What healthcare and nonprofits need to know about federal fraud enforcement

Benchmarking doesn’t need to be time and resource consuming. Read on for four simple steps you can take to improve efficiency and maximize resources.

Stop us if you’ve heard this one before (from your Board of Trustees or Finance Committee): “I wish there was a way we could benchmark ourselves against our competitors.”

Have you ever wrestled with how to benchmark? Or struggled to identify what the Board wants to measure? Organizations can fall short on implementing effective methods to benchmark accurately. The good news? With a planned approach, you can overcome traditional obstacles and create tools to increase efficiency, improve operations and reporting, and maintain and monitor a comfortable risk level. All of this can help create a competitive advantage — and it  isn’t as hard as you might think.

Even with a structured process, remember that benchmarking data has pitfalls, including:

• Peer data can be difficult to find. Some industries are better than others at tracking this information. Some collect too much data that isn’t relevant, making it hard to find the data that is.
   
• The data can be dated. By the time you close your books for the year and data is available, you’re at least six months into the next fiscal year. Knowing this, you can still build year-over-year trending models that you can measure consistently.
   
• The underlying data may be tainted. As much as we’d like to rely on financial data from other organization and industry surveys, there’s no guarantee that all participants have applied accounting principles consistently, or calculated inputs (e.g., full-time equivalents) in the same way, making comparisons inaccurate.

Despite these pitfalls, benchmarking is a useful tool for your organization. Benchmarking lets you take stock of your current financial condition and risk profile, identify areas for improvement and find a realistic and measurable plan to strengthen your organization.

Here are four steps to take to start a successful benchmarking program and overcome these pitfalls:

1. Benchmark against yourself. Use year-over-year and month-to-month data to identify trends, inconsistencies and unexplained changes. Once you have the information, you can see where you want to direct improvement efforts.
2. Look to industry/peer data. We’d love to tell you that all financial statements and survey inputs are created equally, but we can’t. By understanding the source of your information, and the potential strengths and weaknesses in the data (e.g., too few peers, different size organizations and markets, etc.), you will better know how to use it. Understanding the data source allows you to weigh metrics that are more susceptible to inconsistencies.

3. Identify what is important to your organization and focus on it. Remove data points that have little relevance for your organization. Trying to address too many measures is one of the primary reasons benchmarking fails. Identify key metrics you will target, and watch them over time. Remember, keeping it simple allows you to put resources where you need them most.

4. Use the data as a tool to guide decisions. Identify aspects of the organization that lie beyond your risk tolerance and then define specific steps for improvement.

Once you take these steps, you can add other measurement strategies, including stress testing, monthly reporting, and use in budgeting and forecasting. By taking the time to create and use an effective methodology, this competitive advantage can be yours. Want to learn more? Check out our resources for not-for-profit organizations here.

Read this if your CFO has recently departed, or if you're looking for a replacement.

With the post-Covid labor shortage, “the Great Resignation,” an aging workforce, and ongoing staffing concerns, almost every industry is facing challenges in hiring talented staff. To address these challenges, many organizations are hiring temporary or interim help—even for C-suite positions such as Chief Financial Officers (CFOs).

You may be thinking, “The CFO is a key business partner in advising and collaborating with the CEO and developing a long-term strategy for the organization; why would I hire a contractor to fill this most-important role?” Hiring an interim CFO may be a good option to consider in certain circumstances. Here are three situations where temporary help might be the best solution for your organization.

Your organization has grown

If your company has grown since you created your finance department, or your controller isn’t ready or suited for a promotion, bringing on an interim CFO can be a natural next step in your company’s evolution, without having to make a long-term commitment. It can allow you to take the time and fully understand what you need from the role — and what kind of person is the best fit for your company’s future.

BerryDunn's Kathy Parker, leader of the Boston-based Outsourced Accounting group, has worked with many companies to help them through periods of transition. "As companies grow, many need team members at various skill levels, which requires more money to pay for multiple full-time roles," she shared. "Obtaining interim CFO services allows a company to access different skill levels while paying a fraction of the cost. As the company grows, they can always scale its resources; the beauty of this model is the flexibility."

