Skip to Main Content

insightsarticles

User Acceptance Testing: A plan for successful software implementation

05.20.20

Read this if you are planning for, or are in the process of implementing a new software solution.

User Acceptance Testing (UAT) is more than just another step in the implementation of a software solution. It can verify system functionality, increase the opportunity for a successful project, and create additional training opportunities for your team to adapt to the new software quickly. Independent verification through a structured user acceptance plan is essential for a smooth transition from a development environment to a production environment. 

Verification of functionality

The primary purpose of UAT is to verify that a system is ready to go live. Much of UAT is like performing a pre-flight checklist on an aircraft. Wings... check, engines... check, tires... check. A structured approach to UAT can verify that everything is working prior to rolling out a new software system for everyone to use. 

To hold vendors accountable for their contractual obligations, we recommend an agency test each functional and technical requirement identified in the statement of work portion of their contract. 

It is also recommended that the agency verify the functional and technical requirements that the vendor replied positivity to in the RFP for the system you are implementing. 

Easing the transition to a new software

Operational change management (OCM) is a term that describes a methodology for making the switch to a new software solution. Think of implementing a new software solution like learning a new language. For some employees, the legacy software solution is the only way they know how to do their job. Like learning a new language, changing the way business and learning a new software can be a challenging and scary task. The benefits outweigh the anxiety associated with learning a new language. You can communicate with a broader group of people, and maybe even travel the world! This is also true for learning a new software solution; there are new and exciting ways to perform your job.

Throughout all organizations there will be some employees resistant to change. Getting those employees involved in UAT can help. By involving them in testing the new system and providing feedback prior to implementation, they will feel ownership and be less likely to resist the change. In our experience, some of the most resistant employees, once involved in the process, become the biggest champions of the new system.  

Training and testing for better results

On top of the OCM and verification benefits a structured UAT can accomplish, UAT can be a great training opportunity. An agency needs to be able to perform actions of the tested functionality. For example, if an agency is testing a software’s ability to import a document, then a tester needs to be trained on how to do that task. By performing this task, the tester learns how to login to the software, navigate the software, and perform tasks that the end user will be accomplishing in their daily use of the new software. 

Effective UAT and change management

We have observed agencies that have installed software that was either not fully configured or the final product was not what was expected when the project started. The only way to know that software works how you want is to test it using business-driven scenarios. BerryDunn has developed a UAT process, customizable to each client, which includes a UAT tracking tool. This process and related tool helps to ensure that we inspect each item and develop steps to resolve issues when the software doesn’t function as expected. 

We also incorporate change management into all aspects of a project and find that the UAT process is the optimal time to do so. Following established and proven approaches for change management during UAT is another opportunity to optimize implementation of a new software solution. 

By building a structured approach to UAT, you can enjoy additional benefits, as additional training and OCM benefits can make the difference between forming a positive or a negative reaction to the new software. By conducting a structured and thorough UAT, you can help your users gain confidence in the process, and increase adoption of the new software. 

Please contact the team if you have specific questions relating to your specific needs, or to see how we can help your agency validate the new system’s functionality and reduce resistance to the software. We’re here to help.   
 

Related Professionals

Principals

  • Charles Snow
    Chief Operating Officer of Consulting Services
    Government
    T 207.541.2294

BerryDunn experts and consultants

Read this if you use QuickBooks Online.

You should be running reports in QuickBooks Online on a weekly—if not daily—basis. Here’s what you need to know.

You can do a lot of your accounting work in QuickBooks Online by generating reports. You can maintain your customer and vendor profiles. Create and send transactions like invoices and sales receipts, and record payments. Enter and pay bills. Create time records and coordinate projects. Track your mileage and, if you have employees, process payroll.

These activities help you document your daily financial workflow. But if you’re not using QuickBooks Online’s reports, you can’t know how individual elements of your business like sales and purchases are doing. And you don’t know how all of those individual pieces fit together to create a comprehensive picture of how your business is performing. 

QuickBooks Online’s reports are plentiful. They’re customizable. They’re easy to create. And they’re critical to your understanding of your company’s financial state. They answer the small questions, like, How many widgets do I need to order?, and the larger, all-encompassing questions like, Will my business make a profit this year?

Getting the lay of the land

Let’s look at how reports are organized in QuickBooks Online. Click Reports in the toolbar. You’ll see they are divided into three areas that you can access by clicking the labeled tabs. Standard refers to the comprehensive list of reports that QuickBooks Online offers, displayed in related groups. Custom reports are reports that you’ve customized and saved so you can use the same format later. And Management reports are very flexible, specialized reports that can be used by company owners and managers.


A partial view of the list of QuickBooks Online’s Standard reports 

Standard reports

The Standard Reports area is where you’ll do most—if not all—of your reporting work. The list of available reports is divided into 10 categories. You’re most likely to spend most of your time in just a few of them, including:

  • Favorites. You’ll be able to designate reports that you run often as Favorites and access them here, at the top of the list.
  • Who owes you. These are your receivables reports. You’ll come here when you need to know, for example, who is behind on making payments to you, how much individual customers owe you, and what billable charges and time haven’t been billed.
  • Sales and customers. What’s selling and what’s not? What have individual customers been buying? Which customers have accumulated billable time?
  • What you owe. These are your payables reports. They tell you, for example, which bills you haven’t paid, the total amount of your unpaid bills (grouped by days past due), and your balances with individual vendors.
  • Expenses and vendors. What have I purchased (grouped by vendor, product, or class)? What expenses have individual vendors incurred? Do I have any open purchase orders?

