Page 1


CPA October 2013

The Arizona Society of Certified Public Accountants

Our Tech Issue Mobile Devices in the Workplace Technology and Client Relationships Data Security PC Enhancements

As the health care

Taking care of Arizona since 1939

landscape changes, Blue Cross Blue Shield of Arizona is committed to empowering members and delivering the service that continues to earn your confidence for years to come.



Experience Innovation


NUMBERS DON’T GROW A BUSINESS, BUT THE RIGHT PEOPLE DO. If you’re on the fast track for success, opportunity lives in choosing a firm that values talent and understands the desire to grow. Combining the strengths of two well-established, respected CPA firms in Phoenix, Miller, Allen & Co. and Abalos & Associates under the REDW brand, adds up to both opportunity and growth to energetic and experienced professionals. Are you the right person?

Current career opportunities available now at

Albuquerque | Phoenix Phoenix Office 5353 N 16th St. Suite 200 Phoenix, AZ 85016 602.730.3600 |





Volume 29 Number 8

Data Security — Protecting the Treasure Trove


Protecting valuable data from data thieves has become the responsibility of the CPA. Are you doing enough to protect your clients and customers? by Edward Zollars, CPA

Mobile Devices in the Workplace


The risks of using mobile devices and ways to protect company data. by Michael Nyman, CPA, CISA, CISSP, CITP, CRISC

Features Has Your Personal Computer Stopped Treating You with the Respect You Deserve?


Find out ways you can enhance the performance of your PC. by Ken Askelson, CPA, CITP, CGMA

How Does Technology Impact Our Client Relationships?


Are new technologies really enriching your relationship with your clients? by Richard Bingaman, CPA

Using a Smart Phone to Win an IRS Audit


Important documents needed during an IRS audit can be available at the touch of a finger. by Peter Harris, CPA, CMA

Columns & Departments 6

Chair’s Message by Karen Abraham, CPA


Focus on Members


A Dash of SALT by James Busby, CPA

22 Classifieds 23 Arizona Society of Certified Public Accountants 4801 E. Washington St., Suite 225-B Phoenix, Arizona 85034-2021


In the Black ... Adventures in Accounting




The Arizona Society of Certified Public Accountants

President & CEO

Cindie Hubiak


Patricia Gannon

Copy & Advertising Deadline The first of the month one month prior to publication date. Board of Directors Chair Chair-Elect Secretary/Treasurer Directors

Karen Abraham Anita Baker Rob Dubberly Diane Groover Sandra Hieb Debra Johnson Jimmy Lovelace Adam Miller Molly Montgomery CW Payne George Raysik Andy Spillum Leslie Stackpole Jared W. Van Arsdale Craig Van Slyke

Financial Advisory Group, LLC

Wealth management for high income, high net worth individuals and highly profitable business owners.

Armando G. Roman, CPA/PFS MBA Managing Principal

Gainey Ranch Financial Center 7373 E. Doubletree Ranch Rd., Ste. 170, Scottsdale, AZ 85258 (480) 367-9000 • Registered Representatives offering securities and advisory services through Independent Financial Group LLC, a registered broker-dealer and investment advisor. Member FINRA/SIPC.  Independent Financial Group, LLC and AXIOM Financial Advisory Group, LLC are not affiliated.  Office of supervisory jurisdiction: 12671 High Bluff Dr., Ste. 200, San Diego, CA 92130.

Immediate Past Chair Armando Roman AICPA Council Members Jim Buhr Rick Goldenson Chapter Presidents Southern Chapter Northern Chapter Southwest Chapter North-Central Chapter

Flo Zenblu Jennifer Nordstrom Jayne Wright Richard Joliet



AZ CPA is published by the Arizona Society of Certified Public

Accountants (ASCPA) to provide information, news and trends in the profession of accounting. It is distributed 10 times a year as a regular service to members of the Society. The ASCPA, its members, board of directors and administrative staff assume no responsibility for advertisements herein. The ASCPA and the above people also assume no liability for business decisions made by readers in reference to statements and/or claims in advertisements within this publication. Opinions expressed by correspondents and contributors are not necessarily those of the ASCPA.

• IRS Audit Support • Offers in Compromise • Wage Garnishment, Liens & Levies • Civil & Criminal Tax Litigation

Call Today for a FREE CONSULTATION 480.515.3716

Arizona Society of CPAs 4801 E. Washington St., Suite 225-B Phoenix, AZ 85034-2021 Telephone (602) 252-4144 AZ Toll-Free (888) 237-0700 Fax (602) 252-1511

Matthew S. Dana, JD, LLM, CPA, CLU, ChFC

Shad M. Brown, JD, LLM Former IRS Attorney

Scottsdale (Bell & 101) • Phoenix (Camelback & 30th St.) • Mesa (Power & Southern)



Chair’s Message

by Karen Abraham, CPA

Technology: You can’t live with it, you can’t live without it In the past two months both of my children moved out of state. Even though I am proud that they are productive members of society, I feel that I have lost a great asset. I lost two people who have kept me up to date on the latest technologies – smartphones, iPads, Nooks, Kindles, ultrabooks, MacBooks, apps, etc. It’s maddening to think that we lived perfectly well without these devices a few years ago, but now – we could never live without them. The good old days! I often reminisce with the finance team at Blue Cross Blue Shield of Arizona (BCBSAZ) about how far technology has advanced since we first started our accounting careers. For our younger readers, I hope I don’t sound like your grandmother recounting her epic struggles as she trekked to school in three feet of snow — both ways uphill! I remember we had adding machines that weighed about 25 pounds and we had “personal computers” that we called “the sewing machines” with a display screen that was about six inches square! We then advanced to a computer lab were everyone shared the computers. Our incentive was to get to work early so we could get a machine to complete our critical work. We then evolved from desktop computers to laptops and now tablets. All the while, devices were getting smaller and more powerful. We actually have a “shrine” in the finance department at BCBSAZ that contains one of the company’s first hand-written ledgers, a fixed asset system (three file boxes with index cards) and a very old check impress machine. They are very fun to look at, and we can’t imagine

how we conducted business like that, although those were much simpler times.

