insightsArticles

Many organizations implement well-being strategies to advance culture, engagement, and business performance. They recognize that successful well-being strategies combine work design, benefit and program offerings, and the built environment (physical workplaces and virtual capabilities) to address a myriad of human capital challenges and opportunities. Yet, many organizations aren’t clearly connecting their well-being strategies to their risk management programs and Environment Social Governance (ESG) reporting.  

Reporting on the social component of ESG brings transparency to how an organization is managing human capital-related risks, the most prevalent in current ESG reporting standards being employee turnover. It also gives organizations the opportunity to share how they are supporting a workforce that can thrive both in and outside of work. 

Here are five ways an organization’s well-being strategy fits into their ESG reporting:  

1. Promoting healthy behaviors. The workplace is a recognized social determinant of health and can shape health behaviors for many individuals. Work shifts can influence sleep schedules, available food and beverage options can influence eating patterns, the nature of work and workplace features can influence safety and activity levels, health plan design can influence proactive and preventive healthcare decisions, and the culture drives many health-related behavioral norms. Workplaces that cultivate healthy behaviors not only see benefits to productivity, retention, and engagement, but also make a positive difference in helping to address local and national health challenges.

2. Cultivating social connection and belonging. The workplace is an important source of social connection for working adults. Yet 36% of Americans report feeling “serious loneliness.” Loneliness carries real consequences for individuals and workplaces. For instance, social isolation (even if only perceived) can increase inflammation in the body to the same degree as physical inactivity. Additionally, high belonging in the workplace is linked to a 56% increase in job performance, a 50% drop in turnover risk, and a 75% reduction in sick days. Organizations that emphasize the importance of connection right from the beginning of an employee’s onboarding journey, deliberately build in opportunities to connect as part of the work experience, and encourage workplace friendships can dramatically reduce feelings of loneliness among workers.   

3. Reducing mental health stigma. The quality of mental health in the US is a recognized national health crisis, with one in five adults living with a mental health condition, and mental health conditions on the rise in children and young adults. Unmanaged depression and anxiety have been shown to impair cognition, including problem solving, creativity, memory, and executive functioning. Organizations have the opportunity to bring visibility to mental health challenges, reduce stigma, and improve access to and quality of mental health resources for individuals and families.  

4. Educating employees to make sound financial decisions. Four out of five employers report that their employees’ personal financial issues impact their job performance. At a baseline, organizations are responsible for providing fair living wages to their employees. Organizations seeking to be employers of choice will pay competitive wages. Beyond how much employees are paid, organizations can equip employees with the knowledge and resources to make sound financial decisions in support of long-term financial independence. 

5. Supporting inclusion with flexibility. Flexible work schedules, “work from anywhere” arrangements, and alternative work schedules are all ways employers can support retention among talented employees who might otherwise leave the workforce or seek different job paths. Examples of employees who benefit most are those with caregiving roles (for children, elders, or other dependents) or who simply cannot afford to live near the office. Executed effectively, more flexible work arrangements can lead to improved retention and increased diversity.  

If you are interested in exploring how you can implement a well-being strategy for your organization and how you can integrate well-being into your ESG reporting, please contact our team.  

Start by assessing your organization’s well-being program 

Understanding the maturity level of your organization’s well-being program can help you benchmark, assess progress, and gain leadership support by showing a clear path to improvement. Our maturity model can help you assess where you are now.

Read this if your company is eligible for the Employee Retention Credit (ERC) and has filed a claim.

In order to protect taxpayers from an influx of ERC scams, the IRS has put an immediate halt to processing new claims, effective as of September 14. The moratorium will remain in effect through at least the end of 2023. 

IRS Commissioner Danny Werfel said, “The further we get from the pandemic, the further we see the good intentions of this important program abused. The continued aggressive marketing of these schemes is harming well-meaning businesses and delaying the payment of legitimate claims, which makes it harder to run the rest of the tax system. This harms all taxpayers, not just ERC applicants.” 

ERC claims filed before the moratorium going into effect (September 14) will still be processed; however, due to stricter compliance reviews, processing time of these claims will be longer, doubling the standard ERC processing goal of 90 days to 180 days.

The agency will be working with the Justice Department to pursue fraud that has been perpetrated by companies pursuing aggressive and misleading marketing tactics. Additionally, the IRS is working to put more taxpayer protections in place, including the following:

Settlement program: The IRS is working on new initiatives to help businesses that were victims of aggressive promoters, including a settlement program for repayments for businesses that received an improper ERC payment. Details to come from the IRS this fall.

