law

Article Dean Dorton

No one wants their data to be hacked and used for nefarious gain. Employees, customers, clients, patients, students, and vendors are depending on your organization to protect their data. You have been entrusted with it and they have a reasonable expectation you are going to take steps necessary to keep it out of the wrong hands.

We all understand there is no such thing as 100% secure, therefore “reasonable” is a much more practical goal. Ideally, every organization would prioritize investing time and resources into having an adequately mature cyber security program. However, there are myriad pressures and objectives facing every organization. Sometimes cyber security does not get the attention it needs.

Numerous regulatory bodies have established requirements with the intent of attempting to ensure organizations are adhering to common measures of cyber standards. These requirements vary based on elements such as industry, type of data and geographic location. Once an organization finds themselves falling under data protection regulations, it is common to have multiple, applicable regulatory requirements. Compliance can get complex and seemingly overwhelming quickly. Below are examples of data protections requirements:

Japan – APPI
Brazil – LGPD
Canada – PIPEDA
China – PIPL
European Union – GDPR

CMMC
GLBA
FFIEC
HIPAA
PCI
SOX

Data Break Notification Laws
Data Privacy Laws
State Grants & Contracts

For organizations that want to comply, there are two paths typically taken when faced with this complexity. The first path involves a process that looks good on paper. All the boxes are checked but no value has been provided to the organization other than dodging the penalty and fine bullet for another year. This approach has been common with credit card compliance requirements.

The second path involves a process not only addressing compliance requirements, but also recognizes there are many other objectives that can be accomplished that bring value to the organization. For example, most data regulatory standards require a risk assessment be performed. However, each standard typically narrows the scope to just the applicable processes, systems and data being regulated. If you are performing a risk assessment, why not make it enterprise-wide? The resulting information not only assists with compliance but helps identify other initiatives that are needed.

As previously mentioned, the phrase adequately mature is intended to recognize that each organization has different cyber security needs. Even though this is the case, there are fundamental steps applicable to all organizations that are beneficial to data protection. These steps will help deal with the complexities and provide a clear path forward. See the demonstration below:

https://deandorton.com/wp-content/uploads/2021/10/Cyber-Pyramid-e1635186352566.jpg

Data Inventory
Determine what data you have, where it resides, and who is interested in the data. The “who” element can include internal stakeholders, but for the purposes of compliance make sure to identify external stakeholders. I.E., regulatory bodies. Relevant information to include in your data inventory:

Application/System Name
Version #
Vendor
System Owner
Data Owner
Function/Purpose
Users of System
Primary/Secondary Locations
Sensitive Data Elements*

Alumni/Students
Applicants/Employees
CUI
DOB/SSN/Passport/Visa
Name/Address/Telephone/ID
Patients/Customers/Vendors

Based on the sensitive data elements, identify the applicable regulatory bodies governing data protection.

Cybersecurity Control Framework
Many regulatory bodies recommend or require specific control frameworks. A control framework helps create a vision of what your organizational security program should look like. It provides a path and eliminates the need to create everything from scratch due to the many resources available. Your data inventory will drive selecting the right framework.

See example of cyber security control frameworks:

https://deandorton.com/wp-content/uploads/2021/10/Screenshot-2021-10-20-151610.png

To summarize, one path does take more work and effort, but the results speak for themselves. Subscribe to Dean Dorton Insights to stay up-to-date with the latest regulatory changes.

Explore IT Audit and Compliance Services

Kevin W. Cornwell | IT Audit Associate Director
kcornwell@ddaftech.com
502.566.1011

Article Dean Dorton

Your company’s real estate is likely to represent a large capital investment – are you missing out on real estate savings? If you own real estate and pay income taxes, you may benefit from the results of a cost segregation study, which is an analysis performed by trained professionals to identify property that should be classified as tangible personal property or land improvements, depreciated using 5, 7, or 15 year lives instead of the 27.5 or 39 years that apply to buildings. This acceleration of deductions can result in substantial tax savings benefits.

We will “mine” these cash flow benefits from:

  • New constructed property
  • Existing property undergoing renovation, remodeling, restoration, or expansion
  • Purchases of existing property
  • Leasehold improvements and “fit-ups”
  • Post-1986 real estate construction, building acquisitions, or improvements where no cost segregation study has been performed
  • Property acquired under Section 1031 exchanges
  • Purchases or inheritances of interests in partnerships which own appreciated buildings

For property placed in service in prior years, the IRS allows a “catch-up” deduction in Year 1 for the additional depreciation deductions that are identified in a cost segregation study to which you were entitled but did not claim in previous years. This can generate substantial tax savings in the year the study is done.

