Forensic CPA Society

11/29/2025

Saturday, November 29, 2025
The Ryan Group Inc
5500 Bolsa Avenue Suite 125
Huntington Beach Ca 92649

Regarding: The Process of operating a new business

Dear Team

I have been working on finding answers to what takes place in starting a new business. I want to gather a series of articles on the subjects about running a small business. I found the following AI article about business insurance. AI Overview
"The 411" for business insurance refers to the essential information needed to understand, select, and manage coverage for a company The primary types of insurance protect against common risks, liabilities, and property damage.
Essential Types of Business Insurance
Most businesses start with a Business Owner's Policy (BOP), which combines several fundamental coverages into one package. Key coverages include:
General Liability Insurance: This foundational coverage protects against claims of bodily injury, property damage, libel, and slander caused by your business operations.
Commercial Property Insurance: This covers damage to your physical assets, such as your building, equipment, and inventory, from events like fire or natural disasters.
Business Income Insurance (Business Interruption): If a covered disaster forces your business to close temporarily, this coverage replaces lost income and helps pay for ongoing expenses like rent and payroll.

Depending on your industry and specific operations, other important policies may be necessary:
Professional Liability Insurance (Errors & Omissions or E&O): This is for businesses that provide advice or professional services. It covers claims of financial harm caused by an error or omission in your work.
Workers' Compensation: Most states require businesses with employees to carry this, which covers medical expenses and lost wages for employees injured on the job.
Commercial Auto Insurance: If your business uses vehicles, this covers damages and liabilities related to accidents.
Data Breach/Cyber Liability Insurance: Protects against losses resulting from a cyberattack or data breach.

Key Considerations When Selecting Coverage
Assess Your Risks: The type of insurance you need depends on your business. A restaurant has different risks than a home-based consultant.
Work with a Broker: An insurance broker can help you identify specific risks and find policies tailored to your needs from various providers.
Understand Policy Details: Pay attention to coverage limits, deductibles, and exclusions. For example, some property policies use "actual cash value" (which factors in depreciation), while others use "replacement cost" (which covers the full cost of a new item).
Stay in Compliance: Be aware of state and federal regulations regarding mandatory insurance, such as workers' compensation.

For detailed guides and articles on various types of business insurance, you can explore resources like The Insurance 411 or your state's Department of Insurance website, such as the California Department of Insurance's Commercial Insurance Guide.

AI Overview

In business property insurance,
coinsurance is a clause that requires a property to be insured for at least a specific percentage (commonly 80% to 100%) of its total value. If the property is underinsured at the time of a loss, the insurance carrier can impose a financial penalty, reducing the claim payout.
The term "411" refers to general information, as well as specific California Department of Insurance (CDI) forms related to business entity endorsements (LIC 411-8A).
Coinsurance Explained
The purpose of a coinsurance clause is to ensure that businesses carry adequate coverage to protect their assets and for the insurance company to collect the correct amount of premium.
Requirement: Your policy's declarations page will list a coinsurance percentage (e.g., 80%). This means the limit of insurance you purchase must be at least that percentage of the property's actual value.
Penalty for Underinsurance: If you do not meet the minimum coverage requirement, any claim payment will be proportionally reduced. The business owner essentially "co-insures" the missing portion of the coverage.
Application: Coinsurance clauses primarily apply to commercial property insurance (buildings, equipment) and business interruption insurance, not liability insurance.
Calculating a Coinsurance Penalty
Here is the formula to determine the claim payment after a loss, if you are underinsured:
(Amount of Insurance Carried / Minimum Insurance Required)

×
×
Amount of Loss = Claim Payout (less deductible)
Example Scenario (80% Coinsurance):
Property Value: $1,000,000
Minimum Required Coverage (80%): $800,000
Amount Carried: $400,000 (You chose to insure for only 50% of the required amount)
Covered Damage (Loss): $200,000
Calculation: ($400,000 / $800,000)

×
×
$200,000 = $100,000 Payout (minus your deductible)
In this scenario, the business only receives half of the repair cost because it was significantly underinsured.
California-Specific "411" Forms
In California, the term "411" is also associated with specific insurance forms:
LIC 411-8A (Business Entity Endorsement): Used by business entities to authorize individual surplus lines agents to transact insurance on their behalf.
LIC 411-8T (Business Entity Endorsement Termination): Used to terminate an agent's endorsement.
These forms are generally submitted electronically via the Sircon online service.

