Skip to Main Content

insightsarticles

Was your
COVID-
19 essential worker hazard pay FLSA-compliant?

By:

Colin is a Senior Consultant in BerryDunn’s Government Consulting Group with experience in communicating and executing strategic plans, coordinating membership development for various groups, and managing finance activities. He has worked on a wide range of projects with a focus on programmatic audit, forensic audit, financial process improvement, invoice review, and data analysis. He is a Certified Associate in Project Management and is currently working toward his Project Management Professional® certification.

Colin Buttarazzi
12.23.21

Read this if you used COVID-19 relief funds to pay essential workers.

The Coronavirus Aid, Relief, and Economic Security (CARES) and American Rescue Plan (ARPA) Acts allowed states and local governments to use COVID-19 relief funds to provide premium pay to essential workers. Many states took advantage of this opportunity, giving stipends or hourly rate increases to government and other frontline employees who worked during the pandemic, such as healthcare workers, teachers, correctional officers, and police officers.

States’ initial focus was to get the money to the essential workers as quickly as possible, but these decisions may cause them to be out of compliance with the Fair Labor Standards Act (FLSA), which sets standards for minimum wage, overtime pay, and recordkeeping. As a result, states should review how the funds were disbursed and if payroll adjustments are necessary. The amount, form, and recipients of the pay varied widely from state to state, making determining whether states are compliant with FLSA and calculating any discrepancies an immensely complex task. 

For example, states that disbursed one-time payments to essential workers will likely be able to treat those payments like standard one-time bonuses, while recurring stipends or hourly rate increases should be included in employee’s regular rate when calculating overtime pay. Because this is an unprecedented situation for both states and the federal government, clear guidance is not yet available from the Department of Labor. 

Fortunately, BerryDunn is already working with clients to review their use of the COVID-19 relief funds to help ensure essential workers were paid fairly. Our team is qualified to guide you through your unique situation and help you remain in compliance with FLSA guidelines.

If you have questions about your particular circumstances, please call our Compliance and Risk Management consulting team. We are here to help and happy to discuss options to pay for these services using federal funds.

Related Services

Related Professionals

Principals

BerryDunn experts and consultants

Editor’s note: Please read this if you are a not-for-profit board member, CFO, or any other decision maker within a not-for-profit.

In a time where not-for-profit (NFP) organizations struggle with limited resources and a small back office, it is important not to overlook internal audit procedures. Over the years, internal audit departments have been one of the first to be cut when budgets are tight. However, limited resources make these procedures all the more important in safeguarding the organization’s assets. Taking the time to perform strategic internal audit procedures can identify fraud, promote ethical behavior, help to monitor compliance, and identify inefficiencies. All of these lead to a more sustainable, ethical, and efficient organization. 

Internal audit approaches

The internal audit function can take on many different forms, depending on the size of the organization. There are options between the dedicated internal audit department and doing nothing whatsoever. For example:

  • A hybrid approach, where specific procedures are performed by an internal team, with other procedures outsourced. 
  • An ad hoc approach, where the board or management directs the work of a staff member.

The hybrid approach will allow the organization to hire specialists for more technical tasks, such as an in-depth financial analysis or IT risk assessment. It also recognizes internal staff may be best suited to handle certain internal audit functions within their scope of work or breadth of knowledge. This may add costs but allows you to perform these functions otherwise outside of your capacity without adding significant burden to staff. 

The ad hoc approach allows you to begin the work of internal audit, even on a small scale, without the startup time required in outsourcing the work. This approach utilizes internal staff for all functions directed by the board or management. This leads to the ad-hoc approach being more budget friendly as external consultants don’t need to be hired, though you will have to be wary of over burdening your staff.

With proper objectivity and oversight, you can perform these functions internally. To bring the process to your organization, first find a champion for the project (CFO, controller, compliance officer, etc.) to free up staff time and resources in order to perform these tasks and to see the work through to the end. Other steps to take include:

  1. Get the audit/finance committee on board to help communicate the value of the internal audit and review results of the work
  2. Identify specific times of year when these processes are less intrusive and won’t tax staff 
  3. Get involved in the risk management process to help identify where internal audit can best address the most significant risks at the organization
  4. Leverage others who have had success with these processes to improve process and implementation
  5. Create a timeline and maintain accountability for reporting and follow up of corrective actions

Once you have taken these steps, the next thing to look at (for your internal audit process) is a thoughtful and thorough risk assessment. This is key, as the risk assessment will help guide and focus the internal audit work of the organization in regard to what functions to prioritize. Even a targeted risk assessment can help, and an organization of any size can walk through a few transaction cycles (gift receipts or payroll, for example) and identify a step or two in the process that can be strengthened to prevent fraud, waste, and abuse.  

