How to manage risk and counter crises with a corporate response plan

The goal of any incident response is to minimize the impact of the negative event on the organization’s objectives.

This involves responding to the incident as quickly and efficiently as possible, making good decisions to limit further damage and repairing any damage that has been done. In order to accomplish this, an organization should have a corporate response plan (CRP) in place that is ready to go at a moment’s notice.

Smart Business spoke with James P. Martin, Managing Director at Cendrowski Corporate Advisors LLC to discuss the finer points of a corporate response plan (CRP).

What sort of events should be addressed with a corporate response plan?
Different organizations will have different risks depending on their operations. A CRP is a natural extension of the organization’s risk management process. Where the organization identifies a risk that has a high likelihood of occurrence, and a high impact if it were to occur, the organization should consider if a CRP would be useful in managing the risk occurrence.

Some hot-button issues today are frequently described in the newspaper headlines, such as cybercrime, fraud, business interruption, and other public relations disasters. An organization might have several CRPs, each designed to address a specific event type.

Why does an organization need a corporate response plan?
Risk management attempts to identify and mitigate risks. However, it is impossible to completely prevent risk occurrence or even to identify all risks facing the organization; this is why the organization needs to be ready with a plan.

The goal of the CRP is to make sure the organization has a mindset of preparedness and the basic tools that are essential to manage a risk occurrence when it does occur.

What are the basics for setting up a CRP?
Plans need to be developed to address the details of the organization’s response. When a risk actually occurs there will be no time for planning and coordination; this needs to be done up front. Consider who should be involved, both from a company perspective, and any outside experts that would be required.

Identify the types of information that will be essential in order to evaluate the extent of the threat and analyze an appropriate course of information. Consider procedures to ensure that data and information is adequately preserved and available for the CRP. Setting up the CRP involves deep planning around what tools will be needed for the specific threat type and proactively ensuring they will be available.

Who should be involved?
The Corporate Response Committee will tailor the CRP for the company situation and determine who should be involved with the operation of a response team. The team is responsible to go out and operate the CRP when an event occurs.

Of course, for IT security events, the committee should include members of the technology team. The members of the committee should be senior management such that they can authorize the CRP and provide members of the team with the authority to examine transactions and events on behalf of the committee.

What are the keys to success?
Planning needs to be done to progress from threat identification to a desired outcome: the organization needs to determine the acceptable end resolution.

This will also vary by threat type but should consider the overall goals of: 1) minimizing business impact, 2) resuming normal operations and 3) restoring any damage done. Consideration should always be given to the need for confidentiality.

For certain threats, such as a report that fraud has occurred, the CRP should involve confidentiality during the process to ensure that the investigation can proceed appropriately and to protect the rights of those parties that might be involved.

As with any other risk management activity, the CRP should also include an evaluation process at the end to evaluate the effectiveness of the response and identify improvements that should be made for the future.

Also, the risk occurrence and mitigation information should be used to check if prior risk evaluations for risk impact and likelihood ratings need to be updated. ●

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

How an experienced investigator performs background due diligence

When trying to learn about an individual, many companies turn to online background checks. However, this could be a mistake as much of the available information may not be fully verified, which is why many businesses turn to a licensed investigator to help provide a more complete and accurate picture.

Smart Business spoke with Theresa Mack, Senior Manager at Cendrowski Corporate Advisors LLC, about working with a licensed investigator to help your business uncover the information you need.

Why hire a licensed investigator?
Most online or database-driven background checks are actually ‘record checks.’ In other words, data from records are compiled and the quality of the source information is not thoroughly verified.

This cursory check may be sufficient in some cases. However, depending on the information found, the nature of the background check, the check’s intended use and the access to confidential/proprietary information that a potential employee may have, a complete background due diligence investigation by a licensed investigator may be warranted.

An investigator uses multiple resources to verify data accuracy and corroborate information. Thus, background due diligence investigations help reduce the risk of client reliance on false information.

How do investigators perform background due diligence activities?
An investigator generally works on a six-step methodology: prepare, inquire, analyze, query, document and report.

This methodology is highly applicable to background investigations. An accurate and comprehensive investigation is based upon existing, determined and verified information, leaving no rock unturned.
Investigators will tailor their activities to suit the needs of their clients, which typically include attorneys, businesses and individuals.

