Compliance policies: Are we having fun yet?

Read this if you are a primary care provider, leader, or administrator in a primary care practice or hospital ownership setting.  

Valuing primary care providers

One doesn’t have to venture far into healthcare headlines over the past two decades to find robust discussions about healthcare worker shortages, and more recently, provider well-being. In this sad new world of low satisfaction and increasing burnout, leaders and administrators across the healthcare delivery spectrum are struggling to find ways to make provider happiness a priority. Nowhere is this felt more acutely than in primary care. So, it begs the question, how are we—as healthcare administrators and strategic leaders—valuing our primary care providers?

The idea that volume or incentive-based compensation models will solve all motivation and productivity concerns is neither realistic nor sustainable. Typical models champion wRVUs and maybe some patient/procedure per hour/day metrics, but are these compelling for primary care providers? We need to remember that many of these practitioners made the conscious decision to practice in primary care, which was not likely driven by a desire for high income. In fact, making the motivation all about financial incentives can often backfire. While it may potentially or temporarily increase or “improve” results, it is often at the cost of patient care and can ignite further burnout.

Conversations with primary care providers

Actively listen to the physicians and associate providers in your organization and you will quickly hear how important it is to recognize the complexity of their patient population. But being heard is just the starting point. Conversations with providers need to lead to an organizational investment in metrics that show that you value and care about what your primary care providers value and care about. This cannot be overstated or underestimated.

Empanelment (or “panelization”) is a fundamental metric for any organization with a primary care presence of any significance, and this metric should be shared with those primary care providers. Transparent reporting in this metric alone would be a sea change for many in our current environment.

Measurement for measurement's sake is not enough

But measurement for measurement’s sake is not enough, because if we are measuring something, we need a goal we are seeking to achieve. Knowing (or thinking we know) the right size panel for our providers is not a simple answer. Every community is different, and as any provider will tell you, they each have different mixes of complexity. They may see a drastically different patient population than even the provider with whom they share an office, so measuring all patients equally is not a valid approach.

Empanelment is as complex as each patient when we consider socio-economic factors, chronic conditions, and other determinants of health. Each patient is unique and has a unique level of complexity related to their care, so treating each patient like a ‘1’ simply doesn’t work. Complexity demands differentiation of some sort to better communicate and manage the workload involved. This is why weighted empanelment—assigning a comparative value per patient in order to reflect appropriate complexity—is so helpful. Many organizations have developed their own weighted models for years, often with mixed results. Because as soon as we believe we have solved a problem, a new one is created. Now we have to decide what criteria determines complexity, and how that will actually be calculated. Once that is done, we realize that the output has to be validated, repeatable, and most importantly, it needs to be comparable. 

Historically, most chosen criteria are either incredibly hard to track, impossible to validate, or a painful mixture of both! Over the last twenty years or so, weighted empanelment models and methods have been built, scrapped, used on a limited basis or for limited purpose, and are often very burdensome to manage or duplicate.

Research-verified weighted panel calculations

BerryDunn has helped healthcare delivery organizations operationalize research-verified weighted panel calculations: one building block toward a better model that fits the value-based future, brings insight to both providers and administrators, and creates value in the communities they serve.  

Our model is easy to implement and understand, providing organizations with an important tool and metric that can be used to effect needed change to drive and enable an improved administration-provider relationship.

If you have any questions regarding the information in this article or would like to have a conversation about primary care provider empanelment or provider compensation and productivity, please contact Markes Wilson.

Read this if you are interested in grant compliance in healthcare. 

This is a companion article to the podcast, Mitigating the compliance and revenue integrity risk of grant funded healthcare programs.

The BerryDunn Healthcare Practice Group boasts professionals who have expertise all across the spectrum of healthcare, including regulatory, revenue, integrity, general compliance, and risk management issues. This article covers the very specific arena of grant compliance affecting many of BerryDunn’s healthcare, not-for-profit, and government clients.

After starting as a newly minted MBA financial analyst with an academic medical center in Northern New England, I (Markes) worked my way into the world of grants and contracts supported by my interest in federal regulations and the non-clinical revenue streams. Fascinated to navigate through waters where it seemed no one was the expert, or really had the time or patience to figure things out, I worked to stand up a grant office in finance on the hospital side, separate from the medical school which was the usual repository for grant funding. We moved this direction because hospital leadership realized grant funding was tipping toward the clinical setting and was less focused on bench or clinical research. Put another way, less NIH and more CDC, HRSA, and CMS.

