Skip to Main Content

Read this if you are a plan sponsor of employee benefit plans.

This article is the eleventh in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with Employee Retirement Income Security Act (ERISA) requirements. You can read the previous articles here.

Most employee benefit plans have outsourced a significant portion of the internal controls to a service organization, such as a third-party administrator. The plan administrator has a fiduciary responsibility to monitor the internal controls of the service organization and to determine if the outsourced controls are suitably designed and effective.

SOC 1 reports: Internal controls and financial reporting

Generally, the most efficient way to obtain an understanding of the outsourced controls is to obtain a report on controls issued by the service organization’s auditor. Commonly referred to as a System and Organization Controls (SOC) report, the SOC report should be based on the American Institute of Certified Public Accountants’ (AICPA) attestation standards and should cover internal controls relevant to financial reporting, also known as a SOC 1 report (the “1” indicating it covers internal controls over financial reporting).

Plan sponsors should perform a documented review of the SOC 1 report for each of the plan’s significant service organizations. The documented review should include the plan sponsor’s assessment of the complementary user entity controls outlined in the SOC 1 report. The complementary user entity controls are internal control activities that should be in place at the plan sponsor to provide reasonable assurance that the controls tested at the service organization are operating effectively at your plan. If a service organization’s internal controls are operating effectively, but complementary user entity controls are not in place at your organization, the effectiveness of the service organization’s internal controls may not transfer to your plan’s operations.

Creditability and CPA firms: Considerations

Creditability of the CPA firm completing the SOC 1 report examination may impact the reliability of the CPA firm’s opinion and thus your reliability on the service organization’s internal controls. Unfamiliarity with the service auditor’s qualifications may be mitigated through additional research. Items to consider are: 

  • The firm’s expertise in SOC 1 reporting
    • Are they familiar with the service organization’s industry?
    • How many professionals do they have that perform SOC 1 examination services?
  • The evaluation of AICPA peer reviews 
    Audit firms are required to have a periodic peer review conducted. The results of the peer review are public knowledge and can be found on the AICPA’s website.
    • Did the service auditor receive a “pass” rating during their most recent peer review?
    • Did the peer review cover SOC 1 examination services?
  • Evaluation of the service organization’s due diligence procedures surrounding the selection of an auditor

Some of this information may be readily available via the service auditor’s website, while other information may need to be gathered through direct communication with the service organization. A qualified service auditor should be able to provide a SOC 1 report that contains sufficient detail, relevant transactional activity, relevant control objectives, and a timely reporting period.

SOC 1 reports may contain an unqualified, qualified, adverse, or disclaimer of opinion. The report determines if the controls in place are adequate for complete and accurate financial reporting. Report qualifications may affect the risk of relying on the service organization and may result in the need for additional procedures or safeguards to help ensure the plan’s financial statements are presented fairly. Even if the SOC 1 report received an unqualified opinion, you should review the controls tested by the service auditor and the results of such testing for any exceptions. Exceptions, even if they don’t result in a qualified opinion, may have an impact on the plan’s control environment. 

You should also review the scope of the audit to check that all significant transaction cycles, processes, and IT applications were properly assessed for their impact on the plan’s financial statements. Areas outside the scope of the SOC 1 report may require additional consideration, including the possibility of obtaining more than one SOC 1 report for subservice organizations whose functions were carved out from the service organization’s SOC 1 report.

Subservice organizations

Subservice organizations are frequently utilized to process certain transactions or perform certain functions at the service organization. Management of the service organization may identify certain transaction cycles and processes that are performed by a subservice organization and choose to exclude relevant control objectives and related controls from the SOC 1 report description and the scope of the auditor’s engagement. In such cases, multiple SOC 1 reports may need to be acquired to gain adequate coverage of all controls and objectives relevant to your plan. 

Furthermore, you need to consider the time period the SOC 1 report covers. Coverage should be obtained for your plan’s full fiscal year. For SOC 1 reports that lack coverage of your plan’s full fiscal year, a bridge letter should be obtained to help ensure that no significant changes in controls occurred between the SOC 1 report examination period and the end of your plan’s fiscal year.

Although plans commonly outsource a significant portion of their day-to-day operations to service organizations, plan fiduciaries cannot outsource their responsibilities surrounding the maintenance of a sound control environment. SOC 1 reports are a great resource to assess the control environments of service organizations. However, such reports can be lengthy and daunting to review. We hope this article provides some best practices in reviewing SOC 1 reports. If you have any questions, or would like to receive a copy of our SOC 1 report review template, please don’t hesitate to reach out to our Employee Benefits Audit team.