Here are a few examples of internal audit projects we have helped clients with:

  • Payroll analysis—in-depth process mapping of the payroll cycle to identify areas for improvement
  • Health and education facilities performance audit—analysis of various program policies and procedures to optimize for compliance
  • Agreed upon procedures engagement—contract and invoice/timesheet information review to ensure proper contractor selection and compliant billing and invoicing procedures 

Internal audits for companies of all sizes

Regardless of size, your organization can benefit from internal audit functions. Embracing internal audit will help increase organizational resilience and the ability to adapt to change, whether your organization performs internal audit functions internally, outsources them, or a combination of the two. For more information about how your company can benefit from an internal audit, or if you have questions, contact us

Article
Internal audit potential for not-for-profit organizations

Read this if you are at a financial institution.

Feeling stuck, or maybe even frozen, in your CECL readiness efforts? No matter where you are in the process, here are three things you can do right now to ensure your CECL implementation is on track:

  1. Create or re-visit your 2022 timeline
    With just under 12 months to the January 2023 CECL adoption date, it’s important to make every moment count. Consider CECL adoption your Olympic moment and, like every great Olympic athlete, you have interim events—a timeline of major milestones—to ensure you are ready for “Day 1” and beyond. One strategy to ensure you do not “run out of time” is to start at the end of your timeline and work backward.

    Tip: Whether it be 1/1/2023 (“Day 1” adoption), or the first date by which you want to start parallel runs, fix the date of that final must-hit milestone, and work backward. For example, in order to adopt CECL on 1/1/2023, what major milestone has to be achieved before then and how much time will you need for that? Setting milestones from the final date backward will help you fit the remaining major activities into the time you have left—you can’t “run out of time” this way!



     
  2. Assess where you are, tactically, and fill in the gaps
    What would an Olympic athlete be without a training schedule, and coaches, trainers, and other professionals to guide and push them? In order to make the most of each event (or milestone) in the countdown to CECL adoption, let’s fill in our training schedule. What key decisions still need to be made or documented? Who has the authority to approve them? What’s the right time and venue to obtain that approval? Will these be one-to-one, small group, or committee/board meetings? Will meetings be set up as-needed, or is the meeting schedule (e.g. quarterly executive/board) already set? Who are you engaging for model validation and key control review? What is the date of that review work? 

    Tip: Add those key approval, review, and validation dates to your timeline, and make sure the meeting time you need with decision-makers is booked in their calendars now. Scheduling this time in advance is a transparent and tangible sign that you’ve charted the course, helps ensure decision-makers are available to you when needed most, and incremental progress is being consistently made toward your ultimate goal. 
  3. Identify the top three tasks to complete this week, reserve the time in your calendar, and complete them!
    Like any athlete, you are now “in training”, and daily and weekly actions you take will ensure you reach your goal in as strong a position possible. Whether it’s scheduling those meetings, identifying subject matter experts you can rely upon for coaching, or putting the finishing touches on model documentation and internal control mapping, booking that time with yourself to complete these tasks is key to feeling prepared and ready for CECL adoption. 

    Tip: Set aside a few minutes at the end or start of each week to review your timeline/milestones and identify the next key actions to complete.

Would you like assistance with certain aspects of your CECL readiness efforts? Are you ready for some validation/review work, or need guidance on policy, governance, or internal/financial reporting controls?

Contact our Financial Institutions team. We'll help you get your CECL implementation over the finish line. 


 

Article
CECL implementation: Three steps for a medal-winning adoption 

Is your Women, Infants, and Children (WIC) agency struggling with Maintenance and Enhancement (M&E) vendor management? Here are some approaches to help improve your situation: 

  • Product Management Office (PdMO): Product management can help you manage your WIC system by coordinating and planning releases with the M&E vendor, prioritizing enhancements, reviewing workflows, and providing overall vendor management.
  • Project Management Office (PMO): Project management can help with budgeting, resource management, risk management, and organization. 
  • A blend of product and project management is a great partnership that can relieve some of the responsibilities of WIC agency staff and allows a third party to provide support in all areas of product and project management.

Whether you are an independent WIC State Agency (SA) or a multi-state consortium (MSC), having a PMO and/or PdMO can help alleviate some of the challenges facing WIC today. While an MSC may present significant cost savings, managing an M&E contract for multiple states can be overwhelming. Independent state agencies (SAs) may not have multiple states to coordinate with, but having the staff resources for vendor facilitation and implementing federal changes can be challenging. A PMO/PdMO can aid in improving business and technology outcomes for SAs and MSCs by bringing a level of coordination and consistency that otherwise might not happen. 

