How to take ERM beyond risk identification and assessment

Social, technological and political changes, a global business environment and evolving regulatory demands have put increased emphasis on organizations to proactively identify and treat risks that impact their performance and even their survival. Yet efforts to initiate enterprise risk management (ERM) programs often result only in frustration.

“In many cases, ERM has consisted of creating a list of risks, prioritizing those risks and developing loose plans to mitigate them. The problem is that managers and executives often observe that the risks ‘identified’ had been known and adequately addressed,” says Marc I. Dominus, ERM Solutions leader at Crowe Horwath.

Smart Business spoke with Dominus and Jim E. Stempak, a principal at Crowe Horwath, about moving past identifying risks to implement an ERM program that produces results.

How is ERM defined?

One definition is from the Committee of Sponsoring Organizations of the Treadway Commission: ‘Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.’ The basic elements of ERM programs include:

  • Understanding risk and developing a repeatable process to establish acceptable levels of strategic risk; identifying, analyzing and prioritizing risks that are critical to achieving business objectives; and communicating the guidance necessary to allow management of risks that fall within accepted parameters.
  • A governance structure that aligns responsibility for oversight with responsibility for escalation.
  • Information systems to support decisions, monitoring and communication.
  • Recognition of how an organization’s culture affects its risk profile.

Why is an ERM program important?

A well-constructed program provides collective responsibility for risk management and produces a resilient organization protected from negative consequences of unexpected events. Timely and meaningful risk intelligence also allows leaders to make impactful strategic decisions that incorporate intentionally taking risk to achieve rewards.

Where do organizations fail in terms of implementation?

They generally start off well, identifying and prioritizing risks, but the executives and boards responsible for the programs may not provide clear guidance to the organization regarding how to apply the results. There’s no clear path toward implementation, and there may not be adequate initiative to support the culture shift necessary to sustain an effective process. The keys to successful ERM transformation include:

  • Confirm and refresh risk assessment results. Executive and management team members need to agree on the results, the definition of each risk and the criteria being applied to assess the risks. The risk inventory must be continuously updated.
  • Develop and monitor consistent risk treatment plans and processes. For each high-priority risk, uncover the root cause; establish a management strategy, such as to avoid, reduce or share the risk; and create a treatment plan.
  • Establish an enterprise risk policy, which articulates the program’s value and outlines the responsibilities, reporting requirements, methodologies and risk governance criteria.
  • Establish risk governance practices and structure, which guide how risk is prioritized and resources are allocated, based on risk culture, appetite and tolerance, and management capabilities.
  • Communicate and report information. Management, process owners and employees need to regularly receive ERM risk information to help oversee administration. Transparency is essential.

Once in place, an ERM program needs to evolve continuously with experience and experimentation. Today’s business conditions require flexibility and adaptability. A fully developed program provides a competitive advantage by allowing organizations to improve and protect their performance by confronting, exploiting and managing risk.

Social media: To learn more about Crowe Horwath’s risk services, find us on Twitter: @Crowe_Risk.

Insights Accounting is brought to you by Crowe Horwath LLP

How new standards will change government reporting requirements

Kevin Smith, Partner, Crowe Horwath LLP

Kevin Smith, Partner, Crowe Horwath LLP

Government pensions have received significant scrutiny over the past few years, and several studies indicate that the state and local government pension plans are severely underfunded, with cumulative estimates ranging from $1 trillion to $4 trillion in the U.S. New Governmental Accounting Standards Board (GASB) reporting standards will make the problem more apparent by making the shortfalls prominent on financial statements of the government employer. This transparency likely will drive increased scrutiny by legislatures, taxpayers, rating agencies and other stakeholders.

Instead of recognizing pension costs on balance sheets as annual expenditures based on a funding approach, government entities will need to address net pension liability — the difference between present value of projected benefit payments and investments set aside to cover those obligations.

“In some instances, reporting agencies could be required to show millions of dollars in new liabilities on their balance sheets and make sizeable adjustments to their income and expense statements as well,” says Kevin W. Smith, CPA, partner at Crowe Horwath.

Smart Business spoke with Smith about the new standards and how they will affect state and local governments.

How will the new standards take effect?

GASB Statement No. 67, ‘Financial Reporting for Pension Plans,’ and Statement No. 68, ‘Accounting and Financial Reporting for Pensions,’ take effect in fiscal years starting after June 15, 2013, and June 15, 2014, respectively. They replace requirements in GASB Statements Nos. 25, 27 and 50.

The fundamental change is that the previous standards did not require pension benefits to retired employees to be reported as a liability; employers disclosed an estimated amount of unfunded pension liability only in notes to the financial statements and in required supplementary information, but the net pension liability itself was not reflected on the balance sheet.

New standards require government entities to report the net underfunded pension obligations on financial statements prepared under the accrual basis — a statement of net position, for example.

Government entities also will have to adjust their estimate value of assets set aside to meet pension promises. Governments had been allowed to use an assumed long-term rate of return, with current rates of 7 percent or more as expected return on invested assets. If certain conditions are met, that will change to a blend between long-term rate of return and municipal bond rates, currently about 4 percent, which will have a significant impact on the projected liability.

How will local and state governments be affected by the change?

