Say hello to


CPA | Shareholder

Julie feels right at home at Clark Nuber where her colleagues share her commitment to lifelong client relationships.

It’s common knowledge that internal controls are important for preventing and detecting fraud. Separation of duties, multiple layers of review, two check signers for large disbursements, and written policies and procedures to formalize everything; these are all good elements for a strong internal control system. But poor tone at the top can undermine the whole puzzle.

To see the importance of tone at the top, we can examine this fraud in Lincoln County, West Virginia. The unfolding story involves a CEO of a not-for-profit medical facility who was charged with making personal purchases on a company credit card to the tune of $100,000. The purchases included home improvement supplies for two of his houses, baseball memorabilia and equipment, cell phones, headphones, and a radio, all of which were for personal use and not business-related according to the indictment.

Over a two year period, the CEO allegedly instructed staff of the organization to work on home renovations for his residences during regular work hours. From the indictment, he then altered time sheets to cover this up, resulting in falsified tax returns.

All of these actions were against the organization’s written policies. The credit card usage policy prohibited non-business use. The board was supposed to authorize any deviations from policy, and apparently, they were not aware of these transactions. The article also mentions co-conspirators who helped the activity take place.

We don’t know if the organization had an anonymous whistleblower hotline in place, but without one, it’s unlikely that anyone would come forward to report the boss. When upper management openly flaunts the rules and regulations, who knows what other fraud is occurring lower down in the ranks? Ignoring protocol becomes “the way things are done around here.”

Boards need to take their duty of obedience seriously and ensure the organization is following its own policies and procedures, not to mention laws and regulations. Board oversight should include regular evaluations of the CEO. Organizations should also ensure they have a mechanism for anonymous reporting of concerns by employees, with the board or other oversight body receiving reports that are about upper management. If the tone at the top is inappropriate, employees need a venue to make their voices heard.

If you have questions regarding tone at the top and internal controls, contact one of our Clark Nuber fraud professionals.

© Clark Nuber PS, 2019. All Rights Reserved

Keep Reading

Articles and Publications

About the Oregon Commercial Activity Tax (CAT)

Earlier this year, Oregon enacted a form of gross receipts tax that will apply to taxpayers in addition to the state’s income tax. The voters had 90 days to reject H.B. 3427 through their referendum power provided by the Oregon constitution. A similar bill was turned down previously, but due to several potential reasons, the Oregon voters did not reject such a tax this time around. Thus, the tax will become effective January 1, 2020.

The Basics of the Tax

The new Corporate Activity Tax (CAT) will be imposed on “taxable commercial activity” in excess of $1 million at a rate of 0.57%, plus a flat tax of $250. However, taxpayers (including unitary groups) exceeding $750,000 of Oregon “commercial activity” are required to register for the CAT within 30 days of meeting the threshold. The reporting frequency will be quarterly. A penalty of $100 per month may be assessed for failing to register, up to $1,000 per calendar year. Taxpayers exceeding $1,000,000 of Oregon “commercial activity” are required to file an Oregon CAT return, even though tax is not due on the first $1,000,000 of “taxable commercial activity.”

The Troubles with the Tax

As is often the case, lawmakers are resorting to the old tactic of generating new revenues via new taxes, with little thought given to the administration of said tax or the added compliance burden shouldered by the taxpayer. How these taxes are enforced or, more importantly, how these taxes are computed, is left to others to resolve. Gross receipts taxes, like the CAT, tend to quickly evolve into a complicated, nuanced web of taxable income vs. attributed income vs. apportioned income and deductions. The Oregon Department of Revenue (DOR) is currently facing the task of implementing this new tax. As such, it is hosting a series of town hall meetings across the state to seek input from businesses affected by the tax. In addition to these in-person meetings, the DOR is also planning to host conference calls sometime in the future. At one such town hall meeting in Portland, the room was packed with tax practitioners and business owners voicing their concerns, not only about the additional level of tax, but also the difficulties in, and incongruities of, applying the rules on specific industries. Of the business owners present, agriculture and construction were the most heavily represented. Both industries face significant additional layers of tax that was likely not anticipated by the lawmakers. While the CAT is not a sales tax, many people view it just as such. The statute does not allow businesses to pass the tax on to their customer as a line item (as one would with sales tax), however, there are exceptions to this rule. For example, a vehicle dealer may collect from the purchaser of a motor vehicle the estimated portion of the tax imposed under this section that is attributable to commercial activity from the sale of the vehicle.

