Authored by RSM US LLP

Hospital and health system merger and acquisition (M&A) announcements increased by 27% in 2023 compared to 2022, according to Cain Brothers, a division of KeyBanc Capital Markets—a pace likely to continue this year. In addition to leveraging M&A, some health systems are leaning toward joint ventures to diversify revenue and expand offerings. Joint ventures can be less capital-intensive and face fewer regulatory requirements, allowing health care organizations to be nimbler and more efficient in meeting patient needs.

One example is a management services company partnering with a specialty physician group to help optimize the group’s ability to utilize space, deliver services and receive assistance with certain administrative functions. Understanding the risks involved with setting up such joint ventures is imperative. Considerations include whether one of the parties entering into a joint venture is tax-exempt. The tax-exempt entity should ensure the joint venture is organized in a way that does not jeopardize its status.

Still, opportunities for strategic partnerships are growing in the health care sector, with a focus on investing in convenient care options to better meet patient demand and help address compressed margins.

Patients continue to demand the delivery of customized services in a convenient setting. Like big-box retailers, nontraditional health care companies have taken notice of these shifting consumer preferences and continue to disrupt care delivery by meeting that demand through innovative solutions.

In 2024 we expect more shifts in the health care delivery ecosystem as the digitalization of health care evolves and consumerism continues to take hold. Based on a recent VMG Health survey, 97% of health system leaders would consider some type of joint venture in a variety of service line areas, including outpatient surgery, urgent care and “hospital at home,” in which a patient receives inpatient-level care in the comfort of their home.

The importance of supply chain resiliency

One key area of focus for organizations amid new partnerships and resulting digital and consumer shifts in care delivery models is ensuring their supply chains are resilient and continue to evolve and align with where and how care is delivered.

Mike Morioka, an RSM US LLP director focused on supply chain for the health care industry, notes, ‘’As an organization and its affiliates become larger in size, it is critical that the supply chain program transforms and becomes more strategic. The program’s goal should be to drive down nonlabor expenses for the organization and its affiliates while enhancing technology, integration efforts and capturing the transparency of a supply chain journey.”

The takeaway

Last year’s robust M&A numbers for hospital and health systems signal a hunger for growth, but joint ventures can offer a nimbler path to diversification and patient-centric care for some organizations. As margins struggle to rebound to pre-pandemic levels, more strategic partnerships are expected in 2024, including outpatient-type joint ventures and digital at-home models that capitalize on shifting patient preferences and health care’s digital revolution. Each organization’s agility within its supply chain will be a key to success for expansion of services and revenue diversification in the evolving health care landscape.

---

This article was written by Michael Haas, Danny Schmidt, Matt Wolf and originally appeared on 2024-02-23. Reprinted with permission from RSM US LLP.
© 2024 RSM US LLP. All rights reserved. https://rsmus.com/insights/industries/health-care/hospitals-turn-to-joint-ventures-for-growth.html

RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent assurance, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/about for more information regarding RSM US LLP and RSM International.

The IRS is alerting business owners to a list of seven recurring red-flag issues that could impact their employee retention credit claims.

The agency revealed the list as a precautionary measure for small businesses who might have incorrectly filed ERC claims, many of them the result of fraudulent advisors cashing in on the temporary COVID-era tax break. The IRS has set a deadline of March 22, 2024, for businesses to use its ERC voluntary disclosure program to repay false claims at 80% and avoid massive interest and penalties.

For businesses still unaware that their ERC claim could in fact be fraudulent, the seven warning signs provide insight:

Too many quarters being claimed. Some employers have been falsely told to file for all or nearly all the quarters available during the ERC period. The IRS points out that it’s uncommon for businesses to meet that qualifying threshold.

Citing government orders that don’t qualify. Employers whose business wasn’t affected by COVID-related government orders in their area likely aren’t eligible for the credit.

Too many employees and wrong calculations. Overclaiming the credit can happen when an employer applies the same credit amount across multiple tax periods for the same employee.

