Skip to Main Content

insightsarticles

The CARES Act and telehealth services for FQHCs

03.31.20

Read this if you are a director, manager, or administrator at a Federally Qualified Health Centers (FQHC) or Rural Health Clinic (RHC).

The latest COVID-19 bill, the Coronavirus Aid, Relief, and Economic Security (CARES) Act included enhancing Medicare telehealth services for FQHCs and RHCs. This legislation waives the Section 1834(m) restriction on FQHCs and RHCs that prohibits them from serving as distant sites. This means during the COVID-19 State of Emergency, FQHCs and RHCs will be able to serve as distant sites to provide telehealth services to patients in their homes and other eligible locations. The legislation will reimburse FQHCs and RHCs at a rate that is similar to payment for comparable telehealth services under the physician fee schedule (Medicare Part B). FQHCs and RHCs will not be paid the Medicare PPS rate for these services.

Currently, Medicare, unlike many Medicaid programs and commercial payers, still requires the video component for telehealth. Effective immediately, the Office for Civil Rights at the Department of Health and Human Services will exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 State of Emergency. Providers who want to use audio or video communication technology to provide telehealth during the COVID-19 State of Emergency can use any non-public facing remote communication product that is available to communicate with patients. Examples of acceptable platforms (non-public facing) include Apple FaceTime, Google G Suite Hangouts Meet, and Skype for Business.

We would also like to remind you of the ability to bill for virtual communication services. Virtual communication services are a brief, non-face-to-face check-in with a patient via communication technology, to assess whether the patient's condition necessitates an office visit. The call must be initiated by the patient and to be billable, the call must be between the patient and a physician, nurse practitioner, physician assistant, certified nurse midwife, clinical psychologist, or clinical social worker. If the discussion is conducted by a nurse, health educator, or other clinical personnel, it is not billable as a virtual communication service. There is no video component required for virtual communication services. The check-in cannot relate to a visit with the patient during the previous seven days or result in a visit with the patient within the next 24 hours (or next available appointment). Read the FAQs from Medicare on the virtual communication services.

We continue to be here to support you. If you have any questions or concerns, please do not hesitate to reach out to any of us. 

Related Services

Consulting

Business Advisory

Related Professionals

Principals

Read this if your facility or organization has received provider relief funds.

The rules over the use of the provider relief funds (PRF) have been in a constant state of flux since the funds started to show up in your bank accounts back in April. Here is a summary of where we are as of November 30, 2020 with allowable uses of the funds.
 
The most recent Post-Payment Notice of Reporting Requirements is dated November 2, 2020. In accordance with the notice, PRF may be used for two purposes:

  1. Healthcare-related expenses attributable to coronavirus that another source has not reimbursed and is not obligated to reimburse
  2. Lost revenue, up to the amount of the difference between 2019 and 2020 actual patient care revenue

The Department of Health and Human Services (HHS) has issued FAQs as recently as November 18, 2020.  The FAQs include the following clarifications on the allowable uses:

Healthcare related expenses attributable to the coronavirus

  1. PRF may be used for the marginal increased expenses or incremental expenses related to coronavirus.
  2. Expenses cannot be reimbursed by another source or another source cannot be obligated to reimburse the expense.
  3. Other sources include, but are not limited to, direct patient billing, commercial insurance, Medicare/Medicaid/Children’s Health Insurance Program (CHIP), or other funds received from the Federal Emergency Management Agency (FEMA), the Provider Relief Fund COVID-19 Claims Reimbursement to Health Care Providers and Facilities for Testing, Treatment, and Vaccine Administration for the Uninsured, and the Small Business Administration (SBA) and Department of Treasury’s Paycheck Protection Program (PPP). This would also include any state and federal grants received as a result of the coronavirus.
  4. Providers should apply reasonable assumptions when estimating the portion of costs that are reimbursed from other sources.
  5. The examples in the FAQs for increased cost of an office visit and patient billing seem to point to only supplemental coronavirus related reimbursement needing to be offset against the increased expense.
  6. PRF may be used for the full cost of equipment or facility projects if the purchase was directly related to preventing, preparing for and responding to the coronavirus; however, if you claim the full cost, you cannot also claim the depreciation for any items capitalized.
  7. PRF cannot be used to pay salaries at a rate in excess of Executive Level II which is currently set at $197,300.

