Skip to Main Content

In light of the recent cyberattacks in higher education across the US, more and more institutions are finding themselves no longer immune to these activities. Security by obscurity is no longer an effective approach—all institutions are potential targets. Colleges and universities must take action to ensure processes and documentation are in place to prepare for and respond appropriately to a potential cybersecurity incident.

Best practices for financial institution contracts with technology providers

As the financial services sector moves in an increasingly digital direction, you cannot overstate the need for robust and relevant information security programs. Financial institutions place more reliance than ever on third-party technology vendors to support core aspects of their business, and in turn place more reliance on those vendors to meet the industry’s high standards for information security. These include those in the Gramm-Leach-Bliley Act, Sarbanes Oxley 404, and regulations established by the Federal Financial Institutions Examination Council (FFIEC).

Who has the time or resources to keep tabs on everything that everyone in an organization does? No one. Therefore, you naturally need to trust (at least on a certain level) the actions and motives of various personnel. At the top of your “trust level” are privileged users—such as system and network administrators and developers—who keep vital systems, applications, and hardware up and running.

Law enforcement, courts, prosecutors, and corrections personnel provide many complex, seemingly limitless services. Seemingly is the key word here, for in reality these personnel provide a set number of incredibly important services.

Best Practices for Educating Your Financial Institution’s Board of Directors on Cybersecurity

According to Cybersecurity Ventures, cybercrime will account for $6 trillion annually by 2021—that’s more than the global trade of all major illegal drugs combined.  Data breaches and other information security events adversely impact organizations through significant losses in revenue, erosion of customer trust, substantial remediation costs, increased insurance premiums, and more.

All teams experience losing streaks, and all franchise dynasties lose some luster. Nevertheless, the game must go on. 

The world of professional sports is rife with instability and insecurity. Star athletes leave or become injured; coaching staff make bad calls or public statements. The ultimate strength of a sports team is its ability to rebound. The same holds true for other groups and businesses.

Any sports team can pull off a random great play. Only the best sports teams, though, can pull off great plays consistently — and over time. The secret to this lies in the ability of the coaching staff to manage the team on a day-to-day basis, while also continually selling their vision to the team’s ownership.

A professional sports team is an ever-changing entity. To have a general perspective on the team’s fluctuating strengths and weaknesses, a good coach needs to trust and empower their staff to discover the details. Chapter 5 in BerryDunn’s Cybersecurity Playbook for Management looks at how discovery can help managers understand their organization’s ever-changing IT environment. 

Just as sports teams need to bring in outside resources — a new starting pitcher, for example, or a free agent QB — in order to get better and win more games, most organizations need to bring in outside resources to win the cybersecurity game.

It may be hard to believe some seasons, but every professional sports team currently has the necessary resources — talent, plays, and equipment — to win. The challenge is to identify and leverage them for maximum benefit.

It’s one thing for coaching staff to see the need for a new quarterback or pitcher. Selecting and onboarding this talent is a whole new ballgame. Various questions have to be answered before moving forward: 

For professional baseball players who get paid millions to swing a bat, going through a slump is daunting. The mere thought of a slump conjures up frustration, anxiety and humiliation, and in extreme cases, the possibility of job loss.

As the technology we use for work and at home becomes increasingly intertwined, security issues that affect one also affect the other and we must address security risks at both levels.

During my lunch in sunny Florida while traveling for business, enjoying a nice reprieve from another cold Maine winter, I checked my social media account.

Read this if your senior living facility is receiving Medicare payments

A year ago the senior living industry was challenged with the transition to the Patient-Driven Payment Model (PDPM). In the months leading up the implementation of PDPM providers prepared for new regulations, conducted employee training, and forecasted financial performance. By all accounts the implementation of PDPM went off with very few glitches. 

