Life Sciences Blog

The American Institute of Certified Public Accountants (AICPA) finally introduced the SSAE 16 SOC 1 audit guide last week and it looks like it was worth the wait. While planning and fieldwork may have already started since the new standard went live on June 15, this audit guide does include several items that should ease the transition from the SAS 70 report format to the Service Organization Control Reports (SOC) format. 

The guide highlights the differences between the two formats and provides information to help determine the types of services appropriate for SOC 1 attestations. Primary components of SOC 1 attestation and information on how to test the operating effectiveness of controls at the service organization are also included. Additionally, the audit guide includes examples of various components from actual reports across multiple industries. 

An earlier release date would have been beneficial in facilitating preparation for the changes this new standard introduces. In sum, this guide is an incredibly useful tool for planning and executing an SSAE SOC 1 attestation engagement.

To learn more about how the SOC reports will affect your manufacturing, distribution, life sciences, technology or healthcare company, contact Ryan Elmore at 317.452.1714 or visit the KSM Consulting website at ksmconsulting.com.

As a follow-up to prior posts regarding the new Service Organization Control (SOC) Reports, the implementation guide called Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy is now available. This guide provides guidance to CPAs engaged to prepare a SOC 2 report.

Additionally, the AICPA is currently in the process of preparing the highly anticipated guide for CPAs engaged to prepare a SOC 1 report, Service Organizations: Applying SSAE No. 16, Reporting on Controls at a Service Organization.

As implementation of the new standard draws near, you may find additional information on the AICPA’s website under the SOC section. Informational videos on the new reports are also available.

To learn more about how the SOC reports will affect your manufacturing, distribution, life sciences, technology or healthcare company, contact Matt Snively at 317.452.1760, or visit the KSM Consulting website at ksmconsulting.com.

The House Judiciary Committee recently approved the America Invents Act amid controversy whether it is a positive or negative reform. Similar legislation has already been supported by the Senate. The act introduces a first-inventor-to-file system for patent approval and creates a post-grant review system to kick out bad patents. Supporters hope it will help curb frivolous lawsuits and address the current backlog of more than 700,000 patent applications.

While supporters argue a first-to-file system reduces the cost of patent disputes, critics fear it could favor big business in what might become a race to the patent office. Small businesses have also historically opposed any reforms which would weaken the legal tools available to assert their patents, but others argue patent litigation is a burdensome distraction which needs addressed. Regardless of where you stand, the act is now one step closer to becoming reality.

Brett Behrens is a staff member in Katz, Sapper and Miller’s tax practice, which is comprised of professionals dedicated to reducing the tax burden of manufacturing, distribution, life sciences, technology, and healthcare companies, among others.

The American Institute of Certified Public Accountants (AICPA) recently released the 2011 Top Technology Initiatives Survey. The results are a culmination of responses from nearly 1,400 CPAs that specialize in information technology.

While the survey respondents have backgrounds ranging from business and industry to public accounting firms, the combined results show that control and use of mobile devices will be the technology issue of greatest importance in the coming months.

The top 10 initiatives as provided by the survey are as follows (in order of importance):

1.  Control and Use of Mobile Devices
2.  Information Security
3.  Data Retention Policies and Structure
4.  Remote Access
5.  Staff and Management Training
6.  Process Documentation and Improvements
7.  Saving and Making Money w/Technology
8.  Technology Cost Controls
9.  Budget Processes
10.  Project Management & Deployment of New Technology

As mobile devices become increasingly advanced and are readily available, the threat of misuse by unintended parties is also on the rise. These devices regularly have access to critical resources which can be used by others to gain access to your network.

Many of the top 10 initiatives are tied together, especially when thinking about the risks involved with mobile devices. Training, remote access, information security and supporting processes and enforcement must be balanced with the obvious productivity achieved through the use of such devices.

For information about how IT Security may affect your manufacturing, distribution, life sciences, technology or healthcare company, contact Matt Snively at 317.452.1760, or visit KSM Consulting's website.

The Federal Trade Commission’s (FTC’s) “Red Flags” Rule finally took effect on December 31, 2010, after delaying numerous times over a two-year period. Congress has passed legislation clarifying the scope of businesses covered by the rule.

The Red Flag Clarification Act of 2010 amends Section 615 (e) of the Fair Credit Reporting Act, which results in an exemption of many small businesses from the rule. This new exemption may apply to various professional services firms, physicians and pharmacies. Companies must evaluate their specific situations to be sure that they are exempt from complying with the rules. In certain cases, simply honoring a customer’s request for a payment plan - coupled with running a standard credit check on that customer - could result your company being classified as a creditor.

