Best practices for monitoring liquidity in a nonprofit

Benchmarking doesn’t need to be time and resource consuming. Read on for four simple steps you can take to improve efficiency and maximize resources.

Stop us if you’ve heard this one before (from your Board of Trustees or Finance Committee): “I wish there was a way we could benchmark ourselves against our competitors.”

Have you ever wrestled with how to benchmark? Or struggled to identify what the Board wants to measure? Organizations can fall short on implementing effective methods to benchmark accurately. The good news? With a planned approach, you can overcome traditional obstacles and create tools to increase efficiency, improve operations and reporting, and maintain and monitor a comfortable risk level. All of this can help create a competitive advantage — and it  isn’t as hard as you might think.

Even with a structured process, remember that benchmarking data has pitfalls, including:

• Peer data can be difficult to find. Some industries are better than others at tracking this information. Some collect too much data that isn’t relevant, making it hard to find the data that is.
   
• The data can be dated. By the time you close your books for the year and data is available, you’re at least six months into the next fiscal year. Knowing this, you can still build year-over-year trending models that you can measure consistently.
   
• The underlying data may be tainted. As much as we’d like to rely on financial data from other organization and industry surveys, there’s no guarantee that all participants have applied accounting principles consistently, or calculated inputs (e.g., full-time equivalents) in the same way, making comparisons inaccurate.

Despite these pitfalls, benchmarking is a useful tool for your organization. Benchmarking lets you take stock of your current financial condition and risk profile, identify areas for improvement and find a realistic and measurable plan to strengthen your organization.

Here are four steps to take to start a successful benchmarking program and overcome these pitfalls:

1. Benchmark against yourself. Use year-over-year and month-to-month data to identify trends, inconsistencies and unexplained changes. Once you have the information, you can see where you want to direct improvement efforts.
2. Look to industry/peer data. We’d love to tell you that all financial statements and survey inputs are created equally, but we can’t. By understanding the source of your information, and the potential strengths and weaknesses in the data (e.g., too few peers, different size organizations and markets, etc.), you will better know how to use it. Understanding the data source allows you to weigh metrics that are more susceptible to inconsistencies.

3. Identify what is important to your organization and focus on it. Remove data points that have little relevance for your organization. Trying to address too many measures is one of the primary reasons benchmarking fails. Identify key metrics you will target, and watch them over time. Remember, keeping it simple allows you to put resources where you need them most.

4. Use the data as a tool to guide decisions. Identify aspects of the organization that lie beyond your risk tolerance and then define specific steps for improvement.

Once you take these steps, you can add other measurement strategies, including stress testing, monthly reporting, and use in budgeting and forecasting. By taking the time to create and use an effective methodology, this competitive advantage can be yours. Want to learn more? Check out our resources for not-for-profit organizations here.

Read this if your CFO has recently departed, or if you're looking for a replacement.

With the post-Covid labor shortage, “the Great Resignation,” an aging workforce, and ongoing staffing concerns, almost every industry is facing challenges in hiring talented staff. To address these challenges, many organizations are hiring temporary or interim help—even for C-suite positions such as Chief Financial Officers (CFOs).

You may be thinking, “The CFO is a key business partner in advising and collaborating with the CEO and developing a long-term strategy for the organization; why would I hire a contractor to fill this most-important role?” Hiring an interim CFO may be a good option to consider in certain circumstances. Here are three situations where temporary help might be the best solution for your organization.

Your organization has grown

If your company has grown since you created your finance department, or your controller isn’t ready or suited for a promotion, bringing on an interim CFO can be a natural next step in your company’s evolution, without having to make a long-term commitment. It can allow you to take the time and fully understand what you need from the role — and what kind of person is the best fit for your company’s future.

BerryDunn's Kathy Parker, leader of the Boston-based Outsourced Accounting group, has worked with many companies to help them through periods of transition. "As companies grow, many need team members at various skill levels, which requires more money to pay for multiple full-time roles," she shared. "Obtaining interim CFO services allows a company to access different skill levels while paying a fraction of the cost. As the company grows, they can always scale its resources; the beauty of this model is the flexibility."

If your company is looking for greater financial skill or advice to expand into a new market, or turn around an underperforming division, you may want to bring on an outsourced CFO with a specific set of objectives and timeline in mind. You can bring someone on board to develop growth strategies, make course corrections, bring in new financing, and update operational processes, without necessarily needing to keep those skills in the organization once they finish their assignment. Your company benefits from this very specific skill set without the expense of having a talented but expensive resource on your permanent payroll.

