With fraud and cyber-attacks increasing by over 500% since the COVID-19 era began, all organizations, whether for-profit or not-for-profit, are under siege and being challenged with having to defend their data while also contending with a scattered workforce and diminished revenue. To help not-for-profit entities protect their information during these unprecedented times, this webinar will cover challenges entities face in preventing, detecting, and responding to fraud and cybersecurity-related activities.
1. NFP SPEAK
NOT-FOR-PROFIT
RISKS IN THE
COVID-19
ENVIRONMENT
CITRIN COOPERMAN’S
NOT-FOR-PROFIT COVID-19
WEBINAR
evolution
WEDNESDAY, AUGUST 5, 2020
11:00 AM – 12:00 PM EST
actioninto
MODERATOR: John Eusanio
PANELISTS: Bridget Weiss, Ken Yormark, & David Roath
2. evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
WELCOME & INTRODUCTION
John Eusanio, CPA, CGMA
Partner & Not-For-Profit Practice Leader
4. evolution KEY REMINDERS / USING ZOOM
actioninto
• The webinar is 1 hour and based on your participation.
• You have joined in listening mode only.
• You will have the opportunity to submit questions to our moderator/speakers by typing
your questions into the Q&A icon on the Zoom panel.
• This session is being recorded and a playback link will be sent.
5. 5
Polling Question #1
For those of you joining us today, do you
require CPE/CLE?
A. Yes – CPE
B. Yes – CLE
C. Both CPE/CLE
D. No
evolution
action
6. Bridget M. Weiss, JD
Partner
202.942.5839
bridget.weiss@arnoldporter.com
evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
MODERATOR & SPEAKERS
John Eusanio, CPA, CGMA
Partner & Not-For-ProfitPractice
Leader
646.979.6091
jeusanio@citrincooperman.com
Ken Yormark, CPA, CFE,
CFF, CAMS
Partner & Forensic & Litigation
Services Practice Leader
347.505.6350
kyormark@citrincooperman.com
David Roath, CPA
Partner & TRAC Practice Leader
203.707.9788
droath@citrincooperman.com
7. evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
Bridget M. Weiss, JD
Partner, Tax-Exempt Organizations Practice
Arnold & Porter
BOARD FIDUCIARY RESPONSBILITIES
9. evolution Role of Nonprofit Board of Directors
actioninto
What is the role of a nonprofit Board – and what are the
practical responsibilities associated with its role?
• Set the strategic direction for the organization
• Provide oversight of programs and operations
• Evaluate risk and ensure establishment of effective compliance
programs
….Withing the context of:
• Recognizing appropriate role of the Board versus management
• Observing fiduciary duties
10. evolution Fiduciary Duties of Nonprofit Directors
actioninto
Nonprofit directors and officers owe fiduciary duties to
the nonprofit entity itself: (1) duty of obedience, (2) duty
of care, and (3) duty of loyalty
• Consider how the current crisis impacts fiduciary
obligations
11. evolution Fiduciary Duties – Duty of Obedience
actioninto
Duty of Obedience
• Nonprofit directors must not engage in ultra vires acts –
acts that the nonprofit, under its governing documents and
applicable law, cannot perform because such acts are
prohibited or beyond the scope of the corporation’s powers
• Critically, directors must be faithful to the nonprofit’s
mission and ensure that its activities are consistent with,
and advance, its exempt purposes
12. evolution Fiduciary Duties – Duty of Obedience
actioninto
Duty of Obedience in Emergency Actions
• Check governing documents and applicable law!
• Consideration of validity of board meetings and action:
what is typically required?
• “Emergency” powers: (1) quorum for board action,
(2) modification of lines of succession to accommodate
incapacity of directors/officers, (3) notice of board meeting,
(4) alternative directors
13. evolution Fiduciary Duties – Duty of Care
actioninto
Duty of Care: requires that a director devote sufficient
time, exercise diligence and use reasonable judgement to
ensure that the nonprofit is run prudently and with due regard
for its tax-exempt purposes
• This may be more accurately described as a “duty to be
informed” – directors should be informed about an issue
before making decisions, ask appropriate questions, be
active and engaged in deliberations
• Directors are not expected, or legally required, to be
experts on everything – can rely on Board committees,
outside advisors and staff, where reasonable
Consideration of extra burdens during COVID-19 crisis!
