GASB Audit Updatepresented by Julian Sardinas

Presentation Overview

Implemented Pronouncements

Outstanding Exposure Drafts

Projects currently being reviewed

Effective Dates 2017

Statement 73--Pensions not within the scope of 67/68--June 30 Statement 74--OPEB (plans)--June 30Statement 77--Tax abatement disclosures--December 31Statement 80--Blending requirements--June 30Statement 81--Irrevocable split-interest agreements-December 31Statement 82--Pension issues--June 30 (early adoption is encouraged)Implementation Guide 2016-1

2018Statement 75--OPEB (employers)--June 30Statement 82--Pension issues--June 30+

Effective Dates (cont.) 2016

Statement 72--Fair Value--June 30Statement 73--Amendments to Statements 67 and 68--June 30 Statement 76--GAAP hierarchy--June 30Statement 78--Certain multiple-employer pension plans--December 31Statement 79--Certain investment pools and participants--June 30

and December 31Implementation Guide 2015-1--June 30

Fair Value Measurement and Application: Statement 72

What: establishes a hierarchy of inputs to valuation techniques used to measure fair value

Why: Review of existing standards found opportunities to improve the measurement of resources available to governments, and to increase comparability and accountability

When: Effective for fiscal years beginning after June 15, 2015

Accounting and Financial Reporting for Pensions and Related Assets That Are Not within the Scope of GASB Statement 68, and Amendments to Certain Provisions of GASB Statements 67 and 68: Statement 73

What: comprehensive review of the effectiveness of existing standards of accounting and financial reporting for all postemployment benefits with regard to providing decision-useful information, supporting assessments of accountability and interperiod equity, and creating additional transparency

Why: improve the usefulness of information about pensions included in the general purpose external financial reports of state and local governments for making decisions and assessing accountability.

Accounting and Financial Reporting for Pensions and Related Assets That Are Not within the Scope of GASB Statement 68, and Amendments to Certain Provisions of GASB Statements 67 and 68: Statement 73

When:

the requirements of this Statement that address financial reporting for assets accumulated for purposes of providing those pensions are effective for fiscal years beginning after June 15, 2015

not within the scope of Statement 68 are effective for financial statements for fiscal years beginning after June 15, 2016,

Other Postemployment Benefits:Statements 74 & 75

What: The Board issued Statements 74 (plans) and 75 (employers), making OPEB accounting and financial reporting consistent with the pension standards in Statements 67 and 68

Why: Pension and OPEB standards were updated subsequent to a review of the effectiveness of the standards – objective was to establish a consistent set of standards for all postemployment benefits, providing more transparent reporting of the liability and more useful information about the liability and costs of benefits

When: Effective for periods beginning after June 15, 2016 (plans) and June 15, 2017 (employers)

Plan and Asset Reporting Scope includes defined benefit and defined contribution OPEB plans administered through trusts that meet specified criteria

Also addresses assets accumulated for purposes of providing OPEB through defined benefit OPEB plans that are not administered through trusts that meet the criteria

Assets reported as assets in employer’s governmental/ proprietary funds

Assets held for other government reported in an agency fund

Plan and Asset Reporting (cont.)

Few changes from Statement 43 for financial statement recognition

Notes/RSI changes primarily to reflect changes in measurement of defined benefit liabilities of employers

Employer Scope & Applicability

Applies same definition of OPEB as used in Statement 45

All postemployment healthcare benefits

Other forms of postemployment benefits not provided through a pension plan

Applies to employers and nonemployer contributing entities that have a legal obligation to make contributions directly to an OPEB plan or to make benefit payments as those payments come due

GAAP Hierarchy: Statement 76

What: In June 2015, the Board issued Statement 76 and cleared a revised compilation of implementation guidance

Why: The GAAP hierarchy was incorporated (by Statement 55) from the auditing literature essentially “as is”—this Statement simplifies the hierarchy and explains how to identify the relevant literature within the hierarchy

When: Effective for periods beginning after June 15, 2015

Categories of Authoritative GAAP

Category Sources Due Process

A GASB Statements

Formally approved by the Board for thepurpose of creating, amending,

superseding, or interpreting standards, ANDexposed for a period of public comment

B

GASB Technical Bulletinsand Implementation

Guides; AICPA literaturespecifically cleared

by GASB

Cleared by the Board, specifically madeapplicable to state and local governmental

entities, AND exposed for a period of public comment

Implementation Guidance

Now classified as Category B authoritative GAAP

Revised due process

Public exposure of new Q&A guidance going forward

Will continue to issue Guides to individual pronouncements (such as Statements 74 and 75 on OPEB) and annual updates with new Q&As on various pronouncements

Implementation Guidance Updates

What: GASB updated its Q&A implementation guidance by approving Implementation Guide 2015-1 in June 2015 and Implementation Guide 2016-1 in March 2016

Why: New guidance is added as new pronouncements are issued and new issues arise; existing guidance is revised to reflect the effects of new pronouncements

When: 2015-1 is effective for periods beginning after June 15, 2015; 2016-1 is effective for periods beginning after June 15, 2016

Implementation Guidance Updates (cont.)

