Portland Revenue Bureau Announces Business Tax Amnesty Program

Posted on May 16, 2012 by Amber

The City of Portland Revenue Bureau has announced a new business tax amnesty program.  The program was put in place to encourage businesses who owe back taxes to come into compliance.  The amnesty program will allow businesses to pay their current tax liability with a full waiver of penalties and a 50 percent reduction in interest for qualifying businesses.  This one time business opportunity will be available to Portland and Multnomah County businesses from May 15, 2012 to July 16, 2012.

The City of Portland and Multnomah County asses a tax of 2.2% and 1.45% on net profit for businesses operating in their jurisdiction respectively.  The revenue generated helps pay for police, fire protection, parks, and health and human services in the community.  Portland City Council will also consider an ordinance on May 9, 2012 that will keep the identity of the businesses who apply for the program confidential. 

More details regarding the amnesty program are available at www.portlandonline.com/amnesty .  Businesses can also call the “Tax Amnesty Hotline” anonymously at 503-823-6881 for additional information.  Also, feel free to contact Jared Siegel, or Tim Filkins, to learn how Delap may be able to help implement tax planning strategies for your Portland or Multnomah County business.

Share
Posted in Business Best Practices, News & Updates, Resources, Tax Strategy | Leave a comment

Still Confused About the Transition from SAS 70 to SSAE 16 and the SOC Reports?

Posted on March 2, 2012 by David W. Buchanan, CPA, QSA, CEH, CCNA, CTGA

Well, you are not alone.   What is a SOC report and why did the AICPA change anything in the first place?  To start off with, a Service Organization Controls (SOC) report is a report brand, not a standard.  Previously, SAS 70 reports were being used for everything from their intended purpose (report on a service organization’s internal controls relevant to a user entities’ financial reporting) to piecemeal reports on non-homogeneous topics that would be used as a marketing tool (never the intent of SAS 70).  A user entity is defined as any organization that is utilizing services provided by a service organization.  You probably have seen companies claim that they are “SAS 70 certified” on their websites.  However, there has never been a SAS 70 certification and SAS 70 reports were never “general use” reports to be used as marketing tools; instead, SAS 70 reports were restricted to specific audiences.  With the new SOC reports, we now have options depending on who our intended reporting audience is, what the subject matter will be, and what the intended use of the report will be.

Here is a brief overview of the new SOC reports:

Report Name SOC 1 SOC 2 SOC 3
Underlying Standard SSAE 16 (formerly SAS 70) AT 101 AT 101
Report Restrictions Restricted Use General Restrictions General Use
Intent of Report Reports on internal controls relevant to a user entities’ financial reporting Reports on operational, regulatory, or compliance related controls Reports on operational, regulatory, or compliance related controls

For the first two SOC reports, there are two report types each: Type 1 and Type 2.  The primary difference is if you want a report that not only opines on the suitability of control design, but also on operating effectiveness, you want a Type 2 report.   The second major difference between a Type 1 and a Type 2 report is that a Type 1 report renders an opinion as of a specific date, while a Type 2 report additionally renders an opinion on the operating effectiveness of controls during a period of time.

Let’s look at a few examples.  You work for a datacenter that provides cloud data backup services for its clients.  One of your clients is undergoing an audit of their financial statements and the client’s auditor asks how they can be assured that the client’s data is secured.  In turn, the client then calls you and asks for some type of assurance that you are protecting their data in a secure and compliant manner.  You know that your company has strong controls in place to protect data; after all, data is your business!  In this situation, the service being provided is not about controls over financial reporting, but about the privacy of the client’s data being housed on your company’s servers.  Let’s assume the client does not want to use the report as a marketing tool.  Since the client is requesting assurance solely to provide it to their financial statement auditor and will not be using the ensuing report for marketing, the best report type is a SOC 2 report.  Most likely you will want to obtain a SOC 2 – Type 2 report to obtain reasonable assurance over the design and operating effectiveness of your company’s controls. 

For another example, let’s choose a company providing payroll services.  The service being provided is highly relevant to a client’s financial statements and the client will want assurance that there are strong controls in place over the financial services being provided.  In this situation, a SOC 1 report would be the best fit.  Once again, a SOC 1 – Type 2 report will provide additional value by providing an opinion regarding the design and operating effectiveness of internal controls over the payroll services. 

It is important to note that, while SOC 1 and SOC 2 reports are restricted use, companies can register with the AICPA to use the SOC logo.  This logo can be used to show your clients and partners that your company undergoes the SOC reporting process. 

