Skip to Main Content

insightsarticles

MESC 2020: Where we are today and where we will be tomorrow

09.17.20

Read this if you are a member of a State Medicaid Agency’s leadership team.

Monday’s NESCSO-hosted conversation was a breath of fresh air in our COVID-19 work-from-home experience. Seeing familiar faces presenting from their home offices reminded me that, yes, we are truly all in this together—working remotely, and focused on how best to foster an efficient and effective Medicaid program for our state clients and members. Over the past several years I have written a “Reflections” blog, summarizing the week-long MESC event while flying home. Today, I am posting my reflections on the first forum NESCSO sponsored in lieu of their August conference that was cancelled this year due to the global pandemic. Following are my major takeaways.

The main speakers were Karen Shields, Deputy Director from the Center for Medicaid and CHIP Services, and Julie Boughn, Director, Data Systems Group also for the Center for Medicaid and CHIP Services. There were several other guests that joined in this two-hour forum, some from the Data Systems Group, and some from the states.

Crisis as a learning tool

Karen Shields reinforced that we will be better and stronger as a result of the crisis that faces us, and encourages us to use the current crisis as a learning tool. She stressed the importance of how we are leveraging our creativity and innovation to keep moving forward. She said to start with the end in mind, be a team player, and keep in mind these three important points of focus for CMS:

  1. Share what works, share what doesn’t. Prioritize.
  2. Systems development needs to be agile. Partnership is critical. States needs to be “elbow deep” with others. Everyone is allowed to speak. 
  3. Re-usability is key! Push back on those who say we cannot reuse.

During the Q&A session, Karen discussed how to maintain consistency by turning to action and using lessons learned. Resist the urge to “fall back.” Let’s keep moving forward. She underscored how they will continue the all-state calls as there are lots of topics and conversations needed to explore deficits of need. 

Support systems and policies

Julie Boughn opened by stressing what an important layer of support systems provide policies. She said COVID is not a system issue—the systems supporting the approach to address the virus are working and a big part of contributing to helping alleviate the issues the pandemic presents. She noted an appropriate quip that “Without systems, policies are just interesting ideas on pieces of paper.”

She underscored that healthcare and all that goes with supporting it is never static. The Medicaid arena is in a world of increasing change, requiring the supporting systems to adapt to make payments correctly and facilitate the provision of benefits to the right people. CMS has been focused on, and continues to bring our focus to outcomes, especially in the IT investments being made. Promote sharing and re-use of those investments.

During the Q&A, Julie reinforced the priority on outcomes and spoke to outcomes-based certification (OBC). There was a question on “What happens to modularity in the context of OBC?” She said that they are completely compatible and naturally modular, and to think about how a house can be built but not be completely done. Build the house in chunks of work, and know what you’re achieving with each “chunk”. Outcomes are behind everything we do.

Engage with your federal partners

In the next presentation, CMS modeled a dialogue that demonstrated how states can engage with their federal partners. CMS wants to continue changing the relationship they have with states. They also reminded the audience of what CMS is looking for; as Ed Dolly, the Director for the Division of State Systems within the Data and Systems Group said during the conversation, “Do you understand the problem trying to be solved?” Define your final outcome, and understand that incremental change drives value. In addition to communicating the problem, focus on speed of delivery (timeliness), and engage in back and forth exchange on what best measures can be used, as well as the abilities to capture the measures to report progress. The bottom line?  “When in doubt, reach out!”

The remainder of the forum featured representatives from the State System Technology Advisory Group (S-TAG), Private Sector Technology Group (PSTG), and Human Services Information Technology IT Advisory Group (HSITAG). They discussed a variety of IT topics.

Technology outlook

The S-TAG had representation from an impressive list of states—West Virginia, Washington, Wyoming, Vermont, and Massachusetts. They spoke to how they envision their technology response to changes in policy now and in the next 12-18 months. There was too much to present here, and I recommend reviewing the recording once NESCSO posts it. Initiatives included: Provider enrollment, electronic asset verification, electronic visit verification, integrated eligibility systems, modularity implementations, migration to the cloud, pharmacy systems, system integrator, certification, strategic planning, electronic data interchange upgrades, payment reform, road map activities, case management, care management, T-MSIS, and HITECH.

HSITAG spoke about the view across the health and human services spectrum—Where are we today? Where will we be tomorrow? COVID has tested our IT infrastructure and policy. Is there an ability to quickly scale up? Weaknesses in interoperability became exposed and while it seemed Medicaid was spared in the headlines, the need to modernize is now much more apparent. Modularity showed its value in more timely implementations. There is concern over an upcoming increase in the Medicaid population. Are we equipped for the short term?

