Earlier this fall we reached out to CEOs, CFOs, CECL committee members, and others that are involved in CECL implementation at their institution about the challenges and questions they have and where they stand in the CECL implementation process.
Suspicious events, including antivirus alerts and anomalous computer behavior, point toward a possible attempt to obtain unauthorized access to confidential information. The entity does not have an incident response plan in place, nor are sufficient tools in place to quarantine and neutralize the threat. Data collection, retention, and handling procedures for evidence are absent or insufficient, and could inhibit compliance with relevant data breach laws and regulator notification obligations for multiple states.
Prevent unauthorized access to Hospital information systems, with a focus on securing Protected Health Information (PHI).
Lack of operational efficiency due to inconsistent processes and procedures across five facilities serving patients.
The Company is not up-to-date with its policies and procedures related to mitigating risks and adhering to the HIPAA security standard, alluding to a larger issue with internal controls and processes throughout the organization.
The Client grew through acquisition, with multiple warehouse locations operating on various systems with different processes; management is not able to generate key critical information it needs to run the business.
The rules governing grants and other distributions from private foundations are complex, and the penalties for noncompliance can be significant. Topics covered include: How the mandatory 5% distributable amount is calculated What types of distributions qualify (or not) toward meeting the payout requirement The penalties and taxes that can apply