Lost revenues attributable to the coronavirus

  1. Lost revenues attributable to coronavirus are calculated based upon a calendar year comparison of 2019 to 2020 actual revenue/net charges from patient care (prior to netting with expenses).
  2. Any unexpended PRF at 12/31/20 is then eligible for use through June 30, 2021 and calculated lost revenues in 2021 are compared to January to June 2019.
  3. Reported patient care revenue is net of uncollectible patient service revenue recognized as bad debts and includes 340B contract pharmacy revenue.
  4. This comparison is cumulative, for example, if your net income improves in Q4, it will reduce lost revenues from Q2.
  5. Retroactive cost report settlements or other payments received that are not related to care provided in 2019 or 2020 can be excluded from the calculation.

Whether you are tracking expenses or lost revenues, the accounting treatment for both is to be consistent with your normal basis of accounting (cash or accrual).
 
As a reminder, the first reporting period (through December 31, 2020) is due February 15, 2021. The reporting portal is supposed to open January 15, 2021. Any unexpended PRF at December 31, 2020 can be used from January 1, 2021 through June 30, 2021, with final reporting due July 31, 2021.

The guidance continues to change rapidly and new FAQs are issued each week. Please check back here for any updates, or contact Mary Dowes for more information.

Article
Provider relief funds: Allowable usesĀ 

Read this if you are an administrator, manager, or director at a Rural Health Clinic (RHC) or Federally Qualified Health Center (FQHC).

The following outlines key due dates related to various CARES Act funding streams that you may have received. Updated as of April 27, 2020.

1. Round two of the Paycheck Protection Program (PPP) was just signed last week. If you have not applied and plan to do so, please do so ASAP as the funds are likely to be exhausted quickly.
2. Your 12-month budget for the CARES Act funding is due on May 8, 2020. As you prepare your budget, please consider the following:
a. If you were lucky enough to get approved for PPP loans, use these funds first to pay for salaries and wages as they are for eight weeks only.
b. We encourage including federal grant expenses in all budget categories to enable you to take advantage of the flexibility HRSA has provided you by allowing reclassifications between budget categories up to the lesser of 25% of the federal award or $250,000 without asking for prior approval. If you wish to reclassify amounts to a budget category which didn’t previously have federal funds budgeted, you will have to submit a budget revision to HRSA for approval. This guidance applies to your base 330 grant as well. 
c. Remember, if an employee is paid more than $197,300 (Executive II salary level as of January 1, 2020), you can only charge $197,300 to any HRSA grant. This salary limitation does not apply to consultants or contracted employees.
d. Use of these funds is very likely to undergo audits, similar to the ARRA funding a number of years ago, therefore make sure you properly track how you use these funds (audit trail).
e. Have your personnel policies been modified for consistency with any new practices you’ve implemented as a result of the public health emergency (for example, hazard pay, family and sick leave and remote working)?

Click here for a list of HRSA’s examples of the allowable uses of the CARES Act funding.    
 
3. The initial distribution you received on April 20, 2020 from the CARES Act Provider Relief Fund has an attestation due on May 10, 2020. There are various provisions governing the use of the funds and we suggest you consider the ability to use these funds to offset lost earnings so you do not have to complete with the other funding programs you have received.

Article
CARES Act funding deadlines: Update for FQHCs and RHCs

Read this if you are an administrator, manager, or director at a Rural Health Clinic (RHC) or Federally Qualified Health Center (FQHC).

CMS just released an article outlining new and expanded flexibilities for RHCs and FQHCs during the COVID-19 public health emergency (PHE). The article includes the following information:

  • Payment rate for telehealth services
  • How to bill for telehealth services
  • Expanded virtual communications services

Payment for telehealth health services during the PHE (from January 27, 2020 through the end of the PHE) is $92. Billing for telehealth is segmented into two periods:

  1. January 27, 2020 – June 30, 2020, bill using the 95 modifier
  2. July 1, 2020 – end of PHE, bill using code G2025

The article further outlines that for telehealth services billed through June 30, they will be paid at the PPS rate. The claims will then be automatically reprocessed in July and a recoupment will occur for the difference between the $92 and your PPS rate. 