Your CFO has resigned

The best-laid succession plans often go astray. If that’s the case when your CFO departs, your organization may need to outsource the CFO function to fill the gap. When your company loses the leader of company-wide financial functions, you may need to find someone who can come in with those skills and get right to work. While they may need guidance and support on specifics to your company, they should be able to adapt quickly and keep financial operations running smoothly. Articulating short-term goals and setting deadlines for naming a new CFO can help lay the foundation for a successful engagement.

You don’t have the budget for a full-time CFO

If your company is the right size to have a part-time CFO, outsourcing CFO functions can be less expensive than bringing on a full-time in-house CFO. Depending on your operational and financial rhythms, you may need the CFO role full-time in parts of the year, and not in others. Initially, an interim CFO can bring a new perspective from a professional who is coming in with fresh eyes and experience outside of your company.

After the immediate need or initial crisis passes, you can review your options. Once the temporary CFO’s agreement expires, you can bring someone new in depending on your needs, or keep the contract CFO in place by extending their assignment.

Considerations for hiring an interim CFO

Making the decision between hiring someone full-time or bringing in temporary contract help can be difficult. Although it oversimplifies the decision a bit, a good rule of thumb is: the more strategic the role will be, the more important it is that you have a long-term person in the job. CFOs can have a wide range of duties, including, but not limited to:

• Financial risk management, including planning and record-keeping
• Management of compliance and regulatory requirements
• Creating and monitoring reliable control systems
• Debt and equity financing
• Financial reporting to the Board of Directors

If the focus is primarily overseeing the financial functions of the organization and/or developing a skilled finance department, you can rely — at least initially — on a CFO for hire.

Regardless of what you choose to do, your decision will have an impact on the financial health of your organization — from avoiding finance department dissatisfaction or turnover to capitalizing on new market opportunities. Getting outside advice or a more objective view may be an important part of making the right choice for your company.

BerryDunn can help whether you need extra assistance in your office during peak times or interim leadership support during periods of transition. We offer the expertise of a fully staffed accounting department for short-term assignments or long-term engagements―so you can focus on your business. Meet our interim assistance experts.

Editor’s note: Read this if your organization is an entity with significant lease transactions with terms greater than a year.  

Updated: June 2020

The new Accounting Standards Codification Topic 842 (ASC 842) lease accounting standard is actually not that new. The Financial Accounting Standards Board (FASB) first released the standard in 2016 but, due to a series of delays, it hasn’t been required yet. Even with delays, some organizations have already started to implement ASC 842. They include:

1. Public business entities
2. Not-for-profits that have issued or are conduit bond obligors for securities traded, listed, or quoted on an exchange or an over the-counter market

All other entities will start implementing for fiscal years starting after December 15, 2021 and internal periods within fiscal years beginning after December 15, 2022 (January 1 for calendar reporting periods).

Here’s a quick rundown of the lease classifications and how they’ll impact your financial statements.  

Classifying leases

Under the new standards, leases fall into one of two classifications: finance leases and operating leases. This classification makes all the difference in how leases are reported in the financial statements. 

Finance lease

A finance lease essentially treats an asset as if it were purchased by the lessee and financed with funds from the lessor. This prevents companies from hiding financial obligations that are basically liabilities. ASC 842 requires leases to be classified as finance leases if they meet any of the following five criteria:

1. The lease transfers ownership of the underlying asset to the lessee by the end of the lease term.
2. The lease grants the lessee an option to purchase the underlying asset that the lessee is reasonably certain to exercise.
3. The lease term is for the major part of the remaining economic life of the underlying asset. However, if the commencement date falls at or near the end of the economic life of the underlying asset, this criterion shall not be used for purposes of classifying the lease.
4. The present value of the sum of the lease payments and any residual value guaranteed by the lessee that is not already reflected in the lease payments in accordance with paragraph 842-10-30-5(f) equals or exceeds substantially all of the fair value of the underlying asset.
5. The underlying asset is of such a specialized nature that it is expected to have no alternative use to the lessor at the end of the lease term.

As you can see from the five criteria, finance leases are just purchase arrangements financed over time. ASC 842 is designed to reflect that and improve transparency for investors and other stakeholders.  