Keeping track of assets As you might expect, insurance companies, similar to banks, require sophisticated programs to run their operations. We have processes in place to review strategic needs and determine where we apply resources to obtain the best outcome for our customers. Next to personnel costs, IT costs are the most expensive line item. This is true for many businesses, so careful consideration must be given to project costs. Mobile applications have added to the complexity and cost of delivering information and self-service processes to customers. Since we serve all age groups, we must consider how to best communicate with a broad range of individuals, group administrators, brokers and others. In addition, we have to keep current technology working, while bringing new technology to different customers. The transition from old to new is sometimes painful and costly. The accounting and control of these assets is complex, with different

Did you know? One of the many accounting issues that contributed to the demise of Enron was the habit of booking costs of cancelled projects as assets. There was no documentation that officially stated that a project was cancelled. This booking practice was known as “the snowball,” and Enron’s policy initially dictated that only projects worth less than $90 million would be kept on the books; it was later increased to projects with cost up to $200 million. 6 AZ CPA y OCTOBER 2013

rules for tax and book. We have come a long way from our file box with index cards to track and account for these assets.

The best is yet to come! I am also intrigued by how rapidly our world is changing due to technology. I recently read an article that talked about technology changes accelerating over time. So as we think about time in a linear fashion, we might not grasp the true acceleration of change. When I think about growing up with a black and white television with no remote control, not having a microwave oven and calling home on pay telephones, I realize that changes to these devices happened more slowly than the introduction of new devices today. For instance, the internet, 60-inch LCD televisions, cell phones and the like all seemed to have appeared in a very short time. Even the change from a flip-phone to a smartphone happened quickly. Maybe it is because time perceivably goes faster and faster as you age! Many predict that the next breakthrough in technology will be exponential. I think one of the great joys in life is to be surprised and amazed. I anticipate that we have a lot of joy ahead of us. AZ CPA

ADP adp128816a Proof 4 - ASCPA

With ADP , new revenue opportunities are right under your nose. ®

Refer Your Clients ■ Run Your Own Payroll ■ Sell Your Payroll Base Looking for ways to grow your business? ADP can help with end-to-end payroll and integrated HR resources. Refer your clients to our payroll services, offer our payroll solutions directly to your clients or sell us your payroll base. Count on our 60+ years as the payroll leader to help you drive growth and profitability.

Learn more with the free strategy brief, “Growing Your Business with HR.” Go to

HR. Payroll. Benefits.

ADP is a recommended provider for the ASCPA. For more information on our benefits programs, call 408.477.8992 today. ADP®, the ADP logo and RUN powered by ADP are registered trademarks of ADP, Inc. Copyright © 2013 ADP, Inc.

You could spend hours searching for financial salary information. Or just seconds.

[ ] +

For hiring news, industry trends and salary information, download your free Salary Guide today at

1.800.803.8367 © 2013 Robert Half International Inc. An Equal Opportunity Employer. 0913-9013



Focus on Members LeRoy Gaintner, CPA, has been appointed to the Arizona State Board of Accountancy by Governor Brewer. Wallace, Plese + Dreher promoted Micah Wythers, CPA, to supervisor; Amanda Cox, CPA, Jason Mattina, CPA, Michelle Flynn, CPA, and Lori Rice, CPA, to senior manager and Brenda Gilbert, CPA, and Sara Nance, CPA, to senior tax manager. Michael Greer, CPA, of McGladrey was name to the board of the Association for Corporate Growth, Arizona. Congratulations to Henry & Horne for being named a winner of the 2013 Alfred P. Sloan Award for Business Excellence in Workplace Flexibility for the eighth time. Lisa Lumbard, CPA, was appointed to the Accounting and Auditing Standards Committee for the Arizona State Board of Accountancy. Grant Thornton promoted Marla Hummel, CPA, to audit managing director in the firm’s Phoenix office. Bailey Tocco, CPA, is returning to CBIZ MHM as a tax manager. Fenix Financial Forensics (“F3”) celebrated its five-year anniversary in October.

Take Your Leadership Skills to the Next Level –

Emerging Leaders Conference – Nov. 15 This conference will give you opportunities to learn new leadership skills and network with other emerging leaders in a variety of firms and companies throughout Arizona. Gain new perspectives on leadership at the following general sessions:

Unleash Your Inner Superhero Leading Diverse Teams Social Media for Professionals: Digital Strategies for Business & Career Growth Networking 101 – What You Absolutely Need to Know Take your pick of breakout sessions:

The Impact of Behavior in the Workplace CPA Firm Management – Secrets of the Trade Avoiding Burnout & Doldrums Technology for the CPA Firm Special Thanks to Signature Sponsor: SCF Arizona

Newsworthy CPAs… James Busby, CPA, was interviewed in an article in The Arizona Republic about how income tax deductions can be beneficial to businesses in Arizona. In addition, he encouraged contractors to consult with their CPAs in an article that appeared in both the Electric Times and HVACR Today. Kurt M. Huzar, CPA, chairman and CEO, of North Star Charter School, Inc., was quoted in an aticle on AZ Central about alternate education test scores.


Other ASCPA Conferences

Construction Industry Conference Oct. 30 Forensic & Litigation Services Conference Dec. 6 8 a.m. to 12:00 p.m. (in-person or webcast)

Business Valuation Conference Dec. 6

12:30 to 4:30 p.m. (in-person or webcast) Go to, click on Conferences to learn more and register for these conferences.

