Skip to Main Content

insightsarticles

Financial Accounting Standards Board (FASB) revenue recognition changes: What it means for NFPs

04.26.21

Read this if you are a not-for-profit organization. 

Due to the impacts of COVID-19, on June 3, 2020, FASB issued an Accounting Standards Update (ASU) that granted a one-year effective date delay for NFPs to adopt the new revenue recognition standards (Topic 606). The ASU permitted NFPs that had not yet applied the revenue recognition standard to do so for annual reporting periods beginning after December 15, 2019. Many NFP’s choose to take advantage of this delay. 

However, the clock is ticking on FASB’s revenue recognition changes, as most NFP’s will have to adopt the revenue recognition changes shortly. With that in mind – let’s revisit Topic 606 and what it could mean for your organization. 

The overarching goal of the changes to revenue recognition is to converge disparate standards across industries, all while making the information more useful to users. The core principle of the standard is that “the organization should recognize revenue to depict the transfer of goods or service in an amount that reflects the payment for which the organization expects to be entitled for those goods and services.” 

A five-step process and a simplified approach 

To achieve that core principle, your organization will need to apply a five-step model to some of your revenues streams:

  1. Identify the contract(s) with a customer
  2. Identify the separate performance obligations
  3. Determine the transaction price
  4. Allocate the transaction price to the separate performance obligations
  5. Recognize revenue when or as a performance obligation is satisfied

While the process can be broken down into five simple steps, the task of reviewing revenue streams and specific contracts can be quite daunting in implementation.

Additional disclosures needed

Whether your organization is currently implementing, or soon will, you will want to make sure you understand the extensive disclosures required under the standards. Annual disclosures include the following:

  • Qualitative information about how economic factors affect the nature, amount, timing, and uncertainty of revenue and cash flow
  • Opening and closing balances of contract assets, contract liabilities, and receivables from contracts with customers
  • Descriptions of performance obligations

We are here to help

We recognize the difficult task ahead for our clients in analyzing their multiple contract vehicles and revenue streams in implementing the new standards. To help our clients through the process, we are offering revenue standard workshops. This workshop can be tailored to your needs, with an in-depth meeting to review the standard, consider your significant revenue streams, and a walkthrough the five-step process. We will leave you with an easy to use template for analyzing future revenue streams along with recommendations for your current revenue recognition system and process. 

Don’t wait until the financial year has come to a close to review your processes and systems in place, we are available now to work with you to prepare for the new standard. Contact Chris Mouradian or Sarah Belliveau to find out how you can join the list of organizations getting ahead of the new standard.

Related Professionals

Principals

BerryDunn experts and consultants

Read this if your organization has received assistance from the Provider Relief Fund.

On January 15, 2021 the US Department of Health & Human Services released updated guidance on the Provider Relief Fund (PRF) reporting requirements. Below, we outline what has changed and supersedes their last communication on November 2, 2020.

This amended guidance is in response to the Coronavirus Response and Relief Supplemental Appropriations Act (Act). The act was passed in December 2020 and added an additional $3 billion to the PRF along with new language regarding reporting requirements. 

Highlights

Please note this is a summary of information and additional detail and guidance that can be found on the Reporting Requirements and Auditing page at HHS.gov. See our helpful infographic for a summary of key deadlines and reporting requirements. 

  • On January 15, 2021 The Department of Health and Human Services (HHS) announced a delay in reporting of the PRF. Further details on the deadline for this reporting have not yet been communicated by HHS. Recipients of PRF payments greater than $10,000 may register to report on use of funds as of December 31, 2020 starting January 15, 2021. Providers should go into the portal and register and establish an account now so when the portal is open for reporting they are prepared to fulfil their reporting requirements.
  • Recipients who have not used all of the funds after December 31, 2020, have six more months from January 1 – June 30, 2021 to use remaining funds. Provider organizations will have to submit a second report before July 31, 2021 on how funds were utilized for that six-month period. 
  • The new guidelines further define the reporting entity and how to report if there is a parent company with subsidiaries for both general and targeted distributions:
     
    • Parent organizations with multiple TINs that either received general distributions or received them from parent organizations can report the usage of these funds even if the parent was not the entity that completed the attestation.
    • While a targeted distribution may now be transferred from the receiving subsidiary to another subsidiary by the parent organization, the original subsidiary must report any of the targeted distribution it received that was transferred.
       
  • The calculation of lost revenue has been modified by HHS through this new guidance. Lost revenue is calculated for the full year and can be calculated as follows:
     
    1. Difference between 2019 and 2020 actual client/resident/patient care revenue. The revenue must be submitted by client/resident/patient care mix and by quarter for the 2019 year.
    2. Difference between 2020 budgeted and 2020 actual. The budget must have been established and approved prior to March 27, 2020 and this budget, as well as an attestation from the CEO or CFO that this budget was submitted and approved prior to March 27, 2020, will have to be submitted.
    3. Reasonable method of estimating revenue. An explanation of the methodology, why it is reasonable and how the lost revenue was caused by coronavirus and not another source will need to be submitted. This method will likely fall under increased scrutiny through an audit by the Health Resources & Services Administration.
       