Implementation Guides are now Category B authoritative GAAP following Statement 76

Implementation Guides can be downloaded free from the GASB website

Implementation Guides 2015-1 and 2016-1

IG 2015-1 is the result of a complete review of all previously issued Q&A guidance

IG 2016-1 updates 2015-1:

Adds new questions on recent standards regarding fair value and tax abatement disclosures

Reinstates certain previously superseded Q&As that have been updated

Tax Abatement Disclosures: Statement 77

What: The Board issued Statement 77, which requires disclosures about a government’s tax abatement agreements

Why: Information about revenues that governments forgo is essential to understanding financial position and economic condition, interperiod equity, sources and uses of financial resources, and compliance with finance related legal or contractual requirements

When: Effective for periods beginning after December 15, 2015

Definition and Scope

Does not include all transactions that reduce tax revenues

Emphasis is on the substance of the arrangement meeting the definition, not on its name or form

Definition and Scope (cont.)Tax abatement definition:

A reduction in tax revenues that results from an agreement between one or more governments and an individual or entity in which

(a) one or more governments promise to forgo tax revenues to which they are otherwise entitled and

(b) the individual or entity promises to take a specific action after the agreement has been entered into that contributes to economic development or otherwise benefits the governments or the citizens of those governments.

Tax Abatement? Yes or No?Implementation Guide 2016-1:

Tax Increment Financing (4.77)

Sales Tax (4.78)

Motor Fuel Tax (4.80)

General Disclosure PrinciplesA government would disclose separately (a) its own tax abatements and (b) tax abatements that are entered into by other governments and reduce the reporting government’s taxes

Disclose own tax abatements by major program

Disclose those of other governments by the government and specific tax abated

General Disclosure Principles (cont.)

Brief Descriptive Information Government’s Own Abatements

Other Government’s Abatements

Name of program

Purpose of program

Name of government

Tax being abated

Authority to abate taxes

Eligibility criteria

Abatement mechanism

Recapture provisions

Types of recipient commitments

General Disclosure Principles (cont.)

Other Disclosures Government’s Own Abatements

Other Government’s Abatements

Dollar amount of taxes abated

Amounts received or receivable from other governments associated with

abated taxesOther commitments by

the governmentQuantitative threshold for

individual disclosureInformation omitted due to

legal prohibitions

Pensions Provided through Certain Multiple-Employer Pension Plans: Statement 78

What: The GASB has proposed revisions to Statement 68 on pensions to address concerns raised by stakeholders about governments with employees who are provided defined benefit pension benefits through federally sponsored or private multiple-employer pension plans

Why: The Board addresses requests to revisit existing standards when the concerns are significant and raise new issues

When: Effective for periods beginning after December 15, 2015

Statement 78: Exception to Statement 68

Statement 78 provides an exception to the general requirements of Statement 68, to be replaced with recognition of required contributions and descriptive note disclosures The Statement should be applied only to pensions provided to employees of state or local governmental employers through a cost-sharing multiple-employer defined benefit pension plan that meets all three of the following criteria:

Statement 78: Exception to Statement 68 (cont.)

not a state or local governmental pension planused to provide defined benefit pensions both to employees of state or local governments and to employees of employers that are not state or local governmental employersno predominant state or local governmental employer

Governments applying Statement 78 should present an RSI schedule of required contributions for the past 10 years

Certain External Investment Poolsand Pool Participants: Statement 79

What: The GASB has revised the accounting and financial reporting standards for 2a7-like investment pools

Why: Securities and Exchange Commission changes to Rule 2a7 would make it difficult for external investment pools to meet the criteria to continue to report as 2a7-like

When: Effective for reporting periods beginning after June 15, 2015, except for the provisions in paragraphs 18, 19, 23 26, and 40, which are effective for reporting periods beginning after December 15, 2015

Rule 2a7 2014 AmendmentsAmong other changes, requires money market funds to:

Transact at a floating net asset value per share (some exceptions)

Have the ability to impose liquidity fees and redemption gates

Calculate their shadow price on a daily basis

Disclose additional information on their websites on a daily basis

External investment pools would have to adopt those changes in order to remain 2a7-like

GASB has developed its own criteria

Criteria for Pools to Use Amortized CostAn external investment pool needs to meet all of the following in order to report investments at amortized cost:

Transact with participants at stable net asset value per share – $1.00 per share

Meet certain portfolio maturity requirements

Meet certain portfolio quality requirements

Meet certain portfolio diversification requirements

Meet certain pool liquidity requirements

Meet shadow price requirements

Disclosures for Pools and ParticipantsPools that report at amortized cost should disclose the fair value measurements as required by paragraphs 80–82 of Statement 72

Pools and pool participants that report at amortized cost should disclose the presence of any limitations or restrictions on participant withdrawals, such as redemption notice periods, maximum transaction amounts, and the pools’ authority to impose liquidity fees or redemption gates

Blending Requirements for CertainComponent Units: Statement 80

What: Statement 80 revises the standards regarding how certain component units should be presented in the financial statements of the primary government

Why: There is diversity in practice with some component units

When: Effective for reporting periods beginning after June 15, 2016

Additional Blending CriterionA component unit should be included in the reporting entity financial statements using the blended method if:

The component unit is organized as a not-for-profit corporation in which the primary government is the sole corporate member, as identified in the component unit’s articles of incorporation or bylaws, AND

The component unit is not included in the financial reporting entity pursuant to the provisions of Statement 14.

