New Provisions for 2026 May Affect Your Tax Planning

The many tax-related provisions that went into effect last year after the One Big Beautiful Bill Act (OBBBA) was signed into law are affecting 2025 federal income tax returns being filed now. However, some OBBBA provisions aren’t taking effect until this year. Plus, some changes under previous legislation are also taking effect in 2026. Here’s an overview of new tax provisions that individuals and businesses need to consider when conducting their 2026 tax planning.

Tax provisions affecting individual taxpayers

Changes going into effect for individual taxpayers this year include:

New charitable contribution deduction for nonitemizers. For 2026 and future years, the OBBBA reinstates the COVID-era deduction for cash donations to qualified charities by taxpayers who claim the standard deduction, subject to an increased annual limit of $1,000, or $2,000 for joint filers. (The limits were $300 and $600, respectively, for 2021 when this nonitemizer deduction was last available.)

The definition of “cash donation” may be broader than you think. It includes gifts made by debit or credit card, check, electronic bank transfer, online payment platform, and payroll deduction. If you make such gifts in 2026, be sure to retain proper substantiation so you can deduct them when you file your return next year.

New floor on charitable deduction for itemizers. Under the OBBBA, if you itemize deductions rather than claiming the standard deduction, your otherwise allowable charitable deductions are limited to the amount that, in aggregate, exceeds 0.5% of your adjusted gross income (AGI). Put another way, your 2026 charitable deduction is limited to the amount that exceeds 0.5% of your 2026 AGI.

If you’ll be affected, you may want to “bunch” donations into alternating years to minimize the negative impact of the new floor. (If you won’t itemize deductions in the nonbunching years, consider making cash donations up to the nonitemizer charitable deduction limit in those years.)

New limit on itemized deductions for taxpayers in the 37% tax bracket. Generally, this OBBBA limitation for 2026 and subsequent years means that the tax benefit from itemized deductions for taxpayers in the 37% bracket will be treated as if they were in the 35% bracket. For 2026, the 37% bracket starts when taxable income exceeds $640,600 for singles and heads of households, $768,700 for married couples filing jointly, and $384,350 for married couples filing separately.

If you may be affected, factor this into your 2026 tax planning so you don’t overestimate the tax savings your itemized deductions will provide.

Alternative minimum tax (AMT) exemption changes. You must pay the AMT if your AMT liability exceeds your regular tax liability. The top AMT rate is 28%, compared to the top regular ordinary-income tax rate of 37%. But the AMT rate typically applies to a higher taxable income base. An AMT exemption is available, but it phases out when AMT income exceeds certain levels.

Under the OBBBA, those thresholds revert to their 2018 levels for 2026 (i.e., removing the inflation adjustments made for 2019–2025), and they’ll be adjusted annually for inflation in subsequent years. Also, the OBBBA effectively phases out the exemption twice as fast beginning in 2026. The 2026 phaseout ranges are $500,000–$680,200 for singles and heads of households and $1,000,000–$1,280,400 for joint filers (half those amounts for separate filers), compared to the 2025 ranges of $626,350–$978,750 and $1,252,700–$1,800,700, respectively. Both changes mean more taxpayers could be subject to the AMT in 2026.

If it’s looking like you’ll be subject to the AMT this year, consider accelerating income and short-term capital gains into 2026. This may allow you to benefit from the lower maximum AMT rate. Also consider deferring expenses you can’t deduct for AMT purposes until next year, such as state and local taxes (SALT). You may be able to preserve those deductions — but watch out for the annual limit on the SALT deduction. Additionally, if you defer expenses you can deduct for AMT purposes to next year, such as charitable donations, the deductions may become more valuable because of the higher maximum regular tax rate.

New tax-advantaged Trump Accounts. Created under the OBBBA, these accounts are available to U.S. citizens under 18. Contributions to a properly established account can begin on July 4, 2026. Generally, up to $5,000 per year can be contributed. Although contributions aren’t tax deductible, the account can grow tax-deferred until the child is 18, when it converts into a traditional IRA.

Eligible children born between January 1, 2025, and December 31, 2028, whose parents have elected to participate in a pilot program, will receive a one-time, tax-free $1,000 federal contribution to their accounts. The $1,000 government contribution doesn’t count against the annual limit. So, if your child (or grandchild) is born this year, up to $5,000 could be contributed to his or her Trump Account in 2026 on top of the $1,000 from the government.

Increase in tax-free 529 plan withdrawal limit for qualified elementary and secondary school expenses. Distributions used to pay qualified expenses are income-tax-free for federal purposes and potentially also for state purposes, making the tax deferral a permanent savings. In recent years, certain elementary and secondary school expenses of up to $10,000 per year per beneficiary have been considered qualified and thus eligible for tax-free treatment.

Only tuition qualified through July 4, 2025. Under the OBBBA, various additional expenses after July 4, such as books, instructional materials and certain fees, also qualify. Beginning in 2026, the annual limit increases to $20,000 per year per beneficiary.

So, you may be able to take advantage of more tax-free funds from your child’s 529 plan to pay his or her elementary and secondary school expenses in 2026. And you may want to increase your contributions to your child’s (or grandchild’s) 529 plan so that funds are available in the account to take advantage of the increased limit in the future.

New Roth requirement for higher-income taxpayers’ catch-up contributions. Beginning in 2026, new rules under the SECURE 2.0 Act (signed into law in 2022) require higher-income participants in 401(k), 403(b) and 457(b) retirement plans to make any catch-up contributions as after-tax Roth contributions. For 2026, this requirement applies to participants with 2025 Social Security wages exceeding $150,000. That threshold will be annually adjusted for inflation.

If you’re subject to this limit, no longer being able to make pretax catch-up contributions could increase your 2026 taxable income. This, in turn, could push you into a higher tax bracket and impact your eligibility for various tax breaks. You may want to consider other steps for reducing your income in 2026, such as minimizing sales of stock or other investments that would generate capital gains income (or offsetting gains by selling other investments at a loss).

Elimination of certain energy-efficiency credits for homeowners. The OBBBA repealed two credits for taxpayers who take steps to make their homes more energy efficient, such as installing energy-efficient windows or adding solar panels: 1) the Energy Efficient Home Improvement Credit for qualified improvements to an existing home and 2) the Residential Clean Energy Credit for both existing and newly constructed homes. The credits aren’t available for any property placed in service after December 31, 2025.

Tax provisions affecting businesses and their owners

Business-related changes going into effect this year include:

Expansion of the income ranges over which the Section 199A qualified business income (QBI) deduction limitations phase in. Under the OBBBA, for 2026 and beyond, instead of the distance from the bottom of the range (the threshold) to the top (the amount at which the limit fully applies) being $50,000, or, for joint filers, $100,000, it’s $75,000, or, for joint filers, $150,000. This will allow larger deductions for some taxpayers.

For 2026, the ranges are $201,750–$276,750 (up from $197,300–$247,300 for 2025), double those amounts for married couples filing jointly. The threshold amounts will continue to be annually adjusted for inflation.

Consider the potential impact of the limit phase-ins on your 2026 QBI deduction. There may be steps you can take to make the most of the significantly expanded phase-in ranges.

Reduction of the threshold for the excess business loss limitation. The deductions for current-year business losses incurred by noncorporate taxpayers generally can offset income from other sources, such as salary, self-employment income, interest, dividends and capital gains, only up to the annual limit. “Excess” losses are carried forward to later tax years and can then be deducted under the net operating loss rules.

The OBBBA makes the limit permanent and reduces the threshold at which the limitation goes into effect. For 2026, the threshold is $256,000 (down from $313,000 for 2025), double that amount for joint filers. The threshold will be adjusted for inflation annually going forward.

If you’ll be affected by this change, you may want to adjust your individual tax planning strategies to help make up for a reduced loss deduction. You also might consider making changes to your business strategy to avoid generating losses that would be suspended until later years because of the lower excess business loss limitation threshold.

New option for claiming the family and medical leave credit. The OBBBA permanently extended the employer tax credit for paid family and medical leave, which was scheduled to expire on December 31, 2025. For 2025, the credit amount ranged from 12.5% to 25% of eligible wages paid to qualifying employees for up to 12 weeks of paid leave.

Beginning in 2026, the OBBBA allows employers to claim the credit for the same percentage of insurance premiums paid or incurred during the tax year for active family and medical leave coverage. You can’t claim the credit for both wages and premiums, however.

If you don’t currently offer paid family and medical leave, consider whether funding it with insurance premiums eligible for the credit would make doing so feasible while helping to achieve other business goals, such as increasing employee retention. If you do offer paid family and medical leave, you’ll need to look at whether claiming the credit for actual wages paid to employees on leave or for insurance premiums will save you more tax. (If you offer paid leave but don’t fund it with insurance, you may want to revisit whether insurance would make sense for your business now that premiums are eligible for the credit.)

Elimination of certain clean energy incentives. The Section 179D deduction for energy-efficient commercial buildings allows owners of new or existing commercial buildings to immediately deduct the cost of certain energy-efficient improvements rather than depreciate them over the 39-year period that typically applies. The base deduction is calculated using a sliding scale, ranging for 2026 from $0.59 per square foot to $5.94 per square foot, depending on energy savings and whether specific prevailing wage and apprenticeship requirements have been met. The OBBBA eliminates the deduction for property that begins construction after June 30, 2026.