14. evolution Fiduciary Duties – Duty of Loyalty
actioninto
Duty of Loyalty: requires that a director act solely in the
best interest of the organization rather than own best
interests, or those of the director’s associates
• One important aspect of the duty of loyalty is to retain the
confidentiality of information that is explicitly deemed
confidential by the organization, as well as information that
appears to be confidential from its nature or matter
• The duty of loyalty also encompasses a director’s obligation
to avoid conflicts of interest – a violation of this duty may
result in personal liability for the director, and allow a court
to void a transaction in which a conflict was present
Importance of establishing and enforcing a conflict of
interest policy!
15. evolution Fiduciary Duties – Business Judgment Rule
actioninto
Business Judgment Rule: in general, if a board of
directors properly exercises its fiduciary duties, its members
will be protected from liability for their actions
• A business decision is presumed reasonable if the directors
act on an informed basis, in good faith and in the
honest belief that the action is in the best interests of
the nonprofit
• Presumption can be overcome with a showing that the
board acted with gross negligence – but possible, and
greater likelihood of reputational risk
• There is also liability protection for volunteer directors
under federal and (some) state law
16. 16
Polling Question #2
Which of the following fiduciary
responsibilities apply to a Nonprofit
Board.
A. Duty of Care
B. Duty of Loyalty
C. Duty of Obedience
D. All of the above
evolution
action
17. evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
NOT-FOR-PROFIT FRAUD RISKS
KEN YORMARK, CPA, CFE, CFF, CAMS
PARTNER, & FORENSIC & LITIGATION SERVICES PRACTICE LEADER
CITRIN COOPERMAN
18. evolution The Factors of Fraud
actioninto
The Fraud Triangle
• Perceived pressure - personal financial pressure or work-
related
• Rationalization - finding good reasons for doing things that
we know are wrong.
• Opportunity – perception that an opportunity exists
The 20 / 60 / 20 Rule
19. evolution Not For Profits Fraud Susceptibility
actioninto
• Tend to place executive control in their founder, executive director,
or substantial contributor
• Focus funds on their core service
• Often engage untrained volunteers
• Boards comprised of volunteers
• Transactions tend to be non-reciprocal
• Susceptible to negative publicity
20. evolution Frauds Commonly Committed Against NFPs
actioninto
• Credit card abuse
• Fictitious vendor schemes
• Conflicts of interest
• Payroll schemes
• Deceptive fundraising practices
• Failing to comply with donor-imposed restrictions on a gift
• Fraudulent financial reporting
• Misclassifying fundraising & administrative expenses to mislead donors
• Fraudulent statements of compliance requirements with funding sources
21.
22. evolution Internal Control Questions You Should Consider
actioninto
• Do your controls now operate differently?
• Has your risk changed?
• Has the control owner changed?
• Are alternative control plans in place if individuals
become unavailable?
23. evolution Work From Home Considerations
actioninto
• Current controls are not revised to account for remote workforces
• Reduced oversight and communication across the organization
• Noncompliance with organizational policies or applicable accounting
standards, laws, and regulations
• Confidential data is not adequately protected
• Increased user access or change in job responsibilities may result in lack of
segregation of duties
24.
25. evolution Fighting Fraud
actioninto
• Establish effective internal controls
• Establish a fraud hotline
• Red flags of fraud to be aware of:
• Bank reconciliations not performed in a timely manner
• One individual has control over disbursements
• Altered documents
• Inventory shortages
• Employees living beyond their means
• Accounts receivable open for long periods of time
• Donors not receiving receipts for contributions
26. evolution Suspecting Fraud
actioninto
• Do nothing - avoid bad publicity or hope that the problem will disappear
• Attempt to handle the issue internally
• Engage law firm and/or forensic accountants
• Identify how the loss occurred,
• Preserve any available evidence,
• Quantify the loss,
• Control the flow of information and
• Minimize the loss.
• At completion – aide management in establishing adequate fraud
prevention and risk management policies
27. evolution Lessons Learned
actioninto
• It starts with the tone at the top
• Most frauds are detected through tips or by accident
• The higher an individual’s position the greater their ability to
commit fraud.
• Don’t rely upon annual audits
• Sufficient insurance coverage should be in place.