Withdrawal option: There will also be made available a special withdrawal option for those who have filed an ERC claim but whose claim has not been processed or paid, which will allow the taxpayers to avoid possible repayment issues and paying promoters' contingency fees. 

Our recommendations:

For those companies and organizations who filed the applicable Form(s) 941-X before September 14, continue to be patient while waiting for your refunds. It has been taking the IRS between 4 – 18 months to process claims, depending upon the amount claimed. We recommend you mail the forms to the IRS-certified mail/return receipt so there is documentation the IRS received the forms. If you did not mail the form via certified mail/return receipt and want to be sure the IRS received your Form(s) 941-X, you can always call the IRS to make sure they received them. 

For those companies and organizations who have not filed a Form 941-X to claim the ERC, we recommend continuing to work with reputable companies to help you navigate eligibility for the ERC. We also recommend filing any completed Form(s) 941-X to claim the credit during this moratorium. However, any claims must be supported by adequate documentation outlining eligibility for the ERC under either the gross receipts test or the partial shutdown rules.

IRS Commissioner Werfel also stated, "In the meantime, businesses should seek out a trusted tax professional who actually understands the complex ERC rules, not a promoter or marketer hustling to get a hefty contingency fee.” We couldn’t agree more. Please contact our team if you have any questions. We’re here to help.

Employee Retention Credit articles from BerryDunn:

What can you believe about the Employee Retention Credit?
Too good to be true? IRS warns employers of ERC scams
Employee benefit plan updates: The Employee Retention Credit and student loan repayment programs

IRS Employee Retention Credit resources:

IRS news release on the ERC moratorium
For more information on the ERC, visit IRS.gov/erc.

There is a growing interest in the business world for companies to reduce their Greenhouse Gas Emissions (GHG), particularly as Environmental Social Governance (ESG) initiatives become more commonplace. Many organizations have come to realize that their shareholders or other stakeholders are interested in knowing the extent of the organization’s social or environmental impacts. One step some organizations are taking to contribute to social and environmental responsibility is to reduce their carbon emissions—either through directly changing their business practices, purchasing carbon offsets, or both.

What can companies do to reduce their carbon footprint?

There are several ways that businesses can reduce their overall environmental impact. Companies often begin this journey by understanding what their carbon footprint is, which is the amount of emissions related to an organization’s direct and indirect activities. Generally, these emissions are measured in tons (for example, driving 2,500 miles generates a ton of carbon dioxide.) Since this process is voluntary, a company can consider measuring their footprint based upon a scope:

• Scope 1 relates to what the organization directly emits, such as through exhaust in automobiles used for business purposes.
• Scope 2 relates to carbon emissions specifically from energy production needed for the organization’s use, such as the electricity used to power their office.
• Scope 3 includes all other indirect carbon emissions, including all the participants in the supply chain of a product the company sells.

Regardless of the scope used, a company will generally set a goal of reducing their overall carbon footprint by a certain amount. They may choose to address this goal through a number of methods, such as switching to renewable energy or implementing other energy-reduction strategies. This is a great first step; however, most companies realize that gains in energy efficiencies can bring a company only so far toward their goal. It is generally at this point that companies consider using carbon offsets as a tool toward achieving their goal of reducing GHG.

What is a carbon offset?

A carbon offset, also called a carbon credit, is created when one company removes a unit of carbon from their business activity and is deemed to have generated an offset. Once certified, that offset can then be purchased by another company as a means of reducing its own carbon footprint. The carbon offset market is huge, and growing rapidly. In 2020, the market was estimated at approximately $2 billion, and it is expected to grow to $50B or much more by 2050.

Carbon offsets operate in a voluntary marketplace. While there are some exchanges available for purchasing offsets, most companies purchase credits through organizations that facilitate the certification of projects and determine the number of carbon credits produced. Common projects that generate offsets include reforestation, the capture and destruction of greenhouse gases, and renewable energy projects.

As expected with a rapidly emerging practice of using carbon offsets, the market is far from perfect. There are even reports that some carbon offsets may be worthless and actually contribute to increases in GHG. Given the complexities, it is important that the buyer conduct their own research in order to have an overall understanding of how the market works

Accounting for the purchase of carbon offsets: Two options

Once a company has set a goal for reducing their carbon footprint, has researched the carbon offset market, and purchased offsets to help meet their goal, then what? How are carbon credits accounted for on the company’s financial statements?