The Section 30C alternative fuel vehicle refueling property credit is for property that stores or dispenses clean-burning fuel or recharges electric vehicles. The credit is worth up to $100,000 per item (each charging port, fuel dispenser or storage property). The OBBBA eliminates the credit for property placed in service after June 30, 2026.

If you’re considering one of these clean energy investments, you may want to act soon so you can be eligible for the associated tax break before it’s eliminated.

Begin planning now

All the tax law changes can be overwhelming. If you need help understanding how these provisions might affect your tax strategies, contact us. We can help you develop a plan to reduce your tax liability so you can keep more of your hard-earned income while staying compliant.

Why Michigan businesses are vulnerable to attacks their security tools can’t detect

You see an emoji in a file. 😊

Your security software sees an emoji.

But buried inside that innocent-looking smiley face is malicious code designed to steal your data, deploy ransomware, or create a backdoor into your network.

And because it looks like a harmless emoji, your defenses never catch it.

Emoji smuggling is happening right now and targeting businesses just like yours with an attack method your current security tools weren’t designed to detect.

Here’s what you need to know.

What’s Really Inside That Emoji

Emoji smuggling is exactly what it sounds like: hackers hiding malicious code inside unicode characters like emojis, special symbols, and non-English characters.

The technique exploits how computers process text. Every character you see on screen from letters, numbers, emojis is represented by code in the background. Unicode is the standard that defines those representations, supporting everything from A-Z to 😊 to 中文.

Here’s what makes it dangerous:

Attackers embed malicious instructions inside these unicode characters. Your security tools scan the file and see… emojis. Nothing suspicious. File approved.

But when that file executes, the hidden code unpacks and runs. Ransomware deploys. Data gets stolen. Backdoors get installed.

Emoji smuggling attacks have surged in 2024-2025 as attackers discovered that traditional security defenses can’t detect them. And the problem is accelerating in 2026.

Why your security tools miss it:

Antivirus scans for known malware signatures, patterns of malicious code it recognizes. Emojis don’t match any malware signatures.
Email filters look for suspicious links, known bad attachments, and dangerous file types. An Excel file with emojis looks completely normal.
Endpoint detection tools watch for suspicious behaviors like unusual network connections or file modifications. But the malicious code stays hidden until it’s too late to stop.

The attack succeeds because it doesn’t look like an attack.

The Four Steps of an Emoji Smuggling Attack

You don’t need a computer science degree to understand why this is so effective.

Here’s the attack flow:

Step 1: Attackers create the payload
They write malicious code, ransomware, data theft tools, backdoor access scripts, and embed it inside unicode characters. Emojis work well because they’re common, expected, and ignored by security tools.

Step 2: They insert it into a file
That malicious payload gets hidden in an Excel spreadsheet, a Word document, an email message, or even a software script. To anyone looking at the file, it just contains data and a few emojis.

Step 3: Your security scans and approves it
Your antivirus checks for known threats. Your email gateway scans for malicious attachments. Your EDR looks for suspicious patterns. None of them flag emojis as dangerous. The file gets delivered.

Step 4: The code executes
When the file opens or the script runs, the hidden instructions unpack and execute. By the time your security tools detect unusual activity, the attack is already underway.

The key problem: Your defenses are looking for what malware looks like. Emoji smuggling changes what malware looks like, so your defenses don’t recognize it.

Three Ways This Attack Reaches Michigan Businesses

Let’s make this concrete. Here are three scenarios Michigan businesses are facing right now.

Scenario 1: The Vendor Invoice That Wasn’t

Your accounts payable manager receives an Excel file from what appears to be a regular supplier. The file name is normal: “Invoice_March2026.xlsx.” The sender’s email looks legitimate.

They open it. The spreadsheet contains invoice data, line items, quantities, prices, and a couple of emojis in cells (✅ for approved items, ⚠️ for items needing attention). Nothing unusual.

Your endpoint detection software doesn’t flag it. The file opens normally.

What they don’t see: malicious code hidden in those unicode characters, now executing in the background. Within hours, ransomware begins encrypting files across your network.

Scenario 2: The Urgent Email from Your Bank

Your CFO gets an email that appears to be from your bank. The subject line contains a ⚠️ emoji and reads “URGENT: Suspicious activity on your account.”

The message looks legitimate. The formatting matches your bank’s style. The sender address looks right. Because the malicious payload is hidden in special unicode characters throughout the email, your email security gateway doesn’t detect anything wrong.

Your CFO clicks the link to “verify your account.” Credentials get compromised. By the time you realize what happened, unauthorized wire transfers are already processing.

Scenario 3: The Software Update You Trusted

Your business uses accounting software from a reputable vendor. You receive a notification that an update is available. You install it, just like you’ve done dozens of times before.

What you don’t know: the vendor’s update server was compromised. The update contains code with smuggled malicious instructions hidden in special characters. Your business installs it. The code executes silently in the background.

Weeks later, you discover a backdoor has been active for months, quietly exfiltrating financial data to an attacker’s server.

What all three scenarios have in common:

Traditional security tools didn’t flag them as threats
The attacks looked completely normal to employees
By the time the breach was discovered, significant damage was done

And none of them required sophisticated hacking. Just an understanding of how unicode characters bypass security filters.

The Security Gap Most Michigan Businesses Don’t Know About

If you’re thinking “this sounds like something that only targets big corporations,” you’re making a dangerous assumption.

Here’s why small and mid-size Michigan businesses are at risk:

You’re Relying on Traditional Security Tools

The antivirus, email security, and endpoint detection solutions protecting most businesses with 20-150 employees were built to catch known threats. They’re effective against ransomware variants they’ve seen before, phishing emails with obvious red flags, and malware that matches established patterns.

Emoji smuggling is too new. The attack signatures don’t exist yet. Your defenses are looking for the wrong thing.

Attackers Know You’re Not Prepared

Cybercriminals run automated campaigns against hundreds of small businesses simultaneously. They’re not hand-picking high-value targets. They’re casting a wide net and exploiting whoever’s vulnerable.

You don’t need to be a Fortune 500 company to be targeted. You just need to be accessible and if your security can’t detect unicode-based attacks, you’re accessible.

Your Security Team Hasn’t Heard of This Yet

Even experienced IT professionals are just learning about emoji smuggling in 2026. This isn’t a criticism, it’s reality. New attack methods emerge faster than training programs can keep up.

If your in-house IT person or current managed services provider hasn’t briefed you on emoji smuggling and how to defend against it, they’re behind the curve. Not because they’re bad at their job, but because the threat landscape is evolving faster than traditional security approaches can adapt.

Most Michigan businesses are protected against last year’s threats, not this year’s.

Five Defenses That Stop Unicode-Based Attacks

Here’s what doesn’t work: hoping your current defenses are enough.

Standard antivirus won’t catch it. Basic email filtering won’t stop it. And your employees won’t spot it, emoji smuggling is designed to be invisible to human eyes and traditional security tools.

Here’s what does work:

1. Advanced Threat Detection with Behavioral Analysis

Security tools that watch for what code does rather than what code looks like.

YeoDefense EDR/XDR uses behavioral detection to catch malicious activity even when the attack method is brand new. If code starts behaving suspiciously, encrypting files it shouldn’t touch, connecting to unusual servers, escalating privileges without authorization, YeoDefense stops it before damage occurs.

It doesn’t matter if the attack is hidden in an emoji, a PDF, or a software update. Malicious behavior gets detected regardless of how it arrived.

2. 24/7 Security Monitoring with Real Human Analysts

Emoji smuggling attacks often execute outside business hours when no one’s watching.

YeoSecure’s Security Operations Center monitors your network around the clock with real security analysts, not just automated alerts. When something unusual happens at 2 AM on a Saturday, they investigate immediately, contain the threat, and respond before it becomes a full breach.

Automated tools generate alerts. Human analysts understand context, identify sophisticated attacks, and stop them in real-time.

3. Email Security with Advanced Threat Protection

Multi-layer email filtering that analyzes attachments and links for unusual behavior, not just known malware signatures.

Our email security solutions examine files for anomalies, unusual unicode patterns, suspicious macros, embedded scripts that don’t match typical business communications. Catches unicode-based attacks before they reach employee inboxes.

4. Security Awareness Training That Stays Current

Your employees need to know that even legitimate-looking files can hide threats.

Quarterly security awareness training keeps teams alert to emerging attack methods like emoji smuggling. Employees learn to verify unexpected files, question urgent requests, and report suspicious activity, even when everything looks normal.

Training isn’t a one-time checkbox. Threats evolve every quarter. Your team’s awareness needs to evolve with them.

5. Regular Security Assessments

What was secure six months ago isn’t secure today.

Regular security assessments identify new vulnerabilities before attackers exploit them. We test whether your current defenses can detect emerging threats like emoji smuggling, supply chain attacks, and AI-powered phishing, and show you exactly what needs to change.

The key principle: Layered defense.

No single tool stops everything. You need behavioral detection, 24/7 monitoring, advanced email filtering, trained employees, and regular assessments, all working together, managed by professionals who stay ahead of emerging threats.

That’s how real protection works in 2026.

Don’t Wait for Emoji Smuggling to Reach Your Network

Emoji smuggling is happening right now, targeting businesses just like yours, using a method your current security tools weren’t designed to catch.