  • Recipients with unexpended PRF funds in full after the end of calendar year 2020, have an additional six months to utilize remaining funds for expenses or lost revenue attributable to coronavirus in an amount not to exceed the difference between:
     
    • 2019 Quarter 1 to Quarter 2 and 2021 Quarter 1 to Quarter 2 actual revenue,
    • 2020 Quarter 1 to Quarter 2 budgeted revenue and 2021 Quarter 1 to Quarter 2 actual revenue.

Next steps

In the wake of this new guidance, providers should undertake the following steps:

  • Register in the HHS portal and establish an account as soon as possible.
  • Revisit lost revenue calculations to determine if current methodology is appropriate or if an updated methodology would be more appropriate under the new guidance.
  • Understand the ability to transfer general and targeted distributions and the impact on reporting of these funds.
  • Develop reporting procedures for lost revenue and increased expense for reporting in the HHS portal.

If you have questions about accounting for, or reporting on, funds that you have received as a result of the COVID-19 pandemic, please contact a member of our team. We’re here to help.

Article
Coronavirus Response and Relief Act impacts on the HHS Provider Relief Fund

Read this if you are responsible for cybersecurity at your organization. 

During the financial audit process auditors are required to develop and confirm their understanding of Information Technology (IT) and cybersecurity practices as it relates to financial reporting to better understand risks and because of auditors’ heavy reliance on data pulled from accounting information systems. As auditors, we have seen a significant increase in the amount of impactful incidents affecting not-for-profit organizations and our IT security experts often share valuable advisory comments in annual audit communications with our clients. With recent incidents and a very rapidly changing business environment, here are the three most important from the last six months that impact all not-for-profits. 

Board oversight of cybersecurity 

Cybersecurity gaps within an organization’s systems may lead to risk exposure and have material impacts on all aspects of operations. Responsibility for cybersecurity controls and for establishing a culture of awareness and security should come from the Board and senior leadership. Board members and senior leaders should stay apprised of cybersecurity efforts on a regular basis and incidents should be summarized and reported on a quarterly basis. 

The Board should also consider adding a member who is a professional with IT and cybersecurity experience to help manage and understand the specific risks to the organization and help drive and support cybersecurity efforts.

Ransomware threats and preventive controls

The use of ransomware as a profitable attack on organizations by hackers continues to rapidly increase. Within the last year there have been multiple high-profile incidents that illustrate the impact of a successful attack. These impacts fall into two main areas. One impact may be financial, as millions of dollars are paid to the bad actors as ransom in hopes of being able to regain control of systems. The second impact is operational, resulting in a loss of control of systems and data during the event. Potentially, an unsuccessful data restoration could result in the total loss of information and data maintained on your networks. 

Though no organization may be able to prevent a ransomware attack from occurring entirely, there are basic cybersecurity controls that help reduce the likelihood and impact of an attack. Preventive controls may include: 

  • Security awareness training on phishing emails and overall IT security practices for all organization users
  • Multi-factor authentication 
  • Access controls that prevent users from installing unapproved software onto organization-owned workstations and networks
  • Anti-malware software installed on devices that connect to organization systems 
  • Use of Zero Trust data management tools for backups
  • Disabling macros in emails (prevents back-end processes from automatically running) 

In addition to including these preventive controls to your cybersecurity program, your organization should assess current corrective controls already in place to react to a ransomware event if one is detected or reported. Corrective controls may include:

  • Disaster recovery plans/business continuity plans 
  • Incident response plans
  • Backup controls and restoration tests 

As the risk of ransomware continues to increase and the types of attacks continue to increase in sophistication, your organization should consider regular assessments of IT controls and cybersecurity practices on a regular basis. Such assessments may be performed in conjunction with annual financial statement audits as an expanded scope and/or as a separate annual IT assessment. 

COVID-19 IT considerations 

The global COVID-19 pandemic significantly impacted nearly every aspect of modern life, including the way we work. As personnel were sent home and literally became a remote workforce overnight, changes to IT systems and controls rapidly adjusted to accommodate this new way of business. 

Where controls and procedures were adjusted, if not suspended, your organization should review those changes and determine if controls should revert back to the pre-pandemic process—or be formally changed and documented as policy. 

Guidance from the American Institute of Certified Public Accountants (AICPA) dictates that a gap in controls associated with the pandemic is not a legitimate reason for not completing a control and that any changes must be documented and properly managed.  

Well over a year into the pandemic, the concept of a hybrid workforce has emerged as the predominant way employees and businesses want to work. Your organization should review current policies and procedures that may pre-date the pandemic to ensure that the updates both document and consider the current business environment. 

Additionally, with personnel working remotely or in a hybrid model, or a combination of both, you should assess practices for managing remote access and a hybrid workforce and, where needed, implement industry best-practice tools and procedures to accommodate a remote workforce while maintaining security controls. If you have questions regarding you cybersecurity procedures or want to learn more, please contact our team. We’re here to help. 
 

Article
Cybersecurity update for organizations: Considerations for boards and senior management

Read this if you are a Chief Financial Officer, Chief Compliance Officer, FINOP, or charged with governance of a broker-dealer.