Citing supply chain issues. Qualifying for the credit based on a supply chain disruption is not common and often cited mistakenly.

Claiming the credit for an entire calendar quarter. It’s uncommon for an employer to qualify for ERC for an entire calendar quarter if their business operations were suspended due to a government order during a portion of that quarter. Overstated qualifying wages could lead to a false claim.

Non-existent wages. Employers can claim ERC only for tax periods when they paid wages to employees. They also must have had an employee identification number with the IRS to qualify as an existing business.

More is better because there’s nothing to lose. Employers who were advised to over-claim ERC credits under the guise of more-is-better might be harmed most of all as penalties, interest, and potential audit inquiries pile up.

Visit the IRS website for extensive information on the ERC, who qualifies, and next steps.

© 2024 KraftCPAs PLLC

When you file your federal tax return, your Form 1040 provides a few options to sort through. Possibly the biggest among them is your filing status, which is used to determine your standard deduction, tax rates, eligibility for certain tax breaks, and your correct tax.

The five filing statuses are:

• Single
• Married filing jointly
• Married filing separately
• Head of household
• Qualifying surviving spouse

If you’re married, you might have wondered whether to file joint or separate tax returns. The answer depends on your individual tax situation.

In general, you should choose the filing status that results in the lowest tax. But keep in mind that, if you and your spouse file a joint return, each of you is “jointly and severally” liable for the tax on your combined income. And you’re both equally liable for any additional tax the IRS assesses, plus interest and most penalties. That means the IRS can come after either of you to collect the full amount.

Although there are “innocent spouse” provisions in the law that may offer relief, they have limitations. Therefore, even if a joint return results in less tax, some people may still choose to file separately if they want to only be responsible for their own tax. This might occur when a couple is separated.

In most cases, filing jointly offers the most tax savings, especially when the spouses have different income levels. Combining two incomes can bring some money out of a higher tax bracket. Filing separately doesn’t mean you go back to using the “single” rates that applied before you were married. Instead, each spouse must use “married filing separately” rates. They’re less favorable than the single rates.

However, there are cases when married couples may save tax by filing separately — for example, when one spouse has significant medical expenses. Medical expenses are deductible only to the extent they exceed 7.5% of adjusted gross income (AGI). If a medical expense deduction is claimed on a spouse’s separate return, that spouse’s lower separate AGI, as compared to the higher joint AGI, can result in a larger total deduction.

Only on a joint return

Keep in mind that some tax breaks are only available on a joint return. The child and dependent care credit, adoption expense credit, American opportunity tax credit, and lifetime learning credit are available only to married couples on joint returns. And you can’t take the credit for the elderly or the disabled if you file separately unless you and your spouse lived apart for the entire year. You also may not be able to deduct IRA contributions if you or your spouse were covered by an employer retirement plan and you file separate returns. And you can’t exclude adoption assistance payments or interest income from Series EE or Series I savings bonds used for higher education expenses.

Social Security benefits

Social Security benefits may be taxed more when married couples file separately. Benefits are tax-free if your “provisional income” (AGI with certain modifications, plus half of your Social Security benefits) doesn’t exceed a “base amount.” The base amount is $32,000 on a joint return, but zero on separate returns (or $25,000 if the spouses didn’t live together for the whole year).

Circumstances matter

The filing status decision you make when filing your federal tax return can also affect your state or local income tax bill, so the big-picture tax impact should be considered.

There may not be a good answer as to whether a couple should file jointly or separately, but depending on your situation, one option might be more advantageous than the other.

© 2024 KraftCPAs PLLC

Employers have a new option to help employees who face sudden emergencies and financial shortfalls.

Included as part of the SECURE 2.0 legislation passed in 2022, the pension-linked emergency savings account (PLESA) provision is available for plan years beginning January 1, 2024.

The DOL defines PLESAs as “short-term savings accounts established and maintained within a defined contribution plan.” Employers with 401(k), 403(b), and 457(b) plans can opt to offer PLESAs, but only to non-highly compensated employees. For 2024, a participant who earned $150,000 or more in 2023 is classified as a highly compensated employee.