Staying protected means adapting to new threats before those threats become breaches.

Can your current security detect attacks that don’t look like attacks?

Find Out Where You Stand

Schedule a complimentary 30-minute security consultation with Yeo & Yeo Technology.

We’ll assess whether your current defenses can detect emerging threats like emoji smuggling, AI-powered attacks, and unicode-based malware, and show you exactly what needs to change to stay protected.

Schedule Your 30-Minute Security Consultation

At Yeo & Yeo Technology, we’ve been protecting Michigan businesses for over 20 years. We answer our phones. We show up on-site. And we stay ahead of emerging threats so you don’t have to.

Many businesses offer health care and dependent care flexible spending accounts (FSAs) as part of their employee benefits package. These plans provide valuable tax savings to employees and payroll tax savings to employers.

If your company operates a calendar-year FSA with a 2½-month grace period, employees have until March 15 to incur eligible expenses for their 2025 plan balances. After that, any unused 2025 funds may be forfeited under the “use-it-or-lose-it” rule. Here’s a refresher on how FSAs work and what employers can do with forfeited balances.

The basics

Under an employer-sponsored FSA plan, employees may be able to contribute a portion of their pay to a:

Health care FSA. These accounts may be used for qualifying out-of-pocket medical, dental and vision expenses for the employee and his or her spouse and/or qualified dependents. For 2026, the maximum employee contribution to a health care FSA increases to $3,400 (from $3,300 in 2025). (The limit is annually indexed for inflation.)

Dependent care FSA. These accounts may be used for qualifying child care or adult dependent care expenses. For 2026, under 2025 tax legislation, the dependent care FSA contribution limit increases to $7,500 per household ($3,750 for married couples filing separately). The limit for 2025 was $5,000 ($2,500 for separate filers). (The limit isn’t inflation-indexed, so it won’t go up in the future unless another increase is passed by Congress and signed into law.)

Employee contributions are made on a pretax basis, reducing federal income tax, Social Security tax and Medicare tax (and often state income tax). The FSA plan directly pays or reimburses employees for qualified expenses, and the payments or reimbursements are tax-free.

Use-it-or-lose-it rule

If employees don’t use their full FSA balances by the end of the plan year, leftover balances generally revert to the employer under the use-it-or-lose-it rule. However, there are two exceptions:

An FSA plan can allow a grace period of up to 2½ months. Most FSA plans operate on a calendar-year basis. For a calendar-year FSA plan, the grace period gives employees until March 15 of the following year to incur qualified expenses to drain their unused FSA balances from the previous year.
A health care FSA plan can allow employees to carry over up to an annually inflation-indexed amount of unused balances from one year to the next. The amount that can be carried over from 2026 to 2027 is $680 (up from the $660 that could be carried over from 2025 to 2026).

It’s important to note that a health care FSA plan can offer either the carryover or the grace period, but not both. Dependent care FSA plans can offer only the grace period, not the carryover.

Options for forfeited FSA funds

After any applicable grace period ends, or after applying any permitted health care FSA carryover, employers may retain forfeited balances under IRS cafeteria plan rules. Many businesses use the funds to offset plan administrative expenses.

Other permitted uses generally include, on a reasonable and uniform basis: 1) reducing the amount employees need to contribute in a future year to reach a certain FSA balance (for example, employees need to contribute only $950 to have a $1,000 FSA balance, with the extra $50 funded by forfeited balances from a previous year), or 2) returning amounts to participants (typically treated as taxable wages and subject to payroll taxes and income tax withholding).

Forfeitures can’t be returned to plan participants based on individual claims experience. Any allocation of returned funds must be nondiscriminatory and consistent with plan terms.

Natural check-in point

Around the grace-period deadline is a natural time for business owners to review how their FSA plans handle unused balances. It’s also a good opportunity to confirm that your current plan design, including grace period or carryover provisions, aligns with your employees’ needs and your administrative practices. Contact us to help review and modify your FSA plan provisions, handle forfeitures properly and prepare for next year’s enrollment cycle.

You know you need to implement Copilot. But where do you start?

Do you hire a security consultant first? Do you need a separate vendor for change management? You can end up spending weeks researching vendors and comparing proposals, all while your competitors are already deploying and gaining an edge.

Piecemeal Copilot implementation is expensive, time-consuming, and risky. What you need is a clear path forward, not another vendor comparison spreadsheet. A successful rollout proves value at every stage, builds momentum through early wins, and scales based on documented results, not assumptions.

While every company’s path is unique, a phased approach is the most effective way to achieve high adoption and a strong return on investment with Copilot. The framework below is a solid starting point; however, the key to success is to customize it to your company’s unique environment, needs, and goals.

Phase 1: Assess Your Readiness

Before you buy a single license, the goal is to understand your current state. A comprehensive evaluation of your Microsoft 365 environment and business readiness is critical.

Key Areas to Assess:

Security & Compliance: Examine your MFA status, conditional access policies, data classification readiness, DLP policy configuration, and permissions sprawl across SharePoint and OneDrive. For businesses in regulated industries, review industry-specific compliance requirements to ensure Copilot deployment won’t create regulatory exposure.
Workflow & Use Cases: Identify which processes consume the most time, pinpoint where employees are doing repetitive knowledge work, and uncover your highest-ROI use cases. For manufacturing, this might be automating production reports. For financial services, it could be drafting client communications. Find what matters for your business.
Team & Licensing Readiness: Evaluate your team’s current Microsoft 365 adoption, review past technology rollouts, and assess executive sponsorship. Also, review your current licensing to recommend the right approach for your deployment.

Why This Phase Matters: Companies that skip this assessment don’t know their security gaps until data is exposed, and can’t prove ROI because they didn’t establish a baseline. A proper assessment is insurance against wasting your investment. You’ll know your security gaps, your projected ROI, and who should pilot Copilot first.

Phase 2: Prepare Your Environment

Once you know you’re ready, it’s time to lock down security and set up your pilot for success. These tasks should be completed before starting your pilot.

What This Phase Includes:

Security Hardening: Implement the critical security controls identified in your assessment, such as configuring MFA, setting up DLP rules, and cleaning up overshared permissions. This ensures your data is protected before Copilot can access it.
Pilot Preparation: Select pilot users based on criteria that ensure success—they are tech-savvy but realistic users with a high volume of repetitive work. Procure the initial licenses and configure usage-tracking dashboards.
Communication: Announce the pilot program, explain the selection criteria to prevent frustration from non-pilot users, and set clear expectations for the timeline.

Why This Phase Matters: The temptation is always to “just get started.” But security issues discovered after deployment require emergency fixes while Copilot is live, like replacing your brakes while driving on the highway. Proper preparation prevents costly problems.

Phase 3: Pilot and Prove ROI

This is where theory becomes practice. The goal is to prove ROI with a small, supported group before committing to a full deployment.

How to Structure a Successful Pilot:

Role-Specific Training: Provide hands-on workshops tailored to your pilot users’ roles, not generic webinars. Generic training teaches “here’s what the tool can do.” Role-specific training teaches “here’s how it saves you 2-4 hours per week in your actual work.”
Active Pilot Period & Measurement: Your pilot group uses Copilot daily in their actual workflows. Document time savings and wins. Measure adoption rates, user satisfaction, and quality metrics to validate ROI against your initial projections.

Why This Phase Matters: Your pilot group becomes your internal sales team. Instead of IT saying, “This tool is great,” you have production managers saying, “I get hours back every week.” According to Gartner research, 70% of digital transformation initiatives fail due to employee resistance. Pilot programs with documented results eliminate that resistance before it starts.

Phase 4: Scale Based on Proven Value

Once your pilot succeeds, you’re ready to expand strategically. The goal is to expand department by department, not deploy to everyone at once.

Effective Scaling Tactics:

Use Pilot Users as Mentors: Each new department gets paired with a pilot champion who can share real results and best practices.
Customize Training: Tailor prompts and training materials to each department’s specific workflows.
Maintain Momentum: Keep the wins visible through regular communication, recognition for power users, and advanced training.
Continuous Improvement: Implement monthly usage reports and quarterly optimization reviews to ensure you’re getting the most out of your investment.

Why This Phase Matters: Scale too fast, and new users get overwhelmed. Scale too slowly, and momentum dies. A strategic pace ensures each department has time to learn, your team isn’t overwhelmed, and adoption stays high.

Why Partner with Yeo & Yeo Technology for Your Copilot Journey?

Comprehensive Specializations: As an experienced Microsoft Copilot partner, we can handle everything from the security assessment and hardening to pilot deployment and adoption support. You’re not coordinating multiple vendors.
Industry Knowledge: A partner who understands your industry knows your challenges, your workflows, and your competitive pressures.
Local Support: A local partner can be there when you need them. You’re not calling a national call center.
Proven Framework: A partner with a proven framework has guided businesses through this journey and knows how to avoid costly mistakes.

Your Next Step: Schedule Your 30-Minute Complimentary Copilot Readiness Consultation

You’re ready to explore if Copilot is right for your business. In a complimentary 30-minute consultation, we’ll discuss and review:

Your current Microsoft 365 environment and potential readiness gaps.
Where Copilot could have the highest impact.
Your security posture and any possible gaps that need addressing.
Potential ROI for your business.