If your company is looking for greater financial skill or advice to expand into a new market, or turn around an underperforming division, you may want to bring on an outsourced CFO with a specific set of objectives and timeline in mind. You can bring someone on board to develop growth strategies, make course corrections, bring in new financing, and update operational processes, without necessarily needing to keep those skills in the organization once they finish their assignment. Your company benefits from this very specific skill set without the expense of having a talented but expensive resource on your permanent payroll.

Your CFO has resigned

The best-laid succession plans often go astray. If that’s the case when your CFO departs, your organization may need to outsource the CFO function to fill the gap. When your company loses the leader of company-wide financial functions, you may need to find someone who can come in with those skills and get right to work. While they may need guidance and support on specifics to your company, they should be able to adapt quickly and keep financial operations running smoothly. Articulating short-term goals and setting deadlines for naming a new CFO can help lay the foundation for a successful engagement.

You don’t have the budget for a full-time CFO

If your company is the right size to have a part-time CFO, outsourcing CFO functions can be less expensive than bringing on a full-time in-house CFO. Depending on your operational and financial rhythms, you may need the CFO role full-time in parts of the year, and not in others. Initially, an interim CFO can bring a new perspective from a professional who is coming in with fresh eyes and experience outside of your company.

After the immediate need or initial crisis passes, you can review your options. Once the temporary CFO’s agreement expires, you can bring someone new in depending on your needs, or keep the contract CFO in place by extending their assignment.

Considerations for hiring an interim CFO

Making the decision between hiring someone full-time or bringing in temporary contract help can be difficult. Although it oversimplifies the decision a bit, a good rule of thumb is: the more strategic the role will be, the more important it is that you have a long-term person in the job. CFOs can have a wide range of duties, including, but not limited to:

• Financial risk management, including planning and record-keeping
• Management of compliance and regulatory requirements
• Creating and monitoring reliable control systems
• Debt and equity financing
• Financial reporting to the Board of Directors

If the focus is primarily overseeing the financial functions of the organization and/or developing a skilled finance department, you can rely — at least initially — on a CFO for hire.

Regardless of what you choose to do, your decision will have an impact on the financial health of your organization — from avoiding finance department dissatisfaction or turnover to capitalizing on new market opportunities. Getting outside advice or a more objective view may be an important part of making the right choice for your company.

BerryDunn can help whether you need extra assistance in your office during peak times or interim leadership support during periods of transition. We offer the expertise of a fully staffed accounting department for short-term assignments or long-term engagements―so you can focus on your business. Meet our interim assistance experts.

Editor's note: read this if you are a CFO, controller, accountant, or business manager.

We auditors can be annoying, especially when we send multiple follow-up emails after being in the field for consecutive days. Over the years, we have worked with our clients to create best practices you can use to prepare for our arrival on site for year-end work. Time and time again these have proven to reduce follow-up requests and can help you and your organization get back to your day-to-day operations quickly. 

1. Reconcile early and often to save time.
   Performing reconciliations to the general ledger for an entire year's worth of activity is a very time consuming process. Reconciling accounts on a monthly or quarterly basis will help identify potential variances or issues that need to be investigated; these potential variances and issues could be an underlying problem within the general ledger or control system that, if not addressed early, will require more time and resources at year-end. Accounts with significant activity (cash, accounts receivable, investments, fixed assets, accounts payable and accrued expenses and debt), should be reconciled on a monthly basis. Accounts with less activity (prepaids, other assets, accrued expenses, other liabilities and equity) can be reconciled on a different schedule.
2. Scan the trial balance to avoid surprises.
   As auditors, one of the first procedures we perform is to scan the trial balance for year-over-year anomalies. This allows us to identify any significant irregularities that require immediate follow up. Does the year-over-year change make sense? Should this account be a debit balance or a credit balance? Are there any accounts with exactly the same balance as the prior year and should they have the same balance? By performing this task and answering these questions prior to year-end fieldwork, you will be able to reduce our follow up by providing explanations ahead of time or by making correcting entries in advance, if necessary. 
3. Provide support to be proactive.
   On an annual basis, your organization may go through changes that will require you to provide us documented contractual support.  Such events may include new or a refinancing of debt, large fixed asset additions, new construction, renovations, or changes in ownership structure.  Gathering and providing the documentation for these events prior to fieldwork will help reduce auditor inquiries and will allow us to gain an understanding of the details of the transaction in advance of performing substantive audit procedures. 
4. Utilize the schedule request to stay organized.
   Each member of your team should have a clear understanding of their role in preparing for year-end. Creating columns on the schedule request for responsibility, completion date and reviewer assigned will help maintain organization and help ensure all items are addressed and available prior to arrival of the audit team. 
5. Be available to maximize efficiency. 
   It is important for key members of the team to be available during the scheduled time of the engagement.  Minimizing commitments outside of the audit engagement during on site fieldwork and having all year-end schedules prepared prior to our arrival will allow us to work more efficiently and effectively and help reduce follow up after fieldwork has been completed. 

Careful consideration and performance of these tasks will help your organization better prepare for the year-end audit engagement, reduce lingering auditor inquiries, and ultimately reduce the time your internal resources spend on the annual audit process. See you soon. 

Editor’s note: Read this if your organization is an entity with significant lease transactions with terms greater than a year.  

Updated: June 2020

The new Accounting Standards Codification Topic 842 (ASC 842) lease accounting standard is actually not that new. The Financial Accounting Standards Board (FASB) first released the standard in 2016 but, due to a series of delays, it hasn’t been required yet. Even with delays, some organizations have already started to implement ASC 842. They include:

1. Public business entities
2. Not-for-profits that have issued or are conduit bond obligors for securities traded, listed, or quoted on an exchange or an over the-counter market

All other entities will start implementing for fiscal years starting after December 15, 2021 and internal periods within fiscal years beginning after December 15, 2022 (January 1 for calendar reporting periods).

Here’s a quick rundown of the lease classifications and how they’ll impact your financial statements.  

Classifying leases

Under the new standards, leases fall into one of two classifications: finance leases and operating leases. This classification makes all the difference in how leases are reported in the financial statements. 

Finance lease

A finance lease essentially treats an asset as if it were purchased by the lessee and financed with funds from the lessor. This prevents companies from hiding financial obligations that are basically liabilities. ASC 842 requires leases to be classified as finance leases if they meet any of the following five criteria:

1. The lease transfers ownership of the underlying asset to the lessee by the end of the lease term.
2. The lease grants the lessee an option to purchase the underlying asset that the lessee is reasonably certain to exercise.
3. The lease term is for the major part of the remaining economic life of the underlying asset. However, if the commencement date falls at or near the end of the economic life of the underlying asset, this criterion shall not be used for purposes of classifying the lease.
4. The present value of the sum of the lease payments and any residual value guaranteed by the lessee that is not already reflected in the lease payments in accordance with paragraph 842-10-30-5(f) equals or exceeds substantially all of the fair value of the underlying asset.
5. The underlying asset is of such a specialized nature that it is expected to have no alternative use to the lessor at the end of the lease term.

As you can see from the five criteria, finance leases are just purchase arrangements financed over time. ASC 842 is designed to reflect that and improve transparency for investors and other stakeholders.  

Operating lease

Any lease not meeting any of the above criteria is classified as an operating lease. 

No more off-book leases

One of the problems ASC 842 seeks to solve is “off-book” operating leases that show up only as notes on the balance sheet and cloud the debt ratios of companies. Under the new standards, both operating and finance leases will be reported on the balance sheet. The only exceptions are certain leases with terms of 12 months of less. 

Recording finance vs. operating leases

With both operating and finance leases reported on the balance sheet, what’s the difference between the two? The major difference is the way they are recorded on the income statement:

• Interest and amortization are recorded separately on the income statement for finance leases.
• Operating leases will report a single line item based on the lease payment. 
• Principal repayments for finance lease are classified as financing activities.
• Payments on operating leases are classified as operating activities.

Next Steps 

Make sure you start by implementing for fiscal years starting after December 15, 2021 and internal periods within fiscal years beginning after December 15, 2022. If you have questions about finance or operating leases, or need help with the new standard, please don’t hesitate to contact the team. 

Download our lease classification infographic for a comparison of finance and operating leases under ASC 842.

LIBOR is leaving—is your financial institution ready to make the most of it?

In July 2017, the UK’s Financial Conduct Authority announced the phasing out of the London Interbank Offered Rate, commonly known as LIBOR, by the end of 2021¹. With less than two years to go, US federal regulators are urging financial institutions to start assessing their LIBOR exposure and planning their transition. Here we offer some general impacts of the phasing out, some specific actions your institution can take to prepare, and, finally, background on how we got here (see Background at right).

How will the phase-out impact financial institutions?