For the long-run, where we will be “tomorrow” in the 12-18 month view, there will be a bigger dependency on the interrelations between all programs. Medicaid Enterprise Systems can and should look at whole systems, focusing on social determinants of health. Data and program integrity will be key, as the increased potential of fraud in the midst of challenging state budgets. We will need to respond quickly with limited resources.

Keep relationships strong

PSTG spoke of how when COVID hit, it caused them, like the rest of us, to modify their goals. They spoke about relationships and the importance of maintaining them with clients and colleagues, questions of productivity, what things that we have learned will we carry into the post-pandemic era, will we remain flexible, and how will we “unwind” all the related changes that will not be carried forward. Looking forward, PSTG wants to support the growing of the outcomes-based culture, evolve the state self-assessment (currently an active workgroup), and how to be less prescriptive to allow for more flexibility on “how” vendors get to solutions.

I was grateful to be able to join this event, and hear that we are in this together—we will get through it and we will keep moving forward. I felt this was a good start to what I hope will be the first of many MESC 2020 forums. The session felt like it ended too quickly even though we covered a lot of ground. I am excited about the thought of hearing about new ideas, improving our understanding of upcoming changes CMS is sponsoring, and engaging in the innovative thought that will keep us moving toward a better tomorrow. Thanks to NESCSO for sponsoring this event and bringing us together.

Please contact our Medicaid Consulting team for more information on if you have any questions.

Related Industries

Related Professionals

Phew! We did it—The Medicaid Enterprise Systems Conference (MESC) 2019 is one for the books! And, it was a great one. Here is my perspective on objectives and themes that will guide our work for the year.

Monday 

My day started in the fog—I live on an island in Maine, take a boat to get into Portland, and taxi to the airport. Luckily, I got to Portland, and, ultimately Chicago, on time and ready to go. 

Public Sector Technology Group (PSTG) meeting

At the PSTG meetings, we reviewed activities from the previous year and did some planning for the coming year. Areas for consideration included:

  • Modernization Schedule
  • Module Definitions
  • Request for Proposal (RFP) Requirements
  • National Association of State Procurement Officers

Julie Boughn, Centers for Medicare and Medicaid (CMS) Director, Data and Systems Group (DSG) introduced her new boss, Karen Shields, who is the Deputy Director for the Center for Medicaid and CHIP Services (CMCS) within CMS. Karen shared her words of wisdom and encouragement with us, while Julie reminded us that being successful in our work is about the people. CMS also underscored the goal of speeding up delivery of service to the Medicaid program and asking ourselves: “What is the problem we are trying to resolve?” 

CMS’ “You be the State” officer workshop

Kudos to CMS for creating this open environment of knowledge sharing and gathering input.  Areas for discussion and input included:

  • APD Processes
  • Outcomes-Based Certification
  • Increasing and Enhancing Accountability

Tuesday
Opening Plenary

I was very touched by the Girls Inc. video describing the mission of Girls Inc. to inspire girls to be strong, smart, and bold. With organizations like this, and our awareness and action, I am optimistic for the future. Thank you to NESCSO for including this in their opening program.

John Doerr, author of Measure What Matters: OKRs: The Simple Idea that Drives 10x Growth and famed investor, shared his thoughts on how to create focus and efficiency in what we do. Julie’s interview with him was excellent, and I appreciated how John’s Objectives and Key Results (OKR) process prompted Julie to create objectives for what we are trying to do. The objectives Julie shared with us:

  • Improve the quality of our services for users and other stakeholders 
  • Ensure high-quality data is available to manage the program and improve policy making 
  • Improve procurement and delivery of Medicaid technology projects

Sessions

The sessions were well attended and although I can't detail each specific session I attended, I will note that I did enjoy using the app to guide me through the conference. NESCSO has uploaded the presentations. 

Auxiliary meetings

Whether formal or informal, meetings are one of the big values of the conference—relationships are key to everyone’s success, and meeting with attendees in one-on-one environments was incredibly productive. 

Poster session

The poster sessions were excellent. States are really into this event, and it is a great opportunity for the MESC community to engage with the states and see what is going on in the Medicaid Enterprise space.

Wednesday

Some memorable phrases heard in the sessions:

  • Knowledge is power only if you share it
  • We are in this together and want the same outcomes, so let’s share more
  • Two challenges to partnering projects—the two “P”s—are purchasing and personnel
  • Don’t let perfection be the enemy of the good
  • Small steps matter
  • Sharing data is harder than it needs to be—keep in mind the reason for what you are doing

Our evening social event was another great opportunity to connect with the community at MESC and the view of Chicago was beautiful.

Julie Boughn challenged us to set a goal (objective) in the coming year, and, along with it, to target some key results in connection with that goal. Here are some of her conference reflections:

  • Awesome
    • Several State Program and Policy leaders participated at MESC—impressed with Medicaid Director presence and participation
    • Smaller scoped projects are delivering in meeting the desired improved speed of delivery and quality
    • Increased program-technology alignment
  • Not so awesome
    • Pending state-vendor divorces
    • Burden of checklists and State Self-Assessments (SS-As)—will have something to report next year
    • There are still some attempts at very large, multi-year replacement projects—there is going to be a lot of scrutiny on gaining outcomes. Cannot wait five years to change something.

OKRs and request for states and vendors

  • Objective: Improve the quality of services for our users and other stakeholders
    • Key Result (KR): Through test results and audits, all States and CMS can state with precision, the overall accuracy of Medicaid eligibility systems.
    • KR: 100% of State electronic visit verification (EVV) systems are certified and producing annual performance data.
    • KR: 100% of States have used CMS-required testing guidance to produce testing results and evidence for their eligibility systems.
  • Objective: Ensure high-quality data is available to manage the program and improve policy making
    • KR: Transformed Medicaid Statistical Information System (T-MSIS) data is of sufficient quality that it is used to inform at least one key national Medicaid policy decision that all states have implemented.
    • KR:  Eliminate at least two state reporting requirements because T-MSIS data can be used instead.
    • KR: At least five states have used national or regional T-MSIS data to inform their own program oversite and/or policy-making decisions.
  • Objective: Improve how Medicaid technology projects are procured and delivered
    • KR: Draft standard language for outcomes metrics for at least four Medicaid business areas.
    • KR:  Five states make use of the standard NASPO Medicaid procurement.
    • KR:  CMS reviews of RFPs and contracts using NASPO vehicle are completed within 10 business days.
    • KR:  Four states test using small incremental development phases for delivery of services.
  • Request: Within 30 days, states/vendors will identify at least one action to take to help us achieve at least one of the KRs within the next two years.

Last thoughts

There is a lot to digest, and I am energized to carry on. There are many follow-up tasks we all have on our list. Before we know it, we’ll be back at next year’s MESC and can check in on how we are doing with the action we have chosen to help meet CMS’s requirements. See you in Boston!

Article
MESC 2019―Reflections and Daily Recap

Do we now have the puzzle pieces to build the future?

As I head home from a fabulous week at the 2018 Medicaid Enterprise Systems Conference (MESC), I am reflecting on my biggest takeaways. Do we have the information we need to effectively move into the next 12 months of work in the Medicaid space? My initial reaction is YES!

The content of the sessions, the opportunities to interact with states, vendors, and the Centers for Medicare and Medicaid Systems (CMS) representatives were all rich and rewarding.

The underlying message from Julie Boughn, the CMS Director Data and Systems Group? This is “The Year of Data Quality” and the focus will be migrating to outcomes-based projects. CMS indicated they would like their regional representatives and state agencies to be aware of their top three priorities, focus on those, and be able to exhibit measurable progress in the next year.

Here are three ways states can focus their efforts in "The Year of Quality":

  1. Fix identified areas that have issues (every state has T-MSIS areas they can correct)
  2. Maintain data quality over time, especially through system enhancements
  3. Be aware of CMS plans to use and share T-MSIS data

CMS’ overall goals and vision for improvement include:

  • Creating faster delivery of well-functioning capabilities
  • Improving user experience for all users: produce timely, accurate, and complete data
  • Better monitoring and reporting on business process outcomes

I interpret Julie Boughn’s message and direction to be: keep our efforts realistic, focus on tangible results/outcomes, and realize that CMS is approachable.

While we work on outcomes, there may be some additional changes coming to the certification approach—even beyond the most recent updates from CMS. I think there is general understanding that the work we do in the Medicaid space is iterative, and we will always be improving and changing to adapt to the shifting environment and needs of our beneficiaries, stakeholders, and administration.

As I commuted on Portland’s MAX rail line between my hotel, the conference venue, and other events, I remembered Portland’s 2010 conference (then known as the MMIS Conference) and how the topics covered then and now are evidence of just how much we have evolved.

First, we were the MMIS Conference—now there is a much broader view of the Medicaid arena and our attention is on the Medicaid Enterprise—which includes the MMIS.

Second, in 2010 the nation was coming out of the Great Recession and there was a significant amount of energy spent on implementing initiatives on the American Recovery and Reinvestment Act (ARRA). With it came a host of initiatives: meaningful use, as it related to incentives for providers to utilize electronic health records, states were subsequently updating their Medicaid IT and information exchange plans, and ICD-10 implementation readiness was a hot topic.