After this strategic session, we can start building a plan for your Copilot adoption journey. This isn’t a sales pitch. It’s a no-obligation consultation designed to give you confidence in your AI adoption decision.

Schedule Your 30-Minute Complimentary Copilot Readiness Consultation

Materiality is a core concept that shapes the entire financial reporting process. In simple terms, materiality helps determine which financial information is significant enough to influence decisions — and which details likely won’t affect the overall picture. Understanding how experienced certified public accountants (CPAs) evaluate materiality can help you prepare reliable financial reports and avoid surprises when working with external advisors.

Materiality defined

Under U.S. accounting standards, financial information is “material” if omitting or misstating it could influence users’ decisions based on the financial statements. Auditing standards apply the same principle, focusing on whether misstatements — individually or in the aggregate — could reasonably influence users’ economic decisions.

Although wording varies slightly across reporting frameworks, the underlying principle remains consistent: Materiality is user-focused and requires professional judgment informed by both quantitative and qualitative factors. It’s not a mechanical percentage test.

How auditors set and apply materiality thresholds

An audit provides reasonable assurance that the financial statements are free from material misstatement. External auditors rely on their professional judgment to determine what’s material for each company, based on such factors as:

Size,
Industry,
Internal controls, and
Financial performance.

When planning an audit, the auditor establishes overall materiality for the financial statements as a whole, often using a benchmark such as a percentage of pretax income, revenue or total assets. The auditor also sets “performance materiality,” a lower threshold used to reduce the risk that undetected misstatements, in aggregate, exceed overall materiality. In some cases, auditors establish separate materiality thresholds for particular high-risk accounts or disclosures.

During fieldwork, materiality affects the nature, timing and extent of audit procedures. It influences sample sizes, risk assessments and which accounts receive more scrutiny. Auditors also evaluate significant year-over-year fluctuations and unexpected trends. For example, if shipping or direct labor costs increased by 30% in 2025, it may raise a red flag, especially if it didn’t correlate with an increase in revenue. Businesses should be ready to explain why costs increased and provide supporting documents (such as invoices or payroll records) for auditors to review.

Auditors may need to reassess materiality if circumstances change from year to year — or even during an engagement. Moreover, auditors must apply significant judgment when evaluating materiality. For instance, a relatively small misstatement may still be material if it masks a trend, affects compliance with loan covenants, triggers management bonuses or involves fraud.

Beyond audits

Materiality also plays a role in other types of accounting engagements. In a financial statement review, the CPA provides limited assurance that financial statements are free from material misstatement. The CPA performs inquiry and analytical procedures and reports whether anything came to his or her attention suggesting the financial statements may be materially misstated. Unlike an audit, a review doesn’t involve detailed testing of transactions or internal controls. However, materiality still plays an important role in designing review procedures and evaluating unusual fluctuations, significant estimates and financial statement disclosures.

In a financial statement compilation, the CPA provides no assurance. The accountant presents financial information in the proper format but doesn’t verify its accuracy. Professional standards require the CPA to consider whether the financial statements appear materially misstated or misleading. If information is incomplete, inconsistent or obviously incorrect, the CPA may need to request revisions — or, in some cases, withdraw from the engagement.

Why it matters

The concept of materiality also has strategic implications for business owners and their internal finance and accounting teams. Not every minor bookkeeping error requires immediate correction, and not every fluctuation deserves the same level of attention. Understanding materiality helps you focus attention where it matters most — on the accounts, estimates and risks that could meaningfully affect profitability, cash flow, debt covenant compliance and overall business value.

Rather than striving for perfection in every minor detail, management can use materiality as a decision-making filter. It supports smarter allocation of accounting resources, more effective internal controls and clearer financial reporting. A shared understanding of what’s truly material also strengthens discussions with lenders, investors and other stakeholders by keeping the focus on the issues that influence business outcomes.

Putting materiality to work for you

Materiality is more than an accounting concept — it’s a practical tool for better financial decision-making. Proactively evaluating significant changes in your financial statements and understanding what matters most to your stakeholders can strengthen your reporting. Contact us to learn more.

Employee benefits can quickly become outdated as tax laws change, new guidance is issued and workforce needs evolve. If your organization sponsors a cafeteria plan, regular checkups are essential to protect its tax-advantaged status and confirm that the plan continues to deliver meaningful value to your team.

Chief objective

Formally defined, a cafeteria plan is an employee benefits arrangement that meets the requirements of Section 125 of the Internal Revenue Code. Its chief objective is to give participants a choice between receiving taxable cash compensation or selecting from a menu of tax-free benefits, such as:

Group term life insurance (up to $50,000),
Accident and health coverage,
Health Flexible Spending Accounts (FSAs),
Dependent care assistance programs, and
Adoption assistance.

Benefits are typically funded through salary reductions, though employers may also provide nonelective contributions. Essentially, participants “buy” benefits with pretax compensation dollars, reducing their taxable income, and the employer-sponsor avoids payroll taxes on those purchases.

It’s a good idea to occasionally discuss with your leadership team and professional advisors whether your plan’s design still suits your organization’s strategic objectives and workforce demographics. After all, flexibility is a major advantage of cafeteria plans.

For example, premium-only plans allocate a portion of employees’ pretax earnings to pay for accident and health insurance. Alternatively, a cafeteria plan may allow employees to make pretax contributions to FSAs or Health Savings Accounts (HSAs). FSAs allow participants to set aside dollars for qualifying medical or dependent care expenses, while HSAs may be used to pay or reimburse qualified medical expenses.

Note: To be eligible to contribute to an HSA, an employee must be covered by a qualifying high-deductible health plan and meet other IRS requirements.

4 best compliance practices

Although cafeteria plans are governed primarily by Sec. 125, many of the underlying benefits they provide — such as health coverage and health FSAs — are generally subject to the reporting, disclosure and fiduciary requirements of the Employee Retirement Income Security Act (ERISA). With this in mind, here are four best compliance practices to follow carefully and emphasize with your staff:

Keep your plan document and, as applicable, summary plan description (SPD) updated and accessible. Sec. 125 requires a written cafeteria plan document. In addition, ERISA-covered benefits generally require an SPD and other disclosures. Participants must receive a current SPD when they first become eligible for coverage and when material changes occur.
Guard against providing benefits to ineligible parties. Only common-law employees may participate in a cafeteria plan on a pretax basis. Partners in partnerships and more-than-2% shareholders in S corporations, for instance, are considered self-employed and therefore ineligible. Allowing them or other ineligible parties to participate can disqualify your plan.
Conduct scheduled nondiscrimination testing. Sec. 125 requires cafeteria plans to satisfy nondiscrimination rules. That means the plan can’t discriminate in favor of highly compensated or key employees with respect to eligibility, contributions or benefits. Sponsors need to test for discrimination at least annually — and more frequently if circumstances change and create compliance risks.

Simplified nondiscrimination testing is available for small businesses (those with fewer than 100 employees) that set up “simple cafeteria plans.” These plans provide a minimum level of benefits to all eligible participants who aren’t highly compensated or key employees.

Keep up with all administrative requirements. Beyond being subject to nondiscrimination testing, cafeteria plans must comply with various recordkeeping, notice and reporting requirements. Depending on the structure of the underlying benefits, certain plan assets may also be subject to ERISA trust requirements. It’s critical to keep up with these requirements and any new or updated federal guidance.

Be a participant pleaser

A cafeteria plan can be a powerful tool for delivering tax-efficient benefits to employees, but it demands careful oversight. Many employers make the mistake of taking a “set it and forget it” approach. Contact us for help conducting a thorough review of your plan and

A comprehensive estate plan does more than simply distribute your assets after your death — it also protects your voice, your values and your loved ones during a difficult moment. One critical yet often overlooked component of an estate plan is a living will.

Living will vs. last will and testament

Many people confuse a living will with a last will and testament, but they aren’t the same. These separate documents serve different but vital purposes.

A last will and testament is what you probably think of when you hear the term “will.” This document details how your assets will be distributed upon your death. A living will (sometimes referred to as a “health care directive”) details your preferences for how life-sustaining medical treatment decisions should be made if you become incapacitated and unable to communicate them yourself.

While many people focus on wills and trusts to manage property after death, a living will addresses critical decisions during your lifetime. Including one as part of your estate plan offers significant personal and financial benefits, such as:

Easing emotional stress on family members. Few situations are more emotionally taxing than making end-of-life medical decisions for a family member. When loved ones are forced to make choices without clear guidance, feelings of guilt and doubt can arise.

A living will can provide clarity and reassurance. It relieves your family of the burden of guessing what you would have wanted. Instead of debating difficult choices, they can focus on supporting one another.

Helping to avoid family disputes. Unfortunately, disagreements over medical treatment can strain even the closest families. Different personal beliefs, religious views or interpretations of “quality of life” can lead to conflict.

By documenting your wishes in advance, you reduce the risk of disputes. Health care providers and family members can rely on a legally recognized document rather than differing opinions. This can help preserve family harmony.

Reducing unnecessary medical costs. End-of-life medical care can be expensive. While financial considerations shouldn’t drive medical decisions, unwanted or prolonged treatments can significantly impact your estate and your family’s financial security.

A living will helps ensure that you receive only the type of care you want — no more and no less. This clarity can prevent costly interventions that don’t align with your preferences, helping to protect the assets you’ve worked hard to build.

