Skip to Main Content

insightsarticles

User Acceptance Testing: A plan for successful software implementation

05.20.20

Read this if you are planning for, or are in the process of implementing a new software solution.

User Acceptance Testing (UAT) is more than just another step in the implementation of a software solution. It can verify system functionality, increase the opportunity for a successful project, and create additional training opportunities for your team to adapt to the new software quickly. Independent verification through a structured user acceptance plan is essential for a smooth transition from a development environment to a production environment. 

Verification of functionality

The primary purpose of UAT is to verify that a system is ready to go live. Much of UAT is like performing a pre-flight checklist on an aircraft. Wings... check, engines... check, tires... check. A structured approach to UAT can verify that everything is working prior to rolling out a new software system for everyone to use. 

To hold vendors accountable for their contractual obligations, we recommend an agency test each functional and technical requirement identified in the statement of work portion of their contract. 

It is also recommended that the agency verify the functional and technical requirements that the vendor replied positivity to in the RFP for the system you are implementing. 

Easing the transition to a new software

Operational change management (OCM) is a term that describes a methodology for making the switch to a new software solution. Think of implementing a new software solution like learning a new language. For some employees, the legacy software solution is the only way they know how to do their job. Like learning a new language, changing the way business and learning a new software can be a challenging and scary task. The benefits outweigh the anxiety associated with learning a new language. You can communicate with a broader group of people, and maybe even travel the world! This is also true for learning a new software solution; there are new and exciting ways to perform your job.

Throughout all organizations there will be some employees resistant to change. Getting those employees involved in UAT can help. By involving them in testing the new system and providing feedback prior to implementation, they will feel ownership and be less likely to resist the change. In our experience, some of the most resistant employees, once involved in the process, become the biggest champions of the new system.  

Training and testing for better results

On top of the OCM and verification benefits a structured UAT can accomplish, UAT can be a great training opportunity. An agency needs to be able to perform actions of the tested functionality. For example, if an agency is testing a software’s ability to import a document, then a tester needs to be trained on how to do that task. By performing this task, the tester learns how to login to the software, navigate the software, and perform tasks that the end user will be accomplishing in their daily use of the new software. 

Effective UAT and change management

We have observed agencies that have installed software that was either not fully configured or the final product was not what was expected when the project started. The only way to know that software works how you want is to test it using business-driven scenarios. BerryDunn has developed a UAT process, customizable to each client, which includes a UAT tracking tool. This process and related tool helps to ensure that we inspect each item and develop steps to resolve issues when the software doesn’t function as expected. 

We also incorporate change management into all aspects of a project and find that the UAT process is the optimal time to do so. Following established and proven approaches for change management during UAT is another opportunity to optimize implementation of a new software solution. 

By building a structured approach to UAT, you can enjoy additional benefits, as additional training and OCM benefits can make the difference between forming a positive or a negative reaction to the new software. By conducting a structured and thorough UAT, you can help your users gain confidence in the process, and increase adoption of the new software. 

Please contact the team if you have specific questions relating to your specific needs, or to see how we can help your agency validate the new system’s functionality and reduce resistance to the software. We’re here to help.   
 

Related Professionals

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

Click on the title to listen to the companion podcast to this article, Medicaid Enterprise Systems certification: Outcomes and APD considerations

Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline MES certification. During this time, we have been fortunate enough to be a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. The content we are covering is based on our experience supporting states with efforts related to CMS certification. We do not speak for CMS, nor do we have the authority to do so.

How does the focus on outcomes impact the way states think about funding for their Medicaid Enterprise Systems (MESs)?

Outcomes are becoming an integral part of states’ MES modernization efforts. We can see this on display in recent preliminary CMS guidance. CMS has advised states to begin incorporating outcome statements and metrics into APDs, Requests for Proposals (RFPs), and supporting vendor contracts. 

Outcomes and metrics allow states and federal partners to have more informed discussions about the business needs that states hope to achieve with their Medicaid IT systems. APDs will likely take on a renewed importance as states incorporate outcomes and metrics to demonstrate the benefits of their Medicaid IT systems.

What does this renewed importance mean for states as they prepare their APD submissions?

As we’ve seen with initial OBC pilots, enhanced operations funding depends upon the system’s ability to satisfy certification outcomes and Key Performance Indicators (KPIs). 

Notably, states should also prepare to incorporate outcomes into all APD submissions—including updates to previously approved active APDs that did not identify outcomes in the most recent submission. 
 