Fast forward to 2018, where session topics included modularity, re-use, health outcomes, coordinated care, data quality measures, programs to improve and enhance care, the opioid epidemic, long-term care, care delivery systems, payment, and certification measures. The general focus has migrated to include areas far beyond technology and the MMIS.

As we move into the next 12 months of work in the Medicaid space and look forward to gathering in Chicago for the 2019 MESC, the answer is YES, we have a clear direction and vision for moving forward. And we know things will continue to change in coming years. Are you ready to reassemble the pieces to fit and build the evolving picture of Medicaid?

Article
MESC 2018 reflections–Portland, Oregon

The MESC “B’more for healthcare innovation” is now behind us. This annual Medicaid conference is a great marker of time, and we remember each by location: St. Louis, Des Moines, Denver, Charleston… and now, Baltimore. The conference is not only a way to take stock of where the Medicaid industry stands. It is a time to connect with the state and vendor community, explore challenges and best-practice solutions, and drive innovation with our respective projects.

Having an opportunity to reflect on MESC over the last several years, I’ve discovered that taking stock of how much has changed (or not) is a valuable exercise. 

Changes at CMS

At the federal level, there is the departure of a long time contributor — Jessica Kahn — who is no longer with CMS. Her contributions and absence were marked in both the opening and closing plenary. We are grateful for her dedication and many contributions to the Medicaid space. In this time of change, we look forward to continuing our work with CMS leadership CMS to advance the mission of Medicaid.

Innovation and Collaboration

Many of the sessions this year were updates on modularity, system integration, and certification, and sessions on expanding or maturing innovative approaches to achieving our triple aim. While there did not seem to be any earth-shattering changes, calls for innovation and collaboration continue. This can be difficult to achieve during a time of anticipated change, but necessary, as states strive to realize improvements in their systems and operations.

Data-Driven Decisions

One of the dominating conference themes was a reiteration of the need to access data from broad sources within and outside Medicaid, and to leverage that data for policy and operation-related solutions and decision-making. Key words like “interoperability” and “sustainability” could be heard echoing through the halls. There is no one-size-fits-all solution on how to break out of stove pipes of data, but some new technologies may be viable tools to meet the challenge. 

Strategic Planning for the Future

States remain focused on refining and following their strategic plans and roadmaps in a time of uncertainty — with regard to potential changes coming from the federal level. The closing plenary suggested that states be prepared for “local leadership” opportunities, which further underscores the need for states to continue to prepare themselves and their systems to facilitate changes to their programs.

Maintaining Perspective

As I leave Baltimore to return home and help care for my 88-year-old father, and as I see others who are in clear need of healthcare help, I am reminded that the work we do and the problems we are tackling are important on so many levels. It is a cornerstone of the well-being of our health system and our fellow citizens. Our team will continue to focus our efforts with this perspective in mind, drawing from the lessons, discussions, and best practices shared at this year’s MESC.

Here’s to a year of good health — may you successfully carry out the mission of Medicaid in your state. See you in 2018 in Portland, Oregon!

Article
Reflections on MESC 2017

Read this if your agency is planning to procure a services vendor.

In our previous article, we looked at three primary areas we, or a potential vendor, consider when responding to a request for services. In this follow-up, we look at additional factors that influence the decision-making process on whether a potential vendor decides to respond to a request for services.

  • Relationship with this state/entity―Is this a state or client that we have worked with before? Do we understand their business and their needs?

    A continuing relationship allows us to understand the client’s culture and enables us to perform effectively and efficiently. By establishing a good relationship, we can assure the client that we can perform the services as outlined and at a fair cost.
  • Terms and conditions, performance bonds, or service level agreements―Are any of these items unacceptable? If there are concerns, can we request exceptions or negotiate with the state?

    When we review a request for services our legal and executive teams assess the risk of agreeing to the state’s terms and compare them against our existing contract language. States might consider requesting vendors provide exceptions to terms and conditions in their bid response to open the door for negotiations. Not allowing exceptions can result in vendors assuming that all terms are non-negotiable and may limit the amount of vendor bid responses received or increase the cost of the proposal.

    The inclusion of well-defined service level agreements (SLAs) in requests for proposals (RFPs) can be an effective way to manage resulting contracts. However, SLAs with undefined or punitive performance standards, compliance calculations, and remedies can also cause a vendor to consider whether to submit a bid response.

