The Journal Entry - January 2017 by UACPA

January

2017,

Vol.

White

Crime Example

How Utah has dealt with a vast amount of white-collar criminals By Chelsea Dye, MAcc, J.D. and Ron Mano, Ph.D., CPA, CFE

Charted Territory

Graphics Make a Splash with Waterfall Charts

Collar

Crime

Mission,Vision,Values Mission The UACPA Leadership supports and challenges members through advocacy, professional education, leadership development, networking, and community service, to help them succeed in a competitive and changing world.

Vision At the UACPA, our vision is to be a world-class professional association essential to our members. We unite a vibrant community of CPAs to enhance the success of our members and champion the values of the profession; Integrity, Competency, and Objectivity.

Values

ExecutiveBoard president............................................. Hollie S. Andrus president-elect...........................Gavin E. Hutchinson vice president........................................ Matthew Klein secretary...................................Sherie E. Charlesworth treasurer........................................... Jay Niederhauser member-at-large......................................Owen Ashton member-at-large.....................................Brett C. Hugie immediate past president.................... Jonyce Bullock aicpa council.......................................Brandon Allfrey pronet council...................................Joshua Turnbow ceo......................................................... Susan A. Speirs

UACPAStaff CEO........................................................ Susan A. Speirs Communications/marketing .............. Amy Spencer CPE Manager......................................... April Deneault Financial Director..................................... Tom Horn Membership Development........... Braden Thompson

Advocacy The UACPA represents the profession at the legislature and other regulatory bodies and promotes the value of the CPA to employers, the business community, and the public at large.

The UACPA provides leadership and service within the profession, within the UACPA and within the community.

The Journal Entry is published quarterly, by the UACPA 136 S. Main Street, Suite 510 Salt Lake City, UT 84101 tel: 801-466-8022 toll-free in Utah: 1-800-676-2776 email: mail@uacpa.org or log on to www.uacpa.org

Professional Development

Cover photo, Kristan Jacobsen, www.kristanjacobsen.com

The UACPA supports and encourages continuing education and leadership development.

Corrections to The Journal Entry - October, 2016 Laura Howat's name was spelled wrong in the Government Accounting article. Marie Pehrson was listed incorrectly in the board notes.

Leadership & Service

Professional Community The UACPA reinforces peer accountability to encourage members to maintain integrity and high ethical standards. We â&#x20AC;&#x2039;â&#x20AC;&#x2039; provide member to member networking opportunities and networking opportunities with other professions. We value belonging to a distinguished organization and believe that we serve as the primary resource and point of contact for Utah CPAs.

UACPA Statement of Policy CPAs have common problems and interests. This magazine has been created to share information relating to the practice of accounting. The opinions, views and articles expressed in this magazine are not necessarily those of the Utah Association of Certified Public Accountants. This magazine should not be deemed an endorsement by the

Diverse Population Outreach

UACPA or its committees or editorial staff of any views, opinions or

The UACPA believes in reaching out to under-represented populations, those returning to the profession or choosing it as a second career, and other professions.

positions contained herein. Because of the complexity of tax laws and accounting transactions and the changing status of the law, as well as variations in practices and procedures among accountants, information in the magazine should not be used, acted or relied upon, as a substitute for independent accounting or legal research and advice.

the journal entry | January 2017

in this issue | January 2017

feature story

How Utah Handles White-Collar Criminals 12 9 New Members............................................................................................4 Movers & Shakers......................................................................................5 President's Message...................................................................................6 Message from the CEO............................................................................. 7 Cover Story: Crimes of the Working Class ...........................................9 By the Numbers: Firm Facts.................................................................. 13 Protect Your Email Account.................................................................. 14 Test Your Cyber IQ.................................................................................. 17 Bring Visual Appeal to Your Graphics with Waterfall Charts...........22 Setting Realistic Goals for Your Team.................................................26 Closing the GAAP: Women in Accounting - Jill Larson, CPA..........28

Quiz: How Cyber Savvy Are You? 17

Improve Your Spreadsheets with Waterfall 22 Charts

Meet the Board........................................................................................30 Meet the UACPA Staff............................................................................. 31 Board Bullets............................................................................................ 31 Comic: Generally Excepted ...................................................................32 Meet a Member: Kevin Johansen .........................................................33 Photos: Awards & Inauguration............................................................34 Get to Know the New Ethics Requirement..........................................36

Women in Accounting: Jill Larson, CPA 28 the journal entry | January 2017

New Members

NewMembers

Congratulations to the following individuals/CPAs who were approved for membership or affiliate status in the UACPA as of November 30, 2016. Fellows Zak Nugent Scalar Analytics Haley A. Hughes Rick B. Ainge, CPA

Tyleen Limb Haynie & Company

Kyler Johnson WSRP, LLC

Bennett Rasmussen Grant Thornton LLP

Jace Wilkins Sweeney Wilkins and Associates

Brianna Miller CBIZ

Kevin Crump Pinnock, Robbins, Posey & Richins

Krystal Thompson Dixie State University

John David P. Witesman Utah Valley University

Blaise Dinkelman Namify, LLC

Mitchell Bolen Tanner LLC

Kim Proos Savage Services

Devin M. Brown Nova Care, LLC

Renu Chopra Wiggins & Co., P.C.

Tricia Kritzberg Kritzberg Consulting

Dixie State University Adam Cardon

Petrina Youhan Deloitte & Touche

Chelsea M. Dye Westminster College

Holly N. Burk Savage Services

Jeremy Andrews Advanced Copy & Photo

Weber State University Aaron Lee Heidi Roofener Evan Rollins

Michael Lewis University of Utah

Cory Brouhard Pinnock, Robbins, Posey & Richins

Brian Voigt Brigham Young University

Valerie Anderson Tanner LLC

Cathleen Gilbert Gilbert Law Office

Amy Petersen Tanner LLC

the journal entry | January 2017

Matthew J. Jensen Cook Martin Poulson, P.C. Ryan Steuart Pinnacle Accountancy Group Jordan Beckstead WSRP, LLC Student Members

Westminster College Spencer Burgoyne Moises Ramirez Ian W. Blanchette Abi Yanke Shelby Chaffos Enrique Cruz

University of Utah Jennie Messer Lacey Jones Riley Lawton Jordan Kattelman Michael Kingston Alexandra Fidone Maxwell A. Ayeliya Xin Thayne Nathan Dallin Zhen Meng Kalolaine Havea Jr Miguel Gomez Madison P. Boyle Western Governors University William Averett Kaite K. Kano Utah Valley University James Daniel Chase Reaveley Kelly Olsen Jr Benjamin R. Grimaud Bakary Camara Brittany Anderson Alex Smith Andrew Barreiros Lewis Hoopes Adam Harris Taylor Strickler Barton Tingey Other Carolanne P

Movers&Shakers

Following 42 years of service, Tanner LLC has recently elected Kevin Simister has retired from two new audit partners. Klint Hawkins Advisors. Simister joined G. Lewis has 13 years of public Hawkins in 1975 and served as accounting experience serving managing partner for 10 years. He companies in the technology, practiced in all areas of the firm software, network marketing, with a focus in helping clients in manufacturing, medical device, business entity structuring, estate real estate and banking sectors. Kevin Simister planning, tax reduction strategies, Klint G. Lewis Lewis has a Bachelor of Arts in compensation agreements, negotiations, expert witness Business Administration with and valuations. Simister has played an instrumental role a focus in accounting from the in growing the firm and training and mentoring both staff Mihaylo College of Business and clients. He served as president of the UACPA in 1994and Economics at California 95 and was recognized in 2007 as an Outstanding CPA State University, Fullerton, and a in Public Accounting. Additionally, Simister has been the Master of Business Administration captain of an emergency medical team for Pleasant Grove with an accounting emphasis City and has served on the board for the Provo Orem from the John M. Huntsman Chamber of Commerce, Governing Council of the AICPA Tyler J. Ploeger, CPA School of Business at Utah State and the Board of the Purpose Investors Network and University. Tyler J. Ploeger, CPA Chaired the Utah Valley University Business Network. has more than 11 years of public accounting experience serving companies in the technology, software, financial Karsten Hatch, has been named construction, manufacturing, biotechnology and medical an audit partner at Larson & device sectors. Ploeger earned a Bachelor of Science Company in their Salt Lake City degree in accounting and Masters of Accountancy degree office. Hatch began his career with from the University of Utah. the firm in 2005 and has been a Senior Audit Manager for the past Property Management Business Solutions (PMBS) three years. He is currently serving has promoted Philip Romney to Chief Financial as the head of Larson & Company's Officer. Romney joined the franchisor of Real Property Karsten Hatch Insurance Niche Practice Group. Management in June 2015 as vice president of accounting. Hatch is a past president, vice president and secretary/ With more than 36 years of accounting experience, treasurer of the Utah chapter of the Insurance Accounting Romney began his career in Seattle at KPMG and has held Systems Association (IASA). Hatch graduated from positions at companies in the utilities, biotech, insurance Westminster College. and online retail industries. Daines Goodwin & Co., a full service accounting firm, has joined Eide Bailly LLP, the third largest CPA firm in Utah. Tax partner Chet Goodwin says, "We've been serving the Salt Lake City area for more than 40 years, and we're excited to begin a new chapter with Eide Bailly. Our clients will have access to more resources and solutions, and we will have more time to devote to serving them and being their trusted business advisors."

