Several from Kraft and affiliates chosen for NBJ Power Leaders list

Several professionals from KraftCPAs and affiliates have been chosen for the Nashville Business Journal‘s 2020 Power Leaders in Finance list.

Vic Alexander, Lucy Carter, Dana Holmes, Glenn Perdue, and Gina Pruitt were chosen for the Power Leaders in Finance list. Ryan Myers was chosen for the Ones to Watch list.

Vic, Lucy, Gina, and Ryan represent KraftCPAs; Dana represents 2nd Generation Capital; and Glenn represents Kraft Analytics.

Nominations for the list were chosen through public nominations; nominees then voted on one another in a round of closed voting, with those receiving the most votes being named to this year’s class.

The full list is available at the Nashville Business journal website.

© 2020

Danetta Allen, Lynsey Roberts added as KraftCPAs members

Danetta Allen and Lynsey Roberts have been elevated to member roles at KraftCPAs effective November 1, 2020.

Danetta earned her Bachelor of Science and MBA from Tennessee Technological University and joined Kraft as a supervisor in 2014. She joined the firm as a result of a merger and was vital to transitioning those clients to Kraft. She made an immediate impact as a leader within ESG, and she continues to provide excellent service to clients and mentorships to those on her team.

Danetta is active in recruiting as well as in community and professional associations. She currently serves as treasurer for the Middle Tennessee branch of Associated General Contractors, and she has previously served as treasurer for Rebuilding Together Nashville.

Lynsey holds a B.S. in Accounting from Western Kentucky University and a Master of Accountancy from Belmont University. Since joining Kraft in 2012, Lynsey has contributed to the success of the firm in a variety of ways, including in interpreting new tax law, mentoring others at Kraft, and providing excellent service to clients.

Outside the office, Lynsey has represented the firm well through leadership roles in Book ’em and Breakfast Club of Nashville.

KraftCPAs, founded in 1958 by the late Joe Kraft, has a total staff of more than 200 team members in its Nashville, Lebanon, Columbia, and Chattanooga offices.

© 2020

Good records are the key to trouble-free audits and deductions

If you operate a small business or starting a new one, you probably know you need to keep records of your income and expenses. In particular, you should carefully record your expenses to claim the full amount of the tax deductions to which you’re entitled. And you want to make sure you can defend the amounts reported on your tax returns if you’re ever audited by the IRS or state tax agencies.

Certain types of expenses, such as automobile, travel, meals, and office-at-home expenses, require special attention because they’re subject to special record keeping requirements or limitations on deductibility.

It’s interesting to note that there’s not one way to keep business records. In its publication “Starting a Business and Keeping Records,” the IRS states: “Except in a few cases, the law does not require any specific kind of records. You can choose any record keeping system suited to your business that clearly shows your income and expenses.”

That being said, many taxpayers don’t make the grade when it comes to record keeping. Here are three court cases to illustrate some of the issues.

Case No. 1: Without records, the IRS can reconstruct your income

If a taxpayer is audited and doesn’t have good records, the IRS can perform a “bank-deposits analysis” to reconstruct income. It assumes that all money deposited in accounts during a given period is taxable income. That’s what happened in the case of the business owner of a coin shop and precious metals business. The owner didn’t agree with the amount of income the IRS attributed to him after it conducted a bank-deposits analysis.

But the U.S. Tax Court noted that if the taxpayer kept adequate records, “he could have avoided the bank-deposits analysis altogether.” Because he didn’t, the court found the bank analysis was appropriate and the owner underreported his business income for the year. (TC Memo 2020-4)

Case No. 2: Expenses must be business-related

In another case, an independent insurance agent’s claims for a variety of business deductions were largely denied. The Tax Court found that he had documentation in the form of canceled checks and credit card statements that showed expenses were paid. But there was no proof of a business purpose.

For example, he made utility payments for natural gas, electricity, water, and sewer, but the records didn’t show whether the services were for his business or his home. (TC Memo 2020-25)

Case No. 3: No records could mean no deductions

In this case, married taxpayers were partners in a travel agency and owners of a marketing company. The IRS denied their deductions involving auto expenses, gifts, meals and travel because of insufficient documentation. The couple produced no evidence about the business purpose of gifts they had given. In addition, their credit card statements and other information didn’t detail the time, place, and business relationship for meal expenses or indicate that travel was conducted for business purposes.

“The disallowed deductions in this case are directly attributable to (the taxpayer’s) failure to maintain adequate records,” the court stated. (TC Memo 2020-7)

We can help

Contact us at KraftCPAs if you have questions or need assistance retaining adequate business records. Taking a meticulous, proactive approach to keeping records can protect your deductions and help make an audit much less painful.