28. 28
Polling Question #3
Are you confident that your company has
made the necessary changes to its
internal controls in light of the remote
world we are currently functioning in?
A. Yes
B. No
C. Not Sure
evolution
action
29. evolution COVID -19 UPDATE
TITLE
actioninto
• TBD
TECHNOLOGY, RISK ADVISORY, AND
CYBERSECURITY (TRAC)
DAVID ROATH, CPA
PARTNER AND TRAC PRACTICE LEADER
CITRIN COOPERMAN
30. 30
30
ABOUT OUR TRAC PRACTICE
TRAC Overview
In today’s environment, companies are exposed to mounting
risks associated with increased business complexity, technology
challenges, the growing regulatory environment, and
cybersecurity threats and breaches.
Business walks a fine line between risk and reward. Citrin
Cooperman’s Technology, Risk Advisory, and Cybersecurity
Practice (TRAC) offers integrated services in the areas of:
• IT Risk
• Risk Advisory including internal audits, SOX, and compliance
• Cybersecurity and privacy
We help focus on risk, so you can focus on what counts – your
business. Let us help you stay OnTRAC!
TECHNOLOGY, RISK ADVISORY, AND CYBERSECURITY (TRAC)
31. 31
31
THE PRE-COVID CYBER THREAT LANDSCAPE
15.1 Billion Records Were
Lost, Stolen, or Exposed In
2019
Increase In the Number of
Breaches in 2019 vs 2018:
284%
There Is a Cyber Attack
Every 39 Seconds
43% of Cyber Attacks
Target Small Businesses
91% of Breaches Are the
Result of Phishing Attacks
Average Days to Detect a
Breach: 206
Average Days to Contain a
Breach: 73
Average Cost of a Breach Is
39.5% Higher When
Unprepared
32. 32
32
2019
THE PRE-COVID CYBER THREAT LANDSCAPE
• No industry or sector is spared
• Breaches are more sophisticated, on a larger scale,
and have greater impact
• Data breaches have serious financial consequences
for organizations
• According to the Ponemon Institute’s most recent
annual study, the average organizational cost of a
data breach in 2019 was $8.2 million, or $150 per
compromised record
• COVID increases the likelihood of a data
breach at a time when companies are ill-
equipped to deal with the repercussions
• WFH distractions combined with 18,000,000
spear-phishing emails per day is creating a
perfect storm
• The recession created by COVID makes it
more difficult for companies to recover from
an attack
2016
2017
2008
2009
2010
2011
2012
2013
2014
2007
2015
HackingTeam
2018
2020
33. 33
33
CYBERSECURITY AND PRIVACY RISKS
A set of scenarios based on impacts to Assets by potential
Threats and their ability to leverage Vulnerabilities
ASSETS
Processes, information, and systems with
varying degrees of value to the organization
THREATS
Actors that are motivated to attack or
misuse your assets
VULNERABILITIES
Flaws, control weaknesses, or exposures of
an asset to compromise
UNDERSTANDING
YOUR RISK
35. 35
35
KNOW WHAT THE HACKERS ARE AFTER
MOTIVATIONS & INCENTIVES
Defense, National
Security, Critical
Infrastructure
36. 36
36
THE COST OF A BREACH
• Fines and penalties
• Technology expenditures
• Forensics
• Legal counsel
• Notification
• Downtime
• Reputation
37. 37
37
FROM BAD TO WORSE: CYBERSECURITY IN THE
COVID ERA
Working From Home: The Risks (Cybersecurity & Privacy)
• Technology
• VPN networks set-up recently “in a rush” to allow employees to work from home
• Vulnerabilities can result from the usage of unsecured personal computers and networking
equipment (e.g., routers)
• A remote workforce can make it more difficult for IT staff to monitor and contain threats to network
security
• Unsecured video conferencing
• Social Engineering
• Attacks are up over 600% since February 2020
• Potential distractions increase likelihood of successful spear-phishing and malware attacks
• Other Risks
• Workforce reductions could lead to disgruntled employees
• Privacy concerns (e.g., family, Amazon Echo, etc.)
