests
• Statement No. 91, Conduit Debt Obligations
• Statement No. 92, Omnibus 2020
• Statement No. 93, Replacement of Interbank Offered Rates
• Implementation Guide No. 2017-3, Accounting and Financial Reporting for Postemployment Benefits Other Than Pensions (and Certain Issues Related to OPEB Plan Reporting)
• Implementation Guide No. 2018-1, Implementation Guidance Update – 2018
• Implementation Guide No. 2019-1, Implementation Guidance Update – 2019
• Implementation Guide No. 2019-2, Fiduciary Activities

The Statement postpones the effective dates of the following by 18 months:

• Statement No. 87, Leases
• Implementation Guide No. 2019-3, Leases

Although the extra six months given to the implementation of leases help governments with a calendar year-end, it still equates to a one-year postponement for governments with a June 30 year-end. In other words, governments that were previously required to implement GASB 87 during the June 30, 2021 reporting year will now have until the June 30, 2022 reporting year.

While many state and local governments have already implemented certain standards above resulting from the fact that GASB has decided to cast a wide net by going back to June 15, 2018, postponing effective dates related to fiduciary activities and leases will be a huge relief to many organizations. So, if you have already implemented some of these standards … you are ahead of the game … if not, you have a little more time. Keep in mind that GASB always encourages earlier application.

For a shareable PDF of this information, please click here.

In the meantime, if you have any questions about the potential impact of this proposal, please contact David Bullock at dbullock@mgocpa.com.

Technology will enable an approach that allows auditors to examine comprehensive data sets and enterprise-wide sources of unstructured information, rather than relying on limited, time-intensive sampling techniques. These innovations will ultimately elevate the audit model from a review of historical data to include more forward-looking insights based on predictive analytics.

MGO is committed to bringing innovation and insight to our clients. We’re working with industry thought leaders, regulatory agencies, and select partner firms to pioneer the tools and methodologies that will make assurance and audit services exponentially more valuable to our clients.

Everything changes, except when it doesn’t

Time and time again we’ve seen reactions to various accounting scandals, after which new policies, procedures, and legislation are created and implemented. An example of this is the Sarbanes-Oxley Act (SOX) of 2002, which was a direct result of the accounting scandals at Enron, WorldCom, Global Crossing, Tyco, and Arthur Andersen.

SOX was established to provide additional auditing and financial regulations for publicly held companies to address the failures in corporate governance. Primarily it sets forth a requirement that the governing board, through the use of an audit committee, fulfill its corporate governance and oversight responsibilities for financial reporting by implementing a system that includes internal controls, risk management, and internal and external audit functions.

Governments experience challenges and oversight responsibility similar to those encountered by corporate America. Governance risks can be mitigated by applying the provisions of SOX to the public sector.

Some states and local governments have adopted similar requirements to SOX but, unfortunately, in many cases only after cataclysmic events have already taken place. In California, we only need to look back at the bankruptcy of Orange County and the securities fraud investigation surrounding the City of San Diego as examples of audit committees that were established in response to a breakdown in governance.

Taking your audit committee on the right mission

Governments typically establish audit committees for a number of reasons, which include addressing the risk of fraud, improving audit capabilities, strengthening internal controls, and using it as a tool that increases accountability and transparency. As a result, the mission of the audit committee often includes responsibility for:

• Oversight of the external audit.
• Oversight of the internal audit function.
• Oversight for internal controls and risk management.

Chart(er) your course

Most successful audit committees are created by a formal mandate by the governing board and, in some cases, a voter-approved charter. Mandates establish the mission of the committee and define the responsibilities and activities that the audit committee is expected to accomplish. A wide variety of items can be included in the mandate.

Creating the governing board’s resolution is the first step on the road to your audit committee’s success.

Follow the leader(ship)

In practice we see a combination of these attributes, ranging from the full board acting as the audit committee, committees with one or more independent outsiders appointed by the board, and/or members from management and combinations of all of the above. While there are advantages and disadvantages for all of these approaches, each government needs to evaluate how to work within their own governance structure to best arrive at the most workable solution.