For many governments this ‘new’ liability will completely offset all of an entity’s net assets — similar to equity in a private entity.

Some cities, counties, school districts or special purpose governments might be affected by both new standards. As local government employers, these institutions must comply with GASB 68. If they administer pension plans for police, firefighters or others, they must adhere to GASB 67 plan administrator requirements.

The new standards spell out requirements for disclosing related information in the notes with the financial statements, which includes descriptions of plan and benefits provided, assumptions used to determine net pension liability and descriptions of benefit changes. Preparing these disclosures will take a significant effort.

What should be done now in anticipation?

The purpose of the new standards is to provide a clearer picture of financial obligations to current and former employees and to treat net pension liability like other long-term obligations. However, the standards might make government entities appear to be financially weaker, even though their financial reality is unchanged. Financial officers should be prepared to explain the situation to taxpayers, employees and other stakeholders. Management should take a proactive approach and begin now to explain anticipated changes to all stakeholders.

Local agencies also need to be ready to take on the extra workload that will be associated with the transition. The GASB is expected to release implementation guidance this summer that will clarify the next steps for state and local governments.

Kevin W. Smith, CPA, is a partner at Crowe Horwath. Reach him at (214) 777-5208 or [email protected]

Insights Accounting is brought to you by Crowe Horwath LLP

How the federal bank agencies have updated supervisory guidance

Dickie Heathcott, partner, Crowe Horwath LLP

Dickie Heathcott, partner, Crowe Horwath LLP

The federal financial institution regulators want to avoid a repeat of risky lending practices that contributed to the recent recession. New guidance sets higher standards for borrowers, including private equity firms and companies, seeking leveraged loans.

“This is a proactive move on the part of bank regulators to avoid some of the underwriting pitfalls that institutions encountered prior to the recessionary conditions we had going into 2007 and 2008,” says Dickie Heathcott, a partner at Crowe Horwath LLP.

Smart Business spoke to Heathcott about the guidance — which had a compliance date of May 21 — and what it means for borrowers and financial institutions.

What is the guidance, and do financial institutions have to adhere to its provisions?

Although a guidance isn’t necessarily a rule, it effectively becomes one in the field. Banks have to follow it because that’s what regulators are going to use when they examine the bank.

The guidance, issued by the Federal Reserve, Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC), covers transactions with borrowers who have a degree of financial leverage that significantly exceeds industry norms.
It focuses on sound, levered lending activities, including:
•  Underwriting considerations.
•  Assessing and documenting enterprise value.
•  Risk management expectations for credits awaiting distribution.
• Stress-testing expectations.
• Pipeline portfolio management.
•  Risk management expectations for exposures held by the institution.
The guidance applies to all financial institutions supervised by the agencies, but significant impacts are not expected for community banks because few have substantial involvement in leveraged lending.

Are there certain industries where leveraged lending is of particular concern?

Construction and development lending is being looked at very closely because of what’s happened in recent years. This type of lending is generally considered commercial real estate lending.

The OCC and the Fed released a white paper in April with findings from the regulators’ study of bank performance in the context of the 2006 interagency guidance, “Concentrations in Commercial Real Estate Lending, Sound Risk Management Practices.” That guidance established supervisory criteria for banks that exceeded 100 percent of capital in construction lending and 300 percent of capital in total commercial real estate lending.

According to the paper:
•  13 percent of banks that exceeded the 100 percent construction-lending criterion failed during the economic downturn from 2008 to 2011.
•  23 percent of banks that exceeded both the construction and commercial real estate criteria failed from 2008 to 2011, compared to 0.5 percent of banks that exceeded neither criteria.
•  An estimated 80 percent of losses in the FDIC fund from 2007 to 2011 were attributed to banks exceeding the 100 percent construction-lending criterion.

What does the guidance mean for businesses seeking loans?

Business owners can look for financial institutions to be very cautious in their underwriting. They will not have access to credit like they did in 2006, even though it seems that the economy has stabilized.

Regulators are being proactive; they can see that credit underwriting is loosening up. Quality deals are being priced so thin that financial institutions are looking at areas where they can make more profit, which, of course, brings additional risk.

From a financial institution standpoint, it’s becoming a very competitive environment again. That means pricing more thinly or a loosening of underwriting standards. Institutions may be willing to finance certain types of loans they would have pulled the reins in on completely three or four years ago. The guidance is about ensuring that to the extent institutions enter into leveraged financing again, they do so in a more prudent manner.

Dickie Heathcott is a partner at Crowe Horwath LLP. Reach him at (214) 777-5254 or [email protected]

Website: For more information on regulatory guidance for financial institutions, visit Crowe’s Regulatory Reform Competency Center.

Insights Accounting is brought to you by Crowe Horwath LLP

How to plan for year-end tax changes

Tom Tyler, Partner, Crowe Horwath LLP

Tax planning is even more uncertain and complex this year because of the number of tax changes scheduled to take place when the calendar flips to 2013.

“The expiration of the Bush-era tax cuts, the imposition of the Medicare surtax in 2013, whether or not certain tax provisions will be extended and President Obama’s proposed extension of the 36 percent tax bracket to married couples earning more than $250,000 adds a level of uncertainty to year-end tax planning not seen in years,” says Tom Tyler, partner with Crowe Horwath LLP.