It will be important for you to keep track of the telehealth visits paid at your PPS rate and what the recoupment by Medicare will be so that when it occurs you will not be caught unawares.

Virtual communication services have been expanded to include digital evaluation and management services. Online digital evaluation and management services are non-face-to-face, patient initiated, digital communications using a secure patient portal. 

Additionally, the payment rate for these services will be $24.76 beginning March 1, 2020 through the end of the PHE instead of the CY 2020 rate of $13.53, and should bill using code G0071. 

Consider how the medical records component of your system interfaces with the billing component to ensure you capture these services for billing.

The full article can be accessed here: MLN Matters Special Edition Article 20016.
 

Article
CMS expands flexibility for RHCs and FQHCs

The Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020, which provides $8.3 billion in emergency funding for federal agencies to respond to the COVID-19 outbreak, has earmarked $100 million for FQHCs to prevent, prepare for, and respond to the COVID-19 national emergency. Pre-award costs will be supported by this funding and may date back to January 20, 2020. We recommend tracking your expenditures related to the coronavirus to the best of your ability. This may be helpful or necessary in providing your organization much needed financial relief.  

As a reminder, FQHCs cannot bill Medicare for telehealth services under the PPS rate. Telehealth can be billed to Medicare under Part B with the FQHC as an originating site and reimbursement is approximately $26. If you do not have home visits on Form 5, be sure to add home visits to 5C as soon as possible.

Amidst rapid hourly changes in contending with the coronavirus and its far-reaching impacts, we are sharing some HRSA and CMS guidance that may be helpful to you: 

Here is a link to HRSA FAQs related to COVID-19

Although we are working remotely, we are available to support you. If you have any questions or concerns, please do not hesitate to reach out to any of us.

Article
COVID-19 emergency funding for FQHCs: What you need to know

Read this if you are a plan sponsor of employee benefit plans.

This article is the seventh in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with Employee Retirement Income Security Act (ERISA) requirements. You can read the previous articles here.

The COVID-19 pandemic has challenged individuals and organizations to continue operating during a time where face-to-face interaction may not be plausible, and access to organizational resources may be restricted. However, life has not stopped, and participants in your employee benefit plan may continue to make important decisions based on their financial needs. 

To help you prepare for a potential IRS examination, we’ve listed some requirements for participants to receive Required Minimum Distributions (RMD), hardship distributions, and coronavirus-related distributions, recommendations of actions you can perform, and documentation to retain as added internal controls. 

Required Minimum Distributions

Recently, the IRS issued a memo regarding missing participants, beneficiaries, and RMDs for 403(b) plans. If an employee benefit plan is subject to the RMD rules of Code Section 401(a)(9), then distributions of a participant’s accrued benefits must commence April 1 of the calendar year following the later of 1) the participant attaining age 70½ or 2) the participant’s severance from employment. Under the Coronavirus Aid, Relief, and Economic Security (CARES) Act of 2020, RMDs was temporarily waived for retirement plans for 2020. This change applied to defined contribution plans, such as 401(k), 403(b), 457(b) plans and IRAs. 

In addition, RMDs were waived for IRA owners who turned 70½ in 2019 and were required to take an RMD by April 1, 2020 and have not yet done so. Do note the waiver will not alter a participant’s required beginning date for purposes of applying the minimum distribution rules in future periods. Although you may be applying this waiver during 2020, it is important you prepare to make RMDs once the waiver period ends by verifying participants eligible to receive RMDs are not “missing.”

There are instances in which plans have been unable to make distributions to a terminated participant due to an inability to locate the participant. In this situation, the responsible plan fiduciary should take the following actions in applying the RMD rules:

  1. Search the plan and any related plan, sponsor and publicly available records and/or directories for alternative contact information;
  2. Use any of the following search methods to locate the participant: a commercial locator service, a credit reporting agency, or a proprietary internet search tool for locating individuals; and
  3. Attempt to initiate contact via certified mail sent to the participant’s last known mailing address, and/or through any other appropriate means for any known address(es) or contact information, including email addresses and telephone numbers.