For information about how the FTC’s Red Flags Rule or other compliance-related requirements might affect your manufacturing, distribution, life sciences, technology or healthcare company, contact Matt Snively at msnively@ksmconsulting.com or visit ksmconsulting.com.

You may have heard about the Health Care and Education Reconciliation Act of 2010, designed to make changes to the previously passed Patient Protection and Affordable Care Act. But you may not have heard that the Internal Revenue Service (IRS) is inviting the public to comment on issues that have arisen from this act. Specifically, in December 2010 the IRS issued Notice 2010-89, which invites feedback on the new excise tax on medical devices. The 2.3% excise tax will be applied to all taxable sales of medical devices after December 31, 2012.

Section 4191(b)(1) defines a taxable medical device as an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part or accessory, which is:

1. Recognized in the official National Formulary, or the United States Pharmacopeia, or any supplement to them,
2. Intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, or
3. Intended to affect the structure or any function of the body, and which does not achieve its primary intended purposes through chemical action within or on the body and which is not dependent upon being metabolized for the achievement of its primary intended purposes.

CFO Magazine publised an article titled "The Truth About SAS 70," discussing issues surrounding SAS 70 certification, SAS 70 compliance, and whether or not reports can be used for marketing purposes. Our staff members address these very questions from clients and prospects on a regular basis.

Currently, our professional standards state that the SAS 70 reports should only be shared with the service provider's customers and the auditor's of those customers. Often the reports are used as marketing tools and are given out to any and all potential customers who may not fully understand what the reports cover and what the limitations are, potentially resulting in misunderstandings down the road. There is also no reference to any type of certification or seal of approval given at the completion of a SAS 70 engagement. 

With the upcoming conversion from SAS 70 to SSAE 16 and related AICPA SOC Reports, certain service organizations will be able to determine what the purpose of the reports are based on the intended audience (users), thereby possibly removing the current distribution restrictions. Organizations that may have requested a SAS 70 in the past covering controls that are unrelated to user entities' internal control over financial reporting will have another valid option.

It is anticipated that the SOC 3 report (Trust Report) will be unrestricted for distribution purposes and can be posted to a website as a seal.  These reports are designed for those who want assurance on the controls at a service organization related to security, availability, processing integrity, confidentiality or privacy.  The SOC 3 report is not appropriate for providing assurance surrounding internal controls over financial reporting. 

For information about how SSAE 16 or the AICPA SOC reports affect your manufacturing, distribution, life sciences, technology or healthcare company, contact Matt Snively or visit ksmconsulting.com.

Time recently published an article titled “Intelligent Cities,” in which Indianapolis was recognized as a global player in life sciences. I have the opportunity to interact with some of the city’s most promising life sciences and technology companies, so I can see why. More interesting is that author Bruce Katz suggests cities such as ours have the potential to turn our economy around with the proper investment from the federal government.

Indianapolis has a collection of entrepreneurial firms, intelligent people, universities, experienced consultants, and a host of other resources which can yield incredible economic results. But the United States is lagging the rest of the world in economic growth. Part of the reason for this, I believe, is that we don’t recognize how important metropolitan areas such as Indianapolis are to the economy. Countries like Germany are investing in renewable energy, high-speed rail, and urban transport for cities such as Munich; they understand growth will happen through the assets of their metropolitan areas. The United States should be doing more of the same.

Brett Behrens is a staff member in Katz, Sapper and Miller’s tax practice, which is comprised of professionals dedicated to reducing the tax burden of manufacturing, distribution, life sciences, technology, and healthcare companies, among others.
 

As mentioned in previous postings, the Federal Trade Commission (FTC) delayed enforcement of the “Red Flags” Rule until December 31, 2010.

The regulation, as written, requires certain entities, regardless of industry or size, to create written policies and procedures to address the issue of identity theft. The Red Flag Rule, as this regulation is commonly known, sets forth guidelines as to how an entity should develop, implement and administer an identity theft program.

The delay was due to pending legislation that would limit the scope of businesses covered by the rule. On November 30, 2010, the Senate passed S. 3987, the Red Flag Clarification Act of 2010.  The bill amends Section 615 (e) of the Fair Credit Reporting Act, which results in an exemption of many small businesses from the rule.  This new exemption may apply to various professional services firms, physicians and pharmacies.  Many influential individuals are urging the House of Representatives to enact this amendment before Congress adjourns for this session.