Smart Business spoke with Tyler about potential tax changes and what business owners should do in preparation.

What are the Bush-era tax cuts, and what would be the effect of their expiration?

President George W. Bush cut individual tax rates to 10 percent, 15 percent, 28 percent, 33 percent and 35 percent, depending on a taxpayer’s taxable income, and reduced to 15 percent the rates for qualified dividends and capital gains. Taxpayers in the 10 percent and 15 percent brackets pay zero percent on qualified dividends and capital gains.

If Congress does not extend these rates beyond 2012, the new tax rates beginning in 2013 would be 15 percent, 28 percent, 31 percent, 36 percent and 39.6 percent. Dividends would no longer receive preferential tax treatment; instead, they would be taxed at ordinary income rates. Capital gains would be taxed at 20 percent — 10 percent for taxpayers in the 15 percent tax bracket.

In addition, President Obama has proposed extending the 36 percent tax bracket to adjusted gross incomes greater than $200,000 and $250,000 for single filers and joint filers, respectively. Note that adjusted gross income is determined before personal exemptions and itemized deductions; taxable income is determined after personal exemptions and itemized deductions. Absent the Obama changes, the 36 percent bracket would start at taxable income of $183,250 and $223,050, for single and joint filers, respectively.

What other tax changes are on the way in 2013?

The Patient Protection and Affordable Care Act added a 3.8 percent Medicare surtax beginning in 2013 for higher-income taxpayers. The tax applies to the lesser of a taxpayer’s net investment income or the amount by which the taxpayer’s modified adjusted gross income — adjusted gross income with foreign income added back — exceeds $200,000 in the case of a single filer or $250,000 in the case of a joint filer. Net investment income includes interest, dividends, royalties, rents, capital gains and passive income from trade or business activities. Higher income individuals with wages or self-employment income exceeding $200,000 for single filers and $250,000 for joint filers will see an increase in their Medicare tax rate from 1.45 percent to 2.35 percent.

For the past two years, the employee share of Old Age, Survivors, and Disability Insurance (OASDI) has been reduced from 6.2 percent to 4.2 percent. This rate reduction is scheduled to expire at year-end and will return to 6.2 percent. Employers that typically pay bonuses after year-end should consider accelerating the payment of those bonuses into 2012 for those employees below the Social Security wage base of $110,100.

Any other steps people should take before the tax rates change?

With respect to the tax rate increases and Medicare surtax, individuals might want to consider selling in 2012 appreciated capital assets that would generate long-term capital gains to take advantage of the 15 percent tax rate — zero percent for those in the 10 percent or 15 percent bracket. Loss assets could be held and sold in 2013 when the loss could be deducted at higher rates and result in increased savings.

If an individual controls a C corporation, consider distributing dividends from the corporation in 2012 instead of 2013, when the maximum rate on dividends is 15 percent instead of a potential rate of 43.4 percent — 39.6 percent plus 3.8 percent Medicare surtax. An S corporation that was formerly a C corporation and is considering distributing former C corporation earnings and profits could do so in 2012 to take advantage of the 15 percent tax rate on dividends.

Taxpayers also might want to consider repositioning their investment portfolios in light of these changes. Higher tax rates make tax-exempt investments more appealing. A shift away from dividend-paying stocks to nondividend paying stocks makes tax sense given the expiration of the favorable tax rate on dividends and the application of the 3.8 percent Medicare surtax to dividend income in 2013.

These tax saving ideas should be considered just one tenet of an individual’s overall investment plan.

Are deductions and exemptions going to change as well?

Unless extended by Congress, personal exemptions and itemized deductions will be subject to a phase-out beginning in 2013. Personal exemptions will begin to phase out at $267,200 of adjusted gross income for joint filers and $178,150 for single filers. Itemized deductions will be reduced by 3 percent of the amount adjusted gross income exceeds a threshold, projected at $178,150 for 2013.

Another uncertainty is the alternative minimum tax (AMT) exemption. Without congressional action, the exemption for 2012 would be $45,000 for joint filers and $33,750 for single filers. However, we are hopeful that an AMT ‘patch’ will be passed prior to year-end and increase the exemption. Last year’s exemption for joint filers was $74,450.

Tom Tyler is a partner with Crowe Horwath LLP. Reach him at (214) 777-5250 or [email protected]

Insights Accounting is brought to you by Crowe Horwath LLP

How a working capital hurdle in an M&A transaction can protect a buyer’s interests

Tom Vande Berg
Partner, Transaction Services Group
Crowe Horwath LLP

The purchase price in the majority of merger-and-acquisition transactions is calculated using a common formula: Multiply the target company’s earnings before interest, taxes, depreciation and amortization (EBITDA) by an agreed-upon multiple.

However, Tom Vande Berg, a partner with Crowe Horwath LLP’s Transaction Services Group, says a seller can juggle a company’s assets and liabilities before the deal is finalized in ways that reduce its future cash flows without affecting its EBITDA.

“This can lead to the purchase price staying the same, although the company’s future cash flows could be considerably different than what the buyer expected,” he says.

This is where a working capital hurdle can be used to protect the buyer’s interest in future cash flows.