Regulating agencies are beginning to issue some guidance around carbon offsets, including:

• The SEC has proposed rules to enhance and standardize climate-related disclosures for investors for public traded companies.
• FASB recently added a project to its technical agenda to improve the recognition, measurement, presentation, and disclosure requirements for participants in compliance and voluntary programs that result in the creation of environmental credits and for the nongovernmental creators of environmental credits.

However, when it comes to accounting for offset credits, there is very little official guidance on how a company should account for the accumulation of carbon offsets and their use.

For companies acquiring carbon offsets, the accounting choices, at this point, boil down to either the purchase of an intangible asset or the purchase of inventory.

Carbon offsets as intangible assets

Per the ASC 350-30-20 glossary definition, intangible assets are "assets (not including financial assets) that lack physical substance." (The term intangible assets is used to refer to intangible assets other than goodwill.)”

The carbon credit does not have a physical form but could be treated as an asset. Therefore, it meets the definition of an intangible. For accounting record keeping, the acquisition of these would be at fair value, which in most cases would be the cost or price paid by the company. Since carbon offsets generally have an indefinite life, as intangible assets, they would not be subject to amortization in the event that the credit was held and not used for more than one operating cycle. Once the offset is claimed by the company, it is “decertified,” meaning it is removed from the registry and therefore no longer certified as an offset credit. At this point, the company would write off the value of this intangible asset and recognize an expense.

Carbon offsets as inventory

Alternatively, a company could consider the acquisition of carbon offsets as inventory.

Per US GAAP, inventory is defined as "the aggregate of those items of tangible personal property that have any of the following characteristics:

• Held for sale in the ordinary course of business
• In process of production for such a sale
• To be currently consumed in the production of goods or services to be available for sale."

While carbon offsets are not tangible personal property, they are tradable and could be held for sale in the event that the company wanted to speculate on trading these carbon credits rather than use them.

As inventory, their costs may be determined under any one of several assumptions as to the flow of cost factors, such as First-In-First-Out (FIFO), average, and Last-In-First-Out (LIFO). The major objective in selecting a method should be to choose the one which, under the circumstances, most clearly reflects periodic income.

If considered inventory, the cost would be subject to neither impairment nor amortization. As inventory, however, there would be a lower of cost or net realizable value consideration at each reporting deadline. Once de-certified and therefore used, the company would report a reduction of inventory and a debit to expense.

Once the company selects its accounting method as either intangibles or inventory, it should use the same method when retiring or selling off the carbon offset credit.

How to choose a method for accounting for carbon offsets

In the absence of specific accounting rules, the accounting policy used by a company will generally come down to the specific facts and circumstances of the arrangements giving rise to these carbon offset credits and how the company plans to utilize the carbon offset credits.

Through thoughtful financial statement disclosures, a company can keep the readers of their financial statements informed of their practice and how those practices impact its overall financial statements.

In conclusion, carbon offsets offer companies a way to meet their ESG goals by purchasing credits from other companies that are reducing their carbon emissions. These steps can help a company claim social and environmental responsibility. But, on the accounting side, the rules are vague. BerryDunn’s Commercial Team has extensive experience working with clients who have purchased carbon offsets and can advise you on the best approach for your business. Contact our team to schedule a conversation.

What Medicaid agencies and Medicaid-participating managed care organizations need to know about new mandatory federal requirements for reporting on the core sets of quality measures.

Read this if you administer a Medicaid agency, a CHIP program, or a Medicaid-participating managed care organization. 

On August 31, 2023, the Centers for Medicare & Medicaid Services (CMS) issued its Final Rule, which establishes requirements for mandatory annual state reporting of the following Core Sets of Medicaid quality measures:

• The Core Set of Children’s Health Care Quality Measures for Medicaid and the Children’s Health Insurance Program (CHIP)
• The behavioral health measures on the Core Set of Adult Health Care Quality Measures for Medicaid
• The Core Sets of Health Home Quality Measures for Medicaid  
• The regulations associated with the Final Rule are effective January 1, 2024. The initial (2024) round of reporting must be submitted and certified by states by December 31, 2024