As federal changes grow in complexity, evidenced by the many changes to WIC stemming from the American Rescue Plan Act, coupled with workforce challenges in government, the importance of a PMO/PdMO has never been greater. Here are six ways a PMO/PdMO can help you:

  1. Facilitate the vendor relationship
    A PMO/PdMO not only holds the vendor accountable but also takes some of the workload off the SA by facilitating meetings, providing meeting notes, and tracking action items and decisions.
  2. Manage centrally located data
    A PMO/PdMO keeps all documents and data in a centralized location, fostering a collaborative environment and ease of access to needed information. A centralized location of data allows SAs to be on the same page for consistency, quality control, and to support the state’s need for clean, reliable information that is current and accurate.
  3. Track and mitigate risks 
    Effective risk management requires a substantial commitment of time and resources. The PMO/PdMO identifies, tracks, and assesses the severity of risks and suggests approaches to manage those risks. Some PMO/PdMOs assess all risks based on a severity index to help clients determine which risks need immediate action and which need monitoring.
  4.  Assist in the creation of Implementation Advanced Planning Document Updates (IAPDUs) 
    Creating and implementing an IAPDU can be time-consuming, confusing, and requires attention to detail. A PMO/PdMO alleviates time and pressure on SAs by helping to ensure that an IAPDU or funding request clearly outlines a plan of action to accomplish the activities necessary to reach an organization’s goal. PMO/PdMOs can draft IAPDUs to determine the need, feasibility, and projected costs and benefits for service. 
  5. Provide an unbiased, third-party opinion 
    A PMO/PdMO will offer an unbiased, third-party opinion to help avoid misunderstanding and frustration, decision stalemates, inadequate solutions, and unpleasant relationships between WIC agencies and M&E vendors. 
  6. Provide the right combination of business and technical expertise
    Staffing challenges (exacerbated by COVID-19), difficulties finding expertise managing software change management for WIC, and a retiring workforce knowledgeable in WIC system implementation have in some cases left SAs without critical resources. Having the right combination of skills from a third party can resolve some of these challenges.

Independent SAs or MSCs would benefit from having a PMO/PdMO to help meet the challenges WIC agencies face today, whether it is an unplanned funding change or updates to the risk codes. With the help of a PMO/PdMO developing standard practices and methodologies, SAs and MSCs can deliver and implement high-quality services more consistently and efficiently. The role of the PMO/PdMO is far-reaching and positively impacts WIC by providing backbone support for WIC’s overarching goal, to “safeguard the health of low-income women, infants, and children who are at nutrition risk.”

If you have questions about PMOs or PdMOs and the impact they can have on your agency, please contact us. We're here to help.

Article
Product Management Office: Benefits for WIC state agencies

Read this if you are a behavioral health agency leader looking for solutions to manage mental health, substance misuse, and overdose crises.

As state health departments across the country continue to grapple with rising COVID-19 cases, stalling vaccination rates, and public heath workforce burnout, other crises in behavioral health may be looming. Diverted resources, disruption in treatment, and the mental stress of the COVID-19 pandemic have exacerbated mental health disorders, substance use, and drug overdoses.

State agencies need behavioral health solutions perhaps now more than ever. BerryDunn works with state agencies to mitigate the challenges of managing behavioral health and implement innovative strategies and solutions to better serve beneficiaries. Read on to understand how conducting a needs assessment, redesigning processes, and/or establishing a strategic plan can amplify the impact of your programs. 

Behavioral health in crisis

The prevalence of mental illness and substance use disorders has steadily increased over the past decade, and the pandemic has exacerbated these trends. A number of recently released studies show increases in symptoms of anxiety, depression, and suicidal ideation. One CDC study indicates that in June 2020 over 40% of adults reported an adverse mental or behavioral health condition, which includes about 13% who have started or increased substance use to cope with stress or emotions related to COVID-19.1 

The toll on behavioral health outcomes is compounded by the pandemic’s disruption to behavioral health services. According to the National Council for Behavioral Health, 65% of behavioral health organizations have had to cancel, reschedule, or turn away patients, even as organizations see a dramatic increase in the demand for services.2,3 Moreover, treatment facilities and harm reduction programs across the country have scaled back services or closed entirely due to social distancing requirements, insufficient personal protective equipment, budget shortfalls, and other challenges.4 These disruptions in access to care and service delivery are having a severe impact.

Several studies indicate that patients report new barriers to care or changes in treatment and support services after the onset of the pandemic.5, 6 Barriers to care are particularly disruptive for people with substance use disorders. Social isolation and mental illness, coupled with limited treatment options and harm reduction services, creates a higher risk of suicide ideation, substance misuse, and overdose deaths.