A Dash of SALT

Arizona Legislature Expands Sales Tax Exemption for Leases of Real Property Between Affiliated Parties Last month’s state and local tax (SALT) column examined the 16 different types of business activities that are subject to Arizona transaction privilege (sales) tax. This month’s column focuses on recent legislative changes to the sales tax that applies to persons or companies engaged in the business of leasing real property – the “Commercial Lease Classification.” Four of Arizona’s 15 counties (Gila, Maricopa, Pima, and Pinal) impose sales tax at the rate of 0.5% on proceeds from renting real property. In addition, most Arizona municipalities impose sales tax on proceeds from renting real property at rates that vary from 1.0% in Sierra Vista to 4.0% in Fredonia and San Luis. As its name implies, Arizona’s “Commercial Lease” tax does not apply to transactions involving residential property. On the other hand, the real property rental tax imposed by most Arizona municipalities applies to proceeds from residential rental properties as well as to proceeds from commercial rental properties—but some municipalities do not impose tax on residential rental properties if the lessor only has one or two residential rental properties. Although the Commercial Lease Classification accounts for less than 0.01% of state sales tax collections because the state tax rate for this classification is zero, many CPAs are all too familiar with this tax because one or more of their clients have received an assessment from the Arizona Department of Revenue (for a county and/or city that the Department collects taxes for) or from a city tax audit department for sales tax on one entity’s rental proceeds from a related party, like a single member LLC owned by a doctor that receives rent from the doctor’s professional corporation. For federal income tax purposes,

transactions like these between related pass-through entities generally are not subject to tax because the LLC’s rental income flows through the LLC to be reported by the LLC’s owner—the doctor in this example—on his or her individual income tax return and the rental income is offset by the professional corporation’s rent expense. However, for sales tax purposes, unless an exemption applies, even rental transactions between related parties are subject to tax. For many years, the State of Arizona and some municipalities have allowed exemptions for: “[l] easing real property by a corporation to an affiliated corporation.” But, if the lessor and the lessee were not both corporations, either S Corporations or C Corporations, the exemption did not apply. So, in today’s world where it is so common to hold rental properties in LLCs, LLPs, partnerships, trusts, and other types of entities, more often than not, the exemption for “[l]easing real property by a corporation to an affiliated corporation” did not apply to transactions between related parties, which came as a surprise to many property owners and their CPAs. Fortunately, the Arizona Legislature recently expanded existing exemptions from Arizona’s state and local sales taxes for leases of real property between affiliated corporations to apply to leases of real property between affiliated “compa-

nies, businesses, persons or reciprocol insurers.” For purposes of these newly expanded exemptions: (1) “affiliated” means the lessor holds a controlling interest in the lessee, the lessee holds a controlling interest in the lessor, an affiliated entity holds a controlling interest in both the lessor and the lessee, or an unrelated party holds a controlling interest in both the lessor and lessee, and (2) “controlling interest” means direct or indirect ownership of at least eighty percent of the voting shares of a corporation or of the interests in a company, business, or person other than a corporation. These exemptions were expanded via H.B. 2324 (Laws 2013, Chapter 27), which was effective Sept. 13, 2013 for county tax purposes. But, Arizona municipalities implemented the changes AZ CPA beginning July 1, 2013. James G. Busby, Jr., is a tax attorney and CPA at Gallagher & Kennedy. Busby previously worked in the SALT departments at Arthur Andersen and Deloitte & Touche. Before entering private practice, Busby was in charge of all transaction privilege (sales) tax audits at the Arizona Department of Revenue. A Dash of SALT ™ is provided for educational purposes and does not constitute legal counseling. If you have any questions, please contact the author at (602) 530-8277 or



B:7.75” T:7.5”

% Kiersten Traina, co-owner of the Liberty Market prefers to do business with local suppliers— that’s why she trusts Cox Business for fast, reliable Internet and feature-rich phone service. With award-winning local support, we’re available 24/7 if she ever needs it. This way, she can get back to doing what she does best, making the most delicious wood-fired pizzas in town. Call today and see how your business is our business.


Business Internet & Phone




• Internet Select speeds up to 10 Mbps • Over 20 phone features including Voice Mail | 623.594.7299 | 520.300.5283

*Offer ends 9/30/13. Available to new customers of Cox Business VoiceManagerSM Office service and Cox Business InternetSM Select (max. 10/2 Mbps). Prices based on 1-year service term. Equipment may be required. Prices exclude equipment, installation, taxes, and fees, unless indicated. Speeds not guaranteed; actual speeds vary. Rates and bandwidth options vary and are subject to change. Phone modem provided by Cox, requires electricity, and has battery backup. Access to E911 may not be available during extended power outage or if modem is moved or inoperable. Discounts are not valid in combination with or in addition to other promotions, and cannot be applied to any other Cox account. Next-day install subject to availability. Eligibility restrictions may apply. Speed claim based on Cox Business Internet 150 Mbps service vs. basic 1.5 Mbps DSL. Services not available in all areas. Other restrictions apply. © 2013 Cox Communications, Inc. All rights reserved.

10 AZ CPA y OCTOBER 2013


Cox Business helped Liberty Market keep more than their bread 100% local.

Has Your Personal Computer Stopped Treating You With The Respect You Deserve? by Ken Askelson, CPA, CITP, CGMA

What you once considered your best friend, your personal computer, you now realize has turned against you. It has started slowing down, seems tired and old, gives you random and confusing error messages, crashes and just does not perform at the same level as in the past. Before you decide to part ways and purchase a new one, you might consider giving it a tune-up! There are several personal computer utility software products available in the marketplace at very affordable prices that can give your computer that much needed tune-up to boost performance and reliability. I have found them to be very user-friendly and easy to operate. The following information describes some of the key features these utility software products offer to enhance and maintain the performance level of your computer.