The definitions of the term “creditor” were updated to read:

“A) means a creditor, as defined in section 702 of the Equal Credit Opportunity Act (15 U.S.C. 1691a), that regularly and in the ordinary course of business--
“(i) obtains or uses consumer reports, directly or indirectly, in connection with a credit transaction;

“(ii) furnishes information to consumer reporting agencies, as described in section 623, in connection with a credit transaction; or

“(iii) advances funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person;
“(B) does not include a creditor described in subparagraph (A)(iii) that advances funds on behalf of a person for expenses incidental to a service provided by the creditor to that person; and

“(C) includes any other type of creditor, as defined in that section 702, as the agency described in paragraph (1) having authority over that creditor may determine appropriate by rule promulgated by that agency, based on a determination that such creditor offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft.'

For information about how the FTC’s Red Flags Rule or other compliance related requirements might affect your manufacturing, distribution, life sciences, technology or healthcare company, contact Matt Snively or visit ksmconsulting.com.

 

As you may already be aware, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board’s efforts to revise, clarify and converge current standards with those of the International Auditing and Assurance Standards Board (IAASB), resulted in changes to SAS 70 requirements. The changes were finalized by the AICPA in January 2010. These changes will affect the service organization and the service auditors completing the SAS 70, and will have an effective date of June 15, 2011.

The changes resulted in two separate standards, one for the service auditor (Statement on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization) and a clarified Statement on Auditing Standards, Audit Considerations Relating to an Entity Using a Service Organization, which will supersede the requirements and guidance for user auditors in SAS 70.

In response to companies obtaining SAS 70 reports for services other than those related to internal controls over financial reporting, the AICPA is developing three separate reporting options under SSAE 16. The three Service Organization Controls (SOC) reports, each are tailored to a specific audience.

The SOC 1 report is intended to report on controls at a Service Organization relevant to user entities’ internal control over financial reporting. This report is the most similar to the legacy SAS 70 reports that users are now familiar with. There is a Type 1 and Type 2 reporting option for SOC 1 just as with SAS 70. Distribution and use of these reports is restricted to management of the service organization, the user entities and their auditors.

The SOC 2 is a report on controls other than those related to financial reporting, such as security, privacy, confidentiality, processing integrity and availability. This report can be restricted in distribution to customers, regulators and others that have an understanding of the service organization and its related controls. Similar to the SOC 1, this report has both a Type 1 and Type 2 option.

The SOC 3 report is similar to the SOC 2 report, but has no restrictions on distribution or use. It is the ideal report for the service organizations to share with current and prospective customers, business partners, etc. when they wish to demonstrate that they have appropriate controls in place to mitigate risks that may impact a customer. This report will likely be a beneficial marketing piece that many service organizations had previously used the SAS 70 report for.

Service organizations may refer to the AICPA’s Service Organization Control Reports site for specific comparisons between the three reports as well as a matrix designed to assist with identifying which report is ideal based on specific situations.

The AICPA is currently preparing a guide for CPAs engaged to prepare a SOC 1 report, Service Organizations —Applying SSAE No. 16, Reporting on Controls at a Service Organization. Another guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy, will provide guidance to CPAs engaged to prepare a SOC 2 report. Both guides are expected to be released in early 2011.

For information about the AICPA SOC reports affect your manufacturing, distribution, life sciences, technology or healthcare company, contact Matt Snively or visit ksmconsulting.com.

In 1998 when I worked for a large, national firm, my boss walked into my office and asked, "How would you like to be our escheat expert?" I vaguely recalled hearing the "term" escheat when I was in law school but couldn't have remembered if someone had paid me. Some of our biggest clients were starting to be audited for unclaimed property, and we needed to assemble a national team to help them. 

When a business has uncashed checks or other types of aging debts on its books, that business has to turn those monies over to the state. All 50 states have fairly similar laws, so this requirement exists across the country. States that don't have the staff to do audits sometimes hire third party, contingent fee auditors who receive a percentage of what their agents are able to collect. Before we got involved, our clients were receiving huge assessments - seven, sometimes eight figures. 

So, I went to Atlanta for the rollout of our unclaimed funds practice. There, the national leader of this new service line took us through two days of intensive training in all things escheat. We all looked on in shock as she showed us a letter from one third party auditor asking a company to provide a list of uncashed checks and miscellaneous income write-offs back to the 1950s! And, this was really happening. Until 2003, I worked with some of the firm's biggest clients, helping them through the world of unclaimed property - audit defense, amnesty filings, voluntary compliance, and developing policies and procedures.