For example, the opioid epidemic was still surging when the pandemic began, and rates of overdose have since spiked or elevated in every state across the country.7 After a decline of overdose deaths in 2018 for the first time in two decades, the CDC reported 81,230 overdose deaths from June 2019 to May 2020, the highest number of overdose deaths ever recorded in a 12-month period.8 

These trends do not appear to be improving. On October 3, the CDC reported that from March 2020 to March 2021, overdose deaths have increased 29.6% compared to the previous year, and that number will only continue to climb as more data comes in.9  

As the country continues to experience an increase in mental illness, suicide, and substance use disorders, states are in need of capacity and support to identify and/or implement strategies to mitigate these challenges. 

Solutions for state agencies

Behavioral health has been recognized as a priority issue and service area that will require significant resources and innovation. In May, the US Department of Health and Human Services' (HHS) Secretary Xavier Becerra reestablished the Behavioral Health Coordinating Council to facilitate collaborative, innovative, transparent, equitable, and action-oriented approaches to address the HHS behavioral health agenda. The 2022 budget allocates $1.6 billion to the Community Mental Health Services Block Grant, which is more than double the Fiscal Year (FY) 2021 funding and $3.9 billion more than in FY 2020, to address the opioid epidemic in addition to other substance use disorders.10 

As COVID-19 continues to exacerbate behavioral health issues, states need innovative solutions to take on these challenges and leverage additional federal funding. COVID-19 is still consuming the time of many state leaders and staff, so states have a limited capacity to plan, implement, and manage the new initiatives to adequately address these issues. Here are three ways health departments can capitalize on the additional funding.

Conduct a needs assessment to identify opportunities to improve use of data and program outcomes

Despite meeting baseline reporting requirements, state agencies often lack sufficient quality data to assess program outcomes, identify underserved populations, and obtain a holistic view of the comprehensive system of care for behavioral health services. Although state agencies may be able to recognize challenges in the delivery or administration of behavioral health services, it can be difficult to identify solutions that result in sustained improvements.

By performing a structured needs assessment, health departments can evaluate their processes, systems, and resources to better understand how they are using data, and how to optimize programs to tailor behavioral health services and promote better health outcomes and a more equitable distribution of care. This analysis provides the insight for agencies to understand not only the strengths and challenges of the current environment, but also the desires and opportunities for a future solution that takes into account stakeholder needs, best practice, and emerging technologies. 

Some of the benefits we have seen our clients enjoy as a result of performing a needs assessment include: 

  • Discovering and validating strengths and challenges of current state operations through independent evaluation
  • Establishing a clear roadmap for future business and technological improvements
  • Determining costs and benefits of new, alternative, or enhanced systems and/or processes
  • Identifying the specific business and technical requirements to achieve and improve performance outcomes 

Timely, accurate, and comprehensive data is critical to improving behavioral health outcomes, and the information gathered during a needs assessment can inform further activities that support programmatic improvements. Further activities might include conducting a fit-gap analysis, performing business process redesign, establishing a prioritization matrix, and more. By identifying the greatest needs and implementing plans to address them, state agencies can better handle the impact on behavioral health services resulting from the COVID-19 pandemic and serve individuals with mental health or substance use disorders more efficiently and effectively.

Redesign processes to improve how individuals access treatment and services

Despite the availability of behavioral health services, inefficient business and technical processes can delay and frustrate individuals seeking care and in some cases, make them stop seeking care altogether. With limited resources and increasing demands, behavioral health agencies should analyze and redesign work flows to maximize efficiency, security, and efficacy. Here are a few examples of process improvements states can achieve through process redesign:

  • Streamlined data processes to reduce duplicative data entry 
  • Automated and aligned manual data collection processes 
  • Integrated siloed health information systems
  • Focused activities to maximize staff strengths
  • Increased process transparency to improve communication and collaboration 

By placing the consumer experience at the core of all services, state health departments can redesign business and technical processes to optimize the continuum of care. A comprehensive approach takes into account all aspects that contribute to the delivery of behavioral health services, including both administrative and financial processes. This helps ensure interconnected activities continue to be performed efficiently and effectively. Such improvements help consumers with co-occurring disorders (mental illness and substance use disorder) and/or developmental disorders find “no wrong door” when seeking care. 

Establish a strategic plan of action to address the impact of the COVID-19 pandemic

With the influx of available dollars resulting from the American Recovery Plan Act and other state and federal investments, health departments have a unique opportunity to fund specific initiatives to enhance the delivery and administration of behavioral health services. Understanding how to allocate the millions of newly awarded dollars in an impactful and sustainable way can be challenging. Furthermore, the additional reporting and compliance requirements linked to the funding can be difficult to navigate in addition to current monitoring obligations. 

The best way to begin using the available funding is to develop and implement strategic plans that optimize funds for behavioral health programs and services. You can establish priorities and identify sustainable solutions that build capacity, streamline operations, and promote the equitable distribution of care across populations. A few of the activities state health departments have undertaken resulting from the strategic planning initiatives include: 

  • Modernizing IT systems, including data management solutions and Electronic Health Records systems to support inpatient, outpatient, and community mental health and substance use programs 
  • Promoting organizational change management 
  • Establishing grant programs for community-driven solutions to promote health equity for the underserved population
  • Organizing, managing, and/or supporting stakeholder engagement efforts to effectively collaborate with internal and external stakeholders for a strong and comprehensive approach

The prevalence of mental illness and substance use disorder were areas of concern prior to COVID-19, and the pandemic has only made these issues worse, while adding more administrative challenges. State health departments have had to redirect their existing staff to work to address COVID-19, leaving a limited capacity to manage existing state-level programs and little to no capacity to plan and implement new initiatives. 

The federal administration and HHS are working to provide financial support to states to work to address these exacerbated health concerns; however, with the limited state capacity, states need additional support to plan, implement, and/or manage new initiatives. BerryDunn has a wide breadth of knowledge and experience in conducting needs assessments, redesigning processes, and establishing strategic plans that are aimed at amplifying the impact of state programs. Contact our behavioral health consulting team to learn more about how we can help. 

Sources:
Mental Health, Substance Use, and Suicidal Ideation During the COVID-19 Pandemic, CDC.gov
COVID-19 Pandemic Impact on Harm Reduction Services: An Environmental Scan, thenationalcouncil.org
National Council for Behavioral Health Polling Presentation, thenationalcouncil.org
The Impact of COVID-19 on Syringe Services Programs in the United States, nih.gov
COVID-19 Pandemic Impact on Harm Reduction Services: An Environmental Scan, thenationalcouncil.org
COVID-19-Related Treatment Service Disruptions Among People with Single- and Polysubstance Use Concerns, Journal of Substance Abuse Treatment
Issue Brief: Nation’s Drug-Related Overdose and Death Epidemic Continues to Worsen, American Medical Association
Increase in Fatal Drug Overdoses Across the United States Driven by Synthetic Opioids Before and During the COVID-19 Pandemic, CDC.gov
Provisional Drug Overdose Death Counts, CDC.gov
10 Fiscal Year 2022 Budget in Brief: Strengthening Health and Opportunity for All Americans, HHS.gov

Article
COVID's impact on behavioral health: Solutions for state agencies

Read this if you are a plan sponsor of employee benefit plans.

This article is the eleventh in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with Employee Retirement Income Security Act (ERISA) requirements. You can read the previous articles here.

Most employee benefit plans have outsourced a significant portion of the internal controls to a service organization, such as a third-party administrator. The plan administrator has a fiduciary responsibility to monitor the internal controls of the service organization and to determine if the outsourced controls are suitably designed and effective.

SOC 1 reports: Internal controls and financial reporting

Generally, the most efficient way to obtain an understanding of the outsourced controls is to obtain a report on controls issued by the service organization’s auditor. Commonly referred to as a System and Organization Controls (SOC) report, the SOC report should be based on the American Institute of Certified Public Accountants’ (AICPA) attestation standards and should cover internal controls relevant to financial reporting, also known as a SOC 1 report (the “1” indicating it covers internal controls over financial reporting).

Plan sponsors should perform a documented review of the SOC 1 report for each of the plan’s significant service organizations. The documented review should include the plan sponsor’s assessment of the complementary user entity controls outlined in the SOC 1 report. The complementary user entity controls are internal control activities that should be in place at the plan sponsor to provide reasonable assurance that the controls tested at the service organization are operating effectively at your plan. If a service organization’s internal controls are operating effectively, but complementary user entity controls are not in place at your organization, the effectiveness of the service organization’s internal controls may not transfer to your plan’s operations.

Creditability and CPA firms: Considerations

Creditability of the CPA firm completing the SOC 1 report examination may impact the reliability of the CPA firm’s opinion and thus your reliability on the service organization’s internal controls. Unfamiliarity with the service auditor’s qualifications may be mitigated through additional research. Items to consider are: 

  • The firm’s expertise in SOC 1 reporting
    • Are they familiar with the service organization’s industry?
    • How many professionals do they have that perform SOC 1 examination services?
  • The evaluation of AICPA peer reviews 
    Audit firms are required to have a periodic peer review conducted. The results of the peer review are public knowledge and can be found on the AICPA’s website.
    • Did the service auditor receive a “pass” rating during their most recent peer review?
    • Did the peer review cover SOC 1 examination services?
  • Evaluation of the service organization’s due diligence procedures surrounding the selection of an auditor

Some of this information may be readily available via the service auditor’s website, while other information may need to be gathered through direct communication with the service organization. A qualified service auditor should be able to provide a SOC 1 report that contains sufficient detail, relevant transactional activity, relevant control objectives, and a timely reporting period.