FAQs: Medicaid Core Sets reporting requirements  

• Do these reporting requirements apply exclusively to the 50 states? 
  No. These requirements include the 50 states, the District of Columbia, Puerto Rico, the Virgin Islands, and Guam. American Samoa and the Mariana Islands could, but would not be required to, report Child Core Set and Adult Core Set measures. 
• Do all Medicaid agencies operate health home programs?
  No. “Health homes” refers to two optional Medicaid benefits that states may elect to implement through their CMS State Plan Amendment (SPA). The Section 1945 health home benefit is for Medicaid-eligible individuals who have: a) two or more chronic conditions; b) at least one chronic condition and who are at risk of developing a second; or c) at least one serious and persistent mental health condition. The Section 1945A health home benefit is for Medicaid-eligible children with medically complex conditions. 
• If a state’s CHIP is separate from the Medicaid program, do these reporting requirements also apply to CHIP? 
  Yes. The Medicaid agency must report on the measures for standalone CHIP-enrolled beneficiaries in addition to Medicaid-enrolled beneficiaries, according to each measure’s age range specifications. 
• Are Medicaid agencies required to report on all Medicaid and CHIP beneficiaries, including those enrolled in fee-for-service and managed care?
  Yes. However, the Secretary of HHS could specify in CMS’ annual reporting guidance that a population is not required to be included. Also, the Secretary could grant a Medicaid agency an exemption from reporting on one or more measures for a specific population.
• Is there a filing deadline for a Medicaid agency to request a reporting exemption?
  Yes. A request for an exemption must be submitted by September 1 of the applicable reporting year. A Medicaid agency may request a one-year exemption from reporting for a specific population. This request must demonstrate that the Medicaid agency is unable to obtain access to data required to report the measures for a population despite making reasonable efforts to do so. The request must also document a reasonable timeline of actions underway to resolve data access problems.
• Will these requirements require a Medicaid agency to submit a change in its state plan? 
  Yes. The Medicaid agency must submit a state plan amendment, specifying that it will report on the Child Core Sets and Adult Core Sets in accordance with 42 CFR § 437.15.
  
  If the Medicaid agency offers either or both of the optional health home services, then the state plan will need to also address the health home reporting requirements in accordance with 42 CFR § 437.15. The Medicaid agency must also require health home service providers to report to the agency on all populations served by the health home provider and on the measures in the applicable Health Home Core Set as a condition of receiving payment for these services.
• Can CMS withhold federal Medicaid payments, in whole or part, from a state that is non-compliant with these reporting requirements? 
  Yes. CMS has stated that graduated enforcement mechanisms for compliance with Core Sets reporting requirements due to issues with state data systems will align with existing CMS policy regarding state corrective action plans.
• Will CMS modify the Core Sets measures on an annual basis?
  Yes. The Secretary of HHS will identify and annually update the quality measures beginning no later than January 1, 2024, and annually no later than January 1 thereafter. In issuing the annual guidance, the Secretary may consider the level of difficulty in accessing the data required for reporting and may provide that reporting will be voluntary for a specific year. 
• Will CMS establish data stratification rules for these measures? 
  Yes. In considering which measures, and by which factors (such as race, ethnicity, sex, age, rural/urban status, disability, language, or other factors) states must report stratified measures, the Secretary of HHS will consider whether stratification can be accomplished based on valid statistical methods. Other considerations include whether stratification will not risk a violation of beneficiaries’ privacy and whether the original survey instrument collects the variables necessary to stratify the measures. The rollout of stratification requirements will begin by the second year of annual reporting after the effective date of these regulations and increase yearly. By the fifth year of annual reporting after the effective date of these regulations, 100% of measures will be stratified.      
• Will CMS make the reporting information publicly available? 
  Yes. CMS will make the Core Sets information publicly available not later than September 30, 2025, and annually by September 30 thereafter. 

Centers for Medicare & Medicaid Services Core Set resources

• Centers for Medicare & Medicaid Services. Subpart A-Child, Adult, and Health Home Quality Measures. 88 Fed. Reg. 60105 (2023) (to be codified at 42 CFR Section 437 Subpart A). Accessed at Federal Register: Medicaid Program and CHIP; Mandatory Medicaid and Children's Health Insurance Program (CHIP) Core Set Reporting
• Centers for Medicare & Medicaid Services. FFP for design, development, installation or enhancement of mechanized processing and information retrieval systems. 88 Fed. Reg. 60105 (2023) (to be codified at 42 CFR Section 433.112(b)(12)). Accessed at Federal Register:
  Medicaid Program and CHIP; Mandatory Medicaid and Children's Health Insurance Program (CHIP) Core Set Reporting
• Centers for Medicare & Medicaid Services. Reporting measures on Health Care Quality Measures. 88 Fed. Reg. 60105 (2023) (to be codified at 42 CFR Section 437.20). Accessed at Federal Register: Medicaid Program and CHIP; Mandatory Medicaid and Children's Health Insurance Program (CHIP) Core Set Reporting
• Centers for Medicare & Medicaid Services. 2024 Core Set of Adult Health Quality Measures for Medicaid (Adult Core Set). 
• Centers for Medicare & Medicaid Services. 2024 Mandatory Core Set of Children’s Health Care Quality Measures for Medicaid and CHIP (Child Core Set). 
• Centers for Medicare & Medicaid Services. Proposed 2024 Core Set of Health Care Quality Measures for 1954A Health Home Programs (1945A Health Home Core Set). 