This will likely apply to all stages of a project’s lifecycle—from system planning and procurement through operations. Before seeking funding for new IT systems, states should be able to effectively explain how the project would lead to tangible benefits and outcomes for the Medicaid program.

How do outcome statements align with and complement what we are seeing with outcomes-based or streamlined modular certification efforts?

Outcomes are making their way into funding and contracting vehicles and this really captures the scaling we discussed in our last conversation. States need to start thinking about reprocurement and modernization projects in terms of business goals, organizational development, and business process improvement and redesign. What will a state get out of the new technology that they do not get today? States need to focus more on the business needs and less on the technical requirements.

Interestingly, what we are starting to see is the idea that the certification outcomes are not going to be sufficient to warrant enhanced funding matches from CMS. Practically, this means states should begin thinking critically about want they want out of their Medicaid IT procurements as they look to charter those efforts. 

We have even started to see CMS return funding and contracting vehicles to states with guidance that the outcomes aren’t really sufficiently conveying what tangible benefit the state hopes to achieve. Part of this challenge is understanding what an outcome actually is. States are used to describing those technical requirements, but those are really system outputs, not program outcomes.

What exactly is an outcome and what should states know when developing meaningful outcomes?

As states begin developing outcomes for their Medicaid IT projects, it will be important to distinguish between outcomes and outputs for the Medicaid program. If you think about programs, broadly speaking, they aim to achieve a desired outcome by taking inputs and resources, performing activities, and generating outputs.

As a practical example, we can think about the benefits associated with health and exercise programs. If a person wants to improve their overall health and wellbeing, they could enroll in a health and exercise program. By doing so, this person would likely need to acquire new resources, like healthy foods and exercise equipment. To put those resources to good use, this person would need to engage in physical exercise and other activities. These resources and activities will likely, over time, lead to improved outputs in that person’s heart rate, body weight, mood, sleeping patterns, etc.
 
In this example, the desired outcome is to improve the person’s overall health and wellbeing. This person could monitor their progress by measuring their heart rates over time, the amount of sleep they receive each night, or fluctuations in their body weight—among others. These outputs and metrics all support the desired outcome; however, none of the outputs alone improves this person’s health and wellbeing.

States should think of outcomes as the big-picture benefits they hope to achieve for the Medicaid program. Sample outcomes could include improved eligibility determination accuracy, increased data accessibility for beneficiaries, and timely management of fraud, waste, and abuse.
 
By contrast, outputs should be thought of as the immediate, direct result of the Medicaid program’s activities. One example of an output might be the amount of time required to enroll providers after their initial application. To develop meaningful outcomes for their Medicaid program, states will need to identify big-picture benefits, rather than immediate results. With this is mind, states can develop outcomes to demonstrate the value of their Medicaid IT systems and identify outputs that help achieve their desired outcomes.

What are some opportunities states have in developing outcomes for their MES modernizations?

The opportunities really begin with business process improvement. States can begin by taking a critical look at their current state business processes and understanding where their challenges are. Payment and enrollment error rates or program integrity-related challenges may be obvious starting points; however, drilling down further into the day-to-day can give an even more informed understanding of your business needs. Do your staff end users have manual and/or duplicative processes or even process workarounds (e.g., entering the same data multiple times, entering data into one system that already exists in another, using spreadsheets to track information because the MES can’t accommodate a new program, etc.)? Is there a high level of redundancy? Some of those types of questions start to get at the heart of meaningful improvement.

Additionally, states need to be aware of the people side of change. The shift toward an outcomes-based environment is likely going to place greater emphasis on organizational change management and development. In that way, states can look at how they prepare their workforce to optimize these new technologies.

The certification landscape is seemingly changing weekly as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team

Article
Outcomes and APD considerations

Read this if you are an employee benefit plan fiduciary.

This article is the second in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with Employee Retirement Income Security Act (ERISA) requirements. In our last article, we looked into the background of ERISA, which established important standards for the sound operation of employee benefit plans, as well as who is and isn’t a plan fiduciary, and what their responsibilities are. 

One important ERISA provision, found in Section 406(a), covers the types of transactions a plan fiduciary can and can’t engage in. ERISA terms the latter prohibited transactions, and they’re a lot like traffic lights—when it comes to avoiding conflicts of interest in business dealings, they’re your guide for when to stop and when to go. By knowing and abiding by these rules of the road, plan fiduciaries can steer clear of tickets, fines, and other damaging mishaps. 

