Download the CorporateGovernor newsletter (Winter 2012, Vol. 1)
By Justin Hendrickson, Principal, Business Advisory Services and David Glod, Director, Business Advisory Services
Board members face many issues in today’s complex business environment, and they are challenged to focus on the items most relevant to their organizations.
As we head into a new calendar year, Grant Thornton LLP’s Advisory Services practice offers the top three governance considerations for 2012.
- Health care reform
When the Patient Protection and Affordable Care Act (PPACA) was signed into law in 2010, it heralded many changes for organizations, particularly from the standpoint of employers providing health insurance benefits. The legislation will have a significant impact on budgets and financial planning. As part of an organization’s management and board, you will be making governance decisions, and you must remain informed in order to anticipate new PPACA requirements.1
Some items will go into effect Jan. 1, 2013, so it’s wise to start planning for those changes now:
- The limits for employee contributions to a flexible spending arrangement will be capped at $2,500 per employee per year, increased annually by the
cost of living adjustment. Employer contributions are not affected by this limit.
- Some employers that provide retiree prescription drug coverage receive subsidies from the federal government; recipients of this subsidy have been
able to deduct the full cost of the prescription drug coverage (including the subsidized amount), but the deduction for the subsidized portion will go away.
- Employers will begin to withhold an additional 0.9 percent Medicare Part A Hospital Insurance tax in 2013 for highly compensated employees
- Beginning in 2013, employers must provide various notices to employees regarding health coverage options, but this does not have a financial impact
on employers (other than the cost of preparing the notice and potential penalties for noncompliance).
Now is the time to look closely at the payroll and tax implications of pending health care reform requirements. Talk with your benefits department to determine where you are and what you need to do to respond. You should consider how you will adjust your benefits and how those changes will affect your employees. You may need to get third-party expertise to examine tax and benefits issues in detail.
There are other provisions coming into effect during 2014 that will be of concern in 2012. You may want to insert yourself into the decision-making process and think about the implications for morale, reputation, productivity and ethics, in addition to making financial calculations. Below are some pending items to consider:
- Health insurance exchanges and benefit tiers will be available and are becoming more transparent. These exchanges will be a way for more people to find the best possible plan value. For small businesses, this means more options in the benefits you provide to your employees.
- The essential benefits provision creates a baseline of minimum benefits that employers must offer in order to avoid penalties. Organizations will need to take a look at what they currently provide and compare it with what the legislation considers to be the minimum. Adjustments may be necessary for the organization to stay competitive in the marketplace. Additional transparency will be called for, and you will need to disclose an actuarial dollar amount related to each benefit design.
Although you can prepare for the new rules up to a point, there are still many unknown factors. Several other aspects of the PPACA should be considered:
- The legislation is being challenged in court. The challenges are working their way through the system now, and depending on how they turn out, they may have an impact on whether companies must comply with the PPACA. But in the meantime, you need to plan on complying.
- With the presidential election coming up in November, a number of candidates have pledged that they will overturn the legislation if they are elected.
- The health care reform package is more than 2,000 pages long. States and rulemaking bodies have been given a great deal of discretion as to how it will be implemented, and many specifics have yet to be determined.
- Regulatory burden
Nearly one-half of chief audit executives (48%) find that the shifting regulatory landscape poses the greatest threat to their organizations’ governance performance.2 Small wonder, then, that the increasingly burdensome costs of adhering to various regulations have brought compliance into sharper focus for boards and management teams. Organizations should think strategically about the best ways to address compliance needs. Grant Thornton’s Advisory Services professionals have heard from their clients about how expensive and time-consuming the process of compliance is. Much of the cost and effort of
compliance comes from having multiple auditors perform redundant work to provide virtually the same information for the many regulating bodies and users of this information.
But compliance is not going away. In a changing regulatory environment and an era that demands more disclosure and greater transparency than ever before, organizations need to assess their multiple requirements and plan a way to satisfy them that is both efficient and economical. Smart organizations will adopt a test-once, comply-twice (or multiple times) mentality. By first cataloging all pertinent regulations and then identifying activities and controls that relate to multiple regulations, organizations can determine the most appropriate timing of testing in order to test compliance with many requirements simultaneously. Organizations should work with experienced service providers — or with a single vendor acting as a one-stop shop — that can help them
address their regulatory requirements and come up with strategically sound ways to fulfill them.
Adding to the already growing importance of information security, the SEC has released guidance advising that public companies disclose any cybersecurity breaches.4 This added transparency will provide stakeholders with insight into an organization’s IT governance, but it may also hurt the organization’s reputation and shake the confidence of customers and business partners. The SEC guidance goes further, recommending that organizations report material risks related to cybersecurity. In other words, if your organization is vulnerable, you should divulge those weaknesses. Under these circumstances, even if you have not experienced a breach, your reputation is still at risk, and it’s probable that all of your auditors will be scrutinizing your reports very closely.
It’s best to pre-empt the need for these disclosures. You should spend this year looking at data security holistically. You may have concerned yourself with securing subsets of data while ignoring other areas of proprietary data. Now is the time for you to evaluate your security and eliminate the need to make negative disclosures at the end of the year.
Address your cybersecurity by looking critically at your IT assets; conduct a risk assessment plus an IT internal audit and security test. Whether you perform these tasks in-house or outsource them, it is important that you do so now before a security weakness forces you to.
But even if you are not a public company, you should make cybersecurity a top priority for 2012 in the name of good governance. Information plays a large part in making a business successful, and today’s businesses depend on their information assets as never before. Organizations without sufficient data security controls in place may be especially vulnerable to cybersecurity breaches and the reputational damage they cause.
Start the year off right by focusing your attention on key governance issues. Address them now and increase your chances of having a strong and successful 2012
1 For information regarding health care reform, visit www.healthcare.gov. See also Grant Thornton’s Health Care Reform Resource Center at www.gt.com/healthcarereform.
2 Grant Thornton’s 2011 Chief Audit Executive Survey; see www.grantthornton.com/caesurvey.
3 For more information on cybersecurity, see Grant Thornton’s CorporateGovernor white paper: Covering your assets: A proactive approach to securing sensitive data
4 Securities and Exchange Commission, Division of Corporation Finance. CF Disclosure Guidance: Topic No. 2, Cybersecurity, Oct. 13, 2011. See www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm.