Companies update their systems to replace outdated software and to modernize or streamline supporting IT resources. They also implement new systems in hopes of benefitting from internal efficiencies through added features, better workflow, etc. The problem is most companies that implement a new system do not achieve all of their objectives, and many fail miserably.

“Ultimately, the new system may be better, but if executives listed the top things they wanted to accomplish by implementing the new system, many times they don’t achieve those things,” says Brian Thomas, partner in IT Advisory Services at Weaver.

Smart Business spoke with Thomas about how to buck the trend of frustrating and failed system implementations.

What pitfalls occur with new system implementations?

Most companies don’t do a detailed analysis of day-to-day operations and assess how that translates into new system requirements. Management must ask, ‘What are the requirements we, as a unique organization, have of a system that will make it successful?’

Midsize companies often don’t have the time and/or don’t feel the need to formulate detailed system requirements. Executives may operate off of a high-level understanding about improvements they want to see, while calling on people they know to get perspective on what comparable companies are doing.

Also, almost everyone takes for granted how software users have shaped internal business processes based on the reports they generate. New systems mean new reports. If the new system doesn’t consider reporting, as well as how much old data to bring over, it can create back-end challenges. Then, companies are forced to either reconfigure processes or scramble to build new reports.

What’s the potential cost of these issues?

A lack of attention can drag out a project and lead to cost overruns. Management may run blind for a period of time if reporting requirements are not properly addressed before go-live, which hampers business decisions and company performance. Top management may perceive the software vendor as not delivering as promised. Delays and problems cause system users to have a tarnished view of a system, and could lead to employees building system workarounds, such as spreadsheets or databases on the side.

What steps do you recommend instead?

A new software system can substantially impact your company. So, it’s crucial to do the initial due diligence to determine whether the new system is capable of doing what management needs it to do the day it goes live.

Appoint someone internally or externally to build out detailed system requirements by working with users in each department to understand how their processes work. You can then provide these requirements to prospective vendors in an RFP-type format.

Vendors should demonstrate to decision-makers how their software achieves the requirements as part of the proposal process. If any are not fulfilled, which usually is the case, they should be able to articulate their plan for resolving the gaps. Management needs to analyze, ‘If this software does 75 percent of what we need, are we comfortable with the vendor’s responses or plans for what it doesn’t do? And if we have concerns, do we want to change how we do things or look at a different software product?’

It’s logical to expect this process to take a few months unless the system being replaced is a standalone product used by one department for a specific need. There are multiple vendors for a reason; companies must figure out what works best for them.

What about monitoring risks during implementation?

Once a vendor is selected, don’t turn over the keys. If the vendor made promises about covering gaps, the internal stakeholders need to remain involved throughout the project’s life cycle to ensure those things are actually happening.
An objective third party can work between the company and vendor to ensure everyone is accountable. They can even assess the risks of going live on the new software and let the company know when those risks have been brought down to an acceptable level. This helps the company avoid a failed implementation and protects the vendor from having a dissatisfied client.

Brian Thomas, CISA, CISSP, is a partner in IT Advisory Services at Weaver. Reach him at (713) 800-1050 or brian.thomas@weaver.com.

Insights Accounting is brought to you by Weaver

Published in Houston

For most company buyers, taxes are a priority when negotiating a purchase price. However, if tax issues are neglected during the integration phase, the negative consequences can be serious. To improve the likelihood of a successful merger, it’s important to devote resources to intensive tax planning before — and after — your deal closes.

During deal negotiations, you and the seller will likely discuss issues such as deductibility of transaction costs and the amount of local, state and federal tax obligations the parties will owe upon signing the deal. Often, deal structures such as asset sales can benefit one party and have negative tax consequences for the other, so it’s common to wrangle over taxes at this stage, says Sean Muller, partner-in-charge of Houston Tax and Strategic Business Services at Weaver.

“With adequate planning, companies can be spared from costly tax-related surprises after the transaction closes and integration of the acquired business begins,” Muller says. “Tax management during integration can also help your company capture synergies more quickly and efficiently.” You may, for example, have based your purchase price on the assumption that you’ll achieve a certain percentage of cost reductions via post-merger synergies. However, if your tax projections are flawed or you fail to follow through on earlier tax assumptions, such synergies may not be realized.