Details of the Tax

A plain reading of the law may give the illusion of simplicity, that is until one tries to make sense of the differences between “Oregon commercial activity” and “taxable commercial activity.”  “Oregon commercial activity” is gross receipts attributed to Oregon, while “taxable commercial activity” is net of certain expenses apportioned to Oregon. The CAT allows for a 35% deduction of the larger of:
  1. a) the amount of cost inputs;
  1. b) the taxpayer’s labor costs.
Both of these deductions are apportioned to the state using the tax apportionment rules under ORS 314.605 to 314.675. Cost input means cost of goods sold as computed under IRC Section 471 apportioned to Oregon. The exact mechanics of the apportionment calculation are not entirely clear, but are expected to be addressed by administrative rule. Labor costs mean total compensation of all employees excluding compensation paid to any single employee in excess of $500,000. The law provides a list of “excluded persons” not subject to the tax, such as organizations described in IRS Section 501(c) and 501(j) and governmental entities. Certain income items are not taxable, such as dividend or certain types of interest income. Interest income from credit sales or earned by financial institutions is taxable. Out of state businesses with substantial nexus with Oregon are subject to the tax for the privilege of doing business in the state. A person has substantial nexus with Oregon if any of the following apply:
  • Owns or uses a part of their capital in the state;
  • Is authorized by the Secretary of State’s Office to do business in the state; or
  • Has “bright-line presence” in the state.
“Bright-line presence” is established if a person (or unitary group):
  • Owns at any time during the calendar year property in this state with an aggregate value of at least $50,000. For this purpose, owned property is valued at original cost and rented property is valued at eight times the net annual rental charge.
  • Has during the calendar year payroll in this state of at least $50,000.
  • Has during the calendar year commercial activity, sourced to this state under section 66, chapter 122, Oregon Laws 2019 (Enrolled House Bill 3427), of at least $750,000.
  • Has at any time during the calendar year within this state at least 25 percent of the person’s total property, total payroll, or total commercial activity.
  • Is a resident of this state or is domiciled in this state for corporate, commercial, or other business purposes.
As you might suspect, this tax is not considered an income tax and, thus, is not subject to the provisions of the Interstate Income Act of 1959 (also known as Public Law 86-272). For help better understanding this new tax and how it might affect you, contact one of our SALT professionals.
© Clark Nuber PS, 2019. All Rights Reserved

Trouble Ahead? 5 Red Flags in Your Restaurant Financial Statements

Effective inventory management and menu pricing are common challenges for owners of restaurants of all sizes. To be successful, owners must manage expenses, monitor cost fluctuations, improve ordering processes and respond with timely menu price increases. Preparing a profit and loss statement, and understanding how to interpret the results of the statement, provides an owner information needed to make effective operating decisions in a timely manner. This article defines what a profit and loss statement is, its key components, and warning signs.

What is a profit and loss statement?

The profit and loss statement (also called a P&L, income statement, statement of income, or statement of operations) is a financial report that represents a company’s ability to generate income through their business operations. The statement is a thorough presentation of all revenues and expenses over a period of time. It is used as a management tool to analyze, forecast and evaluate the success of the business. Profit and loss statements include the following components:


For restaurants, sales is the revenue earned from sales of food and beverage to customers. Sales analyzed by menu item, month-to-month and year-over-year, is a trend analysis technique that is used to identify patterns and predict future events. This analysis can highlight times when business could slow and when it may be busy – assisting owners and managers in making accurate inventory purchasing and labor scheduling decisions.

