| Summer 2007 |
|
INFOLETTER
|
 |
 |
 |
Partner's Perspective |
|
Information Risk Management:
Protecting Your Information
By Cindy S. Johnson, CPA, CIT, Partner
In today's digital world, your company's most valuable assets may not
necessarily be physical things, like equipment and machinery, but something a
little less tangible: your information. Given this, it's critical that you have
a plan in place to protect your information assets from IT-related risks.
IT security starts with creating an effective information risk management
process that identifies and assesses risk and details steps to reduce risk to an
acceptable level. The goal of this process goes beyond just protecting IT
assets: information risk management should protect your company's ability to
perform its critical business mission—whether this is manufacturing a product,
delivering a service or something in between.
For this reason, IT risk management should not be viewed as a "technical"
task to be carried out by the IT gurus. Rather, it is an essential management
function that should be driven from the very top of your organization.
The most common threats come in three forms: hardware failures, non-technical
human intrusion and cyber attacks.
Hardware Failures
While hardware failures are less common than they used to be, the
consequences of a major failure can be severe.
Concentrate on the simple things first, like ensuring adequate battery backup
to computers (power fluctuations are hardware's worst enemy) and automating
backup procedures. Also avoid extreme temperatures. In general, if you are
comfortable, then your computer will be comfortable.
Computer hardware (mainframes, desktop PCs, laptops, etc.) is also vulnerable
to other threats, such as theft, intentional damage and power failure. Securing
desktops with heavy-duty cables and specialized locks and implementing adequate
backup procedures can help protect against these threats.
Con Games
Threats to your information are not always technological. Many hackers
manipulate employees to obtain sensitive information (such as passwords) by
playing on our natural tendency to trust. This is what's now known as "social
engineering"—or what used to be called a con game.
The best solution to this human threat is to train your employees on what
information they can and cannot share with outsiders and to refer all questions
regarding sensitive information to the appropriate person.
Cyber Attacks
As the news headlines testify, cyber attacks are becoming more pervasive and
continuous. Today's corporate IT systems are vulnerable to attacks not only by
individuals outside your company, but by insiders as well. In fact, a
surprisingly large percentage of IT crime is perpetrated by someone inside the
company (see sidebar).
|
Laptops and Portable Technology
Laptop computers and other portable digital devices (like PDAs) mostly
reside outside the physical security of your office, which puts them at a
very high risk of theft. In addition, wireless connectivity makes these
devices extremely vulnerable to hacker attacks. Therefore, such devices
should be configured with the assumption that they will be stolen and/or
hacked.
 First, make sure that there is a good business reason for any data to
reside on a laptop or portable device. Sensitive information should be
transferred to the network upon returning to the office, and all data should
be backed up regularly to the network.
Hardware and operating system passwords should be implemented for all
laptops and portable devices, and hard drives should be set to encrypt data.
Use "strong" passwords (i.e., include special characters, numbers, case
sensitivity), and change them regularly. And laptops should be locked (both
in and out of the office) and never left in plain view in parked cars.
Human Threats
Human threats to your IT systems fall into a number of different
categories, each with its own motivation for theft or hacking and threat
actions:
| Threat Source |
Motivation |
Threat Actions |
| Hacker, cracker |
Challenge, ego, rebellion |
Hacking, social engineering
system intrusion or unauthorized access |
| Computer criminal |
Information destruction, monetary gain,
data alteration |
Spoofing, system intrusion, computer crime, fraudulent activity |
| Terrorist |
Blackmail, destruction, revenge,
exploitation |
System attack,
penetration or tampering, information warfare |
| Industrial espionage |
Competitive advantage, economic espionage |
Information theft, economic exploitation, social engineering |
| Insiders (poorly trained, disgruntled,
dishonest or malicious employees) |
Curiosity, ego, intelligence, monetary
gain, revenge |
Blackmail, computer
abuse, information bribery, fraud, theft, system intrusion and sabotage |
Source: Risk Management Guide for Information Technology Systems,
National Institute of Standards and Technology |
In the 2005 FBI Computer Crime Survey, 87 percent of respondents said
they had experienced some type of computer security incident during the past
year. Of those who experienced an unauthorized access event, 44 percent said the
intrusion came from within their own organizations.
