• Feature: Cost Segregation Studies Provide Opportunity To Accelerate Tax Deductions



• Feature: Achieving IT Security Through Risk Assessment



• Reminder: Other-Than-Temporary Impairment Disclosures



• Up Close: Antonio Argiz, CPA, ABV, ASA, CFE

Many financial institutions have a significant amount of investment in real estate, in either their headquarters and/or as a result of branch expansion. In addition, many institutions also have a significant amount of leasehold improvements on their books. The cost of real estate investments and leasehold improvements are generally charged to taxable income through depreciation deductions over 39 years.

Based on a relatively new set of rules approved by the Internal Revenue Service, a significant portion of the real estate and leasehold improvements can now be classified as personal property for tax purposes. This results in depreciable lives of 5, 7 or 15 years instead of 39 years. The present value of the tax benefit of accelerated depreciation can be significant, and the rules apply to both new construction and assets already placed in service!

Cost segregation studies, utilizing segmented depreciation, allow us to determine whether property is part of the overall building operation and maintenance or if it is employed in a particular function or ultimate use. For example, under the cost segmentation rules, the portion of the electrical installation that relates to building operation or maintenance remains a 39-year asset. However, electrical installations for special lighting or equipment take on the life of the equipment, which can be as low as 5 years.

By understanding the definition of real and personal property, we can examine and determine which fixtures and equipment within your financial institution may be classified (or reclassified) as personal property and, as a result, be eligible for accelerated depreciation. In order to make these determinations, we conduct a cost segregation study. This involves consulting with an outside engineer or architect who will review the plans and cost breakdown of your real estate.

The rules require an item-by-item study with professional determinations and documentation of the factors used. The Internal Revenue Service requires that the specific application be properly documented; otherwise, it will not permit segmented depreciation to be used. The rules do not allow non-contemporaneous records, reconstructed data, taxpayer's estimates or assumptions without supporting records. Thus, a logical and objective measure is the key to IRS scrutiny.

To complete the study, we first apply the U.S. Tax Court's test for classifying real and personal property, based on the engineer's report. The study is finalized by assigning new depreciation lives under the Class Life System in accordance with IRS published procedures. In the case of newly constructed or acquired property, segmented depreciation is allowable once the cost study is finalized.

In situations where property was already placed in service, the depreciation that was not taken in years prior to the study is deducted in the current year in addition to the current year's depreciation based on the new life. This procedure has been set forth by recent case law and can result in a significant first year deduction.

In general, cost segregation studies make sense if:

• Your real property/leasehold improvements cost is at least $1 million.
• Your institution is in a taxable situation (no net operating losses).
• And, the property has been owned by the institution for 10 years or less.

To illustrate the power of segmented depreciation, let's consider the reclassification of just $1 million in assets from a 39-year recovery period.

Recovery Period	Tax Savings
5-year	$210,000
7-year	$180,000
15-year	$100,000
(Note: These figures are based on a 10% discount rate and a 40% combined tax rate.)

To recap, the benefits received from a well designed cost segregation study include reduction of real estate and personal property taxes, increased cash flow, and the opportunity to claim prior year depreciation without amending prior year tax returns. We have one final word of caution -- the IRS Chief Counsel's office has issued a detailed opinion on the acceptable methods of implementing segmented depreciation and the required documentation. It is imperative that these rules be followed carefully to obtain the benefits and avoid costly administrative and legal proceedings with the IRS.

If you have any questions relating to cost segregation studies or about tax issues relating to your financial institution, please contact Raul Incera at (305) 377-9224 or at rincera@mba-cpa.com.

Why should you invest time and resources on continual information technology (IT) risk assessments? Just consider the last time a virus terror hit and your IT team went into panic-mode trying to figure out how the bug got past the "silicon curtain" this time.

While financial institutions recognize the need to minimize, transfer or eliminate risks, they often are not sure how to achieve true security. Organizations must evaluate and address threats and vulnerabilities in such a way that real exposures are avoided or minimized while also eliminating security holes in policies or procedures. This can be achieved by using industry standards to model threat, risk and vulnerability in order to generate metrics for each category by independent unbiased professionals. Based on this analysis, management, policy makers and administrators can better prioritize risk mitigation.

Risk Determination
Risk determination can be viewed as a function of threat, vulnerability, and exposure. For example, it can be used to quickly look at a proposed Windows 2000 deployment and sufficiently judge its inherent risk level based on the:

1. Criticalness of the system - confidentiality, integrity and availability requirements
2. Threat to the system - internal, external, natural, and malicious
3. Vulnerability of the system - current and potential future vulnerability
4. Exposure to the threat - internet facing, other security controls

Because threats to information systems are almost always prevalent, another way to depict risk is by using two components of the risk = vulnerabilities × exposures × threat formula. These two components are exposure and vulnerability. As the following diagram depicts, risk increases with an increase in exposure and vulnerability.

