LLP_Newsletter_NEW_BRANDING

DECEMBER 2015

IN THIS ISSUE

Recruiting 2016

Data Breaches

America's Thanksgiving Parade

FASB ASU 2015-17

EVENTS CALENDAR

Automotive Update

SPECIAL ANNOUNCEMENTS

Congratulations, Rick David

Aaron Witalec M&A Insights

UHY Advisors' New Board

Careers

QUICK LINKS

Why UHY?

Services

Industries

Find A Professional

Locations

ARCHIVE

Missed an issue? New subscriber? Visit our

news archive.

WE'RE LOOKING FOR 2016 TALENT!

UHY LLP's Michigan practice, one of southeast Michigan's largest accounting firms, is wrapping up busy season recruiting but is always looking for experienced, entry-level and administrative positions within multiple departments. With offices in Detroit, Farmington Hills and Sterling Heights, we offer recruits the opportunity to work with clients in a wide-range of industries and engage in various practice areas including audit and assurance, tax planning and compliance, business advisory, corporate finance, and forensic, litigation and valuation services. Our firm provides accelerated opportunities for success and advancement and allows every professional the ability to create a career path unique to their own goals and needs.

Contact Yolanda Rountree to learn more about what UHY has to offer you.

YOUR DATA BREACH: NOT A QUESTION OF IF BUT WHEN

By David Barton, managing director; internal audit, risk and compliance practice

IT security is a growing threat for businesses of every type and no organization is safe. While information security risks have been around for a long time (several Civil War battles were decided by details obtained by the enemy), today they bring with them challenging complexities and costly ramifications for businesses.

According to the "2014 Cost of Data Breach Study: United States" conducted by the Ponemon Institute, US consumer cyber-attacks in 2014 averaged $5.85 million per breach and the average cost per record compromised was $201 per record. Hackers today are learning new ways to infiltrate websites and networks. Hacking toolkits and the necessary hardware and software infrastructure are available for sale or for rent via the internet.

Employees have ready access to company information and are often ignorant about how to detect and prevent breaches because of a general lack of training. That means a cyber-attack at your company is no longer a question of if, but when.

Anthem Insurance, Sony, JP Morgan Chase, Target and Home Depot are some of the bigger names that have recently been in the headlines due to cyber-attacks, but there are countless other small and medium-sized businesses that are going through the very same breaches, just on a smaller scale.

The Target breach led to the resignations of both the chief information officer and the chief executive officer. In addition, the credit card issuers that ended up footing the bill as a result of the breach are attempting to bring a class action lawsuit against Target in order to recoup some of their losses. Similarly, former employees and business partners of Sony that had personal information exposed in that breach have also brought a class action suit against the company.

THE DISAPPEARING PERIMETER

It is clear from examining the year over year statistics related to data breaches that the collective efforts of information security teams have done little to stem the tide. Companies continue to increase their budgets for more and better security technology and yet, the breaches continue to occur more frequently, and with greater impact.

The primary methods for protecting information are based on securing an organization's perimeter. Things like firewalls, intrusion detection systems (IDS), multi-factor authentication and virtual private networks (VPN) are all based on keeping the cyber attackers out. As information technology evolves, the perimeter of an organization's infrastructure continues to fade as a result of ever-increasing connectivity between customers, suppliers, and service providers. Add mobile devices (tablets, phones, etc.), teleworking and cloud computing to the mix and it is nearly impossible to define where the "perimeter" is.

The problem with relying primarily on traditional perimeter security approaches is that many of the recent high profile breaches were not the result of failed perimeter security. Rather, the breaches were the result of attackers using compromised IDs and passwords from authorized users. Once inside, the attackers methodically explore and exploit internal vulnerabilities (which are generally not protected as well) until they gain access to the information they are seeking.

Former Websense CSO Jason Clark recently stated that 80 percent of security spend is going on firewalls, IDS and anti-virus solutions, despite only being effective to 30 percent of threats.

The sooner we recognize that our tried and true security techniques are failing us, the sooner we can take a fresh look at preparing for the inevitable. A shift in focus from "if" we have a breach, to "when" we have a breach will pay dividends as a result of better planning and preparation.

PREPARING FOR A DATA SECURITY BREACH

Studies show that the appointment of a chief information security officer and involvement of business continuity management in the incident response process decreased the costs of breaches per compromised record by $10 and $13, respectively.

However, the most significant cost reductions for organizations came from having a strong security posture, which reduced the average cost of a data breach by $21 per compromised record, and an incident response plan, which shrunk the cost by $17 per compromised record. These findings emphasize the importance of being prepared for a breach in data security.

The starting point in planning for cyber-attacks is having an incident response plan (IRP) in place to ensure appropriate action if security is breached. An effective IRP will address preventative controls, timely detection of potential problems and rapid response to data security breaches. The key components of a well-defined IRP include:

Incident Response Team- Select individuals from departments that will be involved when a data security breach occurs, such as Executive Management, Information Technology, Human Resources, Public Relations, Legal, and Operations. Identify the roles each Incident Response Team member will play and ensure they have the authority to execute.