That all changed in the beginning of 2020 when the coronavirus (COVID-19) pandemic upended the industry and Medicare occupancy levels diminished. COVID-19 overturned the way providers were providing care at their facilities. Providers have seen a decrease in utilization of therapy services and an increase in medical management cases. Providers anticipated delivering more concurrent physical therapy, which has become impossible with COVID-19. We understand how demanding COVID-19 related change management has been for skilled nursing facilities, and want to help you re-focus your attention on the critical tasks and procedures driving your Medicare reimbursement.

New federal fiscal year, new rates

The Medicare Final Rule for fiscal year 2021 did not contain any major policy changes to PDPM but did contain routine updates to coding and Medicare billing rates effective October 1, 2020. After changing Medicare billing rates, you should test your system by carefully reviewing a remittance advice and the accounts receivable report for October service dates. Look for any balances, big or small, to help ensure billing rates and contractuals are correct for all payers following Medicare rules. Note:

  • Small balances may indicate errors in system configuration, such as PDPM rates, sequestration, or value-based purchasing adjustment.
  • Larger balances may indicate a claim missed in triple-check meeting and billed at an incorrect PDPM rate. View the FFY2021 Medicare Rate Calculator.
  • Providers should review ICD-10 mappings on an annual basis for new and discontinued ICD-10 codes. 

Medicare Advantage plan enrollment is growing. What does it mean for your facility?

With the continuing growth of Medicare Managed Care/Advantage plans, it is important to review your facility’s contracts. 

  • Most Medicare Advantage programs have adopted PDPM, but have differing requirements for pre-authorizations and payment rates, so be sure you understand how each of these contracts reimburses your facility
  • If there new Medicare Advantage plans in your area, evaluate the need to negotiate a contract to admit patients covered by the new plan. 
  • Update the list of plans your facility contracts with:
     
    • Carefully review contract rates and request rate changes if the payor does not follow the Medicare fee schedule. 
    • To avoid denied claims, update contact information and understand preauthorization requirements and any patient status updates. Distribute the updated list to your admissions and case management teams.

Check on your MDS coordinator

  • With the COVID-related shift in responsibilities, we see an increase in MDS position turnover. We recommend reviewing or developing a backup for your MDS coordinator, as completion of MDS is critical for billing and regulatory compliance. 
  • If your facility has limited resources for backup, evaluate sub-contracting options or reach out to your state’s Health Care Association for available resources. 

Update your consolidated billing resources

Consolidated billing errors could result in significant reductions of your bottom line. CMS updates guidance on consolidated billing regularly. We recommend checking the CMS listing and ensuring your admissions, clinical, and medical records team uses up-to-date information for admission decisions and coordination of care with external health care providers. Get more information.

COVID-19 impact

  • CMS provided a number of flexibilities to help facilities with COVID-related care. Please note, a number of these provisions are temporary, and are only effective during the state of emergency. We recommend at least a monthly review of regulatory guidance to help ensure compliance. Get more information.
  • While COVID-19 diagnosis and codes were not specifically incorporated into PDPM in the 2021 final rule, be sure to appropriately code isolation stays in the nursing component, document additional costs of testing, PPE, and labor and documentation of skilled need to protect against audit risk.

Have questions? Our Senior Living revenue cycle team is here to help. 

Article
Patient Driven Payment Model―A year later

Read this if you are a director or manager at a Health and Human Services agency in charge of modernizing your state's Health and Human Services systems. 

When states start to look at outdated Health and Human Services systems like Eligibility Systems or Medicaid Enterprise Systems, they spend a lot of time on strategic planning efforts and addressing technology deficiencies that set the direction for their agencies. While they pay a lot of attention to the technology aspects of the work, they often overlook others. Here are three to pay attention to: 

  1. Business process improvement
  2. Organization development
  3. Organizational change management

Including these important steps in strategic planning often improves the likelihood of an implementation of Health and Human Service systems that provide the fully intended value or benefit to the citizen they help serve. When planning major system improvements, agencies need to have the courage to ask other critical questions that, when answered, will help guarantee greater success upon implementation of modernized system.

Don’t forget, it’s not only about new technology—it’s about gaining efficiencies in your business processes, structuring your organization in a manner that supports business process improvements, and helping the people in your organization and external stakeholders accept change.  