BerryDunn Senior Manager Regina Mathieson advises, “wherever there is complexity, there is compliance risk.” Whether from a federal agency like HHS, HRSA, NIH, or CDC, a state Medicaid program, foundation, or private source, grants always come with requirements, typically very specific requirements. Because the dollars are being ‘given’, those requirements for how the funds are used may be much more restrictive than loans.

Like other areas of regulatory compliance, it is reasonable to assume that grant programs often have compliance gaps that go unnoticed. For many of our clients, both in healthcare and not-for-profit, and in the government space, grant revenue has become a significant source of funding. Any kind of healthcare delivery organization, including academic medical centers, federally qualified health centers, community hospitals, behavioral health service organizations, home health providers, visiting nurse associations, and others can end up with significant portions of their income for the year being sourced by federal grants.

Grant compliance categories

We all can’t be experts in every domain of regulatory compliance, and grant compliance has a lot of breadth. Thankfully, at BerryDunn, we have a team of grant experts who work collaboratively across practice groups. When I was working on setting up the grant office and establishing a proprietary clinical FTE reporting process and system earlier in my career, I would have greatly benefited from the perspectives of other experts at the table.

When we think about grant compliance, four categories are helpful to keep in mind:

1. Restricted funding
2. Single audit
3. Indirect rate
4. Time and effort

Restricted funding

Firstly, and most universally understood and applied is that grant monies are, pretty much by definition, restricted. Aside from very specific and rare instances of monies being granted to beneficiaries who have no responsibility, all grant funding is awarded with the expectation that the funds will be expended in a specific way. 

Any funder, from the federal government to your local community organization like the Lions Club or the VFW, will likely require individuals and entities awarded a grant must promise to use the funds only for the purpose laid out in the award and proposal. Compliance with grant terms typically includes following the requested reporting requirements of that funder as well. Though this category may sound obvious, it's actually pretty far-reaching, as it usually affects sub-recipients (those entities who are partnered with the direct recipient to accomplish the grant purpose). For example, where the money goes after the initial awardee receives it, or rules about who can do the work, what type of organization, how you choose a vendor, etc.—all sorts of categories.

It should be noted that many of these grant award requirements are not dissimilar from work we already do in the healthcare compliance space to assist our clients in avoiding anti-kickback statutes and Stark risks. This is because grant compliance is grounded in the same basic concepts—no favoritism, no bribes or shady deals, and avoiding fraud, waste, and abuse. Especially if you're spending federal monies, you need to prove that you choose the vendor based on verifiable best practices, and consideration was afforded to organizations owned by women, veterans, and minorities.

Single audit 

The second category, Single Audit, is applicable to all federal funding of $750,000 or more annually. My colleague from BerryDunn’s Not-for-Profit practice group, Katie Balukas, explains: 

"The federal Single Audit Act is a requirement for entities to undergo an independent financial and compliance audit when the entity has expended over $750,000 in federal awards. These audits are conducted following guidance issued through the Governmental Auditing Standards and the United States Office of Management and Budgets' Uniform Guidance. The main focus of the compliance audit is to assess the entity's compliance with the requirements set forth by the federal agency that administered the grant funds. That includes, but is not limited to determining if the funds were utilized for allowable costs and activities and expanded within the proper grant period and that the reporting and performance objectives were met."

It is important to note that adequate, appropriately scaled internal resources are essential for any organization receiving grants and even more so with larger grants. Though the phrase has been overused, it really does “take a village”. Grant management isn't something an organization should do on the side, assigning grant accounting to someone who already has a full-time role, but unfortunately this is common and also unfortunate because under resourcing tends to lead to compliance concerns, as well as just plain old poor funding management. 

Indirect rate

Speaking of funding, the third type of grant compliance is very focused on a component of the grant world that really has a life of its own: The indirect rate. Though there is an accounting definition of ‘indirect’, the way it is defined regarding grant funding is pretty specific, and there is an entire body of work organizations undertake to get a federally approved indirect rate.