Parties-in-interest—keep them out of the passenger seat 

Much like driver’s ed., fiduciary responsibility boils down to knowing the rules—plan fiduciaries need to have a strong working knowledge of what constitutes a prohibited transaction in order to ensure their compliance with ERISA. The full criteria are too detailed for this article, but one sure sign is the presence of a party-in-interest.

ERISA’s definition of a party-in-interest

The definition includes any plan fiduciary, the plan sponsor, its affiliates, employees, and paid and unpaid plan service providers, and 50%-or-more owners of stock in the plan sponsor. If you’d like to take a deeper dive into ERISA’s definition of parties-in-interest, see “ERISA's definition of parties-in-interest" at right.

Prohibited transactions—red lights on fiduciary road 

Now that we know who fiduciaries shouldn’t transact with, let’s look at what they shouldn’t transact on. ERISA’s definition of a prohibited transaction includes: 

  • Sale, exchange, and lease of property 
  • Lending money and extending credit 
  • Furnishing goods, services, and facilities 
  • Transferring plan assets 
  • Acquiring certain securities and real property using plan assets to benefit the plan fiduciary 
  • Transacting on behalf of any party whose interests are adverse to the plan’s or its participants’ 

Transacting in any of the above is akin to running a red light—serious penalties are unlikely, but there are other consequences you want to avoid. Offenders are subject to a 15% IRS-imposed excise tax that applies for as long as the prohibited transaction remains uncorrected. That tax applies regardless of the transaction’s intent and even if found to have benefited the plan. 

The IRS provides a 14-day period for plan fiduciaries to correct prohibited transactions and avoid associated penalties. 

Much like owning a car, regular preventative maintenance can help you avoid the need for costly repairs. Plan fiduciaries should periodically refresh their understanding of ERISA requirements and re-evaluate their current and future business activities on an ongoing basis. Need help navigating the fiduciary road? Reach out to the BerryDunn employee benefit consulting team today. 
 

Article
Prohibited transactions: Rules of the road for benefit plan fiduciaries

Read this if you are a New Hampshire resident, or a business owner or manager with telecommuting employees (due to the COVID-19 pandemic).

In late January, the Supreme Court asked the Biden Administration for its views on a not-so-friendly neighborly dispute between the State of New Hampshire and the Commonwealth of Massachusetts. New Hampshire is famous amongst its neighboring states for its lack of sales tax and personal income tax. Because of the tax rules and other alluring features, thousands of employees commute daily from New Hampshire to Massachusetts. Overnight, like so many of us, those commuters were working at home and not crossing state boundaries.

As a result of the pandemic and stay-at-home orders, Massachusetts issued temporary and early guidance, directing employers to maintain the status quo. Keep withholding on your employees in the same manner that you were, even though they may not be physically coming into the state. New Hampshire was against this directive from day one, but the nail in the coffin was an extension of the guidance in October. Within days, New Hampshire filed suit in the Supreme Court.

New Hampshire’s position

In its brief, New Hampshire asserts that the Massachusetts regulations are unconstitutional—in violation of the both the Commerce and Due Process Clauses of the U.S. Constitution. Each clause has historically prohibited a state from taxing outside its borders and limits tax on non-residents. For Massachusetts employers to continue withholding on New Hampshire resident’s wage earnings, New Hampshire argues, Massachusetts is imposing a tax within New Hampshire, contrary to the Constitution. 

What makes the New Hampshire situation unique is that it does not impose an income tax on individuals, a “defining feature of its sovereignty”, the state argues. New Hampshire would say that its tax regime creates a competitive advantage in attracting new business and residents. Maine residents, subject to the same Massachusetts rules, would receive a corresponding tax credit on their Maine tax return, making them close to whole between the two states. Because there is no New Hampshire individual income tax, their residents are out of pocket for a tax that they wouldn’t be subject to, but for these regulations. 

Massachusetts’ position

Massachusetts' intention behind the temporary regulations was to maintain pre-pandemic status quo to avoid uncertainty for employees and additional compliance burden on employers. This would ensure employers would not be responsible for determining when an employee was working, for example, at their Lake Winnipesaukee camp for a few weeks, or their relative’s home in Rhode Island. 