If you have questions about the Core Measure Sets for Medicaid or need guidance in complying with these reporting requirements, please contact Robyn Hoffmann or Ethan Wiley.

Read this if you are in management, the C-suite, or on the board of an organization and interested in ESG.

Don’t you just love a good acronym? This one—ESG—has been getting a lot of attention, and for good reason. Increasingly, surveys and research show that organizations who successfully integrate Environmental, Social, and Governance (ESG) into their business strategy and practices experience better returns on investment, higher employee engagement and retention rates, and increased loyalty among their customers and stakeholders. Whether you are new to the concept, consider yourself an expert, or find yourself somewhere in between, rest assured you are in good company! In this article, we’ll review some quick basics on ESG, share what you need to know about ESG, and provide guidance on how to make the most of your ESG initiatives.

ESG meaning: What ESG is and why it matters

Think of ESG as an umbrella—an overarching framework for understanding an organization’s impact, risks, and opportunities in each of the three main areas. Conceptualized in the mid-2000s, ESG was intended to shine a light on businesses engaged in environmental, social, and governance practices that investors increasingly wanted to support. 

Considerations in each of the three main areas include, but are not limited to:

1. Environmental—focuses on an organization’s impact on the planet, including energy use and emissions, climate risk, land protection, and water use
2. Social—focuses on the ways organizations treat people, including diversity, equity, and inclusion policies, health and safety, data privacy, and well-being
3. Governance—focuses on the structural components of an organization that impact decision-making and oversight, including policies, procedures, controls, leadership diversity, executive compensation, and ethics

ESG investing trends

ESG has come into sharper focus over the past few years as investors and consumers increasingly want to buy stock in, financially support, and conduct business with organizations who are making positive differences in these areas. Globally, “green investing” has grown over 100 times in the past 10 years from $5.2 billion in 2012 to over $540 billion in 2021. 

While trends in green investing are a good way to gauge interest in and demand for ESG-forward efforts, there is also a growing body of research suggesting that organizations that are genuine and transparent in these areas are often more successful than their counterparts. Surveys also show the increased importance of ESG in consumer behavior, suggesting that ESG is one of the key drivers for younger generations in their decisions not only about investments, purchases, and donations of time and money, but also where and for whom they want to work. 

ESG strategy: Questions to consider when getting started

Those who understand ESG know how important it is for organizations to start discussions around it. If you’re getting started, consider these questions:

1. Who are the stakeholders of my organization and how does ESG impact them?
2. How does our mission tie into our communities, both locally and further afield?
3. Do we need to report on our ESG initiatives now? In the future?

ESG is broad. Chances are good you’ll discover key aspects of your professional life are touched by ESG already—maybe without you having realized it. As you continue to explore what ESG means to your organization and stakeholders, consider these additional questions:

1. What are we already doing in the organization that falls within the ESG framework?
2. Do we have sufficient insight into ESG-related initiatives across the organization?
3. Are these initiatives, policies, and activities aligned with our overall ESG strategy? 
4. Do we have any gaps in ESG? Are there areas we want to develop further?

How to advance ESG at your organization

For many organizations, ESG is quickly becoming a business imperative. Not only because of the growing number of investors, customers, employees, business partners, and other stakeholders who want to engage with organizations who align with their values, but also because of the body of new reporting and regulatory requirements currently under development. 

As ESG has so many areas to explore, it can be an overwhelming endeavor to tackle. How much or how little you want to invest in ESG is a complex decision. For this reason, successful ESG programs are most often those with direct leadership support, borne from an intentional strategy that connects to business goals. 

There is no single point of entry to begin your organization’s ESG journey. While one organization may have ESG in their cultural DNA, another may begin by disclosing their energy ratings because a significant business partner or prospect requires it. Another company may begin with formal reporting, and then realize they need a unifying strategy to help measure their progress and evolve their approach as needed. 

