Acuity Blog

Businesses: Know who your privileged users are … and aren’t

Given the pervasiveness of technology in the business world today, most companies are sitting on treasure troves of sensitive data that could be abducted, exploited, corrupted or destroyed. Of course, there’s the clear and present danger of external parties hacking into your network to do it harm. But there are also internal risks — namely, your “privileged users.”

Simply defined, privileged users are people with elevated cybersecurity access to your business’s enterprise systems and sensitive data. They typically include members of the IT department, who need to be able to reach every nook and cranny of your network to install upgrades and fix problems. However, privileged users also may include those in leadership positions, accounting and financial staff, and even independent contractors brought in to help you with technology-related issues.

What could go wrong?

Assuming your company follows a careful hiring process, most of your privileged users are likely hardworking employees who take their cybersecurity clearances seriously.

Unfortunately, sometimes disgruntled or unethical employees or contractors use their access to perpetrate fraud, intellectual property theft or sabotage. And they don’t always act alone. Third parties, such as competitors, could try to recruit privileged users to steal trade secrets. Or employees could collude with hackers to compromise a company’s network in a ransomware scheme.

How can you protect yourself? 

To best protect your business, you may want to implement a formal privileged user policy. This is essentially a set of rules and procedures governing who gets to be a privileged user, precisely what kind of access each such user is allowed, and how your company tracks and revokes privileged-user status.

When developing and enforcing the policy, you’ll first need to identify who your privileged users are and what specific security clearances each one needs. A good way to start is to list the privileges required for every position and then compare that list to a separate record of privileges that each employee currently has. What makes sense? What doesn’t? When in doubt whether someone needs a certain type of access, it’s generally best to err on the side of caution.

Also, establish an “upgrading” process under the policy. Only trusted and qualified managers or supervisors should have the power to upgrade or reinstate an employee’s privileges, perhaps in consultation with the leadership team. Use technology to help standardize and track requests and approvals. For sensitive systems and applications, such as those that store customer and financial data, consider requiring two levels of approval to elevate a user’s privileges.

In addition, your privileged user policy should include stipulations to carefully monitor user activity. Observe and track how employees use their privileges. Let’s say a salesperson repeatedly accesses customer data for a region that the person isn’t responsible for. Have the sales manager inquire why. Subtly reminding employees that the company is aware of their tech-related activities is a good way to help deter fraud and unethical behavior.

Another important aspect of the policy is how you revoke privileges and remove dormant accounts. When employees leave the company, or independent contractors end their engagements, privileged access should be revoked immediately. Keep clear records of such actions. If a previously deactivated account somehow shows signs of activity, block access right away and investigate how and why it’s come back to life.

Do you know?

Every business should be able to definitively say who is a privileged user and who isn’t. If there’s any gray area or uncertainty regarding current or former employees or other workers, the security of your data could be severely compromised. And the ramifications, both financially and for your company’s reputation, are potentially very serious.

© 2023


Stay up to date! Subscribe to our future blog posts!


 

The Social Security wage base for employees and self-employed people is increasing in 2024

The Social Security Administration recently announced that the wage base for computing Social Security tax will increase to $168,600 for 2024 (up from $160,200 for 2023). Wages and self-employment income above this threshold aren’t subject to Social Security tax.

Basic details

The Federal Insurance Contributions Act (FICA) imposes two taxes on employers, employees and self-employed workers — one for Old Age, Survivors and Disability Insurance, which is commonly known as the Social Security tax, and the other for Hospital Insurance, which is commonly known as the Medicare tax.

There’s a maximum amount of compensation subject to the Social Security tax, but no maximum for Medicare tax. For 2024, the FICA tax rate for employers will be 7.65% — 6.2% for Social Security and 1.45% for Medicare (the same as in 2023).

2024 updates

For 2024, an employee will pay:

  • 6.2% Social Security tax on the first $168,600 of wages (6.2% x $168,600 makes the maximum tax $10,453.20), plus
  • 1.45% Medicare tax on the first $200,000 of wages ($250,000 for joint returns, $125,000 for married taxpayers filing separate returns), plus
  • 2.35% Medicare tax (regular 1.45% Medicare tax plus 0.9% additional Medicare tax) on all wages in excess of $200,000 ($250,000 for joint returns, $125,000 for married taxpayers filing separate returns).

For 2024, the self-employment tax imposed on self-employed people will be:

  • 12.4% Social Security tax on the first $168,600 of self-employment income, for a maximum tax of $20,906.40 (12.4% x $168,600), plus
  • 2.90% Medicare tax on the first $200,000 of self-employment income ($250,000 of combined self-employment income on a joint return, $125,000 on a return of a married individual filing separately), plus
  • 3.8% (2.90% regular Medicare tax plus 0.9% additional Medicare tax) on all self-employment income in excess of $200,000 ($250,000 of combined self-employment income on a joint return, $125,000 for married taxpayers filing separate returns).