There's an awful lot to think about with the indirect rate. On the one hand, you could say it's pretty simple. For example, a lot of foundation funders and even some federal funders will offer you a 5% or 10% indirect rate without any need to make a calculation. That's because they know that if you take time to do the math, you'll come up with a number much higher than 5% or 10%. When it comes to federal grants and healthcare services organizations, the indirect rate is dependent on how an organization measures costs. For hospitals, of course, the method of measurement is driven by the Medicare cost report, and that's where we would do the fancy math to derive the indirect rate. But the reality is far from simple or straightforward. 

Time and effort

The fourth and final area of grant compliance, time and effort, is also the one I'm actually most passionate about and is probably the most minimized, or at the very least, misapplied. 

In one way, “time & effort” is exactly what it sounds like. Much of granted dollars, especially from the federal government, get appropriately spent on program staff. The challenge is to match time and effort to those dollars, but that isn't as clear as it sounds, because the standard way of measuring staff time is usually in a payroll system of some sort, which can't prove how time was spent.

Most payroll systems can be programmed to account for FTE (full-time equivalent) allocations; however, there is often a breakdown between theory and practice. Putting allocations into payroll, usually done without employee interaction, may show how an employee “should” spend their time, but it is really no guarantee that that's actually how they're spending their time.

So how does the organization typically go about assuring that? Now, I don't want to speak for everyone, but let's just say I happen to know that there's a place for two or three (or maybe 10,000) that basically put allocations into payroll, and then, unfortunately, often well after the fact and/or more than once, send that allocation to the employee to sign off on without really any option to disagree, or even to modify. We all know that is not compliant…but in the organization's defense, there really haven't been very good alternatives to that kind of woeful and frustrating process, at least none that have been widely shared or understood.

As often is the case in the compliance world, rules are not followed because there is no perceived risk, but that is not a winning strategy.

Though many people involved in grant management do not have any experience or even knowledge of time and effort violations meeting with any consequences, organization interest and grant compliance have more implications than just preventing front page news. What I find in the conversations with organizations, both large and small, is that loose time and effort management costs the organization in two major ways. 

Firstly, it is inefficient to scramble around at the close of each federal grant to fix time and effort allocations. The extra time spent by grant staff, project coordinators, managers, and the finance team to sort things out because they didn't get them right the first time is the worst kind of inefficient—poor use of time with an equally poor outcome. 

Secondly, loose time and effort is costly in direct salary dollars. Most grant staff are not dedicated to one project, so we need to consider the value of their other work. Whether that is on other grants or, for example, seeing patients in the clinic as many principal investigators in healthcare do, having inaccurate or fluctuating understandings of their ability costs the organization directly in wasted salary dollars or indirectly as the opportunity cost of those providers (or other roles in other organizations). 

Digging in and fixing these issues is the work I really enjoy. It's relatively simple to build a compliant model, whether that requires very little payroll redo and is just a simple recurring attestation process in built in Excel, or more complex integrated models with triggered attestations in PDF format in a database that manages the overall FTE of principal investigators. It might even drive the available clinical provider time. It can all be done. We just need to know what the goal is. 

Working in this space so rewarding, because like so much of compliance, it's about doing something better—not just being compliant—but setting organizations up to better meet their goals and fulfill their mission.

The compliance or accounting professional might still ask, “But why aren’t payroll allocations sufficient for meeting Uniform Guidance?” The truth is, when UG came into effect and superseded the A-110, 122, 133, and others, the bar was effectively lowered. Historically, organizations abiding by the old OMB circulars had to make an attestation at least twice a year, which doesn’t really seem helpful, as who can accurately allocate their time from 5 or 6 months ago? So UG did away with the timeframe reference, relying on the idea that the payroll allocations and distributions would be all that would be needed, and in the absence of those, a monthly ‘look back’ by professional staff would be in order.

I say all this, because as a result, the interpretation of ‘payroll allocations’ then becomes the standard and we have forgotten about the other elements spoken of in the regulation. Remember, for anyone salaried (the vast majority of physicians and most of the higher level grant personnel), the ‘payroll allocation’ doesn’t pass muster. It is a static allocation that has no mooring in actual activity. This is why UG calls for monthly “current and reasonable estimates” of time and effort.

So what can organizations do in response? They need to seek a solution, a process, and a method that will both pass audit muster, as well as help the organization properly manage their resources. Almost every organization manages their productivity and finances on a regular basis: monthly! That’s why the same standard should apply to grant time and effort management. It's much more reasonable to ask you how you spent your effort this month, asking you to make a reasonable estimate of your time allocations to the different efforts you worked on.