Strike the right balance between cost and risk

The overriding responsibility of the audit committee is to perform its oversight responsibilities related to the significant risks associated with the financial reporting and operational results of the government. This is followed closely by the need to work with management, internal auditors and the external auditors in identifying and implementing the appropriate internal controls that will reduce those risks to an acceptable level. While the cost of establishing and enforcing a level of zero risk tolerance is cost prohibitive, the audit committee should be looking for the proper balance of cost and a reduced level of risk.

Engage your audit committee with regular meetings

Depending on the complexity and activity levels of the government, the audit committee should meet at least three times a year. In larger governments, with robust systems and reporting, it’s a good practice to call for monthly meetings with the ability to add special purpose meetings as needed. These meetings should address the following:

External Auditors

• Confirmation of the annual financial statement and compliance audit, including scope and timing.
• Ad hoc reporting on issues where potential fraud or abuse have been identified.
• Receipt and review of the final financial statements and auditor’s reports
• Opinion on the financial statements and compliance audit;
• Internal controls over financial reporting and grants; and
• Violations of laws and regulations.

Internal Auditors

• Review of updated risk assessments over identified areas of risk.
• Review of annual audit plan, including status of the prior year’s efforts.
• Status reports of ongoing and completed audits.
• Reporting of the status of corrective action plans, including conditions noted, management’s response, steps taken to correct the conditions, expected time-line for full implementation of the corrective action and planned timing to verify the corrective action plan has been implemented.

Establish resources that are at the ready

Audit committees should be given the resources and authority to acquire additional expertise as and when required. These resources may include, but are not limited to, technical experts in accounting, auditing, operations, debt offerings, securities lending, cybersecurity, and legal services.

Taking extra steps now will save time later

While no system can guarantee breakdowns will not occur, a properly established audit committee will demonstrate for both elected officials and executive management that on behalf of their constituents they have taken the proper steps to reduce these risks to an acceptable tolerance level. History has shown over and over again that breakdowns in governance lead to fraud, waste and abuse. Don’t be deluded into thinking that it will never happen to your organization. Make sure it doesn’t happen on your watch.

1. The corporate tax rate was permanently reduced from 35 percent to 21 percent.

The top corporate tax rate has been permanently reduced from 35 percent to a flat rate of 21 percent, beginning in 2018. Unlike all other provisions in the new law, including tax breaks for individuals, the new corporate tax rate provision does not expire.

2. There’s a tax break for owners of pass-through entities.

The new law provides owners of pass-through businesses — which include individuals, estates, and trusts — with a deduction of up to 20 percent of their domestic qualified business income, whether it is attributable to income earned through an S corporation, partnership, sole proprietorship, or disregarded entity. Without the new deduction, taxpayers would pay 2018 taxes on their share of qualified earnings at rates up to 37 percent. With the new 20 percent deduction, the tax rate on such income could be as low as 29.6 percent. It should again be noted that certain service industries are excluded from the preferential rate, unless taxable income is below $207,500 (for single filers) and $415,000 (for joint filers), under which the benefit of the deduction is phased out.

3. There might be huge tax benefits to changing your company’s current choice of entity.

Taxpayers should consider evaluating the choice of entity used to operate their businesses. The 21 percent reduced corporate tax rate may increase the popularity of corporations. However, factors such as the new 20 percent deduction for pass-through income, expected use of after-tax cash earnings, and potential exit values will significantly complicate these analyses. The potential after-tax cash benefits ultimately realized by owners could make choice-of-entity determinations one of the most important decisions taxpayers will now make.

4. There have been significant changes to the international tax system.

In connection with these changes, some U.S. shareholders who own stock in certain foreign corporations will have to pay a one-time “transition tax” on their share of accumulated overseas earnings. Other changes include a “participation exemption,” which is a 100 percent dividend-received deduction that permits certain domestic C corporations to receive dividends from their foreign subsidiaries without being taxed on such dividends when certain conditions are satisfied. There is also a new requirement that certain U.S. shareholders of controlled foreign corporations (CFCs) include in income their share of the “global intangible low-taxed income” of such CFCs. Finally, there are new measures to deter base erosion and promote U.S. production.