SOC 1 reports may contain an unqualified, qualified, adverse, or disclaimer of opinion. The report determines if the controls in place are adequate for complete and accurate financial reporting. Report qualifications may affect the risk of relying on the service organization and may result in the need for additional procedures or safeguards to help ensure the plan’s financial statements are presented fairly. Even if the SOC 1 report received an unqualified opinion, you should review the controls tested by the service auditor and the results of such testing for any exceptions. Exceptions, even if they don’t result in a qualified opinion, may have an impact on the plan’s control environment. 

You should also review the scope of the audit to check that all significant transaction cycles, processes, and IT applications were properly assessed for their impact on the plan’s financial statements. Areas outside the scope of the SOC 1 report may require additional consideration, including the possibility of obtaining more than one SOC 1 report for subservice organizations whose functions were carved out from the service organization’s SOC 1 report.

Subservice organizations

Subservice organizations are frequently utilized to process certain transactions or perform certain functions at the service organization. Management of the service organization may identify certain transaction cycles and processes that are performed by a subservice organization and choose to exclude relevant control objectives and related controls from the SOC 1 report description and the scope of the auditor’s engagement. In such cases, multiple SOC 1 reports may need to be acquired to gain adequate coverage of all controls and objectives relevant to your plan. 

Furthermore, you need to consider the time period the SOC 1 report covers. Coverage should be obtained for your plan’s full fiscal year. For SOC 1 reports that lack coverage of your plan’s full fiscal year, a bridge letter should be obtained to help ensure that no significant changes in controls occurred between the SOC 1 report examination period and the end of your plan’s fiscal year.

Although plans commonly outsource a significant portion of their day-to-day operations to service organizations, plan fiduciaries cannot outsource their responsibilities surrounding the maintenance of a sound control environment. SOC 1 reports are a great resource to assess the control environments of service organizations. However, such reports can be lengthy and daunting to review. We hope this article provides some best practices in reviewing SOC 1 reports. If you have any questions, or would like to receive a copy of our SOC 1 report review template, please don’t hesitate to reach out to our Employee Benefits Audit team.

Article
Service organizations and review of SOC 1 reports: Considerations and recommendations

Read this if you are a director or manager at a Health and Human Services agency in charge of modernizing your state's Health and Human Services systems.

With stream-lined applications, online portals, text updates, and one-stop offices serving programs like Medicaid, SNAP, and Child Welfare, states are rapidly adopting integrated systems serving multiple programs. As state leaders collaborate on system design and functionality to meet federal and state requirements, it is equally important to create a human-centered design built for the whole family.

We know families are comprised of a variety of people with various levels of need, and blended families ranging from grandparents to infants may qualify for a variety of programs. We may connect with families who are on Medicaid, aged and disabled or SNAP, but also have cases within child support or with child welfare. 

If your state is considering updating a current system, or procuring for an innovative design, there are key strategies and concepts to consider when creating a fully integrated system for our most vulnerable populations. Below are a few advantages for building a human-centric system:

  • The sharing of demographic, contact, and financial information reduces duplication and improves communication between state entities and families seeking services
  • Improvement of business services and expedited eligibility determinations, as a human-centric model gathers information upfront to reduce a stream of verification requests
  • The cost of ownership decreases when multiple programs share design costs
  • Client portals and services align as a family-focused model

Collaboration and integrated design

How many states use a separate application for Medicaid and SNAP? More specifically, is the application process time consuming? Is the same information requested over and over for each program? 

How efficient (and wonderful) would it be for clients to complete task-based questions, and then each program could review the information separately for case-based eligibility? How can you design an integrated system that aligns with business and federal rules, and state policy?

Once your state has decided a human-centered design would be most beneficial, you can narrow your focus—whether you are already in the RFP process, or within requirements sessions. You can stop extraneous efforts, and change your perspective by asking the question: How can we build this for the entire family? The first step is to see beyond your specific program requirements and consider the families each program serves. 

Integrated design is usually most successful when leaders and subject matter experts from multiple programs can collaborate. If all personnel are engaged in an overarching vision of building a system for the family, the integrated design can be fundamentally successful, and transforming for your entire work environment across agencies and departments.

Begin with combining leadership and subject matter experts from each geographic region. Families in the far corners of our states may have unique needs or challenges only experts from those areas know about. These collaborative sessions provide streamlined communications and ideas, and empower staff to become actively involved and invested in an integrated system design. 

Next, delve into the core information required from each family member and utilize a checklist to determine if the information meets the requirements of the individual programs. Finally, decide which specific data can streamline across programs for benefit determinations. For example, name, address, age, employment, income, disability status, and family composition are standard pieces of information. However, two or more programs may also require documentation on housing, motor vehicle, or retirement accounts.

