Mobile Devices: The Next Target for Cyber Criminals

By: Anders Erickson, CISA, CISSP, CRISC

In the most recent Threat Intelligence Report publish by Nokia, researchers found that software viruses or malware infecting mobile devices (e.g., cell phones and tablets) had increased 83 percent in the second half of 2016.  The report suggests that this increase represents a shift from hackers targeting traditional computers to going after mobile devices.  One of the most common methods of infecting mobile devices is through “Trojan” apps.  Like the Trojan Horse of Greek mythology, these apps look like a game or something harmless but when they are installed on a mobile device, they execute malware that allows a hacker to access or steal data from that device.  One thing users can do to protect themselves from these types of viruses is to avoid downloading apps from locations other than the Apple or Android app store.

Many nonprofits allow their employees to access organizational data through their mobile devices.  Whether that’s emails, files, or the corporate directory, the access they provide to their employees represents a significant business risk.  If not properly protected, malware infecting an employee’s mobile device can place our client’s data in jeopardy.  Eide Bailly’s Cyber Security team can assist your clients in protecting their data on mobile devices by:

  • Helping establish a secure mobile device policy;
  • Implementing mobile device management (MDM) software, which allows our clients to safeguard corporate data on their employees’ mobile devices; and
  • Educating employees on the dangers of mobile devices and how they can help protect themselves and their organization.

If you have any questions about these services or would like to better understand how we can help our clients feel more confident about their cyber security, please contact Anders Erickson, Director of Cyber Security Services, at aerickson@eidebailly.com or (208)383-4731.

Dangerous W-2 Phishing Scam: Reporting Update

By: Anders Erickson, CISA, CISSP, CRISC

As we reported on March 7, 2017, the IRS has provided notice of a dangerous email scam that is impacting employers, including tax exempt entities. The scammer poses as an internal executive requesting employee Form W-2 and Social Security numbers. The IRS has established a process that will allow employers and payroll service providers to quickly report any data losses related to the W-2 scam. Read the IRS update, Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers for more information. If notified in time, the IRS can take steps to prevent employees from being victimized by identity thieves filing fraudulent returns in their names. There also is information about how to report receiving the scam email even if you did not fall victim.

Eide Bailly has cyber security and computer forensic experts that can help organizations prevent or respond to these and other cyber threats.  Please contact your Eide Bailly representative or Eide Bailly’s Cyber Security Leader, Anders Erickson at 208.383.4731 or email aerickson@eidebailly.com for more information.

Properly Classify Your Workers in 2017

laurieBy: Laurie Hansen, CPA, Tax Manager

With all the changes that occur within an organization during the course of a year, it’s important to take a step back and review policies and procedures at the beginning of the year. For example, it’s critical that an organization classify its workers properly. Are your workers employees, or independent contractors?  Let’s take a look at the rules to make sure workers are classified in accordance with IRS guidelines for the coming year.

In general, a person will qualify as an independent contractor if the employer has the right to control or direct the result of the work, but not how or what will be done to achieve the end result. Conversely, in an employer-employee relationship, the employer has the right to direct and control the work done by the employee. Visit our website here for factors that are important in determining worker classification.

New Year Resolutions for your Accounting Team

By: Peggy E. Jennings, CPA, Partnerpeggy

If you are like me, you have already forgotten the promises made in the wee hours of 2017 meant to improve health, personal outlook and work habits. We might be forgetful when it comes to self-improvement, but it isn’t too late to consider some improvements to your accounting process that can find efficiencies to be enjoyed all year round.

Some things to consider for 2017:

  • Walkthroughs –determine how processes for transactions, information flow and approvals are actually working on a daily basis. The goal isn’t to create a fancy spreadsheet but to consider improvements to processes that can save valuable time. Challenge the adage “we’ve always done it this way” to determine the most efficient means to achieve the tasks.
  • Ask questions – is this process necessary? Does it add value? Can it be automated? Is there a duplication of effort between teams? Is anyone using the output? Are roles and responsibilities appropriate?
  • Document – after evaluating existing processes and procedures, documenting any updates to existing policies, or creating policies in areas where little documentation existed previously, will provide a tool for staff to utilize in successfully implementing the procedures. Such documentation can also be incorporated into training materials.
  • Training – after you have determined the most efficient means to achieve tasks and have created new and improved processes, take the time now to fully training your personnel in the new processes so that all can be successful in their positions and responsibilities.
  • Develop process metrics – a good way to measure success is by measuring activity. Consider what metrics can be tracked, such as number of invoices processed, number of days in cycle time (invoice date to approval date), number of manually processed payments, number of invoices processed electronically

Reward success! Change is not easy and it takes a lot of effort to change established processes even when the personnel involved are fully on-board. Listen for needed tweaks to the new processes (internal controls are never final) and take the time to recognize achievement.

Here’s to an efficient and successful 2017!

 

 

Functional Allocation of Expenses – How Difficult Could This Be?

By: Peggy Jennings, CPAPeggy Jennings

The allocation of expenses among program, management & general (M&G), and fundraising functions is sometimes a mysterious process, often left to chance or defaulted to SALY (same as last year), or, in certain unfortunate cases, is determined based on desired ratio outcomes. If done properly, the allocation methodologies can be as diverse as the nature of the expenses incurred.

For those wanting to “do things right,” why the confusion?

One reason is the sometimes over-generalization of the requirements, which themselves are rather sparse in the FASB Accounting Standards Codification (ASC). For example, the definition of program services found in the ASC is “The activities that result in goods and services being distributed to beneficiaries, customers, or members that fulfill the purposes or mission for which the not-for-profit entity (NFP) exists. Those services are the major purpose for and the major output of the NFP and often relate to several major programs.” Little wonder that a question often heard is, “Aren’t all of our expenses incurred in fulfilling our mission?”

A more useful reference can be found in the AICPA Audit and Accounting Guide, Not-For-Profit Entities (Guide), which provides helpful guidance in Chapter 13, Expenses, Gains and Losses.

To learn more, read the full article here.

End-of-Year Donation Considerations

By Kyle Fritch  KyleFritch

As the end of the year approaches, many individuals and businesses will be planning their holiday and year-end giving. Charitable donations are an excellent way for donors to reduce their tax burdens while also supporting their communities and nonprofit organizations. Donors commonly have questions about the timing of contributions to ensure they receive a deduction for their charitable donation in the appropriate year. In addition, charities must provide the date that a contribution was received when providing acknowledgements to their donors. These rules are complicated, so care needs to be taken in evaluating these year-end donations.

Charitable contributions are deductible in the year the donation is made. A contribution is considered to be made on the date of delivery to the charity if the donor has irrevocably parted with ownership (possession and control) of the property. The date of delivery rules vary depending on the type of property contributed and how it is transmitted to the charity. Click here for some of the most common donation scenarios, along with the rules pertaining to each type of donation.

Program Related Investment Regulations: Impact on Public Charities

By: Deb NelsonDeb Nelson

Program-related investments (PRIs) are nothing new to the nonprofit industry; however, the IRS has spent the last few years issuing proposed regulations, reviewing comments from the community, and then issuing final regulations in April 2016. While the underlying rules for PRIs remained unchanged, the final regulations outlined additional examples of investments with a charitable purpose that qualify as PRIs.

The rules and regulations are directed at investments made by private foundations. Public charities can also take advantage of PRIs without being subjected to the same restrictions as private foundations. While there is no formal guidance issued for public charities making PRIs, public charities should follow the private foundation regulations as a guide and best practice. To learn more about PRIs read the full article here.