5. The corporate AMT and DPAD are dead, but Research Tax Credits live on.

The law repeals the Section 199 Domestic Production Activities Deduction (DPAD) and the corporate Alternative Minimum Tax (AMT) for tax years beginning after 2017. The Research Tax Credit was retained and is now more valuable given the reduction of the corporate tax rate from 35 percent to 21 percent.

6. They’ve scrapped NOL carrybacks and limited the use of carryforwards.

Previously, businesses were able to offset current taxable income by claiming net operating losses (NOLs), generally eligible for a two-year carryback and 20-year carryforward. Now NOLs for tax years ending after 2017 cannot be carried back, but can be indefinitely carried forward. In addition, NOLs for tax years beginning in 2018 will be subject to an 80 percent limitation. Companies will have to track their NOLs in different buckets and consider cost-recovery strategy on depreciable assets in applying the 80 percent limitation.

7. Tax reform’s impact on accounting methods may change when revenue is recognized, but new provisions could also lead to temporary and permanent tax benefits.

Under the new law, accrual basis taxpayers must now recognize income no later than the taxable year in which such income is taken into account as revenue in an applicable financial statement.

However, new provisions also provide favorable methods of accounting that were not previously available. That, coupled with the reduction in tax rates, creates a favorable and unique environment for filing accounting method changes.

There are many method changes still available for the 2017 tax year. Taxpayers should evaluate current accounting methods to identify any actionable opportunities to accelerate deductions and defer income for the 2017 tax year, which could result in significant tax savings.

8. There are new rules for bonus depreciation and full expensing on new and used property.

The new tax law allows a 100 percent first-year deduction — up from 50 percent — for the adjusted basis of qualifying assets placed in service after Sept. 27, 2017, and before Jan. 1, 2023, with a gradual phase down in subsequent years before sunsetting after 2026. The definition of qualifying property was also expanded to include used property purchased in an arm’s-length transaction. Businesses should pay close attention to any qualifying asset acquisitions made during the fourth quarter of 2017, as the full expensing can be taken on the 2017 return if the property was acquired and placed in service after Sept. 27, 2017.

Additionally, under new tax law, taxpayers may now deduct up to $1 million under Section 179 for properties placed in service beginning in 2018 — double the previous allowable amount. The phase-out threshold is increased to $2.5 million and will be indexed for inflation in future years and the types of qualifying property has been expanded.

9. The availability of the cash method of accounting expanded for small businesses.

Beginning in 2018, the average annual gross receipts threshold for businesses to use the cash method increases from $5 million to $25 million. Additionally, small businesses who meet the $25 million gross receipts threshold are not required to account for inventories and are exempt from the uniform capitalization rules. The $25 million is indexed for inflation for tax years beginning after 2018.

10. Now is the time to assess total rewards strategies.

Tax reform significantly impacts various components of an employer’s total compensation program — namely the expansion of the $1 million deduction cap on pay to covered employees; disallowed deductions for transportation fringe benefits provided to employees; income inclusion for employer-paid moving expenses; further deduction limitations on certain meal and entertainment expenses; and a two-year tax credit for employer-paid family and medical leave programs. As the IRS releases guidance, employers must immediately modify their payroll systems to reflect tax reform changes impacting individual taxpayers.

For more information about the impact of tax reform on the Government Contracting industry, please reach out to us.

An unexpected consequence of economic downturn that started in 2008 was an increase of fraud across a wide variety of industries. As companies turned to layoffs as a way to lower overhead, many organizations unintentionally exposed themselves to potential fraud by laying-off employees who oversaw essential internal controls or served in a system of checks and balances that would have prevented fraud. According to the Association of Certified Fraud Examiners (“ACFE”), the combination of omnipresent economic pressure, and a lack of controls, resulted in historic levels of fraud following the recession. As a result, companies as large as Fortune 500 organizations, and as small as local businesses, have been forced to course correct and get a handle on fraud.

The first step toward preventing fraud is gaining a holistic view of the circumstances under which it occurs. The ACFE provided the following touchpoints to establish a baseline understanding of how fraud occurs:

• Organizations lose approximately 5% of revenue due to fraud
• Average fraud duration is 18 months
• 40% of fraud cases were detected via Tip /Hotline
• 75% of fraud cases were committed by employees working in seen departments:
  – Accounting & Finance
  – Purchasing
  – Executive /Upper management
  – Operations
  – Customer Service
  – Sales

How do we fight fraud?