More details about PLESA accounts:

• The portion of the account balance attributable to participant contributions can’t exceed $2,500 (or a lower amount determined by the plan sponsor) in 2024. The $2,500 amount will be adjusted for inflation in future years.
• Employers can offer to enroll eligible participants in these accounts beginning in 2024 or can automatically enroll participants in them.
• The account can’t have a minimum contribution to open or a minimum account balance.
• Participants can make a withdrawal at least once per calendar month, and such withdrawals must be distributed “as soon as practicable.”
• For the first four withdrawals from an account in a plan year, participants can’t be subject to any fees or charges. Subsequent withdrawals may be subject to reasonable fees or charges.
• Contributions must be held as cash, in an interest-bearing deposit account or in an investment product.
• If an employee has a PLESA and isn’t highly compensated, but becomes highly compensated as defined under tax law, he or she can’t make further contributions but retains the right to withdraw the balance.
• Contributions will be made on a Roth basis, meaning they are included in an employee’s taxable income, but participants won’t have to pay tax when they make withdrawals.

Proof of an event not necessary

A participant in a PLESA doesn’t need to prove that he or she is experiencing an emergency before making a withdrawal from an account. The DOL states that “withdrawals are made at the discretion of the participant.”

These are just the basic details of PLESAs, but there are additional PLESA pros and cons to consider. The IRS recently released guidance about the accounts (in Notice 2024-22), and the U.S. Department of Labor published frequently asked questions for additional clarification.

© 2024 KraftCPAs PLLC

Authored by RSM US LLP

While approximately 10,000 baby boomers retire every day, businesses do not have to helplessly watch their experienced workers ride off into the sunset.

Thoughtful compensation and benefits planning for aging workers and next-generation leaders helps organizations smooth transitions while preserving institutional knowledge and other differentiators.

“Challenges due to retiring workers are neither a surprise nor sudden, but many companies take for granted how many considerations there are and how they’re going to effectuate change,” says Anne Bushman, an RSM US LLP partner and leader of the firm’s Washington National Tax compensation and benefits group. “An organization that thinks through its pain points and transitionary goals can prioritize action items.”

Retiring workers present challenges that are not disappearing anytime soon. The youngest of the 78 million Americans born between 1946 and 1964—the baby boomer generation—are reaching traditional retirement age. As baby boomers continue their exodus from the workforce, companies are navigating foundational succession planning issues that affect their sustainability and success.

The prevalence of the challenge shows in data from an RSM US Middle Market Business Index survey. In the poll of 403 senior executives conducted in October 2023, 93% of respondents said they anticipate some degree of difficulty in their staffing plans over the next 12 months due to their aging employee base. This is up from 90% in the same period in 2022 and 88% in 2021.

As Bushman points out, because employers know how old their employees are, they can clearly foresee how problematic the issue could be for their organization. This helps crystallize the value of designing compensation and benefits offerings to support succession planning.

In many cases, effective structuring depends on being proactive. With that in mind, she suggests the following four best practices:

Closely examine the preferences of who’s exiting and who’s filling the vacuum

These two sets of stakeholders are distinct but also interconnected in the context of succession planning.

For example, companies have an interest in retaining workers in both groups—older workers as leaders and mentors to ease the transition, and younger workers to preserve the company’s knowledge, culture and investments in professional development.

However, retention incentives will differ for those respective groups. For instance, phased retirement programs and deferred compensation arrangements may be effective for more experienced workers, while performance incentive plans and fringe benefits may keep younger workers developing within the company hierarchy rather than looking for a new employer.

Cultural and psychological factors are at play for both groups as well. Structuring effective compensation and benefits offerings requires an understanding of what each group wants and values.

“We hear a lot of companies say they want their next generation of leaders to buy into ownership, but those rising workers don’t want the ownership their predecessors have,” Bushman says. “So we have to explore other opportunities, and it may require a mindset shift of the company itself to realize things have to be done differently.”