© 2020

Scott Mertie among new NHCC board members

Kraft Healthcare Consulting LLC president Scott Mertie has been appointed to the board of directors for the Nashville Health Care Council for 2020-2021. Scott is one of 15 new members chosen for the board.

Robert A. Frist Jr., chairman and CEO, HealthStream, continues a two-year term as chairman of the board. David Dill, president and CEO, LifePoint Health, will assume the role of vice chair.

The Nashville Health Care Council is a premier association of industry leaders founded in 1995. The council’s mission, according to its website, is to inspire global collaboration to improve health care by serving as a catalyst for leadership and innovation.

The full list of new members appointed to the 2020-2021 council’s board of directors:

  • Diana Allen, President and CEO, The SSI Group, LLC
  • Jeffrey R. Balser, M.D., President and CEO, Vanderbilt University Medical Center & Dean, Vanderbilt University School of Medicine
  • Ashby Burks, Shareholder, Baker, Donelson, Bearman, Caldwell & Berkowitz PC
  • Allen Fisher, Managing Director, Global Head of Healthcare, MUFG
  • Terry Hardesty, Managing Partner-Nashville, Deloitte and Touche LLP
  • Tim Hingtgen, President and COO, Community Health Systems
  • Jordan Kendig, Director, Leadership and Organizational Development, HCA Healthcare (Leadership Health Care Board Chair)
  • Scott Mertie, President, Kraft Healthcare Consulting LLC
  • William Mkanta, M.D., Professor & Head of Department, Western Kentucky University
  • Bruce Moore Jr., President-Operations and Service Lines Group, HCA Healthcare
  • Leif M. Murphy, President and CEO, Team Health
  • Rosemary Plorin, President and CEO, Lovell Communications
  • Chris Rogers, Managing Director, Finance Healthcare Practice, Ziegler Investment Banking Corporation
  • Allison Scripps, Director of Operations, Quality Care Partnership, BlueCross BlueShield of Tennessee (Fellows Class 2020)
  • Mark Seitz, President and CEO, National Distribution & Contracting Inc.

Kraft Healthcare Consulting is an affiliate of KraftCPAs.

© 2020

Scott Mertie chosen for 2020 Health Care Awards list

Kraft Healthcare Consulting president Scott Mertie is among the professionals chosen for the Nashville Business Journal’s 2020 Health Care Awards.

Scott has more than 25 years of experience in the healthcare industry, with a list of clients that includes hospitals, physicians, and other healthcare providers. Scott also works with the American Institute for Healthcare Compliance (AIHC) to coordinate a series of Medicare/Medicaid cost report boot camps, including one scheduled for March 11-12 in Dallas. This is the fifth time Scott has been chosen for the list.

The Health Care Awards honor “the city’s top business leaders in the health care industry,” the NBJ said in its announcement.

© 2020

Click here to see the full list of winners.

New healthcare leadership list includes five from Kraft and affiliates

Five leaders from KraftCPAs and its affiliates have been chosen as top influencers in the region’s expanding healthcare industry.

Vic Alexander, Lucy Carter, Dana Holmes, Scott Mertie, and Gina Pruitt are among the region’s healthcare professionals featured in Nashville Medical News’ InCharge Health Care 2020 edition released in January.

Vic is chief manager of KraftCPAs; Lucy is a member and practice leader of KraftCPAs’ healthcare industry team; Dana is CEO and managing member of 2nd Generation Capital, a Kraft affiliate; Scott is president of Kraft Healthcare Consulting, a Kraft affiliate; and Gina is member-in-charge with KraftCPAs’ risk assurance and advisory services team.

The InCharge Health Care 2020 edition is available online and in print.

© 2020

Know which filing status works best for you

For tax purposes, Dec. 31 means more than New Year’s Eve celebrations. It affects the filing status box that will be checked on your tax return for the year. When you file your return, you do so with one of five filing statuses, which depend in part on whether you’re married or unmarried on Dec. 31.

More than one filing status may apply, and you can use the one that saves the most tax. It’s also possible that your status options could change during the year.

Here are the filing statuses and who can claim them:

  1. Single. This status is generally used if you’re unmarried, divorced, or legally separated under a divorce or separate maintenance decree governed by state law.
  2. Married filing jointly. If you’re married, you can file a joint tax return with your spouse. If your spouse passes away, you can generally still file a joint return for that year.
  3. Married filing separately. As an alternative to filing jointly, married couples can choose to file separate tax returns. In some cases, this may result in less tax owed.
  4. Head of household. Certain unmarried taxpayers may qualify to use this status and potentially pay less tax. The special rules that apply are described below.
  5. Qualifying widow(er) with a dependent child. This may be used if your spouse died during one of the previous two years and you have a dependent child. Other conditions also apply.