Don’t forget powers of attorney

Often, a living will is drafted in conjunction with two other documents: a durable power of attorney for property and a health care power of attorney.

A durable power of attorney identifies someone who can handle your financial affairs, such as paying bills and undertaking other routine tasks, should you become incapacitated. A health care power of attorney becomes effective if you’re incapacitated but not terminal or in a vegetative state. Your designee can make medical decisions on your behalf — for example, agreeing to a surgical procedure recommended by your physician — if you’re unable to do so. But this person can’t officially make life-sustaining choices. That requires a living will.

Seek professional help

Because laws governing living wills vary by state, it’s important to work with qualified professionals in your area to ensure your documents are properly drafted and integrated into your broader estate planning strategy. We can explain how a living will fits within your overall financial and legacy goals. Be sure to turn to your attorney to draft your living will.

If you’re contemplating a sale of your business, you probably know that any serious buyer will scrutinize your financial statements, operations, assets and legal agreements. Conducting your own due diligence now can smooth the buyer review process and ease deal negotiations. Working with financial and legal advisors, you’ll have the opportunity to fix any problems before your business goes on the market.

Anticipate buyer scrutiny

The primary goal of presale due diligence is to evaluate the quality and sustainability of earnings, identify risks, and normalize financial results before giving prospective buyers access to the company’s books. Financial advisors look for anything that could be considered negative or inconsistent by a prospective buyer and, thus, potentially cause the buyer to reduce the offering price — or even terminate the deal.

Presale due diligence generally focuses on financial performance, tax exposure and other matters that buyers might scrutinize. So, your financial advisor may:

Analyze the last three years of financial statements to assess revenue recognition policies, margin trends and earnings before interest, taxes, depreciation and amortization (EBITDA),
Evaluate inventory accounting methods, costing practices and obsolescence risks,
Look for any “off-balance-sheet” liabilities,
Assess compliance with federal and state regulations, such as those related to environmental protection and employee-related taxes,
Review customer and vendor concentrations, related-party transactions, and key contracts,
Evaluate the strength of confidentiality and nondisclosure agreements, and internal control policies, and
Identify any outstanding lawsuits.

Addressing these issues now can reduce seller and buyer uncertainty later.

Evaluating IP issues

Presale due diligence also may require your attorney to assess ownership of key intellectual property (IP) such as patents, trademarks, logos and proprietary software. And your financial advisor may review IP documentation to identify gaps or inconsistencies that could affect asset values.

Such verification is critical to a company’s value, especially in industries such as technology, pharmaceuticals and manufacturing. If, say, your business has only a tenuous claim on an internally developed product, it’s better to learn — and possibly fix — this before a prospective buyer finds out.

Start early

The earlier you start planning and preparing for a sale, the better. Ideally, you should engage a professional with merger and acquisition experience to perform presale due diligence on your business at least six months before going to market. If you’d like to make major changes before selling, such as divesting noncore operations or significantly reducing your company’s debt, give yourself even more time. Contact us with questions.

How do I know if our cybersecurity tools are working?

Good security tools should give regular reports, alerts, and logs. We can review these with you and check whether anything appears unusual or requires improvement.

What’s the difference between a backup and a disaster recovery plan?

A backup saves your data. A disaster recovery plan enables your entire business to resume operations quickly after an outage. You need both.

How can we tell if one of our suppliers is a security risk?

Ask whether they use multi-factor authentication, encryption, and regular security audits. We can help you assess their risk level.

Information used in this article was provided by our partners at MSP Marketing Edge.

Mergers and acquisitions bring momentum, opportunity, and growth, but they also introduce uncertainty. New leadership. New systems. New expectations. In the middle of all that change, IT often becomes one of the most complex and underestimated areas impacted by an M&A.

Whether your organization already has an MSP partner or is evaluating support during a transition, one principle remains critical: stability in IT matters more during M&A than almost any other time.

Why IT Becomes a Pressure Point During M&A

Even when IT isn’t driving the deal, it’s affected by nearly every decision that follows. Common challenges include:

Pressure to consolidate systems quickly
Increased cybersecurity and compliance risk
Limited visibility into existing environments
Disruption to employees’ day-to-day work
Competing priorities that stretch internal teams

When these challenges collide with rushed IT decisions or frequent vendor changes, the result is often downtime, confusion, and risk — exactly what organizations want to avoid during a critical transition.

The Case for Continuity in Managed IT Support

One of the most overlooked risks during M&A is changing IT partners at the same time systems and leadership are already in flux. An MSP with deep knowledge of your environment — or one brought in early enough to understand it — provides:

Context behind existing systems and decisions
Awareness of known risks and dependencies
Consistency in security, support, and response
Fewer surprises during evaluation and integration

Continuity doesn’t mean resisting change. It means making change informed, intentional, and controlled.

How the Right MSP Supports M&A — Without Running the Deal

Managed IT providers don’t manage mergers — but the right partner plays a critical supporting role throughout the process.

That includes:

Providing clarity around current infrastructure and security posture
Supporting approved system changes and integrations
Helping leadership understand what can change quickly — and what should not
Maintaining day-to-day operations so teams can stay productive

This support enables business leaders to focus on strategy and growth, knowing that IT isn’t becoming an added risk.

What Organizations Should Look for in an MSP During M&A

Whether you’re entering an M&A with an existing partner or considering a new one, the right MSP should offer:

A proactive, advisory mindset — not just reactive support
Strong security and compliance practices
Clear documentation and transparency
The ability to adapt as the organization evolves
A partnership approach that prioritizes long-term stability

An MSP should act as an anchor during change — not another variable.

Planning for What Comes Next

M&A is a moment in time. The decisions made during it, however, shape the organization long after the deal closes. IT stability during transition helps protect employees, customers, and the value of the investment itself.

Whether you’re evaluating your current IT support or considering a new MSP as part of an organizational change, having the right partner in place can make all the difference — during the transition and beyond.

Most businesses have a firewall. The problem is that many of them aren’t using it properly. Firewalls don’t just work by being plugged in. They rely on good setup, maintenance, and monitoring to continue performing their job effectively.

And that’s where many SMBs slip up. Here are some common firewall mistakes and how to avoid them.

Using the default settings

When a new firewall is installed, it often comes with “default” or factory settings. These are designed to get things running quickly. But they’re not tailored to your business. Default settings can leave unnecessary ports open or fail to block certain risky types of traffic.

A properly configured firewall should be customized to your specific needs. The size of your business, the types of data you handle, and the tools your team uses. Without that, you’re only getting half the protection you think you have.

Setting and forgetting

This is one of the biggest mistakes of all. A firewall isn’t something you install once and walk away from. Cyberthreats change constantly. What protected you two years ago might not protect you today.

Firewalls need regular updates, just like your phone or computer. These updates address vulnerabilities and instruct the system on how to recognize new attacks. If your firewall hasn’t been updated or reviewed in a while, it may be quietly falling behind.

Relying on a home-grade router

Many businesses start out using the router provided by their internet service provider. The same type you might use at home. The issue? Home routers have very basic firewalls. They’re fine for family browsing, but not for protecting business data, customer records, or multiple employees online at once.

They often lack advanced features like:

Intrusion prevention
Real-time threat monitoring
Detailed reporting and alerts

A business needs business-grade protection. It’s that simple.

No one is watching the alerts

Your firewall is constantly collecting information. Logging every blocked attempt and sending alerts if it detects something unusual. But if no one’s looking at those alerts, you might not notice a problem until it’s too late. This is why so many companies now use managed firewalls.

An IT support partner can monitor your systems on your behalf, check alerts in real-time, and address issues before they escalate into disasters.

If your business doesn’t have that kind of support, it’s worth asking: Who’s keeping an eye on your defenses right now?

Trying to do too much with one device

Some businesses rely on a single piece of equipment to handle everything. Firewall, Wi-Fi, web filtering, and more. That’s convenient, but it can also overload the system and slow down your network. When too many jobs are packed into one box, performance suffers. And sometimes, so does protection.

A better setup might separate some of those roles or use a dedicated next-generation firewall designed to handle them efficiently.

Ignoring remote workers

Lots of employees work from home or on the go. If your primary firewall doesn’t protect their devices, or if they connect through unsecured Wi-Fi, your network could still be at risk.

The best approach is to extend protection beyond the office using a cloud-based firewall, which filters traffic wherever users connect from. That way, your security perimeter moves with your people.

No regular review or testing

Even if your firewall was set up perfectly, things change. You add new software, hire new staff, expand to a second site, and every change affects your network traffic. Regular reviews help ensure your firewall’s rules still make sense.

A quick check every few months can identify gaps or outdated rules long before they become real problems.

How to choose the right firewall for your business

None of these mistakes are unusual. In fact, most companies have made one or two at some point. The key is identifying the weak spots and taking straightforward steps to address them.

A well-configured firewall is part of your business’s safety plan. And when it’s set up right, updated regularly, and monitored properly, it protects everything you’ve worked so hard to build.

Choosing a firewall means finding the right level of protection for your business. One that fits how you work, how your team connects, and what kind of data you need to protect. There’s no single “best” firewall for everyone.