The results of the Public Company Accounting Oversight Board’s (PCAOB) 2020 inspections are included in its 2020 Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers. There were 65 audit firms inspected in 2020 by the PCAOB and, although deficiencies declined 11% from 2019, 51 firms still had deficiencies. This high level of deficiencies, as well as the nature of the deficiencies, provides insight into audit quality for broker-dealer stakeholders. Those charged with governance should be having conversations with their auditor to see how they are addressing these commonly found deficiencies and asking if the PCAOB identified any deficiencies in the auditor’s most recent examination. 

If there were deficiencies identified, what actions have been taken to eliminate these deficiencies going forward? Although the annual report on the Interim Inspection Program acts as an auditor report card, the results may have implications for the broker-dealer, as gaps in audit quality may mean internal control weaknesses or misstatements go undetected.

Attestation Standard (AT) No. 1 examination engagements test compliance with the financial responsibility rules and the internal controls surrounding compliance with the financial responsibility rules. The PCAOB examined 21 of these engagements and found 14 of them to have deficiencies. The PCAOB continued to find high deficiency rates in testing internal control over compliance (ICOC). They specifically found that many audit firms did not obtain sufficient, appropriate evidence about the operating effectiveness of controls important to the auditor’s conclusions regarding the effectiveness of ICOC. This insufficiency was widespread in all four areas of the financial responsibility rules: the Reserve Requirement rule, possession or control requirements of the Customer Protection Rule, Account Statement Rule, and the Quarterly Security Counts Rule.

The PCAOB also identified a firm that included a statement in its examination report that referred to an assertion by the broker-dealer that its ICOC was effective as of its fiscal year-end; however, the broker-dealer did not include that required assertion in its compliance report.

AT No. 2 review engagements test compliance with the broker-dealer’s exemption provisions. The PCAOB examined 83 AT No. 2 engagements and found 19 of them to have deficiencies. The most significant deficiencies were that audit firms:

  • Did not make required inquiries, including inquiries about controls in place to maintain compliance with the exemption provisions, and those involving the nature, frequency, and results of related monitoring activities.
  • Similar to AT No. 1 engagements, included a statement in their review reports that referred to an assertion by the broker-dealer that it met the identified exemption provisions throughout the most recent fiscal year without exception; however, the broker-dealers did not include that required assertion in their exemption reports.

The majority of the deficiencies found were in the audits of the financial statements. The PCAOB did not examine every aspect of the financial statement audit, but focused on key areas. These areas were: revenue, evaluating audit results, identifying and assessing risks of material misstatement, related party relationships and transactions, receivables and payables, consideration of an entity’s ability to continue as a going concern, consideration of materiality in planning and performing an audit, leases, and fair value measurements. Of these areas, revenue and evaluating audit results had the most deficiencies, with 45 and 27 deficiencies, or 47% and 26% of engagements examined, respectively.

Auditing standards indicate there is a rebuttable presumption that improper revenue recognition is a fraud risk. In the PCAOB’s examinations, most audit firms either identified a fraud risk related to revenue or did not rebut the presumption of revenue recognition as a fraud risk. These firms should have addressed the risk of material misstatement through appropriate substantive procedures that included tests of details. The PCAOB noted there were instances of firms that did not perform any procedures for one or more significant revenue accounts, or did not perform procedures to address the assessed risks of material misstatement for one or more relevant assertions for revenue. The PCAOB also identified deficiencies related to revenue in audit firms’ sampling methodologies and substantive analytical procedures. Other deficiencies of note, that were not revenue related, included:

  • Incomplete qualitative and quantitative disclosure information, specifically in regards to revenue from contracts with customers and leases.
  • Missing required elements from the auditor’s report.
  • Missing auditor communications:
    • Not inquiring of the audit committee (or equivalent body) about whether it was aware of matters relevant to the audit.
    • Not communicating the audit strategy and results of the audit to the audit committee (or equivalent body).
  • Engagement quality reviews were not performed for some audit and attestation engagements.
  • Audit firms assisted in the preparation of broker-dealer financial statements and supplemental information.

Although there have been improvements in the amounts of deficiencies found in the PCAOB’s examinations, the 2020 annual report shows that there is still work to be done by audit firms. Just like auditors should be inquiring of broker-dealer clients about the results of their most recent FINRA examination, broker-dealers should be inquiring of auditors about the results of their most recent PCAOB examination. Doing so will help broker-dealers identify where their auditor may reside on the audit quality spectrum. If you have any questions, please don’t hesitate to reach out to our broker-dealer services team.

Article
2020 Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers

Read this if you are a plan sponsor of employee benefit plans.

This article is the eleventh in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with Employee Retirement Income Security Act (ERISA) requirements. You can read the previous articles here.

Most employee benefit plans have outsourced a significant portion of the internal controls to a service organization, such as a third-party administrator. The plan administrator has a fiduciary responsibility to monitor the internal controls of the service organization and to determine if the outsourced controls are suitably designed and effective.

SOC 1 reports: Internal controls and financial reporting

Generally, the most efficient way to obtain an understanding of the outsourced controls is to obtain a report on controls issued by the service organization’s auditor. Commonly referred to as a System and Organization Controls (SOC) report, the SOC report should be based on the American Institute of Certified Public Accountants’ (AICPA) attestation standards and should cover internal controls relevant to financial reporting, also known as a SOC 1 report (the “1” indicating it covers internal controls over financial reporting).