The better utility software products address a wide range of issues and focus on helping you manage, diagnose, repair, recover and optimize your computer. Some of the specific key features of the software include the following: Optimization – Computers get slower over time, but it usually isn’t because of age. It’s most likely the result of system clutter, fragmentation and corruption issues that occur from everyday use. Utility software addresses these performance concerns with techniques such as defragging the hard drive and the registry, the control center of the computer’s operating system. This software detects and cleans out temporary files and finds and removes junk files. It also can optimize computer memory, Internet settings, and Windows startup programs. Repair and Recovery – Random and confusing computer error messages, programs running slower and locking up, and crashes are a few

symptoms that require repair. Utility software is designed to repair registry problems, fix broken shortcuts, and find and resolve hard drive issues. Management/Diagnostics – Utility software manages and controls the sequences that start when the operating system loads, manages running programs, monitors hard drive status, and provides an uninstaller feature that allows the user to remove installed programs that clog the computer in order to boost performance. System Mechanic by iolo Technologies is the utility software I use on my desktop and laptop computer. Professional and business versions of this software are also available. The current affordable prices for System Mechanic can be found on the iolo website at The license fee provides one-year coverage and can be extended after the initial purchase usually at a discounted price. I have found this software very user-friendly and helpful in keeping my computer running

smoothly. Their software updates keep System Mechanic current, making it a seamless process for the user. Other utility software vendors include: Advanced System Optimizer, WinZip System Utilities Suite, MAGIX PC Check and Tuning, TuneUp Utilities, Spotmau Power Suite, Auslogics BoostSpeed, WinUtilities and more. Some of these utility software features are often pre-installed on the computer. However, I find that using commercially-available utility software to monitor my computer and keep it running efficiently is cost effective and provides the technical expertise for these issues. Even if you are not experiencing any productivity issues with your computer, it is still a good idea to run utility software on your computer to keep it running at top form. AZ CPA Ken Askelson, CPA, CITP, CGMA, is chair of the IT Steering Committee. He can be reached at

• • • • • • • • • •

• • • • • •


How Does Technology Impact Our Client Relationships? by Rich Bingaman, CPA

It’s not difficult for many of us to remember when Excel spreadsheets didn’t exist, tax returns were a result of entering data on computer cards and every document received from a client was dropped off at our front desk by the client or the mail carrier. Fast forward 25-30 years to today and look around. We are now accessing client information including tax returns, financial statements and various documents on electronic devices that are the size of our wallets. We are also communicating in multiple ways with clients on those very same portable devices. This article is not intended to provide an update on what’s “hot” and tips on how to find the “latest and greatest.” I’m not even going to drone on about how to keep our businesses on the “bleeding” edge of technology that is driving our fast-moving and ever-evolving society and profession. This commentary is only meant to evoke thought in our community as it relates to understanding how technology impacts the most important aspect of our business as a CPA in public accounting, the client relationship. An integral part of owning and operating my public accounting practice has been constantly searching out innovative ways to operate my business in a way that improves operational efficiencies, profitability and services to my clients. In the last 25 years of my time in the public accounting profession, I have seen tremendous innovation in technology impacting our profession. Some of us have adopted these new technologies more readily than others and certainly after very careful consideration of the true benefit of leveraging new technologies in our businesses. One of the most important questions for each of us to answer is, “If I use this new technology in my business, how will it improve my relationship with my clients?” A better client relationship is, in fact, what allows us to provide more services to those clients, generate referrals from those clients, have a more profitable interaction with the clients and ultimately make the time we spend with those clients more enjoyable, right? Take the birth of electronic documents as an example. As trusted advisors to our clients, a very important aspect of that relationship is the trust placed in us to safeguard their very private and sensitive information. Prior to electronic documents coming onto the scene, documents and information were delivered in paper format controlled by the client, a private



Jacqueline Beardsley Becker Alum

You’re taking the CPA Exam because you know what passing will mean not just to your career but your life. Becker Professional Education knows too. Everything we do is done to prepare you, to equip you, and to empower you – which is why Becker students pass at double the rate of non-Becker candidates.* In the past 50 years, over 400,000 candidates have prepared for the CPA Exam using Becker’s CPA Exam Review. We’re confident we can do the same for you.. So go with the leader. Go with Becker. Then go conquer that world out there – like you know you can.

Arizona Society of CPAs members receive $300 off** the full course tuition. To learn more, contact Lori Reed at ®

*Becker Professional Education students pass at twice the rate of all CPA Exam candidates who did not take a review course from Becker, based on averages of AICPA-published pass rates. Data verified by an independent third-party research firm. **This offer valid only on complete, four part course tuition price and cannot be combined with any other offers. ©2013 DeVry/Becker Educational Development Corp. All rights reserved.

14 AZ CPA y OCTOBER 2013

courier or the postmaster. These now antiquated forms of document delivery significantly reduced the opportunities for private and sensitive information to fall into the wrong hands. Today, due to the porous nature of the Internet and the numerous methods by which documents and information may be sent to us from clients (e.g. electronic fax services, email, text messages, web portals), we find ourselves strained as a profession to maintain sufficient control over this information. Sending an email to a client with an attachment of a tax return is so much easier than printing the tax return, placing it in an envelope, applying postage and dropping it in the mailbox or scheduling a courier. Sending that email can be fraught with many pitfalls. What if you or your staff was in a hurry and the autocomplete feature of your email system provided a recipient that is not your client! Now what do you do? I’m sure you can imagine the many complications that can arise from such a “mishap.” While we may gain improvements in efficiency in using new technology to interact with our clients, we still must ensure it is used properly to improve our client relationships, not destroy them. Then there is the advent of tax preparation being more easily accessible to the masses with the click of a button over the internet. How does this translate into a better relationship with our clients? Some would say this commoditizes the tax compliance services of the CPA, harming the value of the client/ CPA relationship. Others might say this brings better clients and relationship value to the CPA. This is driven by clients who perceive value in the ability of the CPA to apply the tax rules to the client’s facts and circumstances to result in the most accurate returns that favor the client. For those of us who strive each day to improve the relationships we have with clients, we are constantly seeking new and innovative ways to illustrate value to our clients. This innovation usually involves some form of technology and since each client values our services for

different reasons, the technology we select must be very flexible. We find that we can’t have a homogenous approach in illustrating value to clients so it must be a customized approach very similar to providing advice to a client, specific to their circumstances and needs. This brings us to the questions we must answer when contemplating the insertion of new technology into our businesses and client relationships. Will it make us more efficient and profitable in providing services to our clients? Will our clients embrace the new technology and way of doing business with us? Will our clients use the technology properly to fulfill our efficiency and operational expectations without creating undue frustration for the client? As technology settles into our profession and the four-column ledger paper and 10-key calculator are eventually replaced for good, what will be the client’s experience with us? Technology may come and go, death & taxes we know, but relationships last generations. What shall we do to plan and position our practices accordingly? Now that Nana and Papa have discovered FaceTime and Facebook, they are buying up iPads and iPhones, but why? To connect and deepen relationships? How does embracing a new technology make life easier to pursue passions and live life, for you and your clients? The answers to these questions will vary from one CPA to the next, but the one constant in all of this discussion is that our profession will continue to be bombarded with new technology. While elderly clients may shun it, younger clients will demand it. Therefore it is extremely important for the CPA community to work together to embrace innovative ways of bringing the right technology to our profession that supports the reputation of the CPA as a trusted advisor and allows a deepening of those relationships that are most AZ CPA important to us. Rich Bingaman, CPA, founder of Richard E. Bingaman, PLLC, can be reached at

