According to data company Dun & Bradstreet, business identity theft increased more than 250% in the first half of 2020. You can thank the pandemic — and the government’s release of relief and recovery funds to qualified U.S. businesses — for this remarkable number. In a more typical year, crooks use stolen business identities to file fraudulent tax returns, apply for credit and empty bank accounts. However they might try to use your company’s information, there are steps you can take to reduce the risk.

Protecting sensitive information

Thieves often use malware to infect computers and gather sensitive data from businesses. They also create fake websites that trick employees into entering login and password information. To protect against these tactics, deploy patches when prompted and maintain up-to-date security software. Store all sensitive digital files such as financial statements, invoices, bank statements and aging schedules in secure, password-protected locations.

Also, secure paper documents in locked file cabinets. When you no longer need sensitive paper documents, destroy them using a cross-cutting shredder. If you need to shred a significant volume of paper, hire a reputable service to destroy documents on your premises.

Regularly review records

So that you can act on suspicious activity before it leads to financial losses and reputation damage, monitor official records and other public information. For example, keep an eye on your business credit as well as the personal credit reports of owners. Also regularly review business records and professional license information with state, county and city registrar offices.

Bank accounts deserve special attention. Reconciling bank accounts daily is your best bet. If a fraudulent transaction posts to your business’s account, you must notify your bank within a certain time period to not be liable for the transaction. Also note that criminals often use wires to move stolen money overseas and beyond the reaches of U.S. law enforcement. If you never send wires, instruct your bank to block that capability from your accounts.

Don’t forget employees

Finally, don’t forget to involve employees in your fight against business identity theft. Coach everyone from executives to rank-and-file workers about the threats facing your company and how they can do their part to ensure sensitive data doesn’t fall into the wrong hands. Contact us for help strengthening your internal controls.

© 2020 Covenant CPA

The subject of payroll has been top-of-mind for business owners this year. The COVID-19 pandemic triggered economic changes that caused considerable fluctuations in the size of many companies’ workforces. Employees have been laid off, furloughed and, in some cases, rehired. There has also been crisis relief for eligible businesses in the form of the Paycheck Protection Program and the payroll tax credit.

Payroll recordkeeping was important in the “old normal,” but it’s even more important now as businesses continue to navigate their way through a slowly recovering economy and ongoing public health crisis.

Four years

Most employers must withhold federal income, Social Security and Medicare taxes from their employees’ paychecks. As such, you must keep records relating to these taxes for at least four years after the due date of an employee’s personal income tax return (generally, April 15) for the year in which the payment was made. This is often referred to as the “records-in-general rule.”

These records include your Employer Identification Number, as well as your employees’ names, addresses, occupations and Social Security numbers. You should also keep for four years the total amounts and dates of payments of compensation and amounts withheld for taxes or otherwise — including reported tips and the fair market value of noncash payments.

In addition, track and retain the compensation amounts subject to withholding for federal income, Social Security and Medicare taxes, as well as the corresponding amounts withheld for each tax (and the date withheld if withholding occurred on a day different from the payment date). Where applicable, note the reason(s) why total compensation and taxable amount for each tax rate are different.

So much more

A variety of other data and documents fall under the records-in-general rule. Examples include:

  • The pay period covered by each payment of compensation,
  • Forms W-4, “Employee’s Withholding Allowance Certificate,” and
  • Each employee’s beginning and ending dates of employment.

If your business involves customer tipping, you should retain statements provided by employees reporting tips received. Also carefully track fringe benefits provided to employees, including any required substantiation. Retain evidence of adjustments or settlements of taxes and amounts and dates of tax deposits.

Follow the records-in-general rule, too, for records relating to wage continuation payments made to employees by the employer or third party under an accident or health plan. Documentation should include the beginning and ending dates of the period of absence, and the amount and weekly rate of each payment (including payments made by third parties).

Last, keep copies of each employee’s Form W-4S, “Request for Federal Income Tax Withholding From Sick Pay,” and, where applicable, copies of Form 8922, “Third-Party Sick Pay Recap.”

Valuable information

Proper and comprehensive payroll recordkeeping has become even more critical — and potentially more complex — this year. Our firm can help review your processes in this area and identify improvements that will enable you to avoid compliance problems and make better use of this valuable information.

© 2020 Covenant CPA

What tax records can you throw away?

October 15 is the deadline for individual taxpayers who extended their 2019 tax returns. (The original April 15 filing deadline was extended this year to July 15 due to the COVID-19 pandemic.) If you’re finally done filing last year’s return, you might wonder: Which tax records can you toss once you’re done? Now is a good time to go through old tax records and see what you can discard.

The general rules

At minimum, you should keep tax records for as long as the IRS has the ability to audit your tax return or assess additional taxes, which generally is three years after you file your return. This means you potentially can get rid of most records related to tax returns for 2016 and earlier years.

However, the statute of limitations extends to six years for taxpayers who understate their adjusted gross income (AGI) by more than 25%. What constitutes an understatement may go beyond simply not reporting items of income. So a general rule of thumb is to save tax records for six years from filing, just to be safe.