    RFPs for states that require performance bonds may result in significantly fewer proposals submitted, as the cost of a performance bond may make the total cost of the project too high to be successfully completed. If not required by law that vendors obtain performance bonds, states may want to explore other effective contractual protections that are more impactful than performance bonds, such as SLAs, warranties, and acceptance criteria.
  • Mandatory requirements―Are we able to meet the mandatory requirements? Does the cost of meeting these requirements keep us in a competitive range?

    Understanding the dichotomy between mandatory requirements and terms and conditions can be challenging, because in essence, mandatory requirements are non-negotiable terms and conditions. A state may consider organizing mandatory requirements into categories (e.g., system requirements, project requirements, state and federal regulations). This can help potential vendors determine whether all of the mandatory requirements are truly non-negotiable. Typically, vendors are prepared to meet all regulatory requirements, but not necessarily all project requirements.
  • Onsite/offsite requirements―Can we meet the onsite/offsite requirements? Do we already have nearby resources available? Are any location requirements negotiable?

    Onsite/offsite requirements have a direct impact on the project cost. Factors include accessibility of the onsite location, frequency of required onsite participation, and what positions/roles are required to be onsite or local. These requirements can make the resource pool much smaller when RFPs require staff to be located in the state office or require full-time onsite presence. And as a result, we may decide not to respond to the RFP.

    If the state specifies an onsite presence for general positions (e.g., project managers and business analysts), but is more flexible on onsite requirements for technical niche roles, the state may receive more responses to their request for services and/or more qualified consultants.
  • Due date of the proposal―Do we have the available proposal staff and subject matter experts to complete a quality proposal in the time given?

    We consider several factors when looking at the due date, including scope, the amount of work necessary to complete a quality response, and the proposal’s due date. A proposal with a very short due date that requires significant work presents a challenge and may result in less quality responses received.
  • Vendor available staffing―Do we have qualified staff available for this project? Do we need to work with subcontractors to get a complete team?

    We evaluate when the work is scheduled to begin to ensure we have the ability to provide qualified staff and obtain agreements with subcontractors. Overly strict qualifications that narrow the pool of qualified staff can affect whether we are able to respond. A state might consider whether key staff really needs a specific certification or skill or, instead, the proven ability to do the required work.

    For example, technical staff may not have worked on this particular type of project, but on a similar one with easily transferable skills. We have several long-term relationships with our subcontractors and find they can be an integral part of the services we propose. If carefully managed and vetted, we feel subcontractors can be an added value for the states.
  • Required certifications (e.g., Project Management Professional® (PMP®), Cybersecurity and Infrastructure Security Agency (CISA) certification)―Does our staff have the required certifications that are needed to complete this project?

    Many projects requests require specific certifications. On a small project, maybe other certifications can help ensure that we have the skills required for a successful project. Smaller vendors, particularly, might not have PMP®-certified staff and so may be prohibited from proposing on a project that they could perform with high quality.
  • Project timeline―Is the timeline to complete the project reasonable and is our staff available during the timeframe needed for each position for the length of the project?

    A realistic and reasonable timeline is critical for the success of a project. This is a factor we consider as we identify any clear or potential risks. A qualified vendor will not provide a proposal response to an unrealistic project timeline, without requesting either to negotiate the contract or requesting a change order later in the project. If the timeline is unrealistic, the state also runs the risk that the vendor will create many change requests, leading to a higher cost.

Other things we consider when responding to a request for services include: is there a reasonable published budget, what are the minority/women-owned business (M/WBE) requirements, and are these new services that we are interested in and do they fit within our company's overall business objectives?

Every vendor may have their own checklist and/or process that they go through before making a decision to propose on new services. We are aware that states and their agencies want a wide-variety of high-quality responses from which to choose. Understanding the key areas that a proposer evaluates may help states provide requirements that lead to more high-quality and better value proposals. If you would like to learn more about our process, or have specific questions, please contact the Medicaid Consulting team.

Article
What vendors want: Other factors that influence vendors when considering responding to a request for services

Read this if your agency is planning to procure a services vendor. 

Every published request for services aims to acquire the highest-quality services for the best value. Requests may be as simple as an email to a qualified vendor list or as formal as a request for proposal (RFP) published on a state’s procurement website. However big or small the request, upon receiving it, we, or a potential vendor, triages it using the following primary criteria:

  1. Scope of services―Are these services or solutions we can provide? If we can’t provide the entire scope of services, do we have partners that can?
    As a potential responding vendor, we review the scope of services to see if it is clearly defined and provides enough detail to help us make a decision to pursue the proposal. Part of this review is to check if there are specific requests for products or solutions, and if the requests are for products or solutions that we provide or that we can easily procure to support the scope of work. 
  2. Qualifications―What are the requirements and can we meet them?
    We verify that we can supply proofs of concept to validate experience and qualification requirements. We check to see if the requirements and required services/solutions are clearly defined and we confirm that we have the proof of experience to show the client. Strict or inflexible requirements may mean a new vendor is unable to propose new and innovative services and may not be the right fit.
  3. Value―Is this a service request that we can add value to? Will it provide fair compensation?
    We look to see if we can perform the services or provide the solution at a rate that meets the client’s budget. Sometimes, depending upon the scope of services, we can provide services at a rate typically lower than our competitors. Or, conversely, though we can perform the scope of services, the software/hardware we would have to purchase might make our cost lower in value to the client than a well-positioned competitor.