Cost of sales

Cost of sales, (often referred to as cost of goods sold or COGS), include the direct costs of making and selling the food and beverage. These costs include food, beverage and labor of those directly involved in making and serving the food and beverage to customers. These are variable costs that fluctuate in proportion to the volume of food and beverage sold.

Gross profit

Gross profit is the profit a restaurant makes after deducting the direct costs associated with making and selling its menu items. It is calculated by subtracting the cost of sales from revenue (sales). The gross profit is what is left to pay the overhead and general and administrative expenses of the business. It reflects how efficient the restaurant is in using its labor and food/beverage costs in producing its menu items. Gross profit should be analyzed month-to-month and year-over-year. Declines in gross profit may be an indicator of serious problems. For example, a change in gross profit can be caused by changes in sales prices, volume of sales, price of food and beverage and labor hours incurred.

Operating expenses

Operating expenses are generally fixed or semi-variable costs. Operating expenses are paid regardless of the amount of restaurant sales made. These costs are restaurant expenses that are not directly associated with the production and sale of the menu items. These typically include rent, insurance, management salaries and utilities. It is important to monitor overhead costs as they directly impact the bottom line. Analyze operating expenses month-to-month and year-over-year. For those expenditures that are increasing, evaluate why they are increasing and investigate possible cost-saving opportunities.

Net profit or loss

Net profit or loss is calculated by taking gross profit and subtracting operating expenses. It is the measure of profitability after accounting for all costs. Net profit or loss is also referred to as the “bottom line,” as it is traditionally presented as the bottom line of the profit and loss statement.

Red flags to look for in your restaurant financial statements

When the warning light on the dashboard of your car goes on, it’s a very clear red flag something is wrong that requires an urgent investigation and response. Unfortunately, financial statements and data that restaurant owners and operators review on a daily, weekly and monthly basis do not provide obvious flashing red lights or warning signals when the business may be headed for trouble. With financial statements, one needs to take a closer look. The following section describes five key ratios and red flags for restaurant and food service owners and operators to monitor. For comparison purposes, we’ve included the 2018 median value limited-service and full-service restaurant benchmarks, reported by The Retail Owners Institute based on data from Risk Management Association Annual Statement Studies.

Current ratio

Current ratio measures the ability to pay off short-term debt.
  • Limited-Service Restaurant Benchmark – 0.8
  • Full-Service Restaurant Benchmark – 0.8
The current ratio is the ratio of current assets to current liabilities. Current assets are those assets that can be converted to cash within one year (i.e., cash, inventory, prepaid expenses). Current liabilities are obligations that are due within one year, such as accounts payable, accrued liabilities and short-term debt. This ratio measures whether the business has enough resources to pay its debts over the next 12 months. The higher the ratio, the larger the margin of safety to cover short-term obligations. For example, if your business has current assets of $300,000 and current liabilities of $200,000, the current ratio equals 1.50. For every $1 of liabilities, the restaurant has $1.50 of current assets. There is a cushion of 50 cents for every dollar of current debt. A ratio of 1.0 is reasonable; however, restaurants typically have a lower current ratio because they maintain relatively small inventory levels and have quick cash turnover. A ratio under 0.8 is a red flag and warrants taking action as the business may have difficulties meeting current financial obligations.