Operating lease

Any lease not meeting any of the above criteria is classified as an operating lease. 

No more off-book leases

One of the problems ASC 842 seeks to solve is “off-book” operating leases that show up only as notes on the balance sheet and cloud the debt ratios of companies. Under the new standards, both operating and finance leases will be reported on the balance sheet. The only exceptions are certain leases with terms of 12 months of less. 

Recording finance vs. operating leases

With both operating and finance leases reported on the balance sheet, what’s the difference between the two? The major difference is the way they are recorded on the income statement:

• Interest and amortization are recorded separately on the income statement for finance leases.
• Operating leases will report a single line item based on the lease payment. 
• Principal repayments for finance lease are classified as financing activities.
• Payments on operating leases are classified as operating activities.

Next Steps 

Make sure you start by implementing for fiscal years starting after December 15, 2021 and internal periods within fiscal years beginning after December 15, 2022. If you have questions about finance or operating leases, or need help with the new standard, please don’t hesitate to contact the team. 

Download our lease classification infographic for a comparison of finance and operating leases under ASC 842.

LIBOR is leaving—is your financial institution ready to make the most of it?

In July 2017, the UK’s Financial Conduct Authority announced the phasing out of the London Interbank Offered Rate, commonly known as LIBOR, by the end of 2021¹. With less than two years to go, US federal regulators are urging financial institutions to start assessing their LIBOR exposure and planning their transition. Here we offer some general impacts of the phasing out, some specific actions your institution can take to prepare, and, finally, background on how we got here (see Background at right).

How will the phase-out impact financial institutions?

The Federal Reserve estimates roughly $200 trillion in LIBOR-indexed notional value transactions in the cash and derivatives market². LIBOR is used to help price a variety of financial services products,  including $3.4 trillion in business loans and $1.3 trillion in consumer loans, as well as derivatives, swaps, and other credit instruments. Even excluding loans and financial instruments set to mature before 2021—estimated by the FDIC at 82% of the above $200 trillion—LIBOR exposure is still significant³.

A financial institution’s ability to lend money is largely dependent on the relative stability of its capital position, or lack thereof. For institutions with a significant amount of LIBOR-indexed assets and liabilities, that means less certainty in expected future cash flows and a less stable capital position, which could prompt institutions to deny loans they might otherwise have approved. A change in expected cash flows could also have several indirect consequences. Criticized assets, assessed for impairment based on their expected future cash flows, could require a specific reserve due to lower present value of expected future cash flows.

The importance of fallback language in loan agreements

Fallback language in loan agreements plays a pivotal role in financial institutions’ ability to manage their LIBOR-related financial results. Most loan agreements include language that provides guidance for determining an alternate reference rate to “fall back” on in the event the loan’s original reference rate is discontinued. However, if this language is non-existent, contains fallbacks that are no longer adequate, or lacks certain key provisions, it can create unexpected issues when it comes time for financial institutions to reprice their LIBOR loans. Here are some examples:

• Non-existent or inadequate fallbacks
  According to the Alternative Reference Rates Committee, a group of private-market participants convened by the Federal Reserve to help ensure a successful LIBOR transition, "Most contracts referencing LIBOR do not appear to have envisioned a permanent or indefinite cessation of LIBOR and have fallbacks that would not be economically appropriate"⁴.
  
  For instance, industry regulators have warned that without updated fallback language, the discontinuation of LIBOR could prompt some variable-rate loans to become fixed-rate², causing unanticipated changes in interest rate risk for financial institutions. In a declining rate environment, this may prove beneficial as loans at variable rates become fixed. But in a rising rate environment, the resulting shrink in net interest margins would have a direct and adverse impact on the bottom line.

• No spread adjustment
  Once LIBOR is discontinued, LIBOR-indexed loans will need to be repriced at a new reference rate, which could be well above or below LIBOR. If loan agreements don’t provide for an adjustment of the spread between LIBOR and the new rate, that could prompt unexpected changes in the financial position of both borrowers and lenders³. Take, for instance, a loan made at the Secured Overnight Financing Rate (SOFR), generally considered the likely replacement for USD LIBOR. Since SOFR tends to be lower than three-month LIBOR, a loan agreement using it that does not allow for a spread adjustment would generate lower loan payments for the borrower, which means less interest income for the lender.
  
