Skip to Main Content

insightsarticles

What vendors want: Vendor decision process in answering requests for services

By: Julie Allen, Marnie Hudson,

Mary Corley has worked with Medicaid fiscal agent services for almost 30 years as a claims supervisor, documentation specialist, business analyst, and contract compliance analyst. She has more than 25 years of experience in all aspects of the RFP process including go/no-go analysis, content development, including managing all written content  from multiple team members and compiling into one document, proofreading, formatting, and production/delivery.

Mary Corley,

Misha Mosher is an experienced legal professional with proven project management, research, and analysis skills. She brings knowledge of the legal industry, trade publications, government regulations, procurement, intellectual property, technology licensing, privacy and security, and risk management.

Misha Mosher
10.09.20

Read this if your agency is planning to procure a services vendor. 

Every published request for services aims to acquire the highest-quality services for the best value. Requests may be as simple as an email to a qualified vendor list or as formal as a request for proposal (RFP) published on a state’s procurement website. However big or small the request, upon receiving it, we, or a potential vendor, triages it using the following primary criteria:

  1. Scope of services―Are these services or solutions we can provide? If we can’t provide the entire scope of services, do we have partners that can?
    As a potential responding vendor, we review the scope of services to see if it is clearly defined and provides enough detail to help us make a decision to pursue the proposal. Part of this review is to check if there are specific requests for products or solutions, and if the requests are for products or solutions that we provide or that we can easily procure to support the scope of work. 
  2. Qualifications―What are the requirements and can we meet them?
    We verify that we can supply proofs of concept to validate experience and qualification requirements. We check to see if the requirements and required services/solutions are clearly defined and we confirm that we have the proof of experience to show the client. Strict or inflexible requirements may mean a new vendor is unable to propose new and innovative services and may not be the right fit.
  3. Value―Is this a service request that we can add value to? Will it provide fair compensation?
    We look to see if we can perform the services or provide the solution at a rate that meets the client’s budget. Sometimes, depending upon the scope of services, we can provide services at a rate typically lower than our competitors. Or, conversely, though we can perform the scope of services, the software/hardware we would have to purchase might make our cost lower in value to the client than a well-positioned competitor.

An answer of “no” on any of the above questions typically means that we will pass on responding to the opportunity. 

The above questions are primary considerations. There are other factors when we consider an opportunity, such as where the work is located in comparison to our available resources and if there is an incumbent vendor with a solid and successful history. We will consider these and other factors in our next article. If you would like to learn more about our process, or have specific questions, please contact the Medicaid Consulting team.
 

Related Professionals

Principals

BerryDunn experts and consultants

Read this if your agency is planning to procure a services vendor.

In our previous article, we looked at three primary areas we, or a potential vendor, consider when responding to a request for services. In this follow-up, we look at additional factors that influence the decision-making process on whether a potential vendor decides to respond to a request for services.

  • Relationship with this state/entity―Is this a state or client that we have worked with before? Do we understand their business and their needs?

    A continuing relationship allows us to understand the client’s culture and enables us to perform effectively and efficiently. By establishing a good relationship, we can assure the client that we can perform the services as outlined and at a fair cost.
  • Terms and conditions, performance bonds, or service level agreements―Are any of these items unacceptable? If there are concerns, can we request exceptions or negotiate with the state?

    When we review a request for services our legal and executive teams assess the risk of agreeing to the state’s terms and compare them against our existing contract language. States might consider requesting vendors provide exceptions to terms and conditions in their bid response to open the door for negotiations. Not allowing exceptions can result in vendors assuming that all terms are non-negotiable and may limit the amount of vendor bid responses received or increase the cost of the proposal.

    The inclusion of well-defined service level agreements (SLAs) in requests for proposals (RFPs) can be an effective way to manage resulting contracts. However, SLAs with undefined or punitive performance standards, compliance calculations, and remedies can also cause a vendor to consider whether to submit a bid response.

    RFPs for states that require performance bonds may result in significantly fewer proposals submitted, as the cost of a performance bond may make the total cost of the project too high to be successfully completed. If not required by law that vendors obtain performance bonds, states may want to explore other effective contractual protections that are more impactful than performance bonds, such as SLAs, warranties, and acceptance criteria.
  • Mandatory requirements―Are we able to meet the mandatory requirements? Does the cost of meeting these requirements keep us in a competitive range?

    Understanding the dichotomy between mandatory requirements and terms and conditions can be challenging, because in essence, mandatory requirements are non-negotiable terms and conditions. A state may consider organizing mandatory requirements into categories (e.g., system requirements, project requirements, state and federal regulations). This can help potential vendors determine whether all of the mandatory requirements are truly non-negotiable. Typically, vendors are prepared to meet all regulatory requirements, but not necessarily all project requirements.
  • Onsite/offsite requirements―Can we meet the onsite/offsite requirements? Do we already have nearby resources available? Are any location requirements negotiable?

    Onsite/offsite requirements have a direct impact on the project cost. Factors include accessibility of the onsite location, frequency of required onsite participation, and what positions/roles are required to be onsite or local. These requirements can make the resource pool much smaller when RFPs require staff to be located in the state office or require full-time onsite presence. And as a result, we may decide not to respond to the RFP.

    If the state specifies an onsite presence for general positions (e.g., project managers and business analysts), but is more flexible on onsite requirements for technical niche roles, the state may receive more responses to their request for services and/or more qualified consultants.
  • Due date of the proposal―Do we have the available proposal staff and subject matter experts to complete a quality proposal in the time given?

    We consider several factors when looking at the due date, including scope, the amount of work necessary to complete a quality response, and the proposal’s due date. A proposal with a very short due date that requires significant work presents a challenge and may result in less quality responses received.
  • Vendor available staffing―Do we have qualified staff available for this project? Do we need to work with subcontractors to get a complete team?

    We evaluate when the work is scheduled to begin to ensure we have the ability to provide qualified staff and obtain agreements with subcontractors. Overly strict qualifications that narrow the pool of qualified staff can affect whether we are able to respond. A state might consider whether key staff really needs a specific certification or skill or, instead, the proven ability to do the required work.

    For example, technical staff may not have worked on this particular type of project, but on a similar one with easily transferable skills. We have several long-term relationships with our subcontractors and find they can be an integral part of the services we propose. If carefully managed and vetted, we feel subcontractors can be an added value for the states.
  • Required certifications (e.g., Project Management Professional® (PMP®), Cybersecurity and Infrastructure Security Agency (CISA) certification)―Does our staff have the required certifications that are needed to complete this project?

    Many projects requests require specific certifications. On a small project, maybe other certifications can help ensure that we have the skills required for a successful project. Smaller vendors, particularly, might not have PMP®-certified staff and so may be prohibited from proposing on a project that they could perform with high quality.
  • Project timeline―Is the timeline to complete the project reasonable and is our staff available during the timeframe needed for each position for the length of the project?

    A realistic and reasonable timeline is critical for the success of a project. This is a factor we consider as we identify any clear or potential risks. A qualified vendor will not provide a proposal response to an unrealistic project timeline, without requesting either to negotiate the contract or requesting a change order later in the project. If the timeline is unrealistic, the state also runs the risk that the vendor will create many change requests, leading to a higher cost.

Other things we consider when responding to a request for services include: is there a reasonable published budget, what are the minority/women-owned business (M/WBE) requirements, and are these new services that we are interested in and do they fit within our company's overall business objectives?

Every vendor may have their own checklist and/or process that they go through before making a decision to propose on new services. We are aware that states and their agencies want a wide-variety of high-quality responses from which to choose. Understanding the key areas that a proposer evaluates may help states provide requirements that lead to more high-quality and better value proposals. If you would like to learn more about our process, or have specific questions, please contact the Medicaid Consulting team.

Article
What vendors want: Other factors that influence vendors when considering responding to a request for services

Read this if you are at a state Medicaid agency. 

As the end of the Public Health Emergency becomes more likely, much attention has been paid to the looming coverage cliff as state Medicaid agencies re-determine eligibility for their programs. The impacts can be mitigated in part by planning and taking proactive steps.

In the unsettling initial days of the COVID-19 Public Health Emergency (PHE), the Centers for Medicare and Medicaid Service (CMS) temporarily increased federal matching funds for state Medicaid programs. In exchange, states would suspend redeterminations of enrollees’ eligibility for the duration of the PHE. 

For Medicaid, states were in effect prohibited from disenrolling an individual from Medicaid programs. The result, according to CMS data, is 14.8 million more people were enrolled in Medicaid as of late 2021 than before the pandemic, reaching a total of nearly 79 million Medicaid enrollees.  According to one estimate, the end of the PHE could bring a decline in the number of Medicaid enrollees by as many as 15 million. This number includes an estimated 8.7 million adults and 5.9 million children. 

Local and state government eligibility staff will need to review the submitted documents and determine if these members qualify for continued Medicaid coverage. The potential exists for members to lose coverage, due to factors such as having moved, not realizing their circumstances have otherwise changed, or being unable or unaware to return the required paperwork within appropriate timeframes.

State Medicaid agencies strive to maintain an equitable program while remaining trusted stewards of public funds. With a large base of beneficiaries, this change is expected to impact the community and the healthcare market, with broad implications for public health. Similarly, the federal requirement for continuous health coverage has also helped state Medicaid agencies by easing the strain on organizations during pandemic-related disruptions. 

For these reasons state Medicaid agencies may search for routes to limit the loss of coverage. This can be accomplished through finding policy levers to retain members, establishing routes to alternative forms of insurance, and mitigating the risk of coverage loss for members. 

Mitigating the likelihood of becoming uninsured

State Medicaid agencies can reduce the risk that members lose their coverage and become uninsured through a number of steps. 

  • Designing comprehensive, multi-pronged, and targeted communication strategies. States can help Medicaid members understand the requirements and timelines required to maintain their coverage.
  • Updating systems to automate and reduce administrative burden. Maximizing ex parte renewals through the use of existing data that is stored in integrated systems.
  • Making key decisions early. States can minimize coverage loss by carefully planning the unwinding process and their approach to resuming Medicaid eligibility renewals.
  • Coordinating with other forms of coverage. Confirm or design user-friendly pathways by which a member is transferred or referred to other alternatives like the Marketplace or CHIP.
  • Leveraging their health plans. Particularly when it comes to coordinating outreach and updating member information. Managed care plans are also able to refer members who are losing coverage to other qualified health plans.

Policy levers for retaining members

States may consider reviewing emergency state plan amendments and appendix k amendments completed during the PHE to determine what flexibilities are possible to continue under existing authorities. At the same time, states should consider what other policy options may help retain coverage for existing members- for example:

  • Adopt 12 months continuous eligibility. This can be done for children via a State Plan Amendment (SPA), for adults through an 1115 waiver, and for individuals enrolled in BHP (via BHP Blueprint revision) 
  • Establish 12 months of postpartum coverage. This can be done through several paths, including SPAs 
  • Review operational policy for efficiencies. For example, a State could consider modifying the frequency of periodic data matching 

Next steps

The US Department of Health and Human Service has previously indicated its intention to provide notification to states of the end of the PHE 60 days before its scheduled end. The PHE was renewed in April 2022, and as of this writing will last until mid-July, meaning enrollees could lose Medicaid coverage as soon as August 1. The enhanced FMAP and the Maintenance of Eligibility (MOE) requirements are in place until the end of the quarter in which the PHE ends. In the case of a July 2022 end date to the PHE, the enhanced FMAP would last through September 30, 2022. 

Regardless, Medicaid agencies will need to begin reviewing all enrollees’ eligibility, performing outreach, and designing system updates this summer. In terms of next steps, states should consider the following:

  • Evaluate your program and identify initiatives to prioritize in the coming year. Ask your CMS contact about the latest applicable guidance. 
  • Develop Advanced Planning Documents (APDs) to help fund technology needs for initiatives, along with training your SMA team and providers. 
  • Implement a communications management approach to engage stakeholders, and inform affected Medicaid members.
  • Marshal project management resources and develop a realistic and achievable roadmap to success.  
  • Explore agency contracting vehicles, cooperative contracts, and other procurements tools. 

We’re here to help. If you have more questions or want to have an in-depth conversation about your specific situation, please contact the Medicaid consulting team.

Article
Medicaid coverage gap: Tools and strategies for Medicaid agencies to help retain members

Read this if you are a not-for-profit organization.

With springtime upon us, it may be difficult to start thinking about this upcoming fall, but that is exactly what many folks in the nonprofit sector are starting to do. The reason for this? It’s because 2022 brings with it the mid-term election cycle. While technically an off-year election, many congressional and gubernatorial races are being contested, in addition to a myriad of questions that will appear on ballots across the country. It is around this time of year we start to see many questions from clients in the nonprofit sector in the area of political campaign activities, lobbying (both direct and grassroots), and education/advocacy.

This article will discuss the three major types of activities nonprofit organizations may or may not undertake in this arena and will offer guidance to give organizations the vote of confidence they need to not run afoul of the potential pitfalls when it comes to undertaking these activities.

Political campaign activity

Political campaign activities include participating or intervening in any political campaign on behalf of (or in opposition to) any candidate for elective public office, be it at the federal, state, or local level. Examples of such activities include contributions to political campaigns as well as making public statements in favor of or in opposition to any candidate. The IRS explicitly prohibits section 501(c)(3) organizations from conducting political campaign activities, the consequence of doing so being loss of exempt status. However, other types of exempt organizations (such as 501(c)(4) organizations) are allowed to engage in such activities, so long as those activities are not the organization’s primary activity. Only Section 527 organizations may engage in political campaign activities as their primary purpose. 

Direct lobbying

Direct lobbing activities attempt to influence legislation by directly communicating with legislative members regarding specific legislation. Examples of direct lobbying include contacting members of Congress and asking them to vote for or against a specific piece of legislation.

Grassroots lobbying

Grassroots lobbying, on the other hand, attempts to influence legislation by affecting the opinions of the general public and include a call to action. Examples of grassroots lobbying include requesting members of the general public to contact their representatives to urge them to vote for or against specific legislation.  

A quick way to remember the difference:
Political = think “P” for People – advocating for or against a specific candidate 
Lobbying = think “L” for Legislation – advocating for or against a specific bill

Education/advocacy

Organizations may engage in activities designed to educate or advocate for a particular cause so long as it does not take a specific position. For example, telling members of Congress how grants helped constituents would be considered an educational activity. However, attempting to get a member of Congress to vote for or against specific piece of legislation that would affect grant funding would be considered lobbying. Another example would be educating or informing the general public about a specific piece of legislation. Organizations need to be mindful here as taking a specific position one way or the other would lend itself to the activity being deemed to be lobbying, and not merely education of the general public. There is no limit on how much education/advocacy activity a nonprofit organization may conduct.

Why does this matter?

As you can see, there is a very fine line between lobbying and education, so it is important to understand the differences so that an organization conducting educational activities does not inadvertently end up conducting lobbying activities.

Organizations exempt under Code Section 501(c)(3) can conduct only lobbying activities that are not substantial to its overall activities. A 501(c)(3) organization may risk losing its exempt status and may face excise taxes on the lobbying expenditures if it is deemed to be conducting excess lobbying, whereas section 501(c)(4), (c)(5), and (c)(6) organizations may engage in an unlimited amount of lobbying activity.

What is substantial?

Unfortunately, there is no bright line test for determining what is considered substantial versus insubstantial. As an industry standard, many practitioners have taken a position that insubstantial means five percent or less of total expenditures, but that position is not codified and could be challenged by the IRS. 

Section 501(c)(3) organizations that intend to conduct lobbying activities on a regular basis may want to consider making an election under Code Section 501(h). This election is only applicable to 501(c)(3) organizations and provides a defined amount of lobbying activity an organization may conduct without jeopardizing its exempt status or becoming subject to excise tax. The 501(h) election limit is based on total organization expenditures with a maximum allowance of $1 million for “large organizations” (defined as an organization with total expenditures over $17,000,000). 

While the 501(h) election provides some clarity as to how much lobbying activity can be conducted, it may be prohibitive for some organizations whose total expenditures greatly exceed the $17,000,000 threshold. Another item to be aware of is that the lobbying threshold applies to all members of an affiliated group combined, which means the entire group shares the maximum threshold allowed. 

Another option for those engaging in lobbying is to create a separate entity (such as a 501(c)(4) organization) which conducts all lobbying activities, insulating the 501(c)(3) organization from these activities. As previously mentioned, organizations exempt under Code Section 501(c)(4) can conduct an unlimited amount of lobbying activities but can only conduct limited political campaign activities.

What about political campaign activities?

Section 527 organizations, known as political action committees, are exempt organizations dedicated specifically to conducting political campaign activities. If a 501(c)(4), (c)(5), or (c)(6) organization makes a contribution to a 527 organization, it may be required to file a Form 1120-POL and be subject to tax at the corporate tax rate (currently a flat 21%) based on the lesser of the political campaign expenditures or the organization’s net investment income. State income taxes may also be applicable. Section 501(c)(3) organizations may not make contributions to 527 organizations. 

If your organization is considering participation in any of the above activities, we would recommend you reach out to your not-for-profit tax team for additional information. We’re here to help!

Article
Lobbying and politics and education, oh my!

Read this if you have a cybersecurity program.

This week President Joe Biden warned Americans about intelligence that indicated Russia may be preparing to conduct cyberattacks on our private sector businesses and infrastructure as retaliation for sanctions applied to the Russian government (and the oligarchs) as punishment for the invasion of Ukraine. Though there is no specific threat at this time, President Biden’s warning has been an ongoing message since the invasion began. There is no need to panic, but this is a great time to re-visit your current security controls. Focusing on basic IT controls goes can make a big difference in the event of an attack, as hackers tend to go after the easy, low hanging fruit. 

  1. Access controls
    Review and understand how all access to your networks is obtained by on-site employees, remote employees, and vendors and guests. Make sure that users are maintaining strong passwords and that no user is connecting remotely to any of your systems without some form of multi-factor authentication (MFA). MFA can come in the form of a token (in hand or built-in) or as one of those numerical codes you have delivered to your phone or email. Poor access controls are simply the difference between leaving your house unlocked versus locked when you leave to go somewhere. 
  2. Patching
    One of the most common audit findings we have to date and one of the biggest reasons behind successful attacks is related to unpatched systems. Software patches are issued by software providers to address vulnerabilities in systems that act as an unlocked door to a hacker, and allow hackers to leverage the vulnerability as a way to get into your systems. Ensuring your organization has a robust patch management program in place and that systems are up-to-date on needed patches is critical to your security operations. Think of an unpatched system like a car with a broken window—sure the door is locked, but any thief can reach through the broken window and unlock the car. 
  3. Logging 
    Account activity, network traffic, system changes—these are all things that can be easily logged and with the right tools, configured to alert you to suspicious activity. Logging that is done correctly can alert management to suspicious activity occurring on your network and notifies your security team to investigate the issue. Consider logging and alerting like your home’s security camera. It may alert you to the activity outside, but someone still needs to review the footage and react to it to mitigate the threat.  
  4. Test backups and more
    Making sure that your systems are successful backed up and kept separate from your production systems is a control we are all familiar with. Organizations should do more than just make sure their backups are performed nightly and maintained, but need to make sure that those data backups can be restored back to a useable state on a regular basis. More so than backups, we also often hear in the work we do that our client’s test only parts of their disaster recovery and failover plans—but have never tested a full-scale fail-over to their backup systems to determine if the failover would be successful in the event of an event or disaster. Organizations shouldn’t be scared to do a full-scale failover test, because when the time comes, you may not have the option to do a partial failover and just hope that it occurs successfully. Not testing your backups is like not test driving a car before you buy it. Sure it looks nice in the lot, but does it actually run? 
  5. Incident Management Plan 
    We often review Incident Management Plans as part of the work we do, and often note that the plans are outdated and contain incorrect information. This is an ideal time to make sure your plans are current and reflect changes that may have occurred, like your increasingly remote work force, or that systems have changed. An outdated Incident Management Plan is like being sick and trying to call your doctor for help only to find out your doctor has retired. 
  6. Training—phishing attacks
    Hackers’ most common approach to gain access to systems and deploy crippling ransomware attacks is through phishing campaigns via email. Phishing campaigns trick a user into either providing the hacker with credentials to log into systems or to download malware that could turn into ransomware through what appears to be legitimate business correspondence. Training end-users on what to look for in verifying an email’s authenticity is critical and should be seen as an opportunity that benefits the entire organization. Testing users is also critical so management understands the current risk and what is needed for additional training. Security teams should also have other supporting controls to help prevent phishing emails and detection tools in place in case a user does fall for an email. Not training your employees on security is like not coaching your little league team on how to play baseball and then being surprised you didn’t win the game because no one knew what to do. 

In the current environment, information security is an asset to any organization and needs to be supported so that you can protect your organization from cyberattacks of all kinds. While we can never guarantee that having controls in place will prevent an attack from occurring, they make it a lot more challenging for the hacker. One more analogy, and then I’m done, I promise. Basic IT controls are like speedbumps in a neighborhood. While they keep most people from speeding (and if you hit them too fast they do a number on your car), you can still get over them with enough motivation. 

If you have questions about your cybersecurity controls, or would like more information, please contact our IT security experts. We’re here to help.

Article
Cyberattack preparation: A basics refresher

Read this if you are interested in grant compliance in healthcare. 

This is a companion article to the podcast, Mitigating the compliance and revenue integrity risk of grant funded healthcare programs.