Smart Business spoke with Vande Berg about working capital hurdles and how they can positively affect M&A transactions.

What is a working capital hurdle?

A working capital hurdle is a predetermined amount of working capital built into the purchase price of a business. It can be a specific amount or set as a range, and it can be adjusted up or down based on the actual working capital at closing. Working capital hurdles help protect the buyer from changes in the targeted company that don’t show up in EBITDA but that have the potential to reduce expected future cash flows.

The adjustment typically is dollar for dollar, but it could be derived from a tiered structure in which the purchase price would change by a predetermined amount based on available working capital when the deal closes.

What is the benefit of working capital hurdles?

A working capital hurdle attempts to include in the transaction the normal working capital needed to run the business. Without the protection of a working capital hurdle, the buyer could end up with less future cash flow than bargained for because it is possible for a seller to maintain its EBITDA but not deliver the promised mix of assets and liabilities.

A working capital hurdle also has noncash-flow benefits such as increasing the likelihood the seller will maintain normal course business relationships.

Assuming cash is excluded from the definition of working capital, a seller could manipulate its assets by aggressively collecting accounts receivable. If receivables are reduced ahead of the transaction, the buyer will not receive the expected future cash flow from them.

A seller also could liquidate inventories by reducing production and inventories for sale. When the buyer then takes over the company, it will have less inventory to sell and will need to incur higher-than-expected costs to rebuild inventory levels. Another possible detrimental action by the seller is slowing payments of accounts payable, which will leave the buyer facing higher-than-expected obligations when the company is acquired.

A working capital hurdle can pre-empt certain noncash-flow issues, such as any ill will that might develop among vendors if a seller stretches accounts payable ahead of closing. It can also help a buyer deal with other issues that affect a deal’s bottom line.

For example, consider a target company that does not maintain an accounts receivable allowance for bad debt. Say the buyer finds that the company should have reported an allowance throughout the year preceding the transaction. Adjustments made by the seller to provide for the allowance at the beginning and ending dates of the analysis period will make it look as if there was no net income effect, and both the EBITDA and the purchase price will not change. However, the balance sheet could overstate the asset balance for accounts receivable, which means it has also overstated working capital. Hurdles can include adjustments for such overstatements and would result in a lower purchase price.

Sellers can also benefit from a working capital hurdle, as it can create a higher purchase price for delivering working capital above the hurdle.

How is the amount of a hurdle determined?

Most often, a hurdle is calculated based on the average monthly adjusted working capital over 12 months. The asset or stock purchase agreement might, for example, define working capital as current assets (excluding cash), less current liabilities (excluding debt), less items that are excluded by definition in the purchase agreement plus/minus pro forma or due diligence adjustments determined during the financial due diligence analysis.

However, a 12-month analysis is not always appropriate because, for example, it might not reflect the company’s current working capital needs if it is experiencing substantial growth. If revenue has grown 75 percent in the second half of the year, it is likely that the working capital at closing will be higher than a hurdle calculated on a 12-month average, which would drive up the purchase price. In this case, the hurdle might best be calculated based on the most recent three or six months.

It is also important to note that 12-month hurdle calculations generally factor out seasonality, but working capital levels could swing significantly depending on whether the purchase is made in or out of season. During a peak-season purchase, working capital is likely to be higher than average, leading to a higher purchase price, while the opposite is true for an off-season purchase.

Like most points in an M&A transaction, the hurdle amount is open to negotiation.  However, the existence of the hurdle should usually be non-negotiable.

Tom Vande Berg is a partner with Crowe Horwath LLP’s Transaction Services Group. Reach him at (214) 777-5253 or [email protected]

Insights Accounting is brought to you by Crowe Horwath LLP

How banks can leverage regulatory compliance to add value to their business

Jim Stempak, Principal, Crowe Horwath LLP

Banks have been dealing with evolving regulations for as long as banks have been in existence. So while the Dodd-Frank Wall Street Reform and Consumer Protection Act has given some in the banking industry cause for worry, the critical issue is how institutions will evaluate the potential effect and cope with increased regulations. While some banks might buckle under the threat, others will adapt to the new laws and regulations without allowing the complexity and costs of compliance to become an impediment.

“Savvy institutions recognize that the key is aligning their adjustments with their business models and processes,” says Jim Stempak, a principal at Crowe Horwath LLP. “By integrating compliance with normal business operations, banks stand to extract greater value from their business processes.”

Smart Business spoke with Stempak about how banks can find opportunity in new and revised regulations where others find dismay.

What regulations must banks be prepared to deal with in the near term?

Compliance officers are struggling with the efforts of bank regulators as they implement regulations under Dodd-Frank. Banks do not know what to expect from future regulatory examinations or where examiners will focus, so those expectations remain a moving target.

Questions also remain about the range of authority of the Consumer Financial Protection Bureau (CFPB), the agency established by Dodd-Frank. All banks will be directly or indirectly affected by CFPB rulemaking. Some will be required to work with this new agency’s examiners, who will be conducting exams and assuming responsibility for consumer compliance regulations in certain banks (those with more than $10 billion in assets). The CFPB is in the process of bringing its employees up to speed on the agency’s mission. Banks, however, are waiting without clear direction regarding the scope and timing of the CFPB examination process and how the new agency will coordinate efforts with other federal bank regulatory agencies. Financial institutions will be forced to contend with this environment of uncertainty for quite some time. Meanwhile, there are some measures that banks can take now that will allow them to successfully navigate this changing environment.