Irrevocable Split-Interest Agreements: Statement 81

What: Statement 81 addresses irrevocable split-interest agreements, which are particularly prevalent among public colleges and universities and public healthcare entities

Why: Limited guidance exists for irrevocable split-interest agreements in which the government acts as trustee (and is one of the beneficiaries); no guidance exists for situations in which a third party is the trustee and the government is one of the beneficiaries; users need information about these arrangements

When: Effective for periods beginning after December 15, 2016

ScopeIrrevocable split-interest agreements for which the government is the intermediary (trustee or agent) and a beneficiary

Donor gives resources to government that also is a beneficiary in the agreement

Lead interest: payments during the life of the agreement, generally to non-governmental beneficiary Remainder interest: assets remaining at termination of the agreement; generally goes to government

Scope (cont.)

Beneficial interests in resources held and administered by 3rd parties

Refers to the right to receive resources in a future reporting period, from resources administered by a 3rd party

Pension Issues: Statement 82

What: Statement 82 addresses concerns raised by stakeholders during the implementation process of Statements 67 & 68

Why: The Board addresses requests to revisit existing standards when the concerns are significant and raise new issues

Pension Issues: Statement 82 (cont.)When: Effective for reporting periods beginning after June 15, 2016, except requirements related to the selection of assumptions in a circumstance in which an employer’s NPL is measured as of a date other than the employer’s most recent FYE.

In that circumstance, those requirements are effective for that employer in the first reporting period in which the measurement date of the NPL is on or after June 15, 2017 or later

Exposure Draft, LeasesWhat: The GASB has proposed revisions to existing standards on lease accounting and financial reporting (primarily Statement 62) based on public comments received on the November 2014 Preliminary Views

Why: The existing standards have been in effect for decades without review to determine if they remain appropriate and continue to result in useful information; FASB and IASB conducted a joint project to update their lease standards; opportunity to increase comparability and usefulness of information and reduce complexity for preparers

When: Comment period ended May 31, 2016; public hearings in June

Estimated to be adopted in 2020

Scope and ApproachApplied to any contract that meets the definition of a lease:

“A lease is a contract that conveys the right to use a nonfinancial asset (the underlying asset) for a period of time in an exchange or exchange-like transaction.”

Leases are financings of the right to use an underlying asset

Therefore, single approach applied to accounting for leases with some exceptions, such as short-term leases

What is proposed as the lease term?Lease term

Includes noncancellable period, plus periods covered by a lessee’s option to renew, if it is reasonably certain the option will be exercised

Excludes periods covered by a lessee’s option to terminate, if it is reasonably certain the option will be exercised

Excludes periods for which lessor only has, or lessee and lessor each have, the option to terminate (cancellable periods)

Fiscal funding/cancellation clauses considered like any other option to terminate

Proposed Lessee Reporting

Lessee recognition and measurementRecognize an intangible asset for the right to use the underlying asset and a liability for future payments

Proposed Lessee Reporting (cont.)Lessee recognition and measurement (continued)

Lease liability payments be discounted using the rate the lessor charges the lessee and if that rate cannot be readily determined, the lessee’s incremental borrowing rate

Initial measurement of a lease asset includes:The value of the initial lease liabilityAny prepayments (amounts paid for the lease prior to measuring the lease liability)Initial direct costs if they are ancillary charges to place the leased asset into use

Lease incentives received should be reductions in the cost of lease assets

Proposed Lessee Reporting (cont.)Lessee recognition and measurement (continued)

Lease liability remeasured by calculating amortization on discount (interest) and reducing liability for actual payments less amortizationLease asset amortized using a systematic and rational method over the shorter of the lease term or the useful life of the underlying asset

Classify the amortization of the lease asset as amortization expense and the amortization of the discount on the lease liability as interest expense

Reassessment of a lease liability when certain judgments change

Variety of disclosures proposed

Proposed Lessor ReportingLessor recognition and measurement

Recognize a lease receivable and deferred inflow of resources

Do not derecognize the underlying assetDiscount the lease receivable at the rate the lessor chargesThe leased asset should be depreciated, unless it is required to be returned in its original or enhanced condition or the leased asset has an indefinite useful lifeReceivable does not include variable lease payments that are dependent on a lessee’s performance or usage of an underlying asset

Proposed Lessor Reporting (cont.)Lessor recognition and measurement (continued)

Purchase option payments or termination penalties recognized when exercisedResidual value guarantees recognized as a receivable when the amount of the payment has been decided but not yet paidInitial measurement of the deferred inflow of resources includes the receivable amount plus cash received up frontRecognize revenue over the lease term on a systematic and rational basis

Initial ReportingAssets Liability Deferred Inflow

Lessee

Underlying asset

Value oflease liability plus

prepayments and initial direct costs that are

ancillary to place asset in use

Present value of future leasepayments (incl. fixed payments,

variable payments based on index or rate, reasonably certain

residual guarantees, etc.)