Article
Service organizations and review of SOC 1 reports: Considerations and recommendations

Read this if you are a Skilled Nursing Facility (SNF) providing services to Medicare beneficiaries.

Skilled Nursing Facility (SNF) bad debt expenses resulting from uncollectible Medicare Part A and Part B deductible and coinsurance amounts for covered services are reimbursable under the Medicare Program on a full-utilization Medicare cost report. SNF providers can report allowable Medicare bad debt expense on Worksheet E, form CMS-2540-10. Currently Medicare reimburses 65% of the allowable amount, less sequestration, if applicable.  

BerryDunn maintains a database of SNF as filed Medicare cost reports nation-wide. We analyze data annually, looking for trends and opportunities to help providers optimize available reimbursement. Cost reports data shows that in 2018–2020, on average, 75% of facilities nation-wide reported allowable bad debts, and claimed, on average, close to $63,000 of reimbursable bad debts for Medicare Part A. 

To compare facilities of different sizes and Medicare utilization rate, we also show bad debts on per Medicare patient day basis (figure 2). In FY 2020, all US regions experienced an increase in reimbursable Medicare Part A debt, averaging $19.43 per Medicare patient day.  

Understanding the requirements for bad debts and utilizing this reimbursing opportunity could help your facility’s bottom line. 

Medicare bad debt checklist now available

To support SNFs with reimbursement for these costs, BerryDunn’s healthcare consulting team has developed a checklist that provides insight into the Medicare cost report opportunities. 

Download the checklist, and please contact us if you have any questions about your specific situation or would like to learn more.

Article
Medicare bad debt: Review sample procedures for Skilled Nursing Facilities

Read this if you use QuickBooks online.

The money you spend to run your business must be recorded conscientiously for your taxes and reports. Here’s how to do it.

You undoubtedly keep a very close watch on the money coming into your business. You record payments as soon as they come in and deposit them in your company’s bank account. But are you as careful about your purchases?

It’s easy to go out to lunch with a client and forget to save the receipt. You figure it’s not that much money, anyway. Or you pick up a ream of printing paper and a cartridge at the office supply store and neglect to record the purchase. When you disregard even small expenses, you can have two problems. One, your books won’t be accurate. And two, you never know how an extra $42.21 under Meals and Entertainment might affect your income taxes.

QuickBooks Online provides two ways to enter expenses. You can create a record on the site itself. Or you can snap a photo with your phone using the QuickBooks Online mobile app to document the money spent. Here’s how these two methods work.

Documenting at your desk

Let’s say you just had lunch with a vendor to discuss some products you’re planning to buy for a project you’re doing for a customer. You charged it to your company credit card, which you track in QuickBooks Online. You still have to enter it as an expense on the site so that when your credit card statement comes, you can match the credit card transaction to the expense you recorded.

Hover over Expenses in the navigation toolbar and click on Expenses. Click the down arrow in the New transaction button and select Expense. Fill in the fields at the top of the screen with details like Payee, Payment date, and any Tags you want to specify. Under Category details, select the correct category from the drop-down list and enter a Description and Amount

QuickBooks Online allows you to thoroughly document expenses. You can attach a picture of a receipt if you’d like.

Since you’re going to bill this to the customer as a part of your project fee, click in the Billable box to create a checkmark. Select the Customer/Project. Add a Memo to remind yourself of the reason for the lunch (very important!) and attach a photo of the receipt if you take one. Click Save. Your record of the lunch will now appear on the Expense Transactions screen. It will also show up in the Expenses by Vendor Summary and Unbilled Charges reports, among others.

Recording with QuickBooks Online on the road

In the example we just went through, attaching a photo of the receipt was the last thing we did to record an expense in QuickBooks Online. There’s another way to document a purchase that starts with a photo of a receipt and should save you a bit of data entry: using the QuickBooks Online mobile app. The app uses Optical Character Recognition (OCR) to “read” the receipt and transfer some of its data to fields on an expense record. (If you haven’t installed the QBO app on your smartphone, you should. You can do a lot of your accounting work that synchronizes automatically with QBO. It’s free, too.)

Open the app and log in. On the opening screen, you’ll see an icon labeled Snap Receipt. Click on it, and your phone’s camera will open (you’ll be asked for permission to use it). Position your phone over the receipt and move it around until you see the blue box covering the content of the receipt.  Take the picture. You’ll see it displayed on the phone with a message saying, “Use this photo.” If it seems OK, click the link. 