The BerryDunn Healthcare Practice Group boasts professionals who have expertise all across the spectrum of healthcare, including regulatory, revenue, integrity, general compliance, and risk management issues. This article covers the very specific arena of grant compliance affecting many of BerryDunn’s healthcare, not-for-profit, and government clients.

After starting as a newly minted MBA financial analyst with an academic medical center in Northern New England, I (Markes) worked my way into the world of grants and contracts supported by my interest in federal regulations and the non-clinical revenue streams. Fascinated to navigate through waters where it seemed no one was the expert, or really had the time or patience to figure things out, I worked to stand up a grant office in finance on the hospital side, separate from the medical school which was the usual repository for grant funding. We moved this direction because hospital leadership realized grant funding was tipping toward the clinical setting and was less focused on bench or clinical research. Put another way, less NIH and more CDC, HRSA, and CMS.

BerryDunn Senior Manager Regina Alexander advises, “wherever there is complexity, there is compliance risk.” Whether from a federal agency like HHS, HRSA, NIH, or CDC, a state Medicaid program, foundation, or private source, grants always come with requirements, typically very specific requirements. Because the dollars are being ‘given’, those requirements for how the funds are used may be much more restrictive than loans.

Like other areas of regulatory compliance, it is reasonable to assume that grant programs often have compliance gaps that go unnoticed. For many of our clients, both in healthcare and not-for-profit, and in the government space, grant revenue has become a significant source of funding. Any kind of healthcare delivery organization, including academic medical centers, federally qualified health centers, community hospitals, behavioral health service organizations, home health providers, visiting nurse associations, and others can end up with significant portions of their income for the year being sourced by federal grants.

Grant compliance categories

We all can’t be experts in every domain of regulatory compliance, and grant compliance has a lot of breadth. Thankfully, at BerryDunn, we have a team of grant experts who work collaboratively across practice groups. When I was working on setting up the grant office and establishing a proprietary clinical FTE reporting process and system earlier in my career, I would have greatly benefited from the perspectives of other experts at the table.

When we think about grant compliance, four categories are helpful to keep in mind:

  1. Restricted funding
  2. Single audit
  3. Indirect rate
  4. Time and effort

Restricted funding

Firstly, and most universally understood and applied is that grant monies are, pretty much by definition, restricted. Aside from very specific and rare instances of monies being granted to beneficiaries who have no responsibility, all grant funding is awarded with the expectation that the funds will be expended in a specific way. 

Any funder, from the federal government to your local community organization like the Lions Club or the VFW, will likely require individuals and entities awarded a grant must promise to use the funds only for the purpose laid out in the award and proposal. Compliance with grant terms typically includes following the requested reporting requirements of that funder as well. Though this category may sound obvious, it's actually pretty far-reaching, as it usually affects sub-recipients (those entities who are partnered with the direct recipient to accomplish the grant purpose). For example, where the money goes after the initial awardee receives it, or rules about who can do the work, what type of organization, how you choose a vendor, etc.—all sorts of categories.

It should be noted that many of these grant award requirements are not dissimilar from work we already do in the healthcare compliance space to assist our clients in avoiding anti-kickback statutes and Stark risks. This is because grant compliance is grounded in the same basic concepts—no favoritism, no bribes or shady deals, and avoiding fraud, waste, and abuse. Especially if you're spending federal monies, you need to prove that you choose the vendor based on verifiable best practices, and consideration was afforded to organizations owned by women, veterans, and minorities.

Single audit 

The second category, Single Audit, is applicable to all federal funding of $750,000 or more annually. My colleague from BerryDunn’s Not-for-Profit practice group, Katie Balukas, explains: 

"The federal Single Audit Act is a requirement for entities to undergo an independent financial and compliance audit when the entity has expended over $750,000 in federal awards. These audits are conducted following guidance issued through the Governmental Auditing Standards and the United States Office of Management and Budgets' Uniform Guidance. The main focus of the compliance audit is to assess the entity's compliance with the requirements set forth by the federal agency that administered the grant funds. That includes, but is not limited to determining if the funds were utilized for allowable costs and activities and expanded within the proper grant period and that the reporting and performance objectives were met."

It is important to note that adequate, appropriately scaled internal resources are essential for any organization receiving grants and even more so with larger grants. Though the phrase has been overused, it really does “take a village”. Grant management isn't something an organization should do on the side, assigning grant accounting to someone who already has a full-time role, but unfortunately this is common and also unfortunate because under resourcing tends to lead to compliance concerns, as well as just plain old poor funding management. 

Indirect rate

Speaking of funding, the third type of grant compliance is very focused on a component of the grant world that really has a life of its own: The indirect rate. Though there is an accounting definition of ‘indirect’, the way it is defined regarding grant funding is pretty specific, and there is an entire body of work organizations undertake to get a federally approved indirect rate.

There's an awful lot to think about with the indirect rate. On the one hand, you could say it's pretty simple. For example, a lot of foundation funders and even some federal funders will offer you a 5% or 10% indirect rate without any need to make a calculation. That's because they know that if you take time to do the math, you'll come up with a number much higher than 5% or 10%. When it comes to federal grants and healthcare services organizations, the indirect rate is dependent on how an organization measures costs. For hospitals, of course, the method of measurement is driven by the Medicare cost report, and that's where we would do the fancy math to derive the indirect rate. But the reality is far from simple or straightforward. 

Time and effort

The fourth and final area of grant compliance, time and effort, is also the one I'm actually most passionate about and is probably the most minimized, or at the very least, misapplied. 