The Business Overview contains advanced financial reports that we can run and analyze for you. The same goes for the For my accountant reports. Sales tax, Employees, and Payroll will be important to you if they’re applicable for your company.

Working with individual reports


Each individual report in QuickBooks Online has three related task options.

To open any report, you just click its title. If you want more information before you do that, just hover your cursor over the label. Click the question mark to see a brief description of the report. If you want to make the report a Favorite, click the star so it turns green. And clicking the three vertical dots opens the Customize link. 

When you click the Customize link, a vertical panel slides out from the right, and the actual report is behind it, grayed out. Customization options vary from report to report. Some are quite complex, and others offer fewer options. The Sales by Customer Detail report, for example, provides a number of ways for you to modify the content of your report so it represents exactly the “slice” of data you want. So you can indicate your preferences in areas like:

  • Report period
  • Accounting method (cash or accrual)
  • Rows/columns (you can select which columns should appear and in what order, and group them by Account, Customer, Day, etc.)
  • Filter (choose the data group you want represented from several options, including Transaction Type, Product/Service, Payment Method, and Sales Rep)

Once you’ve run the report, you can click Save customization in the upper right corner and complete the fields in the window that opens. Your modification options will then be available when you click Custom reports, so you can run it again anytime with fresh data.


You can customize QuickBooks Online’s reports in a variety of ways.

We’ll go into more depth about report customization in a future article. For now, we encourage you to explore QuickBooks Online’s reports and their modification options so that you’re familiar with them and can put them to use anytime. Contact our Outsourced Accounting team if you have any questions about the site’s reports, or if you need help making your use of QuickBooks Online more effective and productive.

Article
Getting started with reports in QuickBooks Online

Read this if you are at a state Medicaid agency. 

As the end of the Public Health Emergency becomes more likely, much attention has been paid to the looming coverage cliff as state Medicaid agencies re-determine eligibility for their programs. The impacts can be mitigated in part by planning and taking proactive steps.

In the unsettling initial days of the COVID-19 Public Health Emergency (PHE), the Centers for Medicare and Medicaid Service (CMS) temporarily increased federal matching funds for state Medicaid programs. In exchange, states would suspend redeterminations of enrollees’ eligibility for the duration of the PHE. 

For Medicaid, states were in effect prohibited from disenrolling an individual from Medicaid programs. The result, according to CMS data, is 14.8 million more people were enrolled in Medicaid as of late 2021 than before the pandemic, reaching a total of nearly 79 million Medicaid enrollees.  According to one estimate, the end of the PHE could bring a decline in the number of Medicaid enrollees by as many as 15 million. This number includes an estimated 8.7 million adults and 5.9 million children. 

Local and state government eligibility staff will need to review the submitted documents and determine if these members qualify for continued Medicaid coverage. The potential exists for members to lose coverage, due to factors such as having moved, not realizing their circumstances have otherwise changed, or being unable or unaware to return the required paperwork within appropriate timeframes.

State Medicaid agencies strive to maintain an equitable program while remaining trusted stewards of public funds. With a large base of beneficiaries, this change is expected to impact the community and the healthcare market, with broad implications for public health. Similarly, the federal requirement for continuous health coverage has also helped state Medicaid agencies by easing the strain on organizations during pandemic-related disruptions. 

For these reasons state Medicaid agencies may search for routes to limit the loss of coverage. This can be accomplished through finding policy levers to retain members, establishing routes to alternative forms of insurance, and mitigating the risk of coverage loss for members. 

Mitigating the likelihood of becoming uninsured

State Medicaid agencies can reduce the risk that members lose their coverage and become uninsured through a number of steps. 

  • Designing comprehensive, multi-pronged, and targeted communication strategies. States can help Medicaid members understand the requirements and timelines required to maintain their coverage.
  • Updating systems to automate and reduce administrative burden. Maximizing ex parte renewals through the use of existing data that is stored in integrated systems.
  • Making key decisions early. States can minimize coverage loss by carefully planning the unwinding process and their approach to resuming Medicaid eligibility renewals.
  • Coordinating with other forms of coverage. Confirm or design user-friendly pathways by which a member is transferred or referred to other alternatives like the Marketplace or CHIP.
  • Leveraging their health plans. Particularly when it comes to coordinating outreach and updating member information. Managed care plans are also able to refer members who are losing coverage to other qualified health plans.

Policy levers for retaining members

States may consider reviewing emergency state plan amendments and appendix k amendments completed during the PHE to determine what flexibilities are possible to continue under existing authorities. At the same time, states should consider what other policy options may help retain coverage for existing members- for example:

  • Adopt 12 months continuous eligibility. This can be done for children via a State Plan Amendment (SPA), for adults through an 1115 waiver, and for individuals enrolled in BHP (via BHP Blueprint revision) 
  • Establish 12 months of postpartum coverage. This can be done through several paths, including SPAs 
  • Review operational policy for efficiencies. For example, a State could consider modifying the frequency of periodic data matching 

Next steps

The US Department of Health and Human Service has previously indicated its intention to provide notification to states of the end of the PHE 60 days before its scheduled end. The PHE was renewed in April 2022, and as of this writing will last until mid-July, meaning enrollees could lose Medicaid coverage as soon as August 1. The enhanced FMAP and the Maintenance of Eligibility (MOE) requirements are in place until the end of the quarter in which the PHE ends. In the case of a July 2022 end date to the PHE, the enhanced FMAP would last through September 30, 2022. 