N/A

LessorLease receivable

Continue to report leased asset

N/A

Equal to leasereceivable plus any

cash received upfront that relates to

a future period

Subsequent ReportingAssets Liability Deferred Inflow

LesseeAmortize the intangible

asset over shorterof useful life or lease term

Reduce by lease payments(less amount

for interest expense)N/A

Lessor Depreciate leased asset

Reduce receivable by lease payments

N/A

Recognize revenue over the lease term in

a systematic and rational manner

Short-Term LeasesAt beginning of lease, maximum possible term under the contract is 12 months or lessLessees recognize expenses/expenditures based on the terms of the contract

Do not recognize assets or liabilities associated with the right to use the underlying asset for short-term leases

Lessors recognize lease payments as revenue based on the payment provisions of the contract

Do not recognize receivables or deferred inflows associated with the lease

Leases: Other ProvisionsLease terminations—lessee and lessorLease modifications—lessee and lessorLeases with multiple componentsContract combinationsSubleasesLeases with related parties and component unitsSale-leasebacks and lease-leasebacks

Exposure Draft, Fiduciary ActivitiesWhat: The GASB has proposed standards that clarify when a government has a fiduciary responsibility and is required to present fiduciary fund financial statements

Why: Existing standards require reporting of fiduciary responsibilities but do not define what they are; use of private-purpose trust funds and agency funds is inconsistent; business-type activities are uncertain about how to report fiduciary activities

When: Comment deadline was March 31, 2016; public hearing on April 21 in Rosemont, IL

Estimated to be adopted in 2019

Proposal: When Is a Government a Fiduciary?

An activity is a fiduciary activity of a government if (1) the government controls the assets of the activity, (2) those assets are not derived solely from the government’s own-source revenue, and (3) one of the following is met:

The assets are administered through a trust agreement or equivalent arrangement in which the government itself is not a beneficiary

Proposal: When Is a Government a Fiduciary? (cont.)

The assets are to be used for the benefit of individuals that are not required to be residents or recipients of the government’s good and services as a condition of being a beneficiaryThe assets are to be used for the benefit of organizations or other governments that are neither part of the financial reporting entity nor recipients of the government’s goods or servicesThe assets result from a pass-through grant for which the government does not have administrative or direct financial involvement in the program

Proposal: When Is a Government ControllingResources?

A government controls the assets of an activity if:The government holds the assets.The government has the ability to direct2 the use, exchange, or employment of the assets in a manner that provides benefits to the specified or intended recipients. Restrictions from legal or other external restraints that stipulate the assets can be used only for a specific purpose do not negate a government’s control of the assets.

Proposal—Initial ConsiderationsIf the assets are from a pass-through grant, apply the reporting provisions in Statement 24If the assets are for post employment benefits, and are controlled by the government, follow the reporting guidance in the relevant pension or OPEB standard.

Trust or equivalent arrangement?If the assets are not derived primarily from the government’s own source revenues

Does the government control the assets?Who are the beneficiaries?

Who are the Beneficiaries?Are the resources to be used for the benefit of:

the government itself?individuals that are residents or recipients of the government’s services as a condition of being a beneficiary?organizations or other governments that are part of the financial reporting entity?

Yes--the resources are reported as assets of governmental or business type activities and the inflows and outflows are recognized as revenues and expenses/expendituresNo--the resources are reported in a fiduciary fund

What type of fiduciary fund?

Proposals: Fund Types and Stand-AloneBTAs

Fiduciary fund types:New definitions for pension trust funds, investment trust funds, and private-purpose trust funds that focus on the resources that should be reported within each.

A stand alone BTA’s fiduciary activities should be reported in separate fiduciary fund financial statements.

Resources expected to be held 3 months or less can be reported instead in the statement of net position, with inflows and outflows reported as operating cash flows in the statement of cash flows

Other ProposalsPresent additions disaggregated by source and, if applicable, separately display investment income and investment costs

Present deductions disaggregated by type and, if applicable, separately display administrative costs

Applies to statement of changes in fiduciary net position for all fiduciary funds except custodial funds held for three months or less

For these custodial funds, governments would be allowed to report total additions and total deductions in the aggregate, as long as the descriptions of the totals are sufficient to indicate the nature of the resource flows

Exposure Draft, Certain Asset Retirement Obligations

What: The GASB has proposed accounting and financial reporting standards for legal obligations to retire certain capital assets, such as nuclear power plants

Why: Existing standards (Statement 18) address only municipal landfills but governments have retirement obligations for other types of capital assets. There is diversity in practice for these other types.

When: Comment deadline was March 31, 2016

Estimated to be adopted in 2019

Proposals: Definition & ScopeAsset retirement obligation— A legal obligation associated with the retirement of a capital asset

Retirement of a tangible capital asset--The other-than-temporary removal of a capital asset from service (such as from sale, abandonment, recycling, or disposal)

Would include:Retirement of tangible capital assets, for example:

Nuclear power plant decommissioningCoal ash pond closure (those that are not landfills)Contractually required land restoration such as removal of wind turbines

Financial Reporting Model -Re-examination of Statement 34

What: In September 2015, the Board decided to add a project to examine the effectiveness of the financial reporting model –Statements 34, 35, 37, 41, and 46, and Interpretation 6

Why: The GASB is committed not only to establishing standards but also to ensuring that they continue to be effective; most of the requirements of Statement 34 became effective between 2002 and 2004; the provisions related to reporting existing general infrastructure assets were fully effective in 2006 and 2007

