Mobile Devices: The Next Target for Cyber Criminals

By: Anders Erickson, CISA, CISSP, CRISC

In the most recent Threat Intelligence Report publish by Nokia, researchers found that software viruses or malware infecting mobile devices (e.g., cell phones and tablets) had increased 83 percent in the second half of 2016.  The report suggests that this increase represents a shift from hackers targeting traditional computers to going after mobile devices.  One of the most common methods of infecting mobile devices is through “Trojan” apps.  Like the Trojan Horse of Greek mythology, these apps look like a game or something harmless but when they are installed on a mobile device, they execute malware that allows a hacker to access or steal data from that device.  One thing users can do to protect themselves from these types of viruses is to avoid downloading apps from locations other than the Apple or Android app store.

Many nonprofits allow their employees to access organizational data through their mobile devices.  Whether that’s emails, files, or the corporate directory, the access they provide to their employees represents a significant business risk.  If not properly protected, malware infecting an employee’s mobile device can place our client’s data in jeopardy.  Eide Bailly’s Cyber Security team can assist your clients in protecting their data on mobile devices by:

  • Helping establish a secure mobile device policy;
  • Implementing mobile device management (MDM) software, which allows our clients to safeguard corporate data on their employees’ mobile devices; and
  • Educating employees on the dangers of mobile devices and how they can help protect themselves and their organization.

If you have any questions about these services or would like to better understand how we can help our clients feel more confident about their cyber security, please contact Anders Erickson, Director of Cyber Security Services, at aerickson@eidebailly.com or (208)383-4731.

Dangerous W-2 Phishing Scam: Reporting Update

By: Anders Erickson, CISA, CISSP, CRISC

As we reported on March 7, 2017, the IRS has provided notice of a dangerous email scam that is impacting employers, including tax exempt entities. The scammer poses as an internal executive requesting employee Form W-2 and Social Security numbers. The IRS has established a process that will allow employers and payroll service providers to quickly report any data losses related to the W-2 scam. Read the IRS update, Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers for more information. If notified in time, the IRS can take steps to prevent employees from being victimized by identity thieves filing fraudulent returns in their names. There also is information about how to report receiving the scam email even if you did not fall victim.

Eide Bailly has cyber security and computer forensic experts that can help organizations prevent or respond to these and other cyber threats.  Please contact your Eide Bailly representative or Eide Bailly’s Cyber Security Leader, Anders Erickson at 208.383.4731 or email aerickson@eidebailly.com for more information.

2016 Form 990 and Instructions Changes

By: Laurie Hanson

The Form 990 and its many schedules remained largely unchanged for tax year 2016. The changes can be summarized pretty quickly, and include the following:

  1. For returns that cannot be electronically filed, the IRS previously considered returns that were delivered via USPS, FedEx and UPS as timely filed if postmarked at least by the due date of the return. The IRS has added DHL Express to this listing. Whenever a return is mailed to the IRS, regardless of the service used, we encourage you to obtain and retain the receipt for proof of mailing. That way, if the IRS later assesses a penalty for late filing, you’ll have proof that the return was filed on time and will be able to easily have the penalties abated.
  2. For tax years beginning after 12/31/15, the first extension for Form 990 and 990-EZ will cover a six-month period. A second extension is no longer available. Previously, two three-month extensions were available. Form 990 is due 4 ½ months after year end. The extension makes the return due 10 ½ months after year end. Thus, the final filing due date with extensions remains unchanged.
  3. The publicly supported charity definition has been updated to include an agricultural research organization under Internal Revenue Code (IRC) 170(b)(1)(A)(ix). This only pertains to IRC 501(c)(3) organizations that are exempt as a public charity and operate as agricultural research organizations. In other words, it doesn’t affect most organizations.
  4. Goods or services with insubstantial value have been indexed for inflation. The value of items valued at $10.60 or less that bear the organization’s name or logo and are given to donors in exchange for a donation need not be disclosed to the donor.
  5. For Hospitals, a few minor changes have been made to Schedule H to better reflect compliance with the final regulations under 501(r)..
  6. Form 990-T has been updated to include a specific line for tax on hospitals that are not compliant with IRC 501(r) regulations. The tax is not new. Only the line on the form is new.

Beyond Form 990 itself, you may be interested in the following nonprofit related tax issues:

If your organization hires veterans, you may be eligible for a credit against the employer portion of social security tax on wages paid to all employees. The credit applies to qualified first-year wages paid to qualified veterans who began work for the organization after December 31, 2014 and before January 1, 2020. The qualified veteran must be performing services in activities related to the purpose or function constituting the basis of the organization’s tax exempt status under IRC 501. The credit is claimed on Form 5884-C.