Put us to work

for you You can rely on SCF Arizona to help you meet your workers’ comp insurance needs. At SCF we offer coverage for injured workers while protecting your bottom line. It’s a simple idea: Safe businesses save money. Let SCF show you how. Visit to learn more or to get a Quick Quote.

Get a Quote 1.888.706.4070 En español 602.631.2302



Data Security

Protecting the Treasure Trove by Edward K. Zollars, CPA

Identity theft is a growing problem, with individuals finding it to be a costly and upsetting experience. A Department of Justice/Javelin Study & Research study found that the average loss to a victim of identity theft was $4,930 and total annual losses from identity theft are now estimated at $21 billion. Obtaining the information to steal a person’s identity has become a major criminal undertaking, and thus anyone who holds data that could be used to steal a person’s identity is potentially at risk to be targeted to obtain that data. CPA firms, by the very nature of their practice, are holding such significant amounts of such data in electronic format. Such data is often not only on the firm’s servers, but also either on or easily accessible on portable devices, including laptops, phones, portable hard drives and USB thumb drives. Protecting that treasure trove of data that would be of great interest to data thieves has become the responsibility of the CPA. Every CPA needs to understand just how they and their firm could “leak” data and the steps they need to take to insure the firm does not become a source of data used to steal the identity of a client or clients.

16 AZ CPA y OCTOBER 2013

Unfortunately this is going to require an understanding of technology by all members of the firm. It is not possible to protect your client by simply “hiring an IT consultant” and having some sort of automated system put in place which will solve the firm’s problem. More likely you’ll discover the IT consultant is going to require all members of the firm to undergo training on security issues.

Computer System Attacks The firm needs to be concerned first with the possibility that a third party might obtain access to data by attacking the computers used inside the firm. Such computers are an excellent place to obtain the data, since the user will generally have logged into the firm’s servers and have access to client data sitting on the server. Software that infects the machine can easily be set to surreptitiously watch or scan for identity related data and transmit that to a server outside the control of the firm. While up to date security software is a necessary base level of defense for the firm, such software has significant limitations that must be understood by

all members of the firm. Believing that just because you have installed up to date security software and have Windows update set to automatically install updates there are no issues represents a false level of security. Malware authors are continuously developing new modes of attack and testing those attacks against the major security packages out there. While security vendors become aware of such attacks and update their software, each new attack has a window of opportunity when it will not be blocked by the security suite—and while the security vendor is writing a fix to block this attack, the malware authors are readying the next attack. Thus it is important that members of the firm understand behaviors that put them at risk for malware infection. Keeping Windows (or whatever other operating system up to date) and all other software (such as Adobe Acrobat) up to date by automatically installing security patches is a key first step that all users must take. Malware authors reverse engineer patches issued by the vendors to close security holes and then rush out software to exploit those holes. Thus a system that is not updated is at a high risk for compromise. Limit your browsing of websites on firm computers to those directly related to the firm’s practice. Many exploits are “drive by” exploits that target issues with browsers, and in some cases those exploits have made use of methods to insert malicious code into websites without the knowledge of the entity hosting the site. That has included getting into ad networks and dropping code into ads. Consider the use of products like NoScript for Firefox. NoScript is an add-on for Firefox that refuses to run Javascript or Flash from websites until the user authorizes the site. While very secure, it is also very tedious to deal with and, unfortunately, most users are going to find it so much of a bother that they will simply turn it off. However, since exploits tend to make use of such “active” code on websites using such a product greatly increases security.

Malware authors are continuously developing new modes of attack and testing those attacks against the major security packages out there.

Be highly suspicious of items received via email. A good rule is to never click a link from an email but rather type an address in the browser’s address bar. It is trivial to “hide” where an email link is really going to, and making use of such links to “divert” users to load malware is fairly common, as well as using such emails to simply have users provide data directly to the nefarious party. Similarly, do not open anything received as an attachment that arrives from a third party unless you are expecting to receive the item. If an item arrives unexpectedly, confirm with the sending party that they have truly sent you something. And be extremely cautious if you receive an email that attempts to panic you into opening an attachment.

Portable Devices We are now carrying around significant amounts of data in our portable devices. Even a fully solid state drive equipped ultrabook, which many users complain have “small” drives, are equipped with 128GB drives. Such drives can hold more data than most firms used to have on their main data servers. Similarly, our smart phones and tablets are now coming with internal storage of 64GB and more. We also have placed significant data on USB thumb drives and portable hard drives, which provide additional sources of data leakage when the devices are lost or stolen. It’s not tough to lose a USB thumb drive by accident, such as when it falls out of a pocket or purse while you are simply trying to get your car keys or take out your wallet. A key first step is that all such devices should be encrypted. While Microsoft has a native boot drive encryption technology for Windows (BitLocker), prior to Windows 8 it only was available in the Enterprise and Ultimate editions of

Windows 7 and Vista. As well, if your machine does not have a TPM chip in it (and many inexpensive laptops don’t) you need to edit the registry to enable boot drive encryption, not a step for the faint of heart. However, if BitLocker is an option that you can set up or your IT consultant can do for you, it should be enabled. In that case a thief will need to be able to provide your password in order for any data to be read on the drive. Without that password, the drive simply contains random data that will be of no use to the thief. If BitLocker is not an option, thirdparty software can be used to encrypt the drive. A free, open source option is the TrueCrypt software (http://www. which can be used to encrypt the boot drive. While you might think such open source, free software would be less secure, generally such software is more secure since it can be fully vetted. If the software is widely used (as TrueCrypt is), it’s fairly certain that the software is being continually vetted. Commercial software often attempts to depend on security by obscurity— they keep their method “secret.” That method is generally doomed to fail. Good cryptography is a system that, without the key, cannot be broken effectively without having the decryption key. Thus, knowing the details of the algorithm does not open up the system to being unwound—rather, the thief needs the key (which is why complex passwords are so important). Portable devices (such as USB drives and portable hard drives) should be encrypted. If you have a BitLocker capable machine, you can encrypt such drives and the drive will be readable even on versions of Windows that don’t allow you to create BitLocker drives.