Agents & Brokers Overview / Licensing Forms / Broker/Agents / Business Entity Endorsement
Business Entity Endorsement
You have attempted to access the Business Entity Endorsement, form LIC 411-8A. Pursuant to Cal. Ins. Code section 1661, use of this form has been restricted. Specifically, this section states, in part, that when a business entity wants to change, remove, or add to the natural persons who are to transact insurance under authority of its license, it shall file a form prescribed by the commissioner, and that form must be submitted by a means of electronic service approved by the commissioner.
You must use Sircon's Maintain Agency Associations. For assistance creating a user account, please see Vertafore Support. If you are filing an endorsement for a license type not available, you may proceed to the Business Entity Endorsement, form LIC 411-8A.
Business entities may, for good cause shown, request an exemption from the electronic filing requirements. Such requests may be made by contacting the Toll-Free Producer Licensing Hotline (800) 967-9331. These requests must be made prior to the filing of a paper Business Entity Endorsement form.

Please call our office if you have any questions or e-mail us at [email protected].

Thank You

Patrick L. Ryan C.P.A./C.V.A./F.C.P.A.
Senior Business Consultant

11/29/2025

Saturday, November 29, 2025
The Ryan Group Inc
5500 Bolsa Avenue Suite 125
Huntington Beach Ca 92649

Regarding: The Process of starting a new business

Dear Team

I have been working on finding answers to what takes place in starting a new business. I want to gather a series of articles on the subjects about running a small business.

I found the following AI results for that question from Google’s AI
AI Overview from Google
The primary reasons people start a small business in California stem from both personal motivations and the state's unique, robust economic landscape.
Personal Motivations
Entrepreneurs in California, like those elsewhere, are often driven by personal aspirations:
• Desire to be their own boss: The drive for independence and control over one's professional life is a top motivator.
Pursuing a passion: People start to work in a field they enjoy and achieve fulfillment.
• Achieving financial independence: The potential for unlimited earning capacity and building wealth is a significant draw.
• Flexibility and work-life balance: The ability to set their own schedule and lifestyle is a key factor for entrepreneurs.
• Solving a problem or filling an unmet need: Finding a gap in the market or a better way to provide a service inspires them to start their own venture.
California-Specific Advantages
California's environment enhances these motivations with a supportive ecosystem that increases the potential for success:
• Largest U.S. economy and vast market: The sheer size and global ranking of California's economy (which ranks as one of the largest in the world if it were a country) provides a massive, diverse customer base with significant disposable income.
• Access to a deep talent pool: The state is home to world-class universities and major tech companies, creating a large pool of highly educated and skilled workers and experienced professionals.
• Innovation and venture capital hub: Silicon Valley and other industry clusters offer unparalleled access to investors, venture capitalists, and a culture of risk-taking and innovation that makes securing funding easier for scalable ideas.
• Diverse industries and networking: Beyond tech and entertainment, California has strong sectors in agriculture, aerospace, and renewable energy, offering rich networking opportunities and diverse markets.
Ultimately, the combination of strong personal drive and California's environment rich with customers, talent, and capital makes it an attractive place for entrepreneurship.

Please call our office if you have any questions or e-mail us at [email protected].