Regardless, Medicaid agencies will need to begin reviewing all enrollees’ eligibility, performing outreach, and designing system updates this summer. In terms of next steps, states should consider the following:

  • Evaluate your program and identify initiatives to prioritize in the coming year. Ask your CMS contact about the latest applicable guidance. 
  • Develop Advanced Planning Documents (APDs) to help fund technology needs for initiatives, along with training your SMA team and providers. 
  • Implement a communications management approach to engage stakeholders, and inform affected Medicaid members.
  • Marshal project management resources and develop a realistic and achievable roadmap to success.  
  • Explore agency contracting vehicles, cooperative contracts, and other procurements tools. 

We’re here to help. If you have more questions or want to have an in-depth conversation about your specific situation, please contact the Medicaid consulting team.

Article
Medicaid coverage gap: Tools and strategies for Medicaid agencies to help retain members

Read this if you use QuickBooks Online.

Are you taking on a worker who’s not an employee? QuickBooks Online includes tools for tracking and paying independent contractors.

The COVID-19 pandemic created millions of self-employed individuals and small businesses. Whether they chose to, or circumstances forced them to, these new entrepreneurs had to learn new ways to get paid and to prepare their income taxes.

If you’re thinking about taking on a contract worker, you, too, will have to educate yourself on the paperwork and processes required to comply with the IRS’ rules for his or her compensation. It’s much easier than hiring a full-time employee, but it still takes some knowledge of how QuickBooks Online handles these individuals.

You’ll also need to make certain that the person you’re hiring is indeed an independent contractor and not an employee. The IRS takes this distinction very seriously. If you’re at all unsure of your new hire’s employment status, we can help you sort it out.

Creating records for contractors

Once new contractors have accepted your offer, you’ll need to have then fill out an IRS Form W-9. You can download a copy here. Employees complete the more detailed Form W-4 so that the employer can withhold income taxes correctly, but you won’t have to withhold taxes for your contract workers. They will be responsible for calculating and paying quarterly estimated taxes and filing an IRS Form 1040 every year. 

You, though, will be responsible for sending them an IRS Form 1099-NEC (Non-Employee Compensation) every January if you paid them more than $600 during the previous year. You do not need to send a 1099-NEC to a corporation or to an LLC that is treated as a C Corp or an S Corp. 

You can complete the Vendor Information window for each independent contractor, checking the box in front of Track payments for 1099.

Using the information the contractors provide, you can create records for them in QuickBooks Online. If you don’t have a QuickBooks Payroll subscription, you can set them up as 1099 vendors. Click the Expenses tab in the toolbar and then on the Vendors tab. Click New vendor in the upper right to open the Vendor Information window. Complete the fields for the worker and be sure to check the box in front of Track payments for 1099, as shown in the partial image above.

The vendor records you create will appear in QuickBooks Online’s Vendors list (again, Expenses | Vendors). Click on one to open it. You can toggle between two tabs here. The first, Transaction List, will eventually display all your financial dealings with that contractor. Vendor Details opens the record you just created, which you can edit from this screen.

Paying contractors

When independent contractors send you invoices, you’ll return to this same screen. There are three ways you can pay them. Click the down arrow next to New Transaction in the upper right corner to see your options (or look down at the end of the row while you’re in list view). You can record the debt as a Bill if you want to pay it later (or if that’s the way you structure your recordkeeping). If you’re paying it right away, you can create an Expense or write a Check

You can choose an option from this vendor action menu to pay your independent contractors.

When you click one of these, QuickBooks Online opens a form with many of the contractors’ details already filled in. You’ll need to complete any additional fields at the top of the screen, and then either record the payment or debt under Category details or Item details, depending on how you do your bookkeeping. Either way, you’ll be able to enter the quantity and rate and/or amount and mark it billable (with a markup percentage, if you’d like) to a customer or project.

You’re probably going to want our help here, since there’s more than one way to pay independent contractors. If you subscribe to QuickBooks Payroll, you can use the service’s contractor features, which include the ability to invite your contractors to fill out their own records in QuickBooks Online. You may also want to add an account to your Chart of Accounts, and we’d want to offer guidance there. And you need to ensure that you’re classifying payments correctly, so they’ll appear in 1099 reports and 1099s themselves.

Creating records for independent contractors and paying these individuals seem like they should be simple operations. But anytime you’re dealing with payroll issues, you’re dealing with peoples’ livelihoods – and the IRS. We strongly encourage you to let us help you get this right. Contact the Outsourced Accounting team, and we’ll make sure you’re handling your worker payments with absolute accuracy.

Article
Hiring an independent contractor? How QuickBooks Online can help

Read this if you invest in research and development. 

Businesses that invest in research and development, particularly those in the technology industry, should be aware of a major change to the tax treatment of research and experimental (R&E) expenses. Under the 2017 Tax Cuts and Jobs Act (TCJA), R&E expenditures incurred or paid for tax years beginning after December 31, 2021, will no longer be immediately deductible for tax purposes. Instead, businesses are now required to capitalize and amortize R&E expenditures over a period of five years for research conducted within the U.S. or 15 years for research conducted in a foreign jurisdiction. The new mandatory capitalization rules also apply to software development costs, regardless of whether the software is developed for sale or license to customers or for internal use.

Tax implications of mandatory capitalization rules

Under the new mandatory capitalization rules, amortization of R&E expenditures begins from the midpoint of the taxable year in which the expenses are paid or incurred, resulting in a negative year one tax and cash flow impact when compared to the previous rules that allowed an immediate deduction.

For example, assume a calendar-year taxpayer incurs $50 million of US R&E expenditures in 2022. Prior to the TCJA amendment, the taxpayer would have immediately deducted all $50 million on its 2022 tax return. Under the new rules, however, the taxpayer will be entitled to deduct amortization expense of $5,000,000 in 2022, calculated by dividing $50 million by five years, and then applying the midpoint convention. The example’s $45 million decrease in year one deductions emphasizes the magnitude of the new rules for companies that invest heavily in technology and/or software development.