Client needs will define both the records checked by the investigator and the type of documents that can be released to the investigator and the client.

Where does an investigator begin?
An investigator often begins by examining open-source information, which refers to sources that are overt and publicly available. These are available through online data warehouse applications, which house data from disparate sources.

Open-source information includes public documents that are created throughout a person’s lifetime, allowing the investigator to follow a paper trail leading to a complete history of the individual being searched. These may include court filings, property tax documents, vehicle registrations and social media sources.

Open-source intelligence is a form of intelligence collection management that involves finding, selecting and acquiring publicly available information and analyzing it to produce actionable intelligence.

How does an investigator evaluate sources?
Any record is only as good as the chain of events involved in its creation. Online record checks simply provide information on an individual. Investigators go further by evaluating the veracity of the source data.

Record maintenance, storage and dissemination procedures can often impact the accuracy of the information. Typos, misprints and mistakes introduced by human error can also affect the accuracy of records. These latter items are often seen on personal credit reports, criminal convictions and even civil litigation histories. While these are official records, they can contain errors nonetheless.

Processes for updating records can also compromise the accuracy of information, as records are only as accurate as their frequency of updates. Some records are never updated and may provide stale data if the user is unaware of this underlying issue.

Finally, the method that data warehouses employ for acquiring information critically impacts information integrity. For instance, the provider may have purchased information from a secondary source. In such an instance, it is essential that the provider have accurate retrieval processes and is knowledgeable about handling special data items. An investigator evaluates each of these issues over the course of conducting background due diligence activities. ●

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

How enterprise risk management can impact a company’s value

Business operations are subject to a number of internal and external risks, as are ownership interests in businesses.

How organizations and their owners address these risks can have a significant impact on the value of businesses and interests therein.

An enterprise risk management (ERM) process involves identifying risks relative to an organization’s objectives, assessing them for likelihood and impact, developing a response strategy and monitoring progress. A well-defined enterprise management process framework can protect and create value for organizations and their owners.

Smart Business spoke with John T. Alfonsi, managing director at Cendrowski Corporate Advisors LLC, about how ERM processes can mitigate risk and increase a company’s value.

Where is risk addressed in a business valuation?
The most common method of valuing a business is the ‘income approach,’ which requires a valuation analyst to project a business’s future cash flows, then calculate the present value of the sum of these cash flows by employing an appropriate discount rate.

The valuation analyst must address risk in two primary areas: projected future cash flows and the discount rate. Effective ERM processes can help businesses increase value by affecting the estimates for these quantities.

How does risk impact projected cash flow?
There exists a risk that an organization will not achieve its projected figures. As such, the process by which management projects future cash flows can impact a valuation analyst’s assessment of the business.

A key risk in the process is information integrity, the quality of information generated through monitoring and data assimilation. Information integrity allows management to make well-informed decisions and should provide a valuation analyst with greater confidence in a business’s projections.

Valuation analysts can analyze information integrity by examining historical projections and assessing elements of the internal control environment.

A valuation analyst should also examine the variance between historical projections and a business’s actual performance. If a strong correlation exists, a valuation analyst can be highly confident in current projections, if the process employed by the organization remains constant.

If not, the analyst must examine the variance between the past projections and actual performance to discern whether bias existed in past estimates and current projections.

What about risks in the discount rate?
The discount rate is the yield necessary to attract capital to a particular investment, given the risks associated with that investment. A project with relatively high risk will require a relatively high yield to compensate an investor for bearing these risks.

In determining the discount rate, there are two sources of risk that need to be quantified: systematic and unsystematic.

Systematic risk is the risk one must bear for taking on a risky investment in the market. However, systematic risk is estimated by calculating the return to public equities due to availability of data. The ERM process has little impact on systematic risks unless the business’s performance is heavily tied to market performance.

Unsystematic risk is sometimes broken down into two components, industry risk and company-specific risk. Industry risk reflects the risks identified with the industry in which a business operates.

Company-specific risks encompass all other risks, including size, depth of management, geography of operations, customer and/or vendor concentration, competition and financial health.

How can ERM processes mitigate company-specific risks and increase value?
An ERM process should quickly gather and assimilate high-quality information for use in the organization’s decision-making process, allowing the organization to rapidly assess the impact and likelihood of risks associated with changes in its internal and external environments.

