News & Tech Tips

Cybersecurity: as much about technology as it is about training and awareness

Cybersecurity is essential in the workplace because it helps to protect the company’s data, networks, and systems from unauthorized access, theft, and damage. The reality is we cannot hide from the fact that there are people who want to infiltrate our computer system to obtain private information or to hold our data hostage. Cybercriminals have no scruples. Driven by financial, political, corporate espionage, and “FIG” (Fun, Ideology, and Grudge) motives, they have no concern for who or how they harm companies or individuals. It is crucial, with the increased sophistication and frequency of cyber-attacks, that companies implement robust security measures.

A cyberattack can have a devastating effect on your business:

• Data loss and manipulation
• Unexpected ransom payment
• The cost associated with response and recovery
• Cost of investigation
• Regulatory breach reporting and legal consequences
• Potential fines and damage payments
• Operational disruption and decreased productivity
• Reputation damage and compromised trust
• Loss of customers/clients
• Threat to ongoing business operations

As business owners, we have many safeguards in place to protect our computers and networks. We have purchased firewalls, website blockers, antispam filters, EDR systems, antivirus protection, multi-factor authentication, data encryption methods, and backup systems. However, cybersecurity is as much about technology as it is about training and awareness.

Proper cybersecurity training is crucial in the workplace. Employees are often the weakest link in the security chain, and they can unwittingly expose the company to cyber threats through simple actions such as clicking on malicious links or using weak passwords. Therefore, it is advantageous for companies to train staff members about cybersecurity policies and best practices to aid them in identifying possible threats, taking appropriate action, and avoiding security lapses.

We must be diligent and intentional in protecting our data and computer systems.

Consider the following areas of cybersecurity training in the workplace:
  1. Password management: Employees should be trained on how to create strong and work-specific passwords.
    • Internal passwords should not be the same as personal ones, and do not use personal information in passwords.
    • Remove lists of passwords from the network.
    • Utilize password management software.
  2. Data protection: Employees should be trained to handle and send sensitive information, such as customer data and financial records, to others.
    • Encryption is key – purchase and require the utilization of encryption software.
    • Do not use public Wi-Fi.
    • Do not use flash drives.
    • Create separate users for bank accounts and use two-factor authentication.
  3. Phishing awareness: Employees should be educated on how to identify and report suspicious emails and links that may be part of a phishing attack.
    • Never click links, open attachments, send money, or provide information if you don’t know the sender. (Note: Unsubscribe links are dangerous)
    • Narrow the attack surface: Don’t shop online or surf the web while at work. These activities open you up to more phishing assaults.
    • Block news channels
    • Phones are easily hackable – do not plug phones or other devices into your computer to charge.

 

Cybersecurity awareness and training are crucial in the workplace to safeguard the company’s assets, reduce the danger of data breaches and cyberattacks, and uphold stakeholder and customer trust. It is your business to protect and preserve, and it is your business to lose if you don’t. Stay ahead of the next cyberattack. Start today and schedule a training session with your users to heighten awareness.

 

Linda L. Nay

Vice President, Administration

 

 

 

How to use QuickBooks as a fraud detection tool

Many businesses and nonprofits use QuickBooks® as a cost-effective solution to manage their accounting processes. However, the software’s capabilities extend beyond organizing and streamlining your company’s accounting. QuickBooks can also help you detect fraud. Here’s an overview of the software’s fraud detection and prevention features:

Transaction audit trails

QuickBooks creates audit trails that capture user activities. This can help your company identify unauthorized changes. The audit trail includes:
• The transaction date,
• The user’s name, and
• The type of change.
Administrators can apply filters to audit log data that can help evaluate what’s happening and determine whether further analysis is required.

Trend detection and analysis

QuickBooks can generate accounts receivable and accounts payable aging reports to identify unusual balances. Creating periodic and ad-hoc financial statements can help uncover sudden changes or irregularities in revenue, expenses and cash flow. Unexplained anomalies can foreshadow asset misappropriation and financial misstatement schemes.

Exception reporting

Exception reports can be used to flag transactions that deviate from established patterns or thresholds. Customized reports can focus on specific areas of concern, such as duplicate payments, unusual expense categories, voided transactions and vendor payments. QuickBooks also makes it easier to perform bank reconciliations to detect discrepancies between bank and company records that can signal fraud.