As a final example, let’s look at a situation where a small company wishes to obtain a report that can be used as a marketing tool.  The only report that allows for unrestricted use and distribution is the SOC 3 report.  This reporting program is managed through a partnership between the AICPA and the CICA (Canadian Institute of Chartered Accountants).  The report is based off of the AICPA Trust Services Principles and Criteria.  A special seal may be granted to an organization by CPAs that are licensed by the CICA.   For more information on the SOC 3 seal and its permitted use, please click here.

All SOC reports must be performed by properly licensed CPAs.  For more information from the AICPA on SOC reports and how to leverage them properly for your business, please click here.

As always, if you have more questions after reading this article, please feel free to contact me and I would be happy to work with you on clarifying these new options!

Share
Posted in Business Best Practices, News & Updates, Resources, Uncategorized | Tagged , , , | Leave a comment

Framework for Business Tax Reform

Posted on February 27, 2012 by Jared Siegel

A reduced corporate tax rate, elimination of many business tax preferences, a new minimum tax on overseas profits, and much more are all part of President Obama’s recently released Framework for Business Tax Reform (the “Framework”). The much-anticipated blueprint of the administration’s plans for corporate tax reform was unveiled on February 22, 2012 in Washington, D.C. For details please see the CCH Tax Briefing: PRESIDENT’S FRAMEWORK FOR BUSINESS TAX REFORM

Share
Posted in News & Updates, Resources, Tax Strategy, Uncategorized | Tagged , , , , | Leave a comment

One, Two, Too Many

Posted on February 20, 2012 by Jared Siegel

What I love about my job is the opportunity to learn from some of the Northwest’s brightest business leaders.  Just like a great teacher’s ability to simplify a complicated topic to their students, I love the truth that is communicated in the concise guiding principles leveraged by some entrepreneurs.  Recently, when I was talking with one of Portland’s successful entrepreneurs, he talked about a belief that has guided his approach to business — “One, Two, Too Many.” As the leader of a successful start-up, it was important to him not to spread the company’s human and financial capital resources too thin.  While it is so easy to begin juggling yet another project or pursue another strategy, this entrepreneur didn’t dilute resources until prior projects were completed or prior strategies fully implemented.

Share
Posted in Business Best Practices, Uncategorized | Leave a comment

Protect Your Business – Part II

Posted on February 17, 2012 by David W. Buchanan, CPA, QSA, CEH, CCNA, CTGA

My department’s budget was slashed by 40% in response to the current economic crisis.  Do I really need to implement those controls?  That will never happen to us, what would a hacker want with my company?  Thank you for the ideas, but we are simply going to accept the business risk of not locking down our IT environment. 

These are a small sample of the comments I regularly receive when consulting on IT security.  Business risk profile and budget concerns play a large part in information security strategic planning for companies, but we often focus on all the reasons why we cannot improve instead of discovering the various ways a business can improve their IT security risk profile without investing large amounts of cash.  This section of the Protect Your Business series will focus on a selection of perimeter and internal controls that can be implemented and layered to provide greater security for your business.

While there are numerous approaches I could delve into, I will only be discussing the following as related to IT security:

  1. Perimeter defense
  2. Internal controls

The most common defense at a network’s perimeter is the firewall.  A properly configured firewall can greatly reduce a network’s vulnerability to external threats.  For instance, many firewalls I see are implemented ‘as-is’ directly out of the box.  Sure, you have a wall around your kingdom, but how many metaphorical doors in the form of network ports have been left open.  The internet is the digital equivalent of the Wild West and you wouldn’t want just anyone waltzing into your business.  A common best practice for firewall configuration is to start with the firewall completely locked down.  Then, after taking inventory of which applications need external network resources, open only the necessary ports.   By only allowing necessary traffic in, you have effectively limited external attack vectors (from a network perimeter perspective) to those few ports.  The above step actually encompassed two important exercises:

  1. Locking down the firewall
  2. Taking inventory of applications requiring external network resources

This first item should be very low cost to implement as most companies will already have a firewall in place.  Many modern firewalls will come with a feature set that will allow you to customize firewall rules and provide complimentary security features.  However, some older firewalls might not provide the security and operational features that your business needs and thus might require an initial capital investment for a modern firewall along with the corresponding hardware and software maintenance plan. 