Computer viruses, botnets, Trojans, worms and spyware can be introduced to
data networks through the Internet or CD/flash drives and spread quickly,
causing severe and sometimes irreparable damage. Hackers can interrogate the
computer of an unprotected Internet surfer in seconds, and poorly configured
wireless environments can be especially vulnerable.
When determining how to protect against cyber attacks, you should first gauge
how likely you are to be a target of such an attack and exactly how secure your
data needs to be. While all companies should safeguard their IT systems and data
to some degree, the need for data security is probably greater for a doctor's
office or law firm than it is for a landscaper.
Even so, there are some specific steps that can help any company guard
against the most common threats to their IT systems. Consider the following:
Keep the "business" in your business computers. Implement and enforce
clear policies that separate personal and business use of company computers and
other IT equipment.
Watch out for backdoors to your network. A seemingly innocuous
wireless access point installed by a well-meaning but technically challenged
employee could open your entire network to attack. Consider installing intrusion
detection and/or prevention hardware and software.
Keep security patches, firewalls, anti-virus and anti-spyware software
current. These should be updated regularly for all operating systems, Web
browsers, office applications and anti-virus applications, preferably through a
centrally administered automatic update.
Limit downloads and installations. Outline specific guidelines and
procedures for employees to follow with regard to all software and media
downloads and installations.
When All Else Fails
Of course, even when you think you've taken all the necessary precautions,
attacks and hardware failures happen. So it pays to have a trained IT
professional on staff who can keep an eye out for signs of serious trouble, such
as:
- Abnormal computer behavior—Don't ignore obvious signs of trouble
with your hardware. For example, know where your computers' warning lights are
(if they have them) and how to interpret their patterns, and check the
self-diagnostic logs on a regular basis. In general, hardware should be
rotated every three to four years.
- Abnormally high network traffic. This could indicate that a network
attack is in progress, or that a worm or Trojan has entered the network and is
sending outbound data.
Finally, if you don't feel confident that your IT system is as secure as it
needs to be, hire an IT security consultant to help you devise and implement a
security system that's right for the level of security your company needs.
If I can be of further assistance to you in your systems security
assessments, please call or email me at
cindyj@bobermarkey.com.
BMF&C
Do You Have a Crisis
Communication Plan?
By Danielle J. Kimmell, CPA,
Senior Manager
 If
you're lucky, your business will never have to deal with a
crisis. But counting on luck is not the best business strategy.
Therefore, it's smart to plan ahead for how you'll handle the
various aspects of dealing with a business crisis. And one of
the most important of these aspects is crisis communication.
When seven people in Chicago died from cyanide-laced Tylenol capsules in
1982, Johnson & Johnson executed what is considered by public relations experts
to be one of the best crisis communication plans in the history of public
relations. Conversely, Exxon's poor job of crisis communication after the Valdez
oil spill in Alaska is a case study in how quickly bad press can damage a strong
brand.
The first step in your plan should be to put together a crisis communication
team as quickly as possible. This team will be charged with creating a specific
plan for the crisis, including both internal and external tactics. The plan
should include critical message and talking points and the methods for
delivering the points to all your audiences.
You may have little if any experience in dealing with the media; be prepared
for the media to ask a lot of questions and to demand details. In a crisis, the
media regards itself as the public's eyes and ears and takes this "protector"
role very seriously. Treat reporters and editors professionally at all times.
|
Be prepared for
the media to ask a lot of questions and to demand details. |
One of your biggest challenges will be navigating legalities and still
getting your message out clearly. For example, try to stay away from saying "no
comment," which is generally perceived as "guilty as charged." You must also
avoid the three Ds of crisis communication (also known as the Death strategy):
Deny, Delay and Deceive (or Dissemble).
Realize that response time will be critical. How you communicate and handle
yourself in the early hours of a crisis will determine how you will ultimately
be viewed in the court of public opinion.
If we can help you plan in your time of need, please call or email me at
Danielle@bobermarkey.com, or call
your Partner/Manager contact with the Firm.
BMF&C
Valuation Key to Lifetime
Gift and Estate Planning
By Marcy A. Venarge, CPA,
ABV, CVA, Manager
 The
Economic Growth and Tax Relief Reconciliation Act of 2001
(EGTRRA) made a number of changes to estate and gift tax rates
and to applicable exclusion amounts.
To recap, the top marginal tax rate applicable to estates and gifts decreased
from 46 percent in 2006 to 45 percent in 2007, where it will remain for 2008 and
2009. The estate tax will be repealed in 2010, when the highest gift tax rate
will drop to 35 percent. The provisions for these changes are currently set to
expire after 2010, when rates will revert to pre-EGTRRA levels.