The new rules present additional considerations for businesses that invest in R&E, which are discussed below.

Cost/benefit of offshoring R&E activities

As noted above, R&E expenditures incurred for activities performed overseas are subject to an amortization period of 15 years, as opposed to a five-year amortization period for R&E activities carried out in the US. Given the prevalence of outsourcing R&E and software development activities to foreign jurisdictions, taxpayers that currently incur these costs outside the US are likely to experience an even more significant impact from the new rules than their counterparts that conduct R&E activities domestically. Businesses should carefully consider the tax impacts of the longer 15-year recovery period when weighing the cost savings from shifting R&E activities overseas. Further complexities may arise if the entity that is incurring the foreign R&E expenditures is a foreign corporation owned by a US taxpayer, as the new mandatory capitalization rules may also increase the US taxpayer’s Global Intangible Low-taxed Income (GILTI) inclusion.

Identifying and documenting R&E expenditures

Unless repealed or delayed by Congress (see below), the new mandatory amortization rules apply for tax years beginning after December 31, 2021. Taxpayers with R&E activities should begin assessing what actions are necessary to identify qualifying expenditures and to ensure compliance with the new rules. Some taxpayers may be able to leverage from existing financial reporting systems or tracking procedures to identify R&E; for instance, companies may already be identifying certain types of research costs for financial reporting under ASC 730 or calculating qualifying research expenditures for purposes of the research tax credit. Companies that are not currently identifying R&E costs for other purposes may have to undertake a more robust analysis, including performing interviews with operations and financial accounting personnel and developing reasonable allocation methodologies to the extent that a particular expense (e.g., rent) relates to both R&E and non-R&E activities.

Importantly, all taxpayers with R&E expenditures, regardless of industry or size, should gather and retain contemporaneous documentation necessary for the identification and calculation of costs amortized on their tax return. This documentation can play a critical role in sustaining a more favorable tax treatment upon examination by the IRS as well as demonstrating compliance with the tax law during a future M&A due diligence process.

Impact on financial reporting under ASC 740

Taxpayers also need to consider the impact of the mandatory capitalization rules on their tax provisions. In general, the addback of R&E expenditures in situations where the amounts are deducted currently for financial reporting purposes will create a new deferred tax asset. Although the book/tax disparity in the treatment of R&E expenditures is viewed as a temporary difference (the R&E amounts will eventually be deducted for tax purposes), the ancillary effects of the new rules could have other tax impacts, such as on the calculation of GILTI inclusions and Foreign-Derived Intangible Income (FDII) deductions, which ordinarily give rise to permanent differences that increase or decrease a company’s effective tax rate. The U.S. valuation allowance assessment for deferred tax assets could also be impacted due to an increase in taxable income. Further, changes to both GILTI and FDII amounts should be considered in valuation allowance assessments, as such amounts are factors in forecasts of future profitability.

The new mandatory capitalization rules for R&E expenditures and resulting increase in taxable income will likely impact the computation of quarterly estimated tax payments and extension payments owed for the 2022 tax year. Even taxpayers with net operating loss carryforwards should be aware of the tax implications of the new rules, as they may find themselves utilizing more net operating losses (NOLs) than expected in 2022 and future years, or ending up in a taxable position if the deferral of the R&E expenditures is material (or if NOLs are limited under Section 382 or the TCJA). In such instances, companies may find it prudent to examine other tax planning opportunities, such as performing an R&D tax credit study or assessing their eligibility for the FDII deduction, which may help lower their overall tax liability.

Will the new rules be delayed?

The version of the Build Back Better Act that was passed by the US House of Representatives in November 2021 would have delayed the effective date of the TCJA’s mandatory capitalization rules for R&E expenditures until tax years beginning after December 31, 2025. While this specific provision of the House bill enjoyed broad bipartisan support, the BBBA bill did not make it out of the Senate, and recent comments by some members of the Senate have indicated that the BBB bill is unlikely to become law in its latest form. Accordingly, the original effective date contained in the TCJA (i.e., taxable years beginning after December 31, 2021) for the mandatory capitalization of R&E expenditures remains in place.
 
The changes to the tax treatment of R&E expenditures can be complex. While taxpayers and tax practitioners alike remain hopeful that Congress will agree on a bill that allows for uninterrupted immediate deductibility of these expenditures, at least for now, companies must start considering the implications of the new rules as currently enacted. 

Article
Mandatory capitalization of R&E expenses—will the new rules impact your business?

Read this if you are a not-for-profit organization.

With springtime upon us, it may be difficult to start thinking about this upcoming fall, but that is exactly what many folks in the nonprofit sector are starting to do. The reason for this? It’s because 2022 brings with it the mid-term election cycle. While technically an off-year election, many congressional and gubernatorial races are being contested, in addition to a myriad of questions that will appear on ballots across the country. It is around this time of year we start to see many questions from clients in the nonprofit sector in the area of political campaign activities, lobbying (both direct and grassroots), and education/advocacy.

This article will discuss the three major types of activities nonprofit organizations may or may not undertake in this arena and will offer guidance to give organizations the vote of confidence they need to not run afoul of the potential pitfalls when it comes to undertaking these activities.

Political campaign activity

Political campaign activities include participating or intervening in any political campaign on behalf of (or in opposition to) any candidate for elective public office, be it at the federal, state, or local level. Examples of such activities include contributions to political campaigns as well as making public statements in favor of or in opposition to any candidate. The IRS explicitly prohibits section 501(c)(3) organizations from conducting political campaign activities, the consequence of doing so being loss of exempt status. However, other types of exempt organizations (such as 501(c)(4) organizations) are allowed to engage in such activities, so long as those activities are not the organization’s primary activity. Only Section 527 organizations may engage in political campaign activities as their primary purpose. 

