Skip to main content

Taxes

IT Best Practices Checklist to Follow IRS Guidelines When Offshoring Accounting Staff

Firms must consider tax compliance when offshoring accounting staff. The IRS has issued several guidelines and regulations that affect the tax implications of offshoring accounting activities.

Christopher Stark

Oct. 04, 2024

Offshoring accounting staff can be a cost-effective and strategic way for US-based businesses to access global talent, improve efficiency, and expand their market reach. However, offshoring also comes with challenges and risks, especially regarding IT security and tax compliance. And what better time to review that than Cybersecurity Awareness Month?

Here’s an overview of the IT best practices, and IRS guidelines firms should follow when offshoring accounting staff.An Outline of IRS Guidelines for Offshoring Accounting StaffFirms must consider tax compliance when offshoring accounting staff. The IRS has issued several guidelines and regulations that affect the tax implications of offshoring accounting activities. The following are the main takeaways from what a firm must uphold to maintain compliance with relevant parts of the IRS code.Section 7216 of the Internal Revenue CodeSection 7216 prohibits the disclosure or use of tax return information by tax preparers without the taxpayer’s consent. To comply with this regulation, businesses must:

  • Obtain Consent: Secure the taxpayer’s consent before sharing their information with an offshore service provider.Use of Information: Ensure that the offshore provider uses the taxpayer’s information solely for the purposes authorized by the taxpayer.
    • Revenue Procedure 2013-14 Revenue Procedure 2013-14
  • Consent Form: Provide a consent form to taxpayers that clearly explains the types of information to be disclosed and the purpose of the disclosure.Retention: Retain a copy of the consent form for at least three years from the date of the taxpayer’s consent.
    • Revenue Procedure 2014-60 Revenue Procedure 2014-60
  • Check Eligibility: Verify that the offshore service provider is in a country listed as eligible under Revenue Procedure 2014-60.Maintain Records: Keep detailed records of the information shared and the countries involved in the data transfer.
    • Publication 4557
  • Data Protection: Implement measures to protect taxpayer data from unauthorized access, use, and disclosure.Breach Response: Establish a breach response plan to address and mitigate taxpayer information data breaches.
    • Best Practices for Offshore Staff 5293 Gramm-Leach-Bliley
  • Clauses in Engagements for Offshore Labor: When drafting engagement contracts, it is essential to include provisions that explicitly allow the use of offshore labor. These clauses should outline the scope of work, security expectations, and compliance requirements to ensure the firm’s and its clients’ transparency and legal protection.Employee Contracts with Confidentiality Clauses: All onshore or offshore employees must sign contracts that include strict confidentiality clauses. These clauses should detail how sensitive information is handled, prohibit unauthorized disclosures, and outline the legal consequences of breaches.
    • Use of Firm-Owned Equipment
  • Supply of Computers, Tablets, and Phones: The firm should supply all necessary equipment, including computers, tablets, and phones, to remote employees. This ensures that security configurations and software updates can be managed centrally.Restricted Use of Equipment: The provided equipment should be used exclusively by remote employees for work-related purposes. No other users should have access to this equipment, minimizing the risk of unauthorized access or data breaches.Optional Home Network Segmentation: The firm may provide firewalls and switches to segment their home network for employees working from home. This setup helps protect firm data by creating a dedicated, secure network environment separate from personal internet usage.
    • Setup of Remote Access Environments
  • International Security Group: Establish an international security group within your remote access infrastructure. This group should have specific security policies and monitoring mechanisms tailored to the unique risks of international access.Separate Virtual Machines (VMs) for International Use: Separate VMs are used for international employees. This segregation helps protect sensitive information by isolating international access from the rest of your network, reducing the risk of cross-contamination.
    • Application Setup – Flags and Restrictions
  • Document Management System Segmentation: Implement flags within your document management system to segment access based on user location and role. This ensures that sensitive documents are only accessible to authorized users.Password Protection for Tax Systems: Require robust password protection for access to tax systems. This measure helps prevent unauthorized access to sensitive financial information.Filtering in Practice Management System: Use flags to filter access within your practice management system. This ensures that international users only access the data they can view and work with.International Licensing as Needed: Ensure that all software and applications used by international staff are appropriately licensed for use in their respective countries. This helps avoid legal issues and ensures compliance with local regulations.
    • IT Security Items
  • Firewalls: Deploy firewalls to protect your network from unauthorized access and cyber-attacks. Ensure firewalls are configured to monitor and control incoming and outgoing network traffic based on predetermined security rules.Anti-Virus Software: Install anti-virus software on all firm-owned devices to detect and remove malicious software. Update the software regularly to protect against the latest threats.Anti-Malware Protection: Use anti-malware tools to identify and prevent malware infections. This additional layer of security helps safeguard against sophisticated cyber threats.Endpoint Protection: Implement endpoint protection solutions to secure all devices connected to your network. This comprehensive approach includes anti-virus, anti-malware, and firewall protections, ensuring that all endpoints are secure.
    • Access Controls
  • Multifactor Authentication (MFA): Use MFA solutions such as DUO or Microsoft Authenticator to verify the identity of users accessing your systems. MFA adds an extra layer of security by requiring users to provide multiple forms of identification.Password Management: Implement password management solutions like Bitwarden, Keeper Password Manager, or LastPass Enterprise/Teams. These tools help users create and store strong, unique passwords for all their accounts, reducing the risk of password-related breaches.Data Loss Prevention (DLP): Adopt comprehensive DLP policies to prevent unauthorized access to and sharing sensitive data. Enable DLP features in Microsoft 365 or other platforms to monitor and control data flows, preventing accidental or malicious data leaks.
    • Cetrom Connect