The Federal Reserve estimates roughly $200 trillion in LIBOR-indexed notional value transactions in the cash and derivatives market². LIBOR is used to help price a variety of financial services products,  including $3.4 trillion in business loans and $1.3 trillion in consumer loans, as well as derivatives, swaps, and other credit instruments. Even excluding loans and financial instruments set to mature before 2021—estimated by the FDIC at 82% of the above $200 trillion—LIBOR exposure is still significant³.

A financial institution’s ability to lend money is largely dependent on the relative stability of its capital position, or lack thereof. For institutions with a significant amount of LIBOR-indexed assets and liabilities, that means less certainty in expected future cash flows and a less stable capital position, which could prompt institutions to deny loans they might otherwise have approved. A change in expected cash flows could also have several indirect consequences. Criticized assets, assessed for impairment based on their expected future cash flows, could require a specific reserve due to lower present value of expected future cash flows.

The importance of fallback language in loan agreements

Fallback language in loan agreements plays a pivotal role in financial institutions’ ability to manage their LIBOR-related financial results. Most loan agreements include language that provides guidance for determining an alternate reference rate to “fall back” on in the event the loan’s original reference rate is discontinued. However, if this language is non-existent, contains fallbacks that are no longer adequate, or lacks certain key provisions, it can create unexpected issues when it comes time for financial institutions to reprice their LIBOR loans. Here are some examples:

• Non-existent or inadequate fallbacks
  According to the Alternative Reference Rates Committee, a group of private-market participants convened by the Federal Reserve to help ensure a successful LIBOR transition, "Most contracts referencing LIBOR do not appear to have envisioned a permanent or indefinite cessation of LIBOR and have fallbacks that would not be economically appropriate"⁴.
  
  For instance, industry regulators have warned that without updated fallback language, the discontinuation of LIBOR could prompt some variable-rate loans to become fixed-rate², causing unanticipated changes in interest rate risk for financial institutions. In a declining rate environment, this may prove beneficial as loans at variable rates become fixed. But in a rising rate environment, the resulting shrink in net interest margins would have a direct and adverse impact on the bottom line.

• No spread adjustment
  Once LIBOR is discontinued, LIBOR-indexed loans will need to be repriced at a new reference rate, which could be well above or below LIBOR. If loan agreements don’t provide for an adjustment of the spread between LIBOR and the new rate, that could prompt unexpected changes in the financial position of both borrowers and lenders³. Take, for instance, a loan made at the Secured Overnight Financing Rate (SOFR), generally considered the likely replacement for USD LIBOR. Since SOFR tends to be lower than three-month LIBOR, a loan agreement using it that does not allow for a spread adjustment would generate lower loan payments for the borrower, which means less interest income for the lender.
  
  Not allowing for a spread adjustment on reference rates lower than LIBOR could also cause a change in expected prepayments—say, for instance, if borrowers with fixed-rate loans decide to refinance at adjustable rates—which would impact post-CECL allowance calculations like the weighted-average remaining maturity (WARM) method, which uses estimated prepayments as an input.

What can your financial institution do to prepare?

The Federal Reserve and the SEC have urged financial institutions to immediately evaluate their LIBOR exposure and expedite their transition. Though the FDIC has expressed no intent to examine financial institutions for the status of LIBOR planning or critique loans based on use of LIBOR³, Federal Reserve supervisory teams have been including LIBOR transitions in their regular monitoring of large financial institutions⁵. The SEC has also encouraged companies to provide investors with robust disclosures regarding their LIBOR transition, which may include a notional value of LIBOR exposure².

Financial institutions should start by analyzing their LIBOR exposure beyond 2021. If you don’t expect significant exposure, further analysis may be unnecessary. However, if you do expect significant future LIBOR exposure, your institution should conduct stress testing using LIBOR as an isolated variable by running hypothetical transition scenarios and assessing the potential financial impact.

Closely examine and assess fallback language in loan agreements. For existing loan agreements, you may need to make amendments, which could require consent from counterparties². For new loan agreements maturing beyond 2021, lenders should consider selecting an alternate reference rate. New contract language for financial instruments and residential mortgages is currently being drafted by the International Securities Dealers Association and the Federal Housing Finance Authority, respectively³—both of which may prove helpful in updating loan agreements.