Plan sponsors should perform a documented review of the SOC 1 report for each of the plan’s significant service organizations. The documented review should include the plan sponsor’s assessment of the complementary user entity controls outlined in the SOC 1 report. The complementary user entity controls are internal control activities that should be in place at the plan sponsor to provide reasonable assurance that the controls tested at the service organization are operating effectively at your plan. If a service organization’s internal controls are operating effectively, but complementary user entity controls are not in place at your organization, the effectiveness of the service organization’s internal controls may not transfer to your plan’s operations.

Creditability and CPA firms: Considerations

Creditability of the CPA firm completing the SOC 1 report examination may impact the reliability of the CPA firm’s opinion and thus your reliability on the service organization’s internal controls. Unfamiliarity with the service auditor’s qualifications may be mitigated through additional research. Items to consider are: 

  • The firm’s expertise in SOC 1 reporting
    • Are they familiar with the service organization’s industry?
    • How many professionals do they have that perform SOC 1 examination services?
  • The evaluation of AICPA peer reviews 
    Audit firms are required to have a periodic peer review conducted. The results of the peer review are public knowledge and can be found on the AICPA’s website.
    • Did the service auditor receive a “pass” rating during their most recent peer review?
    • Did the peer review cover SOC 1 examination services?
  • Evaluation of the service organization’s due diligence procedures surrounding the selection of an auditor

Some of this information may be readily available via the service auditor’s website, while other information may need to be gathered through direct communication with the service organization. A qualified service auditor should be able to provide a SOC 1 report that contains sufficient detail, relevant transactional activity, relevant control objectives, and a timely reporting period.

SOC 1 reports may contain an unqualified, qualified, adverse, or disclaimer of opinion. The report determines if the controls in place are adequate for complete and accurate financial reporting. Report qualifications may affect the risk of relying on the service organization and may result in the need for additional procedures or safeguards to help ensure the plan’s financial statements are presented fairly. Even if the SOC 1 report received an unqualified opinion, you should review the controls tested by the service auditor and the results of such testing for any exceptions. Exceptions, even if they don’t result in a qualified opinion, may have an impact on the plan’s control environment. 

You should also review the scope of the audit to check that all significant transaction cycles, processes, and IT applications were properly assessed for their impact on the plan’s financial statements. Areas outside the scope of the SOC 1 report may require additional consideration, including the possibility of obtaining more than one SOC 1 report for subservice organizations whose functions were carved out from the service organization’s SOC 1 report.

Subservice organizations

Subservice organizations are frequently utilized to process certain transactions or perform certain functions at the service organization. Management of the service organization may identify certain transaction cycles and processes that are performed by a subservice organization and choose to exclude relevant control objectives and related controls from the SOC 1 report description and the scope of the auditor’s engagement. In such cases, multiple SOC 1 reports may need to be acquired to gain adequate coverage of all controls and objectives relevant to your plan. 

Furthermore, you need to consider the time period the SOC 1 report covers. Coverage should be obtained for your plan’s full fiscal year. For SOC 1 reports that lack coverage of your plan’s full fiscal year, a bridge letter should be obtained to help ensure that no significant changes in controls occurred between the SOC 1 report examination period and the end of your plan’s fiscal year.

Although plans commonly outsource a significant portion of their day-to-day operations to service organizations, plan fiduciaries cannot outsource their responsibilities surrounding the maintenance of a sound control environment. SOC 1 reports are a great resource to assess the control environments of service organizations. However, such reports can be lengthy and daunting to review. We hope this article provides some best practices in reviewing SOC 1 reports. If you have any questions, or would like to receive a copy of our SOC 1 report review template, please don’t hesitate to reach out to our Employee Benefits Audit team.

Article
Service organizations and review of SOC 1 reports: Considerations and recommendations

Read this if you use QuickBooks online.

The money you spend to run your business must be recorded conscientiously for your taxes and reports. Here’s how to do it.

You undoubtedly keep a very close watch on the money coming into your business. You record payments as soon as they come in and deposit them in your company’s bank account. But are you as careful about your purchases?

It’s easy to go out to lunch with a client and forget to save the receipt. You figure it’s not that much money, anyway. Or you pick up a ream of printing paper and a cartridge at the office supply store and neglect to record the purchase. When you disregard even small expenses, you can have two problems. One, your books won’t be accurate. And two, you never know how an extra $42.21 under Meals and Entertainment might affect your income taxes.

QuickBooks Online provides two ways to enter expenses. You can create a record on the site itself. Or you can snap a photo with your phone using the QuickBooks Online mobile app to document the money spent. Here’s how these two methods work.

Documenting at your desk

Let’s say you just had lunch with a vendor to discuss some products you’re planning to buy for a project you’re doing for a customer. You charged it to your company credit card, which you track in QuickBooks Online. You still have to enter it as an expense on the site so that when your credit card statement comes, you can match the credit card transaction to the expense you recorded.

Hover over Expenses in the navigation toolbar and click on Expenses. Click the down arrow in the New transaction button and select Expense. Fill in the fields at the top of the screen with details like Payee, Payment date, and any Tags you want to specify. Under Category details, select the correct category from the drop-down list and enter a Description and Amount

QuickBooks Online allows you to thoroughly document expenses. You can attach a picture of a receipt if you’d like.