The second item is very important.  The phrase “You don’t know what you don’t know” might be familiar to some readers.  It is a dangerous position to outline your network security without knowing the environment you are protecting and the applications operating therein.  Take the time to perform proper discovery of your IT environment (hardware and software) and outline how the systems are connected and which enterprise goals they are supporting.  Here are some questions you should be asking:

  1. Which applications are dependent on which servers and/or databases?
  2. Which firewall ports must be open for our applications to operate?
  3. Is our network topology updated?  If not, verify that all communication paths are outlined and relevant hardware present.
  4. Is there a guest network?  If so, is it properly segregated from our internal network?

Knowing this information ahead of time will empower you to properly plan your IT security strategy. 

From an internal controls perspective, I only am going to touch on a few basics.  I would offer up that the following controls should be present in any business environment.

  1. A management steering committee charged with oversight of IT, information security, and enforcing accountability for those tasked with managing the IT environment.
  2. Limited access to perform administrative functions on the network, including:
    1. Firewall configuration, user access rights management, server management, etc.
    2. Limited access to server room or data closet.
    3. Formal process for authorizing, configuring, and reviewing employee access to IT resources.
    4. Annual IT security training:
      1. This could take the form of IT security awareness training and presents the perfect opportunity to re-educate employees on proper password management and use of business resources.
      2. IT security policies and procedures (lightweight and useful documentation) for items such as:
        1. Change management
        2. Risk assessments
        3. User access rights reviews
        4. Major system upgrades

I was speaking with a good friend the other day and the conversation turned to the (often dangerous) assumptions we make on a daily basis.  Avoid making assumptions when it comes to the security of your business.  For instance, do not assume that because you require your employees to read and sign off that they read the employee handbook (including the section on IT security and acceptable computer use) that they actually understand what is expected of them and why.  When in doubt, communicate!  The management steering committee actively works with the IT staff to evaluate business risks and ensure that employees are properly trained and empowered to protect the company’s interests.  Don’t assume that a security breach will never happen to you.  Proactively work with your IT staff to ensure that administrative access (physical and logical) is properly restricted to authorized personnel and reviewed regularly.

Share
Posted in Business Best Practices, Resources | Leave a comment

What is the unchangeable core of your business?

Posted on February 15, 2012 by Jared Siegel

It’s no secret that Apple’s iPhone has been very successful.  However, just how successful can be hard to put into perspective.  One measure of success is that Apple’s iPhone revenue alone has exceeded all of Microsoft.  That is crazy!  The iPhone was only introduced in January 2007.  The iPhone alone was responsible for $9.3 Billion of Apple’s profit during the December quarter.  Steve Balmer laughed publically at the iPhone when it was first released.  The iPhone was introduced into a world that was dominated by Blackberry, yet a mere computer company crushed the cell phone giant.  This is the same computer company that turned the music industry on its head with the introduction of the iPod & iTunes.

What are some of the potential changes within your industry in the next five years?  The velocity in which advances in technology are being introduced in the marketplace is like no other time in our country.  Change seems to be one of the only constant themes in business today.  What is the unchangeable core of your business?  What aspects of your business can you change in response to the market?

Great companies seem to have tremendous clarity about the nonnegotiable components of their business verses opportunities for innovation.  Apple, for example, represents a beautiful battle of the competing forces:  ART vs. TECHNOLOGY.  The competing forces have allowed them to approach new markets outside of computers with the same potency that made them contenders in the personal computer market.  What are the competing forces driving your business forward, while keeping it grounded in your core competency?

Share
Posted in Business Best Practices, Manufacturing | Tagged , , | Leave a comment

Oregon—Income Tax: Electronic Filing of W-2s

Posted on February 2, 2012 by Adam Puckett, CPA

Effective for calendar year 2011, businesses and all payroll service providers are required to report Oregon personal income tax W-2 information electronically by March 31, 2012. “iWire Direct,” the direct filing option for W-2 information, will be available the first week of March. Even employers who are not required to submit W-2’s electronically for federal purposes are still required to submit Oregon W-2’s electronically, including employers with as few as one or two W-2’s and household employers. However, employers are still required to submit the paper Form WR (Withholding Annual Reconciliation Report) for 2011, also by March 31, 2012. Further information is available at http://www.oregon.gov/DOR/BUS/iwire-income-wage-information-return-eservices.shtml.