Thank You

Patrick L. Ryan C.P.A./C.V.A./F.C.P.A.
Senior Business Consultant

11/05/2020

From: The Ryan Group
November 4, 2020
Patrick Ryan CPA/CVA/FCPA

According to Parker’s Tax Publishing If Biden gets in the taxes go up, if Trump stays taxes will be cut read the following. Pick up from the Year End Tax Planning bulletin sent out November 3rd 2020.
2020 Year-End Tax Planning for Businesses
While the nation is focused on the 2020 Presidential election and what the results will mean for our country going forward, business clients are still relying tax practitioners' insights to help them navigate this uncertain terrain and initiate any year-end tax planning options that will reduce the business's 2020 tax liability.
While it is unclear at press time who will win the 2020 Presidential election (or which party will control Congress), both candidates have proposed tax plans, some more definite than others, which will most likely affect a business's 2021 taxes.
Former Vice President Joe Biden has indicated that he will raise corporate tax rates from 21 percent to 28 percent, which is still not as high as the 35 percent rate in place before the Tax Cuts and Jobs Act (TCJA) took effect.
He has also proposed expanding tax credits for renewable and clean energy projects. For his part, President Trump has indicated that he would like to make the tax cuts in the TCJA, many of which expire after 2025, permanent. He has also promised to enact permanent cuts to the payroll tax.

So, if you are using Trump rates for any projections for your valuations or startup businesses, I would use a higher rate for your tax rates.
Economic circumstances are going to still be hard on the economy with the COVID still Place.
I think there will be a growth in service-based startup businesses in the next six months.

Pick up from the Year-End Tax Planning bulletin sent out November 3rd, 2020.
Due to the coronavirus pandemic (COVID-19) and the enactment of legislation to offset the economic burden wrought by COVID-19, as well as legislation passed at the end of 2019, there is a lot to consider when reviewing year-end tax planning options that may be available to reduce your 2020 tax liability (inserted by Patrick Ryan because they may change retroactively ).

I believe there are some real surprises coming when the SBA starts to reconcile the use of the loans by the various people and businesses that requested the funds. I would not be surprised for the SBA to find a significant amount of the money loaned was spent on unacceptable transactions that will be required to be paid back to the SBA. If the people or businesses are so desperate to spend the money on transactions that are not allowed in the loan documents, do you think they have the money to pay it back?

09/30/2020

I got this article from the Bitdefender website https://hotforsecurity.bitdefender.com/blog/alleged-ransomware-attack-disrupts-medical-care-at-uhs-hospitals-across-the-us-24214.html

Alleged Ransomware Attack Disrupts Medical Care at UHS Hospitals across the US

Universal Health Services (UHS), one of the largest hospital chains in the US, was hit by an apparent cyberattack over the weekend that disrupted IT and phone systems at healthcare facilities in California, Florida, Texas, Arizona and Washington DC.

According to UHS employee reports, the attack occurred on Sunday morning, when various systems in the Emergency Department (ED) began shutting down.

“I was sitting at my computer charting when all of this started,” a UHS employee stated on Reddit. “It was surreal and definitely seemed to propagate over the network. All machines in my department are Dell Win10 boxes. When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. After 1min or so of this the computers logged out and shutdown. When you try to power back on the computers they automatically just shutdown.”

UHS officials described the systems outage as an “IT security issue.”

“The IT Network across Universal Health Services (UHS) facilities is currently offline,” UHS said in a statement on Sept 28. “We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible.”
With IT systems down, nurses and physicians have a hard time delivering medical care and treatments to patients. Employees say staff is forced to work “old school,” using offline documentation methods for charting medication.
“In the meantime, our facilities are using their established back-up processes including offline documentation methods,” UHS added. “Patient care continues to be delivered safely and effectively. No patient or employee data appears to have been accessed, copied or misused.”
Although UHS has yet to confirm the type of malicious attack, the scenario suggests ransomware.
UHS’ systems outage reminds us of the ransomware attack on Düsseldorf University Hospital (UKD). What started as a network disruption forced the hospital to deregister as an emergency care facility and postpone patient appointments. The attack didn’t just inhibit proper medical care. A woman in need of urgent medical admission died after being taken to another city for treatment.

Universal Health Services (UHS), one of the largest hospital chains in the US, was hit by an apparent cyberattack over the weekend that disrupted IT and phone systems at healthcare facilities in California, Florida, Texas, Arizona and Washington DC...

09/30/2020

I got this from Bitdefender website about protection from Ransomware
How to protect from ransomware

Ransomware is a malicious software designed to block access to computer until a sum of money is paid to the attacker. Some of the most notable examples of ransomware are CryptoLocker, CryptoWall, WannaCry and Petya.