the journal entry | January 2017

President's Message

Hollie Andrus, CPA

recently received a text from my credit card company asking if I had spent $400 at Lids.com. A few minutes after replying that I did not, a representative called with the standard questions: 1) Do you have the card in your possession? Yes. 2) Does your husband have his card? Yes. 3) Would either of you have made this purchase? No. 4) Would either of you have purchased these other items? No. The company immediately cancelled my card and reversed the unauthorized charges. "Good Morning America" recently reported on a new gift card scheme where a person can write down a gift card number and the authorization code (after removing the sticker covering the code), and then apply a new sticker to hide the code again. Once the card is activated and money is put on the card, the person can spend the money before the person receiving the card even has a chance to spend it! What a crazy scheme! I often wonder what this world would be like if all nefarious people put their talents to better use. It would certainly be a different world! White collar crime seeps into so many aspects of our lives â&#x20AC;&#x201D; identity theft, credit card scams, Ponzi schemes, misappropriation of money â&#x20AC;&#x201D; the list goes on and on. Why is white collar crime so appealing? It must pay. It must be worth it or it would not happen. It is fun to read about white collar crime. Itâ&#x20AC;&#x2122;s exciting to investigate potential fraud. In my office, we frequently investigate concerns regarding fraud and, in fact, investigated a slew of fraud instances in 2016 alone. If 2016 is any indication, fraud is alive and well in Utah.

for reimbursement of costs that were actually for personal expenses. Losses to the involved entities ranged from several thousands to hundreds of thousands in dollars. While the circumstances were unique to each case, the cases had a common theme: They all started small.

The November 2016 Journal of Accountancy included an article on common ways employees steal from their employers. The most common? Meal and travel reimbursements. These are typically pretty small dollar amounts. These are typically too immaterial for a financial audit statement to detect. But this is how bigger frauds, bigger misappropriations can start. An accidental swipe of the company card instead of a personal credit card for a meal can, if undetected, become so much bigger. Many of the people with whom our office has worked say they did The investigated frauds ranged from simple schemes where not expect to steal. an employee used donations to buy gift cards and then used said gift cards for personal purchases, to extremely As accountants, as CPAs, we have an incredible complicated schemes where an employee transfered responsibility to the public, to the profession, and to money between multiple bank accounts and code on ourselves to avoid the slippery slope of fraud, of white the general ledger to pocket money without detection or collar crime. where an employee falsified supporting documentation

the journal entry | January 2017

CEO's Message

Susan Speirs, CPA

yber security is a booming business. Cyber attacks and cyber security are becoming part of everyday conversation. Less than 10 years ago cyber security was seen as unnecessary or was a measure that entities took subsequent to a breach of security. In our world today, businesses have awakened to the fact that they must lock down their networks and secure their data. The IRS and our Utah State Tax Commission continue to warn tax professionals of the continuing threat from cyber criminals. Data from the Salt Lake office of the IRS indicates victims from Utah have reportedly lost $615,303 on the IRS Phone Impersonation Scam. Last year, the Utah State Tax Commission was able to secure its system after it was discovered that cyber criminals were working through tax software to obtain millions of dollars of refunds by creating tax returns from individuals who had filed in the past. While several states and individuals aggregately lost millions in refunds, Utah lost just over $15,000.

• Preventing unlawful use or disclosure of personal information collected in the regular course of business • Destroying or arranging for the destruction of records containing personal information that are not to be retained by the individual • Destroying records by shredding, erasing or modifying information so that it is indecipherable

While thoughts of a security breach automatically cause heart palpitations, if your systems are compromised you Under the Protection of Personal Information Act passed must in good faith conduct a reasonable and prompt in 2009, breach of personal security is defined as an investigation to determine the likelihood that personal unauthorized acquisition of computerized data maintained information has or will be used for identity theft or fraud by a person that compromises security, confidentiality or purposes. Furthermore, if the investigation reveals misuse integrity of personal information. Personal information has of personal information you must provide notification to been identified as a person’s first name or first initial and each affected Utah resident in the most expedient time last name combined with any data element such as a social possible without unreasonable delay. Under our current security number, a financial account number or credit or statute, the attorney general impose fines up to $100,000 debit card number or a driver license number. As CPAs, in the aggregate for violations relating to more than one especially those in public practice, it is not uncommon consumer and seek injunctive relief to prevent future to have any and/or all of these bits of information in one violations. place. As professionals who maintain personal information, we need to implement procedures as part of the Protection of Personal Information Act, such as

As CPAs we must be vigilant at all times in keeping our records, our clients' records and our employers' records secure from cyber thieves or those who would otherwise compromise the integrity of our businesses.

the journal entry | January 2017

Utah's White Collar Crime Registry How The beehive state is Tackling crime committed in the workplace

By Chelsea Dye, MAcc, J.D. and Ron Mano, Ph.D., CPA, CFE

ome argue that the State of Utah bears the dubious title “fraud capital” of America for good reason. While much of the state possesses characteristically low violent crime rates, overall the state suffers from high rates of financial fraud. The FBI has ranked Salt Lake City as one of the top five Ponzi scheme hot spots in the nation. Affinity fraud stands as the largest type of white-collar crime in Utah. Of course, affinity fraud is not a concept unique to Utah. This type of fraud occurs when the fraudster is either a member of a certain group or purports to be a member of a certain group and uses that membership to gain the trust of other members in order to further the fraud. In a case with national prominence, Bernie Madoff used his affiliation with the Jewish community to further his fraudulent activities. Either because of a common membership in a social group or religious affiliation, the “investor” tends to forego appropriate due diligence. In Utah, this common bond tends to relate to membership in the LDS Church. Roughly 60% of Utahns are Mormons and around 40% are active Mormons. LDS congregations are assigned by geographic area where all members of a congregation live in the same geographic area; with the large number of members in Utah, fellow parishioners often live in a radius of a mere few blocks. Further, interaction with fellow members in the LDS Church extends far beyond just Sunday worship with weeknight activities, service opportunities, and caring for members in need. This creates an environment where neighbors become like family and are incorporated in so many areas of life rather than just a brief interaction with someone at church on Sunday. With such close relationships of trust, fraudsters have a large field of possible “investors” in schemes. The LDS Church also functions with a lay ministry where those that serve in leadership positions do so without pay and for a limited period of time. Those with nefarious intentions could and have used their positions to gain the trust of their fellow members to further their schemes. The history of Utah’s white collar offenders includes individuals who have various backgrounds and use various strategies to defraud their victims. In the early 1980s, Grant Affleck used connections with LDS General Authorities to entice “investors” to obtain second mortgages on their homes with the promise that the payments would be made by Affleck. In exchange, the “investors” were promised large returns. For nearly 20 years, Val Southwick ran a real estate company that promised amazing returns on real estate projthe journal entry | January 2017

Feature Story Utah lawmakers fought back beginning in 2011 with modifications to the Utah Uniform Securities Act that include harsher penalties for those that use positions of authority to defraud or who prey on adults that are impaired by age, mental or physical disability. This war continued with the White Collar Crime Registry in 2015. In an effort to arm citizens with information about white collar criminals, the Utah Legislature passed the White Collar Crime Registry (hereinafter “WCCR”). Modeled after the Utah Sex Offender Registry, the WCCR allows users to search for the name of a possible offender. If the offender has registered, the system provides the user with information about the fraudster such as their name, aliases, physical description, and a list of the crimes that they have committed. The Utah White Collar Crime Registry is the first of its kind in the nation. Beginning as HB 378 (becoming Utah Code Ann. §77-42-101, et al.), the law requires a felon convicted of one or more of seven Utah statutes to register. The crimes include securities fraud, theft by deception, unlawful dealing of property by a fiduciary, fraudulent insurance, mortgage fraud, communications fraud and money laundering. The offender must register for 10 years for a first offense, an additional 10 years for a second offense, and for life on a third offense.

ects. He would bring possible investors to his office where he had various items on display that would be familiar to those of the LDS faith in order to gain their trust. Travis Wright created an investment scheme where his investors were told they were investing in short-term loans, when in fact he was using the funds to pay off old investors and investing in odd ventures like “sandwich in a can.” In June of 2016, a Utah CPA pled guilty to securities fraud and mail fraud. In addition to preparing returns for his tax clients, he is alleged to have assisted them with their retirement investments by placing their funds in what turned out to be a fake trust with himself as trustee. The allegation is that he stole upwards of $9 million. He later withdrew the plea when the judge rejected the proposed sentence. His CPA license has been revoked.

the journal entry | January 2017

In order to motivate the offenders to pay the court-ordered restitution, which is often an ignored part of the sentence, the registry allows an offender to petition for removal after five years if they have paid the restitution. Further, the offender must complete any treatment ordered by the Utah Board of Pardons, not be convicted of any further crimes, have notice provided to any victims and not have been found liable in a case that involves fraud, deceit, breach of fiduciary duty or misappropriation of funds as an element. (See Utah Code Ann. §77-42-101, et al.) The law also requires anyone convicted of the seven specified crimes between 2006 and the passage of the law in 2015 to register unless they have complied with all court orders and paid all ordered restitution in addition to not being convicted of any further crimes for which registration would be required.