Business process improvement 

When thinking about improving business processes, a major consideration is to identify what processes can be improved to save time and money, and deliver services to those in need faster. When organizations experience inefficiencies in their business processes, more often than not the underlying processes and systems are at fault, not the people. Determining which processes require improvement can be challenging. However, analyzing your business processes is a key factor in strategic planning, understanding the challenges in existing processes and their underlying causes, and developing solutions to eliminate or mitigate those causes are essential to business process improvement.

Once you pinpoint areas of process improvement, you can move forward with reviewing your organization, classifying needs for potential organization development, and begin developing requirements for the change your organization needs.

Organization development

An ideal organizational structure fully aligns with the mission, vision, values, goals, and strategy of an organization. One question to ask when considering the need for organization development is, “What does your organization need to look like to support your state’s to-be vision?” Answering this question can provide a roadmap that helps you achieve:

  1. Improved outcomes for vulnerable populations, such as those receiving Medicaid, TANF, SNAP, or other Health and Human Services benefits 
  2. Positive impacts on social determinants of health in the state
  3. Significant cost savings through a more leveraged workforce and consolidated offices with related fixed expenses—and turning focus to organizational change management

Organization development does not stop at reviewing an organization’s structure. It should include reviewing job design, cultural changes, training systems, team design, and human resource systems. Organizational change is inherent in organization development, which involves integration of a change management strategy. When working through organization development, consideration of the need for organizational change should be included in both resource development and as part of the cultural shift.

Organizational change management

Diverging from the norm can be an intimidating prospect for many people. Within your organization, you likely have diverse team members who have different perspectives about change. Some team members will be willing to accept change easily, some will see the positive outcomes from change, but have reservations about learning a new way of approaching their jobs, and there will be others who are completely resistant to change. 

Successful organizational change management happens by allowing team members to understand why the organization needs to change. Leaders can help staff gain this understanding by explaining the urgency for change that might include:

  • Aging technology: Outdated systems sometimes have difficulty transmitting data or completing simple automated tasks.
  • Outdated processes: “Because we’ve always done it this way” is a red flag, and a good reason to examine processes and possibly help alleviate stressors created by day-to-day tasks. It might also allow your organization to take care of some vital projects that had been neglected because before there wasn’t time to address them as a result of outdated processes taking longer than necessary.
  • Barriers to efficiency: Duplicative processes caused by lack of communication between departments within the organization, refusal to change, or lack of training can all lead to less efficiency.

To help remove stakeholder resistance to change and increase excitement (and adoption) around new initiatives, you must make constant communication and training an integral component of your strategic plan. 

Investing in business process improvement, organization development, and organizational change management will help your state obtain the intended value and benefits from technology investments and most importantly, better serve citizens in need. 

Does your organization have interest in learning more about how to help obtain the fully intended value and benefits from your technology investments? Contact our Health and Human Services consulting team to talk about how you can incorporate business process improvement, organization development, and organizational change management activities into your strategic planning efforts.

Article
People and processes: Planning health and human services IT systems modernization to improve outcomes

Read this if you have a responsibility for acquiring and implementing victim notifications for your jurisdiction.

In the first article of this three-part series we explored the challenges and risks associated with utilizing multiple victim notification systems across your state. In this article we will explore what the choices are to address these challenges. 

System elements to consider

Many jurisdictions are under the impression that there are only one or two choices for victim notification systems. Though there are certainly market leaders in this space, you should select a system model that best meets your jurisdiction’s profile. The profile may include some of these elements:

  • Risk aversion (i.e., How risk averse is your organization regarding system implementations?)
  • Budget (i.e., How will the initial project be funded? Does your jurisdiction prefer an annual subscription model, or a traditional perpetual license with annual maintenance and support fees?)
  • Staff (Who do you need to implement and maintain the operational system?)
  • Time (i.e., Are you already out of compliance with state statutes?)
  • Hosting environment (i.e., Do you want to host in the cloud or on premise?)
  • Victim notification reach (i.e., state-wide, single jurisdiction, multiple justice partners)
  • Victim notification policy and statute complexity
  • Data ownership (i.e., To what degree does your jurisdiction enable the selling of victim notification data outside of the jurisdiction?)