Smart Business spoke with Muller about tax planning after the deal closes.

What is one of the most important tax-related tasks in a deal?

Integrating accounting departments is critical, and there’s no time to waste. The seller may have to file federal and state income tax returns or extensions either as a combined entity with the buyer or as a separate entity within a few months following the transaction’s close. Companies must also account for any short-term tax obligations arising from the acquisition.

To ensure the two departments integrate quickly and are ready to prepare the required tax documents, decide well in advance of closing which accounting personnel to retain. If different tax processing software or different accounting methods are used, choose between them as soon as feasible. Understand that, if your acquisition has been using a different accounting method, you’ll need to revise previous tax filings to align them with your own accounting system.

What are the major areas of concern for companies related to tax planning and operational synergies?

Before starting to integrate products, personnel and facilities, examine the tax implications of those actions. Major areas of concern include:

  • Supply chain integration. Combining the logistical operations of both companies may make fiscal sense on paper, but there could be tax consequences. Say, for example, that you’re planning to close your seller’s main warehouse and fold operations into your company’s existing warehouse facilities. What if the acquisition’s warehouse is domiciled in a more favorable tax locale than your warehouse?

  • Divestitures and sell-offs. Buyers often spin off unwanted divisions or products when they acquire a business, but from a tax standpoint such moves can be costly. For example, selling a segment could eliminate certain tax write-offs or protections. You also need to plan for the tax consequences of selling newly acquired assets.

  • Global implications. International acquisitions can be a tax minefield. Companies should keep in mind the kinds of new exposures the deal carries, such as value-added taxes. Also, consider how a foreign purchase may affect your company’s effective tax rate. Be sure your M&A advisory team includes people who are knowledgeable about the relevant tax laws.

  • Enterprise resource planning (ERP). If the two companies’ ERP systems aren’t merged and synchronized, data collection could slow or you could lose tax data. This could affect the accuracy and speed of the combined organization’s financial reporting.

When acquiring a company, your to-do list will be long, which means you can’t devote all of your time to the deal’s potential tax implications. However, the tax consequences of M&A decisions may be costly and could impact your company for years. So, if you don’t have the necessary tax expertise in-house, work with outside advisers that do.

Sean Muller is the partner-in-charge of Houston Tax and Strategic Business Services at Weaver. Reach him at (832) 320-3293 or sean.muller@weaver.com.

Insights Accounting is brought to you by Weaver

Published in Houston

Enterprise risk management (ERM) has become a big buzzword in business the past few years. However, corporate governance and compliance, which is how business executives utilize ERM, is really a traditional management function.

“What’s new about it is that there’s market interest and significant value associated with an enterprise that has implemented true ERM,” says Alyssa Martin, a partner in Risk Advisory Services at Weaver.

When an investment company is looking at an enterprise’s value, a consortium of banks are considering giving a syndicated loan, or companies are weighing a merger or acquisition, an ERM program increases the company’s intrinsic value, illustrating the sophistication of its corporate governance. An organization can also use ERM to improve internal decision making, promoting and instilling risk awareness within its culture.

Smart Business spoke with Martin about integrating ERM into strategic, business and financial management processes.

How does ERM differ from other methods of assessing and managing risk?

Risk assessment was more widely implemented during the regulatory increase and Sarbanes-Oxley wave, but companies often assess risks at the process level in silos.

ERM looks at risk across the entity, casting a wide net, incorporating the results of the risk assessment with integration practices throughout the organization. The first step is to perform an entity level risk assessment identifying the most critical risk categories and related events that influence the organization’s success. Then, you drill these risk considerations down into processes and functions.

An ERM program considers the business goals, objectives and strategies at all times, following these steps to monitor and manage risk on an ongoing basis:

  • Identify, assess and prioritize business risk.
  • Analyze key risks and current capabilities.
  • Determine strategies and new capabilities.
  • Develop and execute action plans and establish metrics.
  • Measure, monitor and report risk management performance.
  • Aggregate results and integrate them with the decision-making process.

An organization identifies the risk categories and specific risk events that have the most material influence, which are not necessarily the most common, for current operations and strategic initiatives. So, a domestic company that wants to grow internationally is changing its business condition and risk influences, and in turn, the management of related risks.