An answer of “no” on any of the above questions typically means that we will pass on responding to the opportunity. 

The above questions are primary considerations. There are other factors when we consider an opportunity, such as where the work is located in comparison to our available resources and if there is an incumbent vendor with a solid and successful history. We will consider these and other factors in our next article. If you would like to learn more about our process, or have specific questions, please contact the Medicaid Consulting team.
 

Article
What vendors want: Vendor decision process in answering requests for services

Read this if you are a bank with over $1 billion in assets.

It’s no secret COVID-19 has had a substantial impact on the economy. As unemployment soared and the economy teetered on the edge of collapse, unprecedented government stimulus attempted to stymie the COVID-19 tidal wave. One tool used by the government was the creation of the Paycheck Protection Program (PPP). Part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, the PPP initially authorized the lending of $349 billion to encourage businesses to keep workers employed and cover certain operating expenses during the coronavirus pandemic. The PPP was then extended through August 8, 2020 with an additional $310 billion authorized.

Many financial institutions scrambled to free up resources and implement processes to handle the processing of PPP loan applications. However, such underwriting poses unique challenges for financial institutions. PPP loans are 100% guaranteed by the US Small Business Administration (SBA) if the borrowers meet certain criteria. Establishing appropriate controls over the loan approval and underwriting process is more a matter of ensuring compliance with the PPP, rather than ensuring the borrower can repay their loan.

Federal Deposit Insurance Corporation Improvement Act of 1991 compliance 

Banks with total assets over $1 billion as of the beginning of their fiscal year must comply with the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA). Amongst other things, FDICIA requires management perform an assessment and provide a resulting attestation on the operating effectiveness of the bank’s internal controls over financial reporting (ICFR) as of the bank’s fiscal year-end. Although this attestation is as of year-end, management must perform testing of the bank’s ICFR throughout the bank’s fiscal year to obtain sufficient evidence regarding the operating effectiveness of ICFR as of year-end. Key controls over various transaction cycles are typically housed in a matrix, making it easy for management and other users, such as independent auditors, to review a bank’s key ICFR. 

Internal control documentation

If the process for originating PPP loans is different from the bank’s process for traditional loan products, it’s likely the internal controls surrounding this process is also different. Given that $659 billion in PPP loans have been granted to date, it is possible PPP loans may be material to individual banks’ balance sheets. If PPP loans are material to your bank’s balance sheet, you should consider the controls that were put in place. If the controls are deemed to be different from those already documented for other types of loans, you should document such controls as new controls in your FDICIA matrix and test accordingly.

As noted earlier, the risks a financial institution faces with PPP loans are likely different from traditional underwriting. If these unique risks could impact amounts reported in the financial statements, it’s smart to address them through the development of internal controls. Banks should assess their individual situations to identify any risks that may have not previously existed. For instance, given the volume of PPP loans originated in such a short period of time, quality control processes may have been stretched to their limits. The result could be PPP loans inaccurately set up in the loan accounting system or loan files missing key information. Depending on the segregation of duties, the risk could even be the creation of fictitious PPP loans. A detective internal control that could address inaccurate loan setup would be to scan a list of PPP loans for payment terms, maturity dates, or interest rates that appear to be outliers. Given the relatively uniform terms for PPP loans, any anomalies should be easily identifiable. 

Paycheck Protection Program loan fees

Aside from internal controls surrounding the origination of PPP loans, banks may also need to consider documenting internal controls surrounding PPP loan fees received by the SBA. Although the accounting for such fees is not unique, given the potential materiality to the income statement, documenting such a control, even if it is merely addressing the fees in an already existing control, exhibits that management has considered the impact PPP loan fees may have on their ICFR. 

The level of risk associated with PPP loan fees may differ from institution to institution. For instance, a bank that is calculating its PPP loan fees manually rather than relying on the loan accounting system to record and subsequently recognize income on these fees, inherently has more risk. This additional level of risk will need to be addressed in the development and documentation of internal controls. In this example, a periodic recalculation of PPP loan fees on a sample basis, including income recognition, may prove to be a sufficient internal control.