TrueCrypt can do the same, though you’ll need to install the TrueCrypt software on machines on which you will want to read the data. Phones and tablets are more troublesome. However, most will allow you to have data on the device encrypted (check the system settings) assuming you use a password or passcode. iOS devices (Apple iPhone and iPad) can also be set to wipe their data if someone fails ten consecutive times to provide the proper password or passcode—an option that should be turned on. While restoring the iPhone or iPad from a computer backup in this case may be a pain, it’s much less of a problem than the firm will have if that data gets into the wrong party’s hands.

Third-Party Services A final key exposure is the use of third parties by the CPA firm to handle data. For instance, the use of offsite backup in the cloud is an often recommended procedure for disaster recovery—and, frankly, it has much to recommend it. But

one problem is that when you backup your server to the cloud you are sending all of the valuable information to a party you don’t control. At the basic level, the firm should do its due diligence by reviewing the agreement they sign with any such such third party. Does the outside vendor agree not to access or use the data? Can they access the data or is it kept encrypted in a form that renders it inaccessible to them? And what is their procedure if they receive a subpoena for such data? After all, if you are paperless I can obtain your workpapers by attempting to get your backup vendor to give them to me via subpoena or court action—so will the third party notify you in that case? More to the point, can they really see the data? While policies are all well and good, reality is that if there is a rogue employee in the organization (and the recent issues involving Mr. Snowden indicate that even the NSA has issues vetting people they give access to IT systems) such policies might be bypassed.

Independence to succeed

We’re a partner in your success, a dedicated provider of solutions that are in your long-term interests and in the interests of your clients. We believe in adding value in a relationship, understanding your business and your goals and giving you independence to succeed. 602.240.2700 • Part of CoBiz Bank • Member FDIC

18 AZ CPA y OCTOBER 2013

However, if the entity truly cannot see the data at all, they both cannot turn over the data without your notice in response to a subpoena and a rogue employee won’t be able to grab the data. A good rough way to determine if a vendor can access your data is to see if they offer an option to let you recover your password. If they can reset your password and give you access to the data, that means they could do the same for anyone—not just you. Some vendors will offer you the option of having a “trust no one” option turned on where only you have access to the key. Often doing so will mean that if your password is lost, your data is similarly lost and you won’t have the ability to access data on tablets and smartphones—but that lack of convenience may be minor compared the risk of data loss. Often such services will be marketed by the vendors as “HIPAA compliant” since medical records are subject to special controls to attempt to control “leakage” of such data. Firms may also consider handling issues on their own and bypassing the third parties, doing automatic off-site backup via links to firm controlled equipment at other locations. While that is clearly possible, a firm must be careful to insure that they don’t introduce additional vulnerabilities with such a system. Reputable third-party vendors will have security specialists on staff who can insure that various vulnerabilities that might exist in supporting software can be addressed AZ CPA rapidly. Edward K. Zollars, CPA, is a shareholder of Thomas, Zollars & Lynch, Ltd., and concentrates in tax matters for privately held companies and individuals. Zollars has previously served as a member of the AICPA Tax Division’s Member Practice Improvement and Tax Technology Committees, and is currently a member of the ASCPA’s Tax Section Steering and Tax Legislation Committees. He is on the Advisory Board of the Phoenix Tax Workshop. He can be reached at edzollars@

tion to access their devices or remotely lock a device in the event it is lost or stolen. In addition, some mobile devices are installed with tracking devices, such as GPS, which will allow the owner to locate the device on a map. Users can install tools that have the capability of remotely performing a factory reset from an Internet-based connected computer, wiping out the data, and locking it indefinitely — making the device useless. Mobile device data should be encrypted.


With the increased use of mobile phones in the workplace, businesses should be

Companies can implement security guidelines and standard security settings for mobile devices, in addition to PC and laptop policies. Mobile devices should have the most up-to-date version of operating systems and applications installed. Employees should be advised to only download and install trusted applications. Anti-malware software can be run on each employee’s device to scan and detect viruses. In addition, anti-malware, along with any anti-virus and anti-spyware, should be maintained. Users should run periodic checks to make sure these applications are up to date.

aware of the many security risks associated with mobile devices. Some of these


risks include:

The easiest way to condense the amount of spam received is to turn on the antispam feature found on the device. If an antispam feature is not available, a blacklist can be created to block spam messages.

Mobile Devices in the Workplace

The Risks and Ways to Protect Company Data by Michael Nyman, CPA, CISA, CISSP, CITP, CRISC

• Loss and theft: Company data stored on a lost or stolen mobile device may be compromised if access to the device is not restricted. Individual’s data like photos, text messages, email, and other applications provide an avenue for a thief to obtain personal information and even one’s identify. • Malware: Viruses, Trojans, and other malware can cause loss of personal data or even make the device unusable. In addition, malware can create additional services charges by sending text messages or making background phone calls. • Spam: Spam wastes a significant amount of bandwidth. • Phishing: Emails and text messages designed to trick users into revealing personal information slip through mobile devices more easily because the

small screen doesn’t allow protection features such as warning lights or popup blockers. • Bluetooth and Wi-Fi: Mobile devices operating on Bluetooth and wireless services may be compromised by malware. When mobile devices connect to Wi-Fi, they run the risk of hackers intercepting and compromising data sent to or from the connected device.