Direct lobbying

Direct lobbing activities attempt to influence legislation by directly communicating with legislative members regarding specific legislation. Examples of direct lobbying include contacting members of Congress and asking them to vote for or against a specific piece of legislation.

Grassroots lobbying

Grassroots lobbying, on the other hand, attempts to influence legislation by affecting the opinions of the general public and include a call to action. Examples of grassroots lobbying include requesting members of the general public to contact their representatives to urge them to vote for or against specific legislation.  

A quick way to remember the difference:
Political = think “P” for People – advocating for or against a specific candidate 
Lobbying = think “L” for Legislation – advocating for or against a specific bill

Education/advocacy

Organizations may engage in activities designed to educate or advocate for a particular cause so long as it does not take a specific position. For example, telling members of Congress how grants helped constituents would be considered an educational activity. However, attempting to get a member of Congress to vote for or against specific piece of legislation that would affect grant funding would be considered lobbying. Another example would be educating or informing the general public about a specific piece of legislation. Organizations need to be mindful here as taking a specific position one way or the other would lend itself to the activity being deemed to be lobbying, and not merely education of the general public. There is no limit on how much education/advocacy activity a nonprofit organization may conduct.

Why does this matter?

As you can see, there is a very fine line between lobbying and education, so it is important to understand the differences so that an organization conducting educational activities does not inadvertently end up conducting lobbying activities.

Organizations exempt under Code Section 501(c)(3) can conduct only lobbying activities that are not substantial to its overall activities. A 501(c)(3) organization may risk losing its exempt status and may face excise taxes on the lobbying expenditures if it is deemed to be conducting excess lobbying, whereas section 501(c)(4), (c)(5), and (c)(6) organizations may engage in an unlimited amount of lobbying activity.

What is substantial?

Unfortunately, there is no bright line test for determining what is considered substantial versus insubstantial. As an industry standard, many practitioners have taken a position that insubstantial means five percent or less of total expenditures, but that position is not codified and could be challenged by the IRS. 

Section 501(c)(3) organizations that intend to conduct lobbying activities on a regular basis may want to consider making an election under Code Section 501(h). This election is only applicable to 501(c)(3) organizations and provides a defined amount of lobbying activity an organization may conduct without jeopardizing its exempt status or becoming subject to excise tax. The 501(h) election limit is based on total organization expenditures with a maximum allowance of $1 million for “large organizations” (defined as an organization with total expenditures over $17,000,000). 

While the 501(h) election provides some clarity as to how much lobbying activity can be conducted, it may be prohibitive for some organizations whose total expenditures greatly exceed the $17,000,000 threshold. Another item to be aware of is that the lobbying threshold applies to all members of an affiliated group combined, which means the entire group shares the maximum threshold allowed. 

Another option for those engaging in lobbying is to create a separate entity (such as a 501(c)(4) organization) which conducts all lobbying activities, insulating the 501(c)(3) organization from these activities. As previously mentioned, organizations exempt under Code Section 501(c)(4) can conduct an unlimited amount of lobbying activities but can only conduct limited political campaign activities.

What about political campaign activities?

Section 527 organizations, known as political action committees, are exempt organizations dedicated specifically to conducting political campaign activities. If a 501(c)(4), (c)(5), or (c)(6) organization makes a contribution to a 527 organization, it may be required to file a Form 1120-POL and be subject to tax at the corporate tax rate (currently a flat 21%) based on the lesser of the political campaign expenditures or the organization’s net investment income. State income taxes may also be applicable. Section 501(c)(3) organizations may not make contributions to 527 organizations. 

If your organization is considering participation in any of the above activities, we would recommend you reach out to your not-for-profit tax team for additional information. We’re here to help!

Article
Lobbying and politics and education, oh my!

Read this if you have a cybersecurity program.

This week President Joe Biden warned Americans about intelligence that indicated Russia may be preparing to conduct cyberattacks on our private sector businesses and infrastructure as retaliation for sanctions applied to the Russian government (and the oligarchs) as punishment for the invasion of Ukraine. Though there is no specific threat at this time, President Biden’s warning has been an ongoing message since the invasion began. There is no need to panic, but this is a great time to re-visit your current security controls. Focusing on basic IT controls goes can make a big difference in the event of an attack, as hackers tend to go after the easy, low hanging fruit. 