All taxpayers are also allowed a "unified credit" against federal estate and
gift taxes. The unified credit must be subtracted from any gift tax owed, and
any unified credit used against gift tax in one year reduces the amount of
credit available against gift tax in a later year. The total amount used over a
lifetime against gift tax reduces the credit available to use against estate
taxes (see chart).
Valuation Key to Transfers
Given the strict dollar limits and huge tax liabilities associated with the
unified credit, it's no surprise that asset valuation is important in asset
transfers. Typically, transfers of this nature are accomplished via a family
limited partnership, trusts or similar entities.
From a tax-saving standpoint, if making gifts today, choose assets that have
the most potential to increase in value. By doing so, maximum value is removed
from the estate.
For example, say you die with a $5 million estate, the value of which is
mostly derived from a closely held business. The first $2 million is excluded
from estate tax, and the remaining $3 million is subject to a graduated estate
tax with a maximum rate of 45 percent (above $2 million). In this case, the
estate tax is $1,380,000, assuming you used no unified credit for prior gifts.
If instead, during your lifetime, you transfer a 49 percent interest in your
business to your children—a taxable gift of $960,000 after you deduct your $1
million lifetime exclusion—you've transferred $1,960,000 out of your estate.
The gift tax would be $417,000. The remaining estate value is $2,623,000.
Another $1 million comes off for the estate tax exemption, leaving a taxable
estate of $1,623,000. Estate tax on that amount equals $771,180 for a total of
$1,188,180 in gift and estate taxes, versus $1,380,000 without the 49 percent
transfer—a savings of $191,820.
Valuation becomes critical when making lifetime gifts because discounts for
marketability and minority interests decrease the value of an asset. This can be
used advantageously to "freeze" the value transferred to heirs today, which will
remove further appreciation from the estate.
Moreover, if a business owner dies with a minority interest in the company,
the minority status further reduces value due to lack of marketability.
Of course, estate and tax laws are always subject to change, so it is wise to
seek professional guidance on which assets are most likely to be appropriate for
transfer from a valuation point of view.
For more information on estate and gift tax planning, please don't hesitate
to call or email me at
marcy@bobermarkey.com. BMF&C
| Threat Source |
For Gift Tax Purposes: |
For Estate Tax Purposes: |
|
Year |
Unified Credit |
Applicable Exclusion Amount |
Unified Credit |
Applicable Exclusion Amount |
| 2002 and 2003 |
$345,800 |
$1,000,000 |
$345,800 |
$1,000,000 |
| 2004 and 2005 |
$345,800 |
$1,000,000 |
$555,800 |
$1,500,000 |
| 2006, 2007 and 2008 |
$345,800 |
$1,000,000 |
$780,800 |
$2,000,000 |
| 2009 |
$345,800 |
$1,000,000 |
$1,455,800 |
$3,500,000 |
BMF&C Forms Corporate Finance and Restructuring
Affiliate
As most companies evolve and grow, they inevitably experience major periods
of change. Business owners and boards of directors need the very best financial
insight available during such times. To address these issues, Bober, Markey,
Fedorovich & Company recently announced the formation of a new affiliated
practice that specializes in corporate finance and restructuring.
BMF Advisors assists companies, as well as creditor committees, that are
facing the challenges of unexpected events and financial or operational
difficulties. More specifically, BMF Advisors provides:
- Company/Debtor Services—cash management and projections,
strategic assessment and business planning, out of court workouts;
- Lender Services—cash flow lending and collateral analyses, due
diligence, structuring/technical assistance, portfolio monitoring;
- Creditors' Rights—business plan analysis, capital structure,
reorganization evaluation and negotiation, expert testimony;
- Business Regeneration—strategic assessment and implementation,
cash and capital management, crisis management;
- Interim Management—CFO, CRO, COO roles, trustees and
receiverships;
- Transaction Advisory and M&A—transaction structuring,
arbitration, accretion and dilution analysis, raising and refinancing of debt
and equity.
David M. Wehrle is a partner and serves as the practice leader for BMF
Advisors. Wehrle has more than 28 years of financial and operational experience,
including several years of restructuring and advisory work with FTI Consulting
and PricewaterhouseCoopers' Business Recovery Services. He has served as advisor
to companies, secured creditors and unsecured creditors committees in out-of- court
restructurings and in formal bankruptcy proceedings. His expertise includes
supply chain management, business plan formulation, liquidity management, lender
and creditor advisory services, bankruptcy preparation, reorganization plan
negotiation and interim management.