How have banks historically coped with increased regulation while managing to stay successful?

As the dust settles on Dodd-Frank’s initial effects, banks can begin to see that successful adaptation comes down to taking a measured and systematic approach to integrating the requirements with normal processes, often using enhanced technology. However, a silo approach to compliance is unlikely to succeed. Saddling the compliance officer with the sole responsibility of adapting to this new reality is unrealistic. Instead, success requires that key managers throughout the organization get on board. Line-of-business managers, for example, will need to integrate Dodd-Frank compliance into their daily activities, while IT managers will need to adjust existing technology platforms to integrate processes that facilitate compliance, or possibly design entirely new processes and technologies.

History offers examples of how banks learned to turn difficult regulatory requirements into opportunities. Take, for instance, the Know-Your-Customer (KYC) identification programs required by Bank Secrecy Act (BSA) regulations. This mandated banks to catalog their customers’ banking activity to better identify suspicious behavior. To do this, some banks used the information they gathered to develop a profile of each customer.

Another, more effective, approach manipulated existing processes and technology platforms to better gather information while sending a message to each customer that outlined how the bank’s inquiries were intended to better understand each customer and provide him or her with personalized products and services. As a result, the customer experience was improved, new accounts were opened in less time and many cross-selling opportunities became available to the bank. The customer service enhancements were in addition to establishing a solid platform for efficiently and effectively complying with the regulatory requirements.

Similar to what was done for KYC compliance efforts, information obtained through Dodd-Frank mandated data collection also likely will provide opportunities for banks to use the information for marketing and other value-added opportunities. By ingraining the requisite activities in their existing processes, banks were able to successfully adapt to the regulations rather than treating them as if they were burdensome compliance activities.

How can organizations best cope with complying with these regulations?

To facilitate compliance with new or revised regulations, organizations should develop cross-functional teams that alert the organization to changes that are likely to be required or that are coming. Teams can begin to develop strategies for implementing new or revised processes and technology. This will necessitate involvement from thought leaders from all levels of the organization, rather than taking an approach focused solely on compliance. Teams should develop a client-focused experience that also improves product development and existing processes as they work to bring the organization into compliance.

When dealing with certain consumer lending regulations, the team should consist of management representatives from areas including mortgage origination, consumer lending, regulatory compliance, IT and marketing. Teams should coordinate efforts to monitor specific regulations that affect consumer financial products, analyze the customer’s fit with the product and deliver products fairly to all consumers. This is especially important considering CFPB will be carefully evaluating compliance with new and revised regulations for consumer financial products, including mortgage loans.

Every financial institution will be touched by the regulations and it is up to banks to take an integrative approach to compliance to make a smooth transition while positioning them to take a competitive advantage. This will allow them to comply with the regulations while simultaneously advancing their business.

Jim Stempak is a principal at Crowe Horwath LLP. Reach him at (214) 777-5203 or [email protected]

Insights Accounting is brought to you by Crowe Horwath LLP

How outsourcing tax functions can keep you compliant and focused on your core business

Tom Tyler, CPA, Partner, Crowe Horwath LLP

For many companies, tax accounting is not a core competency. However, even if you don’t have qualified personnel on staff, keeping sufficient controls over your tax processes is of critical importance. Recently enacted laws have put more pressure on company executives to certify that their company’s accounting reports are accurate, says Tom Tyler, CPA, a partner with Crowe Horwath LLP in its Dallas office.
“One of the most common reported weaknesses is in the area of tax accounting,” Tyler says. “Partnering with a firm that has the resources and does this day in and day out can help a company avoid a material weakness.”
Smart Business spoke with Tyler about how partnering with an outside agency to handle tax functions can help you stay compliant and keep your business focused on what it does best.

Why are companies outsourcing their tax function?

The outsourcing of a company’s tax function is due first and foremost to the fact that tax management is increasingly complex, particularly if you are operating in multiple states or multiple countries. Also, considering the many types of taxes — income, payroll, property, sales and use, value-added, transfer taxes — it is important to have expertise in each of those areas, which is not often found under one roof.
Furthermore, outsourcing your tax function frees up time that allows employees to spend their energy on issues related to the business’s core competency. Those who handle tax management are typically responsible for other aspects of a business, as well, so taxes don’t get all of their attention. In addition, some companies don’t want to hire additional in-house staff for what some perceive as a compliance function.

Outsourcing often refers to a job function performed outside of a company’s home country. Is this the case with tax outsourcing?

While some might see tax outsourcing as moving the preparation of tax returns overseas, that’s not really the most common case. Although it is certainly one form of tax outsourcing, what is more often meant is engaging a competent third-party provider to perform three related functions or some part of those functions: accounting for income taxes, tax planning and annual tax compliance, or tax return preparation. All of those activities are done domestically, not overseas.
Co-sourcing is another option in which specific tax areas are handled by a third-party provider, for example, sales and use taxes, or real and personal property taxes. Companies that have an in-house tax function, however robust, are often in a co-sourcing relationship for some piece of their tax planning or preparation.