If you are just starting out, stalled in your progress, or need support for more advanced initiatives, our team of professionals can help you assess, strategize, prioritize, and progress your ESG program. Please don’t hesitate to contact us to ask questions and discuss your specific situation. Your BerryDunn team is here to help. 

For further exploration: ESG content and resources

• ESG and nonprofits: Where to start
• Well-being maturity model assessment tool
• Climate scenario analysis exercise and your bank's portfolio 
• Value creation and ESG: Building a better future—and business
• Propelling along the ESG spectrum: Four considerations for your financial institution
• A commitment to DEI
• BerryDunn ESG resource page

The online gaming and sportsbook industries had a market size of $90 billion in 2022. With such a large market comes a greater focus on the systems, processes, and controls that need to be in place to maintain proper security, privacy, and operational integrity. Similarly, regulations like the General Data Protection Regulation (GDPR), Anti-Money Laundering (AML), and state-specific privacy and cybersecurity laws continually add more complexity to requirements for gaming and sportsbook providers and their partners.

In such a heavily regulated industry, it is essential that gaming and sportsbook providers have the resources and professional advice needed for obtaining and maintaining compliance. By understanding the similarities between the American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC) compliance and International Standard on Assurance Engagements (ISAE) standards, gaming and sportsbook providers can better establish their controls and procedures to satisfy attestations standards.

Understanding SOC compliance and ISAE standards for gaming and sportsbooks

SOC and ISAE standards share similarities in terms of their focus on control environments, managing risk, and information assurance.

SOC 1 and ISAE 3402

ISAE 3402 and SOC 1 reports relate solely to controls at a service organization that impact the user entity’s internal controls over financial reporting. With the mindset that the developed set of internal controls must be specific to internal controls over financial reporting, the control objectives and related control activities typically include organizational, operational management and monitoring, change management, network and logical security, and processing controls.

SOC 2 and ISAE 3000

ISAE 3000 is the internal standard for reporting non-financial information, issued by the International Federation of Accountants (IFAC). SOC 2 reports are based on Trust Services Criteria (TSC) where specific security, availability, confidentiality, processing integrity, and privacy principles are defined. These reports are able to be focused on which specific TSCs are relevant depending on the needs and requirements of your gaming and sportsbook organization.

Why are SOC audits important for gaming and sportsbook providers?

Establishing trust: By undergoing SOC audits, gaming and sportsbook providers can demonstrate their commitment to protecting customer and business partners’ data, ensuring secure online transactions, and maintaining the integrity of their systems. SOC audits validate the effectiveness of security controls, instilling confidence and trust in both customers and regulatory bodies.

Regulatory compliance: The gaming and sports betting industries operate within a heavily regulated landscape. SOC audits, with their alignment to relevant regulations and industry best practices, aid gaming and sportsbook providers in meeting compliance requirements. Compliance with data protection laws, financial regulations, and gambling industry standards is crucial for maintaining licenses and avoiding legal penalties.

Strengthening security measures: SOC 2 audits provide a comprehensive evaluation of gaming and sportsbook providers' security controls, risk management practices, and incident response procedures. By identifying vulnerabilities and weaknesses, SOC audits enable providers to strengthen their security measures, protecting against data breaches, cyber threats, and fraudulent activities.

Enhancing operational efficiency: SOC audits help gaming and sportsbook providers streamline their operational processes and improve efficiency. By evaluating internal controls, the audits may help identify areas for optimization, reducing the risk of errors, mismanagement, or inefficiencies. Enhanced operational efficiency leads to improved customer experiences, streamlined workflows, and effective resource allocation.

SOC reports allow gaming and sportsbook companies the ability to provide their customers with an independent attestation of their internal controls around the processing of wagers, bets, and payouts. SOC audits allow providers to demonstrate their security, availability, confidentiality, processing integrity, and/or privacy commitments.

BerryDunn’s Technology Assurance Team has more than 25 years of specialized experience in providing auditing services to casinos, sportsbooks, and their providers. We provide industry-leading knowledge including an in-depth understanding of standards, regulations, and compliances, as well as a commitment to meet the evolving needs of our current and future clients. Throughout the years, our team has cultivated a robust understanding of what an ideal control environment looks like for our casino and sportsbook industry clients, and we can help you get there. Contact our team to learn more.

Read this if you work with the chargemaster or have revenue-generating oversight at your hospital or organization.

In general, very few people get excited about maintaining their chargemaster, aka the charge description master, or CDM. There are some people who are exceptions to the rule, however, and these people (who hold a special place in my heart) are all too familiar with the supply charge conundrum of what is or what is not separately chargeable. 