  Not allowing for a spread adjustment on reference rates lower than LIBOR could also cause a change in expected prepayments—say, for instance, if borrowers with fixed-rate loans decide to refinance at adjustable rates—which would impact post-CECL allowance calculations like the weighted-average remaining maturity (WARM) method, which uses estimated prepayments as an input.

What can your financial institution do to prepare?

The Federal Reserve and the SEC have urged financial institutions to immediately evaluate their LIBOR exposure and expedite their transition. Though the FDIC has expressed no intent to examine financial institutions for the status of LIBOR planning or critique loans based on use of LIBOR³, Federal Reserve supervisory teams have been including LIBOR transitions in their regular monitoring of large financial institutions⁵. The SEC has also encouraged companies to provide investors with robust disclosures regarding their LIBOR transition, which may include a notional value of LIBOR exposure².

Financial institutions should start by analyzing their LIBOR exposure beyond 2021. If you don’t expect significant exposure, further analysis may be unnecessary. However, if you do expect significant future LIBOR exposure, your institution should conduct stress testing using LIBOR as an isolated variable by running hypothetical transition scenarios and assessing the potential financial impact.

Closely examine and assess fallback language in loan agreements. For existing loan agreements, you may need to make amendments, which could require consent from counterparties². For new loan agreements maturing beyond 2021, lenders should consider selecting an alternate reference rate. New contract language for financial instruments and residential mortgages is currently being drafted by the International Securities Dealers Association and the Federal Housing Finance Authority, respectively³—both of which may prove helpful in updating loan agreements.

Lenders should also consider their underwriting policies. Loan underwriters will need to adjust the spread on new loans to accurately reflect the price of risk, because volatility and market tendencies of alternate loan reference rates may not mirror LIBOR’s. What’s more, SOFR lacks abundant historical data for use in analyzing volatility and market tendencies, making accurate loan pricing more difficult.

Conclusion: Start assessing your LIBOR risk soon

The cessation of LIBOR brings challenges and opportunities that will require in-depth analysis and making difficult decisions. Financial institutions and consumers should heed the advice of regulators and start assessing their LIBOR risk now. Those that do will not only be better prepared―but also better positioned―to capitalize on the opportunities it presents.

Need help assessing your LIBOR risk and preparing to transition? Contact BerryDunn’s financial services specialists.

¹ https://www.washingtonpost.com/business/2017/07/27/acdd411c-72bc-11e7-8c17-533c52b2f014_story.html?utm_term=.856137e72385
² Thomson Reuters Checkpoint Newsstand April 10, 2019
³ https://www.fdic.gov/regulations/examinations/supervisory/insights/siwin18/si-winter-2018.pdf
^{4 https://bankingjournal.aba.com/2019/04/libor-transition-panel-recommends-fallback-language-for-key-instruments/
5} https://www.reuters.com/article/us-usa-fed-libor/fed-urges-u-s-financial-industry-to-accelerate-libor-transition-idUSKCN1RM25T

Who has the time or resources to keep tabs on everything that everyone in an organization does? No one. Therefore, you naturally need to trust (at least on a certain level) the actions and motives of various personnel. At the top of your “trust level” are privileged users—such as system and network administrators and developers—who keep vital systems, applications, and hardware up and running. Yet, according to the 2019 Centrify Privileged Access Management in the Modern Threatscape survey, 74% of data breaches occurred using privileged accounts. The survey also revealed that of the organizations responding:

• 52% do not use password vaulting—password vaulting can help privileged users keep track of long, complex passwords for multiple accounts in an encrypted storage vault.
• 65% still share the use of root and other privileged access—when the use of root accounts is required, users should invoke commands to inherent the privileges of the account (SUDO) without actually using the account. This ensures “who” used the account can be tracked.
• Only 21% have implemented multi-factor authentication—the obvious benefit of multi-factor authentication is to enhance the security of authenticating users, but also in many sectors it is becoming a compliance requirement.
• Only 47% have implemented complete auditing and monitoring—thorough auditing and monitoring is vital to securing privileged accounts.

So how does one even begin to trust privileged accounts in today’s environment? 