Additionally, states like New York and Connecticut have long had “convenience of the employer” laws on the books which imposed New York tax on telecommuting non-residents. Additionally, Massachusetts provided that a parallel treatment will be given to resident employees with income tax liabilities in other states who have adopted similar sourcing rules, i.e., a Massachusetts resident working for a Maine employer.

Other voices

The U.S. Supreme Court has requested a brief from the Biden administration with no deadline given. It’s assumed, however, to be received in time for the court to makes its decision before the end of term in June. Since the original filing, the States of New Jersey, Connecticut, Hawaii, Iowa, and others have filed briefs, imploring the Court to hear the case due to similar circumstances in their states and the wide ranging precedent Massachusetts and others may be effectuating. Additionally, Pennsylvania and others have released their own status quo guidance, following Massachusetts.

What now?

Right now, it’s wait and see what the Supreme Court decides. For Massachusetts employers specifically, you should review current withholdings and ensure compliance with the temporary regulations. The regulations for non-resident wages and withholding are in effect until 90 days after the state of emergency has lifted. Given that that date keeps moving further away, the rules may still be in effect when the Supreme Court delivers their decision in June. For all employers, it’s important that you review the rules in each state of operation and confirm that the proper withholding is made. 

Unwinding from the pandemic is going to be a long road, regardless of what decision the Supreme Court makes. If New Hampshire prevails, it’ll be a long compliance burden for both employers and employees to unwind the withholding and receive refunds. If Massachusetts wins, employers that weren’t following the regulations will have a costly tax exposure to correct.  

If you have questions about your specific situation, please contact us. We’re here to help.

Article
New Hampshire v. Massachusetts: Sovereignty or status quo?

Read this if you’re considering (or in the middle of) an initiative that involves multiple Health and Human Services (HHS) programs or agencies.

During times of tight program budgets and rising need, the chance to collaborate with sister HHS agencies often presents a unique opportunity to do more with less. However, as you might find, these initiatives have their own challenges ranging from the minor (e.g., different program vocabulary) to major considerations (e.g., state and federal funding streams).

While interagency initiatives are worthwhile—usually aiming to reduce silos between HHS programs and better support citizens and staff—they can quickly grow complicated. Whether you’re just starting to think about your next interagency initiative or you’re halfway through, asking the right questions is half the battle. Answering those questions, of course, is the other—and more time-consuming—half!

In our team’s work with states on interagency initiatives, we have found it helpful to focus planning on the following four areas to minimize implementation timelines and maximize stakeholder support:

  • Policy: The sources, both internal and external, that govern who is covered by programs, what services are covered, how services are reimbursed, and how the program is administered
  • Funding: How a program is financed, including cost allocation methodologies, limitations on use of funds, and reporting mechanisms
  • Systems: The technical infrastructure that supports program operations
  • Operations: The staff and physical facilities that make every program possible, including staff resources such as training

Here are some questions you can ask to make the best use of available time, funding, and interagency relationships:

  • What is the goal? Do other departments or units have an aligning goal? Who do you know at those departments or units who could direct you to the best point of contact, the status of the other department or unit’s goal, and the current environment for change? Perhaps you can create a cross-unit team with the other unit(s), resulting in more resources to go around and stronger cross-unit relationships. If the other unit either isn’t ready or has already implemented its change, learning about the unit’s barriers or lessons learned will inform your efforts.
  • What does your governance model look like? Do you have one decision-maker or a consensus-builder leading a team? How does your governance model incorporate the right people from across all agencies so they have a voice? If the process is collaborative, can an oversight entity play a role in resolving disagreements or bottlenecks? Without a governance model, your team might be composed of subject matter experts (SMEs) who feel they do not have authority to make decisions, and the project could stall. On the other hand, if you only have leadership positions on the team without SME representation, the project plan might miss critical factors. Having the right people at the table—with defined lines of expertise, authority, and accountability—increases your chances of success.
  • Which federal partners are involved, who are the points of contact, and how open are they to this change? In addition to providing necessary approvals that could lead to funding, federal partners might offer lessons learned from other states, flexibilities for consideration, or even a pilot project to explore an initiative with you and your state partners. 
  • How will this initiative be funded? If more than one funding stream is available—for example, federal financial participation, grant dollars, state dollars—can (and should) all funding streams be utilized? What requirements, such as permissible use of funds and reporting, do you need to meet? Are these requirements truly required, or just how things have always been done? Some federal matches are higher than others, and some federal dollars can be combined while others must remain separate/mutually exclusive to be reimbursed. One approach for using multiple sources of funding is “braiding”—separate strands that, together, form a stronger strand—versus “blending,” which combines all sources into one pot of funding.
  • What systems are involved? After securing funding, system changes can be the largest barrier to a timely and effective interagency initiative. Many state agencies are already undertaking major system changes—and/or data quality and governance initiatives—which can be an advantage or disadvantage. To turn this into an advantage, consider how to proactively sync your initiative with the system or data initiative’s timing and scope.
     