If your organization has foreign bank accounts with an aggregate value exceeding $10,000 at any time during the calendar year, Form 114 FinCEN, Report of Foreign Bank and Financial Accounts (FBAR) is required to be filed by April 15. A six-month extension is available. Previously, this form was due June 30 with no extensions.

Please feel free to contact your Eide Bailly nonprofit tax advisor to discuss any of the above items.

Utilizing a Single Member Limited Liability Company to Benefit your Nonprofit

By: Mike Herold

Many nonprofit organizations utilize single member limited liability companies (SMLLCs) in their operations. SMLLCs are popular vehicles for holding real estate and are an easy way to conduct separate activities in different locations. For example, a skilled nursing or senior care corporation might consist of various locations or centers each held within its own SMLLC. This provides a vessel for managing the operations and profitability of each location more effectively and accurately.

Because a SMLLC is considered a disregarded entity for federal tax purposes, the IRS allows the SMLLC to operate as a tax exempt entity without seeking its own application for tax exempt status. This makes the SMLLC a relatively low cost entity to create while affording the parent an additional level of liability protection through an isolating entity.

For more information on SMLLCs and tax exemption, read the full article here.

Approved Form 1023 Data Now Available Online

By Deb Nelson, CPA, Senior Tax Manager  Deb Nelson

In efforts to provide information about tax exempt organizations to the general public, the IRS has announced that data from previously filed and approved Form 1023-EZ applications will be available electronically.

The IRS released the streamlined exemption application in July 2014 to assist smaller organizations in obtaining tax-exempt status under 501(c)(3). Most organizations with gross receipts of $50,000 or less and assets of $250,000 or less are eligible. The 1023-EZ contains limited information, but does include the following:

  • Name, address and phone number
  • Year-end
  • Employer identification number
  • Names of officers, directors and trustees
  • Whether the organization is a corporation, unincorporated association, or trust
  • Date of incorporation and applicable state
  • NTEE Code that describes intended activities as well as several yes/no questions about activities; such as whether or not compensation will be paid to any officers, directors or trustees
  • Type of classification – public charity or private foundation

This data will be updated quarterly on the IRS website and will allow taxpayers to more easily research information on tax exempt organizations. To read the full news release click here.

Properly Classify Your Workers in 2017

laurieBy: Laurie Hansen, CPA, Tax Manager

With all the changes that occur within an organization during the course of a year, it’s important to take a step back and review policies and procedures at the beginning of the year. For example, it’s critical that an organization classify its workers properly. Are your workers employees, or independent contractors?  Let’s take a look at the rules to make sure workers are classified in accordance with IRS guidelines for the coming year.

In general, a person will qualify as an independent contractor if the employer has the right to control or direct the result of the work, but not how or what will be done to achieve the end result. Conversely, in an employer-employee relationship, the employer has the right to direct and control the work done by the employee. Visit our website here for factors that are important in determining worker classification.

New Year Resolutions for your Accounting Team

By: Peggy E. Jennings, CPA, Partnerpeggy

If you are like me, you have already forgotten the promises made in the wee hours of 2017 meant to improve health, personal outlook and work habits. We might be forgetful when it comes to self-improvement, but it isn’t too late to consider some improvements to your accounting process that can find efficiencies to be enjoyed all year round.

Some things to consider for 2017:

  • Walkthroughs –determine how processes for transactions, information flow and approvals are actually working on a daily basis. The goal isn’t to create a fancy spreadsheet but to consider improvements to processes that can save valuable time. Challenge the adage “we’ve always done it this way” to determine the most efficient means to achieve the tasks.
  • Ask questions – is this process necessary? Does it add value? Can it be automated? Is there a duplication of effort between teams? Is anyone using the output? Are roles and responsibilities appropriate?
  • Document – after evaluating existing processes and procedures, documenting any updates to existing policies, or creating policies in areas where little documentation existed previously, will provide a tool for staff to utilize in successfully implementing the procedures. Such documentation can also be incorporated into training materials.
  • Training – after you have determined the most efficient means to achieve tasks and have created new and improved processes, take the time now to fully training your personnel in the new processes so that all can be successful in their positions and responsibilities.
  • Develop process metrics – a good way to measure success is by measuring activity. Consider what metrics can be tracked, such as number of invoices processed, number of days in cycle time (invoice date to approval date), number of manually processed payments, number of invoices processed electronically

Reward success! Change is not easy and it takes a lot of effort to change established processes even when the personnel involved are fully on-board. Listen for needed tweaks to the new processes (internal controls are never final) and take the time to recognize achievement.

Here’s to an efficient and successful 2017!