Usually, in case of encrypting ransomware, local files are encrypted using a randomly generated key pair that’s associated with the infected computer. While the public key is copied on the infected computer, the private key can only be obtained by paying for it within an allocated amount of time. If the payment is not delivered, the private key is threatened to be deleted, leaving no possible unencrypting method for recovering the locked files.

One of the most common infection vectors relies on drive-by-attacks through infected ads on legitimate websites, but it has also been known to infect via infected downloaded apps.

Ransomware infection can be limited and sometimes prevented with a few best practices:

• Use an antivirus solution that is constantly updated and able to perform active scanning

• Schedule file backups (either locally on in the cloud), so data can be recovered in case of corruption

• Follow safe internet practices by not visiting questionable websites, not clicking links or opening attachments in emails from uncertain sources, and not providing personally identifiable information on public chats rooms or forums

• Implement / enable ad-blocking capacities and anti-spam filters

• Virtualize or completely disable Flash, as it has been repeatedly used as an infection vector

• Train employees in identifying social engineering attempts and spear-phishing emails

• Enable software restriction policies. System administrators need to enforce group policy objects into the registry to block executables from specific locations.

This can only be achieved when running a Windows Professional or Windows Server edition. The Software Restriction Policies option can be found in the Local Security Policy editor. After clicking the New Software Restriction Policies button under Additional Rules, the following Path Rules should be used with Disallowed Security Level:

• “%username%\\Appdata\\Roaming\\*.exe”
• “%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\\.*exe”
• C:\\\*.exe
• “%temp%\\*.exe”
• “%userprofile%\\Start Menu\\Programs\\Startup\\*.exe”
• “%userprofile%\\*.exe”
• “%username%\\Appdata\\*.exe”
• “%username%\\Appdata\\Local\\*.exe”
• “%username%\\Application Data\\*.exe”
• “%username%\\Application Data\\Microsoft\\*.exe”
• “%username%\\Local Settings\\Application Data\\*.exe”

CrypoWall

07/03/2020

Posted July 3rd of 2020 By Patrick Ryan
9 Top Cyber Attacks Reported by Small Businesses; Most Still Unprotected
October 19, 2016
Most small-business owners (78 percent) still don’t have a cyber-attack response plan, even though more than half (54 percent) were victim to at least one type of cyber-attack.
About 60 percent of those who did experience a cyber-attack said it took longer than a month to recover. By contrast, of those who have not encountered a cyber-attack, more than half (57 percent) think their company could recover within a month.
Those findings stem from Nationwide’s second annual Small Business Indicator, a national survey conducted online by Harris Poll on behalf of Nationwide from June 10-23 among 502 U.S. small-business owners with fewer than 300 employees.
The survey found that 54 percent were victim to at least one type of the following attacks:
1. Computer virus (37 percent)
2. Phishing (20 percent)
3. Trojan horse (15 percent)
4. Hacking (11 percent)
5. Unauthorized access to customer information (7 percent)
6. Unauthorized access to company information (7 percent)
7. Issues due to unpatched software (6 percent)
8. Data breach (6 percent)
9. Ransomware (4 percent)
“Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets,” said Mark Berven, president of Nationwide Property & Casualty.
Berven said his company wanted to raise awareness of this trend during October, which the U.S. Homeland Security agency has designated as National Cyber Security Awareness Month.
According to the survey, 45 percent of small-business owners who do not have a cyber-attack response plan in place said they don’t feel their company will be affected by a cyber-attack (compared to 40 percent last year).
At the same time, the majority (68 percent) are at least somewhat concerned about a potential cyber-attack affecting their business.
Source: Nationwide

05/28/2020

Issues with Video Conferencing and Security.