Head of household status

Head of household status is generally more favorable than filing as a single taxpayer. To qualify, you must “maintain a household” that, for more than half the year, is the principal home of a “qualifying child” or other relative that you can claim as your dependent.

A “qualifying child” is defined as someone who:

  • lives in your home for more than half the year
  • is your child, stepchild, foster child, sibling, stepsibling, or a descendant of any of these
  • is under 19 years old or a student under age 24, and
  • doesn’t provide over half of his or her own support for the year

Different rules may apply if a child’s parents are divorced. Also, a child isn’t a “qualifying child” if he or she is married and files jointly or isn’t a U.S. citizen or resident.

Maintaining a household

For head of household filing status, you’re considered to maintain a household if you live in it for the tax year and pay more than half the cost of running it. This includes property taxes, mortgage interest, rent, utilities, property insurance, repairs, upkeep, and food consumed in the home. Don’t include medical care, clothing, education, life insurance, or transportation.

Under a special rule, you can qualify as head of household if you maintain a home for a parent of yours even if you don’t live with the parent. To qualify, you must be able to claim the parent as your dependent.

Marital status

You must generally be unmarried to claim head of household status. If you’re married, you must generally file as either married filing jointly or married filing separately, not as head of household. However, if you’ve lived apart from your spouse for the last six months of the year, a qualifying child lives with you, and you “maintain” the household, then you’re treated as unmarried. In this case, you may be able to qualify as head of household.

If you have questions about your filing status, please contact us at KraftCPAs.

© 2019

Scott Nalley admitted as newest KraftCPAs member

Scott Nalley has been added to the membership team at KraftCPAs as the 16th partner at the firm.

Scott, a 2003 graduate of the University of Memphis, has an extensive history with Kraft. He started in December 2004 in the audit team — where he met his wife, Jayme — then left in 2007 to work at Vanderbilt’s internal audit department before returning to Kraft in 2013. Now as part of the firm’s Risk Assurance & Advisory Services (RAAS) team, Scott oversees several of Kraft’s largest internal audit engagements.

In addition to those key roles, Scott is heavily involved in the firm’s system and organization controls (SOC) practice, as well as consulting engagements for HITRUST and HIPAA clients. He also helps lead the firm’s campus recruiting efforts and is active with multiple community and professional organizations, including the TSU Accounting Advisory Board, Internal Auditors Academic Relations Committee, Leadership Health Care, and Rebuilding Together Nashville.

Scott’s new role as a member with the firm began Nov. 1. KraftCPAs, founded in 1958 by the late Joe Kraft, has a total staff of more than 200 team members in its Nashville, Lebanon, and Columbia offices.

© 2019

Vic Alexander chosen as Power 100 Connector by Nashville Business Journal

Vic Alexander has gained a new distinction for 2019: A Power 100 Connector.

The Nashville Business Journal chose Vic, the chief manager of KraftCPAs, for its annual Power 100, the newsroom’s list of the most influential people in the city’s business scene. The NBJ described the Connectors category as “the power players who know everyone. They specialize in bringing together powerful people to get things done, often driving decisions under the radar. In short, when you need to connect with someone, these are who you call.”

In describing Vic, the NBJ lauded his “reputation for being one of the city’s most respected and seasoned financial leaders.”

The complete list of the Power 100 will be included in the NBJ’s Nov. 22 print edition.

© 2019

How to improve your healthcare facility’s medical device cybersecurity

Last year, medical device vendor Zoll was conducting what the organization saw as a routine migration of its servers. After what they referred to as a “data security incident” that occurred in either November or December 2018, they notified their 277,319 patients that their data had been compromised. The data included names, Social Security numbers, dates of birth, medical history, and other personally identifiable information.

All patient data was eventually secured, and no identity theft was reported as a result of the incident. But the very threat of more repercussions after the initial breach underlined the vulnerability of medical devices as cybersecurity threats continue to grow on a national level.

Cybersecurity is an emerging concern across all sectors. The healthcare sector may be one of the most vulnerable because so many of its components rely on cyber systems, such as the transfer of electronic personal health information as well as the maintenance, management, and operation of medical devices. That’s why it should be at the forefront of every healthcare facility’s list of threats to address.