Early assessment and mitigation can help preserve value and capitalize on risky events when competitors do not react as swiftly to environmental changes. ●

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

Improving your cash flow through effective tax planning

If you have an interest in real property as an owner or tenant, a cost segregation study may be one of the tools to increase your cash flow or help manage your tax liability.

“These studies have saved both businesses and individuals hundreds of thousands of dollars,” says Walter McGrail, Principal at Cendrowski Corporate Advisors LLC.

Smart Business spoke with McGrail about these studies to better understand how companies might best utilize them.

What is the focus of the analysis?
A cost segregation study identifies and reclassifies personal property assets to shorten the depreciation time for taxation purposes, which reduces current income tax obligations.

The primary goal of a cost segregation study is to identify all construction-related costs that can be depreciated over a shorter tax life than the building.

Generally speaking, personal property assets identified in a cost segregation study might include items that are affixed to the building, but do not relate to its overall operation and maintenance.

What are the phases of the study?
The process will usually begin with a meeting between management and the firm conducting the study.

During the next phase, or the scope phase, the engineering professionals and tax accountants walk through all areas of the property with a site representative to develop a general overview.

Engineers also examine the architectural renderings or blueprints to produce an in-depth analysis. In addition, a review will be done on any construction contracts, capital expenditure budgets and reconciliations.

Next, the tax accountants take the engineers’ work and put it in format acceptable to the IRS. A report with documentation supports how the cost recovery was arrived at and takes into account any stipulations on allocations.

How is the amount of benefits determined?
First, the benefit is dependent upon the income tax savings generated from depreciation deductions claimed for income tax reporting purposes.

The costs incurred by a taxpayer in any capital expenditure program or property acquisition are recoverable as deductions in arriving at federal and state taxable income. Costs attributable to depreciable assets generate annual depreciation deductions reducing taxable income.

Second, the tax savings occurs for both federal and state income taxes. Depreciation deductions generally result in tax savings of approximately 40 percent of the deduction claimed.

Third, cost segregation studies identify categories of costs that have a shorter cost recovery period for income tax.
The actual savings is the reduction in current tax payments with resulting increases in taxes payable in subsequent periods, i.e., the ‘time value of money’ attributable to a sound treasury cash management program.

As with any treasury cash management program, a businesses’ cost of capital is the appropriate discount rate to measure the ‘present value savings’ of deferring cash charges for income taxes.

The higher an entity’s cost of capital, the more significant the present value savings attributable to deferring such tax payments.

What are the benefits of this study?
These studies have helped maximize tax savings and increase cash flows on current, future or past property purchases by maximizing tax deferrals.

Put another way, the benefit is the ‘present value savings’ attributable to the deferral of income taxes achieved via the acceleration of depreciation deductions resulting from shorter cost recovery periods identified during the study.

Generally, the depreciable tax life of most commercial buildings is 39 years. Recovery periods for personal property and land improvements range from five or seven and 15 years.

A cost segregation study identifies items that can be classified properly into categories with shorter tax recovery lives, which allows individuals and businesses to save hundreds of thousands of dollars through effective tax planning and improve cash flow. ●

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC.

Learning what your organization is really worth can bring dividends

The value of a business is commonly a large portion of its owner’s net worth. Understanding what the business is really worth, or could be worth, allows an owner to make important decisions regarding key issues like retirement, estate planning and choosing a business successor.

A frequent question owners ask is, “What is my business worth?” The answer is not necessarily what the assets would sell for — a common misunderstanding of owners.

Smart Business spoke with James F. Schultz, principal at Cendrowski Corporate Advisors LLC, about how the sale value of a business is properly determined.

Learning what your organization is really worth can bring dividends

The first step is to hire an independent valuator to determine the realistic sales price of the business. This important step should be done by a professional experienced in merger and acquisition processes and in valuation analyses. The valuator will look at the business and use the standard valuation approaches of asset, income and market to estimate the enterprise value of the business.

For most operating businesses, the income and/or market approach will have the most influence in estimating the sale value of the business. Research is needed into the industry of the business to find trends and key economic factors driving profitability.

Next, a look at sales of comparable businesses in the industry can provide various multipliers of income factors that can be applied to the business. If comparable sales are not available, estimating proper investment returns on income based on risk/reward analysis will estimate value.