Date May 27, 2020

As soon as companies recognize there is a big problem coming with the possible closing down of actual physical locations at a result of the Covid-19 Virus they had to scramble to develop a plan to keep the businesses running. One of the immediate needs was the use of video conferencing software on multiple platforms and equipment. Not all company’s have a professional IT staff to assist with this kind of transition. The smaller company’s research where they could and picked solutions that appeared to get their workers attached to the business and back working at their jobs. I am talking about the middle of March of 2020. I noticed an article from PCmag dated March 18th of 2020 discussing the top 10 video conferencing software. You can Google the article “The Best Video Conferencing Software for 2020”.
Here is the issue I am thinking about when using this type of connection on a machine connected to the company information on a VPN. The worker’s computer is just another connection on the company network, so there is a secure connection to the company system though the firewall.
But what about an open browser connection on the remote user’s computer? A insecure web based video conferencing application, allows an attacker to compromise the remote worker’s personal computer, and then use the VPN connection to bypass the company’s firewall and gain direct access to the internal company network where the company’s proprietary information lives.

We are looking into products that reduce the attack surface from remote users’ devices. In other words, products that reduce the risk of infection when using software like browser based video web conferencing.

By Patrick Ryan and Henry Karwan
The Ryan Group
5500 Bolsa Avenue, Suite 125
Huntington Beach, California ,92649
Phone 714-373-3688 Fax 714-373-3694
Website ocfrg.com

05/19/2020

Written by Patrick L. Ryan CPA, CVA, FCPA
Date Monday, May 18, 2020

Discretionary Cash Flow:

Discretionary Cash Flow is a method of adjusting the earnings of a business to illustrate the amount of cash flow the business is generating to the owner of the business. Most small business owners are concerned with what they can extract out of the business cash flow to fund their needs. It is my understanding that small business owners are adept at concealing those items they direct to their living expenses. This method is a simple method for business valuation and the limits of this method are numerous but this article is about how a normal person can look at the possible cash flows of a business. Over the years I have seen many different ways the owners of small businesses use to get the money out of the business. Generally, it is used for evaluating businesses with gross annual sales that are under $1,500,000.

This method is based on the owner’s total cash flow which includes salary, benefits, and depreciation. I have added those disguised expenses that are not needed by the business. That would include the additional vehicles on books, home living expenses included in the Amazon purchases, Costco purchase, Home Depot Purchases, and other vendor payments. I will review the Insurances paid by the business as well as Travel Expenses.
These are all items that are benefits to the owner, also known as discretionary items. All of these items are added to the profit of the business to arrive at a grand total of the owner’s cash flow.
It is important to include actual and real expenses that are necessary to the operation of the business such as rent, utilities, labor, etc. There are also expenses that the owner has control over such as auto expenses, salary (his or hers), owner benefits, and so on. Finally, there is depreciation and amortization that are non-cash items.
Normally, I would assume there is one (1) full time, a working manager in the business for the actual cost of management of the business.
If the owner is not working in the business, then the full-time working is already in the cash flow of that business unit. This tradition will occur with multiple locations of the business.
Profit shown on Income Taxes
+ Nonrecurring Expenses
– Nonrecurring Income
+ Non-operating Expenses
– Non-operating Income
+ Depreciation
+ Amortization
+ Interest Expense
+ One Owner’s Total Compensation
+ additional vehicles on books, home living expenses included in the Amazon purchases, Costco purchase, Home Depot Purchases, and other vendor payments. I will review the Insurances paid by the business as well as Travel Expenses.

Owners Discretionary Cash Flow

05/19/2020

05/19/2020

Article from Maximum PC about the Zoom Meeting Software
POPULAR, BUT FLAWED user be aware of this product
Security and privacy prove problematic
VIDEO CONFERENCING is in high demand at the moment. Zoom is free with its basic plan, which helps explain its surge in popularity; traffic jumped over 500 percent in a month. Unfortunately, it's had more than a few problems too. It's supposed to have end-to-end encryption, but it didn't, it can't. It was also caught sharing data with Facebook. The iOS version passed a myriad of details over to Facebook (whether you have an account or not) when you logged on, despite having nothing about this in its privacy statement. It also had a tool that enabled your LinkedIn profiles to be collected. If you had LinkedIn Sales Navigator enabled when you ran a meeting all the participants' profiles appeared.
Zoom's lax security has also led to half a million stolen accounts floating around the dark web. Its naming conventions have left recordings on cloud servers vulnerable. Simple numbered URLs also lead to "zoom-bombing"—unwanted, and often unfriendly, additions to your conference call. Zoom's problems are many—it simply wasn't ready for the huge number of new, non-business users.
New York's attorney general has written a warning letter, and a Class Action lawsuit has started in California. Senators are taking an interest, particularly in the way it handles underage users. It has been asked to provide information on its data practices and security history to government representatives. COVID-19 has shown how important video conferencing is, and that inevitably means tighter regulations.
Zoom has frozen development work while it fixes the security "issues", and LinkedIn and Facebook connections have been cut. The data sharing shouldn't surprise anyone: when something is free, it really isn't: the target is your data. –CL