Inventory turnover

Inventory turnover measures the number of times inventory is sold or used in a year.
  • Limited-Service Restaurant Benchmark – 56.9
  • Full-Service Restaurant Benchmark – 56.8
The inventory turnover is a common ratio used in the restaurant industry. It is the cost of food or beverage sold divided by the average food or beverage inventory. The turnover should be calculated separately for food and for beverages because food may have a shorter shelf life than beverages. Although inventory may not be a significant portion of the restaurant business’ total assets, it is highly susceptible to theft and should be managed to minimize the cost of food and beverage. A low turnover may suggest that food is overstocked and could result in excessive spoilage cost. A high inventory turnover is desired as it means the restaurant is able to operate with a small investment in inventory. However, a high inventory turnover should be monitored as it may result in possible out-of-stock problems and the inability to provide desired food items to guests.


Debt-to-worth compares the business’ total debt to its net worth (owner’s equity).
  • Limited-Service Restaurant Benchmark – 61.5
  • Full-Service Restaurant Benchmark – 3.8
The debt-to-worth ratio is calculated by taking total debt and dividing it by total owner’s equity. A high ratio shows that a company has been aggressive in financing its growth with debt. The benchmarks vary so widely because the limited-service restaurant respondents to the benchmark survey presented more debt in their 2017 financial statements than the full-service restaurant respondents. This appears to be an anomaly compared to prior years, as this benchmark ratio was 30.2 in 2016 and 32.5 in 2015. The beauty of this ratio is in the eye of the beholder. An owner may wish to maximize their return on investment by maximizing debt. A lender, however, would prefer a lower ratio because their credit risk is reduced if an owner’s equity increases relative to its debt. A red flag would exist if debt continued to increase and earnings were not sufficient to cover the cost of borrowed funds.

Gross margin

Gross margin represents the percentage of total sales the company retains after incurring the direct costs associated with the sales.
  • Limited-Service Restaurant Benchmark – 63.4%
  • Full-Service Restaurant Benchmark – 62.1%
The gross margin percentage is calculated by taking total sales less direct costs of sales and dividing the result by total sales. It represents the percentage of total sales that the business has available to cover other costs and obligations such as general and administrative costs, occupancy costs and interest expense. A percentage increase in gross margin results in an additional percentage growth to the bottom line. Therefore, consistent monitoring and analysis of this ratio for changes from budget, prior periods, or industry benchmarks can identify areas where a restaurant can improve and maximize its profit. A decline in this ratio could be a red flag in direct costs or sales. Increasing food costs may be the result of excessive spoilage, inaccurate portions or theft. Increasing payroll costs may require closer monitoring and scheduling of labor. As costs continue to rise, do menu prices need to be adjusted?

Operating expenses as a percentage of sales

Operating expenses as a percentage of sales represents management’s ability to control operating expenses.
  • Limited-Service Restaurant Benchmark – 56.9%
  • Full-Service Restaurant Benchmark – 56.8%
The operating expense ratio is calculated by dividing total operating expenses by sales. It measures how efficient a business is. A red flag is an operating expense ratio that increases over time, because it represents a decline in operating efficiency from period-to-period. Significant deviations identified when comparing operating ratios at the account level to budget and/or prior periods should be investigated to determine the cause.


It is important to note that, on a stand-alone basis, these ratios don’t tell the complete story. The ratios are useful in identifying red flags when they are compared to an industry benchmark, a ratio from a past period or the budget. Timely and consistent evaluation of these ratios allows owners and operators to take corrective action to improve the financial strength of the business. Are your financial statements telling you a success story, or are they sending up red flags that there may be a problem? How do your operations compare to these industry benchmarks? For more information, contact a Clark Nuber hospitality sector professional. © Clark Nuber PS, 2019. All Rights Reserved

An Ounce of Prevention: The Importance of an Enterprise Risk Management Assessment

Has your organization completed an enterprise risk management assessment? Your external auditors may ask this question, and you may wonder why. Your financial statements are audited annually by an independent audit firm. You have insurance policies in place, including insurance that covers cyber-attacks. Your staff keeps current on the list of federal, state, and local regulations that apply to your particular industry and operations. Why should you perform an enterprise risk management assessment? Following is some background on this topic, and why it is of increasing importance and emphasis for all entities, including your small not-for-profit (NFP).