Balance the certainty that established offerings provide with the flexibility required to keep them valuable

Employees want to know what compensation and benefits offerings are in place, and they want to understand them. If they don’t comprehend them, or don’t trust their longevity, then they won’t value them, Bushman says.

On the other hand, if a company locks itself into a long-term offering—such as equity plans held until retirement—and the value of the entity skyrockets, the company’s ability to fund the plan may be jeopardized.

Reassessing succession planning goals and related compensation and benefits offerings regularly—perhaps every five years—can help a company ensure the longevity of those offerings and effectiveness in reaching organizational objectives.

Prioritize succession planning objectives with a comprehensive strategy

It’s common for organizations to turn to succession planning only after they conceive a tactic or offering, and even then they have a narrow focus such as minimizing tax obligations.

Bushman cautions not to let taxes drive strategy. Instead, a company that has clearly thought through its succession planning needs and objectives can work with an advisor to structure a compensation and benefits program that balances costs with desired outcomes.

“Make business decisions first, not tax minimization first,” Bushman says.

When a range of business functions work together in structuring compensation and benefits offerings—including finance, human resources and tax—a company can focus more clearly on the big picture.

Beware of the creativity trap

Compensation and benefits offerings have tax or legal parameters, but there is often significant room for creativity in structuring incentives. In fact, the possibilities may seem endless—but that’s not necessarily a good thing. 

“You can make a long-term incentive plan way more complex than it needs to be,” Bushman says.

When a company understands the workforce issue it needs to prioritize, it can identify the easiest route to reaching that goal while avoiding unintended consequences.

The takeaway

Retiring baby boomers are central to an ongoing demographic shift in the American workforce. Companies can minimize how this workforce exodus negatively affects them by conducting thoughtful succession planning that features strategically designed compensation and benefits packages.

By working with an experienced advisor, a company can zero in on its business objectives by effectively incentivizing employees across generations and minimizing the associated costs and risks.

---

This article was written by Anne Bushman and originally appeared on 2024-01-25. Reprinted with permission from RSM US LLP.
© 2024 RSM US LLP. All rights reserved. https://rsmus.com/insights/services/business-tax/how-compensation-and-benefits-planning-can-help-you-navigate.html

RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent assurance, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/about for more information regarding RSM US LLP and RSM International.

The information contained herein is general in nature and based on authorities that are subject to change. RSM US LLP guarantees neither the accuracy nor completeness of any information and is not responsible for any errors or omissions, or for results obtained by others as a result of reliance upon such information. RSM US LLP assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect information contained herein. This publication does not, and is not intended to, provide legal, tax or accounting advice, and readers should consult their tax advisors concerning the application of tax laws to their particular situations. This analysis is not tax advice and is not intended or written to be used, and cannot be used, for purposes of avoiding tax penalties that may be imposed on any taxpayer.

A tax provision commonly called the “kiddie tax” can cause a child’s unearned income to be taxed at the parent’s tax rates – often considerably higher than the much lower rates a child would otherwise pay.

The rules are complicated and can impact individuals up to age 23, often catching families by surprise.

Kiddie tax basics

Perhaps the most important thing to know about this poorly understood provision is that, for a student, the kiddie tax can be an issue until the year that he or she turns age 24. For that year and future years, your child is finally kiddie-tax-exempt.

The kiddie tax is only assessed on a child’s (or young adult’s) unearned income. That usually means interest, dividends, and capital gains. These types of income often come from custodial accounts that parents and grandparents set up and fund for younger children.

Earned income from a job or self-employment is never subject to the kiddie tax.

Calculating the tax

To determine the kiddie tax, first add up the child’s (or young adult’s) net earned income and net unearned income. Then subtract the allowable standard deduction to arrive at the child’s taxable income.

The portion of taxable income that consists of net earned income is taxed at the regular federal income tax rates for single taxpayers.

The portion of taxable income that consists of net unearned income that exceeds the standard deduction ($2,600 for 2024 or $2,500 for 2023) is subject to the kiddie tax and is taxed at the parent’s higher marginal federal income tax rates.