Lenders should also consider their underwriting policies. Loan underwriters will need to adjust the spread on new loans to accurately reflect the price of risk, because volatility and market tendencies of alternate loan reference rates may not mirror LIBOR’s. What’s more, SOFR lacks abundant historical data for use in analyzing volatility and market tendencies, making accurate loan pricing more difficult.

Conclusion: Start assessing your LIBOR risk soon

The cessation of LIBOR brings challenges and opportunities that will require in-depth analysis and making difficult decisions. Financial institutions and consumers should heed the advice of regulators and start assessing their LIBOR risk now. Those that do will not only be better prepared―but also better positioned―to capitalize on the opportunities it presents.

Need help assessing your LIBOR risk and preparing to transition? Contact BerryDunn’s financial services specialists.

¹ https://www.washingtonpost.com/business/2017/07/27/acdd411c-72bc-11e7-8c17-533c52b2f014_story.html?utm_term=.856137e72385
² Thomson Reuters Checkpoint Newsstand April 10, 2019
³ https://www.fdic.gov/regulations/examinations/supervisory/insights/siwin18/si-winter-2018.pdf
^{4 https://bankingjournal.aba.com/2019/04/libor-transition-panel-recommends-fallback-language-for-key-instruments/
5} https://www.reuters.com/article/us-usa-fed-libor/fed-urges-u-s-financial-industry-to-accelerate-libor-transition-idUSKCN1RM25T

Who has the time or resources to keep tabs on everything that everyone in an organization does? No one. Therefore, you naturally need to trust (at least on a certain level) the actions and motives of various personnel. At the top of your “trust level” are privileged users—such as system and network administrators and developers—who keep vital systems, applications, and hardware up and running. Yet, according to the 2019 Centrify Privileged Access Management in the Modern Threatscape survey, 74% of data breaches occurred using privileged accounts. The survey also revealed that of the organizations responding:

• 52% do not use password vaulting—password vaulting can help privileged users keep track of long, complex passwords for multiple accounts in an encrypted storage vault.
• 65% still share the use of root and other privileged access—when the use of root accounts is required, users should invoke commands to inherent the privileges of the account (SUDO) without actually using the account. This ensures “who” used the account can be tracked.
• Only 21% have implemented multi-factor authentication—the obvious benefit of multi-factor authentication is to enhance the security of authenticating users, but also in many sectors it is becoming a compliance requirement.
• Only 47% have implemented complete auditing and monitoring—thorough auditing and monitoring is vital to securing privileged accounts.

So how does one even begin to trust privileged accounts in today’s environment? 

1. Start with an inventory

To best manage and monitor your privileged accounts, start by finding and cataloguing all assets (servers, applications, databases, network devices, etc.) within the organization. This will be beneficial in all areas of information security such as asset management, change control and software inventory tracking. Next, inventory all users of each asset and ensure that privileged user accounts:

• Require privileges granted be based on roles and responsibilities
• Require strong and complex passwords (exceeding those of normal users)
• Have passwords that expire often (30 days recommended)
• Implement multi-factor authentication
• Are not shared with others and are not used for normal activity (the user of the privileged account should have a separate account for non-privileged or non-administrative activities)

If the account is only required for a service or application, disable the account’s ability to login from the server console and from across the network

2. Monitor—then monitor some more

The next step is to monitor the use of the identified privileged accounts. Enable event logging on all systems and aggregate to a log monitoring system or a Security Information and Event Management (SIEM) system that alerts in real time when privileged accounts are active. Configure the system to alert you when privileged accounts access sensitive data or alter database structure. Report any changes to device configurations, file structure, code, and executable programs. If these changes do not correlate to an approved change request, treat them as incidents and investigate.  

Consider software that analyzes user behavior and identifies deviations from normal activity. Privileged accounts that are accessing data or systems not part of their normal routine could be the indication of malicious activity or a database attack from a compromised privileged account. 

3. Secure the event logs

Finally, ensure that none of your privileged accounts have access to the logs being used for monitoring, nor have the ability to alter or delete those logs. In addition to real time monitoring and alerting, the log management system should have the ability to produce reports for periodic review by information security staff. The reports should also be archived for forensic purposes in the event of a breach or compromise.

Gain further assistance (and peace of mind) 

BerryDunn understands how privileged accounts should be monitored and audited. We can help your organization assess your current event management process and make recommendations if improvements are needed. Contact our team.