One of the advantages of ERM is that business leaders can move from managing negative events that have occurred to managing key risk indicators, which allows you to get in front of identified critical activities. For example, if a retailer that does 60 percent of its sales on credit monitors key risk indicators, such as U.S. consumer credit ratings and credit interest rates, it can modify business practices or promotional tactics before a credit freeze trickles down. Instead of offering customers no interest for one year, the retailer can offer no interest for six months.

Are many companies already following ERM?

Absolutely. ERM practices such as building internal controls, joint venturing with business partners or identifying regulatory requirements are already occurring within management functions. But an ERM program helps bolt decision-making and business tactics together to create cohesiveness within an organization, where everything is based on the same risk profile and agreed-upon risk tolerances.

With that said, companies must align the ERM program with their existing goals and strategies. This alignment is crucial. It ensures that program activities are not just new tasks but rather different ways of executing the tasks that may or may not include additional elements.

Where do companies fall short with ERM?

The most common mistake is thinking that entity level, enterprise-wide risk assessment equals ERM. That’s only the first step. Companies must use what they’ve learned through the assessment to put management tactics and monitoring into place.

An entity level risk assessment also does not instill a risk-awareness culture. Risk must become part of a company’s operations and decision-making processes through business planning, product development and regulatory compliance.

As an example, when considering performance evaluations, managers need to ask: Did you consider risk when you made that decision? Did you incorporate more anticipatory business planning versus reactionary planning? Risk management must become a component of the executive management’s responsibilities while ERM is integrated across the organization.

Alyssa G. Martin, CPA, MBA, is a partner, Risk Advisory Services, at Weaver. Reach her at (972) 448-6975 or alyssa.martin@weaver.com.

Insights Accounting is brought to you by Weaver

Published in Houston

The communication between independent auditors and audit committee members of public companies will change in 2014 with Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 16.
The PCAOB’s standard is effective for audits of fiscal years beginning after Dec. 15, 2012.

“There’s an emphasis on two-way communication and the timeliness of communication,” says Dale Jensen, partner-in-charge of the Public Company Audit Practice at Weaver. “These requirements should only help the audit committee better understand the audit process and the results.”

Smart Business spoke with Jensen about PCAOB Auditing Standard No. 16’s implementation and how it changes auditor responsibilities.

How will communication between auditors and audit committees change?

Generally, the standard seeks to create more effective and timely two-way communication between the auditor and audit committee, including sharing what discussions have occurred between the auditor and management during the audit. It standardizes what is communicated and when.

Part of the standard addresses the appointment and retention of auditors — general information relevant to the planning of the audit. Committee members need to understand what auditors will discuss with management prior to the auditor retention. Many public companies won’t see a change here if they are following best practices. But some concepts have been expanded, such as requiring auditors to ask the committee if they are aware of any matters relevant to the audit, including knowledge of possible law violations.

The standard also discusses the audit’s results. Auditors already were disclosing many of the required items, such as significant and critical accounting estimates, and significant and unusual transactions. Now, the auditor must also communicate:

  • Difficult or contentious matters about which they consulted with management.
  • Matters that resulted in a going concern consideration, how the matter was alleviated, and the effects on the financial statements and audit opinion.
  • Any departures from the standard report.

The auditor also must share the results with the audit committee before issuing an opinion on the financial statements. This provides committee members with the opportunity to gain an understanding and address questions with the auditors prior to the issuance of the opinion and Form 10-K filings with the Securities and Exchange Commission.

Does the standard specify what type of communication is required?

Some things must be in writing, such as engaging an auditor, but, overall, communication can be written or verbal.

Auditors can communicate the required items solely in writing. However, verbal communication can help committee members truly understand the nuances of what’s being reported. For example, auditors may share audit results over a conference call or at an in-person meeting. This opens up the dialog and creates an opportunity for the audit committee to ask questions to gain a better understanding of the audit process, specific findings, etc. The key here is to allow adequate time for the auditors and audit committee members to have these discussions and to work through any issues or questions that arise.

How much impact will the standard have?

Overall, the impact of this standard will be positive because it’s enhancing two-way communication between auditors and audit committees about matters of importance to the audit and the financial statements. How much impact it has will really depend on the company, what its issues are and how information has typically been communicated to the audit committee in the past.