    • When and how will you engage technical staff—state, vendor, or both—in the discussion?
    • Do these systems already exchange data? Are they modernized or legacy systems? 
    • Do you need to consult legal counsel regarding permissible data-sharing? 
    • Do your program(s)/agencies have a common data governance structure, or will that need to be built? 
    • What is the level of effort for system changes? Would your initiative conflict with other technical changes in the queue, and if so, how do you weigh priority with impacts to time and budget?
  • What policies and procedures will be impacted, both public-facing and internally? Are there differences in terminology that need to be resolved so everyone is speaking the same language? For example, the word “case” can mean something different for Medicaid business staff, child welfare staff, and technical staff.
  • Will this initiative result in fewer staff as roles are streamlined, or more staff if adding a new function or additional complexity? How will this be communicated and approved if necessary? While it’s critical to form a governance model and bring the right people to the table, it’s also imperative to consider long-term stakeholder structure, with an eye toward hiring new positions if needed and managing potential resistance in existing staff. For the project to have lasting impact, the project team must transition to a trained operations team and an ongoing governance model.

Ultimately, this checklist of considerations—goal-setting, decision-making, accountability, federal support, funding, systems, policies and procedures, and staffing—creates a blueprint for working across programs and funding streams to improve services, streamline processes, and better coordinate care.

For more information about interagency coordination, stay with us as we post more lessons learned on the following topics in the coming months: interagency policy, interagency funding, interagency systems, and interagency operations.
 

Article
Coordinating initiatives across state HHS: Questions to ask

Read this if you are a State Medicaid Director, State Medicaid Chief Information Officer, State Medicaid Project Manager, or State Procurement Officer—or if you work on a State Medicaid Enterprise System (MES) certification or modernization efforts.

This article is based on the Outcomes-Based Certification scalability and project outcomes podcast:


Over the last two years, the Centers for Medicare and Medicaid Services (CMS) has undertaken an effort to streamline MES certification. During this time, we have been fortunate enough to be a trusted partner in several states working to evolve the certification process. Through this collaboration with CMS and state partners, we have been in front of recent certification trends. The content we are covering is based on our experience supporting states with efforts related to CMS certification. We do not speak for CMS, nor do we have the authority to do so.

How might Outcomes-Based Certification (OBC) be applied to more complex areas of the Medicaid enterprise?

The question of scaling—that is, to apply the OBC process to more complex components while maintaining or increasing its level of efficiency—is an important next step in certification. OBC has been (or is being) scaled across the technical components of the MES in two primary ways. First, OBC has already successfully been scaled horizontally across similar but discrete components of the MES such as electronic visit verification (EVV), provider management, or pharmacy. The second, perhaps more interesting way we are seeing OBC scale is vertically. OBC—or what is now being referred to as Streamlined Modular Certification (SMC)—is now being scaled up and into larger and more complex components like financial management and claims processing. Beyond that, however, we are now seeing outcomes-based concepts scale a third way—across the Medicaid business.

How does the certification of one module impact the rest of the MES?

We are seeing CMS and states work through this question every day. What we know for sure is that each state is likely going to draw its own set of boxes around its business modules and service components based on its Medicaid business. Because modularity is only defined at a macro level, states have the freedom to work with their vendors to define the parameters of their modules. As a result, we have seen CMS work with states to define those boxes and in doing so, we are really seeing a three-layered approach.

The first layer represents the primary module a state is certifying. A primary module is that module that is responsible for all or most of a business process such as paying a claim. It is safe to assume that the most detailed evidence will come from the primary module. The second layer represents the module—or modules—that might not have responsibility for a business process, but provide functionality integral to that business process being performed successfully. Finally, the third layer represents the module—or modules—that feed data into the business process, but do little else when it comes to performing that business process. For the second and third layer, a state can likely expect to provide evidence that supports the successful transmission of data at a minimum. This is where we are seeing CMS and states work together to define that scope.