If the plan is selected for audit by the IRS and the above actions have been taken and documented by the plan, the IRS instructs employee plan examiners not to challenge the plan for violation of the RMD rules. If the plan is unable to demonstrate that the above actions have been taken, the employee plan examiners may challenge the plan for violation of the RMD rules.

We typically recommend management review plan records to determine which participants have attained age 70½. Based on the guidelines outlined above, we recommend plans document the actions they have taken to contact these participants and/or their beneficiaries.

Hardship distribution rules

A common issue we identify during our employee benefit plan audits is that the rules for hardship distributions are not always followed by the plan sponsor. If the plan allows hardship withdrawals, they should only be provided if (1) the withdrawal is due to an immediate and heavy financial need, (2) the withdrawal must be necessary to satisfy the need (you have no other funds or ways to meet the need), and (3) the withdrawal must not exceed the amount needed. You may have noted we did not add the plan participant must have first obtained all distribution or nontaxable loans available under the plan to the list of requirements above. This is due to the recently enacted Bipartisan Budget Act of 2018 (the Act), which removed the requirement to obtain available plan loans prior to requesting a hardship. Thus, the removal of this requirement may increase the number of eligible participants to receive hardship withdrawals, if the three requirements noted are satisfied. The plan sponsor should maintain documentation the requirements for the hardship withdrawal have been met before issuing the hardship withdrawal.

The IRS considers the following as acceptable reasons for a hardship withdrawal:

  1. Un-reimbursed medical expenses for the employee, the employee’s spouse, dependents or beneficiary.
  2. Purchase of an employee's principal residence.
  3. Payment of college tuition and related educational costs such as room and board for the next 12 months for the employee, the employee’s spouse, dependents, beneficiary, or children who are no longer dependents.
  4. Payments necessary to prevent eviction of the employee from his/her home, or foreclosure on the mortgage of the principal residence.
  5. For funeral expenses for the employee, the employee’s spouse, children, dependents or beneficiary.
  6. Certain expenses for the repair of damage to the employee's principal residence.
  7. Expenses and losses incurred by the employee as a result of a disaster declared by the Federal Emergency Management Agency (FEMA), provided that the employee’s principal residence or principal place of employment at the time of the disaster was located in an area designated by FEMA for individual assistance with respect to the disaster.

Prior to the enactment of the Act, once a hardship withdrawal was taken, the plan participant would not be allowed to contribute to the plan for six months following the withdrawal. The Act repealed the six-month suspension of elective deferrals, thus plan participants are allowed to continue making contributions to the plan in the pay period following the hardship withdrawal. Prior to the Act we had seen instances where the plan participant was allowed to continue making contributions after the hardship withdrawal was taken. Now we would expect participants who received a hardship distribution to continue making elective deferrals following receipt of the distribution.

Coronavirus-related distributions

Under section 2202 of the CARES Act, qualified participants who are diagnosed with coronavirus, whose spouse or dependent is diagnosed with coronavirus, or who experience adverse financial consequences due to certain virus-related events including quarantine, furlough, or layoff, having hours reduced, or losing child care, are eligible to receive a coronavirus-related distribution. 

Distributions are considered coronavirus-related distributions if the participant or his/her spouse or dependent has experienced adverse effects noted above due to the coronavirus, the distributions do not exceed $100,000 in the aggregate, and the distributions were taken on or after January 1, 2020 and on or before December 30, 2020.  Such distributions are not subject to the 10% penalty tax under Internal Revenue Code (IRC) § 72(t), and participants have the option of including their distributions in income ratably over a three year period, or the entire amount, starting in the year the distribution was received. Such distributions are exempt from the IRC § 402(f) notice requirement, which explains rollover rules, as well as the effects of rolling a distribution to a qualifying IRA and the effects of not rolling it over. Also, participants can be exempt from owing federal taxes by repaying the coronavirus-related distribution. 

Participants receiving this distribution have a three-year window, starting on the distribution date, to contribute up to the full amount of the distribution to an eligible retirement plan as if the contribution were a timely rollover of an eligible rollover distribution. So, if a participant were to include the distribution amount ratably over the three-year period (2020 – 2022), and the full amount of the distribution was repaid to an eligible retirement plan in 2022, the participant may file amended federal income tax returns for 2020 and 2021 to claim a refund for taxes paid on the income included from the distributions, and the participant will not be required to include any amount in income in 2022. We recommend the plan sponsor maintain documentation supporting the participant was eligible to receive the coronavirus-related distribution. 