Data Classification- The organization's incident response strategy takes into account the type of data compromised by the breach in determining its response efforts and activities. Categorize data so employees know how to handle various types of information. Levels can include "public/non-classified," "internal use only" and "confidential." Then, focus on protecting the most confidential data.

Communication Plan- A comprehensive communication plan involves more than maintaining a current contact list of Incident Response Team members, system support personnel and external service providers. The organization should also plan what message it wants to convey and to whom it will communicate internally and externally after a security breach. Include an alternative plan when the normal notification process is pre-empted.

Training- Incident preparedness training ensures that all company personnel are ready to handle data breaches before they occur. Incident Response Team members should be well versed in how to appropriately evaluate, respond and manage security incidents. Even if not directly involved in the incident management process, all staff should understand the company's overall breach response plan so that their actions support, not hinder, breach response efforts.

Testing- The IRP should be thoroughly and continuously tested in advance of an actual data breach to help identify process gaps and provide assurance that the plan will be effective in responding to incidents.

THE HUMAN ELEMENT

Without a doubt, employees are the weakest link in the security chain. While businesses have done an excellent job in the last decade of improving the process and technology aspects of IT security, they've fallen short in training their own employees to defend and protect their company information.

The curious and fallible nature of humans demands that companies train and reinforce their employees on these matters. This is an area that companies cannot afford to overlook. "Bring your own device" (BYOD) complicates matters as employees create new risk by accessing company data with their own technological devices including laptops, smartphones and tablets. Employees must be motivated to think about and understand the security risks and consequences associated with their actions.

ONE STEP AHEAD

It is critical that an organization be aware of the new risks and new ways to address them, allocating time regularly to exploring new threats and new controls.

Even with all the proper precautions in place, data breaches will continue to happen. We will always be vulnerable, but how we prepare can help ease the pain when an attack hits. Preventative measures will minimize disruption to customers, operations and productivity, and aggressively managing through the security breach will yield a much more desirable outcome.

Contact David Barton, expert in information security and technology risk and controls, and follow him on Twitter at @ITcontrolsfreak.

UHY LLP PARTAKES IN NEARLY 90-YEAR-OLD DETROIT THANKSGIVING TRADITION

For the second consecutive year, UHY LLP sponsored the Distinguished Clown Corps float in the 89th America's Thanksgiving Parade. Over 70 feet long and standing 17 feet tall, the DCC float is the centerpiece of the 180+ Distinguished Clowns greeting and entertaining hundreds of thousands of spectators.

More than 70 employees and their families filled the streets to cheer on UHY's very own Distinguished Clowns (Chad Kime, Matt Munn, Debi Ritter, Bill Kingsley, Todd Bensley and son Justin, and Tom Callan and son Joe) who walked alongside the float, representing UHY. The clowns distributed candy, smiles and UHY beads to spectators along the parade route.

Click here to view a short video clip

The Parade is Detroit's grandest and most anticipated civic event, the second largest Thanksgiving parade and the third largest parade in the country overall. First televised in 1948, The Parade is broadcast live locally on WDIV-TV Local 4 with a syndicated national potential reach of over 65 million households.

"UHY is celebrating our one-year anniversary in our newest downtown office. We've always had strong ties to this community, supporting numerous local charities; and we are thrilled to be a part of this memorable tradition," said UHY Advisors' chairman and CEO, Tony Frabotta. "Our firm chose to sponsor this float because the Distinguished Clowns Corps is comprised of community leaders and supporters just like us."

FASB ACCOUNTING STANDARDS UPDATE 2015-17

By Carolyn Johnson, CPA

In November 2015, the FASB issued Accounting Standards Update (ASU) 2015-17, Income Taxes (Topic740): Balance Sheet Classification of Deferred Taxes, to simplify the presentation of deferred income taxes. Under current GAAP when a classified balance sheet is presented, deferred tax liabilities and assets are separated into a current amount and a noncurrent amount generally on the basis of the classification of the related asset or liability for financial reporting. The Board determined that the current presentation under GAAP does not provide users of financial statements with useful information as the classification between current and noncurrent generally does not reflect when a temporary difference will reverse and become a taxable or deductible item.

The amendments in the ASU require that deferred tax liabilities and assets be classified as noncurrent and applies to all entities that present a classified balance sheet or statement of financial position. This ASU does not affect the current requirement that deferred tax liabilities and assets within a tax-paying component of an entity be offset and presented as a single amount but that deferred taxes of one tax-paying component should not be offset against the deferred taxes of another tax-paying component. The amendments also will align GAAP with presentation of deferred income tax assets and liabilities with International Financial Reporting Standards (IFRS).

For public entities, the amendments in the ASU are effective for financial statements issued for annual periods beginning after Dec. 15, 2016, and interim periods within those annual periods.

For nonpublic entities, the amendments in the ASU are effective form financial statements issued for annual periods beginning after Dec. 15, 2017, and interim periods within annual periods beginning after Dec.15, 2018.