In one way, “time & effort” is exactly what it sounds like. Much of granted dollars, especially from the federal government, get appropriately spent on program staff. The challenge is to match time and effort to those dollars, but that isn't as clear as it sounds, because the standard way of measuring staff time is usually in a payroll system of some sort, which can't prove how time was spent.

Most payroll systems can be programmed to account for FTE (full-time equivalent) allocations; however, there is often a breakdown between theory and practice. Putting allocations into payroll, usually done without employee interaction, may show how an employee “should” spend their time, but it is really no guarantee that that's actually how they're spending their time.

So how does the organization typically go about assuring that? Now, I don't want to speak for everyone, but let's just say I happen to know that there's a place for two or three (or maybe 10,000) that basically put allocations into payroll, and then, unfortunately, often well after the fact and/or more than once, send that allocation to the employee to sign off on without really any option to disagree, or even to modify. We all know that is not compliant…but in the organization's defense, there really haven't been very good alternatives to that kind of woeful and frustrating process, at least none that have been widely shared or understood.

As often is the case in the compliance world, rules are not followed because there is no perceived risk, but that is not a winning strategy.

Though many people involved in grant management do not have any experience or even knowledge of time and effort violations meeting with any consequences, organization interest and grant compliance have more implications than just preventing front page news. What I find in the conversations with organizations, both large and small, is that loose time and effort management costs the organization in two major ways. 

Firstly, it is inefficient to scramble around at the close of each federal grant to fix time and effort allocations. The extra time spent by grant staff, project coordinators, managers, and the finance team to sort things out because they didn't get them right the first time is the worst kind of inefficient—poor use of time with an equally poor outcome. 

Secondly, loose time and effort is costly in direct salary dollars. Most grant staff are not dedicated to one project, so we need to consider the value of their other work. Whether that is on other grants or, for example, seeing patients in the clinic as many principal investigators in healthcare do, having inaccurate or fluctuating understandings of their ability costs the organization directly in wasted salary dollars or indirectly as the opportunity cost of those providers (or other roles in other organizations). 

Digging in and fixing these issues is the work I really enjoy. It's relatively simple to build a compliant model, whether that requires very little payroll redo and is just a simple recurring attestation process in built in Excel, or more complex integrated models with triggered attestations in PDF format in a database that manages the overall FTE of principal investigators. It might even drive the available clinical provider time. It can all be done. We just need to know what the goal is. 

Working in this space so rewarding, because like so much of compliance, it's about doing something better—not just being compliant—but setting organizations up to better meet their goals and fulfill their mission.

The compliance or accounting professional might still ask, “But why aren’t payroll allocations sufficient for meeting Uniform Guidance?” The truth is, when UG came into effect and superseded the A-110, 122, 133, and others, the bar was effectively lowered. Historically, organizations abiding by the old OMB circulars had to make an attestation at least twice a year, which doesn’t really seem helpful, as who can accurately allocate their time from 5 or 6 months ago? So UG did away with the timeframe reference, relying on the idea that the payroll allocations and distributions would be all that would be needed, and in the absence of those, a monthly ‘look back’ by professional staff would be in order.

I say all this, because as a result, the interpretation of ‘payroll allocations’ then becomes the standard and we have forgotten about the other elements spoken of in the regulation. Remember, for anyone salaried (the vast majority of physicians and most of the higher level grant personnel), the ‘payroll allocation’ doesn’t pass muster. It is a static allocation that has no mooring in actual activity. This is why UG calls for monthly “current and reasonable estimates” of time and effort.

So what can organizations do in response? They need to seek a solution, a process, and a method that will both pass audit muster, as well as help the organization properly manage their resources. Almost every organization manages their productivity and finances on a regular basis: monthly! That’s why the same standard should apply to grant time and effort management. It's much more reasonable to ask you how you spent your effort this month, asking you to make a reasonable estimate of your time allocations to the different efforts you worked on.

So to summarize, the four key areas of grant compliance are (1) grants are restricted funding, (2) single audit requirement for federal funding over $750,000 annually, (3) the indirect rate and related agreement, and (4) time and effort.

Of course, I would be remiss to not point out that undergirding all this is the organization’s approach to policy. Any organization that considers grant funding a regular piece of their annual income needs to have dedicated grant management policies, covering all of the above topics, with particular focus on those arenas that are unique to the world of federal funding, and being mindful to follow or otherwise update for changes in processes and/or regulations.

Final takeaways: 

  • First, what grant focused infrastructure do you have in place? If you are subject to a single audit, there should be dedicated administrative grant staff. And I don’t mean the programmatic people actually working on the grant, but people outside the grant funding—also why you have an indirect rate. 
  • Second, how are you handling time and effort? If the process relies on any long after-the-fact attestations or payroll-generated reporting, it is unlikely to be truly following the spirit…or the letter…of Uniform Guidance. 
  • Third, review your policies regarding grants. You may not actually have policies focused on grant activities, leaving them under ‘general finance’. That isn’t sufficient to cover federal funding requirements. Many have grant policies in place, but are they actually being followed through the lifecycle of your grant programs? 
  • Lastly, the grant world is a whole ball game unto itself. BerryDunn has some great resources internally to offer assistance in all phases of grant management and administration. 
Article
Mitigating risk of grant funded healthcare programs

Read this if you work in finance or accounting or rely on financial reporting information.

Does your financial close process provide the information you need to make educated business decisions? 

Timely reporting of financial results is key to stakeholder decision making. As a result of market and regulatory obligations, companies and organizations are confronted with increasingly strict guidelines for the delivery of timely, accurate reports. Enormous amounts of information on transactions must be processed in a limited timeframe. This requires a great deal of effort on the part of your accounting and finance teams. 