Feature Story

Limitations The current model of the White Collar Crime Registry does not provide any truly new information to the public. What it does do is make some of the information more easily accessible. Although court filings in Utah are generally public, easy access is limited. A citizen may access any non-sealed court filing by visiting the courthouse in the jurisdiction in which an individual was prosecuted. The citizen may also access the filing via the court's online system. However, the online system has a setup fee and monthly access fee. Each of these direct access methods provide much more information than the registry currently includes. The registry only includes the name of the offense without any additional details. To fully inform the public, the registry would be more valuable if links to these additional documents were available. By creating such a registry, Utah leads an important fight against white-collar crime. Yet, Utahâ&#x20AC;&#x2122;s registry lacks efficacy by being the only such registry in the nation. Although modeled after the Utah Sex Offender Registry, the White Collar Crime Registry is more limited. The Utah Sex Offender Registry provides for registration for conviction of specific Utah statutes or similar crimes in another jurisdiction or in the federal system. By virtue of a law called the Lychner Act, the state of Utah is able to include these other crimes. By contrast, no such legislation exists that would give Utah jurisdiction to include convictions in federal court or another state. Thus, a person convicted of a white collar crime in Federal court in Utah, such as Grant Affleck, would not be required to register. The US Attorthe journal entry | January 2017

Feature Story ney prosecutes a large number of white-collar fraudsters. Without inclusion of these individuals, the usefulness of the registry is limited. Further, Utah’s registry creates a false sense of security for the users. If a citizen searches the name of a person with which they are considering investment and finds no registration, they may foolishly think this person is upstanding and a reasonable risk for investment when in fact they may have a criminal history that is outside of the time frame, in another state or a federal conviction. This runs the risk of the user not doing further due diligence. In hopes of limiting this issue, the registry includes a warning that “absence of an individual from the registry does not indicate that the individual is trustworthy, or that an investment proposed by the individual is legitimate and suitable for any particular investor. Learn the warning signs of fraud, and consult with your legal, financial, and tax advisors before investing.”

The Civil Law and Bankruptcy Component Rather than, or in addition to, reporting white-collar crime offenses to authorities, victims often pursue civil claims against their offender. The burden of proof is lower for civil claims (preponderance of the evidence vs. beyond a reasonable doubt), so what may be out of reach in a criminal court may be easier to accomplish in a civil court. Moreover, civil claims can be pursued at any time rather than waiting for prosecutors to pursue charges. If a court rules in favor of Chelsea Dye, MAcc, J.D. is a core adjunct at Westminster College. She has a bachelor's in accounting from Westminster College, a master's of accountancy from the University of Utah, and a juris doctorate from Brigham Young University. She has a legal consulting practice in Salt Lake City and has taught at Westminster College in the undergraduate and graduate accounting programs since 2010. Chelsea is a non-CPA Professional affiliate with the UACPA.

the journal entry | January 2017

the victim, they will be able to obtain a judgment against the offender. If the offender still has available assets, a victim may be able to reclaim some of their lost funds. The information obtained from civil complaints proves extremely valuable for those considering investment. As with criminal filings, civil filings are technically public. However, the process to obtain such filings is complex. Because civil filings are done in addition to, or rather than, criminal complaints, making civil complaints that deal with whitecollar issues more readily accessible would provide citizens an additional informational resource to prevent fraud. Bankruptcy filings also provide a resource for information for a possible investor in order to avoid becoming a victim. Many times, those that have lost civil suits for significant amounts of money proceed to bankruptcy in order to rid themselves of the judgment that followed the loss. Access to federal records is through a federal database that is also difficult for the public to find. At a minimum, providing registry users with the appropriate links of where to find such information would arm users with additional information prior to investing. The Utah Legislature took very innovative steps by creating the White Collar Crime Registry. It provides an important model for other jurisdictions and the federal government to follow suit and pass similar legislation. However, the usefulness to Utah’s citizens will be limited until there is additional legislation across the country as well as important modifications to the Utah law. ■ Ron Mano, Ph.D., CPA, CFE is a professor at Westminster College. He has degrees from the Universities of Utah and Nebraska. He is an Emeritus member of the UACPA and has served in several capacities in the Association and has published over 100 articles and made over 100 professional and academic presentations. He was on the University of Utah faculty for 12 years and on the Weber State University faculty for 25 years where he served as Department Chair for ten years.

by the

Numbers

These numbers reflect the results from the 2016 PCPS National MAP Survey

Firm Facts

13.4 18 16

Percentage of turnover rate in firms, up from 12.4 percent in 2014.

Percentage leaving the firms due to poor performance Percentage leaving the firms to pursue career in business and industry

Percentage of firms picking up the bulk of the cost of employee health care premiums

Percentage of firms offering flex-time

Percentage of firms Percentage of who reduce office firms that offer hours in the off season telecommuting the journal entry | January 2017

Phishing, Spoofing and Hacking into Your Email Account How to avoid the many schemes to obtain your info By RAndy R. Werner

ybercriminals continue to target and defraud CPA firms and their clients by deploying new phishing schemes in new guises. Many of the hackers are sophisticated and determined in their efforts to steal information and money. Damages resulting from the scams can range from several thousand dollars to several hundred thousand dollars.

tax software, but instead of providing an update, the link downloads a program that permits cybercriminals to obtain remote control of a preparer’s computer system in order to complete and file client tax returns and redirect refunds to the fraudsters’ accounts. Similar email schemes using well-known tax software company names have targeted individual taxpayers as well.

At the lower end of the range of damages are tax returnrelated schemes that target the large volumes of personal identity and financial information handled by tax preparers. The Internal Revenue Service recently warned tax return preparers about new phishing schemes in which scammers send emails purporting to come from tax software companies, fooling tax preparers into clicking on a link to update the software but which loads malware on their computers.

Lessons and Tips

The spoofing email urges recipients to click on a link to download an “important new software update” and install it. The file has the same name as the legitimate

the journal entry | January 2017

The lesson here is to never click on unexpected links or open attachments in email. Instead, use the software or other provider’s main website to connect regarding updates. Tax professionals should also run a security “deep scan” to search for viruses and malware on their computers. Providing regular staff training will enhance awareness of the dangers of phishing scams, which can come in the form of emails, texts and phone calls from scammers

Phishing, Spoofing and Hacking Into Your Email Account posing as vendors or contract workers. Effective training can make all the difference between the success or failure of a fraudulent scheme. Some experts recommend adding a data breach simulation to the training schedule at least once per year. Others will test awareness by “inoculation” in which all users are sent q benign phishing e-mail. Those who err are then educated on how to avoid the errors. Strengthening passwords for both computer access and software access is also a good loss prevention practice. Passwords should be at least eight digits long (although longer is better) with a mix of numbers, letters and special characters (e.g., “D@Wg&PoN1$#0”). Or use a passphrase that is easy to remember but change some of the letters to numbers such as “E” to “3.” For another example, “ILoveUACPA” is changed to “!L0Vuacp@.”

Hackers Stealing Tax Refunds Hackers will also send fraudulent email messages to tax preparers with bank account numbers different from the legitimate client account numbers in an attempt to divert tax refunds into their own accounts. Once the refund is sent to the wrong account, it is immediately withdrawn. The taxing authorities have no responsibility once the refund has been sent to a banking account. A common spoofing technique involves the hacker’s email address being just one letter or digit off from the legitimate client email address (e.g., “businessware.com” becomes “businesware.com”)—just enough to look like the client’s address and to get the tax return preparer to change the account number. By hovering your mouse over a link, without clicking it, you can check the address for the website. If the address is for a different website, that’s a red flag, as is a misspelled link. Tax preparers should verify with clients over the phone any changes in bank account numbers before filing. It’s also wise to have insurance coverage in case the fraudulent scheme is not detected in time. Phishing schemes may also target information such as W-2 forms, employee Social Security Numbers or credit card information. The information can then be sold or used in attacks against the employees’ own personal computers, credit cards, and other accounts.

