Wednesday, March 16, 2011

Retirement and Benefit Plan Changes for 2011

Federal legislation over the past few years has brought about additional tax law revisions relating to retirement and other benefit plans that go into effect for 2011. The following are highlights of some of the lesser known provisions.


“Simple Cafeteria Plans.” Beginning in 2011, small employers (generally, those with an average of 100 or fewer employees on business days during either of the two preceding years) may provide employees with a “simple cafeteria plan.” Under such a plan, the employer may take advantage of safe harbor rules that allow the employer to avoid the tax law’s nondiscrimination requirements that pertain to cafeteria plans generally, as well as to specified qualified benefits, such as group-term life insurance, self-insured medical reimbursement, or dependent care assistance plans.


Health plan reimbursement restrictions. Expenses for non-prescription medicines may no longer be reimbursed with tax-advantaged dollars through certain employer sponsored plans. Specifically, the cost of over-the-counter medicines cannot be reimbursed with excludable income for expenses incurred with respect to tax years beginning after 2010 through a health reimbursement account or a flexible spending account, unless prescribed by a doctor. For health savings accounts (HSAs) or Archer medical savings accounts (MSAs), the restriction relates to amounts paid with respect to tax years commencing in 2011 and after.


Increased tax penalty on non-qualifying HSA and MSA distributions. Beginning with tax years starting in 2011, the addition tax assessed on non-qualifying distributions from an HSA is increased from 10% to 20%. For MSA distributions not used for qualifying medical expenses, the penalty is also increased from 15% to 20%.


Qualifying charitable IRA distributions up to $100,000 excluded from gross income. A taxpayer age 70½ or older may make tax-free distributions up to $100,000 from an IRA to charity. The tax benefits to such charitable giving: (1) qualifying IRA distributions are not included in the donor’s gross income (nor may they be claimed as a charitable donation) for income-tax purposes and (2) charitable IRA distributions count toward the donor’s required minimum IRA distributions for the year of the distribution (a special rule applies for distributions made in early 2011). The rule is set to expire after 2011.


Designated Roth accounts permitted in 457 plans. For tax years beginning after 2010, governmental 457(b) deferred compensation plans may offer a qualified Roth contribution program. So, a 457(b) plan maintained by a state (or a state’s political subdivision, state agency, or instrumentality) can offer a designated Roth account.


Partial annuitization of annuities. Beginning in 2011, taxpayers may partially annuitize a nonqualified annuity, endowment, or life insurance contract. Generally, owners of nonqualified annuities may elect to receive a portion of an annuity contract in a stream of current annuity distributions. This benefits the account holder by enabling him or her to leave the remainder of the contract to accumulate on a tax-deferred basis. This rule does not change the treatment for annuities payable under qualified retirement plans, 403(a) or 403(b) annuity plans, or IRAs.


Questions?
These retirement and benefit plan-related rules are among many tax law changes that may impact your 2011 and later tax planning. Please contact Doeren Mayhew if you have any questions relating to the provisions discussed above or any issues dealing with recent changes in the tax laws. Our professionals are ready to help.

Thursday, March 10, 2011

Myths and Mysteries: How To Implement An Effective Enterprise Risk Management Process For Your Financial Institution


Presenter: Joseph A. Zito, CPA, MBA - Director, Financial Institutions Group, Audit & Assurance Services

 
Wednesday, April 13, 2:00 - 3:00 pm EST
Register Here Today!
CPE: 1.0 auditing and accounting


Most financial institutions are very good at analyzing and evaluating individual risks and exposures, but are usually not as focused on monitoring and measuring how various business units interact and impact each other as well as the institution as a whole. The recent economic crisis, along with financial reform has regulators recommending financial institutions implement an enterprise risk management (ERM) program.
This session will shed light on the myths and mysteries associated with ERM and provide you with the tools your institution needs to implement ERM including:
  • Understanding of enterprise risk management and its components 
  • The benefits of utilizing enterprise risk management for your credit union
  • Establishment of the risk identification process
  • Methods for identifying and quantifying risks in major functional areas
  • What is your role and responsibilities in the enterprise risk management process
  • Examples of a credit union’s risk profile and how to manage it
Enterprise risk management is an integrated risk management program that is designed to identify, analyze, monitor, and address environmental risks your institution faces in its day to day operations. Some of the benefits of ERM are:
  • Better communication to assess and manage risks.
  • Timely identification and correction of issues.
  • Assistance in impacting the financial institutions bottom line performance.
Who Should Attend: Executive Management, Board of Directors, Audit Committee, Risk Managers, and Internal Auditors.