1. Start with an inventory

To best manage and monitor your privileged accounts, start by finding and cataloguing all assets (servers, applications, databases, network devices, etc.) within the organization. This will be beneficial in all areas of information security such as asset management, change control and software inventory tracking. Next, inventory all users of each asset and ensure that privileged user accounts:

• Require privileges granted be based on roles and responsibilities
• Require strong and complex passwords (exceeding those of normal users)
• Have passwords that expire often (30 days recommended)
• Implement multi-factor authentication
• Are not shared with others and are not used for normal activity (the user of the privileged account should have a separate account for non-privileged or non-administrative activities)

If the account is only required for a service or application, disable the account’s ability to login from the server console and from across the network

2. Monitor—then monitor some more

The next step is to monitor the use of the identified privileged accounts. Enable event logging on all systems and aggregate to a log monitoring system or a Security Information and Event Management (SIEM) system that alerts in real time when privileged accounts are active. Configure the system to alert you when privileged accounts access sensitive data or alter database structure. Report any changes to device configurations, file structure, code, and executable programs. If these changes do not correlate to an approved change request, treat them as incidents and investigate.  

Consider software that analyzes user behavior and identifies deviations from normal activity. Privileged accounts that are accessing data or systems not part of their normal routine could be the indication of malicious activity or a database attack from a compromised privileged account. 

3. Secure the event logs

Finally, ensure that none of your privileged accounts have access to the logs being used for monitoring, nor have the ability to alter or delete those logs. In addition to real time monitoring and alerting, the log management system should have the ability to produce reports for periodic review by information security staff. The reports should also be archived for forensic purposes in the event of a breach or compromise.

Gain further assistance (and peace of mind) 

BerryDunn understands how privileged accounts should be monitored and audited. We can help your organization assess your current event management process and make recommendations if improvements are needed. Contact our team.

In auditing, the concept of professional skepticism is ubiquitous. Just as a Jedi in Star Wars is constantly trying to hone his understanding of the “force”, an auditor is constantly crafting his or her ability to apply professional skepticism. It is professional skepticism that provides the foundation for decision-making when conducting an attestation engagement.

A brief definition

The professional standards define professional skepticism as “an attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence.” Given this definition, one quickly realizes that professional skepticism can’t be easily measured. Nor is it something that is cultivated overnight. It is a skill developed over time and a skill that auditors should constantly build and refine.

Recently, the extent to which professional skepticism is being employed has gained a lot of criticism. Specifically, regulatory bodies argue that auditors are not skeptical enough in carrying out their duties. However, as noted in the white paper titled Scepticism: The Practitioners’ Take, published by the Institute of Chartered Accountants in England and Wales, simply asking for more skepticism is not a practical solution to this issue, nor is it necessarily always desirable. There is an inevitable tug of war between professional skepticism and audit efficiency. The more skeptical the auditor, typically, the more time it takes to complete the audit.

Why does it matter? Audit quality.

First and foremost, how your auditor applies professional skepticism to your audit directly impacts the quality of their service. Applying an appropriate level of professional skepticism enhances the likelihood the auditor will understand your industry, lines of business, business processes, and any nuances that make your company different from others, as it naturally causes the auditor to ask questions that may otherwise go unasked.

These questions not only help the auditor appropriately apply professional standards, but also help the auditor gain a deeper understanding of your business. This will enable the auditor to provide insights and value-added services an auditor who doesn’t apply the right degree of skepticism may never identify.

Therefore, as the white paper notes, audit committees, management, and investors should be asking “How hard do our auditors get pushed on fees, and what effect does that have on the quality of the audit?” If your auditor is overly concerned with completing the audit within a fixed time budget, professional skepticism and, ultimately, the quality of the audit, may suffer.

Applying skepticism internally

By its definition, professional skepticism is a concept that specifically applies to auditors, and is not on point when it comes to other audit stakeholders. This is because the definition implies that the individual applying professional skepticism is independent from the information he or she is analyzing. Other audit stakeholders, such as members of management or the board of directors, are naturally advocates for the organizations they manage and direct and therefore can’t be considered independent, whereas an auditor is required to remain independent.

However, rather than audit stakeholders applying professional skepticism as such, these other stakeholders should apply an impartial and diligent mindset to their work and the information they review. This allows the audit stakeholder to remain an advocate for his or her organization, while applying critical skills similar to those applied in the exercise of professional skepticism. This nuanced distinction is necessary to maintain the limited scope to which the definition of professional skepticism applies: the auditor.