There is much uncertainty due to the current status of the COVID-19 pandemic, and this has forced many of our clients to review and alter their control environments to maintain effective operations. With this uncertainty comes changes to guidance and treatment of plan transactions. We have provided our current understanding of the guidance the IRS has provided for the treatment surrounding distributions, specifically RMDs, hardship distributions, and coronavirus-related distributions. If you and your team have any additional questions which may be specific to your organization or plan, an expert from our Employee Benefits Audit team will be gladly willing to assist you. 
 

Article
Defined contribution plan distributions: Considerations and recommendations

Read this if you are at a not-for-profit organization.

There is no question that cryptocurrency has been gaining in popularity over the past few years. It may be hard to believe, but Bitcoin, the first and most commonly known form of cryptocurrency, has been around since the good old days of 2009! What was once only seen as a quasi-asset traded solely on the dark web by a handful of private yet savvy investors has recently begun to step out into the light. With this newly found mainstream popularity come many questions from the not-for-profit (NFP) sector about how their organizations should proceed when it comes to donations of cryptocurrency, and how they might benefit (or not) from doing so. 

This article will answer some of the questions we’ve received from clients in this area and attempt to shed some light on the tax reporting and compliance requirements around cryptocurrency donations for not-for-profit organizations, as well as other topics not-for-profit organizations should consider before dipping their toes into the crypto current.

So, what exactly is cryptocurrency? 

Cryptocurrency is a digital asset. It generally has no physical form (no actual coins or paper money). Further, it is not issued by a central bank and is largely unregulated. Its value is dependent upon many factors, the largest being supply and demand.

Can a not-for-profit organization accept cryptocurrency as a donation?

Yes! For tax purposes, cryptocurrency is considered noncash property, and is perfectly acceptable for not-for-profit organizations to accept.

With that said, NFPs absolutely need to review and update their gift acceptance policies as necessary as to whether or not they are willing to accept cryptocurrency. Having a clear and established policy position in place one way or the other can mitigate any confusion or misunderstanding between the organization and a potential donor.

The organization may also want to consider adding language to the policy regarding its intent to either hold the asset or sell it as soon as administratively possible. A savvy donor may request that the organization hold the cryptocurrency donation for a period of time after the donation is made, so organizations will want to have clear policies in place.

What about acknowledging the donor’s gift?

Standard donor acknowledgement rules still apply. Any donation of $250 or more requires a standard “thank you” acknowledgement to the donor. Remember, the IRS has deemed cryptocurrency to be noncash property, which means a description of the donated property (but not its value) should be mentioned in the donor acknowledgement.

Are there any other forms I need to be aware of?

Yes. Forms 8283 & 8282 apply to donations of cryptocurrency. Where the donation is noncash, the donor should be providing the organization with Form 8283, Noncash Charitable Contributions, for a claimed value of more than $500. Further, if the claimed value is more than $5,000, the Form 8283 should be accompanied by a qualified appraisal report. Form 8283 should be signed by the donor, the qualified appraiser (if applicable), as well as the recipient organization upon acceptance.

NOTE: Form 8283, Part V, Donee Acknowledgement, contains a yes/no question asking if the organization intends to use the property for an unrelated use. Where the property in question is cryptocurrency, the answer to this question is likely always to be ‘yes’.

Should the organization sell the underlying cryptocurrency within three years of acceptance, the organization must complete Form 8282, Donee Information Return, and file a copy with the IRS as well as providing a copy to the original donor. Other rules apply if the organization transfers the property to a successor donee.

NOTE: Organizations may want to consider referencing the Forms 8283 & 8282 in their aforementioned gift acceptance policy.

How is a cryptocurrency donation reported on the financial statements and Form 990?

If donated and held by the organization as of the end of the year, it will be reported as an intangible asset on the balance sheet, and contribution revenue on the statement of activities. 

Similar reporting would follow for 990 purposes—the donation would be reported as part of noncash contribution revenue with additional reporting on 990, Schedule B, Schedule of Contributors, and Schedule M, Noncash Contributions, as necessary.