Keep some records longer

You need to hang on to some tax-related records beyond the statute of limitations. For example:

  • Keep the tax returns themselves indefinitely, so you can prove to the IRS that you actually filed a legitimate return. (There’s no statute of limitations for an audit if you didn’t file a return or if you filed a fraudulent one.)
  • Retain W-2 forms until you begin receiving Social Security benefits. Questions might arise regarding your work record or earnings for a particular year, and your W-2 helps provide the documentation needed.
  • Keep records related to real estate or investments for as long as you own the assets, plus at least three years after you sell them and report the sales on your tax return (or six years if you want extra protection).
  • Keep records associated with retirement accounts until you’ve depleted the accounts and reported the last withdrawal on your tax return, plus three (or six) years.

Other reasons to retain records

Keep in mind that these are the federal tax record retention guidelines. Your state and local tax record requirements may differ. In addition, lenders, co-op boards and other private parties may require you to produce copies of your tax returns as a condition to lending money, approving a purchase or otherwise doing business with you.

Contact us if you have questions or concerns about recordkeeping.

© 2020 Covenant CPA

When business owners suspect that an employee is stealing assets or manipulating financial results, it’s time to call a fraud expert to investigate. Although the complexity of the incident will determine the investigation’s scope, there are three basic steps forensic accountants generally follow to build a fraud case that can stand up in court.

1. Conducting interviews 

Fraud interviewers know how to spot warning signs, detect deception and pin down suspicions when talking with suspects and their coworkers. But they usually start with management interviews, by asking owners, executives and audit committee members what they know about:

  • Possible fraud ploys,
  • The company’s fraud risks, and
  • Internal controls that have been implemented to mitigate specific fraud risks or to generally help prevent, deter and detect fraud. 

An expert may interview not only your company’s management and audit committee, but also anyone who can provide information about financial fraud risks. These interviews might include employees involved in initiating, recording or processing complex or unusual transactions, as well as operating personnel not directly involved in the financial reporting process.

When interviewing suspects and potential witnesses, experts encourage interviewees to do most of the talking and use silence as a tool to elicit information. Before concluding the interview, they confirm the information they’ve gathered.

2. Gathering evidence

Fraud experts also collect physical and digital evidence of possible fraud from the company’s internal sources. Examples include personnel files, phone and email records, security camera recordings, and physical and IT system access records.

Locating this evidence may require computer forensic examinations. Expect your expert to ask to access your accounting system to search for suspicious journal entries, credits, reversals and overridden controls. Experts may also collect external sources of evidence, such as public records, customer and vendor information, media reports and private detective reports.

3. Analyzing facts

Fraud specialists have been trained to review and categorize internal and external evidence, conduct computer-assisted data analysis and test various hypotheses. Rather than rely on gut instinct, your expert will formally document every step in the investigation and follow formal procedures to ensure a comprehensive investigation.

When experts finish conducting interviews and gathering evidence, they report their findings. You and your attorney may determine the appropriate format for a report and how distribution will be affected by the need to protect legal privileges and avoid defamation.

Avoid a botched investigation

A proper investigation is essential to building a strong fraud case. Indeed, botched investigations could prevent your company from recouping losses and prosecuting the perpetrator. Contact us if you suspect fraud in your organization. 

© 2020 Covenant CPA

Like many sectors of the economy, the healthcare industry regularly suffers data breaches. Healthcare analytics company Protenus has found that nearly 32 million patient records were breached between January and June 2019 alone.

Alarmed? You should be. However, there are steps you can take to reduce the risk that thieves will get a hold of your medical records and use them for nefarious purposes.

Why they’re valuable

Unlike other types of personal data, healthcare records command a hefty premium on the black market. That’s at least partly because criminals can potentially use information about an individual’s health to blackmail him or her.

Also, stolen medical records include valuable details about people’s identities. In fact, there’s usually enough information in medical files to facilitate extensive identity theft. These schemes can involve health insurance-related fraud as well as financial account and tax fraud schemes.

What you can do

The following four steps can help you protect your personal medical and other data:

  1. Be careful what you share with providers. Healthcare providers typically ask for a lot of personal information, including your Social Security number. But you aren’t obligated to provide it. If in doubt regarding whether a piece of data is critical to receiving care, ask your provider. If the provider says the information is necessary, learn how it plans to use the data —and protect it from thieves.
  2. Read the small print. Apply the same caution to healthcare apps. Only provide access to data that’s critical for the service. Read the service provider’s terms and conditions and its privacy notice so that you understand how and where your data might be used.
  3. Closely review insurance statements. Sometimes the first sign of identity theft is an insurance company statement detailing medical services you didn’t receive. Go over every insurance document and contact your insurer and the medical provider immediately if you spot any discrepancies.
  4. Don’t assume privacy online. Revealing personal details online (for example, with a large group of “friends” on social media) may provide criminals with enough information to steal your identity. Keep in mind that a dedicated criminal could piece together a detailed profile of you simply by visiting multiple sites where you’re active.

If your data is compromised

If you fear your healthcare information was included in a data breach or has otherwise been compromised, consider contacting the three major credit bureaus to freeze your credit file. This prevents the unauthorized creation of new accounts. Also step up your monitoring of insurance statements to ensure no one is filling prescriptions or making office visits in your name.

© 2019 Covenant CPA