Maintaining your focus on the families you serve

When designing an integrated system, it is easy to lose focus on the family and return to program-specific requirements. Your leaders and subject matter experts know what their individual programs need, which can lead to debates over final decisions regarding design. It is perfectly normal to develop tunnel vision regarding our programs because we want to meet regulations and maintain funding.

Below are recommendations for maintaining your focus on building for the family, which can start as soon as the RFP. 

  • Emphasize RFP team accountability
    • Everyone should share an array of family household examples who benefit from the various programs (Medicaid, SNAP, TANF, etc.), to help determine how to deliver a full spectrum of services. 
    • Challenge each program with writing their program-specific sections of the RFP and have one person combine the responses for a review session.
  • If the integrated system design is in the requirements phase, brainstorm scenarios, like the benefit example provided in recommendation number one. When information is required by one program, but not another, can the team collaborate and include the information knowing it could benefit an entire family?
  • When considering required tasks, and special requests, always ask: Will this request/change/enhancement help a family, or help staff assist a family?
  • Consider a universal approach to case management. Can staff be cross trained to support multiple programs to reduce transferring clients to additional staff?

We understand adopting a human-centered design can be a challenging approach, but there are options and approaches to help you through the process. Just continue to ask yourself, when it comes to an integrated approach, are you building the system for the program or for the family?

Article
Integrated design and development for state agencies: Building for the family

Read this if you are a New Hampshire resident, or a business owner or manager with telecommuting employees (due to the COVID-19 pandemic).

In late January, the Supreme Court asked the Biden Administration for its views on a not-so-friendly neighborly dispute between the State of New Hampshire and the Commonwealth of Massachusetts. New Hampshire is famous amongst its neighboring states for its lack of sales tax and personal income tax. Because of the tax rules and other alluring features, thousands of employees commute daily from New Hampshire to Massachusetts. Overnight, like so many of us, those commuters were working at home and not crossing state boundaries.

As a result of the pandemic and stay-at-home orders, Massachusetts issued temporary and early guidance, directing employers to maintain the status quo. Keep withholding on your employees in the same manner that you were, even though they may not be physically coming into the state. New Hampshire was against this directive from day one and sought to sue Massachusetts over its COVID-19 telecommuting rules for employees who had previously been sitting in an office in the Bay State. The final nail in the coffin was an extension of the guidance in October. 

New Hampshire’s position
New Hampshire took particular issue because it does not impose an Individual Income Tax on wages and it believed that the temporary regulations issued by the Commonwealth overstepped or disregarded New Hampshire’s sovereignty—in violation of the both the Commerce and Due Process Clauses of the U.S. Constitution. Each clause has historically prohibited a state from taxing outside its borders and limits tax on non-residents. For Massachusetts employers to continue withholding on New Hampshire residents' wage earnings, New Hampshire argues, Massachusetts is imposing a tax within New Hampshire, contrary to the Constitution.

What makes the New Hampshire situation unique is that it does not impose an income tax on individuals, a “defining feature of its sovereignty”, the state argues. New Hampshire would say that its tax regime creates a competitive advantage in attracting new business and residents. Maine residents, subject to the same Massachusetts rules, would receive a corresponding tax credit on their Maine tax return, making them close to whole between the two states. Because there is no New Hampshire individual income tax, their residents are out of pocket for a tax that they wouldn’t be subject to, but for these regulations.

Massachusetts’ position
Massachusetts' intention behind the temporary regulations was to maintain pre-pandemic “status quo” to avoid uncertainty for employees and additional compliance burden on employers. This would ensure employers would not be responsible for determining when an employee was working, for example, at their Lake Winnipesaukee camp for a few weeks, or their relative’s home in Rhode Island. 

Additionally, states like New York and Connecticut have long had “convenience of the employer” laws on the books which imposed New York tax on telecommuting non-residents. Additionally, Massachusetts provided that a parallel treatment will be given to resident employees with income tax liabilities in other states who have adopted similar sourcing rules, i.e., a Massachusetts resident working for a Maine employer.

Other voices
The US Supreme Court requested a brief from the Biden administration. Additionally, many states wrote to the court on behalf of New Hampshire. To demonstrate the impact a decision against New Hampshire could have, New Jersey said that it expects to issue $1.2 Billion in tax credits to its residents because New York declined to loosen their strict telecommuting rules. In the final days before the Court recessed, it declined to hear the case brought by the State of New Hampshire against the Commonwealth of Massachusetts. Had the Court decided to move forward with the case, it stood to impact long-standing, pre-pandemic telecommuting rules by New York and others.