Tax preparers should verify with clients over the phone any changes in bank account numbers before filing. It's also wise to have insurance coverage in case the fraudulent scheme is not detected in time.

Fraudulent Wire Transfers At the upper end of the range of damages are claims involving firms with authority over client funds. Business management or bill-paying services are usually involved, including regularly requested wire transfers for high net worth clients. The firms received email requests that look like prior legitimate requests but were emailed by a hacker who had commandeered a client’s email account by inserting a link or extra step into an earlier email message. The CPA/recipient clicks a link in the initial fake email from the client, opens a document such as a Word, Excel or PDF document, or enters a password, enabling the hacker to take control over the email account as well as the messages. This is called a “man in the middle” attack. When the hacker is controlling both the CPA’s and the client’s email accounts, it can be difficult to figure out that communications are being manipulated. Hackers can also divert legitimate messages from being sent out. Voicemail messages that are converted into email messages can also help a hacker perpetrate a scheme. The requested transfers are often made to a bank in a foreign country, or through a U.S. bank to a foreign bank. When the fraud is discovered after the transfer, the funds are usually not recoverable. Domestic banks are not always helpful in preventing fraudulent transfers, as laws tend to limit their risk exposures and enable them to deny responsibility.

Red Flags If asked to do anything out of the ordinary or routine, be suspicious. Messages may contain broken English that is inconsistent with the client. A new bank account receiving the funds is often a red flag, especially if the new account is in another country.

the journal entry | January 2017

Phishing, Spoofing and Hacking Into Your Email Account

Get Published in The Journal Entry

Beware of any wire transfer requests made via email and only proceed with the wire after verbally confirming with the client that they want the wire to proceed and in accordance with the directions in the email (this includes, but is not limited to, confirming the dollar amounts, the name of the financial institution and the actual bank account number).

Beware of any wire transfer requests made via email and only proceed with the wire after verbally confirming with the client that they want the wire to proceed and in accordance with the directions in the email (this includes, but is not limited to, confirming the dollar amounts, the name of financial institution and the actual bank account number).

Call senders to verify email or attachments before you open them, especially if they were not anticipated in the first place. Another way to verify transfers with a client is to have them confirm information that only they would know and to which a hacker would not have access.

Share your story and get your name in print by submitting an article to be published in The Journal Entry. The Journal Entry is published four times a year; January, April, July and October. Learn more about getting your story in print by writing Amy Spencer, as@uacpa.org

the journal entry | January 2017

As CPA firms, tax professionals and their clients continue to be victimized by cybercriminals, firms should redouble their vigilance with email and other cyber activity, and create conservative policies to prevent such crimes. A renewed effort toward preparing and educating your staff on cyber risk exposures will help deter criminals when they target your firm. â&#x2013;

Randy Werner is a loss prevention executive with CAMICO (www. camico.com). She responds to CAMICO loss prevention hotline inquiries and speaks to CPA groups on various topics. Werner has Big Four public accounting experience in federal and state tax as well as regional accounting firm experience.

Test Your Cyber IQ See how prepared you are with this 15-question quiz.

yber security has become a major risk concern for CPA firms of all sizes across the country. Trusted advisers such as CPAs should therefore be well-informed about preventive measures in order to assist their firms and clients with the pre-breach environment, and to reduce the high costs associated with the post-breach environment.

3) Which takes precedence in the event of a data breach?

Take this 15-question cyber IQ quiz to find out how prepared you are. Please select the best answer out of those presented:

4) Which of the following should be encrypted to protect PII?

1) What is a data breach? a. A laptop is lost or stolen, and it has employee personally identifiable information (PII) on it b. There is unauthorized access to your computer system and PII is taken c. Paper files containing PII are stolen by an employee d. a. and c. e. a., b. and c. 2) Most states have PII security laws that require notification if a company suffers a breach. Which companies and professional organizations are subject to these notification requirements? a. All companies b. Only large companies c. Only public companies d. Only companies in the medical and financial services industries

a. Federal laws b. State laws c. Federal or state law; whichever is more restrictive d. Generally Accepted Privacy Principles (GAPP)

a. Hard-drives b. Electronic data c. Electronic files d. E-mail e. a., c. and d. f. a., b., c. and d. 5) Which of the following would you not immediately contact if you suspect a breach: a. The firm’s attorney b. The firm’s cyber insurance carrier c. The firm’s managing partner d. Law enforcement 6) What does a “kill switch” feature do? a. Disables smart phones b. Provides remote security to tablets and laptops c. Neither a. nor b. d. Both a. and b.

the journal entry | January 2017

Test Your Cyber IQ 7) If the CPA is using cloud services to process PII, who is primarily responsible for ensuring the confidentiality of the information? a. The CPA b. The cloud services provider c. Neither

8) Cloud services providers should be willing to: a. Make a contractual commitment to support compliance with applicable laws and regulations b. Undergo external audits and security certifications, such as Service Organization Control (SOC) 1, 2 or 3 reports c. Implement measures for physical security as well as data security d. a. and c. e. a., b. and c.

9) How might an employee’s computer become infected with a “drive by” download? a. The employee’s mobile device gets too close to another mobile device b. The employee visits a malicious website c. The employee downloads a file from the Internet d. a. and b. e. a. and c.

10) You receive an email message informing you of an issue with your bank account. The message includes a phone number to call as well as a link to access your account. The message format is similar to others you've received from your bank; however, you are aware of phishing scams and want to be careful. What is your best course of action? a. Delete the email b. Look for suspicious elements in the email, and if you feel it is legitimate, then click on the link but don’t enter any information c. Call the bank directly using the phone number provided on the back of your bank card 18

the journal entry | January 2017

11) When recycling or disposing of hard drives, which of the following are best practices? a. Creating an audit trail of serial-numbered inventory of equipment b. Obtaining vendor certification that personal data has been destroyed c. Pounding the drive with a hammer until it is unusable and tossing it into a trash can d. a. and b. e. a., b. and c.

12) In the event of an actual or potential PII breach, which of the following is a correct initial response to the incident? a. Stop the source of the incident by turning off or rebooting the system b. Do not turn off or reboot any systems

13) When discussing or communicating a potential PII incident, avoid using the term(s): a. “lost laptop” b. “potential malware intrusion” c. “breach”

14) When discussing or communicating the incident, which of the following is least preferred? a. Communication on a “need to know” basis b. Face-to-face communication c. Email communication d. Telephone communication 15) When using a cloud services provider that stores information overseas, which of these two options is safer: a. a U.S.-based provider with a foreign branch b. a foreign-based provider with a U.S. branch

Test Your Cyber IQ Answers 1) Answer: e. a, b. and c. Ascertaining a legally defined breach is a complex process and requires the assistance of an expert specializing in security issues. A breach can be the loss of laptop or paper records, or the theft of these records in person, or over the Internet, or the accidental posting of personally identifiable information (PII) on the Internet. The list goes on and on. If you suspect a breach, contact your attorney and other risk advisers. Some definitions: The U.S. General Services Administration in its Oct. 29, 2014, memo on “GSA Rules of Behavior for Handling Personally Identifiable Information (PII)” defined “data breach” as including “the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users with an authorized purpose have access or potential access to Personally Identifiable Information, whether physical or electronic. In the case of this policy, the term ‘breach’ and ‘incident’ mean the same.” The GSA memo also defined “Personally Identifiable Information (PII)” as “information about a person that contains some unique identifier, including but not limited to name or Social Security Number, from which the identity of the person can be determined.” The federal Office of Management and Budget (OMB, memo M-10-23, June 25, 2010) stated: “The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available—in any medium and from any source—that, when combined with other available information, could be used to identify an individual.”