Why would a company choose to outsource the accounting for income taxes?

For public companies, the answer can be found in the 2002 Sarbanes-Oxley Act. SOX requires both the CEO and CFO to certify that a company’s annual and quarterly reports filed with the Securities and Exchange Commission fully comply with certain requirements of the Securities Exchange Act of 1934 and that the reports fairly present the company’s financial condition and results of operations.
In addition, SOX requires companies to test their internal controls over financial reporting and correct any deficiencies or report them as material weaknesses. Tax accounting is an area most commonly reported as a weakness. To strengthen this area and ensure that your company remains in compliance, work with a firm that focuses on tax accounting as its primary business.
Privately owned companies can also benefit from outsourcing the accounting for income taxes. In the case of a growing business in which key employees need to focus their efforts on markets, product lines and other strategic issues, it makes sense to look externally for this expertise.
Accounting departments might be stretched thin and the CFO or controller is likely to wear many hats. The time that they can devote to the tax area may not be sufficient, and outsourcing can remove a time-consuming task, allowing efforts to be focused on the most strategic issues related to a company’s core competencies.
Turnover can cause a company to seek an outsourcing solution, particularly when the departing employee was the most qualified to handle this task. Temporary absences could also create gaps in expertise that could be filled by outsourcing.

When should a company consider outsourcing?

A company should consider outsourcing when it doesn’t have the technical skills or the resources to do the job in house, or when the costs to have a fully staffed tax function outweigh the benefits. In addition to salaries, consider the cost of benefits, software, hardware and training, among other things. The software costs alone might be prohibitive and at times can be as high as the cost of outsourcing.
Co-sourcing makes sense when a company doesn’t possess the specific skill for the function it wants to co-source. For example, a company that is acquisition minded might co-source the tax planning and compliance associated with acquisitions to a firm that has expertise in the mergers and acquisitions arena.
A company with personnel who possess the skills and technical knowledge regarding income taxes might not possess the skills to adequately comply with and plan for personal property taxes.

Tom Tyler, CPA, is a partner with Crowe Horwath LLP in the Dallas office. Reach him at (214) 777-5250 or [email protected]

Insights Accounting is brought to you by Crowe Horwath LLP

How banks can mitigate regulatory risk post acquisition

Dickie Heathcott, Partner, Crowe Horwath LLP

For banks involved in acquisitions, a changing regulatory landscape poses some potential pitfalls. The Dodd-Frank Wall Street Reform and Consumer Protection Act, enacted in the wake of the recent economic downturn, stepped up regulatory oversight of banks and created a new federal regulator, the Consumer Financial Protection Bureau (CFPB), to protect consumers from financial fraud.
Together, the CFPB and other federal regulators are actively enforcing a wide range of safety and soundness rules, anti-money laundering regulations and consumer rules at financial institutions.
“As consolidation continues, more banks are struggling to combine regulatory risk methodologies,” says Dickie Heathcott, partner with Crowe Horwath LLP.
“When banks combine through a merger, acquisition, or joint venture, the target bank is incorporated into a larger organization, which then assumes the combined regulatory risks, both known and unknown,” he says. The process is further complicated by the task of bringing together two separate cultures, governance structures, risk environments and control environments. In addition, the regulatory risk of the acquiring bank increases along with the range of products, services, customers and locations.
“Acquiring a customer base that is more cash intensive, conducts more international activity or that is geographically dispersed can increase the newly combined entity’s risk related to money laundering,” Heathcott says.
Smart Business spoke with Heathcott about how banks can meet the challenges of assessing regulatory risk in a combined entity by merging methodologies and establishing a foundation for regulatory risk assessments.

What processes should be combined in order to increase regulatory risk assessment efficiency?

Compliance executives need to establish a shared language by explicitly defining risk and risk tolerance levels. Doing so will establish a definition of terms such as ‘moderate risk’ so they are better understood by process owners in individual business units. Consistency should be established for categorizing or rating risk so the combined organization uses a single rating system to indicate its severity.
As part of restructuring the newly combined company, people and financial resources should be aligned with governance and oversight to synchronize responsibility and reporting for regulatory compliance requirements.

How can a newly merged entity keep abreast of its post-acquisition risk?

A comprehensive regulatory risk assessment conducted immediately following the combination establishes an institutional baseline for identifying and measuring regulatory risk consistently in the future. This helps the acquiring bank better understand the nature of the risks it has taken on and establishes a framework for an ongoing regulatory compliance program. A post-acquisition risk assessment should define the scope of risk. Each new customer type, territory, product and service gained through the acquisition represents new risk that must be recognized and managed. Identifying the spectrum of actual and potential exposure is necessary in order to ramp up compliance in new areas of business.
In fair lending regulators look at data that spans counties and ZIP codes to make sure institutions are investing credit dollars appropriately and are not engaging in predatory lending or redlining. If the acquired organization has been operating in underserved areas, the combined entity might have to build additional branches or expand community outreach initiatives in order to meet the requirements of the Community Reinvestment Act.
Also, the acquiring bank can create a comprehensive regulatory risk inventory that documents the defensible universe of risk that the organization faces. Banks can define and prioritize the subsets of risk in the inventory document that apply to the combined organization and that may need to be assessed, managed and monitored. Once an inventory is compiled, the controls that are in place to mitigate exposures can be assessed and scored for effectiveness using the common language of the combined entity.
Furthermore, regulatory risk assessments should be documented and shared across the organization to make enterprisewide risk transparent. The results can be distributed widely, including to the highest levels, to support strategic decisions. They can also be distributed to the business-unit owners and areas, such as the risk, compliance or legal function, that can best manage the risk.

