Dangerous W-2 Phishing Scam: Reporting Update

By: Anders Erickson, CISA, CISSP, CRISC

As we reported on March 7, 2017, the IRS has provided notice of a dangerous email scam that is impacting employers, including tax exempt entities. The scammer poses as an internal executive requesting employee Form W-2 and Social Security numbers. The IRS has established a process that will allow employers and payroll service providers to quickly report any data losses related to the W-2 scam. Read the IRS update, Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers for more information. If notified in time, the IRS can take steps to prevent employees from being victimized by identity thieves filing fraudulent returns in their names. There also is information about how to report receiving the scam email even if you did not fall victim.

Eide Bailly has cyber security and computer forensic experts that can help organizations prevent or respond to these and other cyber threats.  Please contact your Eide Bailly representative or Eide Bailly’s Cyber Security Leader, Anders Erickson at 208.383.4731 or email aerickson@eidebailly.com for more information.

New Internal Control Requirements under Uniform Guidance

Stacey Nelson

By: Stacey Nelson

Under Uniform Guidance, non-federal entities are required to implement the new administrative requirements and Cost Principles for all new federal awards. The updated federal regulations can be found here. A primary emphasis under Uniform Guidance is the increased focus on internal controls, and one of the biggest challenges facing many organizations is the change in the requirement to document the organization’s internal controls.

2 CFR 200.303 states the entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the entity is managing the Federal award in compliance with Federal statutes, regulations and terms and conditions of the Federal award. While not seemingly a significant departure from the previous requirement, the regulations specifically require written procedures to ensure compliance with cash management requirements and allowable costs and also written standards of conduct addressing conflicts of interest and individuals engaged in procurement decisions.

Though the guidance specifies only these areas to be documented in writing, best practices are to maintain written documentation of the internal controls over all compliance requirements applicable to the organizations Federal awards. Section 200.303 of the Uniform Guidance suggests using the Standards for Internal Control in the Federal Government (Green Book) or the Internal Control Integrated Framework (COSO) as guidance to be followed when designing and implementing your internal control procedures.

Documenting your controls may seem like a tedious task, however, due to the increased emphasis under the new Uniform Guidance rules, it is one that you can’t afford to ignore. Please contact your Eide Bailly service provider with any questions you may have.

How Audits Should Work

By: Tim McCutcheonTimMccutcheon

Audit time doesn’t have to be all that stressful. Honestly. What follows is a solution to ensure the most zen-like audit you’ve ever experienced.

Start by adopting the right mind-set so that your thoughts, which rule your actions, match the underlying reality of the audit cycle and the way audits actually get done. Stephen Covey, best-selling author of The 7 Habits of Highly Effective People, suggested we all should ask ourselves the question, “Is real life more like school, or the farm?” At school, it’s sometimes possible to slack off for a while, then cram the night before the exam, and still get by with a passing grade. Does that work on the farmto slack offthen at the last minute till the soil, plant the seeds, water the plants, pull the weeds, and grow the crops the night before the harvest?

Well, duh. Of course not. So why this comparison? Because the audit engagement is like the farm. The lesson is that you can reduce, if not eliminate, audit stress by being the farmer, tending your crops throughout the year so that when harvest time arrives, you are ready to enjoy the bountiful fruits of your labor.

For the ABC steps you can take to get the most from your audit with the least stress read the full article here

Information Security Controls for Nonprofits

By: Peggy JenningsPeggy Jennings

Information technology controls (or IT controls) are specific activities performed by persons or systems designed to ensure that operational objectives are met. Many articles are written today about external information security threats (e.g. data breaches, viruses) but nonprofits must also be wary of internal threats resulting from failure in the design or implementation of IT systems. Protection against internal threats is critical and can be accomplished by designing and implementing a strong control system. Controls that are typically considered include the following:

  • Access and security controls
  • Network security controls
  • Backup and recovery controls
  • Entity-level controls
  • Change management controls

Fraud is on the rise and nonprofits can limit their exposure to fraud by eliminating as many of the existing opportunities as possible. The risk of financial and data loss, interruptions to productivity and potential legal liability require sound internal controls for your information systems.

Eide Bailly’s certified, dedicated Risk Advisory Services specialists have expertise related to specific applications, technical controls, complex systems, information security, fraud and computer forensics and specific software packages. Please click here for more information on these services.

Internal Control Examinations for Nonprofits

By: Doug Cashdoug cash

An internal control examination evaluates the existing internal controls over your nonprofit’s assets. Its purpose is to identify any areas of risk or vulnerability, as well as assure you of where your controls are strong. The assessment includes the following:

  • Interviews of key accounting personnel to identify important cash internal control deficiencies
  • Recommendations for corrections of any key internal control deficiencies identified during the assessment
  • Analysis of selected documents and/or data for anomalies or unusual transactions for a one- to two-month time period
  • A timely and easy-to-understand report providing internal control recommendations and any findings identified

Fraud is on the rise. The Association of Certified Fraud Examiners (ACFE) estimates the average organization loses up to five percent of its revenue to employee theft. The 2016 “ACFE Report to the Nation” indicates that nonprofits suffered a median loss from fraud of $100,000. A nonprofit can limit its exposure to fraud by eliminating as many of the existing opportunities as possible. By conducting an examination of internal control, a nonprofit takes the first step to reduce these opportunities and provide a climate of prevention and detection that promotes an honest working environment.