2) Answer: a. All companies. State PII laws differ by state, but most states require that once a company has determined it has been breached, or PII has been accessed by an unauthorized party, the company must notify the office of the state Attorney General and, in many cases, other state agencies. The mandated time period for reporting to notify the state and potentially impacted parties varies from a “reasonable” time period to 30 or 60 days. Many states require companies to indicate how they plan to secure PII and what they will do if their PII is breached. 3) Answer: c. Federal or state law; whichever is more restrictive. The federal laws take precedence if they are more restrictive than the state laws, but the state laws take precedence if more restrictive than the federal laws. In addition, most federal laws give the power to the state Attorney General to levy fines. Further, many state laws require a company to be compliant with that state’s law if a company in another state has the PII of a resident of the first state. The prime example is Massachusetts, which requires a company to comply with its laws, regardless of where the company resides, if the company has PII of a Massachusetts resident. In some cases if a company does not verify that its vendors are in compliance, it must communicate not having taken these precautions with all potentially impacted parties. In other cases the PII laws of foreign countries have to be respected as well. GAPP is not law but criteria developed by the AICPA and CPA Canada to assist organizations with the management of confidential information.

4) Answer: f. a., b., c. and d. Hard-drive encryption secures data in the event a computer is lost or stolen. Data encryption protects PII such as Social Security numbers. File encryption protects files and email attachments, such as a PDFs encrypted with a password or passphrase. Email digital certificates protect entire email messages, including the body of the message, as part of a subscription service.

the journal entry | January 2017

Test Your Cyber IQ 5) Answer: d. Law enforcement. The firm will first need to verify whether a breach has actually occurred as defined by state and federal laws, and the firm’s attorney, cyber insurance carrier, and managing partner will help make that determination. If a breach has occurred, the next steps would be to comply with state and federal laws, which may require reporting to law enforcement.

6) Answer: d. Both a. and b. Remote security is especially useful in preventing access to protected files in the event a computer, tablet, smart phone or USB storage drive has been lost or stolen. Encryption policies and other protective actions can be managed by the firm or by a third-party managed service provider (MSP). Some services are available by online subscription, without the need to purchase or support hardware or software infrastructure.

7) Answer: a. The CPA is responsible and should perform the necessary due diligence to address any potential threats to compliance with the “Confidential Client Information Rule.” Therefore, before disclosing confidential client information to a third-party service provider, a CPA should do one of the following: a) Enter into a contractual agreement with the thirdparty service provider to maintain the confidentiality of the client information and ensure that appropriate procedures/safeguards are in place to protect such information. b) Obtain specific consent from the client before disclosing confidential information to the third-party service provider.

8) Answer: e. a., b. and c. Cloud services providers should be willing to provide several types of assurances to CPAs regarding the security of client information, including an incident response plan. As part of the plan, the provider and the CPA should determine ahead of time who will lead the response team, prepare client notifications, and provide legal counsel. The provider should also have insurance in place to cover the damages 20

the journal entry | January 2017

resulting from a breach. Otherwise, the CPA firm may be responsible for such damages — a good reason for the firm to have cyber insurance coverage in place.

9) Answer: b. The employee visits a malicious website. An employee’s computer could become infected with malware from a malicious website just by visiting it, without stopping to click or accept any software. This method of infection is usually limited to users with unpatched or outof-date software that has a security flaw.

10) Answer: c. Call the bank directly using the phone number provided on the back of your bank card. This is the best approach, even if the message appears to be legitimate. Use a phone number that you already know and trust to be the bank when calling to verify, not a number within the email. Never click links or visit websites included or mentioned in any suspicious or unfamiliar email or senders. By hovering the cursor over links without clicking them, you can sometimes gain more information and assurance, but not always.

11) Answer: d. a. and b. Hard drives and other computer components need to be recycled, due to the metals they contain. The Environmental Protection Agency has been known to impose substantial fines for companies not documenting proper computer disposal. Use a reputable data destruction vendor that will certify destruction when recycling computers.

12) Answer: b. Do not turn off or reboot any systems. First record critical facts regarding the incident, such as date and time the incident was discovered, who discovered the incident, what occurred, what systems, applications and information were potentially compromised, and what data elements were included (e.g., name, date of birth, Social Security number, or any other PII). Once this information has been recorded, the affected systems should be backed up or mirrored to enable future analysis, including forensic analysis.

Test Your Cyber IQ 13) Answer: c. “breach.” Using the term “breach” can trigger legal obligations. Instead, refer to the event as a “security incident” or simply what it is, such as “a lost laptop” or “potential malware intrusion.” Your attorney and other risk advisers will help you determine whether a breach, as defined by law, actually occurred.

14) Answer: c. email communication. Care must be taken in managing communications and discussing the incident. Limit discussions to a need-to-know basis, with communications taking place over the phone or face-toface rather than by email, which may be compromised if an incident is still in progress.

15) Answer: a. a U.S.-based provider with a foreign branch. If your firm outsources work containing PII, the more contacts an offshore provider has in the U.S., the more legal recourse the client and CPA have in the event of an unauthorized PII disclosure.

Get Involved! The Utah CPA PAC works to enhance the image of the profession and increase the influence of the association with decision makers in Utah.

With support from members of the UACPA, our goals are to 1) Improve the quality of our community

Scoring 13 to 15 correct = Excellent. Keep it up! 10 to 12 = Good. Build your knowledge! 9 or less correct = Fair. Time to brush up! To learn more about CAMICO’s risk management, breach response services, and cyber coverage, visit www.camico. com and click “Solutions” and “Cyber Coverage.” Or call 1-800-652-1772. ■

through good government 2) Assure that the UACPA is invited to the table on taxation, business policy and other relevant community issues 3) Have access to the decision makers in State Government when needed

Learn more by searching "PAC" at uacpa.org

the journal entry | January 2017

Create Off the Charts Charts Making Data Graphical with Waterfall Charts By Ash Noah, CPA, FCMA, CGMA and VP By Craig Houmand, CPA of CGMA External Relations, AICPA

t’s been said that a picture is worth a thousand words. So, how do you translate a collection of numbers into a concise eye-appealing graphic? Use a waterfall chart. Simply, a waterfall chart is a data visualization of the cumulative effect of positive and negative values. Usually, the initial and final values are represented by whole columns, while the intermediary values are floating columns. The columns are color coded so you can distinguish positive from negative numbers (e.g., green represents an increase; red represents a decrease). Waterfall charts are insightful for a variety of scenarios, from visualizing profit and loss statements to highlighting budget variances on a project. Creating a waterfall chart in Office 2016 is fairly easy to do. First, select your data table. Next, click Insert>Insert Waterfall or Stock Chart>Waterfall. 1

However, creating a waterfall chart in a version earlier

the journal entry | January 2017

than Office 2016 is somewhat challenging. Basically, it’s about using a two-dimensional column chart and making the base series invisible. However, if your data ever crosses over into negative territory, this floating column chart approach fails. To overcome this problem, you need to use up-down bars while hiding the line chart series. 2 Of course, the easiest way to make a waterfall chart in Excel is to use a pre-made template. A template is helpful if you don’t have a lot of experience building waterfall charts. I’ve created an Excel waterfall template workbook that is both easy to use and handles values crossing the x-axis. You can download this template by visiting www.uacpa. org/waterfall Once you’ve downloaded this file, open a sample worksheet. Enter your data into the input table and see the corresponding waterfall chart update automatically.

Create off the charts charts Depending on your reporting need, you can hide a row (or rows) in the graphic by clicking on corresponding drop-down buttons.

If you have Office 2016, the workbook outlined here works well with this software suite. After experimentation, you may find this template meets your reporting requirements well enough that you do not need to construct a waterfall from scratch.

After updating a waterfall chart to meet your needs, save your file. Next, copy and paste your chart into a PowerPoint presentation, dashboard, or report as an image. The downloadable workbook includes the three examples highlighted in this article. You can easily modify one of these spreadsheets for your particular application.

References: 1. See https://support.office.com/en-us/article/Create-awaterfall-chart-in-Office-2016-8de1ece4-ff21-4d37-acd7546f5527f185 2. See http://peltiertech.com/excel-waterfall-charts-bridgecharts/

Input Overview Waterfall graphic labels and values are input in columns B and C. To hide a respective variable, simply click on the drop-down button in column G and select No.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

A Line 1 2 3 4 5 6 7 8 9 10 11 12 13

B X Axis Initial First Second Third Fourth Fifth Sixth Seventh Eighth Ninth Tenth Eleventh Twelfth Final

C Values 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0

D Ends 0.0

0.0

E Before

F After

0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0

G Include Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

>> Continued on p. 24

the journal entry | January 2017

Create Off the Charts Charts

Example 1 This waterfall highlights year-to-date budget net income versus year-to-date actual net income and shows the critical variables management should focus on to meet or exceed the net income budget target goal for the upcoming reporting period. 49.5 49.0

0.4

48.5

-0.4 -0.5

0.9

48.0

-0.9

47.5

1.1

47.0

-1.2

46.5

46.6

46.0 46.0

45.5 45.0 44.5 Sep 2016 Budget

Other O&M

Employee Related

Contracted Services

Supplies & Equipment

Interest Expense

Labor Overhead

Revenue

Sep 2016 Actual

Example 2 The waterfall here highlights net income of a company over a yearâ&#x20AC;&#x2122;s period of time and helps the reader visualize the cyclical net income loss during the summer months. 30.0 3.0

25.0

-7.0

2.0 3.0

20.0

4.0 1.1

15.0 10.0

8.0

-15.0

5.0 6.0 10.0 5.0

5.0

-8.0

0.0 -5.0

20.0

4.0

Start

Jan

Feb

Mar

the journal entry | January 2017

Apr

May

Jun

Jul

Aug

Sep

Oct

Nov

Dec

End

Create off the charts charts

Example 3 This waterfall shows the value chain that adds up to the net present value of a proposed capital investment. A viewer of this chart can see the relative importance each individual variable has on NPV.