Dale Jensen, CPA, CFE, is partner-in-charge of the Public Company Audit Practice at Weaver. Reach him at (800) 332-7952 or dale.jensen@weaver.com.

Insights Accounting is brought to you by Weaver

Published in Houston

In 2012, the energy sector spent $17.9 billion on global research and development, more than $6.6 billion of which was conducted in the U.S. Assuming small and midsize businesses perform 20 percent of the U.S. energy sector’s R&D, these companies could incur up to $1.3 billion in R&D expenditures, the benefits of which may not be fully realized because they underutilize the R&D tax credit, says Robert Henry, a partner in Tax and Strategic Business Services at Weaver.

In addition, the R&D tax credit represents a permanent tax benefit; it reduces the overall effective tax rate as presented in generally accepted accounting principles basis financial statements.

Smart Business spoke with Henry about new ways to utilize R&D tax credits.

What is the R&D credit?

The federal R&D tax credit is a mechanism to spur technological advances and hiring in R&D fields. It has expired and been extended multiple times, but has most recently been extended through 2013. With support in both political parties, it is likely to be continued.

In addition, many states offer R&D tax incentives in the form of state income, franchise, or sales and use tax credits and exemptions. Texas’s R&D credit will come back into law effective Jan. 1, 2014. Texas HB 800 provides a sales and use tax exemption or a franchise tax credit related to qualified R&D activities taking place within Texas. This will greatly increase the potential tax benefit available to taxpayers conducting their R&D within Texas.

How is qualifying R&D activity defined?

Internal Revenue Code section 174 describes research and experimental expenditures as activities intended to discover information that will eliminate uncertainty concerning the development or improvement of a product. The activity must:

  • Be related to the development or improvement of a product, inclusive of a technique, invention, formula or process.
  • Address uncertainty regarding the appropriate method or design for the product.

Activities deemed eligible by section 174 qualify for immediate tax deduction. They also may qualify under section 41, where they must:

  • Be technological in nature, based in hard sciences, such as geology or engineering.
  • Contain a sufficient degree of development uncertainty.
  • Contain the process of experimentation.
  • Have a permitted purpose that improves a business component, which includes a product, process, software, technique, formula or invention.


What oil and gas activities may qualify?

‘Wildcat’ exploration, the drilling of a well, the development of logistical infrastructure — really the entire exploration and production process — may qualify for the R&D credit. That also includes improved analytics and software that enables more accurate interpretation of reservoir studies. A pipeline company in the industry’s midstream sector may be more efficiently monitoring flows of oil and natural gas or overcoming adverse field conditions in placing a pipeline. Downstream companies may benefit from improved processes for purifying or refining natural gas or oil.

What costs are eligible for the credit?

Wages for employees engaging in qualified research, directly supervising qualified research or supporting it are eligible. A company may also deduct 65 percent of contract labor costs associated with qualifying R&D activities.

Tangible property costs used in the R&D process or in the construction of a prototype can be qualifying expenditures. Supply expenses, though, cannot include land or land improvements, or property subject to depreciation. Expenses for royalties, shipping or travel also cannot be included. In addition, special considerations apply for internal-use software.

In order to capture all eligible credit when R&D activities are identified, companies must track and record labor costs of internal employees, contractor and vendor expenses, and supplies or materials costs. A business that is aware of the manner in which these costs are tracked and accounted for will more accurately define what it can claim for an R&D tax credit.

Robert Henry, CPA, is a partner in Tax and Strategic Business Services at Weaver. Reach him at (800) 332-7952 or robert.henry@weaver.com.

Insights Accounting is brought to you by Weaver

Published in Houston

The vast amount of public funds and programs in federal, state and local governments can make it difficult to keep track of expenditures. Far too many people seize this opportunity to commit fraud, which in turn halts intended improvements or services.

For example, the Houston-based Dubuis Health System and Southern Crescent Hospital for Specialty Care Inc., in Riverdale, Ga., were accused of overcharging Medicare. The hospitals allegedly hospitalized patients longer than necessary to obtain larger reimbursements from the government. They agreed to repay the U.S. government $8 million to resolve various False Claims Act (FCA) allegations dating back to 2003.