User roles and access

Controlling access to data and limiting a user’s ability to engage in certain transactions is a crucial component of an effective internal control system. QuickBooks allows businesses to assign predefined and customized user access. Simply put, by limiting user access rights, your business can reduce the likelihood of fraud happening.

Fraud Awareness

In general, QuickBooks streamlines the detection, reporting and investigation of potential fraud. In turn, this creates a culture of fraud awareness that filters from the accounting department to the rest of the organization — and demonstrates that management is watching out for dishonest behavior. Proactive managers can thwart would-be fraudsters by minimizing perceived opportunities for fraud to happen, thereby minimizing the organization’s potential for losses.

More than an accounting solution

QuickBooks has built-in capabilities that make it a valuable tool for detecting and preventing fraud. Contact us for help using the functionality embedded in the software, adopting a proactive approach to loss prevention, and fostering a culture of fraud awareness.

© 2023

Beware of the gray areas in accounting

Accounting and auditing standards have come under scrutiny in the wake of recent high-profile bank failures. Investigations are currently underway about what went wrong with Silicon Valley Bank and Signature Bank. But it’s likely that some “gray areas” in the accounting rules were exploited to make these organizations appear more economically secure in their year-end financial statements than they truly were.

Lessons from Enron

Andrew Fastow often speaks publicly about the issue of financial misstatement. As a convicted felon, Fastow has a unique perspective on fraud: He was the CFO of Enron in October 2001 — when it became the largest U.S. bankruptcy of its time. In March 2023, Fastow presented to the Public Company Accounting Oversight Board (PCAOB), which was created by the Sarbanes-Oxley Act of 2002 to prevent another Enron-like scandal. He advised the PCAOB to consider amending the accounting and auditing rules to help prevent corporate fraud.

Instead of focusing on finding the intentional fraudulent entry, Fastow said the PCAOB should concentrate on “fraud that occurs by exploiting loopholes for the ambiguity and complexity in the rules.” The latter is more the Enron story than recording the wrong number purposely, according to Fastow.

Compliance vs. reality

To elaborate, he gave a simple example of how financial statements, while perfectly in compliance with the rules, could be divorced from economic reality: In 2014, the average price of oil was $95 per barrel. For most of the year, the price was $110, but it dropped to $50 at year-end. Under the accounting rules at that time, companies were supposed to take the price of oil on the first day of each of the 12 preceding months and average it. The result of this calculation was $95, but the market price was $50 when oil and gas companies released their financial statements.

Fastow said that every oil and gas company followed the rule and used $95 per barrel to report their reserves — even though the market price was $50 at year-end. “All of them massively overstated their economically recoverable reserves, which is perhaps the most important metric that Wall Street looks at when they evaluate independent oil and gas companies. The mindset among people is so long as you’re following the rules, it doesn’t matter if the financial statements are misleading,” concluded Fastow.

Complex problem

Charles Niemeier, the former founding member of the PCAOB, said solving the issue of financial reporting fraud is bigger than just revamping the auditing standards. And the challenge is greater for financial reporting matters that rely on subjective judgment calls.

For instance, accounting estimates may be based on subjective or objective information (or both) and involve some level of measurement uncertainty. Examples of accounting estimates include allowances for doubtful accounts, impairments of long-lived assets, and valuations of financial and nonfinancial assets. Some estimates may be easily determinable, but many are inherently subjective or complex.

Another matter that may be susceptible to manipulation is the going concern assessment, which underlies all financial reporting under U.S. Generally Accepted Accounting Principles. The accounting rules give a company’s management the final responsibility to decide whether there’s substantial doubt about the company’s ability to continue as a going concern and to provide related footnote disclosures. The standard provides guidance to management, with principles and definitions that are intended to reduce diversity in the timing and content of disclosures that companies commonly provide in their footnotes.

We can help

Financial misstatement can happen when managers use the gray areas in financial reporting to their advantage, especially as the rules have moved from historic cost in favor of fair value estimates. When making subjective estimates and evaluating the going concern assumption, it’s important to step back and ask whether your company’s financial statements, while in compliance with the rules, could potentially mislead investors. Contact us to address questions you may have about these complex matters. We can help you understand the rules and assess current market conditions.