Routine supplies are not separately billable and are items included in the general cost of the room or procedure. The industry is aligned on classifying certain items, such as gowns and gloves, as routine supplies. However, there are 10-fold or more items that providers and payors lack agreement on as to how they should be classified, which can be challenging to reconcile.

Almost every commercial payor policy states that they will not pay for routine supplies. These policies continue to evolve in the direction of excluding more and more items as separately chargeable. If excluded supply items make it through claim processes, payor auditors will undoubtedly be looking to take back these payments. Percent of charge contracts are the most significant risk for takebacks, but these charges may also impact outlier and other payments.

A good example of this is oxygen, an item that many hospitals historically have and continue to charge separately. Medicare’s policies allow this charge. Conversely, an increasing number of commercial plans specifically state that oxygen is not separately chargeable. For hospitals that charge/charged oxygen, the annual charges are/were significant. If the hospital has/had a percent of charge contracts, the actual net charge tied to oxygen is meaningful. This creates a difficult challenge where the charges can't just be stopped and shifted to room and board or other procedures. 

Best practices to optimize your chargemaster

Hospitals should not look at a supply or group of supplies myopically. First, the hospital needs policies and procedures that determine what is or is not a routine supply and what is included in the room and board rate. These foundational policies are often missing or out-of-date with the realities of modern healthcare. The next step is to update or develop pricing policies and procedures that support the supply and room rate policy. Pricing policies are essential for pricing transparency, commercial payor contracting, and defending charges during an audit.

Changing pricing (and associated policies) requires planning and in-depth modeling. Price changes can and will have implications for contracted payors, regulatory requirements, pricing transparency, contractual models, and the bottom line. 

Major changes should be part of a hospital’s annual price change plan. Pricing changes are all too often viewed as an annual exercise and treated as such. This is not a best practice. Hospitals should have a multi-year pricing strategy that incorporates managed care contracting strategies, market planning, and other factors. The need to change supply charge policies should be part of this plan. Very few hospitals can or should adopt a major supply policy change in one year. The financial implications and contract constraints do not allow the math to work, as moving all these charges to other procedures would cause a loss of net revenue or create charges that do not align with competitors or the industry.

The path to a defensible pricing strategy that protects revenue generated from supplies that may or may not be incidental requires an in-depth charge master analysis coupled with advanced modeling. There are costs associated with these processes (internal time and/or consultant support). However, the increased cost associated with a reactive approach to supply policies and pricing is a much bigger financial risk.

BerryDunn’s team of reimbursement, chargemaster, and defensible pricing consultants are available to answer questions and to provide assistance.

Read this if you are thinking of implementing a new software solution at your agency and want to learn more about System and Organization Controls (SOC).

As I was recently reviewing vendor responses to a client’s request for proposals that we helped develop, I was wondering what kind of industry standards are available for software development. And does each software vendor follow these standards? As it turns out, there is an industry standard. I checked in with our IT Assurance team who told me about the industry standards known as SOC reports. 

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 1 and SOC 2 reports help software providers demonstrate that they have strong internal controls in place. A SOC 1 report covers Internal Controls over Financial Reporting (ICFR) and is ideal for organizations that process data or provide services critical to their customers' financial reporting. SOC 2 reports are intended to provide detailed information and assurance about the controls at a service organization relevant to five Trust Service Criteria (TSC) (Security, Availability, Processing Integrity, Confidentiality, and Privacy). 

Benefits of SOC 1 and SOC 2 reports

Both SOC 1 and SOC 2 reports are highly effective tools that you can use to indicate maturity in security and software development life cycle internal controls. For example, a robust SOC 1 and/or SOC 2 report can illustrate the maturity of an organization's controls by including tests on the development and approval processes for each software code change. If reviews and approvals are not tested in the report, it can be a red flag that the organization may not have a structured and consistent process in place. In that scenario, there is a risk that software developers have the freedom to write code without proper quality controls. SOC reports are ideal for organizations that receive requests from clients to provide more clarity on the internal controls the organization has in place to protect client information and help ensure system availability and data integrity.

By not having a vendor SOC review process in place, your organization puts itself at risk, as any software that you purchase is vulnerable to data integrity and security issues. Each SOC report is the result of an audit by a CPA firm that provides an independent attestation of the internal controls in place at the software organization. Reviewing the results of the audit helps users of the software understand the controls in place to help ensure the software developed functions as intended and data that the software may hold is secure. This extra level of security gives your customers peace of mind and confidence knowing their information is secure and protected against future vulnerabilities.