Unclaimed property has an obscure rule that if the reporting business ("holder") does not have names and addresses of the payees owed the money, everything goes to the holder's state of incorporation. For audits covering 15-20 years of records, audits utilizing extrapolation techniques to fill the gaps for missing records was the norm, not the exception. States like Delaware, with thousands of companies incorporated there, soon learned the positive impact that this obscure rule could play to its fiscal benefit.

Around this time, Indiana offered an amnesty program for non-filers. This outreach for voluntary compliers was to be followed by an aggressive audit program. However, a change in the Attorney General meant a shift in direction. Instead of audits, Indiana focused its attention for the next eight years on ramping up its outreach to improve the chance that payees would recover the property that had been reported by the estimated 2-3% of companies voluntarily filing reports. 

Fast forward 8 years to today. Indiana has a relatively new Attorney General, and he has determined that 2-3% estimated compliance from current businesses is probably high. Unless holders file reports, finders can’t track down their money. So, over the past year, the focus has shifted back to increasing compliance.  To that end, Indiana has an amnesty program that ends this Halloween. Companies that choose to participate in this program agree to report their unclaimed property for prior years in exchange for no penalties or interest.  Businesses that choose to do nothing face the prospect of an Indiana Department of Revenue auditor adding escheat to the list of taxes they examine when they come out for a visit. 

The question I get most often from businesses: Are we really required to do this? The answer is simple. If you have unclaimed property to report, then unequivocally yes. The cost this can mean to a company depends on countless factors. I tell every client, until you get your arms around what your exposure might be, you can't make an educated decision on how to proceed. The decision-making process needs to begin with good information. 

The Hoosier state is new to the unclaimed property audit business. At this point no one knows how aggressive Indiana will be – with their auditors, their penalties, or the other tools in their toolbox. Still remembering the scars from the days when clients chose to roll the dice and ended up with one of those seven- or eight-figure assessments, I know how a bad unclaimed property audit can turn out. For smaller companies, a bill from the State with fewer zeros can still pack the same relative wallop. Will this be true for Indiana businesses? 

Katz, Sapper & Miller has professionals that are experienced in unclaimed property reporting issues. If you would like more information about taking advantage of Indiana’s amnesty program, please contact Tim Cook or Donna Niesen.

Are you a manufacturer with a major order that is dependent upon obtaining financing for plant expansion? Are you a life science company that has identified a promising new application for technolgy under development but are struggling to find the financing necessary to move the opportunity from planning stages to implementation? Are you in the forecasting and planning stages for 2011 activity yet are uncertain about the availability of capital? 

Legislation recently signed into law provides expanded borrowing options for small business. The Small Business Jobs Act will provide additional money to support Small Business Administration (SBA) loan programs and will provide capital to a new Small Business Lending Fund that targets community banks. The provisions of the new law are intended to provide lending options to businesses that might not qualify for loans lacking credit enhancement.

Key elements of the SBA program include:

• An extension through December 31, 2010, of the SBA Recovery loan program. This program provides a 90 percent guarantee of bank debt and reduced program fees.
• Owner-occupied commercial real estate mortgages may be eligible, in the case of certain small businesses, for refinancing through the 504 loan program.
• An increase in the maximum loan size for certain loan programs. In general, 7(a) and 504 limits will increase from $2 million to $5 million. For manufacturers the 504 program limit will increase to $5.5 million.
• The maximum size of working capital loans (SBA Express program) will increase from $350,000 to $1 million.
• The Dealer Floor Plan program will be extended to 2013. 

Read more here about the impact of the new law on Small Business Administration programs. For consulting about how new SBA programs might benefit your business, please contact your KSM advisor or contact Chris Bradburn at 317.580.2140 or cbradburn@ksmcpa.com.

• Increased IRC Section 179 Expensing - Retroactively effective to January 1, 2010 and through December 31, 2011 the Act increases the maximum Sec. 179 expense from $250,000 to $500,000.  The phaseout threshold of the expensing deduction is raised to begin at $2,000,000.
• Expansion of Property Types Eligible for Sec. 179 Expensing - In a significant change from Sec. 179 rules allowing only personal property to be eligible for expensing, the Act will allow up to $250,000 of qualified leasehold improvement property, qualified restaurant property and qualified retail improvement property to be expensed.  This rule will be available effective January 1, 2010 through December 31, 2011.
• Bonus Depreciation is Back - The Act extends 50% bonus depreciation for one year through December 31, 2010.
• New 5-year Carryback Period for Unused General Business Credits - Under prior law, the general business credit ("GBC") used to offset income tax could not exceed the excess of a taxpayer's net income tax over the taxpayer's tentative minimum tax (AMT) or 25% of the taxpayer's net regular tax in excess of $25,000.  Unused GBCs could be carried back one year and carried forward 20 years.  Under the Act, credits generated by eligible small businesses in 2010 may be carried back 5 years, potentially creating opportunities to recover taxes paid in prior years.  Additionally, GBCs eligible for the 5-year carryback will be allowed to offset alternative minimum tax.