Why should I accept cryptocurrency?

This is by far the hardest question to answer, for a variety of reasons. There is no question that cryptocurrency has its risks. Cryptocurrency is known to be highly volatile. Bitcoin, which originally was valued at eight cents per coin in 2010 soared to an all-time high of over $63,000 back in April of 2021—and then two months later sold for around $34,000 per coin. And who could forget the recent Dogecoin (I’m still not sure how to pronounce that) phenomenon? It too in recent months became a sensation only to see its value plummet by almost 30% in a single day after an appearance by Elon Musk on Saturday Night Live (it did subsequently rebound after a Musk tweet).

The fact is no one really knows where the value of cryptocurrency is headed, so should a not-for-profit organization decide to proceed, you should be aware it may not be worth what it was when originally accepted, which could be either good or bad depending on the day. Ultimately, any value is still good for a not-for-profit organization, but the risks with cryptocurrency and its volatility are very real.

Other things to know about crypto

As of right now, cryptocurrency has its own trading platforms. Robinhood, a platform in the news recently when it halted trading of Gamestop’s stock when speculative traders got the price to soar to all new highs, being the most well known. Large investment firms are well on their way to creating their own platforms as cryptocurrency gains in popularity, so we certainly recommend speaking with your current investment advisors to find the platform that best suits your needs.

Cryptocurrency is held in a digital wallet, which can only be accessed by a password, or private keys. Digital wallets can be stored locally on a computer, but there are also web-based wallets.

There have been horror stories about people losing or forgetting passwords, ultimately rendering the cryptocurrency worthless because it cannot be accessed. Cryptocurrency, due to its private nature, is very desirable by hackers who could also potentially access the wallet and steal its contents. And if stored locally, the currency could be lost forever if the computer containing the wallet were to become corrupted or compromised.

Organizations holding cryptocurrency will need to ensure proper internal controls are in place to make sure the funds are secure and cannot be easily accessed or potentially stolen. Working with your internal IT department is a good strategy here. The questions above are not intended to be all inclusive. Cryptocurrency is still finding its way in the world and we’ll continue to keep an eye on any developments and keep clients up to date as cryptocurrency continues to expand its reach and as further guidance is issued.

If you have any questions, please contact me or another member of our not-for-profit tax services team. We're here to help.

Article
Cryptocurrency and the charitable contribution conundrum

Read this if you are working with an auditor.

The standard report an auditor issues on an entity’s financial statements was created in 1988, and has only had minor tweaking since. Amazing when we think about how the world has changed since 1988! Back then:

  • The World Wide Web hadn’t been invented
  • The Simpsons wasn’t yet on TV, and neither was Seinfeld
  • The Berlin Wall was still standing
  • The Single Audit Act celebrated its fourth birthday

The Auditing Standards Board (ASB), an independent board of the American Institute of CPAs (AICPA) that establishes auditing rules for not-for-profit organizations (as well as private company and federal, state, and local governmental entities) has decided it was high time to revisit the auditor’s report, and update it to provide additional information about the audit process that stakeholders have been requesting.

In addition to serving as BerryDunn’s quality assurance principal for the past 23 years, I’ve been serving on the ASB since January 2017, and as chair since May 2020. (And thanks to the pandemic our meetings during my tenure as chair have been conducted from my dining room table.)  We thought you might be interested in a high-level overview of the coming changes to the auditor’s report, which will be effective starting with calendar 2021 audits, from an insider’s perspective.

So what’s changing?

The most significant changes you’ll be seeing, based on feedback from various users of auditor’s reports, are:

  1. Opinion first
    The opinion in an audit report is the auditor’s conclusion as to whether the financial statements are in accordance with the applicable accounting standards, in all material respects. People told us this is the most important part of the report, so we’ve moved it to the first section of the report.
  2. Auditor’s ethical responsibilities
    We’ve pointed out that an auditor is required to be independent of the organization being audited, and to meet certain other ethical responsibilities in the conduct of the audit.
  3. “Going concern” responsibilities
    We describe management’s responsibility, under U.S. generally accepted accounting principles, and the auditor’s responsibility, under the auditing rules, for determining whether “substantial doubt” exists about the organization’s ability to continue in existence for at least one year following the date the financial statements are approved for issuance.
  4. Emphasis on professional judgment and professional skepticism
    We explain how an audit requires the auditor to exercise professional judgment (for example, regarding how much testing to perform), and to maintain professional skepticism, i.e., a questioning mind that is alert to the possibility the financial statements may be materially misstated, whether due to error or fraud.
  5. Communications with the board of directors
    We point out that the auditor is required to communicate certain matters to the board, such as difficulties encountered during the audit, material adjustments identified during the audit process, and which areas the auditor treated as “significant risks” in planning and performing the audit.
  6. Responsibility related to the “annual report”
    If the organization issues an “annual report” containing or referring to the audited financial statements, we explain the auditor is required to review it for consistency with the financial statements, and for any known misstatements of fact.
  7. Discussion of “key audit matters”
    While not required, your organization may request the auditor to discuss how certain “key audit matters” (those most significant to the audit) were addressed as part of the audit process. These are similar to the “critical audit matters” publicly traded company auditor’s reports are now required to include.

Yes, this means the auditor’s report will be longer; however, stakeholders told us inclusion of this information will make it more informative, and useful, for them.

Uniform Guidance standards also changing

Is your organization required to have a compliance audit under the federal Uniform Guidance standards? That report is also changing to reflect the items listed above to the extent they’re relevant.

What should you do?

Some actions to consider as you get ready for the first audit to which the new report applies (calendar 2021, or fiscal years ending in 2022) include:

  1. Ask your auditor what your organization’s auditor’s report will look like
    Your auditor can provide examples of auditor’s reports under the new rules, or even draft a pro forma auditor’s report for your organization (subject, of course, to the results of the audit).
  2. Outline and communicate your process for developing your annual report
    If your organization prepares an annual report, it will be important to coordinate its timing with that of the issuance of the auditor’s report, due to the auditor’s new reporting responsibility related to the annual report.
  3. Discuss with your board whether you would like the auditor to include a discussion of “key audit matters” in the auditor’s report
    While not required for not-for-profits, some organizations may decide to request the auditor include a discussion of such matters in the report, from the standpoint of transparency “best practices.”

If you have any questions about the new auditor’s report or your specific situation, please contact us. We’re here to help.
 

Article
A new auditor's report: Seven changes to know

Read this if you are a plan sponsor of employee benefit plans.

This article is the sixth in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with Employee Retirement Income Security Act (ERISA) requirements. You can read the previous articles here.

Plan sponsors have a fiduciary responsibility to provide oversight over the operations of employee benefit plans. This oversight involves a multitude of varying responsibilities. Failure to provide sufficient oversight can lead to non-compliance with rules and regulations. However, even if plan sponsors are providing sufficient oversight, lack of documentation of the oversight is arguably equally as severe as no oversight at all. Here are some common fiduciary responsibilities and how you should document them. 

Review of the report on service organization’s controls

Most employee benefit plans have outsourced a significant portion of the plan’s processes, and the internal controls surrounding those processes, to a service organization. Regardless of how certain plan-related processes are performed—internally or outsourced—the plan sponsor has a fiduciary responsibility to monitor the internal controls in place surrounding significant processes and to determine if these controls are suitably designed and effective. The most commonly outsourced processes of an employee benefit plan are the administration, including recordkeeping of the plan, through a third-party administrator; payroll processing; and actuarial calculations, if applicable to the plan.

When plan processes are outsourced to service organizations, generally the most efficient way to obtain an understanding of the outsourced controls is to obtain a report on controls issued by the service organization’s auditor. You should request the service organization’s latest System and Organization Controls Report (SOC 1 report). The SOC 1 report should be based on the Statement on Standards for Attestation Engagements No. 18, Reporting on the Controls at a Service Organization, frequently known as SSAE 18.

Plan sponsors should perform a documented review of the SOC 1 report for each of the plan’s service organizations. The documented review should most notably include discussion of any exceptions noted within the service auditor’s testing performed, identification of subservice organizations and consideration if subservice organization SOC 1 reports need to be obtained, and assessment of the complementary user entity controls outlined in the SOC 1 report. The complementary user entity controls are internal control activities that should be in place at the plan sponsor to provide reasonable assurance that the controls tested at the service organization provide the necessary level of internal control over the plan’s financial statements. Contact a BerryDunn professional to obtain our SOC report review template to assist in documenting your review.