What is the role of business process improvement, organization development, and organizational change management in MES modernizations?

This is really the cornerstone of this fundamental shift in certification we have seen over the last 12-18 months. During the 2020 virtual Medicaid Enterprise Systems Conference (MESC), we saw that CMS appears to be signaling it is no longer going to readily accept modernization efforts that do not reflect tangible improvements to the Medicaid business. Think about it this way: a state will likely not be able to go to CMS to request enhanced funding simply because it can no longer renew its existing contract vehicles or it is trying to procure new technology that fails to represent a marked improvement over its legacy system. 

As a result, states need to start thinking about reprocurement and modernization projects in terms of organizational development and business process improvement and redesign. What will a state get out of the new technology that they do not get today? That’s the question that needs to be answered. States should begin to focus more on business needs and less on technical requirements. States are used to building a custom, monolithic enterprise, often referred to as a Medicaid Management Information System (MMIS). Today, vendors are bringing commercial-off-the-shelf (COTS) products that allow states to perform business processes more efficiently. In turn, states need to move away from attempting to prescribe how a system should perform and focus on what the system should do. That means less prescriptive requirements and more business-oriented thinking.

Additionally, the concept of outcomes management will become integral to a state’s Advance Planning Document (APD) requests, Request for Proposals (RFP) development, and certification. We are seeing that CMS is beginning to look for outcomes in procurement documents, which is leading states to look critically at what they want to achieve as they seek to charter new projects. One way that a state can effectively incorporate outcomes management into its project development is to identify an outcome owner responsible for achieving those outcomes.

The certification landscape is seemingly changing weekly, as states wait eagerly for CMS’ next guidance issuances. Please continue to check back for in-depth analyses and OBC success stories. Additionally, if you are considering an OBC effort and have questions, please contact our Medicaid Consulting team

Article
Scaling project outcomes

Read this if you are a division of motor vehicles, or interested in mDLs.

What is a mobile driver’s license?

A mobile driver’s license (mDL) is a solution that allows citizens to access, update, and use their driver’s license via a smart phone or other internet-accessible device (e.g., laptop, tablet, smart watch). An mDL is a form of electronic identification (eID), but where eIDs include other forms of licensure like hunting/fishing/gaming licenses or military IDs, mDLs are used to designate driving privileges and, in some cases, to designate age-based/identity privileges for citizens who cannot drive (e.g., buying alcohol, TSA PreCheck®).

Why should you care?

Technology has replaced physical product functionality within various areas of modern life. Many people have transitioned to electronic credit/debit card payments (e.g., Apple Pay), making paying for everyday items faster, easier, and cleaner, while also introducing risks to consumer data security. Similar functionality will soon exist within the eID space, starting with mDLs. This provides challenges for departments of motor vehicles (DMVs), businesses, and consumers; however, the benefits of adopting mDL functionality outweigh the growing pains of establishing the programs.

How does it work and when will it be implemented?

The mDL will function similarly to electronic credit cards and mobile payment applications: an mDL user loads their mDL to their mobile device using a mobile application and can use it to verify their age and driving credentials at mDL-reading establishments and with law enforcement. Relevant establishments will require both hardware and software solutions to read mDLs. 

mDLs aren’t intended to replace physical licenses—at least not yet. While state and county pilot programs resolve some of the challenges associated with mDLs, physical IDs will remain required for years to come. 

Additionally, the American Association of Motor Vehicle Administrators (AAMVA) created two groups—a Card Design Standard Committee and Electronic Identification Working Group—to develop interoperable standards to assist license issuing authorities (e.g., DMVs) in developing their mDL programs. These standards will ensure that mDLs work using different hardware, software, vendor applications, and within different jurisdictions. 

Benefits and challenges

Benefits

mDLs provide numerous benefits to citizens and DMVs alike, including information security, user convenience, and administrative convenience.

Information security

  • mDLs are harder to fake than physical driver’s licenses due to the mDL’s connection to back-end license data within the DMV system. 

  • mDLs allow users the option to communicate specific data to the receiving party without sharing all of the user’s license information (e.g., confirming the user is over age 21 without sharing their specific age or street address). 

User convenience

  • Users will be able to update their credentials fully online and see in-real-time updates.
  • mDLs will possess single sign-on verification and use for users via a biometric lock or PIN, making them quick to access and easy to use.