What is Enterprise Risk Management?

Enterprise risk management (ERM) encompasses a wide scope of principles and concepts. This is because ERM is a framework that provides direction and guidance to organizations for designing and implementing effective processes to identify, mitigate, and monitor risks. If you think about the steps your organization currently takes to mitigate risks, they are reactions to risks that have been identified (or quite possibly, reactions to an adverse event that your organization was not prepared for). ERM is a comprehensive process that starts with identifying all kinds of potential risks, instead of waiting for a risk to pop up on the radar screen. It is proactive, not reactive. The gold standard for establishing ERM, internal control, and fraud deterrence processes is the Committee of Sponsoring Organizations of the Treadway Commission (COSO). This joint initiative was established in 1985 to provide thought leadership for private companies and not-for-profit organizations, specifically to reduce fraudulent financial reporting. COSO has since issued frameworks for ERM, with the most recent update in 2017. Risk management is one of the key elements of a robust internal control framework. It’s tempting to think that ERM is only important for large or complex entities, not small not-for-profits. But not-for-profit organizations have risks that may not be addressed with a piecemeal approach to risk assessment. The goals of ERM are the same for any entity, it’s the risks that could be different. Some common categories of risk areas for organizations to assess include:
  1. Strategic
  2. Operational
  3. Financial
  4. Compliance
  5. Reputational

How to Begin the ERM Process

It can be daunting to figure out where to start with ERM, especially for smaller not-for-profits that don’t have a dedicated compliance officer to spearhead the project. The first step is to identify the risks. The brainstorming session around identifying risks needs to include different perspectives from both inside and outside the organization. Management and the board of directors should invite key stakeholders to share ideas, including program staff, volunteers, and clients. There are many resources available to not-for-profit organizations to get started, but it’s better to avoid the checklist mentality and encourage new ideas. An outside consultant can also be brought in to run the session and help foster discussions and out-of-the-box thinking. Identifying potential risks is the first step. The next is rating them on a heat map, asking “How likely is the risk to occur (what’s the probability), and how severe would the impact be?” It’s impossible to eliminate every possible risk out there and still run your organization. A “heat map” is like a cost-benefit analysis on steroids. Having more risks identified in step one means your organization has a more complete picture of where action needs to be taken, and where resources should be allocated to mitigate, share/transfer, or eliminate risks. After mapping the risks, the organization can respond to each identified risk by sharing it (for example, through insurance or a joint venture), reducing it (by diversifying or limiting its involvement in risky activities), accepting it (typically if it is low probability and impact), or avoiding it altogether (by shutting down programs or choosing not to take on new programs with high-risk activities). Implementation will likely take a period of time to complete. Organizations should document their plan with completion dates for its responses.

Following Up

Much like internal controls, ERM is not a one-and-done procedure. Rather, it’s a process that should include regular monitoring and reassessment when there are any changes within the organization or its environment. Monitoring includes checking on a regular basis that the response to each risk is actively working as intended. A monitoring plan should be drafted along with the implementation calendar, with frequency of monitoring, the name of the person(s) responsible for performing the monitoring, and who they are reporting the results of the monitoring to. Building in accountability will help ensure that risks continue to be addressed into the future. Reassessment of the risks and of the mitigation responses is necessary on a regular basis, and also when anything has changed in the organization or its environment. New legal requirements, a change in the internal reporting structure, or the launch of a new program would all warrant revisiting the potential risk population and how the entity will respond to each one. Risks are everywhere, and it is impossible to eliminate all of them. ERM gives your organization the opportunity to get ahead of the game and avoid an uninformed reaction to an unforeseen emergency. It’s the 21st century’s version of “An ounce of prevention is worth a pound of cure.” If you need help designing and implementing an enterprise risk management assessment, contact one of our professionals.
© Clark Nuber PS, 2019. All Rights Reserved

Featured Resources