Victim notification solutions range from hosted commercial off the shelf (COTS) solutions, which are typically least expensive; to custom solutions developed to address jurisdiction-specific needs. The latter tend to be more expensive, riskier than turnkey solutions, and take longer to operationalize. However, if your jurisdiction has unique requirements for victim notification, this may be a viable option. Unless you plan to engage the development vendor in a long-term contract for maintenance of this type of system, you must consider the impact on your existing IT staff. “Platform” solutions are a hybrid of COTS and custom development. With these solutions, there is typically a platform (i.e., Customer Relationship Management or CRM) on which the victim notification system is developed. Using a platform de-risks the development of the application’s architecture, may be a slightly less costly approach, and may simplify the maintenance of a system that is addressing unique requirements.

You may also already have licenses for victim notification capabilities, and not even realize it. Some offender management systems (OMS), jail management systems (JMS), and even prosecution systems (that support victim advocacy functions) may have built-in victim notification functionality included for the licensing price you are currently paying, or may include the option to purchase an add-on module. 

Advantages of using victim notification capabilities packaged with an existing system may include:

  • Lower acquisition and maintenance costs
  • Tighter integration with the OMS, JMS, or prosecution system may result in more seamless utilization of offender and victim data
  • You have a single contract, with a single vendor, reducing contract management overhead

A likely disadvantage, however, is the victim notification functionality may not be a robust as a point solution, or custom-built system. Additionally, if the “reach” of the JMS is a single county, then victim notification capabilities built into your JMS may not suffice for statewide use. However, if the built-in functionality meets your needs, then this is certainly a viable path to consider.

As mentioned in the first article, regardless of your approach the integration between your victim notification system and the JMS, OMS, prosecution system, and court system is critical to reducing redundancy and increasing the timeliness with which both offender and victim data is entered into the victim notification system―and used to trigger the notifications themselves.

Determining the best option for your victim notification system

So how do you determine which choice is best for your jurisdiction? The first step is to determine your jurisdiction’s risk profile versus the need to for jurisdiction-specific functionality. 

Mature market-based solutions are typically less risky to implement, since multiple jurisdictions are likely successfully using them to support their victim notification operations. However, these solutions may not be customizable or flexible enough to address your specific needs. 

“Build” models (using platform solutions or other application development models) tend to be a bit more risky (as many “from scratch” development projects can be); however these are more likely to address your specific needs. Here are a few questions that you should ask before making a determination between a COTS solution and a custom-build:

  1. Do we really have jurisdiction-specific victim notification needs?
  2. Can a COTS solution meet the statutes and policies in our jurisdiction?
  3. How risk-averse is our jurisdiction?
  4. Do we have time to develop a customized solution?
  5. Do we have the talent and capacity to maintain a custom solution?

Budget considerations

The next step is to determine your budget. We recommend you assess a budget over a 10-year total cost of ownership. The cost of a traditional, perpetual license-based COTS solution, including initial acquisition and implementation, will be higher in the first few years of use, but the ongoing annual fees will be lower. The cost of a custom-build solution will be even higher in the first few years, but annual maintenance should drop off dramatically. The cost of a subscription-based COTS solution will be relative even year over year. However, if you model these costs over 10 years, you will have a reasonable sense for how these costs trend (i.e., the cost of a subscription-based model will likely be higher over 10 years than the perpetual license model). 

The other consideration is how you plan to fund the system. If there are capital funds in the budget for initial acquisition and implementation, this may benefit the perpetual license model more than the subscription-based model. Regardless of the funding approach, you will likely be using the selected victim notification method for a significant period of time, so don’t settle.

Finally, determine how to acquire the system (or systems integration vendor that will help you develop the system), which is the subject of the third article in our series.