Specific to the financial statement reporting function, these stakeholders should be assessing the financial statements and ask questions that can help prevent or detect flaws in the financial reporting process. For example, when considering significant estimates, management should ask: are we considering all relevant information? Are our estimates unbiased? Are there alternative accounting treatments we haven’t considered? Can we justify our selected accounting treatment? Essentially, management should start by asking itself: what questions would we expect our auditor to ask us?

It is also important to be critical of your own work, and never become complacent. This may be the most difficult type of skepticism to apply, as most of us do not like to have our work criticized. However, critically reviewing one’s own work, essentially as an informal first level of review, will allow you to take a step back and consider it from a different vantage point, which may in turn help detect errors otherwise left unnoticed. Essentially, you should both consider evidence that supports the initial conclusion and evidence that may be contradictory to that conclusion.

The discussion in auditing circles about professional skepticism and how to appropriately apply it continues. It is a challenging notion that’s difficult to adequately articulate. Although it receives a lot of attention in the audit profession, it is a concept that, slightly altered, can be of value to other audit stakeholders. Doing so will help you create a stronger relationship with your auditor and, ultimately, improve the quality of the financial reporting process—and resulting outcome.

Good fundraising and good accounting do not always seamlessly align. While they all feed the same mission, fundraisers work to meet revenue goals while accountants focus on recording transactions in compliance with accounting standards. We often see development department totals reported to boards that are not in line with annual financial statements, causing confusion and concern. To bridge this information gap, here are five accounting concepts every not-for-profit fundraiser should know:

Understanding the differences in how the development department and finance department track these gifts will allow for better reporting to the board throughout the year—and fewer surprises when you present financial statements at the end of the year. Stay tuned for parts two and three of our contribution series. Have questions? Please contact Emily Parker of Sarah Belliveau.

 

Artificial Intelligence, or AI, is no longer the exclusive tool of well-funded government entities and defense contractors, let alone a plot device in science fiction film and literature. Instead, AI is becoming as ubiquitous as the personal computer. The opportunities of what AI can do for internal audit are almost as endless as the challenges this disruptive technology represents.

To understand how AI will influence internal audit, we must first understand what AI is.The concept of AI—a technology that can perceive the world directly and respond to what it perceives—is often attributed to Alan Turing, though the term “Artificial Intelligence” was coined much later in 1956 at Dartmouth College, in Hanover, New Hampshire. Turing was a British scientist who developed the machine that cracked the Nazis’ Enigma code. Turing thought of AI as a machine that could convince a human that it also was human. Turing’s humble description of AI is as simple as it is elegant. Fast-forward some 60 years and AI is all around us and being applied in novel ways almost every day. Just consider autonomous self- driving vehicles, facial recognition systems that can spot a fugitive in a crowd, search engines that tailor our online experience, and even Pandora, which analyzes our tastes in music.

Today, in practice and in theory, there are four types of AI. Type I AI may be best represented by IBM’s Deep Blue, a chess-playing computer that made headlines in 1996 when it won a match against Russian chess champion Gary Kasparov. Type I AI is reactive. Deep Blue can beat a chess champion because it evaluates every piece on the chessboard, calculates all possible moves, then predicts the optimal move among all possibilities. Type I AI is really nothing more than a super calculator, processing data much faster than the human mind can. This is what gives Type I AI an advantage over humans.

Type II AI, which we find in autonomous cars, is also reactive. For example, it applies brakes when it predicts a collision; but, it has a low form of memory as well. Type II AI can briefly remember details, such as the speed of oncoming traffic or the distance between the car and a bicyclist. However, this memory is volatile. When the situation has passed, Type II AI deletes the data from its memory and moves on to the next challenge down the road.

Type II AI's simple form of memory management and the ability to “learn” from the world in which it resides is a significant advancement. The leap from Type II AI to Type III AI has yet to occur. Type III AI will not only incorporate the awareness of the world around it, but will also be able to predict the responses and motivations of other entities and objects, and understand that emotions and thoughts are the drivers of behavior. Taking the autonomous car analogy to the next step, Type III AI vehicles will interact with the driver. By conducting a simple assessment of the driver’s emotions, the AI will be able to suggest a soothing playlist to ease the driver's tensions during his or her commute, reducing the likelihood of aggressive driving. Lastly, Type IV AI–a milestone that will likely be reached at some point over the next 20 or 30 years—will be self-aware. Not only will Type IV AI soothe the driver, it will interact with the driver as if it were another human riding along for the drive; think of “HAL” in Arthur C. Clarke’s 2001: A Space Odyssey.