  1. Access controls
    Review and understand how all access to your networks is obtained by on-site employees, remote employees, and vendors and guests. Make sure that users are maintaining strong passwords and that no user is connecting remotely to any of your systems without some form of multi-factor authentication (MFA). MFA can come in the form of a token (in hand or built-in) or as one of those numerical codes you have delivered to your phone or email. Poor access controls are simply the difference between leaving your house unlocked versus locked when you leave to go somewhere. 
  2. Patching
    One of the most common audit findings we have to date and one of the biggest reasons behind successful attacks is related to unpatched systems. Software patches are issued by software providers to address vulnerabilities in systems that act as an unlocked door to a hacker, and allow hackers to leverage the vulnerability as a way to get into your systems. Ensuring your organization has a robust patch management program in place and that systems are up-to-date on needed patches is critical to your security operations. Think of an unpatched system like a car with a broken window—sure the door is locked, but any thief can reach through the broken window and unlock the car. 
  3. Logging 
    Account activity, network traffic, system changes—these are all things that can be easily logged and with the right tools, configured to alert you to suspicious activity. Logging that is done correctly can alert management to suspicious activity occurring on your network and notifies your security team to investigate the issue. Consider logging and alerting like your home’s security camera. It may alert you to the activity outside, but someone still needs to review the footage and react to it to mitigate the threat.  
  4. Test backups and more
    Making sure that your systems are successful backed up and kept separate from your production systems is a control we are all familiar with. Organizations should do more than just make sure their backups are performed nightly and maintained, but need to make sure that those data backups can be restored back to a useable state on a regular basis. More so than backups, we also often hear in the work we do that our client’s test only parts of their disaster recovery and failover plans—but have never tested a full-scale fail-over to their backup systems to determine if the failover would be successful in the event of an event or disaster. Organizations shouldn’t be scared to do a full-scale failover test, because when the time comes, you may not have the option to do a partial failover and just hope that it occurs successfully. Not testing your backups is like not test driving a car before you buy it. Sure it looks nice in the lot, but does it actually run? 
  5. Incident Management Plan 
    We often review Incident Management Plans as part of the work we do, and often note that the plans are outdated and contain incorrect information. This is an ideal time to make sure your plans are current and reflect changes that may have occurred, like your increasingly remote work force, or that systems have changed. An outdated Incident Management Plan is like being sick and trying to call your doctor for help only to find out your doctor has retired. 
  6. Training—phishing attacks
    Hackers’ most common approach to gain access to systems and deploy crippling ransomware attacks is through phishing campaigns via email. Phishing campaigns trick a user into either providing the hacker with credentials to log into systems or to download malware that could turn into ransomware through what appears to be legitimate business correspondence. Training end-users on what to look for in verifying an email’s authenticity is critical and should be seen as an opportunity that benefits the entire organization. Testing users is also critical so management understands the current risk and what is needed for additional training. Security teams should also have other supporting controls to help prevent phishing emails and detection tools in place in case a user does fall for an email. Not training your employees on security is like not coaching your little league team on how to play baseball and then being surprised you didn’t win the game because no one knew what to do. 

In the current environment, information security is an asset to any organization and needs to be supported so that you can protect your organization from cyberattacks of all kinds. While we can never guarantee that having controls in place will prevent an attack from occurring, they make it a lot more challenging for the hacker. One more analogy, and then I’m done, I promise. Basic IT controls are like speedbumps in a neighborhood. While they keep most people from speeding (and if you hit them too fast they do a number on your car), you can still get over them with enough motivation. 

If you have questions about your cybersecurity controls, or would like more information, please contact our IT security experts. We’re here to help.

Article
Cyberattack preparation: A basics refresher

Read this if you are interested in grant compliance in healthcare. 

This is a companion article to the podcast, Mitigating the compliance and revenue integrity risk of grant funded healthcare programs.

The BerryDunn Healthcare Practice Group boasts professionals who have expertise all across the spectrum of healthcare, including regulatory, revenue, integrity, general compliance, and risk management issues. This article covers the very specific arena of grant compliance affecting many of BerryDunn’s healthcare, not-for-profit, and government clients.

After starting as a newly minted MBA financial analyst with an academic medical center in Northern New England, I (Markes) worked my way into the world of grants and contracts supported by my interest in federal regulations and the non-clinical revenue streams. Fascinated to navigate through waters where it seemed no one was the expert, or really had the time or patience to figure things out, I worked to stand up a grant office in finance on the hospital side, separate from the medical school which was the usual repository for grant funding. We moved this direction because hospital leadership realized grant funding was tipping toward the clinical setting and was less focused on bench or clinical research. Put another way, less NIH and more CDC, HRSA, and CMS.

BerryDunn Senior Manager Regina Alexander advises, “wherever there is complexity, there is compliance risk.” Whether from a federal agency like HHS, HRSA, NIH, or CDC, a state Medicaid program, foundation, or private source, grants always come with requirements, typically very specific requirements. Because the dollars are being ‘given’, those requirements for how the funds are used may be much more restrictive than loans.

Like other areas of regulatory compliance, it is reasonable to assume that grant programs often have compliance gaps that go unnoticed. For many of our clients, both in healthcare and not-for-profit, and in the government space, grant revenue has become a significant source of funding. Any kind of healthcare delivery organization, including academic medical centers, federally qualified health centers, community hospitals, behavioral health service organizations, home health providers, visiting nurse associations, and others can end up with significant portions of their income for the year being sourced by federal grants.

Grant compliance categories

We all can’t be experts in every domain of regulatory compliance, and grant compliance has a lot of breadth. Thankfully, at BerryDunn, we have a team of grant experts who work collaboratively across practice groups. When I was working on setting up the grant office and establishing a proprietary clinical FTE reporting process and system earlier in my career, I would have greatly benefited from the perspectives of other experts at the table.

When we think about grant compliance, four categories are helpful to keep in mind:

  1. Restricted funding
  2. Single audit
  3. Indirect rate
  4. Time and effort

Restricted funding

Firstly, and most universally understood and applied is that grant monies are, pretty much by definition, restricted. Aside from very specific and rare instances of monies being granted to beneficiaries who have no responsibility, all grant funding is awarded with the expectation that the funds will be expended in a specific way. 

Any funder, from the federal government to your local community organization like the Lions Club or the VFW, will likely require individuals and entities awarded a grant must promise to use the funds only for the purpose laid out in the award and proposal. Compliance with grant terms typically includes following the requested reporting requirements of that funder as well. Though this category may sound obvious, it's actually pretty far-reaching, as it usually affects sub-recipients (those entities who are partnered with the direct recipient to accomplish the grant purpose). For example, where the money goes after the initial awardee receives it, or rules about who can do the work, what type of organization, how you choose a vendor, etc.—all sorts of categories.