The typical financial close process can be broken down into the following segments:

While this workflow seems straightforward enough, the financial close is not a single flat process, but the combination of many interrelated and often codependent processes—each with its own stages. The closing and reporting process is complex, and involves many different data suppliers and dependencies. Think your billing department, accounts payable, cash receipt, procurement, and more. All of these areas are likely to have data inputs that go into your financial close.
 

It often ends up looking like this when you consider each task:


 
To make the situation more challenging, as companies and organizations grow, the closing process can become more onerous and take longer to complete. Tasks in the financial close process are often added to an existing process—a process that may be more reactionary and based in historical practice, and may not have been well thought-out or planned for the current environment. Adding these tasks and increasing data inputs and outputs adds additional pressure to an incredibly important, but often forgotten task: analysis.

The majority of finance departments spend the bulk of their time on the financial close itself. Unfortunately, this can lead to delays, uncovering mistakes well after the fact, and reports lagging behind current business operations. The later the analysis is performed and the reports are distributed, the less useful they become for decision making. 

Financial close optimization

The good news? There is a strategy to optimize your financial close process, called financial close optimization, or fast closing. Fast closing is the periodic and structured closing and reporting process, in which all knowledge about the financial facts is collected and distributed to stakeholders more quickly.

There is an emerging trend for more frequent financial reporting, which allows companies and organizations to be more nimble and responsive to financial results, especially when facing an unprecedented crisis like the COVID-19 pandemic. Optimizing the financial close process allows for quicker reporting of business results to give stakeholders a more timely financial picture.

We understand the scarcity of human and financial resources continues to prove challenging to financial teams. Creating a culture of continuous improvement is a challenging task for almost any finance team—but given the benefits of a fast closing and the increased costs of a longer close, is this something that can be ignored any longer?

Look out for our next article on tips and strategies to optimize your financial close, which can lead to:

  • Freeing up resources to provide finance teams more time for a deeper analysis of operating performance and other strategic objectives
  • Providing more accurate and timely reporting
  • Improving the organization’s audit readiness 
  • Lessening the need for traditional routine tasks 
  • Increasing focus on clients, patients, and customers by spending more time looking ahead to possible opportunities. 

If you have any questions on how to improve your financial close, please contact us. We’re here to help.

Article
Financial close: Increasing complexity calls for improving processes  

Read this if you are interested in building a thriving workforce.

As businesses across the country continue to struggle to find and keep employees during the pandemic-influenced Great Resignation, it is time to build a workplace that sends a clear message to employees: “We care about you as a person. We trust you to do great work. Your well-being matters.” 

Many leaders and HR teams will send communications that emphasize the importance of people and the value of well-being. Despite this messaging, many organizations are missing opportunities to make well-being a natural part of day-to-day operations. The resulting disconnect between messaging and reality can result in employee frustration, disengagement, and cynicism. We’ve compiled a list of some of the most common workplace factors that can disrupt an organization’s intentions to build a strong well-being culture. 

Negative influences on building a strong well-being culture

 


Overcoming the challenges to your well-being goals takes time. And while it is natural for organizations to think of employee well-being as the responsibility of human resources and leadership, in reality well-being is a product of every part of the employee experience. In other words, it’s everyone’s job.

Well-being program considerations

Understanding the pain points for employees is an essential element of any successful well-being program, even if those pain points exist outside the domain of traditional well-being and wellness programs. Here are some things to consider:

  • Find out what matters to your employees, as every organization is different. Use surveys, interviews, and focus groups to understand priorities and do something meaningful with what you learn.
  • Make a plan to address operational challenges. Put simply, outdated technology and inefficient business processes stress employees out.
  • Assess your well-being strategy to identify strengths, gaps, and opportunities for improvement.
  • Develop and implement a strategic well-being plan that aligns with your organizational culture and goals. 
  • In the midst of planning a big system implementation of organizational change? Consider ways to integrate well-being as part of high-stress initiatives. 

Does your organization’s messaging about well-being line up with the employee experience? Have questions or need ideas about your specific situation? Contact our well-being consulting team. We’re here to help.

Article
Workplace well-being: More than words and good intentions

Read this if you are at a public health agency.

As public health workforce challenges worsen through retirements, burnout, and added need for public health workers highlighted by the COVID-19 pandemic, funding levels for public health remain increased for the time being. This provides opportunities for states to leverage federal programs and funding streams to help ensure a strong and capable public health workforce to meet the needs of all communities. An important consideration for states is the level of cultural competence among their public health workforce.

Cultural competence: Definition and benefits

Cultural competence refers to the capacity to function effectively, both as an individual and an organization, in relation to community members’ cultural beliefs, behaviors, and needs. It allows public health professionals to provide more effective public health services to individuals and communities with cultures different from their own—through awareness, respect, and willingness to learn about cultural differences. The necessity of cultural competence in public health is especially timely due to new and existing disparities that have been highlighted by COVID-19 outcomes and the ripple effects of the pandemic.

Benefits of a culturally competent public health workforce include greater public trust in the public health system, more equitable and effective public health services, improved understanding of existing barriers and community health status, and the potential to reduce disparities and improve both healthcare access and health outcomes in historically marginalized communities.