What are the critical areas for which action plans need to be developed?

Now that the newly combined organization has isolated its residual risk — the exposure that exists after establishing mitigating controls — by conducting a regulatory risk assessment, plans can be developed to close control gaps and strengthen regulatory compliance focus and clarity on the highest risk priorities.
The regulatory risk of a lending product, for example, offered by an acquired bank in a limited geographic area, should be assessed for Community Reinvestment Act compliance by quantifying the number of loans affected and the total dollar value of the loans to determine the residual risk of the loan product. If this assessment determines that 400 customers representing $14 million in assets of an acquired money services operation presents too high a residual risk, the newly combined financial institution could divest those customer relationships. Conversely, if the relative risk of maintaining those customers is low, the financial institution might consider a plan for extending those relationships.
In developing a process for assessing regulatory risk, an acquiring financial institution builds the foundation for a sustainable and transparent regulatory risk management program that is able to overcome the differences between entities and straddle the complexities of combining them. Once in place, the risk assessment methodology can be used repeatedly and consistently to assess enterprisewide regulatory risk in a way that is useful to process owners and defensible to regulators and the board of directors.

Dickie Heathcott is a partner with Crowe Horwath LLP in the Dallas office. Reach him at [email protected] or (214) 574-1000.

Insights Accounting is brought to you by Crowe Horwath LLP

How businesses can take control of the opportunities that drive employees to commit fraud

Jim Stempak, Principal, Crowe Horwath LLP

In today’s economy, companies should be doing everything they can to prevent or eliminate temptation on behalf of their employees. Many employees are truly struggling financially and putting food on the table is a basic need for all of them. Where will the money come from? Many will look to the most ready source of cash: their employer.
“Knowing what might provoke an employee, even an otherwise lawful, ‘good’ person, to blur the line between legal and illegal activity is the key to fighting fraud effectively,” says Jim Stempak, a principal with Crowe Horwath LLP.
Smart Business spoke to Stempak about how businesses leaders can effectively limit any perceived or real opportunity for employees to commit fraud within their organization.

What drives employees to commit fraud?

Famed criminologist Donald R. Cressey first identified three elements — opportunity (including general knowledge and technical skill), pressure and rationalization — as the ‘fraud triangle’ to explain why people committed fraud. Cressey’s classic fraud triangle helps to explain many, but not all, situations.
Fraud is more likely to occur when someone has an incentive (pressure, like medical bills) to commit fraud, weak controls provide the opportunity for a person to do so, and the person is able to rationalize the fraudulent behavior.
Today’s fraudster is more independent-minded and armed with more information and access to corporate assets than was the perpetrator of Cressey’s era.
More technology, matrix organizations, performance-based pay and a corporate culture that celebrates wealth and fame have led to greater autonomy and authority to effect change across the organization. These differences support the need to expand the fraud triangle to a five-sided fraud pentagon, where an employee’s competence, or power to perform, and arrogance, or lack of conscience, are factored into the conditions generally present when fraud occurs.

How can a business address these driving factors?

With the changes to organizations listed above and employees’ increasing responsibilities in their respective roles, competence and arrogance are at an all-time high. Pressure is being generated both inside and outside the company at an ever-increasing rate. But of the five elements of fraud, the company has the greatest influence and control over opportunity. In fact, the company is almost entirely in control of the opportunity side of the triangle.
Opportunity for fraud to take place is marked on one end by controls — physical, logical, automated, manual, visual, etc. — and on the other end by management review, monitoring and reporting. Somewhere in the middle is separation of duties, reconciliations, internal audits, external audits, and all other means of checking the numbers on a regular, periodic and sometimes on a surprise basis. All of these control measures fall within the purview and responsibility of the company.

What common mistakes do businesses make when attempting to prevent fraud?

So let’s say all of the controls above are in place. The company contributes further to opportunity when the controls are not effectively implemented, executed and monitored. This is where most companies fall woefully short.
Controls that were effective for the way the company operated five years ago often become ‘false’ indicators of control due to system, process, procedural and organizational changes, and diversification of responsibility.
Many companies are doing such a poor job of managing opportunity that they unknowingly cause or contribute to many otherwise good people ‘going bad’ on the job. You need look no further than the Association of Certified Fraud Examiners (ACFE) 2010 Report to the Nation to see that this issue is supported by data from more than 1,800 actual cases of fraud. In the 2010 report, ACFE reported that ‘lack of controls, absence of management review, and override of existing controls were the three most commonly cited factors that allowed fraud schemes to succeed.’

What steps should companies take to limit the ‘opportunity’ for fraud to take place?