Administrative convenience

  • The decline in DMV wait times due to online-update functionality will save DMVs money in administrative costs.

Challenges

As with all technological advancement, there are several challenges around the development of mDLs. The primary challenge is ensuring the protection of user data while also rolling out the complex—and often costly—infrastructure needed to support mDL use across a region. 

Information security 

  • Issuing agencies can choose whether some, none, or all mDL user data is stored on the user’s device and must ensure all data stored this way is done so securely.

  • mDLs must ensure hands-free exchange of information with law enforcement to protect user data when presenting identification.

  • Technological errors are bound to occur: if an mDL-reading establishment is not able to read a citizen's mDL for any reason, a citizen will require a physical license to complete the transaction.

Program rollout

  • States and mDL vendors will need to support interoperable mDL standards to ensure that an mDL works with different vendor software and across jurisdictions.

  • Establishments and law enforcement will need the necessary mDL-reading hardware (smart phone, smart watch, tablet, laptop, point-of-sale terminal) and software (QR code readers, Bluetooth functionality, Wi-Fi Aware, Nearfield Communication, etc.) to read mDLs.

  • mDLs must be able to function in both offline and online scenarios to ensure the security of consumer data and proper functionality.

The future

mDLs are just the beginning of the opportunities eID technology will bring. Once established by DMVs, eID technology can and will be used to find and buy insurance services, check medical prescriptions, apply for social/welfare benefits, open hunting/fishing/gaming accounts and display appropriate credentials, and access pension information. 

The versatility that eID technology provides will streamline American citizens’ identification arsenal, and the advancing mDL technology puts us on the path to get there. The question is not will mDLs become widespread, but when.
 

Article
Introduction to mobile driver's licenses (mDLs): What are they and why are they important?

Read this if your organization, business, or institution is receiving financial assistance as a direct result of the COVID-19 pandemic.

For companies and organizations that received federal funding to assist them during the COVID-19 pandemic, there have been some updates on Uniform Guidance. Here is a brief summary of those updates, audit threshold, federal funds subject to that threshold, and other pertinent information regarding the guidance.

Audit threshold

Non-federal entities that expend federal funds of $750,000 or more are required to have an audit in accordance with Subpart F of Title 2, U.S. Code of Federal Regulations, Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance).

Funds subject to threshold

  • 93.498 Provider Relief Fund
  • 21.019 Coronavirus Relief Fund
  • 84.425 Higher Education Stabilization Fund
  • 32.006 COVID-19 Telehealth Program
  • 84.184C CARES Act Project SERV
  • 93.461 COVID-19 Testing for the Uninsured
  • 93.527 Grants for New and Expanded Services under Health Center Program
  • 93.665 Emergency Grants to Address Mental and Substance Use Disorders During COVID-19
  • 93.967 COVID-19 Testing for Rural Health Clinics

Funds exempt from threshold

  • 59.073 (Small Business Administration) Payroll Protection Loan Program
  • 59.072 Economic Injury Disaster Loan Emergency Advance

Audit options

  • Single Audit in accordance with Uniform Guidance
  • Program-specific audit (only applicable if the non-federal entity expends Federal awards under one single CFDA)

Reporting timetables

  • Automatic three-month audit submission extension for Single Audits of 2020 year-ends through September 30, 2020 (only if recipient received some form of COVID-19 funding subject to Uniform Guidance)
    • Example, a June 30, 2020 year-end’s initial date is March 31, 2021, however this was extended to June 30, 2021

Compliance supplement addendum takeaways

  • Released December 22, 2020
  • Provides guidance on auditing above CFDAs
  • For organizations with year-ends prior to December 31, 2020, above funding will be reported in the Schedule of Expenditures of Federal Awards (SEFA) for fiscal years ending in 2021

For-profit considerations

  • Department of Health and Human Services (HHS) has determined for-profit commercial organizations (which envelopes hospitals, senior living facilities, and other health facilities) are required to includes PRF payments in determining the $750,000 threshold
  • Currently, HHS guidance makes reference to organizations “receiving” not “expending” PRF, which is not in line with current Uniform Guidance definitions – AICPA has reached out for clarification
  • There is a third option under HHS guidance for organizations to have a financial audit performed in accordance with U.S. generally accepted auditing standards and U.S. generally accepted governmental auditing standards. However, there is uncertainty as to the specifics of this option and if this option would receive reporting extensions discussed above – AICPA has reached out for clarification

If you have questions about accounting for, or reporting on, funds that you have received as a result of the COVID-19 pandemic, please contact a member of our Single Audit Team. We’re here to help.