40. 40
40
NFP CYBERSECURITY AND PRIVACY DISRUPTERS: HOT
TOPICS
1 Governance and Risk Assessment
Vulnerability Management
Third-Party Risk Management
Training and Awareness
2
6
4
Incident Response and Recovery3
Data Security and Privacy Compliance5
41. 41
41
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
GOVERNANCE AND RISK ASSESSMENT
➢ Most NFP administrators do not know their critical systems or data,
and have not thought about the likelihood and impact of a data
breach
➢ You can’t protect what you don’t know you have
➢ It is much easier (and far less expensive) to be proactive versus
being reactive when responding to risk
➢ How mature should a company’s controls be?
The Issue
INDEX
42. 42
42
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
GOVERNANCE AND RISK ASSESSMENT
The Action
➢ Identify and document the following:
➢ Critical systems and sensitive data
➢ Protections that are in place
➢ Outsourced IT providers
➢ Identify and prioritize the threats and threat actors
➢ Where they can originate from
➢ Likelihood of an incident
➢ Impact and cost
➢ Determine how mature the business needs to be
➢ Develop a written information security program
➢ Consider using an industry framework for assessment (e.g., NIST)
➢ Establish a formal cybersecurity committee
INDEX
43. 43
43
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
VULNERABILITY MANAGEMENT
The Issue
➢ Social Engineering
➢ The most efficient path to steal an organization’s data or deliver
ransomware is through the use of social engineering attacks
➢ Spear-phishing emails, USB drives, smishing and vishing attacks
➢ Gmail is blocking more than 100 million phishing emails every day
➢ 94% of malware and 91% of breaches originate with a spear phishing
attack
➢ Whaling attacks are becoming prevalent
➢ Technical vulnerabilities
➢ Every unpatched or misconfigured server, network device, application,
computer, and mobile device is a potential target of attacks
➢ Penetration testing is conducted by only 20% of companies
➢ Equifax is an example of unpatched server leading to a massive
breach
INDEX
44. 44
44
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
VULNERABILITY MANAGEMENT
The Action
➢ For social engineering, utilize a “trust but verify” approach to gauge
employees’ ability to detect and avoid attacks by conducting simulated
social engineering campaigns that include:
➢ Spear-phishing campaigns
➢ USB drive drops
➢ Smishing and vishing simulations
➢ Penetration and/or vulnerability testing
➢ Utilize a professionally-simulated “bad guy” to identify weaknesses
before an attacker does
➢ Conduct tests on a periodic basis, prioritizing and addressing any
vulnerabilities that are identified
INDEX
45. 45
45
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
INCIDENT RESPONSE AND RECOVERY
The Issue
➢ The average cost of a data breach is almost 40% higher when there
is no incident response plan
➢ A study showed that 77% of organizations didn't have formal
cybersecurity incident response plan (CSIRP) applied consistently
across their organization
➢ Without having a plan in place, it is impossible to execute an effective
response when a data breach is occurring
➢ Not having a plan can result in the following:
➢ Extended downtime
➢ Loss of public trust
➢ Compliance penalties
INDEX
46. 46
46
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
INCIDENT RESPONSE AND RECOVERY
The Action
➢ Develop a formalized cyber incident response plan
➢ Clearly define roles and responsibilities
➢ Establish effective methods of communication
➢ Routinely test and improve the plan
➢ Perform viability testing on backups on a regular basis
➢ If your business does not have internal forensic resources, proactively
enlist the aid of a third-party incident response and forensics firm on
retainer
➢ Develop relationships with local law enforcement or similar agencies
INDEX
47. 47
47
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
THIRD-PARTY RISK MANAGEMENT
➢ Third-party services are critical to an NFP organization’s success, and
include:
➢ Technical support providers
➢ Cloud-based financial applications
➢ Security monitoring
➢ Email
➢ Data backup solutions
➢ These providers are not immune to disruption, including those related
to COVID-19, ranging from depleted manpower to insolvency
➢ The pandemic has uncovered many unanticipated issues and
limitations, related to inadequate resources
➢ A service provider may have an overseas workforce located in
an area that has yet to be hit by or will see a resurgence of
COVID-19
The Issue