Since you’re going to bill this to the customer as a part of your project fee, click in the Billable box to create a checkmark. Select the Customer/Project. Add a Memo to remind yourself of the reason for the lunch (very important!) and attach a photo of the receipt if you take one. Click Save. Your record of the lunch will now appear on the Expense Transactions screen. It will also show up in the Expenses by Vendor Summary and Unbilled Charges reports, among others.

Recording with QuickBooks Online on the road

In the example we just went through, attaching a photo of the receipt was the last thing we did to record an expense in QuickBooks Online. There’s another way to document a purchase that starts with a photo of a receipt and should save you a bit of data entry: using the QuickBooks Online mobile app. The app uses Optical Character Recognition (OCR) to “read” the receipt and transfer some of its data to fields on an expense record. (If you haven’t installed the QBO app on your smartphone, you should. You can do a lot of your accounting work that synchronizes automatically with QBO. It’s free, too.)

Open the app and log in. On the opening screen, you’ll see an icon labeled Snap Receipt. Click on it, and your phone’s camera will open (you’ll be asked for permission to use it). Position your phone over the receipt and move it around until you see the blue box covering the content of the receipt.  Take the picture. You’ll see it displayed on the phone with a message saying, “Use this photo.” If it seems OK, click the link. 

A message on the screen will tell you that the upload is complete and that the app is extracting the information from it. Click “Got it!” It should only take about a minute for your receipt to appear in the list on the Receipt snap screen. You’ll see the details that the app has pulled from your receipt. Tap the matching expense and click Done on the next screen.

You can snap a photo of the receipt in the QuickBooks Online mobile app, and some fields will be automatically entered on a receipt form in QBO.

When you’re back at your computer, open QuickBooks Online and go to Transactions | Receipts. At the end of the row that contains your receipt, click the down arrow next to Delete and select Review. QBO will display the partially-completed receipt form next to the photo you took of the receipt. Fill in any missing fields and save the transaction. Click Create expense on the screen that opens. Then open the Expenses menu and select Expenses, and there should be an entry for the receipt you just added.

This tool isn’t perfect, of course. Every receipt has different fields in different places, and sometimes they’re just not very readable. But in our tests, the app picked up an average of four fields.

Documenting your expenses using one of these two methods is so important. It will help you remember why you stored the receipt and make your reports more accurate. As long as you’re categorizing each transaction correctly, it will also make your tax preparation easier and faster and ensure that you’re charging customers for billable expenses. And if you’re ever audited, your careful work will come in handy.

QuickBooks Online does expense management well, but there are enough moving parts in these recording tools that you may have some questions. Please contact our Outsourced Accounting team. We're here to help. 

Article
Record expenses in QuickBooks Online and on your phone

Read this if you are a director or manager at a Health and Human Services agency in charge of modernizing your state's Health and Human Services systems.

With stream-lined applications, online portals, text updates, and one-stop offices serving programs like Medicaid, SNAP, and Child Welfare, states are rapidly adopting integrated systems serving multiple programs. As state leaders collaborate on system design and functionality to meet federal and state requirements, it is equally important to create a human-centered design built for the whole family.

We know families are comprised of a variety of people with various levels of need, and blended families ranging from grandparents to infants may qualify for a variety of programs. We may connect with families who are on Medicaid, aged and disabled or SNAP, but also have cases within child support or with child welfare. 

If your state is considering updating a current system, or procuring for an innovative design, there are key strategies and concepts to consider when creating a fully integrated system for our most vulnerable populations. Below are a few advantages for building a human-centric system:

  • The sharing of demographic, contact, and financial information reduces duplication and improves communication between state entities and families seeking services
  • Improvement of business services and expedited eligibility determinations, as a human-centric model gathers information upfront to reduce a stream of verification requests
  • The cost of ownership decreases when multiple programs share design costs
  • Client portals and services align as a family-focused model

Collaboration and integrated design

How many states use a separate application for Medicaid and SNAP? More specifically, is the application process time consuming? Is the same information requested over and over for each program? 

How efficient (and wonderful) would it be for clients to complete task-based questions, and then each program could review the information separately for case-based eligibility? How can you design an integrated system that aligns with business and federal rules, and state policy?

Once your state has decided a human-centered design would be most beneficial, you can narrow your focus—whether you are already in the RFP process, or within requirements sessions. You can stop extraneous efforts, and change your perspective by asking the question: How can we build this for the entire family? The first step is to see beyond your specific program requirements and consider the families each program serves. 

Integrated design is usually most successful when leaders and subject matter experts from multiple programs can collaborate. If all personnel are engaged in an overarching vision of building a system for the family, the integrated design can be fundamentally successful, and transforming for your entire work environment across agencies and departments.

Begin with combining leadership and subject matter experts from each geographic region. Families in the far corners of our states may have unique needs or challenges only experts from those areas know about. These collaborative sessions provide streamlined communications and ideas, and empower staff to become actively involved and invested in an integrated system design. 

Next, delve into the core information required from each family member and utilize a checklist to determine if the information meets the requirements of the individual programs. Finally, decide which specific data can streamline across programs for benefit determinations. For example, name, address, age, employment, income, disability status, and family composition are standard pieces of information. However, two or more programs may also require documentation on housing, motor vehicle, or retirement accounts.