As many states face significant workforce gaps and challenges in recruiting, training, and retaining staff, it is important to leverage best practices and key indicators of success to inform a sustainable and effective approach for workforce development. States may benefit from assessing gaps in cultural competence and related skills, and by identifying specific cultural competency areas and abilities they aim to achieve in the workforce. A strategic approach is necessary for maximizing the sustainability and long-term benefit of federal funding opportunities, such as those for public health workforce development in rural areas. 

Strategies and best practices for developing a culturally competent public health workforce 

There are many steps you can take toward building cultural competence in your agency. Some of them include:

  • Develop and implement a periodic assessment of workforce cultural competence, and training to measure improvement and incorporate up-to-date best practices
  • Recruit diverse staff to reflect the culture and demographics of communities, including the provision of linguistic support
  • Create and improve pipeline training programs by collaborating with local colleges, universities, and schools of public health and identifying existing gaps in the workforce and in public health educational opportunities 
  • Support inter-professional education and teams for community-based interventions, to foster collaboration between public health and healthcare professionals in the community to better meet needs 

Important first steps to improve and foster cultural competence in the public health workforce include setting goals related to building community partnerships and what those partnerships will achieve. 

Other steps for building cultural competence 

Additionally, collecting diversity data and demographic characteristics of the public health workforce, measuring and evaluating performance of the public health workforce and public health services, and reflecting community diversity within the workforce are necessary for developing a workforce that supports community cohesion and trust of community members. These steps can help you assess where you can strengthen services and how communities can be better reflected in the public health services they receive. Effective communication and language access are also critical steps to improve and foster cultural competence in the public health workforce.

BerryDunn can provide state public health and human services agencies with strategic policy and programmatic guidance and management support to maximize the benefits of federal programs to facilitate public health workforce development. 

If you have any questions about your specific situation, or would like more information, please contact our Public Health Consulting team. We’re here to help.

Article
Developing a culturally competent public health workforce

Is your Women, Infants, and Children (WIC) agency struggling with Maintenance and Enhancement (M&E) vendor management? Here are some approaches to help improve your situation: 

  • Product Management Office (PdMO): Product management can help you manage your WIC system by coordinating and planning releases with the M&E vendor, prioritizing enhancements, reviewing workflows, and providing overall vendor management.
  • Project Management Office (PMO): Project management can help with budgeting, resource management, risk management, and organization. 
  • A blend of product and project management is a great partnership that can relieve some of the responsibilities of WIC agency staff and allows a third party to provide support in all areas of product and project management.

Whether you are an independent WIC State Agency (SA) or a multi-state consortium (MSC), having a PMO and/or PdMO can help alleviate some of the challenges facing WIC today. While an MSC may present significant cost savings, managing an M&E contract for multiple states can be overwhelming. Independent state agencies (SAs) may not have multiple states to coordinate with, but having the staff resources for vendor facilitation and implementing federal changes can be challenging. A PMO/PdMO can aid in improving business and technology outcomes for SAs and MSCs by bringing a level of coordination and consistency that otherwise might not happen. 

As federal changes grow in complexity, evidenced by the many changes to WIC stemming from the American Rescue Plan Act, coupled with workforce challenges in government, the importance of a PMO/PdMO has never been greater. Here are six ways a PMO/PdMO can help you:

  1. Facilitate the vendor relationship
    A PMO/PdMO not only holds the vendor accountable but also takes some of the workload off the SA by facilitating meetings, providing meeting notes, and tracking action items and decisions.
  2. Manage centrally located data
    A PMO/PdMO keeps all documents and data in a centralized location, fostering a collaborative environment and ease of access to needed information. A centralized location of data allows SAs to be on the same page for consistency, quality control, and to support the state’s need for clean, reliable information that is current and accurate.
  3. Track and mitigate risks 
    Effective risk management requires a substantial commitment of time and resources. The PMO/PdMO identifies, tracks, and assesses the severity of risks and suggests approaches to manage those risks. Some PMO/PdMOs assess all risks based on a severity index to help clients determine which risks need immediate action and which need monitoring.
  4.  Assist in the creation of Implementation Advanced Planning Document Updates (IAPDUs) 
    Creating and implementing an IAPDU can be time-consuming, confusing, and requires attention to detail. A PMO/PdMO alleviates time and pressure on SAs by helping to ensure that an IAPDU or funding request clearly outlines a plan of action to accomplish the activities necessary to reach an organization’s goal. PMO/PdMOs can draft IAPDUs to determine the need, feasibility, and projected costs and benefits for service. 
  5. Provide an unbiased, third-party opinion 
    A PMO/PdMO will offer an unbiased, third-party opinion to help avoid misunderstanding and frustration, decision stalemates, inadequate solutions, and unpleasant relationships between WIC agencies and M&E vendors. 
  6. Provide the right combination of business and technical expertise
    Staffing challenges (exacerbated by COVID-19), difficulties finding expertise managing software change management for WIC, and a retiring workforce knowledgeable in WIC system implementation have in some cases left SAs without critical resources. Having the right combination of skills from a third party can resolve some of these challenges.

Independent SAs or MSCs would benefit from having a PMO/PdMO to help meet the challenges WIC agencies face today, whether it is an unplanned funding change or updates to the risk codes. With the help of a PMO/PdMO developing standard practices and methodologies, SAs and MSCs can deliver and implement high-quality services more consistently and efficiently. The role of the PMO/PdMO is far-reaching and positively impacts WIC by providing backbone support for WIC’s overarching goal, to “safeguard the health of low-income women, infants, and children who are at nutrition risk.”

If you have questions about PMOs or PdMOs and the impact they can have on your agency, please contact us. We're here to help.

Article
Product Management Office: Benefits for WIC state agencies