It should be noted that many of these grant award requirements are not dissimilar from work we already do in the healthcare compliance space to assist our clients in avoiding anti-kickback statutes and Stark risks. This is because grant compliance is grounded in the same basic concepts—no favoritism, no bribes or shady deals, and avoiding fraud, waste, and abuse. Especially if you're spending federal monies, you need to prove that you choose the vendor based on verifiable best practices, and consideration was afforded to organizations owned by women, veterans, and minorities.

Single audit 

The second category, Single Audit, is applicable to all federal funding of $750,000 or more annually. My colleague from BerryDunn’s Not-for-Profit practice group, Katie Balukas, explains: 

"The federal Single Audit Act is a requirement for entities to undergo an independent financial and compliance audit when the entity has expended over $750,000 in federal awards. These audits are conducted following guidance issued through the Governmental Auditing Standards and the United States Office of Management and Budgets' Uniform Guidance. The main focus of the compliance audit is to assess the entity's compliance with the requirements set forth by the federal agency that administered the grant funds. That includes, but is not limited to determining if the funds were utilized for allowable costs and activities and expanded within the proper grant period and that the reporting and performance objectives were met."

It is important to note that adequate, appropriately scaled internal resources are essential for any organization receiving grants and even more so with larger grants. Though the phrase has been overused, it really does “take a village”. Grant management isn't something an organization should do on the side, assigning grant accounting to someone who already has a full-time role, but unfortunately this is common and also unfortunate because under resourcing tends to lead to compliance concerns, as well as just plain old poor funding management. 

Indirect rate

Speaking of funding, the third type of grant compliance is very focused on a component of the grant world that really has a life of its own: The indirect rate. Though there is an accounting definition of ‘indirect’, the way it is defined regarding grant funding is pretty specific, and there is an entire body of work organizations undertake to get a federally approved indirect rate.

There's an awful lot to think about with the indirect rate. On the one hand, you could say it's pretty simple. For example, a lot of foundation funders and even some federal funders will offer you a 5% or 10% indirect rate without any need to make a calculation. That's because they know that if you take time to do the math, you'll come up with a number much higher than 5% or 10%. When it comes to federal grants and healthcare services organizations, the indirect rate is dependent on how an organization measures costs. For hospitals, of course, the method of measurement is driven by the Medicare cost report, and that's where we would do the fancy math to derive the indirect rate. But the reality is far from simple or straightforward. 

Time and effort

The fourth and final area of grant compliance, time and effort, is also the one I'm actually most passionate about and is probably the most minimized, or at the very least, misapplied. 

In one way, “time & effort” is exactly what it sounds like. Much of granted dollars, especially from the federal government, get appropriately spent on program staff. The challenge is to match time and effort to those dollars, but that isn't as clear as it sounds, because the standard way of measuring staff time is usually in a payroll system of some sort, which can't prove how time was spent.

Most payroll systems can be programmed to account for FTE (full-time equivalent) allocations; however, there is often a breakdown between theory and practice. Putting allocations into payroll, usually done without employee interaction, may show how an employee “should” spend their time, but it is really no guarantee that that's actually how they're spending their time.

So how does the organization typically go about assuring that? Now, I don't want to speak for everyone, but let's just say I happen to know that there's a place for two or three (or maybe 10,000) that basically put allocations into payroll, and then, unfortunately, often well after the fact and/or more than once, send that allocation to the employee to sign off on without really any option to disagree, or even to modify. We all know that is not compliant…but in the organization's defense, there really haven't been very good alternatives to that kind of woeful and frustrating process, at least none that have been widely shared or understood.

As often is the case in the compliance world, rules are not followed because there is no perceived risk, but that is not a winning strategy.

Though many people involved in grant management do not have any experience or even knowledge of time and effort violations meeting with any consequences, organization interest and grant compliance have more implications than just preventing front page news. What I find in the conversations with organizations, both large and small, is that loose time and effort management costs the organization in two major ways. 

Firstly, it is inefficient to scramble around at the close of each federal grant to fix time and effort allocations. The extra time spent by grant staff, project coordinators, managers, and the finance team to sort things out because they didn't get them right the first time is the worst kind of inefficient—poor use of time with an equally poor outcome. 

Secondly, loose time and effort is costly in direct salary dollars. Most grant staff are not dedicated to one project, so we need to consider the value of their other work. Whether that is on other grants or, for example, seeing patients in the clinic as many principal investigators in healthcare do, having inaccurate or fluctuating understandings of their ability costs the organization directly in wasted salary dollars or indirectly as the opportunity cost of those providers (or other roles in other organizations). 

Digging in and fixing these issues is the work I really enjoy. It's relatively simple to build a compliant model, whether that requires very little payroll redo and is just a simple recurring attestation process in built in Excel, or more complex integrated models with triggered attestations in PDF format in a database that manages the overall FTE of principal investigators. It might even drive the available clinical provider time. It can all be done. We just need to know what the goal is. 

Working in this space so rewarding, because like so much of compliance, it's about doing something better—not just being compliant—but setting organizations up to better meet their goals and fulfill their mission.

The compliance or accounting professional might still ask, “But why aren’t payroll allocations sufficient for meeting Uniform Guidance?” The truth is, when UG came into effect and superseded the A-110, 122, 133, and others, the bar was effectively lowered. Historically, organizations abiding by the old OMB circulars had to make an attestation at least twice a year, which doesn’t really seem helpful, as who can accurately allocate their time from 5 or 6 months ago? So UG did away with the timeframe reference, relying on the idea that the payroll allocations and distributions would be all that would be needed, and in the absence of those, a monthly ‘look back’ by professional staff would be in order.