High Risk exists when exploitation of a given vulnerability by a threat will severely and adversely affect a system, tangible and intangible resources, or do harm to your organization's reputation. For example, if a bank's customer balance list (exposure) sits on an application/web server that is improperly configured (vulnerability), it would be considered a high risk. This level requires strong implementation measures and actions.

Moderate Risk indicates that exploitation of a vulnerability will moderately affect the system, resulting in the loss of some tangible assets or resources, or become damaging to your organization's reputation. An example could be an agency with inadequate antivirus protection on a new gateway server (high vulnerability) that has not been placed into production yet (low exposure). This level of risk requires moderately strong implementation measures and actions. Keep in mind, however, that this Moderate Risk can quickly escalate to a High Risk once the server is in use.

Low Risk would be considered vulnerabilities that may be subject to exploitation by a threat, but the probability is low and the impact would be minor. For instance, if a financial institution does not have comprehensive logical access controls that dictate the uniqueness and confidentiality of user accounts, then user accountability cannot be established. In this case, management should be cautioned and corrective measures applied where required.

Risk Matrix Examples

Purpose	Quick Look Risk Rating
Firewall, Content Server, Proxy Server	HIGH
User Desktop (behind other security controls)	MODERATE
Isolated Systems where network access controls allow for no incoming service request	LOW

Risk Assessment Professionals
At Morrison, Brown, Argiz & Farra, LLP, our professionals have extensive experience in risk assessment and providing cost-effective solutions to accomplish business objectives. Our team has internationally recognized certifications to accompany their many years of experience -- CISA, CISM, MCSE, MCDBA, MCSD, CFA, and CCNA.

Through interviews and hands-on work, MBAF can prepare an information technology risk assessment that evaluates the detailed risk associated with your core systems, network, Internet connectivity, and Internet banking from the following points of view:

• Overall IT Risk
• Risk of each major technology area

- Business Continuity/Disaster Recovery
- Network Security
- Information Security
- Application Controls

The purpose of this risk assessment is to provide your organization with a comprehensive plan to achieve true IT security.

If you'd like to schedule a consultation to discuss your institution's IT Risk Assessment needs, please contact G. Trevor Foo at (305) 373-5500 x215 or at tfoo@mba-cpa.com.

Other-Than-Temporary Impairment Disclosures

During the November 12-13, 2003 meeting of the Emerging Issues Task Force, the EITF reached a consensus that certain quantitative and qualitative disclosures should be presented in financial statements related to an "impairment in value" of investment securities that are classified as either available-for-sale or held-to-maturity.

The disclosures requirements are included in EITF Issue 03-1, The Meaning of Other-Than-Temporary Impairment and Its Application to Certain Investments. These disclosures need to be included in the financial statements for fiscal years ending after December 15, 2003. There is no parallel requirement to include these disclosures in financial statements presented for comparative purposes. For example, the disclosures do not need to be made in financial statements of prior years.

These incremental disclosures are required in financial statements in addition to disclosures that already were required by Statement of Financial Accounting Standard ("SFAS") No. 115, Accounting for Certain Investments in Debt and Equity Securities [May 1993].

If you have any questions regarding disclosure requirements, please contact Yvette Garcia at ygarcia@mba-cpa.com or at (305) 373-5500.

Antonio Argiz
CPA, ABV, ASA, CFE

As managing partner of Morrison, Brown, Argiz & Farra since 1997, Antonio "Tony" Argiz has been a driving force of the firm's growth and success. Under his leadership, MBAF has been ranked one of the nation's top 100 public accounting firms and a seven-time honoree on the Bowman's Accounting Report annual list of the nation's top 25 performing CPA firms.

Tony is a recognized authority in the areas of auditing, forensic accounting, and fraud prevention. He has held various leadership positions with the American Institute of Certified Public Accountants, including serving on the AICPA National Council, and was the first Cuban-American appointed by the governor to chair Florida’s Board of Accountancy.

A recipient of the Neal J. Menachem Memorial Award for his support of the state of Israel and a demonstrated commitment to community service, Tony was recently profiled in Miami Today as a tireless fundraiser for many community organizations. These include his alma mater the Florida International University School of Business, the Miami Dade College Foundation, United Way, and the Archbishop's Charity and Development Drive, among others.

We would like to commend Tony for his dedication to community service and his style of "leadership by example."