30.0

12.0

-5.0 0.4

25.0

-4.0

20.0 -3.0

15.0

14.0 -2.0 -6.0

10.0 -0.5

-1.2

5.0

4.3

0.0 Revenue 1

Revenue 2

Materials

Labor

Overhead

G&A

Capital

Closure

Taxes

NPV @ 8%

Craig Houmand, CPA works as a corporate planning adviser at Dominion Questar in Salt Lake City, UT and is a member of the UACPAâ&#x20AC;&#x2122;s Business Valuation Conference committee. He can be reached at craig.houmand@ questar.com

the journal entry | January 2017

Set Goals that Won't Lead Employees Astray Find a balance without setting the bar too high or too low. By Ash Noah, CPA, FCMA, CGMA and VP of External Relations, AICPA By CGMA Sabine Vollmer

etting performance goals to promote growth is tricky.

Although aggressive goals can spark great accomplishments, they also can lead to bad behaviour by employees who may be willing to bend or break rules in pursuit of those goals. At financial services company Wells Fargo and automaker Volkswagen, aggressive goal-setting led to fraud and cost each company customer trust and record fines, said Bonnie Hancock, executive director of N.C. State University’s ERM Initiative. “When the stakes are high — ie, employees worry, ‘If I don’t meet this goal, I’ll lose my job or I’m going to get a poor performance evaluation’ — then they may game the system,” Hancock said. Finding middle ground between setting the bar too low and too high is challenging, she said. Thought needs to be put into analyzing potential actions that employees

the journal entry | January 2017

may take to achieve goals, and ways to prevent or detect potentially harmful actions should be developed. Also, companies should identify behaviour that’s off limits and install controls to detect it. “If a company really has to set stretch goals,” Hancock added, “it has to be careful not to be punitive if those stretch goals aren’t met.”

Fast Growth, Big Risks Wrays, an Australian firm of patent and trademark lawyers established almost 100 years ago, is well aware that rapid expansion goals carry risk. The firm focused on aggressively growing its client base, especially in its Sydney and Melbourne offices, since the Australian government released plans last year to support economic growth through entrepreneurship and innovation.

Set Goals that Won't Lead Employees Astray “While income and profit are very important, without first delivering quality of service, we would not be serving our clients’ needs,” said Wrays CFO Robert Pierce, ACMA, CGMA.

questions asked, can also be used to collect qualitative opinions. In Wrays’s case, the customer surveys help determine whether clients are satisfied with the firm’s service.

To further its growth goals and accommodate clients frustrated with high hourly charges, Wrays has set fairly modest hourly rates for its services. Bonuses for Wrays’s professional staff start at 5% above targets, Pierce said. To make sure the quality of service doesn’t suffer, Wrays surveys its clients every month. Survey questions include inquiries about whether clients’ emails and calls are answered promptly. Clients are also asked whether they would refer Wrays to peers, and their responses are tallied and tracked monthly at the board level.

Employee surveys can be used to gauge how lower-level employees interpret management’s risk appetite, Hancock said. Employees are asked, for example, which trade-offs they are willing to make in pursuing specific goals. The responses help determine whether there’s a gap between what employees do and what management would want them to do.

“You have to have some measurable goals, but you also have to take into account some qualitative factors and some judgment,” Hancock said. “If you’re just blindly following numerical goals, you might hit the goal but miss the mark in terms of what you’re trying to achieve.”

Setting Achievable Goals

Employee surveys can be used to gauge how lower-level employees interpret management's risk appetite, Hancock said. Employees are asked, for example, which trade-offs they are willing to make in pursuing specific goals. The responses help determine whether there's a gap between what employees do and what management would want them to do.

To ensure performance goals are appropriate and to detect bad behavior as the goals are implemented, Hancock suggested using the following tools:

Pre-mortem analysis. To test whether a goal may trigger unintended and unwanted consequences, a pre-mortem Balanced scorecard. To tie business activities to the analysis starts with the assumption that the worst organzation’s vision and strategy, a balanced scorecard possible outcome that could occur has happened. The offers a framework that provides executives and managers a balanced view of organizational performance. potential trigger is found by backtracking and analyzing Multiple measurements are used to monitor performance what could have caused the outcome. against multiple strategic goals. Once potential bad behaviors are identified, ways to Wells Fargo, for example, got into trouble relying too much on one performance measurement — eight products per customer — to determine the success of its cross-selling strategy. A more balanced approach would have included consideration of other indicators towards its strategic goal, which, Hancock said, was probably cementing deep customer relationships.

prevent or detect them can be built in, Hancock said.

Periodic surveys. Polling customers or employees is a tool to measure interactions and, depending on the

Sabine Vollmer (svollmer@aicpa.org) is a CGMA Magazine senior editor.

Periodic audit. Companies that have done pre-mortem analyses and installed controls to detect bad behavior can then perform periodic audits of a sample of transactions that count towards a certain goal. These risk assessments would have to be done before annual audits to determine incentive compensation. ■

the journal entry | January 2017

Closing the Gaap â&#x20AC;&#x201D; Women in Accounting

Jill Larson, CPA Interview By Cathie Hurst, CPA

ill Larson graduated from Weber State University with a Master of Accounting and began her career at KPMG in audit. It led her to a career in the alternative investments industry, which she has been doing for the past two decades. "It is interesting but not uncommon that working on a small account at KPMG led me to working for a client," she says. "I accepted a position at a small hedge fund administration firm about two years after starting at KPMG and have been enjoying working in that field and watching it grow and change ever since." The firm has increased from four to 160 employees, having grown strictly by word of mouth for the first 13 years. It became a larger organization in 2009 after being acquired by a mid-size bank. Larson is the Senior Vice President over Operations for the Alternatives Investments division of UMB Fund Services. When she's not working, Larson is busy raising three children, enjoying the outdoors and spending time with family and friends.

What would you be doing if you were not a CPA? If I was able to do something completely outside of what I studied, I would love to do something that allowed me to make or build something. I have no idea what that would be. If there were something where you could step back and look at something and see progress and not wonder why there were 100 unread emails when you got to work and there are 100 unread emails at the end of the day yet you were responding to emails nearly the entire day, Iâ&#x20AC;&#x2122;d want to try that. What led you to a career as a CPA? I always gravitated to numbers and things that could be proven mathematically. Like so many students, I took classes hoping to find something that clicked and the accounting, finance and business statistics classes did that. I learned more about opportunities and liked that accountants are always needed no matter the type of business or venture. I liked the options where you could work in accounting but also choose to work in many different industries or fields.

Closing the GAAP — Women in Accounting What do you enjoy doing outside of work? Pretty much anything that doesn’t require me to look at a computer screen. My first love is spending time with my family, which usually involves chasing them from activity to activity. My time spent watching soccer games and dance recitals should make me an expert in all things soccer and dance. I’ve learned to enjoy the moments spent driving kids to and from activities, a chore I used to try to pawn off on anyone in ear shot. We are also avid Real Salt Lake fans and you can find us at most home games cheering on the team. Outside of the responsibilities of being a busy mom, I love being outdoors. My favorite activities are hiking, running and skiing. Running keeps me sane, and I love that I can enjoy that hobby no matter where I am. I spend most of my summers hiking in Utah, Idaho and Wyoming. My family spends a week every year at Snowbird during the summer and we have checked off nearly every hike in Little and Big Cottonwood canyons. I also spend a lot of time near the Tetons in the summer and have climbed the three main peaks. Every summer I tell myself I’m going to golf more — looks like I’ll have to remind myself of that again next summer. What advice would you give other female professionals? Surround yourself with people who are supportive and who you can trust. Be yourself, be confident and don’t be afraid to show people what you can do and what you know. What path did your career take in order for you to hold the position you are in today? Starting my career at a firm that was small allowed me to understand the importance of team work, building strong relationships with people and self motivation. I was fortunate to have a boss who gave me the freedom to learn new things, pushed me to take on that challenging new client and give me direct and sometimes painful feedback. Learning in this environment helped me see the big picture rather than focus on tasks. As the firm grew, more opportunities presented themselves. Do you know any accounting jokes? Accountants Best Defense: We’re not boring people. We just get excited over boring things. What advantage do you have as a professional woman in the accounting profession? I don’t know that being a woman gives me any advantages, but I've heard that