Documentation of the plan within minutes

To provide general plan oversight, plan sponsors should have a group charged with the governance of the plan. This group should meet on a routine basis to review various aspects of the plan’s operations. Minutes of these meetings should contain evidence that certain matters that would be of interest to the Department of Labor (DOL) were discussed.

We recommend minutes of meetings document the following:

  • Investment performance—The plan sponsor has a fiduciary responsibility to ensure the investments offered by the plan are meeting certain performance expectations. Investment statements and the plan’s investment policy should be reviewed on a regular basis with documentation of this review retained in minutes of meetings. Any conclusions reached about the need to change investments or put an investment on a “watch-list” should also be documented in the minutes, including any additional steps that need to be taken.
  • SOC 1 report review—As noted above, the plan sponsor has a fiduciary duty to ensure all third-party service organizations utilized by the plan have suitably designed and effective internal controls. Plan sponsors should perform a documented review of the SOC 1 report for each of the plan’s service organizations. The results of these reviews should then be reported at plan oversight meetings with any subsequent actions or conclusions documented in the minutes to these meetings.
  • Reasonableness of fees—The DOL requires plan fiduciaries to determine if the fees charged under covered service provider agreements are reasonable in relation to the services provided. To determine the reasonableness of fees, the plan may (1) hire a consultant, (2) monitor industry trends regarding fees, (3) consult with peer companies, (4) use a benchmarking service, or (5) conduct a request for proposal. Failure to determine the reasonableness of the fees charged can result in a prohibited transaction. When doing such a review, the fiduciaries of the plan should document in the minutes the steps taken and conclusions reached.
  • Overall review of the plan—Plan sponsors have a fiduciary responsibility to review the activity of the plan as well as participant balances. We recommend plan sponsors implement and document monitoring procedures over the activities of the plan and participant balances. This review could be incorporated into documented self-testing procedures, by haphazardly selecting a sample of participants each quarter and reviewing their account activity and participant balances. The results of such self-testing should then be reported at plan oversight meetings with any subsequent actions or conclusions documented in the minutes to these meetings. Reach out to a BerryDunn professional to obtain our participant change review workbook to assist in performing this self-testing.

Retention of salary reduction agreements

During our audits of employee benefit plans, we often note that employee deferrals are not consistently supported by salary reduction agreements or other forms maintained in employees’ personnel files. Many third-party administrators allow participants to make changes to their elective deferral rates directly through the third-party administrators without the involvement of the plan sponsor.

We often recommend that you maintain all changes to employee elective deferral rates in employees’ personnel files using salary reduction agreements. We also recommend that employees’ elections to not participate in the plan be documented in their personnel file. If employees can elect to change their deferral rates directly with the third-party administrator, we typically recommend that management print support from the third-party administrator’s online portal as documentation to support the change in the employee’s deferral rate and retain this support in the employees’ personnel file. However, if the third-party administrator’s online portal provides adequate history of deferral election changes, the plan sponsor may be able to rely on this portal for documentation retention. In these instances, the plan auditor should request a deferral feedback report directly from the third-party administrator.  

Monitoring of inactive accounts

Inactive accounts should be monitored by the plan sponsor for unusual activity or excessive fees that may be posted to these accounts. To the extent that inactive accounts have not exceeded $5,000, consideration should be given to cashing out the accounts if allowed by the plan document. Plan sponsors should, on a periodic basis, review the accounts of inactive participants or those who have been separated from service to ascertain whether the changes and charges to those accounts appear reasonable.

Plan sponsors have many documentation responsibilities. This list is not meant to be all-inclusive. And, the facts and circumstances of each employee benefit plan will change the applicability of these items. However, this list should be used as a tool to help plan sponsors perform a deep dive of their current plan documentation processes. And, hopefully, a result of this deep dive will be a robust documentation process that deliberately documents all major decisions and review functions related to the plan.

Article
Plan documentation: Another key to successful oversight