With the calendar year-end fast approaching, it is time to take a hard look at those FDICIA matrices, if you haven’t already done so:

  • Consider what has changed at your bank during the fiscal year and how those changes have impacted the design and operation of your internal controls. 
  • Ensure that what is happening in practice agrees to what is documented within your FDICIA matrix. 
  • Ensure that new activities, such as the origination of PPP loans, are adequately documented in your FDICIA matrix. 

With Congress considering another round of PPP loans, there is no time like the present to make sure your bank is ready from an ICFR perspective. If you have questions about your specific situation, or would like more information, please contact the FDICIA compliance team

Article
Do your FDICIA controls "CARES" about the Paycheck Protection Program?

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

You can listen to the companion podcast to this article now:


Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline Medicaid Enterprise System (MES) certification. During this time, we have been fortunate enough to have been a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. 

What is outcomes-based certification (OBC)? 

OBC (or streamlined modular certification) is a fascinating evolution in MES certification. OBC represents a fundamental rethinking of certification and how we measure the success of system implementation and modernization efforts. The prior certification approach, as many know it, is centrally focused on technical capability, answering the question, “Can the system perform the required functions?” 

OBC represents a shift away from this technical certification and toward business process improvement, instead answering the question, “How is this new technology enhancing the Medicaid program?” Or, put differently, “Is this new technology helping my Medicaid program achieve its desired outcomes?” 

What are the key differences between the MECT and OBC? 

To understand the differences, we have to first talk about what isn’t changing. Technical criteria still exist, but only so far as CMS is confirming compliance with core regulatory and statutory requirements—including CMS’ Standards and Conditions. That’s about the extent of the similarities. In addition to pivoting to business process improvement, we understand that CMS is looking to generalize certification under this new approach, meaning that we wouldn’t see the same Medicaid Information Technology Architecture (MITA)-tied checklists like Provider Management, or Decision Support Systems. Instead, we might expect more generalized guidance that would allow for a more tailored certification. 

Additionally, OBC introduces outcomes statements which serve as the guiding principles for certification. Everything, including the technical criteria, roll-up into an outcome statement. This type of roll up might actually feel familiar, as we see a similar structure in how Medicaid Enterprise Certification Toolkit (MECT) criteria rolled up into critical success factors. 

The biggest difference, and the one states need to understand above all else, is the use of key performance indicators (KPIs). These KPIs aren’t just point-in-time certification measures, they are expected to be reported against regularly—say, quarterly—in order to maintain enhanced funding. Additionally, it’s likely that each criterion will have an associated KPI, meaning that states will continue to be accountable to these criteria long after the Certification Final Review. 

How are KPIs developed? 

We’ve seen KPIs developed in two ways. For more strategic, high level KPIs, CMS develops a baseline set of KPIs heading into collaborating with a state on an OBC effort. In these instances, CMS has historically sought input on whether those KPIs are reasonable and can be easily reported against. CMS articulates what it wants to measure conceptually, and works with a state to ensure that the KPI achieves that within the scope of a state’s program.  

For KPIs specific to a state’s Medicaid program, CMS engages with states to draft new KPIs. In these instances, we’ve seen CMS partner with states to understand the business need for the new system, how it fits into the Medicaid enterprise, and what the desired outcome of the particular approach is. 

What should states consider as they plan for MES procurements? 

While there might be many considerations pertaining to OBC and procurements, two are integral to success. First—as CMS noted in the virtual MESC session earlier this month—engage CMS at the idea stage of a project. Experience tells us that CMS is ready and willing to collaborate with—and incorporate the needs of—states that engage at this idea stage. That early collaboration will help shape the certification path. 

Second, consider program outcomes when conceptualizing the procurement. Keep these outcomes central to base procurement language, requirements, and service level agreements. We’re likely to see the need for states to incorporate these outcomes into contracts. 

What does this mean for MES modularity and scalability? 

Based on our current understanding of the generalization of certification, states, and subsequently the industry at large, will continue to refine what modularity means based on Medicaid program needs. Scalability represents an interesting question, as we’ve seen OBC scaled horizontally across smaller, discrete business areas like pharmacy or provider management. Now we’re seeing the beginnings of vertical scaling of a more streamlined certification approach to larger components of the enterprise, such as financial management and claims processing. 

The certification landscape is seemingly changing weekly as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team

Article
Considerations for outcomes-based certification

Read this if you or your government agency may be interested in project management or a project management office.