So to summarize, the four key areas of grant compliance are (1) grants are restricted funding, (2) single audit requirement for federal funding over $750,000 annually, (3) the indirect rate and related agreement, and (4) time and effort.

Of course, I would be remiss to not point out that undergirding all this is the organization’s approach to policy. Any organization that considers grant funding a regular piece of their annual income needs to have dedicated grant management policies, covering all of the above topics, with particular focus on those arenas that are unique to the world of federal funding, and being mindful to follow or otherwise update for changes in processes and/or regulations.

Final takeaways: 

• First, what grant focused infrastructure do you have in place? If you are subject to a single audit, there should be dedicated administrative grant staff. And I don’t mean the programmatic people actually working on the grant, but people outside the grant funding—also why you have an indirect rate. 
• Second, how are you handling time and effort? If the process relies on any long after-the-fact attestations or payroll-generated reporting, it is unlikely to be truly following the spirit…or the letter…of Uniform Guidance. 
• Third, review your policies regarding grants. You may not actually have policies focused on grant activities, leaving them under ‘general finance’. That isn’t sufficient to cover federal funding requirements. Many have grant policies in place, but are they actually being followed through the lifecycle of your grant programs? 
• Lastly, the grant world is a whole ball game unto itself. BerryDunn has some great resources internally to offer assistance in all phases of grant management and administration. 

Benchmarking doesn’t need to be time and resource consuming. Read on for four simple steps you can take to improve efficiency and maximize resources.

Stop us if you’ve heard this one before (from your Board of Trustees or Finance Committee): “I wish there was a way we could benchmark ourselves against our competitors.”

Have you ever wrestled with how to benchmark? Or struggled to identify what the Board wants to measure? Organizations can fall short on implementing effective methods to benchmark accurately. The good news? With a planned approach, you can overcome traditional obstacles and create tools to increase efficiency, improve operations and reporting, and maintain and monitor a comfortable risk level. All of this can help create a competitive advantage — and it  isn’t as hard as you might think.

Even with a structured process, remember that benchmarking data has pitfalls, including:

• Peer data can be difficult to find. Some industries are better than others at tracking this information. Some collect too much data that isn’t relevant, making it hard to find the data that is.
   
• The data can be dated. By the time you close your books for the year and data is available, you’re at least six months into the next fiscal year. Knowing this, you can still build year-over-year trending models that you can measure consistently.
   
• The underlying data may be tainted. As much as we’d like to rely on financial data from other organization and industry surveys, there’s no guarantee that all participants have applied accounting principles consistently, or calculated inputs (e.g., full-time equivalents) in the same way, making comparisons inaccurate.

Despite these pitfalls, benchmarking is a useful tool for your organization. Benchmarking lets you take stock of your current financial condition and risk profile, identify areas for improvement and find a realistic and measurable plan to strengthen your organization.

Here are four steps to take to start a successful benchmarking program and overcome these pitfalls:

1. Benchmark against yourself. Use year-over-year and month-to-month data to identify trends, inconsistencies and unexplained changes. Once you have the information, you can see where you want to direct improvement efforts.
2. Look to industry/peer data. We’d love to tell you that all financial statements and survey inputs are created equally, but we can’t. By understanding the source of your information, and the potential strengths and weaknesses in the data (e.g., too few peers, different size organizations and markets, etc.), you will better know how to use it. Understanding the data source allows you to weigh metrics that are more susceptible to inconsistencies.

3. Identify what is important to your organization and focus on it. Remove data points that have little relevance for your organization. Trying to address too many measures is one of the primary reasons benchmarking fails. Identify key metrics you will target, and watch them over time. Remember, keeping it simple allows you to put resources where you need them most.

4. Use the data as a tool to guide decisions. Identify aspects of the organization that lie beyond your risk tolerance and then define specific steps for improvement.

Once you take these steps, you can add other measurement strategies, including stress testing, monthly reporting, and use in budgeting and forecasting. By taking the time to create and use an effective methodology, this competitive advantage can be yours. Want to learn more? Check out our resources for not-for-profit organizations here.

Read this if you are responsible for cybersecurity or are a member of a board of directors for a company or a nonprofit organization.