I say all this, because as a result, the interpretation of ‘payroll allocations’ then becomes the standard and we have forgotten about the other elements spoken of in the regulation. Remember, for anyone salaried (the vast majority of physicians and most of the higher level grant personnel), the ‘payroll allocation’ doesn’t pass muster. It is a static allocation that has no mooring in actual activity. This is why UG calls for monthly “current and reasonable estimates” of time and effort.

So what can organizations do in response? They need to seek a solution, a process, and a method that will both pass audit muster, as well as help the organization properly manage their resources. Almost every organization manages their productivity and finances on a regular basis: monthly! That’s why the same standard should apply to grant time and effort management. It's much more reasonable to ask you how you spent your effort this month, asking you to make a reasonable estimate of your time allocations to the different efforts you worked on.

So to summarize, the four key areas of grant compliance are (1) grants are restricted funding, (2) single audit requirement for federal funding over $750,000 annually, (3) the indirect rate and related agreement, and (4) time and effort.

Of course, I would be remiss to not point out that undergirding all this is the organization’s approach to policy. Any organization that considers grant funding a regular piece of their annual income needs to have dedicated grant management policies, covering all of the above topics, with particular focus on those arenas that are unique to the world of federal funding, and being mindful to follow or otherwise update for changes in processes and/or regulations.

Final takeaways: 

  • First, what grant focused infrastructure do you have in place? If you are subject to a single audit, there should be dedicated administrative grant staff. And I don’t mean the programmatic people actually working on the grant, but people outside the grant funding—also why you have an indirect rate. 
  • Second, how are you handling time and effort? If the process relies on any long after-the-fact attestations or payroll-generated reporting, it is unlikely to be truly following the spirit…or the letter…of Uniform Guidance. 
  • Third, review your policies regarding grants. You may not actually have policies focused on grant activities, leaving them under ‘general finance’. That isn’t sufficient to cover federal funding requirements. Many have grant policies in place, but are they actually being followed through the lifecycle of your grant programs? 
  • Lastly, the grant world is a whole ball game unto itself. BerryDunn has some great resources internally to offer assistance in all phases of grant management and administration. 
Article
Mitigating risk of grant funded healthcare programs

Read this if you are a plan sponsor of a 401(k) plan.

The trend of US workers leaving their jobs and employers struggling with high levels of employee turnover continues to gain momentum. Another 4.5 million US workers quit their jobs in November alone, according to data from the US Bureau of Labor Statistics. Meanwhile, the number of job openings in the US remains elevated at 10.6 million, as companies across sectors and industries continue to have a hard time recruiting and retaining employees.

How are the issues related to what is now called the “Great Resignation” affecting plan sponsors in particular? The current environment not only makes it hard to build and manage an effective workforce, but plan sponsors also may face problems down the road when departing workers leave their 401(k) balances with their previous employers. These abandoned accounts can lead to penalties, additional administrative fees, and administrative challenges for employers.

How can plan sponsors resolve these issues?

Fortunately, there are some easy ways for plan sponsors to limit the potential burden of abandoned 401(k) accounts. Plan sponsors should start by ensuring that they have up-to-date contact information before an employee’s final day with the organization. Cell phone numbers, email addresses, and mailing addresses are critical data points to gather. Email addresses and other digital contact information are especially important in today’s increasingly digital world.

Existing rules can help employers resolve smaller abandoned accounts. By law, employers are allowed to cash out small, vested accounts of $1,000 or less. For vested account balances between $1,000 and $5,000, employers are permitted to move these assets to an Individual Retirement Account.

Currently, there is no specific guidance for account balances larger than $5,000. Because of this, employers have relied on Field Assistance Bulletin (FAB) 2014-01, which is meant for participants in terminated defined contribution plans. Under this bulletin, plan sponsors are instructed to send a certified letter to the participant’s last known address; keep records on attempts to reach the missing participant; ask co-workers how to find the missing participant; and call the missing participant’s cell phone, among other instructions.

To help mitigate these issues in the future, some employers are adopting auto-portability benefits. These tools automatically transfer small balances to new employers. Plan sponsors that offer auto-portability benefits should explain how this tool works to departing employees.

Plan document language on forfeitures and cash-outs

For participants who leave before they are fully vested in a 401(k) plan, employer contributions are typically placed in forfeiture accounts. Employers can write this section of the plan document in a variety of ways, so it is crucial to understand how your specific plan establishes the timing and use of the forfeiture account.

For example, forfeitures can be paid at the time of termination or when the participant hits a five-year break in service. Employers wanting to access non-vested amounts more quickly should consider amending the plan document to allow access to non-vested amounts at the time of termination (as opposed to the time of distribution).

While plan documents can set cash-out thresholds (within the minimum and maximum allowable amounts), plans may elect the small balance cash-out option for accounts under $5,000. Rollover balances also can be disregarded when determining the $5,000 threshold, but the plan document must include this caveat.

Opportunity in the next plan restatement cycle

Every six years, the Internal Revenue Service requires employers with qualified, pre-approved plans to re-write or restate their basic plan documents. The current restatement cycle for defined contribution plans will close on July 31, 2022. 

The current restatement cycle provides an opportunity to amend your plan to make it beneficial to employers and employees when team members leave your organization. Your advisor can help review your plan documents and make the most of your plan restatement process in the context of current trends in the labor market and your organization’s objectives. As always, if questions arise, please don’t hesitate to contact our Employee Benefits Audit team.

Article
Easing the potential burden of abandoned 401(k) accounts