Fundamentally, business fraud prevention is a three-step process that combines reviews of operations and internal controls, the acceptance of certain conditions, and the systematic elimination of those risks.

Assessing fraud risk

The first step to preventing fraud is identifying opportunities for fraud and assessing the risk. Fraud can appear in unexpected ways. Therefore, a spot check of departments and operations is a necessary step. While following guidelines of where fraud is likely to occur (like those provided by the ACFE above) is a good way to prioritize activities, it should not limit the inquiry. The fraud assessment should be performed by employees independent of the operation or department, ideally by your in-house fraud investigation team, or internal audit department. Furthermore, collaborating with an outside subject matter expert, or Certified Fraud Examiner (“CFE”), can augment your team, providing a critical perspective for identifying fraud and developing internal procedures to eliminate fraud in the future.

Monitoring and review

An evergreen component of fraud prevention is the monitoring and review of internal controls. A sound internal control structure is the first line of defense against fraud (and a vast array of other operational hazards). Performing regularly scheduled testing, and updating controls based on the results of the testing, will create an operational structure actively working to limit opportunities for fraud.

Communication and evaluation

After the Assessment, and Monitoring stages, your organization can make final decisions based on the findings. The review function (whether performed by a CFE, internal auditor, or consultant) will present a final report on each stage of the operational review to the Internal Audit Committee, Board, or other decision-making body. The report should identify all gaps, assign risk levels, and propose solutions.

With this holistic view of operations, risks, and costs associated with fraud prevention in hand, the decision-making body can make informed decisions on the most efficient ways to shore up defenses and proactively prevent fraud.

Tips on developing internal controls

Internal Controls fall into two general categories: preventative controls and detective controls. The former are systems put in place to limit the possibility of fraud, whereas the latter can be enacted to identify and root out active, or historical, fraudulent activities. Each type of internal control requires specific knowledge of industry standards, business operations, and the culture of the organization.

Preventative controls can be the most effective, yet unheralded champions of fraud prevention, as they prevent fraud before it occurs. These can be difficult to “sell” to a governing body, as their upfront cost may not be easily balanced by definable losses saved.

Factors to consider when designing preventative controls:

• Business strategy and culture
• Utilization of IT systems
• Length of existing processes
• Consistent process outcomes
• Ability to circumvent internal controls
• Employee empowerment

Detective controls are an opportunity to identify and root out on-going or historical fraud. These controls tend to follow “after the fact” and are an attempt to “right a wrong,” when there has already been potentially significant loss. While it is always preferable to prevent fraud before the act, detective controls can produce valuable insights that can be used to prevent future fraudulent actions.

Factors to consider when designing detective controls:

• Average or expected outcomes
• Types of trends and patterns
• Unusual activity or outliers
• Review information from different directions
• Changes to defined time periods reviewed
• Utilization of IT systems

The limits of internal controls

While robust internal controls are the most effective solution to fighting fraud, there simply is no “fool-proof” system. A company must remain vigilant, responsive and adaptable to changing factors outside the limits of internal controls – factors like employee turnover and external economic pressures.

Understanding the limits of internal control structures is an important step toward developing a system that accounts for as many variable as possible. Common limits to internal controls include:

• Human judgment
• Management’s ability to override controls
• Maintaining sufficient resources to achieve adequate segregation of duties
• Breakdown of controls
• High management turnover
• Lack of employee training
• Poorly documented policies & procedures
• Internal audit plan not based on risk of operations

There is no “solution,” only steps to mitigate or uncover

Fraud is a major issue with which every organization – including public companies, growing small businesses, government institutions, or tribal entities – must actively contend. The economic downturn and the layoffs, downsizing and other negative economic outcomes that followed have created an environment where fraud is rampant, with no cessation in sight. Every organization must take a hard look at its operations, culture and internal controls to assess opportunities for fraudulent activity, and take the steps necessary to remove or limit those opportunities.

Stay tuned for future articles in this series where we will take a close look at what organizations can do to limit fraud.