A message on the screen will tell you that the upload is complete and that the app is extracting the information from it. Click “Got it!” It should only take about a minute for your receipt to appear in the list on the Receipt snap screen. You’ll see the details that the app has pulled from your receipt. Tap the matching expense and click Done on the next screen.

You can snap a photo of the receipt in the QuickBooks Online mobile app, and some fields will be automatically entered on a receipt form in QBO.

When you’re back at your computer, open QuickBooks Online and go to Transactions | Receipts. At the end of the row that contains your receipt, click the down arrow next to Delete and select Review. QBO will display the partially-completed receipt form next to the photo you took of the receipt. Fill in any missing fields and save the transaction. Click Create expense on the screen that opens. Then open the Expenses menu and select Expenses, and there should be an entry for the receipt you just added.

This tool isn’t perfect, of course. Every receipt has different fields in different places, and sometimes they’re just not very readable. But in our tests, the app picked up an average of four fields.

Documenting your expenses using one of these two methods is so important. It will help you remember why you stored the receipt and make your reports more accurate. As long as you’re categorizing each transaction correctly, it will also make your tax preparation easier and faster and ensure that you’re charging customers for billable expenses. And if you’re ever audited, your careful work will come in handy.

QuickBooks Online does expense management well, but there are enough moving parts in these recording tools that you may have some questions. Please contact our Outsourced Accounting team. We're here to help. 

Article
Record expenses in QuickBooks Online and on your phone

Read this if you have not yet reported for Phase 1.

Phase 1 provider relief reporting portal

HRSA opened the Provider Relief Funds (PRF) reporting portal on July 1, 2021, for Phase 1 PRF reporting. In Phase 1, providers will be reporting on the use of PRF received prior to June 30, 2020. While Phase 1 reporting was originally due September 30, 2021, HRSA has provided a 60-day grace period for the reporting period. Providers will be considered out of compliance with the reporting requirements if they do not submit reporting by November 30, 2021. Providers can submit their reporting on the Provider Relief Fund portal. Please note:

  1. Providers must register for the reporting portal, as this is not the same portal as the application and attestation portal. The portal registration must be completed in one session. Follow the link to the Portal Registration User guide
  2. Providers can only report on eligible lost revenues and expenditures related to payments received before June 30, 2020. Providers are not yet allowed to report on payments received subsequent to June 30, 2020. See the June 11, 2021 Reporting Requirements Notice for more detail on reporting requirements.
  3. The period of availability for Phase 1 lost revenues and eligible expenditures is January 1, 2020 through June 30, 2021.
  4. It is extremely helpful to complete the HRSA provider portal worksheets prior to beginning the portal data entry. 
  5. Providers should return unused funds as soon as possible after submitting their report. All unused funds must be returned no later than 30 days after the end of the grace period. (December 31, 2021)
  6. Provider Relief Funds are considered federal awards under Assistance Listing Number (ALN) 93.948. Providers, both for-profit and not-for-profit, may be subject to a Uniform Guidance Audit if they expend more than $750,000 of federal awards during the provider’s fiscal year. 
  7. Providers are able to retrieve their data submission from the portal if a copy was not retained during the submission process.

Your BerryDunn Hospital team is here to help you navigate the Provider Relief Fund reporting and compliance requirements. Please contact us if you have any questions or would like to talk about your specific situation. 

Article
Provider Relief Funds: Highlights

Read this if you are involved with financial statement audits or use audited financial statements. 

Almost as exciting as the look of a new outfit or (completion of) a renovation project, SAS 134 brings a new design to the auditor’s report accompanying your audited financials for periods ending on or after December 31, 2021. Why the new look, you ask? 

Users spoke and the AICPA Auditing Standards Board listened. The new standard significantly changes the layout and content of the report (including management’s responsibilities) and permits communication of key audit matters (areas of higher assessed risk of material misstatement, areas involving significant judgment, or significant events or transactions during the period). Implemented changes include: 

  • The auditor’s opinion is now at the beginning of the audit report and otherwise strengthens the transparency for the auditor’s opinion.
  • The standard clarifies the responsibilities of both management and the auditors, strengthening the financial audit. 

Sample auditor’s report

The simplest way to relay the changes is with an example. The following report is a basic illustration in which an unmodified opinion was issued and the auditor was not engaged to communicate key audit matters. 

If you have questions or would like to speak to us about your specific situation, please contact us. We’re here to help.

Article
Auditor's report redesigned for better communication