Securing Mobile Devices While not infallible, certain techniques can help increase the security of mobile devices.

Loss and theft Users can set up complex passwords (a combination of letters, numbers and/ or special characters of eight or more characters) or multi-factor authentica-

Phishing The most effective way to prevent phishing is to invest in a security education and awareness program to assist users with how to recognize fraudulent websites and identify when too much information is being asked for. Users should be trained to always verify the address of the link before clicking on it.

Bluetooth and Wi-Fi When using Bluetooth or Wi-Fi, the easiest way to help minimize risks is to set the mobile device’s Bluetooth to an undiscoverable mode and turn off the



automatic Wi-Fi connection capability in public areas to avoid connecting to unencrypted public wireless networks. Incoming connection requests from unknown devices can be blocked entirely by installing a local firewall on the device.

IT Security Systems Companies can also implement a mobile security strategy for the workplace. Several key areas should be considered in the development: what data should be accessible, platform support, management, and best practices. The first step is determining which business data applications will be allowed on mobile devices. Is it only email, contact, and calendar information? Or will other business applica-

tions — such as customer relationship management — also be allowed and how will the information be accessed? The level of security needed will be determined by what business data is accessible on mobile devices. Next, employers need to determine which platforms, or mobile operating systems, will be acceptable in the workplace. The most common platforms used in the business environment are Android, BlackBerry, iOS, Bada, and Windows Phone. Each of these platforms has security options available, and understanding their capabilities will help determine what security controls need to be implemented. Having a uniform platform will make it easier to secure and support. In addition to the uniform platform, employers need

to address whether mobile devices will be company owned, employee-owned, or a hybrid of both. Another decision factor is determining who will manage the mobile security — the current IT department or an outside service provider. This can be determined by the number of resources available and how the security solutions are implemented. Finally, it is important to remember best practices. Luckily, mobile devices can utilize most of the same security measures as laptops and PCs. The most common best practices are: • Applying existing security policies to mobile devices (if no security policies, then create strong security policies) • Enforcing security policies • Registering and keeping an inventory of all mobile devices • Educating employees about how to secure devices • Installing and configuring security options on mobile devices • Defining roles and responsibilities in managing the security system • Scheduling automatic updates of security solutions • Defining a plan for lost or stolen devices • Revisiting the mobile device security policies often. As more mobile devices are integrated into the work environment, the development, implementation, and enforcement of security policies, procedures, and systems are becoming a top-level AZ CPA business priority. Mike Nyman, CPA, CISA, CISSP, CITP, CRISC is an IT security senior manager in the Phoenix office of CliftonLarsonAllen LLP. He can be reached at or (602) 604-3524.

Arizona’s best resource since 2000 for

Cost Segregation Studies (480) 963-2872

20 AZ CPA y OCTOBER 2013

Using A Smart Phone to Win an IRS Audit By Peter Harris CPA, CMA

I am sitting in the waiting room at the local IRS office. I look at my watch and realize that I have less than five minutes until my appointment with the auditor is set to begin. My client received a letter weeks earlier from the IRS asking to prove her unreimbursed employee business expenses. I had little time to prepare as this matter was brought to my attention only days before. I look through the detail printouts and worksheets provided by my client and shuffle these pages on my lap. I am looking for a way to summarize and bring everything together with clarity and simplicity. My goal is to walk out of that meeting with a “no change letter” to present to my client. “If everything falls into place,” I think to myself, “I will be able to call her on my drive back to the office and share the good news. It was a good thing she hired a CPA ... as I drift off further.” Suddenly, my musing is interrupted by the signal from the security officer that it is time to start the meeting. I hand over a detail ledger of travel expenses. The auditor picks out the five most expensive charges. “What was this?,” he asks, pointing to an entry labeled “US Airways, $1,250.” “Oh, my client is a sales person, and that was for a trade show,” I remark, hoping that that would be good enough to check that item off the list. “I am going to have to see more on this one,” he remarks. This is typical example of a real life scenario that plays itself out in IRS offices all over the country. Documenting travel and other expenses is very important. You may be thinking to yourself, “I know how to handle this, it’s easy, just pull out a copy of the plane ticket, hotel voucher, itinerary and case closed.” The auditor is only asking a reasonable question. The problem is not that the business travel never occurred. The problem is in proving it with no extra time or effort. Did your client take the time to gather this valuable information? It’s a little hard to come up with it now. Even if you can reconstruct the required corroborating evidence, isn’t it easier and less expensive just to have it all in the first place? Well now, “We have an App for that!” A smartphone application can help your clients to document travel expenses. They can do this by using their smartphones to take pictures along the way. The application then converts the picture to a PDF file that is stored or uploaded to a safe location. Some of these apps are free, but the one I use only costs $2 (JotNotPro). For example, here is a list of common items that would be helpful in substantiating a travel expense. It only takes a quick snap of a photo to do the trick): Boarding passes; Taxi cab receipts; Hotel invoices; Conference agendas – take a picture of the agenda or the poster outside the meeting you are attending; business cards and miscellaneous big item purchases. Share this way to document travel expenses with your clients and you may be surprised at the positive feedback you get. Keeping receipts and items of this nature has been a challenge for many, and has costs thousands of dollars in lost deductions. The substantiation requirements don’t have to be a stumbling block. The benefit of using a smartphone to help meet them means more successful IRS AZ CPA audit results and protection for your clients.

Stay on Top of the Latest Technology Trends at the Two-Day Technology Conference

Dec. 10-11 Learn how to use technology more effectively at your organization in this two-day conference delivered by K2 Enterprises. You can choose to attend one day or both. Following are topics that will be covered. Excel: PowerPivot And Power View: A Dynamic Duo; Guru’s Toolbox; Excel 2013: Best New Features Other Software: The Very Best QuickBooks Feature; Office 2013: What’s In It For Me?; PDF Forms: Retire The Typewriter! Managing Technology: CPA Firm Tech: Maximizing Partner Income; Dashboard Reporting Tools And Techniques; Backup, Business Continuity, And Disaster Recovery: Why All Three?; How To Create The Virtual Office Mobile: Mobile Strategies for Success; Our Favorite Apps Updates & Trends: Tech Update 2013; Tech 101: Don’t Get Left Behind The Cloud: Cloud Document Management 101; Collaborative Bookkeeping and Cloud Accounting Solutions Go to, click on Conferences to learn more and register for this conference.