women are better listeners, apparently I listened, right? I think having the ability to actively listen to others, understand situations, remain calm and make good rational decisions has helped me. What advice would you have for male professionals as they interact with female professionals? Not to be too cliché, but if you find the subject of sports to dominate every casual conversation during meetings try a new topic every now and then. This is somewhat true, and I have been in meetings where I have nothing valuable to add to the conversation and it’s frustrating. I would also say be inclusive and mindful of everyone around you. You never know when and where that relationship will be beneficial. Do you have a mentor? How have mentors helped you in your career? I have had many mentors over the course of my career. Starting with the person who recruited me at KPMG to people who have been my bosses and now to people whom I no longer work directly with but still seek out for advice. For me, a mentor has helped me understand things around me that are new or foreign, has been someone to bounce ideas off of and get objective advice, and has introduced me to people or ideas. I have been very fortunate to have several mentors who have made a meaningful impact on me and my career. They are the first people I can turn to when faced with a challenge to get an objective strategic perspective. What advice do you live by? “In three words I can sum up everything I’ve learned about life: It goes on.” — Robert Frost. When you’re young, it seems to drag on, when you get older you wonder where it went. In the end, I go by the words in one of my favorite James Taylor songs: "The secret of life is enjoying the passage of time." ■

Cathie Hurst, CPA, earned her Bachelors and Masters Degrees from WSU. After working in public accounting for over 16 years at Ulrich & Assoc., Cathie recently made the move to an accounting position at Academica West, working in Charter School management.

the journal entry | October 2016

Meet the Executive Board

Q: What are your goals for 2017? Hollie Andrus, CPA President

Gavin Hutchinson, CPA President-Elect

I hope to finish my Rosetta Stone French lessons. We are going to France and I want to be able to converse even if just a little bit. And I always want to be more physically fit. Here's to a great new year!"

My goals for the coming year are to increase the amount of time that I am able to cycle and to visit a new part of the world so that I can expand my life experiences.

Matthew Klein, CPA Vice President

Jay Niederhauser, CPA Treasurer

One year I tried setting goals each month, it lasted two months instead of one. I want to focus on time management in order to become more efficient and productive. A true accountant!

Josh Turnbow, CPA ProNet

Sherie Charlesworth, CPA Secretary

I look forward to an exciting and memorable coming year. My goal is to capture those great and exciting moments.

To take time each day to appreciate all the good things in my life.

Susan Speirs, CPA CEO

Jonyce Bullock, CPA Immediate Past President

For 2017, I’d like to make my husband a quilt he can call his own. I’ve made several quilts over the years for children, parents, in-laws and friends, so now it’s time to make one for Steve.

My goals for 2017 include working fewer hours and spending more time with family, serving others, and backpacking (while I still can!). I love what I do but, at this stage of my life, I need to find a better balance.

the journal entry | January 2017

I resolve to spend less time on email!

Owen Ashton, CPA Member-At-Large Be more constantly cognizant of my values and priorities in life and better focus my time, energy, and behaviors around those things.

Meet the UACPA Staff

Q: What are your goals for 2017? April Deneault CPE Manager

Brandon Allfrey, CPA AICPA Council Representative This may sound funny, but I have a goal to significantly improve my handwriting in the new year. In watching my kindergartener’s handwriting skills blossom, I’ve realized how much mine have slipped with my use of technology.

Board Bullets

News from the UACPA Board

Here is a glance at what has been happening at the Utah Association of CPAs: • The board approved language to update our accounting statute that will help attest language to conform to the rest of the country and jurisdictions. A huge thanks to our attest committee for their time and efforts. This will go before the 2017 Utah State Legislature. • Names submitted from the nominations committee were approved for the fiscal year beginning April 1, 2017. Calls will be made; the new board will be introduced in the April 2017 issue of The Journal Entry. • Report was given on the four pillars of the strategic plan. The UACPA continues to move forward in its efforts of advocacy, membership growth, engaged membership and the future of learning.

My goals/resolutions for the new year are the same as every year: to get into shape and eat better. This year I want to start running. I would also like to finally finish my basement. We ripped up the carpet 2 years ago with the intention of putting down laminate flooring.

Braden Thompson Membership Development Coordinator This year I want to skip rocks on as many mountain lakes as I can, publish a children’s book that I’ve been working on, and do my part to keep the donut shops around Salt Lake in business.

Amy Spencer Marketing & Communications Manager I eat out way too much, and I'd like to work on cooking at home more without succumbing to a convenience program like Blue Apron. I also want to add 10 minutes of meditation to my day. It's all about improving my healthy, wealthy and wise game.

Tom Horn Financial Director One of my main goals or resolutions for the new year is to maintain my health by eating healthier foods and walking more. Also, I hope to spend more time visiting the National Parks in Utah.

the journal entry | January 2017

20% 30% 50% 80% Selling On OFF! OFF! OFF! OFF! Your Own? For Sale by Owner = Discount to Buyers. Accounting Practice Sales is the largest facilitator in North America for selling accounting and tax practices. Our access to the greatest number of potential buyers provides you the best opportunity of matching not only with the right buyer but also obtaining the optimum price and terms. Contact us today so we can sell your practice for what it is worth. Ryan Pannell Toll Free: 800.397.0249 www.AccountingPracticeSales.com ryan@accountingpracticesales.com 32

the journal entry | January 2017

MEet a uacpa member

Five Minutes with Kevin Johansen, CPA Kevin Johansen, CPA was born and raised in Salt Lake City as the youngest of six children. He attended Skyline High and joined the US Army after graduation. The University of Utah graduate is an audit partner with KPMG where he has been for 28 years. Kevin and his wife have four children. Tell us about the highlights in serving in the military. I did basic training in Fort Jackson South Carolina and trained as a combat medic at Fort Sam Houston in San Antonio, Texas. I joined the 328th General Hospital Army Reserve unit at Fort Douglas. In 1990, my unit was activated to serve in operation Desert Storm as part of the liberation of Kuwait from Iraq. At the time, I was a senior at KPMG and just starting my career in public accounting. KPMG gave me a leave of absence and was supportive of my activation. It was a bit unnerving, but in retrospect I am proud to have served.

What led you to become a CPA? It was very random and unplanned. I was in the business school at the U. and I went to a career event that was touting the opportunities of going to work for one of the “Big Eight” accounting firms. At the end of the event there was a KPMG partner (Duane Blackley) who invited those interested to his home for a social event. After going to his house and visiting with him and his wife, public accounting sounded like the dream job. Decent money, lots of golf, and not too much work. I thought, “Wow, this is my kind of job!” Not sure how accurate that description is of working in public accounting, but that’s how I got into it. What have been your proudest moments as a CPA? Working in a profession where you are rewarded for doing the right thing.

What would surprise people to know about you? While riding my bike around Bear Lake (just past the LeBeau’s Raspberry Shake) I hit a deer! I destroyed my bike and suffered a broken pelvis. What do you like to do ouside of work? I am an avid cyclist. I have been a regular participant in LOTOJA (seven times) and the Ultimate Challenge. I love the outdoors and enjoy skiing, hunting, golfing, and hanging on the beach with my family. Additionally, we enjoy cheering for the University of Utah football and basketball teams, the Dallas Cowboys, Utah Jazz and New York Yankees. What advice do you live by? A quote by John Wooden, “Be more concerned with your character than your reputation, because your character is what you really are, while your reputation is merely what others think you are.” ■ the journal entry | January 2017

Photos, Awards & Inauguration The Annual Inauguration & Awards Banquet, sponsored by the BYU School of Accountancy and Squire, was held Thursday, Sept. 29 at Noah's. Paralympic athlete Chris Waddell delivered the keynote address to award winners, 100% member firms and newly licensed CPAs. The 2016 award recipients honored are Distinguished Service Clark A. Wilkinson, CPA MacRay A. Curtis, CPA Outstanding CPA in Business & Management Stacy K. Weight, CPA Outstanding CPA in Public Practice Wade K. Watkins, CPA Outstanding Leadership Council Member Megan D. Bronson, CPA Outstanding Educator T. Jeffrey Wilks

Rising Star Jason Tomlinson, CPA Jeannie Patton Service Award Sherman H. Smith, CPA Lifetime Member Larry Deppe, CPA Women to Watch: Experienced Leader Tamra L. Dayley, CPA Women to Watch: Emerging Leader Kathryn Fargam, CPA Monica Teuscher Gardner, CPA