The tax is calculated by completing an IRS form, which is then filed with the child’s Form 1040.

Calculating and reporting the kiddie tax can be cumbersome and complicated, often requiring help from an accounting professional.

Is your child exposed?

For 2023, the relevant IRS form must be filed for any child or young adult who meets each of these criteria:

• Has more than $2,500 of unearned income
• Is required to file a Form 1040
• Is under age 18 as of December 31, 2023; or is age 18 and didn’t have earned income more than half of his or her support; or is between ages 19 and 23 and a full-time student and didn’t have earned income more than half of his or her support
• Has at least one living parent
• Didn’t file a joint return for the year

For 2024, the same rules apply, except the unearned income threshold is raised to $2,600.

Don’t let the tax sneak up on you

There are strategies to minimize or avoid the tax. For example, your child could invest in growth stocks that pay no or minimal dividends and hold on to them until a year when the kiddie tax no longer applies.

© 2024 KraftCPAs PLLC

The IRS will open the 2024 income tax return filing season on January 29 – that’s the day the agency will begin accepting and processing 2023 tax year returns.

Here are answers to seven tax season questions often asked this time of year.

1. What are this year’s deadlines?

The filing deadline to submit 2023 returns or file an extension is Monday, April 15, 2024, for most taxpayers. Taxpayers living in Maine or Massachusetts have until April 17, due to state holidays.

Because of the severe storms that swept through Middle Tennessee in early December, taxpayers in Davidson, Dickson, Montgomery, and Sumner counties have a later filing deadline of June 17, 2024. Read more about that deadline change here.

2. When is my return due if I request an extension?

If you’re requesting an extension, you’ll have until October 15, 2024, to file. Keep in mind that an extension of time to file your return doesn’t grant you any extension of time to pay your taxes. You should estimate and pay any taxes owed by the April 15 deadline to avoid penalties.

3. When should I file?

Many filers wait until close to the deadline (or file for an extension), but there are advantages to filing earlier, such as the additional protection from tax identity theft.

4. What’s tax identity theft, and how does early filing help protect me?

Typically, in a tax identity theft scam, a thief uses another person’s information to file a fake tax return and claim a fraudulent refund early in the filing season.

The legitimate taxpayer discovers the fraud when filing a return. He or she is then told by the IRS that the return is being rejected because one with the same Social Security number has already been filed for the tax year. The victim should be able to eventually prove that his or her return is the valid one, but it can be time consuming and frustrating to straighten out. It can also delay a refund.

Filing early provides some proactive defense. The reason: If you file first, the tax return filed by a potential thief will be rejected.

5. Are there other benefits to filing early?

Besides providing protection against tax identity theft, another benefit of early filing is you’ll get any refund sooner. According to the IRS, most refunds will be issued less than 21 days after you file. The time may be shorter if you file electronically and receive a refund by direct deposit into a bank account. Direct deposit also avoids the possibility that a refund check could be lost, stolen, returned to the IRS as undeliverable, or caught in mail delays.

6. When will my W-2s and 1099s arrive?

To file your tax return, you’ll need all your Forms W-2 and 1099. The deadline is January 31, 2024, for employers to file 2023 W-2s and, generally, for businesses to file Form 1099s for recipients of any 2023 interest, dividends, or reportable miscellaneous income payments (including those made to independent contractors).

If you haven’t received a W-2 or 1099 by early February, reach out to the entity that should have issued it.

7. When can I prepare my return?

You can file your return now, even though it won’t be formally accepted by the IRS until later this month. Separate penalties apply for failing to file and pay on time — and they can be quite severe.

Still have questions? Find even more answers in our 2023-’24 Tax Planning Guide.

© 2024 KraftCPAs PLLC

Good communication between a business and its customers is just good practice. But to make that communication most effective, it’s important to know as much about your customers as you can.