I recently joined the board of directors of a local nonprofit organization that addresses homelessness and food insecurity in our community. While it is a larger, well-established organization, it still needed cybersecurity support. For me, it is a meaningful way to give back using my expertise while improving the risk posture and security practices of the organization. In my opinion, the most critical area any board of directors should be addressing, along with establishing and mitigating risk, is incident preparedness. The board should require and receive reports on incident management programs, and if they are in place, they should be tested on a frequent basis. 

The board’s role in the oversight of organizational risk is increasingly complicated by cybersecurity concerns. Cybersecurity risk is pervasive and will affect companies and nonprofit organizations in a variety of ways. The responsibility for detailed cyber risk oversight within the board should be well documented and communicated, and may often touch various committees across the board, including but not limited to risk, audit, and compliance. With the increasing complexity surrounding cybersecurity, it is also important for the board to evaluate existing experience and skills, identify gaps, and address those gaps through succession planning or leveraging advisors.

For nonprofit boards, having an expert with cybersecurity skills as a board member may bring in needed guidance and expertise to an organization that may have limited resources, but is impacted by cybersecurity risks. It can be a valuable way to bring in advisory and oversight where it may be needed.

Additionally, all directors need to maintain continual knowledge about evolving cyber issues and management’s plans for allocating resources with respect to preparedness in responding to cyber risks. Such knowledge helps boards assess the priority-driven and investment decisions put forth by management needed in critical areas.

Here are some critical questions that boards and management should be considering with respect to mitigating cybersecurity risks for their organizations. They may be useful as a starting point for boards to use in their discussions and as a guide when looking at their oversight of management’s plans for addressing potential cyber risks.

General

• What is the threat profile and risk tolerance of our organization based on our business model and the type of data our organization holds?
• Is the cyber risk management plan documented, including the identification, protection, and disposal of data?
• Has the cyber risk management plan been tested?
• Does our organization’s cybersecurity strategy align with our threat profile and risk tolerance?
• Is our cybersecurity risk viewed as an enterprise-wide issue and incorporated into our overall risk identification, management, and mitigation process?
• What percentage of our IT budget is dedicated to cybersecurity?
• Does that allocation conform to industry standards?
• Is it adequate based on our threat profile?
• What are the stakeholder demands and priorities for cybersecurity? Data privacy? Data governance? What interactions has the company or board had with shareholders regarding cybersecurity?
• What is the interaction model between senior management and the board for communications regarding cybersecurity?
• Has the regulatory focus on the board’s cybersecurity responsibility been increasing? If so, what is driving that focus?

Board cybersecurity oversight

• How is oversight of cybersecurity structured (committee vs. full board) and why? Is this structure well documented in the appropriate governance charters?
• Is cybersecurity an area considered and reported as a director competency? If so, have skill/experience gaps been identified together with plans to resolve those gaps?
• Is there a cybersecurity expert on the board?

Overall cybersecurity strategy

• Does the board play an active part in determining an organization’s cybersecurity strategy?
• What are the key elements of a good cybersecurity strategy?
• Is the organization’s cybersecurity preparedness receiving the appropriate level of time and attention from management and the board (or appropriate board committee)?
• How do management and the board (or appropriate board committee) make this process part of the organization’s enterprise-wide governance framework?
• How do management and the board (or appropriate board committee) support improvements to the organization’s process for conducting a cybersecurity assessment?

Risk assessment: risk profile

• What are the potential cyber threats to the organization?
• Who is responsible for management oversight of cyber risk?
• Has a formal cyber assessment been performed? Does it need to be updated?
• Do management and the board understand the organization’s vulnerabilities and how it may be targeted for cyber-attacks?
• What do the results of the cybersecurity assessment mean to the organization as it looks at its overall risk profile?
• Is management regularly updating the organization’s inherent risk profile to reflect changes in activities, services, and products?

Risk assessment: cyber maturity oversight

• Who is accountable for assessing, managing, and monitoring the risks posed by changes to the business strategy or technology, and are those individuals empowered to carry out those responsibilities?
• Is there someone dedicated full-time to our cybersecurity mission and function, such as a Chief Information Security Officer (CISO)?
• Is our cybersecurity function properly aligned within the organization? (Aligning the CISO under the CIO may not always be the best model as it may present a conflict. Many organizations align this function under the risk, compliance, audit, or legal functions, while others make it a direct or “dotted line” reporting to the CEO.)
• Do the inherent risk profile and cybersecurity maturity levels meet risk management expectations from management, the board, and shareholders? If there is misalignment, what are the proposed plans to bring them into alignment?