One of Dean Dorton’s most recent cost segregation studies on a $7.9 million apartment complex that was constructed in 2015 generated tax savings in the first year of $437,000. The present value of accelerated deductions (discounted at 8%) exceeded $397,000. The return on investment for this study was 85.7 to 1.

Bonus Depreciation
For property placed in service in 2016, additional tax incentives available include 50% bonus depreciation and an increased limit in section 179 expense to $500,000.

Bonus depreciation allows taxpayers to write off 50% of qualified tangible property with a recovery period of 20 years or less and certain qualified leasehold improvement property that is placed in service in 2016. Thus, the 5, 7, and 15 year property that is identified in a study may qualify for this additional depreciation deduction that wouldn’t normally be identified if the property was being depreciated over 27.5 or 39 years. These tax incentives for 2016 make cost segregation studies even more beneficial for the current tax year. Similar tax incentives are also available for property placed in service in tax years 2008-2015.

What About My Accountant?
Cost segregation is a highly specialized segment of tax law. The volume of judicial decisions, IRS ruling, regulations, and other interpretations spans thousands of pages of text. The challenge is to apply this complex knowledge to the unique facts of your industry, your company’s circumstances, and the processes of your operation.

Dean Dorton uses an Atlanta-based engineering firm to provide cost segregation studies to our clients. This engineering firm conducts studies that conform to the Cost Segregation Audit Techniques Guide issued by the IRS. They have performed over 15,000 studies and have successfully defended all challenges brought forth by the IRS.

We work in tandem with your CPA, whether you are served by a large international firm, a regional firm, or a local accountant, to serve your best interests and save you money.

To find out more or schedule a review of your properties, contact your Dean Dorton advisor or Brandi Marcum at bmarcum@deandortonstg.wpenginepowered.com.

Article Dean Dorton

Business owners naturally are interested in the value of their businesses. In this article, we provide a brief description of the primary approaches to valuing a closely-held business (asset, market, and income approaches), elaborate on the income approach, and offer some brief thoughts on how to increase the value of one’s business.

Under the asset approach, a valuation analyst looks to the underlying assets and liabilities of the business (whether recorded on the company’s balance sheet or not) and aggregates them to arrive at a value of the business. An asset approach is instructive for businesses whose primary value is derived from its financial assets and tangible assets (e.g. inventory, equipment, real estate), but it often fails to adequately capture the value of an entity’s intangible assets (e.g. customer relationships, trade names, patents, assembled workforce, and goodwill, for example) because they often are difficult to separately value.

The market approach relies heavily on comparison and substitution to derive value estimates. Much like a residential real estate appraiser does in valuing houses, a business appraiser attempts to find other businesses (for which there are known trading prices) that are comparable to the business being appraised and then uses those prices to estimate the value of the subject company. Because the values used in this approach are rooted in real-world transactions, this approach often results in the best estimate of fair market value. However, it often is difficult to identify reliable comparable companies or transactions due to the unique features of the subject company and frequent lack of available information about the comparable companies.

Due to limitations of the asset and market approaches, the income approach often is the best approach for valuing closely-held businesses. The income approach reflects that the value of a business is equal to the sum of its future cash flows discounted to present value. It recognizes that a buyer is willing to pay a price today in exchange for future cash flows and a seller is willing to forego future cash flows in exchange for a current price. Employing the income approach requires a forecasted stream of future cash flows and a discount rate with which to convert the future cash flows to present value. The discount rate represents a rate of return investors would require considering risks associated with achieving forecasted cash flows.

To derive an appropriate discount rate, the analyst considers rates of return historically required by investors owning similar businesses, taking into account the unique strengths, weaknesses, opportunities, threats, and risks associated with the subject company relative to those of the similar businesses.

Note that higher cash flows and lower risks yield higher values. Thus, a business owner can increase the value of his business by taking steps to increase cash flows and to reduce risks. Ways to increase cash flows include growing revenues, reducing expenses, optimizing working capital levels, and optimizing the capital structure of the business. Risks can be reduced through customer, supplier, and product diversification, cross-training of employees, management succession planning, geographical expansion, and a host of other initiatives. Each of these strategies requires proactive planning, purposeful implementation, and time to realize the benefits.

If you are considering a sale of your business in the next few years or in increasing its value, please contact one of the members of our forensic accounting and business valuation group.

David Parks, dparks@deandortonstg.wpenginepowered.com

John Herring, jherring@deandortonstg.wpenginepowered.com

David Angelucci, dangelucci@deandortonstg.wpenginepowered.com

View David Parks’ Bio