Article
Uniform Guidance—where we are today

This article is the first in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with ERISA requirements.

On Labor Day, 1974, President Gerald Ford signed the Employee Retirement Income Security Act, commonly known as ERISA, into law. Prior to ERISA, employee pensions had scant protections under the law, a problem made clear when the Studebaker automobile company closed its South Bend, Indiana production plant in 1963. Upon the plant’s closing, some 4,000 employees—whose average age was 52 and average length of service with the company was 23 years—received approximately 15 cents for each dollar of benefit they were owed. Nearly 3,000 additional employees, all of whom had less than 10 years of service with the company, received nothing.

A decade later, ERISA established statutory requirements to preserve and protect the rights of employees to their pensions upon retirement. Among other things, ERISA defines what a plan fiduciary is and sets standards for their conduct.

Who is—and who isn’t—a plan fiduciary?
ERISA defines a fiduciary as a person who:

  1. Exercises discretionary authority or control over the management of an employee benefit plan or the disposition of its assets,
  2. Gives investment advice about plan funds or property for a fee or compensation or has the authority to do so,
  3. Has discretionary authority or responsibility in plan administration, or
  4. Is designated by a named fiduciary to carry out fiduciary responsibility. (ERISA requires the naming of one or more fiduciaries to be responsible for managing the plan's administration, usually a plan administrator or administrative committee, though the plan administrator may engage others to perform some administrative duties).

If you’re still unsure about exactly who is and isn’t a plan fiduciary, don’t worry, you’re not alone. Disagreements over whether or not a person acting in a certain capacity and in a specific situation is a fiduciary have sometimes required legal proceedings to resolve them. Here are some real-world examples.

Employers who maintain employee benefit plans are typically considered fiduciaries by virtue of being named fiduciaries or by acting as a functional fiduciary. Accordingly, employer decisions on how to execute the intent of the plan are subject to ERISA’s fiduciary standards.

Similarly, based on case law, lawyers and consultants who effectually manage an employee benefit plan are also generally considered fiduciaries.

A person or company that performs purely administrative duties within the framework, rules, and procedures established by others is not a fiduciary. Examples of such duties include collecting contributions, maintaining participants' service and employment records, calculating benefits, processing claims, and preparing government reports and employee communications.

What are a fiduciary’s responsibilities?
ERISA requires fiduciaries to discharge their duties solely in the interest of plan participants and beneficiaries, and for the exclusive purpose of providing benefits for them and defraying reasonable plan administrative expenses. Specifically, fiduciaries must perform their duties as follows:

  1. With the care, skill, prudence, and diligence of a prudent person under the circumstances;
  2. In accordance with plan documents and instruments, insofar as they are consistent with the provisions of ERISA; and
  3. By diversifying plan investments so as to minimize risk of loss under the circumstances, unless it is clearly prudent not to do so.

A fiduciary is personally liable to the plan for losses resulting from a breach of their fiduciary responsibility, and must restore to the plan any profits realized on misuse of plan assets. Not only is a fiduciary liable for their own breaches, but also if they have knowledge of another fiduciary's breach and either conceals it or does not make reasonable efforts to remedy it.

ERISA provides for a mandatory civil penalty against a fiduciary who breaches a fiduciary responsibility under ERISA or commits a violation, or against any other person who knowingly participates in such breach or violation. That penalty is equal to 20 percent of the "applicable recovery amount" paid pursuant to any settlement agreement with ERISA or ordered by a court to be paid in a judicial proceeding instituted by ERISA.

ERISA also permits a civil action to be brought by a participant, beneficiary, or other fiduciary against a fiduciary for a breach of duty. ERISA allows participants to bring suit to recover losses from fiduciary breaches that impair the value of the plan assets held in their individual accounts, even if the financial solvency of the entire plan is not threatened by the alleged fiduciary breach. Courts may require other appropriate relief, including removal of the fiduciary.

Over the coming months, we’ll share a series of blogs for employee benefit plan fiduciaries, covering everything from common terminology to best practices for plan documentation, suggestions for navigating fiduciary risks, and more.

Article
What's in a name? A lot, if you manage a benefit plan.