“When fraud involving public funds occurs, the amount of goods or services those funds can purchase diminishes, and taxpayer dollars are wasted. Constituents see declining value. Public officials and stakeholders face questions regarding the use of tax dollars or other people’s money,” says Trish Fritsche, a senior manager in Forensics and Litigation Services at Weaver.

Smart Business spoke with Fritsche about how public sector officials and other stakeholders can respond to fraud schemes with the help of forensic accountants.

What are the most prevalent fraud methods used in the public sector?

Common ways to divert public funds from intended use are asset misappropriation, corruption and financial statement fraud. Although internal controls can be put in place to prevent fraud, in reality, fraud is potentially as unlimited as the human ingenuity to circumvent those controls.

How should organizations respond?

Once an incident of suspected fraud is identified via a hotline or other source, questions to ask include:

  • Should the investigation be handled internally or externally?
  • Who are the stakeholders?
  • What are the resources needed?
  • Should the entity self-report fraud?

At this time, attorneys and forensic accountants may need to become involved. Forensic accountants possess the skills necessary to appropriately respond in a crisis. They understand how to discover and develop information that can be used by governmental entities, boards and others with fiduciary responsibility. Forensic accountants also provide consulting services or expert testimony. They work closely with law enforcement and others to properly address the fraudulent conduct.

What laws can assist with addressing fraudulent conduct?

The Fraud Enforcement and Recovery Act of 2009 (FERA), enacted just after the American Recovery and Reinvestment Act, seeks to reduce fraud involving federal money and property. The act expanded various civil and criminal fraud statutes to include mortgage businesses, as well as entities associated with recovery act funding.

Liability under the FCA was originally limited to individuals or entities that directly or indirectly induced payment by the federal government. FERA, however, expanded that. Now, the FCA not only applies to direct recipients of government funds, but also to any contractor or other entity receiving funds. It explicitly prohibits the retention of government overpayments to individuals or entities.

The Racketeer Influenced and Corrupt Organizations Act (RICO) was enacted in 1970 to combat organized-crime activities. It has since been used to prosecute other offenses, including fraud cases involving government funds. Under RICO, anyone who has committed any two crimes from a list of 27 federal and eight state crimes —such as bribery, embezzlement and money laundering — within a 10-year period can be charged with racketeering. RICO allows a U.S. Attorney to temporarily seize a defendant’s assets and prevent the transfer of potentially forfeitable property. In addition, private parties are allowed to file civil lawsuits under certain circumstances.

Each fraudulent act involving public sector funds not only decreases the funds available, it also causes constituents to lose faith in officials. Effectively combatting fraud enables entities to do the greatest good for the greatest number, while establishing trust among all stakeholders.

Trish Fritsche, CPA, CFF, CITP, CGMA, is a senior manager in Forensics and Litigation Services at Weaver. Reach her at (800) 332-7952 or trish.fritsche@weaver.com.

Insights Accounting is brought to you by Weaver

Published in Houston

The government has increased tax rates and implemented other changes for 2013. However, companies may be able to employ tax-saving options — deductions, depreciation provisions or deferrals — prior to Dec. 31.

If companies review before year-end, they are better able to maximize potential savings, and it may even spur thoughts for future tax planning, says Sean Muller, partner-in-charge, Houston Tax and Strategic Business Services at Weaver

Smart Business spoke with Muller about the opportunities to save on your 2013 taxes.

How can businesses utilize enhanced Section 179 deduction limits in 2013?

Enhanced Section 179 deduction limits were enacted for 2013, which allow companies to immediately deduct up to $500,000 of equipment purchases made, rather than depreciating over a number of years.

The deduction applies to 2013 equipment purchases of up to $2 million. The deduction is slowly phased out for taxpayers with $2.5 million or more in purchases. Section 179 deductions can be applied toward tangible property purchases, but real property doesn’t qualify. 

In 2014, the Section 179 limitation will decrease to $25,000. Companies that plan to make large capital expenditures in 2014 may wish to purchase in 2013 instead. The deduction can be used to reduce tax liability to zero, but it cannot put you in a net loss position.

How does bonus depreciation differ? 

Taxpayers in some states may be able to utilize a 50 percent bonus depreciation rate for qualified property placed in service during 2013. Unlike the Section 179 deduction, bonus depreciation is not limited to net income and does not limit the deduction amount.  