Why you should care about medical device cybersecurity

There are a variety of cyber vulnerabilities that can impact medical devices, especially as these devices within a hospital or health system become more and more connected. A few types of vulnerabilities include, but are certainly not limited to:

Data breaches. Many medical devices contain sensitive patient data such as electronic health records. If exposed during a data breach, patient personal health information (PHI) can be used for nefarious purposes by a malicious actor.

Ransomware or malware attacks. With the onset of email phishing scams, medical devices have never been more vulnerable to a ransomware or malware attack. Ransomware attacks are when a medical device’s IT systems are corrupted by a malicious actor in return for a payment.

Interference with the medical care provided by devices. As more and more medical devices come online, the potential for the disruption of medical devices exists. This can lead to direct (and negative) consequences for patient care.

Outdated software. Some medical device manufacturers use old software without the latest security patches, in some cases prohibiting patching so as not to interfere with the device. This can leave devices vulnerable to cyberattacks or other unanticipated performance issues.

Methods for prevention

There are mechanisms for securing medical devices, and while they aren’t necessarily simple, there are basic, high-level best practices to improve the cyber hygiene of your facility’s devices.

Patch, patch, patch. Ensuring that your systems are up-to-date with the latest patches will give you the best chance of avoiding infection from ransomware or malware.

Incorporate cyber practices into your continuity of operations (COOP) procedures. Your facility has emergency response plans, checklists, and other types of guidance on how to best respond to disruptions or disasters. Ensure that medical device security incidents are incorporated into these plans. For example, if there is a data breach of one of your medical devices occurs, you should have documentation on the proper procedures for managing the breach.

Educate your staff. Having a response plan documented is only valuable if you have staff trained on the ability to execute the instructions. Emphasize the importance of good cybersecurity practices with your staff, the importance of maintaining them, and hold training on how to do so.

Maintaining proper cyber health for your facility’s devices is a critical yet daunting task. Luckily, there are resources available to help hospitals and other healthcare facilities do just that.

FDA resources

The U.S. Food and Drug Administration is the lead within the federal government for medical device cybersecurity. They offer multiple information resources to assist healthcare facilities, including:

FDA Website on Cybersecurity. This website provides a high-level overview of medical device cybersecurity from the FDA perspective.

The FDA’s Role in Medical Device Cybersecurity. This fact sheet outlines FDA’s role in assisting with the national security of medical devices. It dispels several myths as well.

Interference with Pacemakers and Other Devices. This web page discusses how radiofrequency energy can interact with and potentially disrupt medical devices.

Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Released in October 2018, this document provides recommendations to the private sector regarding cybersecurity considerations to be included in premarket submissions for devices that are susceptible to cyberattacks.

Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software. This document outlines software maintenance to manage cyber vulnerabilities within medical devices.

Healthcare and Public Health Sector Partnership resources

The Healthcare and Public Health Sector Partnership consists of federal, state, local, and private sector healthcare representatives who collaborate with the U.S. Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS) to help secure healthcare and public health critical infrastructure. DHS includes cybersecurity within its definition of critical infrastructure. This group has a variety of resources dedicated to increasing awareness of medical device cybersecurity.

Medical Device and Health IT Joint Security Plan. This document developed by the Healthcare and Public Health Sector Coordinating Council’s Joint Cybersecurity Working Group is “a consensus-based total product lifecycle reference guide to developing, deploying, and supporting cyber secure technology solutions in the healthcare environment.”

Healthcare Industry Cybersecurity Practices. Also developed by the Joint Cybersecurity Working Group, this product is a four-volume document that outlines common cybersecurity threats and best practices. It offers a more holistic approach to addressing cybersecurity at a healthcare facility, of which medical device security is an important component.

The Healthcare and Public Health Sector Highlights – Cybersecurity Edition. This email newsletter, sent every Friday morning by the HHS Office of the Assistant Secretary for Preparedness and Response, includes links to reports, products, and webinars related to medical device cybersecurity. These emails include weekly reports and cyber threat briefings from the Healthcare Cybersecurity Coordination Center (HC3), HHS’s cybersecurity information sharing and analysis center. Many of these briefings include information on medical device cyber vulnerabilities.

Summary

Every hospital or healthcare facility needs to consider the cybersecurity of their medical devices as a major risk to its operation, but you can take steps to mitigate these risks through education and implementation of best practices. Using the resources outlined above is a good start to help make you and your staff more aware of this security issue.

For more information on how to improve the cybersecurity of your medical devices, contact us at Kraft Technology Group today.

This article originally appeared in the Nashville Medical News.