When applying the income approach, it may be necessary to identify synergies/cost savings created from the sale. This will enable the valuator to establish investment value (to an acquirer) rather than fair market value (to a hypothetical purchaser).

In cases where the return on investment is low and/or little labor is involved, the asset method may be more applicable.

What happens after the enterprise value is estimated?

The next step is to estimate what the purchaser will actually receive from the seller. Most sale transactions today are structured as asset sales rather than stock sales. In an asset sale transaction, specifically identified assets and liabilities of the selling company will be transferred to the purchaser. The purchaser will require all the fixed assets necessary to run the business, which can range from computer systems to manufacturing machinery.

In addition to the fixed assets, the purchaser acquires various intangible assets and rights relative to trade names, patents, goodwill, occupancy/lease rights, client lists and vendor lists, to name a few. The more difficult item to quantify is the level of working capital that the purchaser will require as part of the sale transaction.

The purchaser is looking to acquire an operating business and the necessary liquidity to allow the business to continue to operate in a smooth fashion without requiring additional equity amounts.

The items typically included in working capital are accounts receivable, inventory and accounts payable. The net value of those amounts need to provide a liquid cushion to continue business operations. The sale negotiations will normally determine the appropriate level of liquidity, and an adjustment of the purchase price may be required if the level is not met or if there is an excess when the sale closes.

In most cases, the purchaser will not assume liabilities other than trade payables.

After estimating the purchaser’s requirements, what are the final steps?

The final step is to analyze the existing balance sheet of the company for items that will not be transferred to the purchaser. This typically consists of cash, investments and other non-operating assets on the asset side, and all liabilities excluding trade accounts payable on the liability side. The net value from the combination of the aforesaid items is then added to/subtracted from the enterprise value. The result of that computation is the estimated net sale proceeds of the business.

In order to determine what the owner will be able to put in the bank, an estimate of the income taxes related to the sale transaction should be calculated. That amount is subtracted from the estimated sale proceeds to determine the after-tax cash available to the owner.

Accounting is brought to you by Cendrowski Corporate Advisors LLC

 

What you and your business can do to protect against cyberattacks

With all the headlines about massive security breaches at the IRS, major retailers and social media sites, it is easy to think of cyberattacks as a problem solely impacting large organizations.

In reality, small organizations and even individuals can be the victims of an attack. While it is practically impossible to completely eliminate the risk of cybercrime, there are several simple actions you can take to reduce the risk.

Smart Business spoke with Jim Martin, Managing Director at Cendrowski Corporate Advisors LLC, about what you and your company can do to protect yourselves.

What can a person or small business do about the threat of cyberattack?
As cyberthreats evolve, the methods of protecting individuals and businesses need to evolve as well. Cybersecurity should be an ongoing cycle to identify risks, work to mitigate that risk, monitor for intrusions and new threats, and respond and recover from actual attacks.

This needs to be an ongoing process as new threats emerge, rather than a one-time review. The same principles can be applied to a cybersecurity program for an individual or small business.

It’s critical to remember that our home and business lives are increasingly interconnected. Even if you don’t do much more on your home computer than check email and shop, you might still be downloading and storing information inadvertently.

For example, if you check your work email on a home computer, and open attachments, you likely have a history of correspondences and copies of the attached documents, even if you didn’t save the files.

Similarly, if you use your work computer to enter your bank account information to check your balance, or use a credit card for online purchases, residual data may be saved.

Most internet browsers will offer to save passwords for websites you visit and these are also stored on your machine. When you start to think about your actual use, you will likely find that the computers you access contain all sorts of sensitive data.

What about a person’s smartphone?
Phones and mobile devices also store file and password data, and should be used cautiously and protected. Also, be aware of cloud backup and sharing platforms as they can propagate files across all the devices on the same cloud account.

Your work might have a Bring Your Own Device (BYOD) policy that describes the limits of data you can access with your device, which should be followed rigorously. Your mobile devices should be configured with a passcode or other ID to prevent others from accessing data if the device is lost.

If possible, your device should be encrypted to prevent more intrusive methods of accessing your data.

What are some warning signs that should be noted?
Monitoring is a big part of any effective cybersecurity plan. It’s important to be aware of changes in the way your devices operate.
If you notice popup windows (especially those asking for password information), redirection to strange websites while you are browsing, or extremely slow processing it might mean you have malware infections.