I find the Maxmum PC Magazine is a useful resource for my computer and software information

05/19/2020

Technology Checklist
Copied From The NACVA Publication"The Value Examiner" January and February of 2020

Alist to consider with your company computer system

Consider the following as a potential line of questioning in your evaluation of a company's technology in use.
Although the checklist is not meant to be exhaustive, the answers to these questions can help you determine whether a company's IT operation is well-run and correctly structured
Timing

Is the technology replaced on a recurring basis?
When were the last major capital expenditures?
What is the likely timing of a similar expenditure in the future?
Have there been any power outages in the last three years?
Have there been any communications outages in the last three years?
Has any technology in use not been available for
more than four hours?
Can team members work anywhere, anytime on any
device (AAA)?

Service Level Agreement (SLA)

How long does it take the IT team to address reporting issues? Common answers should be 1, 4,8, 24, or 72 hours.
What happens when a team member/employee cannot work?
Is the support 24/7?
Are there any long-term or recurring technology issues that have persisted for more than 72 hours?

Costs

What have been the annual capital expenditures per employee?
Typical answers are $5,000 to $7,000 per year
What are the current recurring costs?
Software?
Support?
Hosting?
Communications?
How long are the contracts for IT services?

Intellectual Property
Is there any software or hardware that is unique to the business?
What did the initial development cost?
What does it cost to maintain this annually?
Is there any personnel that is critical to the hardware or software?

Workflows

Are there automated workflows in place?
Is there a system in place to document workflows?
Have these been optimized with robotic process automation (RPA)?

Software

What supporting software systems are in place (ERP, accounting, productivity)?
What are the primary systems to support the business?
How complete is the installation?
What version is in use, and what is the current
version?
What alternatives are available to the systems in use?

Personnel

Is there a formal IT training program?
Does the organization use a learning ladder or learning matrix?
Is the program defined by role?
Are there tests or certifications for proficiency?

Hardware

Is the hardware in use business-grade or consumer-grade? Are any end-user computer technologies in use for older than three years?
Are any server or storage area network (SAN) technologies older than five years?
Are any infrastructure items (firewalls, switches,
wireless access points) older than seven years?
Is the business using any cloud hosting services (Amazon Web Services, Microsoft Azure, etc.)?
Are there any performance issues?
policy?
What risks exist to the business in the event of outages?
Short-term-1-4 hours
Mid-term-4-72 hours
Long-term—greater than 72 hours
Are there redundant communication lines?

Data

How comprehensive is the data in various systems?
How clean is the data in various systems?
Are advanced analytics in use?
Descriptive—What is happening in the business?
Diagnostic—Why is this happening?
Predictive—What is likely to happen in the business?
Prescriptive—What does the business need to do?
Are dashboards in use?
How many key performance indicators (KPIs) are in use?
Strategic
Is technology strategic to the business's success?
When was the last revision to the business's strategic plan?
When was the last revision to the IT strategic plan?
Does the business have an IT governance policy?
Does the business have an IT data governance
Tactics
When was the last revision to the business tactical plan?
When was the last revision to the IT tactical plan?
When was the last revision to the business continuity/disaster recovery (BC/DR) plan?
What IT policies are in place? Ask to see them.
Examples include:
Acceptable use policy
Bring your own device policy
Confidentiality agreement
Data loss prevention (DLP) policy
Incident response plan (IRP)
IT security plan and policy
Password policy
Records retention policy
Social network policy
Website and portal use policy