CPAs licensed between August 2013 and July 31, 2016 recognized are Ryan Treglown, CPA Julie Linton, CPA Brittany Brown, CPA Garrett Best, CPA Courtney Booke, CPA J Rad Clark, CPA Tyler Hoskins, CPA Thaylene Rogers, CPA Shane Myers, CPA Kyle Swenson, CPA Jasmine Ridley, CPA Mindy Adamson, CPA John Nielsen, CPA Sarah Haskin, CPA Andrew Klemme, CPA Arthur Warsoff, CPA R. Mark Ashby Jr., CPA Greg Spjute, CPA Justin Ware, CPA Tiffany Liu, CPA Maria M Rowley, CPA Spencer Hay, CPA Abel Mkina, CPA Kierstin Ann Brady, CPA Devin Woodard, CPA Annette Andersen, CPA Johnn Miles, CPA Jon N. Saunders, CPA David Alan Smith, CPA Jenny Svelund, CPA Robert Hayden, CPA Haley Hughes, CPA Scott Klema, CPA Ryan Curtis Sampson, CPA

the journal entry | January 2017

Christopher D. Jepsen, CPA Scott Radmall, CPA Jordan Toone, CPA Monica Christensen, CPA Callie McDaniel, CPA Jared Burge, CPA Jessica Watson, CPA Benjamin Langley, CPA Alexis Harrison, CPA Weiran Lu, CPA Kate Gallacher, CPA Greg Acton, CPA Brady Coats, CPA Kathryn Grover, CPA Darrin Bronson, CPA Ashley Christenson, CPA Tom Sayasith, CPA David Jamison, CPA Thomas Hezseltine, CPA Allison Matheson, CPA Brianna Miller, CPA Evan Briggs, CPA Karl Taylor, CPA Nick Suvorov, CPA Yachen Suvorov, CPA Elizabeth Higgs, CPA Ryan Alexander, CPA Erin Jacobs, CPA Sheila Sawka, CPA Noah Myers, CPA Kyler Williams, CPA Suzette H. Carter, CPA Jihye Green, CPA Joshua Meyer, CPA

Photos, Awards & Inauguration

the journal entry | January 2017

Get to Know the New Ethics Requirement

Beginning this reporting period, CPAs in Utah are required to earn three hours of ethics education and one hour of Utah laws and rules as part of their 80 hours of CPE. What is the new ethics requirement in Utah? The language of R156-26a-303b(2)(a) states: The 80 hours shall include at least one hour of education on the Utah Certified Public Accountant Licensing Act and Certified Public Accountant Licensing Act Rule and at least three hours of ethics education which shall cover one or more of the following areas: The AICPA Code of Professional Conduct, case-based instruction focusing on real-life situational learning, ethical dilemmas faced by accounting professionals, or business ethics. What classes can I take to fulfill this new requirement? The UACPA has produced a webinar that will be available in January 2017 to meet the requirements of the Utah Laws and Rules that will be available on our website and free to members. UACPA conferences typically have an ethics breakout or section as well. You can also register for other ethics courses at www.uacpa.org/ethics 36

the journal entry | January 2017

If I'm licensed in another state, do I have to take the Ethics course? If you are licensed in another state you must comply with your state's ethics requirements. Should you chose to also be licensed in the state of Utah, you will be required to comply with the new ethics requirement. How do I report my CPE with the new requirement? CPE for the December 31, 2017 reporting cycle will be due by January 31, 2018 to the Department of Occupational and Professional Licensing (DOPL). The form will ask you to report on the ethics courses you took during the cycle. How do I know if the course I am taking qualifies for the Utah Ethics requirement? Preapproved classes will be listed at www.uacpa.org/ethics. If your class is not listed there, you can submit an application to the Utah CPE Registry through www.uacpa.org/cpeapproval. CPE Approval Applications will be reviewed and returned within seven business days of submission.

Member Benefits

The UACPA Honors 100% Membership

AGILITY

Congratulations to the firms and businesses curerently participating in the UACPA's 100% membership program. This demonstrates their commitment to the profession, to the Association's high ethical standards and a commitment to life-long learning.

The UACPA's Affinity Partners help you get the most out of your membership Agility offers UACPA members a 10% discount on any of their ReadySuite solutions. Contact Trevor Mickelson at 720-490-4531, or Trevor.Mickelson@agilityrecovery.com.

ADP

ADP offers free payroll and free 401k services to Members and its affiliates. Please contact Megan Di Muro at 303-6533248 or Megan.DiMuro@ADP.com for more information

World Benefit Solutions

PUBLIC PRACTICE • Allred Jackson • CBIZ • Cook Martin Poulson • Davis & Bott • Eide Bailly • Hawkins Cloward & Simister • Haynie & Company • Jones Simkins • Pinnacle Accountancy Group • Pinnock, Robbins, Posey & Richins • PricewaterhouseCoopers • Savage Esplin & Radmall • Squire • Stayner Bates & Jensen • Tanner, LLC

Camico

INDUSTRY • LDS Church Auditing Department • Workers Compensation Fund

National Affinity Service

Identify protection experts have you covered for $12.95 per month or $16.95 per month for a family. Visit healthwealth. fit/uacpa_infoarmor

CCH

UACPA members receive a discount on the U.S. Master Tax Guide and more. Visit cchgroup.com/members/UACPA

iTransact

iTransact, a full service payment processing company, rewards UACPA members with a residual payout program. Email Blake Tracy at b.tracy@itransact.com or call 801-951-8106. UACPA members receive discounts on group medical insurance, dental, life and disability, vision and individual insurance policies. Contact Andrew Stott, astott@worldbenefitsolutions.com or 801-759-0421. The Mutual Insurance Company offers UACPA members a variety of benefits. To learn more, call 800-652-1772 or email inquiry@camico.com.

Office Depot

Is your firm eligible to be a part of the 100% membership program? Learn more by talking to Braden Thompson, bthompson@uacpa.org or call 801.466.8022

UACPA members can save up to 40% on office products, printing, technology and furniture. Visit uacpa.org to learn more. Learn more about member benefits by talking to Amy Spencer, as@uacpa.org or calling 801.466.8022 the journal entry | January 2017

ContactList

ConnectWithUs

Accounting Issues

When UACPA members have questions about accounting issues, help is available from the UACPA Accounting Issues Committee. Each month, a member of the committee is assigned to answer accounting questions and help you interpret the rules as they apply to your particular situation. The following members may be contacted during the months listed. January

February

Ted Rokich 801-263-3090 trokich@fdic.gov

Larry Deppe 801-626-7838 deppelarry@msn.com

www.facebook.com/Utahassociationofcpas

March

www.twitter.com/uacpa

Mark Anderson 801-532-2200 manderson@eidebailly.com

CPE Approval â&#x20AC;&#x201D; Does This Qualify?

When UACPA members have questions regarding CPE Approval and whether or not something may or may not qualify, they can turn to the UACPA CPE Approval Committee for answers. Each month, committee members are assigned to answer member questions related to CPE approval. Below are the membersâ&#x20AC;&#x2122; who may be contacted with your questions. January - March Steve Avis 801-532-2200 savis@eidebailly.com

Tax Issues

Scott L. Robinson 801-990-5918 srobinson@tannerco.com

The Tax Issues Committee focuses on legislative and regulatory issues and does not answer technical questions. For assistance with a technical matter, please refer to the UACPA referral tool at uacpa.org. Direct questions related to legislative or regulatory issues to taxissues@uacpa.org

Classified Ads To place your classified advertisement and reach Utah CPAs, contact the UACPA at mail@uapca.org. Utah Practices for Sale: Park City CPA Practice - gross $600K - available after 4/15/17- (93%) tax, high-quality client base, strong fee structure and tenured, knowledgeable staff in place, highly-desirable location. For more information, please call 1-800-397-0249 or to see listing details and register for free email updates visit www. AccountingPracticeSales.com. THINKING OF SELLING YOUR PRACTICE? Accounting Practice Sales is the leading marketer of accounting and tax practices in North America. We have a large pool of buyers, both individuals and firms, looking for practices now. We also have the experience to help you find the right fit for your firm, negotiate the best price and terms and get the deal done. To learn more about our risk-free and confidential services, call Ryan Pannell with The Holmes Group at 1-800397-0249 or email ryan@accountingpracticesales.com.

the journal entry | January 2017

Utah Association of CPAs 136 S. Main Street, Suite 510 Salt Lake City, UT 84101

Nonprofit Org. U.S. Postage

PAID Salt Lake City, UT Permit No. 1996

the journal entry | January 2017