How strong are your company’s internal controls?

A solid system of internal controls translates into more reliable financial reporting and can help companies prevent, detect, and correct financial misstatements. In contrast, weak controls can result in costly errors — potentially even fraud.

Internal controls have become a hot-button issue for companies in the 21st century. If your company seems to be putting more hours into evaluating its control systems, it’s not alone. Many companies have spent more time assessing and improving internal controls in recent years.

The basics

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), internal controls should be “designed to provide reasonable assurance [of] the achievement of objectives in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws and regulations.”

COSO lists five components of internal controls:

  • control environment
  • risk assessment
  • control activities
  • information and communication
  • monitoring

Companies must continually review and improve internal control performance. AICPA auditing standards also require external auditors to evaluate their client’s internal controls as part of their audit risk assessment procedures. Private auditors tailor audit programs for potential risks of material misstatement, but they aren’t required to specifically perform procedures to identify control deficiencies — unless they’re hired to perform a separate internal control study.

Management letters

Statement on Auditing Standards (SAS) No. 115, Communicating Internal Control Related Matters Identified in an Audit, requires auditors to consider whether controls are sufficient to prevent and detect misstatement, as well as whether they enable management to correct misstatements in a timely manner. Under SAS 115, management letters must identify two types of deficiencies in internal controls unearthed during audit procedures:

  1. Material weaknesses. Such shortcomings refer to “a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented or detected and corrected on a timely basis.”
  2. Significant deficiencies. This type of concern is “less severe than a material weakness, yet important enough to merit attention by those charged with governance.” Note that a control deficiency is dependent on the potential for misstatement; misstatement need not actually have occurred.

SAS 115 permits significant leeway in how auditors classify internal control weaknesses, such as lack of segregation of duties, inadequately trained accounting personnel, restated prior-period financial statements, and material audit adjustments.

When classifying deficiencies as material or significant, auditors evaluate the probability and magnitude of the potential misstatement. They also consider “compensating controls,” which are substitute procedures that limit the severity of a deficiency.

Public company SOX compliance

In addition to SAS 115, Section 404 of the Sarbanes-Oxley Act (SOX) requires a public company’s management to assess its internal control over financial reporting (ICFR). The provision also requires the company’s external auditor to attest to the effectiveness of management’s internal controls.

Last year, roughly half (51%) of the public companies in a survey by consulting firm Protiviti reported spending more time checking ICFR than they had in the previous fiscal year. Why? The main reasons reported are:

  • accounting standard changes (in particular, the new guidance on revenue recognition and reporting leases)
  • the use of technology (such as robotic process automation and artificial intelligence) that requires testing of new controls
  • rigorous inspections of controls by the Public Company Accounting Oversight Board (PCAOB)

Among the companies that reported an increase in their Section 404 compliance hours, 59% reported an increase of more than 10% over the prior year. Only 15% of the respondents reported a decrease in compliance hours. The increase in the time devoted to complying with Section 404 was more evident among larger companies than small ones.

Need help?

Internal controls are just as important for privately held companies as they are for publicly traded ones. In fact, smaller private companies are often less resilient to frauds caused by weak controls — and they also tend to have less-sophisticated internal audit and accounting departments than public companies.

Contact us at KraftCPAs if you need help understanding the recent changes to the accounting and tax rules. We can also help brainstorm cost-effective ways to improve your existing internal controls system.

© 2019

KHC’s Scott Mertie selected for Most Admired CEOs

Scott Mertie, president of Kraft Healthcare Consulting, LLC (KHC), has been chosen for the Nashville Business Journal’s 2019 Most Admired CEOs and Their Companies Awards. The winners were determined through a public nomination process, followed by a closed voting process among the nominees.

Scott, who has more than 25 years of experience in the healthcare and accounting industries, formed KHC as an affiliate of KraftCPAs in 2009. He has led the company through continued growth over the past 10 years. KHC now provides advisory and compliance services to healthcare providers in more than 40 states, Puerto Rico, and Guam.

In addition to his work with KHC, Scott is being recognized for his leadership of Nashville Brewing Company, a historic, local brewery that he revived in 2016.

Though this is his debut as a Most Admired CEO Awards winner, Scott has earned a number of awards throughout his career, including recent recognition by the NBJ as a winner of the publication’s 2019 Health Care Awards and 2019 Power Leaders in Finance.

The honorees, including KraftCPAs Chief Manager Vic Alexander (this year’s Lifetime Achievement winner), will be recognized Nov. 21 at the JW Marriott Nashville.

© 2019