 Cybersecurity controls

• Do the organization’s policies and procedures demonstrate management’s commitment to sustaining appropriate cybersecurity maturity levels?
• What is the ongoing practice for gathering, monitoring, analyzing, and reporting risks?
• How effective are the organization’s risk management activities and controls identified in the assessment?
• Are there more efficient or effective means for achieving or improving the organization’s risk management and control objectives?
• Are there controls in place to ensure adequate, accurate, and timely reporting of cybersecurity-related content?
• How does the company remain apprised of laws and regulations and ensure compliance?
• What cloud services does our organization use and how risky are they?
• How are we protecting sensitive data? Do we know what types of data the organization maintains? 

Threat intelligence and collaboration

• What is the process for gathering and validating inherent risk profile and cybersecurity maturity information?
• Does our organization share threat intelligence with law enforcement?
• What third parties does the organization rely on to support critical activities and does the organization regularly audit their level of access?
• What is the process to oversee third parties and understand their inherent risks and cybersecurity maturity?

Cybersecurity metrics

• Have we defined appropriate cybersecurity metrics, the format, and who should be reporting to the board?
• How regularly should a board obtain IT metric information?
• Is the information meaningful in a way that invokes a reaction and provides a clear understanding of the level of risk willing to be accepted, transferred, or mitigated?
• How is the board actively monitoring progress or lack of progress and holding management accountable?

Cyber incident management and resilience

• How does management validate the type and volume of cyber-attacks?
• Does the organization have a comprehensive cyber incident response and recovery plan? Does it involve all key stakeholders—both internal and external? Does it include a business disaster recovery communication process?
• How does an incident response and recovery plan fit into the overall cybersecurity strategy?
• Is the board’s response role clearly defined?
• Is the cyber incident response reviewed and rehearsed at least annually? Do rehearsals include cyber incident exercises?
• Is there a culture of cyber awareness and reporting at all levels of the company?
• Is the company adequately insured and is coverage reviewed at least annually?

Cybersecurity education

• How does the board remain current on cybersecurity developments in the market and the regulatory environment?
• Currently, how does the board evaluate directors' knowledge of the current cyber environment and cybersecurity issues impacting their organizations?
• Do boards currently have the skill sets necessary to adequately oversee cybersecurity? How is the board identifying and evaluating the necessary director skills and experience in this area?
• Are directors provided with educational opportunities in this area?
• Is regular cybersecurity education provided to the entire organization?

Cybersecurity disclosure

• Has oversight of cybersecurity reporting been defined for management and the board?
• Are company policies and procedures to identify and manage cybersecurity risk, management’s role in implementing cybersecurity policies and procedures, board of directors’ cybersecurity expertise, and its oversight of cybersecurity risk being included within the financial statement and proxy disclosures?
• Does the company have a mechanism for timely reporting of material cybersecurity incidents?
• Have updates about previously reported material cybersecurity threats and incidents been included in the financial statements?

If you have any questions about cybersecurity programs, communicating with your board about cybersecurity, or have a specific question about your company or organization, please contact our IT security experts. We're here to help. 

Read this if you are interested in building a thriving workforce.

As businesses across the country continue to struggle to find and keep employees, it is time to build a workplace that sends a clear message to employees: “We care about you as a person. Your well-being matters.” 

Many leaders will send communications that emphasize the importance of people and the value of well-being. Despite this messaging, many organizations are missing opportunities to make well-being a natural part of the employee experience. The resulting disconnect between messaging and reality can result in frustration, disengagement, and cynicism. We’ve compiled a list of some of the most common workplace factors that can disrupt an organization’s intentions to build a strong well-being culture. 

Are you missing the mark with employee well-being? 

The chart below illustrates common ways that employers may be missing the mark on providing a supportive environment to employees. As you’ll see, they can be both large things like compensation and benefits, but they can also be small, potentially easy-to-fix things such as providing healthy snacks in the office instead of junk food. Look at this chart holistically for ways you may be able to change some negative influences into positive ones.

Overcoming the challenges to your well-being goals takes time. And while it is natural for organizations to think of employee well-being as the responsibility of human resources and leadership, in reality, well-being is a product of every part of the employee experience. In other words, it’s part of everyone’s job.