When: Initial due process document expected at the end of 2016

Estimated to be adopted in 2021

Governmental Funds

Tentatively developing three possible recognition approaches to replace current financial resources/modified accrual:

Near-term financial resources

Working capital

Total financial resources

Other Topics to Be Addressed in the Project

Management’s Discussion and Analysis (MD&A)—options for enhancing the financial statement analysis component, eliminating requirements that are boilerplate and no longer necessary

Major Funds—explore options for providing additional information about debt service funds, either individually or in aggregate in the financial statements or the notesProprietary Fund and Business-Type Activity (BTA) Financial Statements—explore operating performance measure alternatives

Other Topics to Be Addressed in the ProjectExtraordinary and Special Items—explore options for clarifying the guidance for more consistent reporting

Fiduciary Fund Financial Statements—explore where these financial statements should be presented in the basic financial statements

Budgetary Comparisons—explore the appropriate method of communication (either as basic financial statements or required supplementary information) and which budget variances, if any, should be required to be presented

Certain Debt ExtinguishmentsWhat: In September 2015, the Board added a project to consider whether guidance is needed for debt refundings that use a government’s existing resources

Why: Research found that Statements 7 and 23 on debt refundings and Statement 62 on debt extinguishments are working effectively, but that standards may be needed for refundings with existing resources

When: Deliberations began in February 2016, ED currently in process

Estimated to be adopted in 2017

Omnibus

What: In April 2016, the Board added a project to consider amendments to certain existing literature

Why: The Board periodically reviews the need for amendments to existing literature based on stakeholder feedback and technical inquiries. Omnibus projects are used to address issues in multiple pronouncements that, individually, would not justify a separate project.

When: Deliberations began in May 2016

Estimated to be adopted in 2017

Topics to Be Considered

Requirements for blending component units for single column business-type activities

Reporting of existing goodwill

Clarifications to Statement 72 for (1) classification of multi-use assets and (2) measurement of money market investments and participating interest earning investment contracts at amortized cost

Recognition of on-behalf payments by employers in financial statements prepared using the current financial resources measurement focus

Topics to Be Considered (cont.)

Applicability of Statement 75 for employers whose employees are provided with OPEB through multiple employer defined benefit OPEB plans that have characteristics similar to those identified in Statement 78

Presentation of payroll-related measures in required supplementary information for purposes of Statements 73, 74, and 75

Requirements for employer-paid member contributions for OPEB

Revenue and Expense Recognition

What: Development of a comprehensive application model for recognition of revenues and expenses from nonexchange, exchange, and exchange-like transactions

Why: Stakeholders have raised questions about how to account for revenues from transactions that are neither fully exchange or nonexchange; the revenue recognition standards incorporated in Statement 62 have not been revised for governments in nearly 50 years; current literature does not provide guidance for exchange and exchange-like expenses

When: The Board added the project in April 2016

Estimated to be adopted in 2018

Topics to Be ConsideredShould revenue recognized at the time of sale or when (or as) the obligation is fulfilled?

Should a performance obligation approach be used for transactions of a government? If so, for which transactions?

Should guidance for nonexchange transactions be revised in light of the GASB Concepts Statements?

Should guidance be developed for exchange expenses that are not in the scope of existing guidance?

Should additional information be disclosed regarding revenue and expense transactions?

GASB Statement No. 72 Fair Value Measurement and Application

Presented by: Michael D. Futterman

The Board issued Statement 72 to update the existing standards on fair value (primarily Statement 31)

Review of existing standards (GASBs 25, 31, 34, 40, 53) found opportunities to improve the measurement of resources available to governments, and to increase comparability and accountability

Includes a more detailed definition of fair value and accepted valuation techniques

What and Why?

3

Governments that may have started to implement Statement 72 may have noticed how their investments are not quite comparable to a similar government’s investments.

Unlike many standards, Statement 72 is not a “one disclosure fits all” standard.

General purpose governments (state and local) will have an easier time than Pension and OPEB Plans.

What and Why?

4

The price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date.

An exit price v.s. entry priceOther characteristics of fair value

Market-basedBased on a government’s principal or most advantageous market

Fair Value Definition

5

Active MarketA market in which transactions for an asset or liability take place with sufficient frequency and volume to provide pricing information on an ongoing basis.

Exchange MarketA market in which closing prices are both readily available and generally representative of fair value. An example of such a market is the New York Stock Exchange.

More Definitions

6

Principal MarketThe market with the greatest volume and level of activity for an asset or liability.

Most Advantageous MarketThe market that maximizes the amount that would be received to sell an asset or minimizes the amount that would be paid to transfer a liability, after taking into account transaction costs and transportation costs.

More Definitions

7

Market ParticipantsBuyers and sellers that (1) are in the principal (or most advantageous) market for an asset or liability and (2) have all of the following characteristics:a. They are independent of each other. That is, they are not

related parties, although the price in a related-party transaction may be used as an input to a fair value measurement if a government has evidence that the transaction was entered into at market terms.