Start with how your business operates

Before considering brands or features, examine how your business actually utilizes technology. Ask yourself:

How many people are connecting to your network?
Where do they work? All in one office, or in multiple locations?
Do you have remote staff working from home or on the road?
What kind of data do you handle? Financial details, personal information, or internal systems?
Are there industry rules (like data protection standards) you need to meet?

The answers help determine what kind of firewall setup you’ll need. Whether a simple on-site device will do, or if you’ll benefit from a managed or cloud-based solution.

The smartest move you can make when choosing a firewall is to involve an expert.

Tech professionals understand how to match security tools to business needs. We assess your setup, clearly explain your options, and ensure everything is configured correctly. The right firewall is a vital part of your business’s security foundation. It’s important to get it right.

If you need advice on cybersecurity or firewalls, we’d be happy to help. Get in touch.

Information used in this article was provided by our partners at MSP Marketing Edge.

Today’s digital environment is transforming how we consume information, and not always for the better. Highly convincing AI-generated images and videos are now being created and shared at a massive scale, blurring the line between reality and fabrication. What once seemed like science fiction has become a mainstream vector for misinformation and social engineering — and this has direct implications for both individuals and organizations.

The Problem: Convincing Doesn’t Mean Real

As multiple recent viral events have demonstrated, AI tools can produce visuals that appear shockingly realistic, even when depicting events that never occurred. In some cases, entirely fabricated photos of breaking news events have spread widely before fact-checking caught up. When these visuals are paired with real footage or authoritative text, people struggle to separate fact from fiction.

This isn’t just about harmless memes or entertaining fakery. These highly believable images and videos can be weaponized to influence perceptions, spread false narratives, and trigger emotional reactions that lead people to accept misinformation as fact.

Why This Matters for Businesses

For organizations, the rise of AI-generated content introduces new risks:

Internal confusion — Employees may accept false images or claims and act on them without verification.
Reputation harm — Fake visuals involving a company or its leaders can circulate before the organization even realizes there’s an issue.
Operational disruption — Decisions made based on unverified media can misdirect resources or create unnecessary alarm.

The bigger danger isn’t just the fake content itself, it’s the trust people place in what they see. Even experienced users and professionals struggle to distinguish real from synthetic content without specialized tools or verification processes.

What’s Driving the Spread of Synthetic Media

Several factors make this problem especially challenging:

AI Tools Are Easy to Use: Generative models that create images and videos don’t require coding expertise. Anyone with basic technical comfort can produce realistic media.
Speed and Scale: In breaking news situations or high-emotion moments, AI content spreads fast, often faster than fact-checking mechanisms.
Emotional Impact: Visuals are especially persuasive. People tend to trust what they see, even when critical thinking should be applied first.

What Organizations Can Do

While no single tool can fully stop AI-generated misinformation, there are practical steps businesses and individuals can take to reduce vulnerability:

Educate and Empower Your Team
Train employees to question first, share later. Encourage verification habits just as you would for suspicious emails or unknown links. Pause before acting on or forwarding dramatic visuals — especially during fast-moving events.
Use Verification Tools
Reverse image searches, metadata analysis, and emerging AI-detection tools can help reveal whether visual content has been manipulated. While these tools aren’t perfect, they add a valuable layer of scrutiny.
Foster Digital Literacy
Encourage employees to verify visual content against multiple trusted sources before trusting it. Establish internal channels or policies for confirming critical information before it’s acted upon or widely shared.
Treat Visual Content with the Same Skepticism as Email Threats
Just as cybersecurity training teaches caution around phishing, teams should approach sensational or unfamiliar media with healthy skepticism. Fake visuals can serve as bait in broader manipulation attempts, including scams and social engineering.

The Bottom Line

In an age where seeing isn’t always believing, digital trust is more fragile than ever. AI-generated media doesn’t just challenge our ability to tell what’s real — it challenges the assumptions we make every day about the content we encounter online.

Awareness, thoughtful validation, and a culture that values verification over impulse are the best defenses we have today. As AI tools continue to evolve, critical thinking becomes one of our most valuable assets.

Information used in this article was provided by our partners at KnowBe4.

Last week, Michigan business leaders joined us to answer three critical questions about Microsoft 365 Copilot: Is my data secure enough? Can I prove ROI? Will my team actually use it?

Whether you attended or missed the live session, the insights Microsoft Copilot Specialist Julie Hodges and our team shared are too valuable to let slip away.

Here are the key takeaways and next steps.

The 5 Biggest Takeaways from the Webinar

1. Security Audits Are Non-Negotiable

The most common security issue isn’t Copilot itself. It’s years of accumulated data with inconsistent sharing permissions.

During the webinar, we discussed common security misconfigurations: confidential files shared with “everyone,” outdated access for former employees, and sensitive documents stored in personal OneDrive folders without restrictions.

What attendees learned: The 5-point security checklist every business needs before deployment: MFA on all accounts, conditional access policies, data classification and sensitivity labels, DLP policies, and access governance.

2. Real ROI Comes from Process Automation, Not Email Summaries

Generic Copilot demos always start with “watch it summarize your inbox!” But email summaries won’t justify a $12,000+ annual investment.

The Microsoft Copilot ROI examples we shared:

Manufacturing: Production managers save 4-6 hours per week by automating production reports and quality trend analysis.
Financial Services: Advisors saving 2-3 hours per week on client communications and compliance documentation.
Construction: Project managers save 3-5 hours per week on status reports and change order tracking.

According to Microsoft’s research on early Copilot adopters, organizations achieve the highest ROI when they focus on automating high-value knowledge work rather than routine tasks.

3. Phased Rollout Drives Higher Adoption

We tackled the biggest mistake most companies make when rolling out Copilot. Not getting their employees on board to adopt it. The key to success is a phased rollout with a pilot group.

The data we shared:

Company-wide deployment on day one typically results in adoption rates below 30%
Phased rollout (Assess → Pilot → Train → Scale) drives adoption rates above 80%
Organizations with pilot programs see 3x higher sustained usage after 6 months

Why it works: Pilot groups prove value before you commit your full budget. They become your internal advocates who can show other employees real results, not just vendor promises.

When employees see their colleagues saving 8 hours per week, resistance turns into demand.

4. Microsoft’s July Pricing Changes Create a Decision Point

Julie Hodges walked through the upcoming pricing changes and what they mean for Michigan businesses.

The key details:

Business Standard is increasing by approximately $1.50 per user in July 2026
Business Premium pricing is NOT increasing
For a 50-person team, choosing the right licensing strategy could save $6,000 annually

The strategic implication: Business Premium is becoming the better choice for most businesses planning to adopt Copilot. The pricing gap is closing, and the feature gap (mailbox storage, security tools) makes Premium the smarter investment.

Action item: Review your current licensing and determine if you should lock in Business Premium pricing before July. For many Michigan businesses, this licensing decision will save more than the cost of a security assessment.

5. Copilot Agents Are the Next Evolution

Beyond basic productivity features, we gave an overview of Copilot Agents: custom-built AI that can autonomously handle specific business processes.

Examples we discussed:

Customer onboarding: Automatically collect documents, verify information, and guide new clients through your process
Invoice processing: Review incoming invoices, match to purchase orders, flag discrepancies, route for approval
Supply chain tracking: Monitor inventory levels, predict stockouts, generate reorder requests

The difference: Standard Copilot helps you work faster. Copilot Agents work for you 24/7.

Many people wonder about pricing and the timeline for Copilot Agents.

Our answer: Start with the standard Copilot implementation first. Prove ROI with basic use cases. Then explore Agents for your most time-consuming processes.

Questions Following the Webinar:

How long does a security audit actually take?

Typically, 2-3 weeks for a thorough assessment of a 50-100 user environment. This includes reviewing MFA status, conditional access policies, data classification readiness, DLP configuration, and permissions sprawl across SharePoint, OneDrive, and Teams.

Some businesses think 2-3 weeks sounds long. But it’s faster (and cheaper) than fixing a data exposure incident after Copilot is deployed.

Can we start with just one department?

Yes, and we recommend it. Starting with one department (1-3 users) lets you:

Prove ROI before full investment
Identify training gaps early
Build internal advocates
Refine your implementation approach

The most successful deployments we’ve seen started with finance teams, compliance departments, or production management. High-volume users of repetitive knowledge work.

Time savings are the easiest to measure. Business impact is the most compelling to leadership.

What if adoption rates stay low after 90 days?

In our experience, low adoption after 90 days is most often a change management issue, not a technology issue.

The fix: More role-specific training, better use case identification, and ongoing support. Generic “here’s what Copilot can do” training doesn’t work. “Here’s how it saves you 2-4 hours per week” does.

What Happens Next?

Don’t Get Left Behind

The businesses moving forward with Copilot now will have a 6-month head start on competitors. They’ll have refined their workflows, trained their teams, and proven ROI by the time others are just getting started.

Whether you attended the webinar or not, your next step is the same: find out if you’re Copilot-ready.

Schedule Your Complimentary Copilot Readiness Consultation

At Yeo & Yeo Technology, we’ve been helping Michigan businesses navigate technology transformations for over 40 years. Copilot is no different. We’re here to make sure your investment delivers real results, not just vendor promises.

If you used one or more vehicles in your business during 2025, you may be eligible for valuable tax deductions on your 2025 income tax return. Businesses can generally deduct expenses attributable to business use of a vehicle plus depreciation. However, the rules are complicated, and your deduction may be affected by factors such as the vehicle’s weight, business vs. personal use, and whether you use the actual expense method or the cents-per-mile rate.