Maintaining your focus on the families you serve

When designing an integrated system, it is easy to lose focus on the family and return to program-specific requirements. Your leaders and subject matter experts know what their individual programs need, which can lead to debates over final decisions regarding design. It is perfectly normal to develop tunnel vision regarding our programs because we want to meet regulations and maintain funding.

Below are recommendations for maintaining your focus on building for the family, which can start as soon as the RFP. 

  • Emphasize RFP team accountability
    • Everyone should share an array of family household examples who benefit from the various programs (Medicaid, SNAP, TANF, etc.), to help determine how to deliver a full spectrum of services. 
    • Challenge each program with writing their program-specific sections of the RFP and have one person combine the responses for a review session.
  • If the integrated system design is in the requirements phase, brainstorm scenarios, like the benefit example provided in recommendation number one. When information is required by one program, but not another, can the team collaborate and include the information knowing it could benefit an entire family?
  • When considering required tasks, and special requests, always ask: Will this request/change/enhancement help a family, or help staff assist a family?
  • Consider a universal approach to case management. Can staff be cross trained to support multiple programs to reduce transferring clients to additional staff?

We understand adopting a human-centered design can be a challenging approach, but there are options and approaches to help you through the process. Just continue to ask yourself, when it comes to an integrated approach, are you building the system for the program or for the family?

Article
Integrated design and development for state agencies: Building for the family

Read this if you are a Chief Financial Officer at a financial institution. 

The mechanics of interest rate swaps

Interest rate swaps, a form of derivative, are a tool financial institutions can use to manage interest rate risk. In this form of derivative, as an example, the financial institution may hedge the interest rate risk on a pool of fixed rate loans by executing a derivative contract with a counterparty. The derivative contract indicates the financial institution will pay a fixed rate to the counterparty, while the counterparty will pay the financial institution a variable rate. These payments are typically made on a net settlement basis. Thus, the financial institution has effectively turned its fixed rate lending into variable rate lending.

This example is considered a hedge – since the financial institution is mitigating its interest rate risk, as opposed to a speculative transaction – where the financial institution assumes risk with the hope of commensurate reward.

1Original promissory notes
2Derivative contract between financial institution and counterparty

This type of transaction allows the financial institution to separate credit risk from interest rate risk. Borrowers often prefer fixed rate financing, since future cash flows are known. However, a financial institution may avoid lending to creditworthy borrowers that expose the financial institution to excessive interest rate risk. An interest rate swap may allow the financial institution to provide financing to the borrower without having to sell the loan to mitigate interest rate risk.

The accounting for interest rate swaps via hedge accounting

Derivatives are recorded at fair value with changes in fair value generally reported in earnings. Hedge accounting is optional and may help prevent earnings volatility due to changes in the fair value of the derivative. Hedge accounting varies depending on the type of hedge. In the case of an interest rate swap, the hedge may be a cash flow hedge or a fair value hedge. A cash flow hedge is one where the financial institution looks to mitigate risk from variable exposures (such as a swap that effectively hedges LIBOR-based trust preferred securities to a fixed rate). Conversely, a fair value hedge looks to mitigate risk from fixed exposures. A fair value hedge is a hedge of the exposure to changes in the fair value of a recognized asset or liability or an unrecognized firm commitment. 

The example above describes a fair value hedge, since the financial institution is mitigating its exposure to the change in fair value of the fixed rate loans (due to changes in market interest rates) by, in substance, converting its fixed position into a variable position. For fair value hedges, the derivative is recorded at fair value with any changes in fair value recorded through earnings. The hedged item is also adjusted to its fair value through earnings. Thus, to the extent changes in the fair value of the hedging instrument and hedged item offset one another, there is no net impact on earnings.

Cash flow hedges

For cash flow hedges, the derivative is also recorded at fair value; however, the effective portion of changes in fair value of the derivative (i.e., the portion that offsets changes in expected cash flows of the hedged item) is recorded in other comprehensive income (OCI) rather than earnings. These changes are then reclassified into earnings when the hedged item affects earnings. A hedge is considered effective if the changes in the cash flow or fair value of the hedged item and the hedging instrument offset each other. Historically, the ineffective portion of the hedge is immediately recorded through earnings. However, Accounting Standards Update (ASU) 2017-12: Derivatives and Hedging (Topic 815), which we discuss below, simplifies this rule by enabling all changes in fair value of the derivative, not just the effective portion, to be recorded in OCI). For a cash flow hedge, there is no effect on the accounting for the hedged item. 

Measuring the effectiveness of a hedge relationship can prove to be complicated, and may in some cases require statistical methods, such as regression analysis. However, for interest rate swaps only, generally accepted accounting principles (GAAP) provides a “shortcut” method. If all of the applicable conditions in paragraph 810-20-25-104 of the Financial Accounting Standards Board’s (FASB) Accounting Standards Codification (the “official” source of GAAP) are met, an entity may assume perfect effectiveness in a hedging relationship of interest rate risk involving a recognized interest-bearing asset or liability and an interest rate swap. Examples of some of the conditions are: 

  • The notional amount of the interest rate swap must match the principal amount of the interest-bearing asset or liability being hedged; and 
  • For fair value hedges only, the expiration date of the interest rate swap must match the maturity date of the interest-bearing asset or liability or, as amended by ASU 2017-12, the assumed maturity date if the hedged item is measured in accordance with paragraph 815-25-35-13B. Paragraph 815-25-35-13B indicates an entity may measure the change in the fair value of the hedged item attributable to interest rate risk using an assumed term that begins when the first hedged cash flow begins to accrue and ends when the last hedged cash flow is due and payable.