You may think that PMO stands for Project Management Office, Program Management Office, or Portfolio Management Office, and you would be correct. However, when establishing your PMO priorities, think:
1.    P – Planning and Processes
2.    M – Motivation
3.    O – Operations

Determining where your organization will focus your efforts is fundamental to the successful functioning of the PMO, whether the PMO is well established or just getting started. With multiple competing projects and initiatives, spending some time planning and developing your PMO priorities in the short term will save you time and effort moving forward. 

According to the Project Management Institute’s (PMI’s) research, they reported that "aligning projects and strategic objectives has the greatest potential to add value to an organization.” 

The “value” here must be determined by each organization, but through establishing your PMO priorities early, you promote a culture of project management in order to gain greater experience in project management practices and personnel. This allows for more efficient processes, more focused and flexible project managers, greater scope, schedule, and budgetary control, and ultimately more successful projects implemented.

Planning and processes

The first step in establishing the priorities for your PMO requires planning and evaluating existing processes. Identifying all projects for the upcoming year is an excellent place to start. For each project or initiative, you will want to pull together information that will assist you in the prioritization process. This may include items such as type of project, expected outcomes, aligned strategic objective(s), targeted length of the project, targeted start date, funding sources, types of approvals needed, resource capacity, and risk versus reward analysis. Each organization can make the determination of what kind of information is necessary in this step to make prioritization more streamlined and specific to their current structure and processes.

As new team members enter and exit project work, there is a risk that knowledge transfer of the PMO processes get lost, or deviations in processes begin to occur. PMI notes “high-performing organizations succeed through a strategic focus on people, processes, and outcomes” and 74% of these high-performing organizations are supported by a PMO. Taking the opportunity for continuous process improvement―to review and share the PMO processes and templates with the organization on a reoccurring basis―helps to ensure consistency across programs within the organization. With consistency comes efficiency, allowing your project teams to focus on the work at hand, and not recreate processes. Consistency and efficiency will help streamline administrative activities, improve resource estimates, and increase the likelihood that projects will come in on time and on budget.

Motivation 

The second step in establishing PMO priorities is motivation. Having a working knowledge of your organization will help in this step―knowing what excites or drives them to succeed. Motivating factors may vary for different organizations. For example, if you’re a government entity, the deciding factor in priority may be a legislative mandate. Early identification of your organization’s motivating factors allows you to expedite the prioritization efforts and increase planning time for high-priority projects, including aligning resources sooner. Here are a few ideas to consider when thinking about finding what motivates people in your organization:

  • Durations/meeting timeframes
  • Legislation/mandates
  • Strategic plans and goals
  • Recognition
  • Policy
  • Outcomes/potential impacts
  • Level of risk
  • Return on Investment (ROI)

Operations

The third step in establishing PMO priorities is operations. By outlining operational aspects of the projects before establishing your PMO priorities, you can see the big picture and organizational strategy. Per PMI, organizations which “align their PMO to strategy report 38% more projects meet the original goals and business intent, while 33% fewer projects are deemed as failures.” This allows you to understand dependencies between projects, identify possible duplication or gaps, and plan for resources earlier. Below are a few examples to consider with this step:

  • High-level strategy (will the work be delivered in phases or at the end of the project)
  • Approximate Full-Time Equivalents (FTEs) required
  • Skill level needed for the resources
  • Organizational charts and reporting relationships
  • Approximate cost for the project/initiative

Now that you are aware of the three steps―planning and processes, motivation, and operations, you are ready to begin establishing your PMO priorities. Evaluating all three steps helps ensure you’ve considered everything before prioritizing the work, although some items may clearly have more weight than others. There is no magic formula for establishing PMO priorities, and given the same projects, different organizations would have different priorities. One organization may define and identify project work as high, medium, or low, while another PMO may number projects, with number one being the first project to start. Either way is right. 

The important take-away is for your PMO to develop a consistent methodology as you are establishing priorities now and in the future. 

Does your organization need help establishing your PMO processes, prioritizing, or developing strategic plans? Contact our Medicaid Consulting team for more information on how we can help.

Resources cited

Project Management Institute. PMI’s Pulse of the Profession: The High Cost of Low Performance. PMI.org. Accessed July 8, 2020. https://www.pmi.org/-/media/pmi/documents/public/pdf/learning/thought-leadership/pulse/pulse-of-the-profession-2014.pdf?v=eb9b1ac0-8cad-457f-81ec-b09dbb969a38 
Project Management Institute. PMI’s Pulse of the Profession – 9th Global Project Management Survey: Success Rates Rise – Transforming the High Cost of Low Performance. PMI.org. Accessed July 8, 2020. https://www.pmi.org/-/media/pmi/documents/public/pdf/learning/thought-leadership/pulse/pulse-of-the-profession-2017.pdf 

Article
The 1, 2, 3s of establishing your PMO priorities