Peter Harris, CPA, CMA, is a partner at Johnson, Harris, & Goff, PLLC. He can be reached at



Classifieds Business Opportunities/ Practices for Sale WE BUY CLIENTS— Our CPA firm would like to offer a smooth transition in the purchase of your clients. We will purchase anywhere from one client, up to an entire practice in the Phoenix/ Scottsdale metro area. If you are thinking of retiring or downsizing your practice and need to transition your clients to a professional CPA firm, please give us a call. Our staff has been practicing in the valley for more than 30 years with an emphasis in business taxes and accounting. Our office is located near Thunderbird and Scottsdale Rd. Please contact us today for more information and ask for Craig (480)990-2727 Practice for Sale — Tax Preparations and Accounting Practice for Sale. Northwest valley area. Call for details: (602) 686--0835.

Employment LAKE HAVASU, AZ CPA FIRM SEEKS BUYER — CPA practice for sale in Lake Havasu, Arizona! The twopartner, firm has yearly revenues of $250,000 consisting of 38% tax, 39% accounting and 23% audit services. Asking price is $270,000; terms are negotiable. Send e-mail to havasucpa@

22 AZ CPA y OCTOBER 2013

PRESCOTT CPA Practice for sale — Well established CPA practice grossing $515,000+ located in the PrescottPrescott Valley area approx 70 miles north of Phoenix. Great living environment with more moderate temperatures. Heavy high end tax with diversified clientele. Attractive offices with room to expand. Flexible lease. Above average net with low overhead and experienced staff. Uses ProSystems FX and QuickBooks software. Additional details contact Leon Faris CPA at 800729-9031 or email: SENIOR TAX ACCOUNTANT — Dalby, Wendland & Co., P.C. - Continue your career with a market-leader public accounting firm in beautiful Western Colorado! Dalby, Wendland & Co., P.C. is seeking a Senior Tax Accountant to join our Glenwood Springs office. Qualified candidates will have solid skills in income taxation and a strong accounting background; 2-5 years experience in public accounting desired. CPA or EA preferred, but not required. DWC’s strong team culture and quality-focused work environment provides challenging opportunities and growth throughout your career. Our firm provides a good work/life balance, competitive compensation, a comprehensive benefits package, and opportunities for advancement. To apply, email your resume to

Forensic Auditor — The City of Phoenix—The Forensic Auditor position works for the Phoenix Police Department in the Document Crimes Detail and provides critical knowledge of accounting techniques, accounting software, and embezzlement schemes. Incumbents have an in-depth understanding of business financial procedures and investigate cases involving financial corruption. Forensic Auditors interview suspects related to criminal offenses; identify and detect fraud; determine misappropriation of assets; investigate complex embezzlement cases; prepare evidence to support a case; and may be called upon to provide expert testimony in litigation or court hearings. To apply and view full details please visit http://www.Click2Apply. net/vdx7rjm.

Office Space OFFICE SHARING — North Scottsdale CPA firm offices available, furnished or unfurnished. Includes, reception area, conference room, kitchen and restrooms. Contact Mike at mikeo@

To place a classified ad, go to and go to marketplace.

Here are a few of the most frequently asked questions about the mobile Connect site: Q: What mobile operating systems automatically direct to the mobile website?

Connect’s Gone Mobile

Staying current with the latest Community content and engaging with peers has never been easier! Connect is now accessible in a friendly, intuitive format for mobile browsers. There is nothing for you to download or install – you will be automatically directed to the mobile website when accessing Connect from a mobile browser. We’re excited about the mobile website and the benefits it provides to our members on the go. The following features are now available on the mobile version of Connect: • Communities – view, search, sort, join • Discussions – view, search, sort, post • Library entries – view, search, sort, add • Directory/Contacts – view, search, add, message • Inbox – view, send • Blogs – view, search, sort • Announcements – view • Events

A: iPhone, Windows, Android, Opera Mobile and Blackberry Q: What about my iPad? A: The iPad screen is large enough to display the regular Connect site without compromising functionality so you will not be automatically directed to the mobile website when viewing the Connect on your iPad. Q: How does log in work? A.: You can log in with the same username and password that you currently use. Authentication will occur just like it does on our regular website.

In the Black ... Adventures in Accounting Sorry Mom, I can’t do your taxes ...

do Mom, I can now! your taxes

Concept: Heidi Frei Illust.: Jack Gannon Supporting your education has finally paid off!

The passage of HB 2260 allows CPAs to do their family’s taxes (if they are not being paid ) without having to register as a CPA firm.



Arizona Society of Certified Public Accountants 4801 E. Washington St., Suite 225-B Phoenix, AZ 85034

PRSRT STD U.S. Postage PAID Phoenix, Arizona Permit No. 952 ADDRESS SERVICE REQUESTED

Health Care Reform—You have questions, we have answers! Along with guaranteed acceptance for health insurance under the Affordable Care Act, there are multiple ways to purchase coverage. For those who qualify for a tax subsidy because they earn less than 400% of the Federal Poverty Line, the “Marketplace” is the mandatory enrollment vehicle. But how does someone know which plan to buy? How can they know if they qualify for a subsidy? How much will it be? Are there any other benefits to qualifying for the subsidy? Which insurance company is the right choice? How do they access the Marketplace (previously known as the Exchange)? The Argus Group is committed to the insurance business, and we have answers to all of these questions and more. If you and/or your clients are looking for guidance in this new world of health insurance, we would love to be the company that helps you navigate the storm. Please feel free to give us a call at (602) 863-0080. We are here to help.

24 AZ CPA y OCTOBER 2013

AZ CPA October 2013  

The official publication of the Arizona Society of CPAs.

Read more
Read more
Similar to
Popular now
Just for you