Well-being program considerations

Understanding the pain points for employees is an essential element of any successful well-being program, even if those pain points exist outside the domain of traditional well-being and wellness programs. Here are some things to consider:

• Find out what matters to your employees, as every organization is different. Use surveys, interviews, and focus groups to understand priorities and do something substantive with what you learn.
• Make a plan to address operational challenges. Put simply, outdated technology and inefficient business processes stress employees out.
• Assess your well-being approach to identify strengths, gaps, and opportunities for improvement.
• Develop, document, and implement a well-being plan that aligns with your organizational culture and goals. 
• In the midst of planning a big system implementation of organizational change? Consider ways to integrate well-being as part of high-stress initiatives. 

How mature is your organization’s well-being program?

Understanding the maturity level of your organization’s well-being program can help you benchmark, assess progress, and gain leadership support by showing a clear path to improvement. This maturity model can help you assess where you are now and how to incrementally improve.

Have questions or need ideas about your specific situation? Contact our well-being consulting team. We’re here to help.

Read this if your CFO has recently departed, or if you're looking for a replacement.

With the post-Covid labor shortage, “the Great Resignation,” an aging workforce, and ongoing staffing concerns, almost every industry is facing challenges in hiring talented staff. To address these challenges, many organizations are hiring temporary or interim help—even for C-suite positions such as Chief Financial Officers (CFOs).

You may be thinking, “The CFO is a key business partner in advising and collaborating with the CEO and developing a long-term strategy for the organization; why would I hire a contractor to fill this most-important role?” Hiring an interim CFO may be a good option to consider in certain circumstances. Here are three situations where temporary help might be the best solution for your organization.

Your organization has grown

If your company has grown since you created your finance department, or your controller isn’t ready or suited for a promotion, bringing on an interim CFO can be a natural next step in your company’s evolution, without having to make a long-term commitment. It can allow you to take the time and fully understand what you need from the role — and what kind of person is the best fit for your company’s future.

BerryDunn's Kathy Parker, leader of the Boston-based Outsourced Accounting group, has worked with many companies to help them through periods of transition. "As companies grow, many need team members at various skill levels, which requires more money to pay for multiple full-time roles," she shared. "Obtaining interim CFO services allows a company to access different skill levels while paying a fraction of the cost. As the company grows, they can always scale its resources; the beauty of this model is the flexibility."

If your company is looking for greater financial skill or advice to expand into a new market, or turn around an underperforming division, you may want to bring on an outsourced CFO with a specific set of objectives and timeline in mind. You can bring someone on board to develop growth strategies, make course corrections, bring in new financing, and update operational processes, without necessarily needing to keep those skills in the organization once they finish their assignment. Your company benefits from this very specific skill set without the expense of having a talented but expensive resource on your permanent payroll.

Your CFO has resigned

The best-laid succession plans often go astray. If that’s the case when your CFO departs, your organization may need to outsource the CFO function to fill the gap. When your company loses the leader of company-wide financial functions, you may need to find someone who can come in with those skills and get right to work. While they may need guidance and support on specifics to your company, they should be able to adapt quickly and keep financial operations running smoothly. Articulating short-term goals and setting deadlines for naming a new CFO can help lay the foundation for a successful engagement.

You don’t have the budget for a full-time CFO

If your company is the right size to have a part-time CFO, outsourcing CFO functions can be less expensive than bringing on a full-time in-house CFO. Depending on your operational and financial rhythms, you may need the CFO role full-time in parts of the year, and not in others. Initially, an interim CFO can bring a new perspective from a professional who is coming in with fresh eyes and experience outside of your company.

After the immediate need or initial crisis passes, you can review your options. Once the temporary CFO’s agreement expires, you can bring someone new in depending on your needs, or keep the contract CFO in place by extending their assignment.

Considerations for hiring an interim CFO

Making the decision between hiring someone full-time or bringing in temporary contract help can be difficult. Although it oversimplifies the decision a bit, a good rule of thumb is: the more strategic the role will be, the more important it is that you have a long-term person in the job. CFOs can have a wide range of duties, including, but not limited to:

• Financial risk management, including planning and record-keeping
• Management of compliance and regulatory requirements
• Creating and monitoring reliable control systems
• Debt and equity financing
• Financial reporting to the Board of Directors

If the focus is primarily overseeing the financial functions of the organization and/or developing a skilled finance department, you can rely — at least initially — on a CFO for hire.