Employees with more than one employer

You may have questions if an employee who works for your business has a second job. That employee would have taxes withheld from two different employers. Can the employee ask you to stop withholding Social Security tax once he or she reaches the wage base threshold? The answer is no. Each employer must withhold Social Security taxes from the individual’s wages, even if the combined withholding exceeds the maximum amount that can be imposed for the year. Fortunately, the employee will get a credit on his or her tax return for any excess withheld.

We’re here to help

Do you have questions about payroll tax filing or payments? Contact us. We’ll help ensure you stay in compliance.

© 2023


Stay up to date! Subscribe to our future blog posts!


 

Business automobiles: How the tax depreciation rules work

Do you use an automobile in your trade or business? If so, you may question how depreciation tax deductions are determined. The rules are complicated, and special limitations that apply to vehicles classified as passenger autos (which include many pickups and SUVs) can result in it taking longer than expected to fully depreciate a vehicle.

Depreciation is built into the cents-per-mile rate

First, be aware that separate depreciation calculations for a passenger auto only come into play if you choose to use the actual expense method to calculate deductions. If, instead, you use the standard mileage rate (65.5 cents per business mile driven for 2023), a depreciation allowance is built into the rate.

If you use the actual expense method to determine your allowable deductions for a passenger auto, you must make a separate depreciation calculation for each year until the vehicle is fully depreciated. According to the general rule, you calculate depreciation over a six-year span as follows: Year 1, 20% of the cost; Year 2, 32%; Year 3, 19.2%; Years 4 and 5, 11.52%; and Year 6, 5.76%. If a vehicle is used 50% or less for business purposes, you must use the straight-line method to calculate depreciation deductions instead of the percentages listed above.

For a passenger auto that costs more than the applicable amount for the year the vehicle is placed in service, you’re limited to specified annual depreciation ceilings. These are indexed for inflation and may change annually. For example, for a passenger auto placed in service in 2023 that cost more than a certain amount, the Year 1 depreciation ceiling is $20,200 if you choose to deduct first-year bonus depreciation. The annual ceilings for later years are: Year 2, $19,500; Year 3, $11,700; and for all later years, $6,960 until the vehicle is fully depreciated.

These ceilings are proportionately reduced for any nonbusiness use. And if a vehicle is used 50% or less for business purposes, you must use the straight-line method to calculate depreciation deductions.

Reminder: Under the Tax Cuts and Jobs Act, bonus depreciation is being phased down to zero in 2027, unless Congress acts to extend it. For 2023, the deduction is 80% of eligible property and for 2024, it’s scheduled to go down to 60%.

Heavy SUVs, pickups and vans

Much more favorable depreciation rules apply to heavy SUVs, pickups, and vans used over 50% for business, because they’re treated as transportation equipment for depreciation purposes. This means a vehicle with a gross vehicle weight rating (GVWR) above 6,000 pounds. Quite a few SUVs and pickups pass this test. You can usually find the GVWR on a label on the inside edge of the driver-side door.

What matters is the after-tax cost

What’s the impact of these depreciation limits on your business vehicle decisions? They change the after-tax cost of passenger autos used for business. That is, the true cost of a business asset is reduced by the tax savings from related depreciation deductions. To the extent depreciation deductions are reduced, and thereby deferred to future years, the value of the related tax savings is also reduced due to time-value-of-money considerations, and the true cost of the asset is therefore that much higher.

The rules are different if you lease an expensive passenger auto used for business. Contact us if you have questions or want more information.

© 2023


Stay up to date! Subscribe to our future blog posts!


 

A refresher on the trust fund recovery penalty for business owners and executives

One might assume the term “trust fund recovery penalty” has something to do with estate planning. It’s important for business owners and executives to know better.

In point of fact, the trust fund recovery penalty relates to payroll taxes. The IRS uses it to hold accountable “responsible persons” who willfully withhold income and payroll taxes from employees’ wages and fail to remit those taxes to the federal government.

A matter of trust

The trust fund recovery penalty applies to employees’ share of payroll taxes, including withheld federal income taxes and the employee share of Social Security and Medicare taxes.

These monies are considered trust funds because they’re the property of the federal government, held in trust by the employer. The penalty amount is 100% of the unpaid taxes plus interest — it essentially serves as an alternative tax-collection method.

A responsible person

The trust fund recovery penalty is particularly dangerous because it can ensnare persons who ordinarily are protected against personal liability for business debts. As stated in the tax code, the penalty provides that:

Any person required to collect, truthfully account for, and pay over any tax imposed by this title who willfully fails to collect such tax, or truthfully account for and pay over such tax, or willfully attempts in any manner to evade or defeat any such tax or the payment thereof, shall, in addition to other penalties provided by law, be liable to a penalty equal to the total amount of the tax evaded, or not collected, or not accounted for and paid over.