Bonus depreciation applies to new, original use U.S.-based property with a recovery period of 20 years or less.

The 50 percent bonus depreciation and Section 179 deduction can be used together.

What savings are available through like-kind exchanges?

Another tax-saving opportunity to consider is like-kind exchanges. IRS Code Section 1031 enables a taxpayer to defer capital gains tax if the property sale proceeds are reinvested in similar property within a relatively short time. The exchange may be a simultaneous swap of properties or a deferred exchange. With a deferred exchange, one property is disposed of and the proceeds are then used to buy one or more like-kind properties. 

Section 1031 exchanges exclude inventory, stocks, bonds and partnership interests. 

Who can take domestic production activity deductions (Section 199)?

In 2013, businesses with qualified domestic production activities may be able to receive a 9 percent tax deduction. Qualifying activities include the manufacture, production, growth or extraction of qualifying production property within the U.S., as well as real property construction, oil and gas drilling, and engineering and architectural services related to real property construction. 

Generally, a taxpayer is allowed a deduction equal to the lesser of: 

  • Qualified production activity income (QPAI), which is a modified calculation of income related to qualifying production activities.
  • Taxable income.
  • 50 percent of the form W-2 wages deducted in arriving at QPAI.

The level of complexity in calculating the appropriate deduction depends on the nature and structure of the business. 

What are other year-end tax strategies?

Companies also should consider potential residual tax-saving activities, such as:

  • Deferring income to 2014 if cash flow and current income permit.
  • Making additional charitable donations. 
  • Writing off and disposing of damaged or obsolete inventory to reduce carrying costs and garner tax deductions.
  • Writing off bad debt that cannot be collected. Companies should keep supporting material like phone logs, correspondence, collection agency contracts, etc., to prove a reasonable effort was made to collect.

Invest the time now to plan for your 2013 taxes and reap the benefits later. 

Sean Muller is partner-in-charge, Houston Tax and Strategic Business Services, at Weaver. Reach him at (832) 320-3293 or sean.muller@weaver.com.

Insights Accounting is brought to you by Weaver

 

 

 

 

 

Published in Houston

In July, the 5th U.S. Court of Appeals ruled in Asadi v. G.E. Energy (USA) LLC that whistle-blowers aren’t entitled to protection under the Dodd-Frank Act’s anti-retaliation provision unless they report directly to the Securities and Exchange Commission (SEC).

This ruling — currently limited to Texas, Louisiana and Mississippi — may provide incentive to bypass the internal process for reporting suspected fraud or misconduct.

When going directly to the SEC, employees not only get monetary awards for information that leads to successful enforcement actions but also have the assurance of protection against retaliation, says Carolyn Bremer, senior manager in Forensic and Litigation Services at Weaver.

“Already, many companies are struggling to keep internal compliance programs strong, actively looking for ways to encourage employees to utilize their internal reporting processes,” she says.

Smart Business spoke with Bremer about how to instill trust in your internal compliance program in the Dodd-Frank era.

What has been the impact of Dodd-Frank on whistle-blower reporting to the SEC?

According to its annual report on the Dodd-Frank Whistleblower Program for fiscal 2012, the SEC received 3,001 whistle-blower tips and awarded a second whistle-blower award this past June. There may be an uptick in tips because of the announcement of these recent monetary awards, the expected increase in future awards and the court ruling.

Why do employees hesitate to internally report fraud or suspected misconduct?

Employees often hesitate because of bad experiences either personally or from co-workers’ stories. Reasons for not reporting potential fraud or misconduct include the fear of not remaining anonymous, fear that no one will believe them, or fear of retaliation such as losing their job, not receiving a raise or being demoted. They also fear discrimination or isolation from co-workers, or sense that the tone at the top doesn’t support the policies.

What can be done to alleviate hesitation?

A company can instill trust in reporting internally by focusing on strengthening its hotline process and whistle-blower policy.

Your hotline must provide a way to report in confidence, while being monitored by an appropriate party. Avoid having tips go directly to human resources or management. Employees should see the monitor as more independent — such as in-house counsel, head of internal audit or a compliance officer — especially if they fear retaliation.