While many of these simply push advertising, they all have the potential to do a lot of harm — or install other malware that could do harm. Anti-virus and anti-spyware programs can remove these malware applications, or a specialty computer support company can help.

Registering your anti-virus program with your email account can be helpful for monitoring and anti-virus companies send out frequent alerts about new types of attacks. Professionals who operate in high risk environments should consult with a security firm for in-depth assistance as part of a personal risk assessment.

For example, attorneys involved in high-profile litigation, attorneys involved with law enforcement or those who frequently access confidential documents at home are at greater risk.

Basic awareness of the risk of cyberattack to personal computing devices can greatly reduce the risk of an attack, and the impact should an attack occur. It is every user’s responsibility to ensure the safety and security of the data they maintain on their personal devices. ●

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

How best to open the door when the government comes knocking

Missteps in the days immediately following the launch of a governmental investigation can have costly and far-reaching consequences. Organizations need to plan ahead and be prepared.

Cooperate, be honest and forthcoming, have a complete and total understanding of your company and be sure to communicate with your employees. Firms need to have a set of proper procedures and processes in place early in order to avoid any scrambling.

Smart Business spoke with Theresa Mack, senior manager at Cendrowski Corporate Advisors, to discuss what your firm should do if it becomes subject to a government investigation.

If a company is facing a government investigation, what are the first steps?

A firm often learns it is going to be the subject of an investigation when an agent either serves a search warrant or requests an employee interview. There is no time to prepare for these, which is why your firm needs to have standard processes in place to handle these situations.

One of the most important steps after being informed of a governmental investigation is the preservation of documents. Once a firm has been notified of the investigation, its counsel should issue a written directive, a preservation memo, to everyone in the company telling them not to destroy any documents.

This written directive applies to all offices and branches of the company worldwide, not just the physical location where the investigation started. Do not destroy or delete anything that could be perceived as important to the investigation. If the investigation leads to a trial and the destruction of documents comes to light, there can be dire ramifications.

In these types of investigations, everything eventually comes to light. Firms must be especially careful about the inadvertent destruction of documents. Many servers automatically delete stale emails or documents housed in electronic storage areas. If any employees are leaving the company, their records should be maintained rather than deleted.

This will likely require informing a firm’s IT staff about the investigation to ensure none of the former employee files are deleted. Firms can go one step further and have IT staff back up everyone’s data, so even if people delete documents on their machines, a copy will be preserved elsewhere.

How do you know where your company stands during an investigation?

First and foremost, cooperate with the investigation. Your counsel should be in contact with the prosecutors. Be responsive and timely, and ask any questions you may have. Make sure you ask what your status is in the investigation, as all companies and individuals fall into one of three categories: witness, subject or target.

A witness is not yet under suspicion but may have information of interest. A subject is someone whose conduct is within the scope of the investigation, but it is uncertain that any crime has been committed. A target is someone whom the prosecutor has substantial evidence linking him or her to the commission of a crime and who, in the judgment of the prosecutor, is a likely defendant.

Listen to the terms that the prosecutor or investigator is using and have your counsel inquire as to the status of the investigation where appropriate. Some prosecutors are more willing to discuss the investigation than others.

Some will provide ‘non-target’ or ‘non- subject’ letters to the individual upon request. This request is often made before someone will submit to an interview, assuming that he or she is not a target of the investigation. This letter, when obtained, provides a level of comfort to the interviewee and allows for a more cooperative and informative interview.

Should a company make a public statement if it is under investigation?

Some companies will want to send out a press release right away to show that they are on top of things, but firm executives and board members should first weigh their options. Will coming out to the public impact the company’s value and or stock? Are you sure that the investigation will not lead to charges?

Often an investigation ends with minimal evidence and the case is closed before it can go to court, so consider not speaking too soon. However, if you do decide to disclose the investigation, ensure everyone in the company is on the same page.

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

What you need to know to protect your business from a cyberbreach

In today’s complex business world, cyberthreats are becoming more prominent.

As dependence on computer systems continues to grow, so does the threat for data and security breaches. Cybersecurity encompasses all the processes involved in protecting data that is stored or transferred between computer systems, networks and programs.

Smart Business spoke with Michael Maloziec, an accountant at Cendrowski Corporate Advisors LLC, to discuss the risks associated with cybersecurity and what your organization can do to protect itself.

What impact can a cyberbreach have on an organization?