You’ve undoubtedly created records for customers that at least contain their company name, contact name, and address, so this information can be included on sales forms like invoices. But there’s much more, some of which QuickBooks automatically contributes and some of which you can add. If you keep these records updated, you’ll be able to quickly call up details when someone calls or emails you. Good customer profiles can also present sales opportunities for you.

Here’s a look at how they work and why we think it’s worth taking some extra time to maintain them and browse through them regularly.

Hidden data

QuickBooks’ customer records are divided into two horizontal sections stacked on top of each other on the Customer Information page (Customers | Customer Center). To the left is a vertical pane where you’ll choose the Customer or Job you want to view. Select one, and the panes to the right change to reflect relevant data.

Contact information and links to related reports appear in the top pane. You’ve probably already completed these fields. Click on the pencil icon in the upper right corner, and a new window opens, containing settings and customization options you may not have seen.

They are:

Address info. This duplicates the contact data that appears on the main customer record page.

Payment settings. These fields are optional, but completing them will save time and reduce errors when you create transactions. Don’t worry about the Price Level field if it appears. This is an advanced feature that may not even be present in your copy of QuickBooks.

Sales tax settings. This window won’t mean anything to you unless you’ve set up sales tax in QuickBooks. We can help you do so if you’d like.

Additional info. QuickBooks allows you to create up to a total of 15 custom fields for your customer, vendor, and employee records. That’s not 15 for each, but rather, for example, five of each. You can define them in this window.

When you’ve finished adding all the information you want in these windows, click OK.

A mini-contact manager

Now that you’re back at the main Customer Information window, look at the bottom half of the page. Five tabs divide the data stored here, making your customer record something of a contact manager. Some of the information that appears here is automatically entered by QuickBooks, and some can be added by you.

The table that opens when you click the Transactions tab is automatically populated by QuickBooks. It displays that customer’s sales transactions, including payments you’ve received from them. Click Manage Transactions, and you can create new transactions like invoices and sales receipts directly from entries in the drop-down menu. You can also view the transactions as a report.

If you sell to a company that has multiple Contacts that you want to track, you can add them by clicking the next tab. Open the drop-down menu under Manage Contacts, and you’ll be able to add new ones and edit or delete existing ones. We recommend being very conscientious about keeping track of your contacts. It doesn’t make for good customer relations if you must call the company and you don’t know who you’ve been dealing with.

You probably have a separate list for all the tasks you need to accomplish each day. We suggest you keep your accounting tasks stored in QuickBooks, right on each customer’s page. With the To Do’s window open, either right-click anywhere in the table or open the Manage To Do’s menu and select Create New to open the Add To Do window. Complete the fields there and click OK.

You can add related Notes by clicking that tab. And when you click Sent Emails, you’ll see a list of emails you’ve sent that customer.

A good practice

You can see how helpful your QuickBooks Customer Information records would be if you updated them regularly. Even if your customer base is small, don’t rely on your memory. Document your history with them. You’ll be better able to respond in an informed way when they contact you. Over time, good customer relationships can lead to more sales and a better understanding of your audience.

© 2024 KraftCPAs PLLC

If you’re an employer with a business where tipping is routine when providing food and beverages, you could qualify for a federal tax credit involving the Social Security and Medicare (FICA) taxes that you pay on your employees’ tip income.

Credit fundamentals

The FICA credit applies to tips that your staff members receive from customers when they buy food and beverages. It doesn’t matter if the food and beverages are consumed on or off the premises. Although tips are paid by customers, for FICA purposes, they’re treated as if you paid them to your employees.

As you know, your employees are required to report their tips to you. You must then withhold and remit the employee’s share of FICA taxes and pay the employer’s share of those taxes.

How the credit works

As a business owner, you can claim the credit as part of the general business credit. It’s equal to the employer’s share of FICA taxes paid on tip income more than what’s needed to bring your employee’s wages up to $5.15 per hour. In other words, no credit is available to the extent the tip income just brings the employee up to the $5.15-per-hour level, calculated monthly. If you pay each employee at least $5.15 an hour (excluding tips), you don’t have to be concerned with this calculation.