Wehrle holds a B.S. in materials science and engineering and a M.S. in
engineering from the Massachusetts Institute of Technology. He is a Certified
Turnaround Professional (CTP), Chartered Financial Analyst (CFA) and a Certified
Insolvency and Restructuring Advisor (CIRA). Mr. Wehrle is also a member of the
CFA Institute, the Turnaround Management Association and the Association of
Insolvency and Restructuring Advisors.
"With Dave's expertise, BMF Advisors brings a wealth of knowledge and
front-line experience to current and potential new clients," said Richard C.
Fedorovich, CPA, Managing Partner. "In addition, BMF Advisors will be able to
draw on the extensive resources of Bober, Markey, Fedorovich & Company."
For more information on BMF Advisors, please contact Dave Wehrle at
330-255-2484 or dwehrle@bmfadvisors.com.
You may also visit BMFA's web site at
www.bmfadvisors.com.
BMF&C
Personal Financial
Management: Getting and Staying Organized
By Leif E. Erickson, CPA, MT,
Tax Manager
 Many
business owners spend so much time managing and organizing their
business finances that they sometimes neglect to do the same
with their personal finances. It's the old "cobbler's kids have
no shoes" syndrome.
The first step in getting your personal finances in order is determining
exactly what records and paperwork you need to keep and for how long. Here are
some guidelines:
Tax records—Taxpayers must keep records that support the items shown
on their returns until the statute of limitations for that return runs out. The
normal audit limit is three years, but there is no audit limit if a return is
not filed or fraud is committed.
IRA contributions—Keep nondeductible IRA contribution records
indefinitely to prove that you already paid tax on this money when the time
comes to withdraw. See IRS Form 8606 for more details.
Brokerage statements—Keep these until you sell the securities, since
you'll need them to determine capital gains or losses at tax time. Or, retain
just the confirmation of trade instead.
Home purchase and improvements—Keep all records documenting the
purchase price and cost of permanent home improvements. Also keep records of
expenses incurred in selling and buying the property for six years after you
sell.
To organize your financial paperwork and records, first sort everything by
category, and make sure your tax information (tax returns, receipts, copies of
W-2s, 1099s, etc.) is sorted by year. All important financial documents (e.g.,
car titles, stock certificates) should be stored in a fireproof file cabinet or
bank safe deposit box. Finally, be sure to create a system for keeping all
incoming financial paperwork organized and stored properly—so you can stay on
top of everything going forward.
Please call or email me at
leif@bobermarkey.com if you would like some help
in organizing your personal finances. BMF&C
 |
In this feature of InfoLetter, each quarter we provide a profile of
one of our professionals who is available to work with our clients and
friends.
Michelle L.
DeGordon, CPA, CIT, CDS
Manager—Assurance and Advisory Department and
Construction Services Group |
Michelle's experience includes traditional audits and reviews as well as tax
services for a variety of industries including manufacturing,
distribution/wholesale and retail. As a member of the Construction Services
Group, Michelle has a significant focus on serving the construction industry,
specializing in accounting and tax issues related specifically to contractors.
Michelle joined BMF&C in 1998 after five years at a local firm in Canton. She
holds the Construction Industry Technician (C.I.T.) and Construction Document
Specialist (C.D.S.) designation from NAWIC (National Association of Women in
Construction) and Clemson University. These designations are designed to provide
participants with an in-depth knowledge of the processes, terminology, issues
and emerging trends of the construction industry.
Michelle is a member of the American Institute of Certified Public
Accountants, Ohio Society of Certified Public Accountants and a member of Phi
Theta Kappa. She currently serves on a board directed committee for Habitat for
Humanity of Summit County, as Treasurer for Trinity United Methodist Church, as
a volunteer for the Perry Local School District and is a past committee member
for the Pro Football Hall of Fame.
"BMF&C has shown a commitment to my individual professional development and
to our clients as demonstrated by their affiliations and the educational
opportunities they have provided for me. Contractors face unique business
challenges, which is why I truly enjoy working with them. It is very gratifying
to know we can help them find innovative solutions because of our in-depth
knowledge of the industry." BMF&C
|