If you have questions about your specific situation, please contact our Justice & Public Safety team. We’re here to help. To learn more about other choices in victim notification procedures and systems, stay tuned for our third article in this series where we explore the process (and pitfalls) of procuring a statewide victim notification system.

Article
Victim notification systems: What choice do you have?

If you received PPP funds, read on.

The Treasury has released new information regarding Paycheck Program Protection forgiveness. 

Based on IRS guidance, if you intend to apply for forgiveness and have a reasonable expectation it will be granted, the expenses used to support forgiveness will not be permitted as a deduction in 2020. It is unclear whether this guidance would apply if a taxpayer is undecided with regard to their forgiveness application at year end. Here is what we know so far.

The CARES Act included provisions that stated PPP loan forgiveness would not be considered taxable income under the Internal Revenue Code (“IRC”). The CARES Act specifically provides the forgiveness is not taxable income under IRC Section 61.

However, the IRS has issued the following guidance on this matter, which relates to the expenses paid with the PPP loan funds.

Notice 2020-32, states IRC Section 265(a)(1) applies to disallow expenses that were included on and supported a taxpayer’s successful PPP loan forgiveness application. 

In general, this section states NO deductions are permitted for expenses that are directly attributable to tax exempt income. 

The IRS seems to have concluded, in this Notice, the PPP loan forgiveness is tax exempt income. Therefore, the salary and occupancy costs used to support forgiveness, under current IRS guidance, will not be tax deductible.

Unanswered questions

This notice, while somewhat informative, raises many unanswered questions. For example, what are the tax consequences if a PPP loan is forgiven in 2021 and the expenses supporting the forgiveness were incurred in 2020? Could the forgiveness be construed as something other than tax exempt income?

Revenue Ruling 2020-27 attempts to answer some of these questions and provides additional guidance with regard to IRS expectations. The Ruling seems to indicate there are two possible tax positions relative to expenses that qualify PPP loans for forgiveness:

  • First, the loan forgiveness could be construed as tax exempt income and, pursuant to IRC Section 265 expenses directly attributable to the exempt income are not deductible.
  • Second, loan forgiveness could be construed as the reimbursement of certain expenses, and not as tax exempt income. Under the reimbursement approach the IRS has stated if you intend to apply for forgiveness and reasonably expect to receive forgiveness the reimbursed expenses are not deductible, even if forgiveness is obtained in the following tax year. This position seems to be supported by several tax controversies which were litigated in favor of the IRS. 

Some taxpayers had anticipated using a rule known as the tax benefit rule to deduct expense in 2020 and report a recovery (income) in 2021 when the loan is forgiven. It appears the IRS is not willing to accept this filing position.

We are hoping Congress will revisit this issue and consider statutory changes which allow for the deduction of expenses. Some taxpayers are planning to extend their income tax returns, taking a wait and see approach, with the hopes Congress will amend the statutes and allow for a deduction.

Under current law, it appears the salary, interest, rent used to support a forgiveness application will not be permitted as a tax deduction on your 2020 tax returns. This could result in a significant change in your 2020 taxable income.

Final considerations

For estimated tax payment purposes, we believe it would be reasonable to attribute the lost deductions to the quarter in which you made your final determination to file for forgiveness. This could mitigate any underpayment of estimated income tax penalties. 

If you are making safe harbor quarter estimates and/or have sufficient withholdings any incremental tax would be due with your return on April 15, 2021. Generally, the IRS safe harbor is to pay 110% of prior year tax during the current year to be penalty proof.

If you have questions about your specific situation, please contact us. We’re here to help.

COVID-19 business support

We will continue to post updates as we uncover them. Let us know if you have questions. For more information regarding the Paycheck Protection Program, the CARES Act, or other COVID-19 resources, see our COVID-19 Resource Center.

Article
Update: Treasury issues a revenue ruling and revenue procedure regarding PPP forgiveness

Read this is you are a new renewable energy company looking for accounting solutions.