INDEX
48. 48
48
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
THIRD-PARTY RISK MANAGEMENT
➢ Develop policies and procedures
➢ Components may include purpose, definitions, scope of coverage, roles and responsibilities, monitoring,
exit strategies, governance, and oversight
➢ SOC Report and SLA requirements
➢ Compile a third-party inventory
➢ Utilize business stakeholder surveys, accounts payable vendor listings, and legal and/or procurement
contract databases
➢ Inherent risk assessments
➢ A grading system completed by the business
The Action
INDEX
49. 49
49
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
THIRD-PARTY RISK MANAGEMENT
➢ Require vendor due diligence questionnaires
➢ Completed by the vendor
➢ Determine and evaluate residual risk and perform ongoing monitoring
The Action
INDEX
Inherent Risk Rating
ControlAssessmentRating
Very High High Medium Low Very Low
N T E N T E N T E N T E N T E
Poor Onsite 12
Scoped
Testing
Remote 18
Scoped
Testing
Self-
Assess
24
Scoped
Inquiry
Self-
Assess
As
Needed
Scoped
Inquiry
Self-
Assess
With
Cause
Scoped
Inquiry
Fair Onsite 12
Scoped
Testing
Remote 18
Scoped
Testing
Self-
Assess
24
Scoped
Inquiry
Self-
Assess
As
Needed
Scoped
Inquiry
Self-
Assess
With
Cause
Scoped
Inquiry
Good Remote 12
Scoped
Testing
Remote 18
Scoped
Inquiry
Self-
Assess
24
Scoped
Inquiry
Self-
Assess
As
Needed
Scoped
Inquiry
Self-
Assess
With
Cause
Scoped
Inquiry
Very
Good
Remote 12
Scoped
Testing
Remote 18
Scoped
Inquiry
Self-
Assess
24
Scoped
Inquiry
Self-
Assess
As
Needed
Scoped
Inquiry
Self-
Assess
With
Cause
Scoped
Inquiry
50. 50
50
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
DATA SECURITY AND PRIVACY COMPLIANCE
➢ A business needs to document what type of information it collects so that
it can determine the relevant regulations that need to be met
➢ Different data types have different regulation requirements
➢ Personally identifiable information (PII) State Regulations,
GDPR
➢ Protected Health Information (PHI) HIPAA
➢ Credit card data PCI DSS
➢ Why a company should achieve compliance:
➢ Enhance security
➢ Avoid fines and penalties
➢ Build confidence with customers and business partners
➢ Currently, there is no federal standard, so all 50 states have implemented
their own data breach notification regulations, with 24 states enacting data
security and privacy regulations
➢ If you have employees or customers that live in those states, you may
need to comply with the applicable state requirements
The Issue
INDEX
51. 51
51
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
DATA SECURITY AND PRIVACY COMPLIANCE
➢ Every NFP should assign someone within your organization to be
responsible for enforcing privacy compliance
➢ How to achieve compliance:
➢ Don’t pass responsibility to unqualified individuals
➢ Don’t store sensitive data unless it has a critical business purpose
➢ Document and maintain evidence of your efforts
➢ The typical compliance process involves a gap assessment, followed
by remediation, compliance testing, and the issuance of any reporting
➢ Compliance is not a “one and done” – it is ongoing and requires
sustainment efforts to remain compliant
The Action
INDEX
52. 52
52
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
CYBERSECURITY AWARENESS TRAINING
The Issue
➢ Employees are the weakest link in the security chain and need to be
aware of the risks that could impact their organization, including:
➢ Not being aware of spear phishing and other social engineering
attacks
➢ Not being aware of the importance of handling and securing hard
copies of sensitive data
➢ Not being aware of regulatory compliance requirements
➢ Not being aware of remote and mobile computing best practices
➢ Not being aware of the dangers related to USB drives
INDEX
53. 53
53
NFP CYBERSECURITY AND PRIVACY DISRUPTERS:
CYBERSECURITY AWARENESS TRAINING
The Action
➢ Each business should develop a training program delivery format and
duration that maximizes retention of key concepts for their employees
➢ When to provide training:
➢ During the onboarding process
➢ Annually for all employees
➢ Focused training for anyone with direct contact with PHI, PII, or
other sensitive information
➢ Extra focus should be placed on detecting and avoiding social
engineering attacks
INDEX
54. 54
54
NEXT STEPS
➢ Perform a risk and/or maturity assessment of your organization
➢ Meet relevant regulatory compliance requirements
➢ Implement a robust cybersecurity awareness training program
➢ Develop written information security policies and procedures