SOC resources for justice and public safety agencies 

In the justice and public safety realm, a SOC report can be a valuable component when evaluating software vendors during system selection projects. The SOC review can make sure that the software vendors follow industry standards, and that any new software meets those criteria. It can also help you better understand your internal controls—and how your agency is prepared for risk. 

A SOC report and evaluation can strengthen your vendor due diligence process to help determine the best software vendor for your needs. Our team has developed checklists to help you identify the key areas of attention as you review SOC reports, and you can download them here. 

Please contact the Justice and Public Safety team or the IT Assurance team if you would like to know more about SOC reports or if you have questions about ways to protect your agency from poor software development practices. 

Read this if you are a state public health agency or a key interested party in state public health data systems design, development, and implementation.

In recent years, addressing disease risk through mitigation of Social Determinants of Health (SDOH) has become a shared goal between public health and the Centers for Medicare & Medicaid Services (CMS), bringing these agencies into the limelight for efforts to reduce healthcare costs, mitigate disease, and improve the health of the population. Efforts include leveraging Health Information Technology (HIT) and data sharing for electronic reporting of disease surveillance data, lab data, and health registry data. To do this, state agencies need to develop, enhance, or procure capable data systems and identify funding sources to support this work. With the number and size of data system enhancements needed and the fluctuations of public health funding, public health agencies need long-term, sustainable funding sources.

CMS policies and initiatives such as Electronic Health Record (EHR) Incentives, 21st Century Cures Act, Promoting Interoperability, and Medicaid Enterprise Systems (MES) are consistently, and sustainably funded through federal allocations to support HIT design, development, and implementation. When state Medicaid programs and public health agencies are able to identify shared goals and electronic reporting needs, joint efforts can tap into the same federal funding sources used by CMS to support the design, development, and implementation of public health data systems. State public health agencies who want or need to leverage this opportunity for federal funding will need to build or strengthen partnerships with their state Medicaid offices to learn more about applying for funding by submitting an updated Advance Planning Document (APD).

What is the Medicaid Enterprise System (MES)?

The MES is a modernized, state-based Medicaid Management Information System (MMIS) that uses modules to support enterprise-level systems interoperability. The MES is designed to help states efficiently manage and deliver Medicaid-funded services to their eligible populations and streamline interoperability across healthcare providers and regulatory agencies, including public health agencies. The development and adoption of the MES is part of CMS’s Promoting Interoperability Program.

The Promoting Interoperability Program and the development of the MES modules are built upon past programs for healthcare provider EHR incentives. These programs funded certified EHR system enhancements to electronically report health and billing information to state and federal agencies. As part of Promoting Interoperability, the reporting requirements have been updated to include electronic health information exchange and exchanging data with public health agencies. For calendar year 2023, CMS-certified systems are required to report on four scored objectives and their measures:

• Electronic prescribing
• Health Information Exchange (HIE)
• Provider to Patient Exchange
• Public Health and Clinical Data Exchange

The Public Health and Clinical Data Exchange objective requires that eligible hospitals and CMS-qualified providers actively engage with a public health agency or clinical data registry to submit electronic public health data. Data submission requirements for the Public Health and Clinical Data Exchange Objective may include the following:

• Immunization registry reporting
• Syndromic surveillance reporting
• Specialized registry reporting for either public health registries or clinical registries
• Electronic reportable laboratory results reporting
• Electronic case reporting
• Funding public health systems development

With the addition of the Public Health and Clinical Data Exchange objective, healthcare providers and state agencies are eligible for federal funding to support HIT systems design, development, and implementation. While several public health infrastructure and data modernization funding opportunities are available, MES federal funding can be leveraged to cover the costs of system enhancement, thus freeing up other funding sources to support modernized data management and use. As an example, MES funding can support immunization registry development while public health infrastructure funding supports data visualization tools and integration.

To apply for federal funding, state public health agencies will need to partner closely with their state Medicaid offices to understand their current and past APD processes, submissions, and approvals. Collaboration between Medicaid offices and state public health agencies is critical for this process since the APD submission and approval process is managed by CMS regional offices. The public health field is plagued by siloed programs and data systems that challenge collaboration efforts. Cross-agency collaboration between public health and Medicaid can be an additional challenge, but not one that cannot be overcome.

If you have any questions, please contact BerryDunn’s Public Health or Medicaid consulting teams for Public Health and/or Medicaid Agencies. We’re here to help!