Early application is permitted and the amendments may be applied either prospectively to all deferred tax liabilities and assets or retrospectively to all periods presented.

For more information on ASU 2015-17 or for other FASB updates, please contact your professional at UHY LLP in Detroit 313 964 1040, Farmington Hills 248 355 1040 or Sterling Heights 586 254 1040, or visit us on the web at www.uhy-us.com.

EVENTS CALENDAR

1/19 AUTOMOTIVE UPDATE: "HOW LONG CAN WE KEEP MOVING METAL?"

Save the date for 2016 Automotive Update on Tuesday, January 19 from 7:30-10:15AM at UHY's training center in Sterling Heights. This complimentary seminar is brought to you by Michigan Manufacturers Association (MMA), Sterling Heights Regional Chamber of Commerce (SHRCC), UHY LLP and LMC Automotive. Stay tuned for more information.

SPECIAL ANNOUNCEMENTS

UHY ADVISORS' COO, RICK DAVID, ELECTED AS TREASURER OF UHYI BOARD

During the 2015 UHY International Annual General Meeting in Rio de Janiero, Rick David, chief operating officer of UHY Advisors, was elected as treasurer of the UHY International network. David, a member of the UHYI board of directors, becomes responsible for developing, implementing and supervising UHY's strategic financial activities. "I am honored to be elected as treasurer of our international network. I hope to properly safeguard our assets while insuring that our network expenditures are in line with our agreed upon budgets and serve to add value to the network, and our many member firms," said David. Rick has been a member of the UHY International Board of Directors since 2012.

AARON WITALEC, DIRECTOR OF UHY CORPORATE FINANCE, SHARES HIS THOUGHTS ON FOREIGN M&A ACTIVITY
Dykema's 2015 M&A Insights report found a smaller percentage of respondents expecting foreign dealmakers to become more active on US soil. Given recent world events, that's not surprising, says Aaron Witalec, director at UHY Advisors Corporate Finance, LLC. With valuations high, economic turmoil in China and the US dollar performing well against foreign currencies-particularly the euro-we're more likely to see a rise in American companies pursuing deals overseas than the other way around, says Witalec, whose firm has a physical presence in 89 countries. Last year, 78 percent of respondents said they expected an increase in activity from China to the US, compared with 69 percent this year. In 2014, 74 percent of respondents said they expected an increase in activity from Europe to the US, compared with 47 percent this year. Whereas US M&A activity to China was not viewed as positively this year, a greater percentage of respondents expect M&A from the US to Europe to increase. That makes sense, Witalec says, noting that, as places like China cool off, Eastern Europe in particular looks ripe for increased M&A activity.

"Western European companies had an interest in pursuing low-cost solutions in Eastern Europe. Then, 10 to 15 years ago, China became the focus for multinationals as it was viewed as 'the place to be,'" Witalec explained. "Now, given the challenges in Asia, Eastern Europe is becoming an attractive destination once again with more American and Western European companies searching for the right acquisitions in the region, especially those that provide a meaningful technological edge in manufacturing."

Click here to view the complete summary.

MICHIGAN PRACTICE MEMBERS JOIN UHY ADVISORS' BOARD OF DIRECTORS
UHY Advisors announced new board members from its Michigan practice, Thomas Callan and Steven McCarty. Both are well known in the local business community, been with the firm for over 20 years, and alumni of Walsh College. Callan and McCarty will join five others, including the firm's CEO, Anthony Frabotta, who is also a Michigan resident. Frabotta has been with the firm since 1974 and on the board of directors and executive committee since 2000, serves as a member of the board of trustees and treasurer for DMC Legacy, and is a graduate of Wayne State University. Click here to view full press release.

CAREERS AT UHY
Are you ready to take charge of your career path? Be sure to visit our careers page for the most up-to-date listings or contact Yolanda Rountree. Current opportunities in our Michigan offices include:

Audit Manager, 7+ years of experience, manufacturing experience is highly preferred
Audit Manager, 7+ years of experience, SEC experience is highly preferred
Audit Senior Accountant, 5-7 years of experience, CPA required
Internal Audit Risk & Compliance Manager, 7+ years of experience
R&D Tax Specialist, 7+ years of experience
Tax Manager, 7-10 years of experience
Director of Litigation, testifying experience required municipalities
Senior Associate (Corporate Finance), 2-4 years of Big 4 experience highly preferred

Published by UHY LLP News.

Our firm provides the information in this newsletter as tax information and general business or economic information or analysis for educational purposes, and none of the information contained herein is intended to serve as a solicitation of any service or product. This information does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisors. Before making any decision or taking any action, you should consult a professional advisor who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.

UHY Advisors, Inc. provides tax and business consulting services through wholly owned subsidiary entities that operate under the name of "UHY Advisors." UHY Advisors, Inc. and its subsidiary entities are not licensed CPA firms. UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc. and its subsidiary entities. UHY Advisors, Inc. and UHY LLP are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. "UHY" is the brand name for the UHY international network. Any services described herein are provided by UHY Advisors and/or UHY LLP (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.