• $30 billion fund to provide community banks with capital to increase small business lending.
   
• Increased Section 179 expensing limitations for qualifying capital expenditures equal to $500,000 in 2010 and 2011.
   
• Extended 50% bonus depreciation in 2010 for qualifying capital expenditures.

Katz, Sapper & Miller and its consulting affiliate, KSM Consulting, will once again be partnering with TechPoint to host a unique series of quarterly events that will focus on the major business issues that high-tech CEOs are facing during 2010.

Our next event will be held on September 14 and is entitled "Board of Directors Development and Structure." Topics will include what a CEO should look for in a board, how a CEO should manage a board, and what a board member should do.

Panelists will include Scott Webber, chairman and CEO of Volatus Advisors, and Dave Lindsey, CEO and founder of Defender Direct, and the conversation will be moderated by Tim DuVall, a partner in the Life Sciences & Technology Services Group at Katz, Sapper & Miller, along with Charlie Brandt, managing director of KSM Consulting, and Jim Jay, president and CEO of TechPoint.

This event is by invitation only. For more information about the KSM Executive Roundtable or to RSVP, please contact Jim Jay at jjay@techpoint.org, Kayla Garcia at kgarcia@techpoint.org, or call 317.275.2080.

A new incentive in the recent healthcare legislation was established for companies that have invested in expenses related to therapeutic discovery projects. Applications will only be accepted only through July 21, 2010, so the time to act is now.

The credit or grant is for 50 percent of qualified expenses – up to a maximum of $5 million – for projects designed to:

• Treat or prevent diseases or conditions by conducting pre-clinical activities, clinical trials, and clinical studies, or carrying out research protocols;
• Diagnose diseases or conditions or to determine molecular factors related to diseases or conditions by developing molecular diagnostics; or
• Develop a product, process, or technology to further the delivery or administration of therapeutics.

Approval or denial will occur by October 29, 2010.

To learn more, contact Tim DuVall, partner in charge of Katz, Sapper & Miller’s Life Sciences & Technology Services Group.

Katz, Sapper & Miller, LLP
317.580.2042

Katz, Sapper & Miller, LLP, and KSM Business Technology, LLC, have partnered with TechPoint to present the KSM Executive Roundtable. TechPoint will be continuing this quarterly series throughout 2010, focusing on major issues hi-tech CEOs are facing. The series offers information that cannot be easily found elsewhere, in a format with a free exchange of ideas with other qualified technology CEOs. Previous topics of discussion have included capital access, tax and accounting, technology, and legal issues.

The next roundtable, to be held June 23, will be an interactive format designed for attendees to exchange ideas with peers. The format will allow the attendees to:

• Share the chief challenges and/or opportunities people are facing in today's marketplace
• Hear what colleagues are thinking about most as they lead their companies through the economic recovery
• Affirm, question or speak out against trends in industry sectors

Confirmed attendees include Mark Hill of Collina Ventures and TechPoint Board Chair, Christopher Clapp of ANGEL Learning, Chris Baggott of Compendium Blogware, and Mike Simmons of T2 Systems.

This event is by invitation only. For more information about the KSM Executive Roundtable or to RSVP, visit TechPoint's Web site.

Katz, Sapper & Miller and its business and technology consulting affiliate, KSM Business Technology, will once again be partnering with TechPoint to host a unique series of quarterly events that will focus on the major technology issues that CEOs are facing during 2010.  

Our next event will be held on April 20^th and is entitled “Tax and Legal Issues Every Tech-Based CEO Should Know.”  Topics will include: Funding of Capital - Current Trends, Stock/Equity Compensation and Tax Updates and Proposed Changes.

Panelists will include Tim DuVall, a partner in the Life Sciences & Technology Services Group at Katz, Sapper & Miller along with Nick Mathioudakis, a partner in the Corporate Finance Group with the law firm of Baker & Daniels.

For more information and/or to register, visit the events page on TechPoint’s Web site at www.techpoint.org.