We continue to hear a lot about “cybersecurity.”  Does your institution have a plan in place?  The IRS has some interesting suggestions that they have released on this topic.



Troas Bible College (TBC) is a private college exempt under Internal Revenue Code section 501(c)(3) and 170(b)(1)(A)(ii).  They are required to file Form 990 annually.

The TBC Accounting Team just did a two-day off-site planning meeting and talked about their upcoming audit, the changes driven by new FASB pronouncements, the “Tax Cuts and Jobs Act,” Changing their Culture Through Numbers, and Cybersecurity.  They called us to ask about what steps they should be taking with respect to securing their technology and systems.

We told them that the IRS had recently released an email alert to tax preparers that could be adapted for Christian colleges.  The Service recommends such items as: asking other schools and businesses for recommendations on steps to take and/or professionals to hire; be very selective with any consultants you might hire; carefully interview consultants – more than one; get an engagement letter from any consultants you might hire that clearly sets forth the details of what they will provide.

The IRS also has a paper entitled, “Small Business Information Security: The Fundamentals” (NISTIR 7621).  They go through steps to Identify, Protect, Detect, Respond, and Recover.   It can be found at:



From IRS Alert to Tax Preparers “Protect Your Clients with a Data Security Plan”:

Increasingly, there has been a lot of discussion and messaging around the importance of data and information security.  Cybercriminals use sophisticated and ever evolving techniques to gain access to your systems.

While there are many steps you can take to reduce the risk of becoming a victim of cybercriminals, creating and maintaining a data security plan tops the list.

Because every business is unique, cybersecurity pros can address your individual business needs and craft a security plan that safeguards [your organization’s] data. There is a big market for cybersecurity professionals, but before hiring a cyber pro:

  • Ask for recommendations – talk to other [organizations] and business owners for references
  • Be selective – hire a professional that you feel comfortable with and trust discussing the safety and security of your business and your clients
  • Do interviews – ask about their level of experience in data and systems protection, available options for backing up data, experience developing security plans for similar sized businesses, and the scope of monitoring for current and emerging security threats.
  • Make it official – secure an agreement or engagement letter that details the terms of each service provided.

Our hope is that you never become the victim of a security breach; however, no computer or business is immune to compromise. Being prepared goes a long way in helping to protect your [organization].



  • Cybersecurity is a “hot topic” in the news and at conferences these days.
  • Your institution likely has a Technology Department with capable professionals.
  • It can be very beneficial for your Accounting Team to be knowledgeable and prepared with respect to protecting your data.
  • Take steps to gain knowledge and work closely with your tech folks to have a plan in place to protect financial, payroll, proprietary data.

Specific questions? Email Dave Moja

The information provided herein presents general information and should not be relied on as accounting, tax, or legal advice when analyzing and resolving a specific tax issue. If you have specific questions regarding a particular fact situation, please consult with competent accounting, tax, and/or legal counsel about the facts and laws that apply.

© 2019 Christian College Resources, Inc.