More Definitions

8

Market Participants (cont.)

b. They are knowledgeable, having a reasonable understanding about the asset or liability and the transaction using all available information, including information that might be obtained through due diligence efforts that are usual and customary.

c. They are able to enter into a transaction for the asset or liability.

d. They are willing to enter into a transaction for the asset or liability. That is, they are motivated but not forced or otherwise compelled to do so.

More Definitions

9

Measurement DateThe date as of which the fair value of an asset or liability is determined.

InputsThe assumptions that market participants would use when pricing an asset or liability, including assumptions about risk, such as the following:

a. The risk inherent in a particular valuation technique used to measure fair value (such as a pricing model)

b. The risk inherent in the inputs to the valuation technique.

Inputs may be observable or unobservable.

More Definitions

10

Observable InputsInputs that are developed using market data, such as publicly available information about actual events or transactions, and which reflect the assumptions that market participants would use when pricing an asset or liability.

Unobservable InputsInputs for which market data are not available and that are developed using the best information available about the assumptions that market participants would use when pricing an asset or liability.

Unit of AccountThe level at which an asset or liability is aggregated or disaggregated formeasurement, recognition or disclosure purposes.

More Definitions

11

Apply valuation technique(s) that best represents fair value in the circumstances – market approach, cost approach, and income approach (transaction costs are excluded)

Market approach – Using prices and other relevant information generated by market transactions involving identical or similar assets or liabilities

Valuation Techniques

12

Cost approach – Amount that would be required currently to replace the service capacity of an asset

Income approach – Converts expected future amounts (for example, cash flows) to a single current amount (that is, discounted)

Revisions due to a change in valuation technique(s) are considered a change in accounting estimate

Valuation Techniques

13

Inputs:Level 1: quoted prices (unadjusted) in active markets for identical assets or liabilities, most reliable

Level 2: quoted prices for similar assets or liabilities, quoted prices for identical or similar assets or liabilities in markets that are not active, or other than quoted prices that are observable

Level 3: unobservable inputs, least reliable

Maximize use of relevant observable inputs and minimize use of unobservable inputs

Valuation Techniques

14

Fair Value Hierarchy - Examples

1 2 3

• Mutual Funds• Equity securities

included in the S&P 500

• Listed futures and options contracts

• U.S. Government and Agency bonds

• Corporate bond issuances not traded in an active market

• Certain mortgage-backed and asset-backed securities

• Municipal bonds not traded in an active market

• Interest rate swaps• Some U.S. Govern-

ment agency bonds

• Subordinate (residual) tranches in securitization structures

• Private equity investments

• Most nonfinancial assets

15

Assets that meet the definition of an investment generally should be measured at fair value

Exception to fair value (such as money market investments, life insurance, fully benefit responsive investment contracts, GICs, and investments in 2a7-like pools) would remain

Definition of an investment: A security or other asset that a government holds primarily for the purpose of income or profit and with a present service capacity that is based solely on its ability to generate cash or to be sold to generate cash

Service capacity refers to a government’s mission to provide services

Held primarily for earnings or gains

Investments and Fair Value

16

Unit of AccountLevel at which an asset or a liability is aggregated or disaggregatedExamples of the Application of the Unit of Account (GASB 72, Appendix C, Illustration 1)- Multiple Investments – Each individual security- External Investment Pool – Each share held- Mutual Fund – Each share held- Limited Partnership – Ownership interest in LP

Fair Value

17

InvestmentInvestments in nonparticipating interest-earning investment contracts

Investments in unallocated insurance contracts

Money market inv. And participating interest-earning inv. Contracts with remaining maturity at time of purchase of one year or less

Investments held by qualifying external investment pools

Synthetic guaranteed investment contracts (GICs) that are fully benefit responsive

Investments in life insurance contracts

Donated capital assets, works of art, historical treasures, and similar assets

Capital assets received in a service concession arrangement

Investments and Other Assets NOT Measured at Fair Value

AccountingCost based measure per GASB 31, paragraph 8

Reported as interest-earning investment contracts per GASB 31, paragraph 8 and GASB 59 paragraph 4

Amortized cost per GASB 31, paragraph 9

Amortized cost per GASB 79, paragraph 4

Amortized cost per GASB 79, paragraph 41, if the pool meets the criteria to measure its investments at amortized cost

Contract value per GASB 53, paragraph 67

Cash surrender value

Acquisition value

Acquisition value

18

GASB Statement No. 72 allows but does not require investors to use NAV as a practical expedient for the fair value of investments that report NAV as long as:

Fair value is not readily determinableNAV is calculated as of the government’s measurement dateNAV is calculated in a manner consistent with the FASB’s measurement principles for investment companiesIt is not probable that all or a portion of the investment will be sold at an amount other than NAV

Equity security has a readily determinable fair value if it meets any of the following:

Sale price or bid-and-asked quotations are currently available on a securities exchange registered with the SEC or in the over-the-counter market with publicly reported quotations

Using NAV as a Practical Expedient to Fair Value

19

Equity security traded on a foreign market that is of breadth and scope of one of the U.S. marketsMutual fund fair value per share is determined and published and is the basis for current transactions

NAV should be the fair value of all assets owned by a fund, minus the fair value of all liabilities, divided by the number of units issuedAdjustments to reported NAV may be needed if:

NAV is not calculated as of the measurement dateNAV is not calculated in a manner consistent with the measurement principles or investment companies

Using NAV as a Practical Expedient to Fair Value

20

The following information for each class or type of assets and/or liabilities measured at fair value should be disclosed:

The fair value measurement at the end of the reporting period for recurring fair value measurement (each year) and for nonrecurring (specific events) fair value measurements, the reasons for the measurement

The level of the fair value hierarchy within which the fair value measurements are categorized in their entirety (Level 1, 2, or 3)

A description of the valuation technique(s) or change in valuation techniques with significant impact and reason for change

Disclosures

21

Managing Investments

Management reviews the entity’s financial statements on a periodic basis and investigates significant variances from budgets and expected results.