A cyberbreach can have a varying degree of impact, ranging from minor inconveniences all the way up to compromised customer data and lost information. Kaspersky Lab’s IT Security Risk Survey 2014 found that damages from one successful targeted attack could cost a company as much as $2.54 million in repairs. Cybercrimes are continuously evolving and businesses need to take a proactive approach to ensure protection from unauthorized users.

Who is vulnerable to a cyberattack?  

Any organization with an internet connection could be susceptible to an attack.

The level of security needed depends on what sensitive information your organization possesses. Obvious high-risk information includes anything from credit cards, bank account information or even Social Security numbers, amongst other important data. Different organizations will face different risks depending on their industry and operations. It is impossible to completely prevent cyberattacks or even identify all the possible forms of cyberrisks because of their changing nature.

By implementing a cyberrisk management plan ahead of time, you will be better prepared for any risks that could arise.

What steps are involved with a cyberrisk management program?  

The five steps present in every cyberrisk management program are: identify, protect, detect, respond and recover.

The first step would be to identify and catalog the critical data within your organization. Employees should have an understanding of what critical data impacts their business. This also includes identifying key infrastructure and security assets.

Improve protection by managing access to systems. Implement policies and standard procedures, verify system backups and hold regular staff training. Continuous monitoring of the network and threat environment will aid in the detection of unauthorized actions and programs. In order to adequately respond to a suspected attack, organizations should proactively test their response plan and identify the root cause of each incident.

This includes applying procedures to contain the incident and mitigate damages as efficiently as possible. The final step of a cyberrisk management plan would be to learn from an attack and update your recovery strategies based on evolving best practices. Installing a cyberrisk management program can greatly reduce your risk to any threats or breaches.

What can organizations do to help prevent being the victim of a cyberattack?

The first step would be to become familiar with some of the known risks. Hackers try to gain access into your computer system from the outside through a weakness in the programming or software.

Malicious code or malware are specific codes sent out to gain access into your system. Malware requires an action from an existing user in order to take effect. Many attacks are disguised as email attachments or links to a specific Web page. Once a user opens the attachment, or visits the Web page, access could be granted to that computer or even your entire system.

To protect your business, keep your systems and software up to date. Replace old operating systems (like Windows XP), apply software updates and patches as soon as they become available and keep your antivirus software up to date.

Regular testing of firewalls and server settings will help keep unauthorized users out. Also, educate your staff about the risks of opening suspicious emails or attachments. If you use laptops or other portable devices, use encryption, and be sure to educate the users of those devices about their responsibility to keep them physically secure.

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

How to protect your business from being a victim of corruption

An article entitled “Confronting Corruption” by Ravi Venkatesan, published by McKinsey Quarterly in 2015, discusses illegal and corrupt business practices. There is an increasing response in the U.S. and developing markets against corporate wrongdoing, including new legislation and government officials boldly taking a public stance against fraud and corruption.

“Governments are strengthening existing legislation such as the U.S. Foreign Corrupt Practices Act (FCPA) and the U.K. Bribery Act,” say Natasha Perssico, Forensic Accountant, and James F. Schultz, Principal, at Cendrowski Corporate Advisors LLC.

Smart Business spoke with Perssico and Schultz about anti-bribery and corruption matters covered in that article.

What sorts of actions are considered illegal or corrupt?
Payments for bribes used to secure an improper business advantage in obtaining or retaining business such as payment for regulatory approval of a product, reduction of taxes, or to avoid customs duties, are a few examples.

Speed money, or ‘grease payments’ are payments made to government officials or employees in the private sector to prevent undue delays in conducting business.

Other examples are employees who perpetrate financial reporting fraud to meet financial performance expectations or accept personal rewards such as kickbacks from vendors, advertising agencies, or commissions on real-estate transactions or machinery purchases. Another common practice is accepting deposits in overseas bank accounts upon successful business transactions.

What preliminary steps do you recommend to clients to avoid illegal actions?
Establish strong, unified internal controls over financial reporting and operational policies and procedures on a company-wide basis. Ensure compliance with laws and regulations regarding potential illegal acts for each operation line and geographic segment, regardless of the amount of revenue that is brought in from any segment or region.

What is the best course of action for top management to follow?
Enforce zero tolerance from the top. Too many companies emphasize meeting performance metrics, with insufficient attention to the company’s commitment of meeting goals and objectives within an ethical framework.