Although use of this approach may be considered a shortcut compared to traditional hedge effectiveness assessments, it can still be difficult to qualify for the shortcut method given the number of conditions that need to be met. The shortcut method is also very rigid – the specified conditions must be met exactly.

ASU 2017-12

In 2017, FASB issued ASU 2017-12 to improve the financial reporting of hedging relationships to better portray the economic results of an entity’s risk management activities in its financial statements. For non-public business entities, ASU 2019-10 delayed the effective date of ASU 2017-12 to fiscal years beginning after December 15, 2020, and interim periods within fiscal years beginning after December 15, 2021. For public business entities, the ASU is already in effect.

ASU 2017-12 makes several changes, which the FASB refers to as “targeted improvements”, to the accounting requirements for hedging activities. Two of these changes, which will likely be beneficial to many financial institutions, are partial-term hedging and use of the “last-of-layer” method. 

With the adoption of ASU 2017-12, institutions can measure the hedged item in a partial-term fair value hedge of interest rate risk (e.g., a swap whose term is shorter than that of the loan pool it hedges) by assuming the hedged item has a term that reflects only the designated cash flows being hedged (i.e., that only considers the portion of the term of the loans that corresponds with the term of the swap). Prior to ASU 2017-12, GAAP did not allow this methodology when calculating the change in the fair value of the hedged item attributable to interest rate risk. Thus, institutions would often experience a difference between changes in the fair value of the hedging instrument and the hedged item due to the difference in maturities, resulting in hedge ineffectiveness that was recognized in earnings. Under ASU 2017-12, as long as the termination date of the hedging instrument is on or prior to the maturity date of the hedged item (in this case the loans), partial-term hedging may be used for changes in fair value of the loans during the term of the swap.

Prior to ASU 2017-12, GAAP indicated that hedge accounting should generally be applied to specifically identified assets or liabilities or portions thereof. Therefore, prepayment risk at the individual asset or liability level must be considered. The result can be frequent dedesignation and redesignation of hedges since many hedging instruments do not allow for prepayment. The last-of-layer method introduced by ASU 2017-12 allows the entity to designate a portion of the principal balance of a loan pool that is not expected to be affected by prepayments, defaults, or other events affecting the timing and amount of cash flows, without necessarily identifying which loans (or portions thereof) in the pool are expected to remain outstanding during the term of the hedging instrument. Under this designation, prepayment risk is not incorporated into the measurement of the hedged item. So, similar to the partial-term fair value hedge provisions, the last-of-layer method provides added flexibility in matching terms between the hedging instrument and the hedged item.

In May 2021, FASB issued proposed ASU 2021-002, which would provide clarifying and additional guidance on the application of ASU 2017-12. Amongst other things, the proposed ASU would expand the last-of-layer method to allow multiple-layer hedges. As a result, the term “last-of-layer method” would be renamed “the portfolio layer method.” The portfolio layer method would allow the financial institution to establish tranches, or multiple layers, within its hedged loan pool based on, for example, contractual maturity dates. These various layers could then be paired with different hedging arrangements. Multiple layers also provide added flexibility in the event the financial institution needs to dedesignate a portion of the hedging relationship, which would be required if circumstances change such that the hedge is no longer highly effective.

Lastly, ASU 2017-12 also makes changes to the presentation of changes in fair value in the financial statements. Under ASU 2017-12, for fair value hedges, changes in fair value of the hedging instrument should be presented in the same income statement line that is used to present the earnings effect of the hedged item. (Previous GAAP did not specify a required presentation of the change in fair value of the hedging instrument.) For cash flow hedges, the ineffective portion of such hedges is no longer presented separately from the effective portion. Rather, the entire change in fair value of the hedging instrument is presented in other comprehensive income. These amounts are then reclassified to earnings in the same income statement line item that is used to present the earnings effect of the hedged item when the hedged item affects earnings. According to FASB, these changes are thought to make it easier for the user of the financial statements to understand the results and costs of an entity’s hedging program.

ASU 2017-12 appears to make hedging activities, and the resulting accounting, much more flexible while also reducing the complexity of reporting such transactions. While we have only provided a snapshot of what we believe to be some of the most relevant provisions of the ASU for financial institutions, we encourage you to read the ASU in its entirety to see if there are other provisions that may prove to be useful or applicable to your institution. Likewise, with adoption fast approaching, we encourage you to reach out to your auditors to start the discussion as to how this ASU may impact and/or provide additional opportunity for your financial institution.

For more information on ASU 2017-12, including a deeper dive on the proposed portfolio layer method, check out a recent webcast hosted by our colleagues at Stifel.


 

Article
ASU 2017-12 provides added flexibility to hedge accounting

Read this if you are a plan sponsor of employee benefit plans.