Setting up a new company in QuickBooks can be challenging enough, but if you are a renewable energy company there are a few additional items to think about. You face unique reporting and tracking requirements for a number of reasons, including tax reporting requirements, potential and existing investors, debt requirements, and grant requirements. Renewable energy companies should take special care in setting up their QuickBooks file. Below is a top 10 list of items to consider when setting up a new company file.

  1. Equity—Have you recorded your initial equity activity?
    Do you have individual capital accounts setup by owner?
    Did some owners contribute items other than cash? Expertise or property? Have you accounted for those properly?
  2. Debt—Do you have all debt financing recorded on the books?
    Debt financing needs to be recorded even if the bank pays some construction vendors directly as part of the agreement.
    Do you have an amortization or payment schedule to assist with recording loan payments properly?
    Does your debt have financial statement reporting requirements or covenant requirements that you must meet annually?
  3. Accounting Basis—Generally Accept Accounting Principles (GAAP) or Tax basis how will you keep your books?
    More and more companies are being required by banks and investors to keep their books on GAAP basis, you should consider future planned investors or financing from the get go as there are some clear distinctions between the two and it may be easier to start with GAAP from the beginning.
    GAAP and tax basis call for some pretty drastic distinctions when it comes to treatment of grant income if they directly relate to a project under development so it’s good to get a handle on this up front.
  4. Construction Costs—Are you capitalizing all construction costs related to your project?
    All costs related to your project must be capitalized on the balance sheet until the project is placed in service at which point you can begin depreciating the value of the project over a period of years.
    Generally, we recommend tracking site work in a separate account as tax and GAAP requirements can call for different treatment of these costs depending on their nature.
    Are you applying for any special grants related to your project? There are a number of federal and state grants available to renewable energy companies which may require breaking your project into cost categories to determine what costs qualify for the grant and what do not? Do you have a mechanism for tracking these costs?
  5. Soft costs―Are you properly capitalizing or expensing soft costs related to your project?  Engineering fees, project management fees and consulting fees if directly related to the project are generally included as part of the capitalized project costs rather than expensed.
    Legal and accounting fees. even if directly related to the project accounting or structuring your project, are generally expensed.
  6. Multiple projects―How are you keeping track of your multiple projects?
    With multiple projects underway at any given time, it is imperative to track these costs by project in QuickBooks and to work with vendors to specify on invoices to what projects costs are related. This is imperative to a lot of grant applications to be able to provide this sort of detail easily and on a consistent basis.
  7. Project details/Contracts details―How are you keeping track of all those details?
    More detail is always good.  In our experience the more detail you have in your files as to cost breakdowns of EPC contracts, etc. the better. Investors and grant evaluators are going to request all this detail and it’s better to have on file than track it down months or even years later.  Vendors are much more cooperative when requesting this documentation up front.
  8. Grant fine print―Have you read the fine print of the grants you’ve received?
    Pay close attention to these green energy grants fine print. Many of the grants have repayment requirements were the project taken out of service within a certain timeframe or have repayment requirements under other circumstances. These are items that may be required to be disclosed in financial statements and are just good business to be aware of.
  9. Organizational costs―Do you know what these are and are you tracking?
    Organization costs are legal, accounting and any other costs related to the actual formation and entity structuring of a company.  In our experience, these costs can be significant with the complex equity structures of many renewable energy companies. Make sure you are tracking these costs as amounts in excess of $5,000 are required to be amortized over 15 years for tax purposes.
  10. Project budgets and overall budgets―Do you have a realistic budget?
    Use QuickBooks budgeting features to track both project budgets as well as your Company’s overall budgets. Projects can go over budget quickly and it’s critical to keep on top of it to ensure the overall mission and sustainability of the company.

Once you have looked at these questions, you will be able to to create an effective budget and financials. If you have questions about your financial operations, QuickBooks, or setting up budgets, please contact the team. We’re here to help. 
 

Article
Top 10 QuickBooks considerations when setting up a new renewable energy company