© 2023

Tailored Consulting Service Announcement

We are excited to announce that Whalen CPAs is expanding its services and is now offering Dental & Healthcare Practice Consulting. We believe this new addition will help us provide our clients with comprehensive solutions that will improve their practice’s overall health and maximize profits.

 

We understand that managing a dental or healthcare practice can be complex and time-consuming. With our new consulting service, we aim to simplify the process and provide our clients with the tools and resources they need to make informed decisions. Our team of experts, led by Laurie Morgan, a dentist and instructional designer, has firsthand experience dealing with the intricacies of practice management.

 

We prioritize collaboration and transparency, and our team will work closely with you to understand your unique needs and goals. We offer a range of services, including data analysis, market research, and strategic planning, to help you make informed decisions and achieve your internal goals.

 

At Whalen CPAs, we’re committed to providing our clients with the highest quality of service. We believe this new offering will help us better serve your needs and provide you with a more efficient and streamlined practice. We’re excited about this new service and look forward to working with you.

 

If you have any questions or want to learn more about our new consulting services, please don’t hesitate to contact us. We’re always here to help.

New-and-improved accounting rules for common control leases

On March 27, 2023, the Financial Accounting Standards Board (FASB) published narrowly drawn amendments to the lease accounting rules. The updated guidance clarifies issues that are relevant to rental agreements between businesses that have the same owner.

Written vs. verbal leases

Accounting Standards Update (ASU) No. 2023-01, Leases (Topic 842) Common Control Arrangements, explains how related business entities that are controlled by the same owner determine whether a lease exists. Specifically, it provides an optional practical expedient to private companies and not-for-profit organizations that aren’t conduit bond obligors. (A practical expedient is an accounting workaround that allows a company to use a simpler route to get to the same outcome.) The guidance settles questions about how to approach verbal common control leases and whether legal counsel is required to determine the terms and conditions of a lease.
The practical expedient is applicable only for written leases. Under the updated guidance, a private company electing the practical expedient must use the written terms and conditions of a common control arrangement to determine whether a lease exists and, if so, how to account for it. In the case of a lease agreement that’s verbal — as is often the case between private entities under common control — the company must document the existing unwritten terms before applying the lease accounting rules.

The lessee isn’t required to determine whether written terms and conditions are enforceable when applying the practical expedient. In addition, companies are allowed to apply the practical expedient on an arrangement-by-arrangement basis.

Leasehold improvements

The accounting rules related to certain leasehold improvements have also changed for both public and private organizations under ASU 2023-01. Examples of leasehold improvements include installing carpet, painting and building out the space for the lessee’s needs. For example, a salon might install sinks and plumbing fixtures, a chemical manufacturer might need ventilation for its production process and an eco-friendly restaurant might design a rooftop garden to attract patrons.
The amendments require lessees to amortize leasehold improvements over the improvements’ useful lives to the common control group — regardless of the lease term. When the lessee no longer controls that underlying asset, the transfer of those improvements must be accounted for through equity or net asset. The improvements remain subject to the impairment requirements of Accounting Standards Codification (ASC) Topic 360, Property, Plant and Equipment.

Implementation guidance

ASU No. 2023-01 is an amendment to ASC Topic 842, Leases, which was issued in 2016. This standard requires the full effect of entities’ long-term lease obligations to be reported on the balance sheet. It went into effect for public entities in 2019 and for private entities in 2022.

The new-and-improved rules will be effective for fiscal years beginning after December 15, 2023, including interim periods within those fiscal years. Early adoption is permitted for both interim and annual financial statements that haven’t yet been made available for issuance. If a company adopts the amendments in an interim period, the company must adopt them as of the beginning of the fiscal year that includes that interim period.

If your company decides to adopt ASU 2023-01 concurrently with the adoption of Topic 842, you should use the same transition approach as that standard. If your company adopts the rules in a subsequent period, you can do so either retrospectively or prospectively.

For more information

Does your company rent property from a related party? We can help you report these arrangements in accordance with the updated guidance. Our accounting pros understand how to determine whether a common control lease exists and how to report leasehold improvements and other fixes that have been made to rented property. Contact Us!

© 2023