This article is the tenth in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with Employee Retirement Income Security Act (ERISA) requirements. You can read the previous articles here

ERISA bonding requirements

Generally, every fiduciary of a plan and every person who handles funds or other property of the plan must be bonded. ERISA's bonding requirements are intended to protect employee benefit plans from risk of loss due to fraud or dishonesty on the part of persons who handle plan funds or other property. ERISA refers to persons who handle funds or other property of an employee benefit plan as plan officials. A plan official must be bonded for at least 10% of the amount of funds he or she handles, subject to a minimum bond amount of $1,000 per plan with respect to which the plan official has handling functions. In most instances, the maximum bond amount that can be required under ERISA with respect to any one plan official is $500,000 per plan. If the plan holds employer securities, the maximum required bond amount increases to $1,000,000. The bond must be fixed or estimated at the beginning of the plan's reporting year; that is, as soon after the date when such year begins as the necessary information from the preceding reporting year can practicably be ascertained. The amount of the bond must be based on the highest amount of funds handled by the person in the preceding plan year. Bonds must be placed with a surety or reinsurer that is named on the Department of the Treasury's Listing of Approved Sureties, Department Circular 570.

The US Department of Labor Field Assistance Bulletin No. 2008-04 provides answers to a number of questions that have been raised concerning the bonding rules.

Compliance testing

The Internal Revenue Code requires retirement plans to undergo certain non-discrimination and compliance testing on an annual basis to ensure contributions or benefits do not discriminate in favor of highly compensated employees and contributions are not in excess of amounts prescribed by the Internal Revenue Service (IRS).

The tests the plan should perform varies based on the plan’s provisions. However, some of the more common tests for defined contribution plans are:

Actual Deferral Percentage (ADP) Test: This test ensures employee salary deferrals made to the plan do not disproportionately benefit highly compensated employees (HCEs). If this test is failed, the most common correction method is distributing excess contributions to HCEs in the amount necessary to make the test pass. Corrections should be made no later than two-and-a-half months following the close of the plan year to avoid a 10% excise tax. The final deadline is 12 months following the close of the plan year.

Actual Contribution Percentage (ACP) Test: This test ensures the matching and voluntary employer contributions made to the plan do not disproportionately benefit HCEs. If this test is failed, the most common correction method is removing excess contributions from HCE’s accounts in the amount necessary to make the test pass. These excess contributions do not leave the plan. Rather, they are transferred into the forfeiture account of the plan, typically to be used to pay plan expenses or fund future employer contributions. Corrections should be made no later than two-and-a-half months following the close of the plan year to avoid a 10% excise tax. The final deadline is 12 months following the close of the plan year.

416 Top Heavy Test: This test ensures key employees do not represent a disproportionate percentage of plan assets. If this test is failed, the most common correction method is to allocate a 3% top heavy minimum contribution to non-key participants (any participant that is not a key employee). Other employer contributions can be used to offset the 3% contribution. Corrections should be made no later than 12 months following the close of the plan year in which the plan is top heavy.

The ADP, ACP, and Top Heavy Tests can be forgone if the plan qualifies for safe harbor status. Also, 403(b) plans are not required to perform the ADP nor the top-heavy test.

410(b) Minimum Coverage Test: This test ensures each contribution made to the plan benefits a sufficient percentage of non-HCEs. This test is performed for each different contribution type offered within the plan. If this test is failed, the most common correction method is to retroactively amend the plan to benefit more non-HCEs until the test passes. Corrections should be made no later than nine-and-a-half months following the close of the plan year in which the failure occurred.

402(g) Elective Deferral Limit: Participants are limited in the amount of elective deferrals they may contribute to qualified plans and thus exclude from taxable income each calendar year. If a participant contributes in excess of this limit, the most common correction method is to distribute the excess contribution amount. In 2021, the 402(g) Elective Deferral Limit is $19,500. Corrections should be made no later than April 15th following the close of the calendar year during which the excess deferral was made.

415(c) Annual Addition Limit: Participants are also limited in the amount of total contributions that can be credited to their account each limitation year (usually the plan year). If a participant receives total contributions in excess of this limit, the most common correction method is to first distribute elective contributions in excess of the limit. If an excess still remains, employer contributions should then be transferred to the plan’s forfeiture account. In 2021, the 415(c) Annual Addition Limit is $58,000. Corrections should be made no later than nine-and-a-half months following the close of the limitation year in which the failure occurred.

ERISA bonding requirements and compliance testing, although not necessarily related, are two of the compliance matters we, as auditors, commonly look at during our audits. For ERISA bonding requirements, we review to make sure the plan had adequate coverage and the bond is with an approved surety. For compliance testing, we look to make sure the testing has been performed and failed tests, if any, have been appropriately and timely resolved. Plan fiduciaries are not alone in addressing these matters—insurance carriers can help guide plan management in finding a fidelity bond appropriate for their plan and third-party administrators will typically perform compliance testing on behalf of the plan and guide plan management through any necessary corrections. However, it is still important for plan fiduciaries to be aware of the overall purpose of the bonding requirements and the compliance tests and be familiar with the correction methods and deadlines.

If you would like more information, or have specific questions about your specific situation, please contact our Employee Benefits Audit team.

Article
Other ERISA compliance matters: ERISA bonding requirements and compliance testing