Actual expenses plus depreciation

The year you place a vehicle in service, you can choose to deduct the actual expenses attributable to your business vehicle use or, if the vehicle is a car, SUV, van, pickup or panel truck, claim the cents-per-mile deduction (discussed later). Deductible expenses include gas, oil, tires, insurance, repairs, licenses and vehicle registration fees. You’ll need to track and substantiate these expenses.

If you use the actual expense method, you also can claim a depreciation deduction for the vehicle by making a separate depreciation calculation for each year until the vehicle is fully depreciated. According to the general rule, you calculate depreciation over a six-year span for a percentage of the purchase cost as follows:

Year 1 — 20%
Year 2 — 32%
Year 3 — 19.2%
Year 4 — 11.52%
Year 5 — 11.52%
Year 6 — 5.76%

If a vehicle is used 50% or less for business purposes, you must use the straight-line method (10% in Years 1 and 6 and 20% in Years 2 through 5) to calculate depreciation deductions instead of the percentages listed above.

Depending on the cost of a passenger auto, your deduction may be less than the percentage of cost above because “luxury auto” annual depreciation ceilings apply. These are indexed for inflation and may change annually. For a passenger auto placed in service in 2025, generally the ceilings are as follows:

Year 1 — $20,200 ($12,200 if you don’t claim first-year bonus depreciation)
Year 2 — $19,600
Year 3 — $11,800
Each remaining year until the vehicle is fully depreciated — $7,060

These ceilings are proportionately reduced for any nonbusiness use.

More favorable depreciation rules apply to heavier SUVs, pickups and vans. For example, 100% bonus depreciation or the normal Section 179 expensing limit ($2.5 million for 2025) generally is available for vehicles with a gross vehicle weight rating (GVWR) of more than 14,000 pounds. A reduced Sec. 179 limit of $31,300 applies to vehicles (typically SUVs) rated at more than 6,000 pounds but no more than 14,000 pounds. Again, this favorable tax treatment is available only if the vehicle is used more than 50% for business.

The cents-per-mile method

The 2025 cents-per-mile rate for the business use of a car, SUV, van, pickup or panel truck is 70 cents (increasing to 72.5 cents for 2026). This rate applies to gasoline- and diesel-powered vehicles as well as electric and hybrid-electric vehicles. A depreciation allowance is built into the rate, so you can’t claim both the depreciation deductions discussed earlier and the cents-per-mile rate for the same vehicle.

The rate is adjusted annually. It’s based on an annual study commissioned by the IRS about the fixed and variable costs of operating a vehicle, including gas, maintenance, repairs and depreciation. Occasionally, if there’s a substantial change in average gas prices, the IRS will change the cents-per-mile rate midyear.

The cents-per-mile rate is beneficial if you don’t want to keep track of actual vehicle-related expenses or worry about depreciation calculations. Although you don’t have to account for all your actual expenses, you still must record certain information, such as the mileage for each business trip, the date and the destination.

Choosing or changing your method

There’s much to consider before deciding whether to use the actual expense method or cents-per-mile method to deduct expenses for a vehicle your business placed in service in 2025. For a vehicle placed in service earlier, if you previously deducted actual expenses for the vehicle, you can’t use the cents-per-mile rate for 2025 (or any other future year). However, if you previously used the cents-per-mile rate, you can switch to the actual expense method in a later year — but you can claim only straight-line depreciation.

If you lease a business vehicle, there also are deduction opportunities but the rules are different. Contact us if you’d like more information. We can also answer questions about claiming 2025 business vehicle expenses on your 2025 return or planning for and tracking 2026 expenses.

When your financial statements arrive, it’s tempting to glance at the bottom line and move on. After all, you’ve got customers to serve and employees to manage. But your income statement is more than a report card. It can be a strategic tool to help you spot growth opportunities, tighten your execution and make smarter decisions that move your business forward.

Measure what matters

The income statement is a good starting point for analyzing your financials and identifying inefficiencies and anomalies. The following ratios are commonly used to gauge profitability:

Gross profit margin. This is gross profit (revenue minus cost of goods sold) divided by revenue. It’s a good ratio to compare with industry statistics because it’s typically calculated on a consistent basis, though the definition of cost of goods sold can vary between companies.

Net profit margin. This is calculated by dividing net income by revenue. If the margin is rising, the company is generally doing something right. Often, this ratio is computed on a pretax basis to accommodate differing tax rates.

Return on assets. This is net income divided by the company’s total assets. The return shows how efficiently management is using its assets.

Return on equity. This is calculated by dividing net income by shareholders’ equity. The resulting figure shows how well the shareholders’ investment is performing compared to competing investments. However, private companies should use this ratio with caution because their equity levels can fluctuate due to owner withdrawals or tax strategies.

You can use these profitability ratios to compare your company’s performance over time and against industry norms.

Dig deeper into the details

If your company’s profitability ratios have deteriorated compared to last year or industry norms, it’s important to find the cause. If the whole industry is suffering, the decline is likely part of a macroeconomic trend. If the industry is healthy but your company’s margins are falling, it’s time to identify internal factors and take corrective measures.

Depending on the source of the problem, you might need to cut costs, reevaluate staffing levels, automate certain business functions, eliminate unprofitable segments or product lines, raise prices or possibly conduct a forensic accounting investigation. For instance, a hypothetical manufacturer might discover that its gross margin fell due to rising labor costs from excessive overtime or because supplier prices rose faster than the company adjusted its pricing.

Build a winning game plan

In today’s volatile economy, it’s easy to blame shrinking profit margins on external pressures. But assumptions can be costly. Your income statement provides insight into your team’s performance, from your operational efficiency to pricing and spending. A careful review of your income statement — including revenue trends, cost drivers and operating expenses — often uncovers actionable opportunities for improvement. We can help you develop strategies to boost profitability and keep your business competing at the highest level.

If your organization sponsors a retirement plan for employees, you’ve probably noticed that compliance hasn’t been easy over the last few years. Whether the SECURE Act, the CARES Act and other pandemic-era legislation, or SECURE 2.0, employers have had to deal with significant changes.

The IRS apparently sympathizes. In its recently issued Notice 2026-9, the tax agency has extended the general deadline for amending certain IRA-based plans.

Key point

The key point of Notice 2026-9 is that the deadline for making required written amendments to certain retirement plans has been extended to December 31, 2027. (According to the notice, the deadline could be extended further if necessary.) For employers, the two arrangements chiefly in question are:

Simplified Employee Pension (SEP) plans, under which sponsors provide participants with SEP-IRAs, and
Savings Incentive Match Plans for Employees (SIMPLEs), under which sponsors provide participants with SIMPLE IRAs.

The notice also covers traditional and Roth IRAs, but these are generally individually owned.

The two plans mentioned are popular with many small and midsize employers because they’re generally easier and less expensive to maintain than, say, a traditional 401(k) plan. The IRS extension aims to help such organizations catch up and avoid compliance issues from outdated paperwork — a credible threat given how frequently the rules have changed.

Indeed, it’s important to note that the deadline extension applies to amendments required under not only the most recent SECURE 2.0, but also the earlier SECURE Act, CARES Act and even the largely forgotten Relief Act of 2020. In other words, Notice 2026-9 addresses the cumulative effect of several years’ worth of legislative updates.

Timely opportunity

Like many employers, your organization may have already implemented some or all of the operational changes required by these laws. But have you formally updated your plan document? Many employers have fallen behind on this crucial compliance matter.

Although the deadline has been pushed to the end of next year, don’t let procrastination win the day if your plan document still needs to be updated. In fact, you might think of IRS Notice 2026-9 as a timely opportunity to both review and revise your plan document and assess how well your retirement arrangement is working.

The truth is, while the deadline extension applies to the timing of written amendments, employers are still expected to operate their plans in compliance with applicable laws as the various changes take effect. The distinction matters. The IRS can deem a plan out of compliance even if the employer-sponsor intends to fix it later — especially if improper administration has occurred. For example, rules regarding eligibility, contributions or distributions may have changed in ways that materially affect employee-participants’ benefits.

Bottom line: The extended amendment deadline provides breathing room, but it doesn’t eliminate the need for proper administration. Now’s a good time to confirm that your organization or its third-party administrator is tracking and implementing the required updates, and that your plan document has been amended accordingly.

Sound move

Sponsoring an IRA-based retirement plan can be a sound move for many small and midsize employers. But even seemingly minor compliance mistakes can lead to big headaches. If you have a SEP or SIMPLE IRA plan, we can help evaluate its operation and identify required amendments. We can also assist you in deciding whether another type of retirement plan may now be a better fit for your organization.

If you made large gifts to family members or heirs last year, you may need to file a 2025 gift return by April 15. So, it’s important to understand whether you’re required to file a federal gift tax return — and when it might be beneficial to file one even if not required.

When filing a return is required

Generally, you must file a gift tax return (Form 709) if, during the 2025 tax year, you made gifts (other than to your U.S. citizen spouse) that exceeded the $19,000-per-recipient annual gift tax exclusion. If you split gifts with your spouse to take advantage of your combined $38,000 annual exclusion, both you and your spouse must file separate gift tax returns.