Support anti-bribery laws, speak out against corrupt practices in your industry and explicitly acknowledge any loss of business that results due to adherence to ethical principles. Ensure that every employee in every part of the world is utterly clear about what conduct is acceptable and what is not.

What recommendations would you make to avoid employees’ improper acts?
Train employees to be fully informed of unacceptable behaviors.  Have a formal code of conduct that is clearly and frequently communicated to employees, customers, vendors and business partners.

Additionally, foreign employees, vendors, and managers need to be trained to be both familiar and compliant with global laws such as the U.S. FCPA.

There should be clear policies, procedures with approval processes, stringent controls and regular internal audits of high-risk areas.

Respond to instances of fraud and corruption quickly and be prepared to investigate the issue immediately. Fair and decisive action should be taken that clearly communicates that fraudulent behavior is unacceptable.

What are the risks of taking a strong stance against corruption?
Be prepared for short-term repercussion.

While an unwavering commitment to ethical business practices is necessary to establish a strong reputation of high ethical standards, refusing to participate in bribery and corruption may result in certain short-term repercussions, including declines in business, missed budgets, increases in the length of time the company has to wait for approvals or other business processes, and possibly, angry responses from officials who are seeking bribes and other facilitation payments. ●

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC

A look at what you need to think about if you’re considering an ESOP

The term ESOP is an acronym for an Employee Stock Ownership Plan, a qualified retirement plan. Just like any other qualified retirement plan, the sponsoring company makes tax deductible contributions to the ESOP for the benefit of the employees.

Unlike other plans, these contributions are used to acquire stock in the employer company. An ESOP provides an exit strategy for the company’s shareholders.

Smart Business spoke with Walter McGrail, a principal at Cendrowski Corporate Advisors LLC, regarding the benefits of adopting an ESOP in your business.

What are the benefits of adopting an ESOP?

There are several benefits to consider when deciding whether to adopt an ESOP.

Most people think of the tax considerations as the employer receives a deduction for making contributions to an ESOP just like it would if it made contributions to a 401(k) plan. Employees can continue to make tax-deferred contributions to the ESOP just like a 401(k). Owners of C corporations can completely avoid income tax on qualified sales of stock to an ESOP.

Sponsoring employer companies are able to shelter earnings from income tax. Aside from tax benefits, the single most influential consideration in deciding whether to adopt an ESOP is that an ESOP stands ready, willing and able to buy shares of your company.

A company doesn’t need to identify potential shareholders or a market through brokers. If a company has an employee workforce in place, it has a potential buyer for its shares.

How does an ESOP work?

An ESOP is established by the employer company.

The company’s shareholders sell their shares to the ESOP. The selling shareholders can provide seller-financing for all or a portion of the purchase price.

To the extent that the sponsoring company has access to bank financing, the company can borrow funds to loan funds to the ESOP to either pay down, pay off or, in some cases, completely pay the purchase price.

The ESOP repays the company loan or the seller financing or both with the proceeds from the tax-deductible contributions made by the employer. This is often referred to as the company receiving a tax deduction for the repayment of the loan used to purchase its shares.

The ESOP may own 100 percent of the company or own company shares along with other continuing shareholders. The ESOP is represented by a trustee, who is a fiduciary, acting on behalf of the employees’ interest in the ESOP.

How much does the ESOP pay for the company’s shares?

The purchase price paid for the shares is based on an independent, third-party appraisal.
The appraisal is conducted on behalf of the ESOP and based upon such valuation, the ESOP acquires the shares. The appraised value will reflect the market value of the shares sold.

How do I find out more about ESOPs?

An ESOP involves several parties like any other sales transaction. As discussed, the ESOP will need a trustee.
The trustee will need legal and financial counsel, including an independent valuation provider. The company and the exiting shareholder require quality legal and financial advice as well.

Leveraged ESOPs require a bank or other lending institution. As with any other qualified plan, the company will need a plan administrator.

When it’s all said and done, the most important person to the company and its shareholders is an experienced ESOP facilitator.

You want to work with a professional that possesses the expertise to lead a company through the ESOP adoption process, as well as the share sale process. A strong firm can also provide qualified valuation analysts to assist with the valuation process. ●

Insights Accounting is brought to you by Cendrowski Corporate Advisors LLC