Ensure there are clearly defined timelines or checkpoints for follow up, which include communicating back to the whistle-blower that the tip is being handled discreetly and the issue is being addressed appropriately.
Have a documented whistle-blower policy that addresses retaliation protection. What is considered retaliation and the penalties for it should be clearly outlined. For example, ‘harassment or victimization for reporting concerns under this policy will not be tolerated’ is insufficient. A better statement is: ‘No employee who in good faith reports a violation of the code of conduct or potential fraud or misconduct shall suffer harassment, retaliation or adverse employment consequences. An employee who retaliates against someone who reported in good faith is subject to discipline up to and including termination of employment.’

By voluntarily extending the whistle-blower protections afforded under Dodd-Frank to all employees who report internally, companies introduce additional trust.

Why is it important that employees feel comfortable reporting matters internally?  

In bypassing internal compliance, employees deprive the company of the opportunity to investigate and remedy a wrongdoing before regulators get involved. Many tips don’t warrant the SEC’s attention but do warrant corrective action or communication within the company. However, management can’t address a problem they don’t know about.

Nevertheless, there are obvious instances that warrant direct reporting to the SEC, and it’s always advisable for employees to seek legal advice when deciding whether to report internally or externally.
Strengthening your hotline process and whistle-blower policy, and educating your employees, can be key to instilling trust in internal whistle-blower reporting.

Carolyn Bremer is senior manager of Forensic and Litigation Services at Weaver. Reach her at (972) 448-6951 or carolyn.bremer@weaver.com.

Insights Accounting is brought to you by Weaver

Published in Houston

The Division of Corporation Finance, a part of the Securities and Exchange Commission, issued guidance on disclosure obligations related to cybersecurity risks and incidents a few years ago. Public companies aren’t yet required to disclose this information to shareholders, but they could be at some point, says Brittany Teare, IT advisory manager at Weaver.

“Right now, this is guidance that is in the best interest for your shareholders, but that will likely change. It could become a requirement sooner rather than later,” she says.

Smart Business spoke with Teare about the guidance and how businesses can measure and guard against cyberrisks.

What are the SEC reporting requirements for cybersecurity under this guidance?

The guidance expands upon the existing requirements that public companies follow, but there’s no mandatory piece yet that results in a direct impact if a company doesn’t disclose information.

Basically, the guidance states that if cybersecurity risks and cyber incidents have a material effect on your shareholders — if it could affect how financial information is reported — you have to report them.

How do you know when cybersecurity risks materially impact your company?

The guidance addresses some possible risks and whether they should be voluntarily reported to shareholders. If you don’t have cybersecurity controls around your key financial systems, for example, then the way you record or report your data can be easily manipulated or altered. Even if a cyber breach has not yet occurred, it is very likely.

Cybersecurity is a gray area. Employers typically know that network and perimeter security, access and change controls should be in place, but executives may not consider disclosing vulnerabilities. CEOs and CFOs typically look at balance sheets and see line items for hardware and other things they can touch, but it can be challenging to consider the ways a breach can happen.

How would you advise CEOs to quantify data and see vulnerabilities?

First, designate a person or group of people to be responsible for cybersecurity. They should not only understand SEC  requirements and where they are potentially heading, but also must identify specific risks.

There is a central entry point in any network, so key people need to know where the sensitive data is because if an attacker gets there, it could add up to a huge loss. If the company does not store much sensitive information, an attack could impact its reputation, which is more difficult to value.

Another challenge is improving communication from the CIO or IT manager. Often, IT will say, ‘We need X dollars for new equipment, applications and hardware that are going to help make our organization more secure.’ When management hears this number, which can be millions in larger organizations, they want to know the ROI. However, IT personnel typically struggle to quantify that.

A CIO needs to be able to tell other executives, ‘If this firewall, application or system is not installed, a breach would cost us X dollars, or the company could lose X dollars per day,’ for example. Not everything can be quantified, but this gives CIOs a starting point.

What will protect your data and reputation?

Some key, high-level steps to consider are:

•  Take inventory of the data systems and gain an understanding of where critical data is located. Then, work to ensure that there is an appropriate amount of security in those areas.

• Use complex, strong passwords to protect the network, systems and data, and regularly change them. Have the system lock out users after a certain number of failed attempts and log all such activity.