A 2007 tax law froze the per-hour amount at $5.15, which was the amount of the federal minimum wage at that time. The minimum wage is now $7.25 per hour but the amount for credit computation purposes remains $5.15.

One example

Let’s say a server works at your restaurant. She is paid $2.13 an hour plus tips. During the month, she works 160 hours for $340.80 and receives $2,000 in cash tips, which she reports to you.

The server’s $2.13-an-hour rate is below the $5.15 rate by $3.02 an hour. Thus, for the 160 hours worked, she is below the $5.15 rate by $483.20 (160 times $3.02). For the server, therefore, the first $483.20 of tip income just brings her up to the minimum rate. The rest of the tip income is $1,516.80 ($2,000 minus $483.20). As the server’s employer, you pay FICA taxes at the rate of 7.65% for her. Therefore, your employer credit is $116.03 for the month: $1,516.80 times 7.65%.

While the employer’s share of FICA taxes is generally deductible, the FICA taxes paid with respect to tip income used to determine the credit can’t be deducted, because that would amount to a double benefit. However, you can elect not to take the credit, in which case you can claim the deduction.

© 2024 KraftCPAs PLLC

Authored by RSM US LLP

The world around us is becoming increasingly digital and interconnected, with cybersecurity an even more critical concern amid an ever-increasing number of large-scale compromises. The lack of timely disclosure has warranted a change in divulging information to shareholders. In July, the U.S. Securities and Exchange Commission (SEC) released final cybersecurity rules requiring public companies to disclose details of material incidents, as well as details of cybersecurity risk management, strategy and governance. As companies grapple with these new mandates, they’re confronted with a profound realization: cybersecurity is no longer a checkbox for compliance but an imperative that affects their entire organization.

The SEC’s move to extend its cybersecurity requirements signifies a pivotal evolution in the regulatory landscape. It demands proactive measures, strategic planning, a holistic approach to safeguarding data and operations and a shift from an approach emphasizing regulatory environments versus the broader enterprise. In this article, we’ll delve into the expansive scope of the SEC cybersecurity requirements, exploring how they transcend the control environment over financial reporting and permeate every facet of an organization. We’ll also provide actionable insights and steps companies should consider to meet regulatory obligations and fortify their cybersecurity posture, enhancing their overall resilience to cyberthreats.

Current state

Regulations such as the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Sarbanes-Oxley Act (SOX), etc., have dictated how organizations focus their cybersecurity time and resources. These requirements drive how budgets and, subsequently, efforts are directed. However, we found that while organizations typically have effective controls and governance in these areas, things weren’t as good outside these environments. In many cases, assets are missing from the central inventory. Key controls like endpoint protection, logging and monitoring, vulnerability and patch management, and identity and access management are not deployed. These vulnerabilities could open an organization up to a greater risk of needing to disclose an incident that cascades from a reputational impact perspective.

For companies, resources and time are finite commodities. Companies have always prioritized where they focus their energy and drove budgets based on their unique priorities. As new regulations demand an enterprise-wide cybersecurity program, it’s unrealistic to fully implement security controls for every possible cyber risk an organization faces. As such, with proper resource alignment based on risk identification, organizations can apply the prioritization principles to drive the programs focused on compliance requirements to develop an effective approach to the new regulatory demands.

Recommendations

Your organization has multiple avenues for developing a proactive strategy toward the new SEC cybersecurity guidelines. These include:

By following these strategic steps, your organization will make strides in meeting the SEC’s cybersecurity requirements and also build a robust cybersecurity foundation that safeguards your operations, data and reputation. In a rapidly evolving digital landscape, these actions are vital to ensure long-term resilience against cyberthreats.

---

Source: RSM US LLP.
Reprinted with permission from RSM US LLP.
© 2024 RSM US LLP. All rights reserved. https://rsmus.com/insights/services/risk-fraud-cybersecurity/going-beyond-compliance-to-strengthen-your-organizations-security.html

RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent assurance, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/about for more information regarding RSM US LLP and RSM International.