➢ Evaluate third-party vendor security policies and procedures
➢ Conduct penetration and vulnerability testing
➢ Establish and test a comprehensive incident response plan
55. 55
55
IT RISK, CYBERSECURITY & PRIVACY SERVICES
IT Risk and Cybersecurity Programs
• Virtual Chief Information Security Officer
(vCISO)
• IT Policy and Procedure Development
• Third-Party Risk Management
• Disaster Recovery / BCP
• IT / Cybersecurity Due Diligence
Cybersecurity & Privacy Business Risk and
Maturity Assessment
• SCORE Report
• Cybersecurity & Privacy Business Risk and
Maturity Assessment
• IT Risk Assessment
Threat and Vulnerability Management
• External and InternalNetwork Attack and
PenetrationTesting
• Spear-Phishing Campaign
• PhysicalSecurity Assessment
• Wireless Network Security Assessment
• Server Security Assessment
• Web ApplicationSecurity Assessment
• Network Device ConfigurationReviews
Incident Breach Preparedness and Response
• Incident Response Preparedness
• CyberSecure Incident Response and Forensics
Business walks a fine line between riskand reward. This set of services helps you manage uncertainty around IT risk, cybersecurity,and privacy, so you can focus on what
counts – your business. Let us help you stay OnTRAC!
Compliance and Frameworks
• Cyber ComplianceServices
▪ PCI, HIPAA, GDPR, NIST, GLBA, CMMC
• Third-Party Assurance
▪ SSAE18 (SOC 1, 2, 3, Cybersecurity)
Data Mapping and Other Data Services
• Data Mapping
• DatabaseCreation and Other Data Services
• Data Analytics
56. 56
Polling Question #4
Do you have an understanding of what the
key application and sensitive data are
that need to be protected at your
company?
A. Yes
B. No
C. Maybe
evolution
action
58. evolution COVID-19 RESPONSE UNIT
actioninto
Find constant, real-time access to tax alerts, industry-specific
communications, and recession preparedness tools you can use to help with
your business needs. Please visit our COVID-19 Response Unit at
(www.citrincooperman.com/CRU).
59. evolution ABOUT CITRIN COOPERMAN’S NOT-FOR-
PROFIT PRACTICE
actioninto
Citrin Cooperman’s dedicated Not-For-Profit Practice forms collaborative partnerships with
not-for-profit organizations to gain a deep understanding of their missions and drive creative
solutions tailored to their unique needs.
We are committed to your compliance, governance, regulatory, and consulting
needs so you can focus on what counts: your mission.
Our team members are active on boards of local not-for-
profit organizations and national associations. This
enhances our ability to serve our clients and demonstrates
our commitment to providing unparalleled service to the
not-for-profit industry.
To learn more about our Not-For-Profit Group and the
services we provide, please click the following link
https://www.citrincooperman.com/industries/not-for-profit.
61. evolution DISCLAIMER
actioninto
These materials provided by Citrin Cooperman & Company, LLP, are intended to provide general
information on a particular subject or subjects and are not an exhaustive treatment of such subject(s)
and are not intended to be a substitute for reading the legislation. Any advice contained in this
communication, including attachments and enclosures, is not intended as a thorough, in-depth
analysis of specific issues. Nor is it sufficient to avoid tax-related penalties. The materials are being
provided with the understanding that the information contained therein should not be construed as
legal, accounting, tax or other professional advice or services. Before making a decision or action that
may affect you or your business, you should consult with Citrin Cooperman & Company, LLP, or
another qualified professional advisor. The materials and the information contained therein are
provided as is, and Citrin Cooperman & Company, LLP, makes no express or implied representations
or warranties regarding these materials. Without limiting the foregoing, Citrin Cooperman & Company,
LLP, does not warrant that the materials or information contained therein will be error-free or will meet
any particular criteria or performance or quality. In no event shall Citrin Cooperman & Company, LLP,
its affiliates, officers, principals and employees be liable to you or anyone else for any decision made
or action taken in reliance on the information provided in these materials. The information and content
provided in these materials is owned by Citrin Cooperman & Company, LLP, and should only be used
for your personal or internal use and should not be copied, redistributed or otherwise provided to third
parties.