Note that, for Oregon, only employers who have 250 or more of any one type of 1099 (1099R, 1099MISC, 1099 G, and W-2G) need to submit electronically in 2012. PayrollTax News LISTSERV: iWire Update, Oregon Department of Revenue, January 2012

Share
Posted in Business Best Practices, Tax Strategy | Tagged , , , | Leave a comment

Keeping your business in the family

Posted on January 12, 2012 by Dave DeLap, CPA

Transitioning a northwest family business from one generation to another presents numerous hurdles a family must overcome.  Some closely held business owners have found a Grantor Retained Annuity Trust (GRAT) to be a powerful vehicle.

A GRAT can help minimize gift and estate tax liability associated with transferring ownership interests while retaining the much desired income stream for a specific time frame.  The strategy became even more powerful in light of the current economic climate where the gift tax exemptions are higher and the values of businesses are momentarily suppressed.

How does a GRAT work?

A GRAT is an irrevocable trust funded by a one-time contribution of assets by the “grantor”.  For example, a real estate owner developer can transfer some or all of their ownership interest in the business to the GRAT. The GRAT pays the owner as the grantor, an annuity for a specific time frame.

The annuity payment is a fixed percentage of the value of the initial contribution or a fixed dollar amount; either way, the payment must be made at least annually.  The owner maintains the right to the payment regardless of how much income the trust actually produces.

When the term of the GRAT expires, the asset remaining in the trust (aka remainder) transfers to the designated beneficiaries.  But your gift tax is assessed when the GRAT is funded, based on the value of the beneficiaries remainder interest.  The remainder interest’s value hinges on an IRS interest rate known as the Section 7520 rate, at the time the GRAT is created.  An asset such as an ownership interest in a closely held real estate business must undergo a valuation before the Sec. 7520 rate can be applied to calculate the remainder interest’s value.

If you think a GRAT could make sense for you and your business, we would be happy to explore the potential pros and cons of the strategy with you

Share
Posted in Business Best Practices, Estate Planning, Resources, Tax Strategy | Tagged , , , , , , , , | Leave a comment

5 tips for businesses to avoid compliance penalties when paying contractors

Posted on January 11, 2012 by Jared Siegel

The American Payroll Association (APA) recently published a press release that included a few basic tips to keep a business out of trouble when utilizing independent contractors.  Here is the quick overview:

The American Payroll Association (APA) has issued a press release titled 5 Tips for Businesses to Avoid Compliance Penalties When Paying Contractors that includes the following basic tips on how to avoid IRS penalties when paying independent contractors:

  1. Form 1099-MISC is required for noncorporate service providers. Employers must provide a Form 1099-MISC, Miscellaneous Income, by Jan. 31, 2012, to any noncorporate service provider who was paid at least $600 for services during 2011. The Form 1099-MISC does not have to be provided to a corporate service provider. Employers should look at the completed Form W-9, Request for Taxpayer Identification Number and Certification, that they received from the service provider to determine whether the service provider is “noncorporate” or “corporate.” Employers must provide Form 1099-MISC to sole proprietorships, partnerships, attorneys, and medical service providers who do business as corporations.
  2. Form 1099-MISC not required if contractor paid electronically. There is no requirement to send a Form 1099-MISC to any contractor that was paid electronically, such as by credit card, debit card, PayPal, or gift card. The bank or credit card company that made the actual payment to the contractor will send the contractor Form 1099-K, Merchant Card and Third Party Network Payments.
  3. Pilot program for truncation of TIN numbers has been extended. The IRS pilot program that allows for the truncation of taxpayer identification numbers (TINs) on 1099 forms has been extended to include 1099s through the 2012 calendar year (filed in 2013). This means that the first five digits of the TIN can be replaced with asterisks or Xs on the payees’ paper copies of Form 1099, but copies filed with the IRS must have their full TIN.
  4. Better safe than sorry. The APA advises employers who are unsure whether a Form 1099-MISC is required to go ahead and send one. Employers can’t go wrong by sending more 1099s than are required, but could be subject to penalties if they do not send all qualified service providers their Form 1099-MISC.  
  5. File forms on time. Paper copies of Forms 1099-MISC must be mailed to the IRS no later than Feb. 28, 2012. Forms 1099-MISC filed electronically must be submitted to the IRS by April 2, 2012.
Share
Posted in Business Best Practices, News & Updates, Resources, Tax Strategy | Tagged , , , , , | Leave a comment

Apartment Insider Report

Posted on January 10, 2012 by Amber

Maximizing the Tax Benefits of Real Estate Investing presented by Matt Mattecheck at the Apartment Insider Report.

Share
Posted in News & Updates, Resources, Tax Strategy, Uncategorized | Leave a comment