Any nonprofit organization can be a victim of fraud. The vast majority of organizations, no matter the size, will benefit from having an internal control examination performed. According to the ACFE, “The presence of anti-fraud controls was correlated with lower losses and quicker fraud detection.”

Identifying potential internal fraud risks is not just a matter of good stewardship. It will help your organization improve efficiency and reduce risks—financial, operational, and reputational. Eide Bailly’s Certified Fraud Examiners have the investigative techniques and technical skills needed to detect, investigate and prevent fraud. We work closely with you in a friendly, supportive manner to understand your needs and provide a thorough report to help you make confident decisions to safeguard your organization. Our Forensics staff includes Certified Fraud Examiners, Certified Public Accountants, Accredited Business Valuators, Certified Forensic Interviewers, former law enforcement professionals, and computer forensic specialists. When you work with Eide Bailly, you’ll be connected to the professionals you need to keep your nonprofit on track for success.

The Importance of Understanding Millennials in the Workplace

LauriBy: Lauri Dahlberg, PHR, SHRM-CP

Our work places are changing. For the first time ever, there are four generations in the workplace.  One in particular is unique, and based on their sheer volume and drive, they will change the way we do business.

Millennials are currently the largest generation on the planet, with 75.3 million in the workplace. If you think that’s a lot, then stop to think about this:  that generation is projected to increase to 80.1 million in 2036. And to further illustrate this point, try this on: Millennials will make up half of the workforce by 2020.

Are you wondering why you should care? Well, Millennials come with their own unique perspective, expectations and ambition.  They were shaped by historical experiences that showed them loyalty to corporations isn’t the best (parents laid off, Exxon Valdez oil spill); authority figures can’t always be trusted (Clinton/Lewinsky scandal, Enron); and public places aren’t always safe (OKC bombing, 911, high school shootings).  Due to these experiences, many Millennials have chosen to build their own path and not wait for things to happen.  Their mentors/idols include people who took ideas and made billions (think Mark Zuckerberg with Facebook and reality tv stars like the Kardashians).

More than that, they’re changing the workplace dynamic. Millennials have a strong desire to make the world a better place. Millennials are more globally aware and focused than any other generation, according to New York Times in Education. They are also more networked and more aware of things going on real-time, thanks to technology.  Since many of them grew up constantly connected, they are incredibly transparent, showing the good and the bad through social media and in conversation.  But it doesn’t just stop with them – they expect others to be transparent too.

If you manage Millennials, it’s important to understand where they’re coming from and what drives them. Millennials hunger for growth, development and advancement.  They want what they do to have meaning and to make a difference.  They enjoy working in teams and succeeding with other people.  They have a strong need to be autonomous (micro-managers need not apply), and want to find a better, faster way to get the job done.  Most importantly, they want to be kept “in-the-know” and given information, even if it isn’t necessarily relevant to them (see note on transparency above).

Millennials will soon outnumber Baby Boomers and Generation X. Due to predicted workforce shortages, employers will need to shift their current way of doing business to accommodate the style of the Millennial. How do you do this? Here are a few tips:

  • Provide training that is hands-on.
  • Allow work to be accomplished in groups or teams.
  • Allow Millennials to review a process and then make recommendations on how to improve it.

Millennials are among us – many in leadership roles already. It’s time we take them for who they are and harness their positive qualities to improve our organizations.  Encourage their entrepreneurial spirit and transparent drive … or they’ll find a different workplace that will.

Joint Employers May Be Liable for Wage Violations

1696By: Deb Nelson

New standards were released in late January 2016 by the Department of Labor’s Wage & Hour Division (WHD) regarding joint employment relationships under the Fair Labor Standards Act (FLSA) and the Migrant and Seasonal Agricultural Worker Protection Act (MSPA). These standards could have a significant impact on nonprofit organizations due to varying types of employment structures found within the industry. If you share employees, use a professional employer organization (PEO), or use a management company (just to name a few), you need to review the Administrator’s Interpretation on these standards.

WHD applies a horizontal test and a vertical test to determine if joint employment exists. The horizontal joint employment test reviews relationships where the employee works for two or more employers with economic ties. The vertical joint employment test reviews relationships between the employee and the potential employer, and the economic realities of that relationship. If you are found to be a joint employer, you may be held liable for wage violations of the other employer, for example the PEO or management company violations.

The Department of Labor is seeing a decrease in the traditional employment relationship, and as a result, believes enforcement of employees’ rights and employers’ obligations needs to evolve.