•  Heavily monitor networks and systems. Check who is logging in and from where, who is successfully entering and who is failing. Then, set a baseline to understand any abnormalities.

• Use the principle of least privilege, especially for critical accounts and functions. This ensures that no single employee has all access; rather, access is tailored to the job function.

There is more companies can do. But by implementing key, basic controls, if a breach occurs, the business can more easily identify what happened and how.

Brittany Teare is IT advisory manager at Weaver. Reach her at (972) 448-9299 or brittany.teare@weaverllp.com.

Website: More information about the SEC guidance.

Insights Accounting is brought to you by Weaver

Published in Houston

Selling a business is challenging. From vetting potential buyers to preparing financial statements to keeping negotiations on track — all while running your company — there’s a lot that can go wrong. In fact, almost no detail is too big or too small to affect the eventual outcome of merger and acquisition (M&A) deals. However, you can reduce the odds of a mistake by knowing where similar transactions have gone astray.

“It’s important to talk to owners who have successfully completed sale transactions and to work with experienced M&A advisers,” says Brian Reed, partner in Transaction Advisory Services at Weaver.

Smart Business spoke with Reed about common M&A mistakes and key items to resolve before closing a deal.

How might sellers hurt their chances before putting their business on the market?

You risk a letdown when you make overly optimistic future earnings projections or put too much weight on variable measurements, such as the sale prices of similar companies in stronger M&A markets. If you won’t budge from an unrealistic sale price, you could drive away an appealing buyer.

Work with a professional adviser to assess your company’s value as well as estimate an offering price the market can support. The two may not match because the price depends on contemporary economic, M&A market and sector conditions.

Where does timing factor into this?

Other critical seller mistakes revolve around timing, whether internal or external. For example, selling at the wrong time, at the end of a market cycle, could mean fewer buyers and possibly lower offers. If your sector has experienced a recent wave of M&A deals, the buyer base could be depleted, and you may want to hold off.

Sometimes sales are spurred by internal circumstances, such as the retirement of a founding owner, but these situations shouldn’t rush the sale. If your company is not ready for the market, consider appointing an interim head to make preparations and screen potential buyers.

Sellers, particularly those selling for the first time, often greatly underestimate the amount of work and hours it takes to prepare for sale. Have you allocated enough time to implement strategies to maximize your sale’s value? Is your company ready to promptly and accurately respond to hundreds of specific buyer requests? If you haven’t assembled a team with the time and resources to handle these requests, it could bring your potential deal to a standstill and deter otherwise interested buyers.

How might housekeeping impact deals?

Housekeeping issues aren’t trivial. They include essential tasks such as ensuring that contracts and legal obligations are in order. Some items that can trip companies up are:

• Poor accounting. If your financial statements and records are not properly organized and presented, it reflects poorly on your management, and the due diligence process will likely take longer. Sloppy accounting errors could mean tax or legal issues after the deal closes.

• Neglecting key players. Buyers want to know that key employees will stay onboard once the sale is completed. Make sure your top performers are offered financial and other incentives to stay.

• Locking in contracts. Don’t renew an expensive vendor contract as you’re about to transfer ownership. Buyers don’t like long-term contracts they didn’t negotiate, particularly if they’ll be penalized for breaking them. Negotiate short-term contracts or push for favorable terms.

What are some common loose ends to watch for and resolve?

Leaving loose ends hanging won’t endear you to your buyer, as they could hinder integration and future profitability. Some common unresolved internal issues involve:

• Minority interests. Buying out minority investors or shareholders before a sale means the buyer won’t need to deal with their demands later.

• Employee controversies. An integration team doesn’t want to deal with open legal issues, for example, while trying to build a new culture.

• Copyright confusion. Make sure all patents, copyrights, trademarks and other intellectual property holdings are in order. If you’ve failed to verify and document ownership, you may risk the deal’s value.

Brian Reed is a partner in Transaction Advisory Services at Weaver. Reach him at (972) 448-6936 or brian.reed@weaverllp.com.

Blog: To stay current on audit, tax and advisory issues that may impact your business, visit Weaver’s blog.

Insights Accounting is brought to you by Weaver

Published in Dallas
Page 1 of 3