Sunday, March 6, 2011

Accounting Alert: No More SAS 70s?

Authored By: Catherine Bruder, CPA.CITP,CISA,CISM, CTGA
Director, Audit and Information Technology Assurance
Financial Institutions Group


Who Does This Impact?

Anyone who uses a third-party (service organization) and needs or wants to understand the controls at the service organization.

What Does It Do?

CPAs have always had the need to understand the risks related to an entity’s use of service organizations for an audit. Historically, CPAs have assessed the risk of an entity using a third-party to perform processing or provide services to the entity by relying on an auditor’s report that was based upon Statement of Auditing Standard No. 70 (SAS 70). The SAS 70 included an auditor’s opinion of the controls, the third-parties description of the systems and the relevant controls, the implementation of those controls (referred to as Type I report), and in the case of a Type II report, testing of those controls for effectiveness in relationship to the entity’s financial reporting process.

This reporting process created at least three hurdles. First, many times the entity expected the SAS 70 report to include controls that were related to the service organization’s ability to protect the accuracy, confidentiality, integrity, and reliability of the information the service organization processed. These controls were frequently out of scope of a SAS 70 engagement. Second, the service organization wanted the SAS 70 to include representations of their ability to process information as they have indicated to the entity and to use the SAS 70 report as a sales or marketing tool to attract new customers. And third, under SAS 70, the service auditor’s report was restricted to the service organization, current users of the service organization, and the auditor’s of the user entity. Both the service organization and prospective users of the service organization wanted to use the report as part of the sales and marketing process. As a result, SAS 70 reports sometimes included controls outside of the financial reporting process and were provided to entities not permitted to use the report.

Since the auditing standards relate specifically to financial statement audits, moving SAS 70 for service organization auditors to the Attestation Engagement Standards (SSAE), permits changes to both the content and the audience of the reports. The new requirements for reporting on controls at a service organization are now in SSAE No. 16, Reporting on Controls at a Service Organization. The standards for financial statement auditor of the user entity are still located in the Auditing Standards (AU324).

Within SSAE No. 16, the AICPA has now established three Service Organization Control (SOC) reporting options. They are SOC 1, SOC 2 and SOC 3 reports. SOC 1 reports focus solely on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements only. SOC 1 is a restricted use report for use by the service organization’s client, existing user entities, and user auditors and its purpose is to report on controls relevant to the financial statement audits.

SOC 2 and SOC 3 engagements address controls at the service organization based upon principles and criteria at a service organization other than those relevant to user entities’ internal control over financial reporting. Both SOC 2 and SOC 3 are based upon the Trust Service Principles, Criteria, and Illustrations such as those controls related to security, availability, processing integrity, confidentiality, or privacy.

SOC 2 includes a description of the controls as well as the tests of controls (if a Type II) similar to a SOC 1 report. SOC 2 is also generally a restricted use report – this time for use by the service organization’s stakeholders (for example, customers, regulators, business partners, suppliers, and management) of the service organization that have a thorough understanding of the service organization and its controls.

SOC 3 is a general use report to provide assurance on controls at a service organization related to security, availability, processing integrity, confidentiality, or privacy but the detailed description of the controls nor the tests performed on controls is included in the report. The SOC 3 report may be used by current and prospective customers of the service organization.

When is this Effective?

SSAE No. 16 will take effect for periods ending on or after June 15, 2011. Doeren Mayhew will provide additional information on SSAE No. 16 over the next several months. For more information, please contact Catherine Bruder, CPA.CITP,CISA,CISM, CTGA at 248.244.3295 or via email at bruder@doeren.com.