The IRS and courts take a broad view of who may be a responsible person under this provision. It has been interpreted to include a range of individuals, within or outside the business, who possess significant control or influence over the company’s finances.

Whether someone is a responsible person depends on the facts and circumstances of the case, but factors that may support that conclusion include ownership interest, title, check-signing authority, control over bank accounts or payment of debts, hiring and firing authority, control over payroll, and power to make federal tax deposits.

Thus, responsible persons may include shareholders, partners and members of a limited liability company; officers; other employees; and directors. Responsible “persons” can also be payroll service providers and professional employer organizations, including individuals employed by those entities. Outside advisors may be deemed responsible persons as well.

Important note: If several responsible persons are identified, each may be held liable for the full amount of the penalty assessed.

Willful failure

As noted in the quote above, failure to pay trust fund taxes must be willful to trigger the trust fund recovery penalty. The IRS interprets this term broadly to include not only intentional acts, but also reckless disregard of obvious or known risks that taxes won’t be paid. The courts have described various scenarios that reflect a reckless disregard, including:

• Relying on statements of a person in control of finances, despite circumstances showing that this person was known to be unreliable,
• Failing to investigate or correct mismanagement after receiving notice that taxes weren’t paid, and
• Knowing that the company is in financial trouble but continuing to pay other creditors without making reasonable inquiry into the status of payroll taxes.

Simply put, delegating the handling of payroll taxes to a certain individual or outside provider may not be enough to avoid liability.

Risky circumstances

Few business owners or executives wake up one morning and decide to disregard payroll taxes. However, circumstances can develop that put you at risk. We’d be happy to explain the rules further and help you stay in compliance.

© 2023


Stay up to date! Subscribe to our future blog posts!


 

What types of expenses can’t be written off by your business?

If you read the Internal Revenue Code (and you probably don’t want to!), you may be surprised to find that most business deductions aren’t specifically listed. For example, the tax law doesn’t explicitly state that you can deduct office supplies and certain other expenses. Some expenses are detailed in the tax code, but the general rule is contained in the first sentence of Section 162, which states you can write off “all the ordinary and necessary expenses paid or incurred during the taxable year in carrying on any trade or business.”

Basic definitions

In general, an expense is ordinary if it’s considered common or customary in the particular trade or business. For example, insurance premiums to protect a store would be an ordinary business expense in the retail industry.

A necessary expense is defined as one that’s helpful or appropriate. For example, let’s say a car dealership purchases an automated external defibrillator. It may not be necessary for the operation of the business, but it might be helpful and appropriate if an employee or customer suffers cardiac arrest.

It’s possible for an ordinary expense to be unnecessary — but, in order to be deductible, an expense must be ordinary and necessary.

In addition, a deductible amount must be reasonable in relation to the benefit expected. For example, if you’re attempting to land a $3,000 deal, a $65 lunch with a potential client should be OK with the IRS. (Keep in mind that the Tax Cuts and Jobs Act eliminated most deductions for entertainment expenses but retained the 50% deduction for business meals.)

Examples of taxpayers who lost deductions in court

Not surprisingly, the IRS and courts don’t always agree with taxpayers about what qualifies as ordinary and necessary expenditures. Here are three 2023 cases to illustrate some of the issues:

  1. A married couple owned an engineering firm. For two tax years, they claimed depreciation of $76,264 on three vehicles, but didn’t provide required details including each vehicle’s ownership, cost and useful life. They claimed $34,197 in mileage deductions and provided receipts and mileage logs, but the U.S. Tax Court found they didn’t show any related business purposes. The court also found the mileage claimed included commuting costs, which can’t be written off. The court disallowed these deductions and assessed taxes and penalties. (TC Memo 2023-39)
  2. The Tax Court ruled that a married couple wasn’t entitled to business tax deductions because the husband’s consulting company failed to show that it was engaged in a trade or business. In fact, invoices produced by the consulting company predated its incorporation. And the court ruled that even if the expenses were legitimate, they weren’t properly substantiated. (TC Memo 2023-80)
  3. A physician specializing in gene therapy had multiple legal issues and deducted legal expenses of $360,295 for two years on joint Schedule C business tax returns. The Tax Court found that most of the legal fees were to defend the husband against personal conduct issues. The court denied the deduction for personal legal expenses but allowed a deduction for $13,000 for business-related legal expenses. (TC Memo 2023-42)

Proceed with caution

The deductibility of some expenses is clear. But for other expenses, it can get more complicated. Generally, if an expense seems like it’s not normal in your industry — or if it could be considered fun, personal or extravagant in nature — you should proceed with caution. And keep careful records to substantiate the expenses you’re deducting. Consult with us for guidance.

© 2023


Stay up to date! Subscribe to our future blog posts!