You also need to file a gift tax return if you made gifts to a Section 529 college savings plan and wish to accelerate up to five years’ worth of annual exclusions ($95,000) into 2025. Other times filing is required include when you made gifts:

That exceeded the $190,000 annual exclusion amount (for 2025) for gifts to a noncitizen spouse,
Of future interests (such as remainder interests in a trust), regardless of the amount, or
Of community property.

Keep in mind that you’ll owe gift tax only to the extent that an exclusion doesn’t apply and you’ve used up your lifetime gift and estate tax exemption ($13.99 million for 2025). As you can see, some gifts require filing a return even if you don’t owe tax.

When filing a return isn’t required

Generally, no gift tax return is required if you:

Paid qualifying education or medical expenses on behalf of someone else directly to the educational institution or health care provider,
Made gifts of present interests that fell within the annual exclusion amount,
Made outright gifts, in any amount, to a spouse who’s a U.S. citizen, including gifts to marital trusts that meet certain requirements, or
Made charitable gifts and aren’t otherwise required to file Form 709 — if a return is required, charitable gifts should also be reported.

If you gifted hard-to-value property, such as artwork or interests in a family-owned business, consider filing a gift tax return even if you’re not required to. Adequate disclosure of the gift on a return triggers the statute of limitations, generally preventing the IRS from challenging your valuation more than three years after you file.

In some cases, it’s even advisable to file a gift tax return to report nongifts. For example, suppose you sold assets to a family member or a trust. Again, filing a return triggers the statute of limitations and prevents the IRS from claiming, more than three years after you filed the return, that the assets were undervalued and, therefore, are partially taxable.

Questions? We can help

Gift and estate tax rules are complex. Determining whether you must file a gift return (or whether you should file one even if not required) isn’t always easy. If you need help, please contact us.

Yeo & Yeo is proud to announce that Andrew Matuzak, CPA, PFS, principal and director of Yeo & Yeo Wealth Management, has been honored as one of eight recipients of the 21^st Annual RUBY Awards, presented by 1st State Bank. The award recognizes outstanding professionals under the age of 40 who are making a meaningful impact in their careers and throughout the Great Lakes Bay Region.

Matuzak’s journey at Yeo & Yeo began in 2011. Over the past decade, he has advanced from staff accountant to principal, earning his Certified Public Accountant and Personal Financial Specialist credentials along the way, and building deep expertise in tax strategy, estate planning, and comprehensive financial planning. In 2025, he assumed leadership of Yeo & Yeo Wealth Management, where he continues to enhance the client experience by helping individuals, families, and business owners align their financial decisions with their long-term goals.

“Andrew exemplifies what it means to be a trusted advisor,” said Dave Youngstrom, President & CEO of Yeo & Yeo. “He brings together technical excellence, thoughtful leadership, and a true passion for helping people navigate some of life’s most complex financial decisions. His influence can be felt not only through the growth of our wealth management services, but through the teams he mentors and the clients who rely on his guidance.”

Known for his ability to connect tax strategy with financial planning, Matuzak works closely with clients facing complex planning needs, including business succession, retirement planning, estate and trust considerations, and the specialized needs of high-net-worth individuals. In 2024, he received the President’s Club Award from Avantax, recognizing outstanding client service and a high level of ethics, integrity, and leadership.

Matuzak is co-leader of Yeo & Yeo’s Death Care Services Group and is a member of the Trust/Estate/Gift Tax Services Group. He is a member of the Great Lakes Bay Estate Planning Council and frequently shares his insights on Yeo & Yeo’s Everyday Business Podcast. In the community, he serves as treasurer of the Thomas Township Business Association and is a member of the Saginaw Valley State University Advisory Board Council. Matuzak is also a 2023 graduate of Leadership Saginaw County, exemplifying his dedication to leadership development and community engagement. He is based in the firm’s Saginaw office.

“I’m incredibly honored to be recognized alongside so many talented professionals in our region,” Matuzak said. “This award reflects the support and mentorship I’ve received throughout my career and the incredible teams I get to work with every day. Helping clients make confident decisions and seeing the positive impact of that work is what motivates me most.”

The RUBY Awards ceremony was held at Apple Mountain in Freeland, Mich., on February 24.

Some customers naturally require more time and resources than others. But when certain relationships consistently consume more of your and your employees’ time than they generate in profit, it may be time to reassess. Taking a closer look at customer‑level profitability can help you understand where resources are going and ensure that high‑value relationships receive the attention they deserve.

Estimate their value to your business

Before you do anything else, determine individual customer profitability. If your business software tracks customer purchases and your accounting system has adequate cost-accounting or decision-support capabilities, this process will be easier. Even if you don’t maintain cost data, you can sort the good from the bad by reviewing customer purchase volume and average sale price. Often, such data can be supplemented by general knowledge of the relative profitability of different products or services.

Don’t ignore indirect costs. High marketing, handling, service or billing costs for individual customers or customer segments can significantly affect their profitability even if they purchase high-margin products.

Give them a grade

After you’ve assigned profitability levels to customers or customer categories, sort them into the following groups:

Group A. These customers are highly profitable. To further increase their value to your business, spend time learning what motivates them. Your proprietary products? Your prices? Your customer care? Developing a good understanding of this group will help you grow these relationships and provide insight into attracting similar customers.

Group B. Customers in this group may not be extremely profitable, but they positively contribute to your bottom line. There’s a good chance that, with the right mix of product, service and marketing resources, you can turn some of them into A customers. But be sure to monitor them closely to prevent them from slipping into the C group.

Group C. These customers tend to be unprofitable. They may also be difficult to work with and perpetually dissatisfied. They may expect special pricing or services, or pay invoices late. Fortunately, eliminating C customers probably won’t require a formal breakup. You can start by reducing the level of attention they receive. Remove them from marketing lists and tell your salespeople to stop contacting them. After a while, most C customers who are ignored will leave on their own.

When a strategic overhaul is warranted

It’s normal for businesses to have a mix of highly and less profitable customers. The key is making intentional decisions about where to invest your time and resources. Reallocating attention away from consistently unprofitable customer relationships — and toward your A and B groups — can boost your company’s financial performance. However, if C customers make up a large portion of your customer base, you may need to consider broader strategic changes. These could include reviewing pricing, refining service offerings, adjusting processes or rethinking which markets and customer segments you want to serve. Contact us to learn more.

An advance payment is one received by a business before it provides whatever is being paid for. For federal income tax purposes, generally advance payments must be reported as taxable income in the year received. This treatment always applies if your business uses the cash method of accounting for tax purposes. But, if your business uses the accrual method, it may qualify for favorable tax deferral treatment.

Tax deferral privilege

Accrual-basis businesses can elect to postpone including all or part of an eligible advance payment in taxable income until the year after it’s received. To be eligible for the deferral election, among other requirements, an advance payment must:

At least partially be included in revenue for a later year according to your business’s applicable financial statement (AFS) or, if your business doesn’t have an AFS, treated as earned in a later year, and
Be received for goods, services or other eligible items listed in IRS guidance.

If your accrual-basis business received eligible advance payments in 2025, you potentially can elect to defer reporting some or all of that income until 2026 for federal tax purposes.

What is an AFS?

An AFS can be an audited financial statement used for credit or financial reporting purposes or certain reports submitted to federal or state agencies. A form filed with the Securities and Exchange Commission, such as a 10-K or annual report, also can be an AFS.

If your business doesn’t have an AFS and elects to use the deferral method for advance payments, the payment must be included in taxable income in the year received to the extent of the amount that is treated by your business as earned in that year. The remaining portion of the advance payment must be included in taxable income the following year.

What types of payments are eligible?

Advance payments that may be eligible for deferral include payments for:

Services,
The sale of goods,
Gift cards,
The use of intellectual property,
The sale or use of computer software,
Warranty contracts, and
Subscriptions.

Other payments specified in IRS guidance also may be eligible.

Eligible advance payments don’t include rents (with some exceptions), certain insurance premiums, payments for financial instruments, payments for certain service warranty contracts, and other payments specified in IRS guidance.

Some examples

The following examples illustrate how eligible advance payments can be deferred for federal income tax purposes:

Taxpayer has an AFS. A calendar-year accrual method S corporation provides tennis facilities and lessons. On November 15, 2025, it received payment for a one-year contract for 48 one-hour tennis lessons beginning on that date. Eight lessons were given in 2025. On its AFSs, the business recognizes one-sixth (8/48) of the advance payment as revenue for 2025 and five-sixths (40/48) as revenue for 2026. Making the advance payment deferral method election, the business includes only one-sixth of the advance payment in taxable income for 2025. The remaining five-sixths must be included in taxable income for 2026.

Taxpayer doesn’t have an AFS. A calendar-year accrual method LLC provides online security protection services for computers, tablets and cell phones. On September 1, 2025, it received payment for two years of protection services beginning on that date. The business determines that four months of its services should be treated as earned in 2025. Making the advance payment deferral election, the business includes only one-sixth (4/24) of the advance payment in taxable income for 2025. The remaining five-sixths (20/24) must be included in taxable income for 2026.

Can you benefit?

We’ve only scratched the surface of complicated tax rules and regulations that apply to the treatment of advance payments. Contact us for help determining if your business is eligible to defer 2025 advance payments. We can also calculate the possible current tax savings.