Regardless of what you choose to do, your decision will have an impact on the financial health of your organization — from avoiding finance department dissatisfaction or turnover to capitalizing on new market opportunities. Getting outside advice or a more objective view may be an important part of making the right choice for your company.

BerryDunn can help whether you need extra assistance in your office during peak times or interim leadership support during periods of transition. We offer the expertise of a fully staffed accounting department for short-term assignments or long-term engagements―so you can focus on your business. Meet our interim assistance experts.

Read this if you are a care provider that receives Medicaid Waiver Payments.

The IRS has recently issued guidance related to the taxability of certain payments to individual care providers of eligible individuals under a state Medicaid Home and Community-Based Services waiver program described in section 1915(c) of the Social Security Act (Medicaid Waiver Payments). Such payments, treated as difficulty of care payments, are excludable from gross income for federal income tax purposes under section 131 of the Internal Revenue Code.

Notice 2014-7, issued on January 3, 2014, provided guidance that deemed the difficulty of care payments as not subject to federal income tax. However, the notice was silent regarding implications related to employment taxes, specifically FICA and FUTA. Additional guidance issued in the fall of 2022 concludes that difficulty of care payments are subject to FICA and FUTA taxes unless an exemption applies.

Generally, if a service provider receiving difficulty of care payments is an employee of the organization providing the payments, then such payments will be considered wages subject only to FICA withholding (but not income tax), and FUTA will be assessed on those wages. If the service provider is an independent contractor, then the organization does not have any withholding obligations and does not need to prepare a Form 1099.

More information on Medicaid Waiver Payments can be found at Certain Medicaid Waiver Payments May Be Excludable From Income | Internal Revenue Service.

If you have any questions on these payments or your specific situation, please contact our Not-for-profit Tax team. We’re here to help.

Read this if you work in finance or accounting or rely on financial reporting information.

Does your financial close process provide the information you need to make educated business decisions? 

Timely reporting of financial results is key to stakeholder decision making. As a result of market and regulatory obligations, companies and organizations are confronted with increasingly strict guidelines for the delivery of timely, accurate reports. Enormous amounts of information on transactions must be processed in a limited timeframe. This requires a great deal of effort on the part of your accounting and finance teams. 

The typical financial close process can be broken down into the following segments:

While this workflow seems straightforward enough, the financial close is not a single flat process, but the combination of many interrelated and often codependent processes—each with its own stages. The closing and reporting process is complex, and involves many different data suppliers and dependencies. Think your billing department, accounts payable, cash receipt, procurement, and more. All of these areas are likely to have data inputs that go into your financial close.
 

It often ends up looking like this when you consider each task:

 
To make the situation more challenging, as companies and organizations grow, the closing process can become more onerous and take longer to complete. Tasks in the financial close process are often added to an existing process—a process that may be more reactionary and based in historical practice, and may not have been well thought-out or planned for the current environment. Adding these tasks and increasing data inputs and outputs adds additional pressure to an incredibly important, but often forgotten task: analysis.

The majority of finance departments spend the bulk of their time on the financial close itself. Unfortunately, this can lead to delays, uncovering mistakes well after the fact, and reports lagging behind current business operations. The later the analysis is performed and the reports are distributed, the less useful they become for decision making. 

Financial close optimization

The good news? There is a strategy to optimize your financial close process, called financial close optimization, or fast closing. Fast closing is the periodic and structured closing and reporting process, in which all knowledge about the financial facts is collected and distributed to stakeholders more quickly.

There is an emerging trend for more frequent financial reporting, which allows companies and organizations to be more nimble and responsive to financial results, especially when facing an unprecedented crisis like the COVID-19 pandemic. Optimizing the financial close process allows for quicker reporting of business results to give stakeholders a more timely financial picture.

We understand the scarcity of human and financial resources continues to prove challenging to financial teams. Creating a culture of continuous improvement is a challenging task for almost any finance team—but given the benefits of a fast closing and the increased costs of a longer close, is this something that can be ignored any longer?

Look out for our next article on tips and strategies to optimize your financial close, which can lead to:

• Freeing up resources to provide finance teams more time for a deeper analysis of operating performance and other strategic objectives
• Providing more accurate and timely reporting
• Improving the organization’s audit readiness 
• Lessening the need for traditional routine tasks 
• Increasing focus on clients, patients, and customers by spending more time looking ahead to possible opportunities. 

If you have any questions on how to improve your financial close, please contact us. We’re here to help.