What now?
For Massachusetts employers specifically, you should review current withholdings and ensure compliance with the temporary regulations. The state of emergency has been lifted in Massachusetts, and the rules have an end date of September 19, 2021. Employers who haven’t been following the regulations will have a costly tax exposure to correct. 

Massachusetts’ temporary regulations were not unique as dozens of states issued temporary regulations asserting a “status quo” regime for those employees who would normally be commuting outside their home state. Unwinding from the pandemic is going to be a long road, and for all employers, it’s important that you review the rules in each state of operation and confirm that the proper withholding is made.

If you have questions about your specific situation, please contact the state and local tax consulting team. We’re here to help.

Article
New Hampshire v. Massachusetts: Sovereignty or status quo?

Read this if you are working with an auditor.

The standard report an auditor issues on an entity’s financial statements was created in 1988, and has only had minor tweaking since. Amazing when we think about how the world has changed since 1988! Back then:

  • The World Wide Web hadn’t been invented
  • The Simpsons wasn’t yet on TV, and neither was Seinfeld
  • The Berlin Wall was still standing
  • The Single Audit Act celebrated its fourth birthday

The Auditing Standards Board (ASB), an independent board of the American Institute of CPAs (AICPA) that establishes auditing rules for not-for-profit organizations (as well as private company and federal, state, and local governmental entities) has decided it was high time to revisit the auditor’s report, and update it to provide additional information about the audit process that stakeholders have been requesting.

In addition to serving as BerryDunn’s quality assurance principal for the past 23 years, I’ve been serving on the ASB since January 2017, and as chair since May 2020. (And thanks to the pandemic our meetings during my tenure as chair have been conducted from my dining room table.)  We thought you might be interested in a high-level overview of the coming changes to the auditor’s report, which will be effective starting with calendar 2021 audits, from an insider’s perspective.

So what’s changing?

The most significant changes you’ll be seeing, based on feedback from various users of auditor’s reports, are:

  1. Opinion first
    The opinion in an audit report is the auditor’s conclusion as to whether the financial statements are in accordance with the applicable accounting standards, in all material respects. People told us this is the most important part of the report, so we’ve moved it to the first section of the report.
  2. Auditor’s ethical responsibilities
    We’ve pointed out that an auditor is required to be independent of the organization being audited, and to meet certain other ethical responsibilities in the conduct of the audit.
  3. “Going concern” responsibilities
    We describe management’s responsibility, under U.S. generally accepted accounting principles, and the auditor’s responsibility, under the auditing rules, for determining whether “substantial doubt” exists about the organization’s ability to continue in existence for at least one year following the date the financial statements are approved for issuance.
  4. Emphasis on professional judgment and professional skepticism
    We explain how an audit requires the auditor to exercise professional judgment (for example, regarding how much testing to perform), and to maintain professional skepticism, i.e., a questioning mind that is alert to the possibility the financial statements may be materially misstated, whether due to error or fraud.
  5. Communications with the board of directors
    We point out that the auditor is required to communicate certain matters to the board, such as difficulties encountered during the audit, material adjustments identified during the audit process, and which areas the auditor treated as “significant risks” in planning and performing the audit.
  6. Responsibility related to the “annual report”
    If the organization issues an “annual report” containing or referring to the audited financial statements, we explain the auditor is required to review it for consistency with the financial statements, and for any known misstatements of fact.
  7. Discussion of “key audit matters”
    While not required, your organization may request the auditor to discuss how certain “key audit matters” (those most significant to the audit) were addressed as part of the audit process. These are similar to the “critical audit matters” publicly traded company auditor’s reports are now required to include.

Yes, this means the auditor’s report will be longer; however, stakeholders told us inclusion of this information will make it more informative, and useful, for them.

Uniform Guidance standards also changing

Is your organization required to have a compliance audit under the federal Uniform Guidance standards? That report is also changing to reflect the items listed above to the extent they’re relevant.

What should you do?

Some actions to consider as you get ready for the first audit to which the new report applies (calendar 2021, or fiscal years ending in 2022) include:

  1. Ask your auditor what your organization’s auditor’s report will look like
    Your auditor can provide examples of auditor’s reports under the new rules, or even draft a pro forma auditor’s report for your organization (subject, of course, to the results of the audit).
  2. Outline and communicate your process for developing your annual report
    If your organization prepares an annual report, it will be important to coordinate its timing with that of the issuance of the auditor’s report, due to the auditor’s new reporting responsibility related to the annual report.
  3. Discuss with your board whether you would like the auditor to include a discussion of “key audit matters” in the auditor’s report
    While not required for not-for-profits, some organizations may decide to request the auditor include a discussion of such matters in the report, from the standpoint of transparency “best practices.”

If you have any questions about the new auditor’s report or your specific situation, please contact us. We’re here to help.
 

Article
A new auditor's report: Seven changes to know