So what does this all mean to internal auditors?
While it may be a bit premature to predict AI’s impact on the internal audit profession, AI is already being used to predict control failures in institutions with robust cybersecurity programs. When malicious code is detected and certain conditions are met, AI-enabled devices can either divert the malicious traffic away from sensitive data, or even shut off access completely until an incident response team has had time to investigate the nature of the attack and take appropriate actions. This may seem a rather rudimentary use of AI, but in large financial institutions or manufacturing facilities, minutes count—and equal dollars. Allowing AI to cut off access to a line of business that may cost the company money (and its reputation) is a significant leap of faith, and not for the faint of heart. Next generation AI-enabled devices will have even more capabilities, including behavioral analysis, to predict a user’s intentions before gaining access to data.

In the future, internal audit staff will no doubt train AI to seek conditions that require deeper analysis, or even predict when a control will fail. Yet AI will be able to facilitate the internal audit process in other ways. Consider AI’s role in data quality. Advances in inexpensive data storage (e.g., the cloud) have allowed the creation and aggregation of volumes of data subject to internal audit, making the testing of the data’s completeness, integrity, and reliability a challenging task considering the sheer volume of data. Future AI will be able to continuously monitor this data, alerting internal auditors not only of the status of data in both storage and motion, but also of potential fraud and disclosures.

The analysis won’t stop there.
AI will measure the performance of the data in meeting organizational objectives, and suggest where efficiencies can be gained by focusing technical and human resources to where the greatest risks to the organization exist in near real-time. This will allow internal auditors to develop a common operating picture of the day-to-day activities in their business environments, alerting internal audit when something doesn’t quite look right and requires further investigation.

As promising as AI is, the technology comes with some ethical considerations. Because AI is created by humans, it is not always vacant of human flaws. For instance, AI can become unpredictably biased. AI used in facial recognition systems has made racial judgments based on certain common facial characteristics. In addition, AI that gathers data from multiple sources that span a person’s financial status, credit status, education, and individual likes and dislikes could be used to profile certain groups for nefarious intentions. Moreover, AI has the potential to be weaponized in ways that we have yet to comprehend.

There is also the question of how internal auditors will be able to audit AI. Keeping AI safe from internal fraudsters and external adversaries is going to be paramount. AI’s ability to think and act faster than humans will challenge all of us to create novel ways of designing and testing controls to measure AI’s performance. This, in turn, will likely make partnerships with consultants that can fill knowledge gaps even more valuable. 

Challenges and pitfalls aside, AI will likely have a tremendous positive effect on the internal audit profession by simultaneously identifying risks and evaluating processes and control design. In fact, it is quite possible that the first adopters of AI in many organizations may not be the cybersecurity departments at all, but rather the internal auditor’s office. As a result, future internal auditors will become highly technical professionals and perhaps trailblazers in this new and amazing technology.

Did you know that there was more than a 40% increase (from $4.3 billion to $6.0 billion) in civil penalties assessed by the IRS regarding employment tax, for the 2016 fiscal year?

A recent report from the Treasury Inspector General for Tax Administration calls for more cases to involve criminal investigation by the Department of Justice. This is significant because the requirements needed to prove a civil violation under Sec. 6672 are nearly identical to the requirements of a criminal violation under Sec. 7202, and a criminal violation can result, among other penalties, in imprisonment for up to five years.

The issue of employment taxes encompasses all businesses, even tax-exempt entities. For fiscal year 2016, employment tax issues were involved in over 26% of audits of exempt organizations. One main reason why employment tax is a major issue? Its role in funding our government: employment taxes make up $2.3 trillion dollars (70%) of the $3.3 trillion dollars collected by the IRS for fiscal year 2016.

And noncompliance is a major issue, with roughly $45.6 billion of unemployment taxes, interest and penalties still owed to the IRS as of December 2015. This trend of increasing noncompliance, combined with the vital role employment taxes has in funding our government helps explain why the IRS has increased focus and enforcement in this area.

Should your independent contractor truly be an employee? Did you properly report fringe benefits as taxable income to the individuals who received them? Knowing the answers to these questions can help you stay in compliance with the law. If you have any questions about your employment tax situation, or how we can help you ensure compliance on this and other tax issues, please contact your BerryDunn tax advisor.