Companies should start with an enterprise-wide risk assessment.
Start with a control review. While the company may have wonderful controls in place, it may not be controlling its biggest, most common, or most obvious risks, or those unique to its business and/or industry.
In performing a risk assessment, there is a need for a common language or nomenclature, a process to identify and rate the risks, and the ability to determine mitigation strategies for the company’s chosen level of risk (risk profile). Management will want to invest the time necessary for thorough discussion of the risks and the rating, because this will drive the mitigation effort and investment.
With the risk assessment complete, compare the current controls in place to the risks that require mitigation and see where you stand. Obvious gaps will show up, which will require modification and/or redesign of your control environment, including new and specific control techniques.
Last, for companies of all sizes above 25 employees, implement a process by which employees, vendors and customers can access and report suspicious activity via a tip line. It may sound overly simple, but ACFE reports that occupational frauds are detected by tips more than any other means, including management review, internal audit and review of documentation. The tip line, and the awareness of its existence and use, is the primary way to limit the perception of opportunity in companies big and small.

Jim Stempak is a principal with Crowe Horwath LLP in the Dallas office. Reach him at [email protected] or (214) 777-5203.

Insights Accounting is brought to you by Crowe Horwath LLP

What businesses should know about the repeal of the new Form 1099 reporting requirements

Mike Pine, Senior Manager, Crowe Horwath LLP

In order to raise revenue without raising taxes, part of the Patient Protection and Affordable Care Act (PPACA) included some provisions that have had business owners up in arms since the act was signed into law last year.
Small businesses were facing mountains of paperwork, thanks to a requirement contained in the PPACA requiring them to submit Form 1099 to the IRS for all purchases of goods and services of more than $600 annually, regardless of what businesses were purchasing.
“With all the attention paid to this issue, businesses need to know the facts about the reporting requirement’s repeal, as this relates to most all businesses, including non-profits,” says Mike Pine, senior manager at Crowe Horwath LLP. “They should also be aware that there are still some penalties included in the PPACA relating to the repealed legislation that shouldn’t be ignored.”
Smart Business learned more from Pine about the repeal of the Form 1099 requirements in the PPACA and what it means for businesses.

What new reporting requirements were businesses facing with the PPACA?

Signed into law in March 2010, the ‘health care act’ contained a number of components that would have imposed a greater burden on businesses in terms of paperwork and cost. One of these mandates was the expanded Form 1099 reporting requirement, which was enacted as part of the Small Business Jobs Act of 2010, and was in addition to the 1099 reporting requirements imposed on taxpayers who receive rental income.
The additional rules included in the PPACA were going to require any business that made payments of $600 or more per year to any recipient, including payments made for property, to file Form 1099 for each recipient beginning after Dec. 31, 2011. Also, rules included in the Small Business Jobs Act would have required any business making payments of $600 or more to any service provider while earning rental income to file Form 1099 with the IRS and the service provider.
Naturally, businesses and members of the accounting community raised concerns about the additional time and effort that would be required of taxpayers if these requirements were enacted.

What does the repeal of the 1099 legislation mean for businesses?

In April of this year, the president signed legislation that repealed the new 1099 reporting requirements for payments made to corporations and for payments made for property. Basically, the 1099 reporting requirements are back to what they were before the PPACA and the Small Business Jobs Act, which most business are familiar with.
However, the increased penalties portions of the aforementioned legislation were not repealed, so the penalties are now much stiffer than they used to be.
Under the old rules, the penalties for failure to timely file a Form 1099 ranged from $15 to $50 per form, with an annual maximum ranging from $75,000 to $250,000, depending on how late the forms were filed. Under the new rules, the penalties per late filed Form 1099 range from $30 to $100 per form, with an annual maximum ranging from $250,000 to $1.5 million also depending on how late the forms are filed. In addition, the minimum penalty for each failure to file due to intentional disregard increased from $100 to $250.
The increase in the annual maximum should be a real concern to taxpayers. Some small businesses with average annual gross receipts of less than $5 million, however, may be able to take advantage of smaller annual maximum penalties ranging between $25,000 and $50,000.

How can businesses make sure they are avoiding undue taxes and penalties surrounding the PPACA and Small Business Jobs Act?

Because the penalties for failing to comply with these rules can get out of hand quickly, it is important that businesses either have a comprehensive understanding of these rules and procedures in place to ensure adherence to them or that they regularly consult with their CPA to do the same.

What else should business owners do to prepare for and/or mitigate risks associated with this issue?

Considering that taxpayers now face a maximum annual penalty of up to $1.5 million for late filing of Form 1099, this may be an area that businesses should revisit, especially if they have deemed in the past that the risk wasn’t material enough for them to make an investment in their compliance planning and adherence model. This is one of those areas in tax where it may save taxpayers a lot of money to spend the time and resources in advance to make sure they are in compliance of these rules rather than figure it out after it is too late and be stuck with a very large penalty due to Uncle Sam.
These are complex issues, and businesses should consult with a qualified CPA who is familiar with their industry and the steps they should take to avoid financial or filing burdens.

Mike Pine is a senior manager with Crowe Horwath LLP. Reach him at (214) 574-1042 or [email protected]

Insights Accounting is brought to you by Crowe Horwath LLP