Interest and dividend income calculations and accruals are reviewed.

Third-party statements are reconciled to sub-ledger and general ledger account(s).

Investment and derivative instruments activity is reviewed at regular intervals by an appropriate level of management.

Internal Controls Over Investments

22

Management approves investment and derivative instruments transactions to ensure that they are valid and in compliance with the entity’s policies and procedures.

Periodically, an investment committee, appropriate member of management, or another appropriate person reviews investments and investment return for accuracy and compliance with restrictions or limitations imposed by laws, funding sources, or the governing body.

Accounting policies and procedures specify the correct treatment for valuing investments and derivative instruments, including those requiring management’s estimates and judgments.

Internal Controls Over Investments

23

Possible Approaches to Testing Measurement

24

Developing an independent

fair value estimate

Substantive evidence for fair value

measurements

Testing management’s

process

TestingSubsequent Events and

Transactions

Relevant events and transactions after the date of the statement of financial position but before the date of the auditor’s report may provide persuasive audit evidence regarding management’s fair value estimate.

Reviewing relevant subsequent events and transactions to determine if any comparable transactions exist.Obtaining information regarding executed client transactions on or around the measurement date for the same, or substantially the same, investments.Assessing the relevance and reliability of comparable subsequent transactions.

Testing Subsequent Events and Transactions

25

Identifying assets (or liabilities) where fair value application is required?

Identifying investments where fair value application is NOT required?

Is the unit of account appropriate?

Determined valuation technique? Does this maximize observable inputs and minimize unobservable inputs? Considered the consistent application?

Determined audit approach for testing value?

Common Statement 72 Implementation Issues

26

27

28

Example 1 General Purpose Government (cont.)

29

30

31

32

33

Questions?

34

R E G U L A T I O N , R A T E S A N D O P P O R T U N I T Y

The Marcum Governmental Symposium

October 2016

Chase, J.P. Morgan, and JPMorgan Chase are marketing names for certain businesses of JPMorgan Chase & Co. and its subsidiaries worldwide (collectively, “JPMC”). This document was prepared solely and exclusively for the benefit and internal use of the party to whom it is directly addressed and delivered (the “Company”) in order to make a preliminary presentation to the Company regarding certain products or services that might be provided by JPMC. This document and any related presentation materials are for discussion purposes only and are incomplete without reference to, and should be viewed solely in conjunction with, a related oral briefing provided by JPMC. This presentation does not constitute a commitment by any JPMC entity to extend or arrange credit or to provide any other services. The Materials and oral briefing (collectively the “Information”) contain information which is confidential and proprietary to JPMC and may only be used by the Company for the purpose of evaluating the products and services described in the Information and may not be copied, published, disclosed or used, in whole or in part, for any other purpose other than as expressly authorized by a JPMC entity.In preparing the Information, JPMC has relied upon and assumed, without independent verification, the accuracy and completeness of information available from public sources or provided to it by or on behalf of the Company. JPMC does not guarantee the accuracy, completeness or reliability of that information. JPMC’s opinions and estimates contained herein reflect prevailing conditions and our views as of this date, which are accordingly subject to change, and should be regarded as indicative, preliminary and for illustrative purposes only. Our analyses are not and do not purport to be appraisals of the assets, stock, or business of the Company or any other entity.The Information is not intended and shall not be deemed to constitute or contain advice on legal, tax, investment, accounting, regulatory, technology or other matters on which the Company may rely, and the Company should consult with its own financial, legal, tax, accounting, compliance, treasury, technology, information system or similar advisors prior to entering into any agreement for JPMC products or services. The Company is responsible for its own independent assessment as to the cost, benefit, suitability and appropriateness of any products or services it obtains from JPMC. JPMC makes no representations as to the actual value which may be received in connection with any JPMC product or service or the legal, tax, or accounting implications of consummating any transaction contemplated by the Information.The Information contained herein is intended as general market and/or economic commentary, does not constitute and should not be treated as J.P. Morgan research. The Information may differ from that contained in J.P. Morgan research reports. The Information is not intended as nor shall it be deemed to constitute advice or a recommendation regarding the issuance of municipal securities or the use of any municipal financial products. JPMC is not providing any such advice or acting as the Company’s agent, fiduciary or advisor, including, without limitation, as a Municipal Advisor under Section 15B of the Securities and Exchange Act of 1934, as amended.The Information does not purport to set forth all applicable terms or issues and are not intended as an offer or solicitation for the purchase or sale of any financial product or service or a commitment by JPMC as to the availability of any such product or service at any time. JPMC products and services are subject to applicable laws, regulations, service terms and policies of JPMC. Not all products and services are available in all geographic areas or to all customers. Eligibility for particular products and services is subject to satisfaction of applicable legal, tax, risk, credit and other due diligence, JPMC’s “know your customer,” anti-money laundering, anti-terrorism and other policies and procedures.Products and services may be provided by commercial bank affiliates, securities affiliates or other JPMC affiliates or entities. In particular, securities brokerage services other than those which can be provided by commercial bank affiliates under applicable law will be provided by registered broker/dealer affiliates such as J.P. Morgan Securities LLC, J.P. Morgan Institutional Investments Inc. or by such other affiliates as may be appropriate to provide such services under applicable law. Such securities are not deposits or other obligations of any such commercial bank, are not guaranteed by any such commercial bank and are not insured by the Federal Deposit Insurance Corporation.All trademarks, trade names and service marks appearing in the Information are the property of their respective registered owners. © 2016 JPMorgan Chase & Co. All rights reserved.

RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Basel III – a comprehensive set of reforms with several goals

The Changing Regulatory Environment

Protect the market andbroader economy from the impact of an isolated stress

event in a single bank

Improve the banking sector’s ability to

absorb shocks arisingfrom financial and economic stress

Strengthen regulation, supervision and riskmanagement in the

banking sector

Ensure banks have reliable, stable sources of funding in times of

stability and stress

Ensure banks have reliable, stable sources of funding in times of

stability and stress

Ensure banks have reliable, stable sources of funding in times of

stability and stress

Basel III

Basel III was developed by the Bank for International Settlements (“BIS”) which was established in 1930; the goal is to help central banks with monetary and financial stability. Their head office is in Basel, Switzerland.

1RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

US Basel III Components – Capital and Liquidity

Capital and Liquidity – Two sides of the Same Coin

Capital and Liquidity

Asset size based CushionCounterparty

Risk Based

Liquidity Coverage

RatioNet Stable

Funding Ratio

2RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Capital Measurements – Asset-Based Considerations

BIS Standardized Capital Requirements

All asset types are allocated full capital requirement with minimal modificationU.S. Treasuries and other assets with full U.S. Guarantee – 0% capital requirementMunicipal General Obligations 20% capital requirementMunicipal Revenue Obligations 50% capital requirementCorporate Loans 100% capital requirements

U.S. Supplemental Leverage Ratio (“SLR”)All assets require 3% capital For GSIBs, all assets require 6% capital

3RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Capital Measurements – Counterparty Risk Considerations

BIS III – Advanced Capital Requirements

Banks model various risks and assign capital. Factors include:

Counterparty Credit Risk

Operational risk component

Market risk component

Comprehensive Capital Analysis and Review (“CCAR”) – Economic Stress Testing

“The Comprehensive Capital Analysis and Review (CCAR) is an annual exercise by the Federal Reserve to assess whether the largest bank holding companies operating in the United States have sufficient capital to continue operations throughout times of economic and financial stress and that they have robust, forward-looking capital-planning processes that account for their unique risks.” ¹

1. Board of Governors of the Federal Reserve System; Banking Information and Regulation; June 2014

4RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Capital Measurements – Cushion Considerations

GSIB – Additional Capital for Size and Complexity of Institution

TLAC – Additional Capital and Liquidity

TLAC requirements aim to bolster GSIBs’ capital and leverage ratios, ensuring these banks are equipped to continue critical functions without threatening financial market stability or requiring further taxpayer support

US G-SIB guidelines announced by the Fed in December 2014

Identified U.S. G-SIBs are: Bank of America, Bank of New York Mellon, Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley, State Street and Wells Fargo

U.S. G-SIB capital buffer percentage ranges from 0% to over 5.5%

U.S. method for G-SIB calculation varies from the Basel Committee calculation by including Short-termWholesale Funding (STWF); which adds further pressure on these banks’ treatment of non-operatingdeposit balances

SizeInter-

connectednessComplexity

Cross-

jurisdictional

Activity

Short-TermWholesaleFunding(<1 year)

5RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Liquidity Coverage Ratio (LCR)

Net Stable Funding Ratio (NSFR)

LCR requires banks to hold enough high quality liquid assets (HQLA) in reserve to meet all liabilities in a 30-day stress scenario

NSFR seeks to reduce a bank’s funding risk over a one-year horizon by promoting longer term funding sources

HQLA

Net Cash Outflows 100%

Incentive for banks to hold more HQLAHQLA includes cash, central bank reserves, government securities, corporate debt securities, etc.Potentially limits banks capacity to make loans

Stable Funding

Weighted long-term assets> 100%

Reduces dependency on short-term wholesale funding (STWF)Encourages better assessment of funding riskPromotes funding stabilityTargets mismatches between liquidity profile of a bank’s assets and liabilities

U.S. Basel III Components – Liquidity

These financial measures focus on ensuring banks have available, reliable funding during times of stability and stress

6RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

The classification of the balance has a direct impact on the usability of that funding for banks and the opportunity for return.

Under the regulations, a higher percentage of non-operating balances need to be deployed against High Quality Liquid Assets (HQLA).

The Changing Regulatory Environment

Less Reliable Funding More Reliable Funding

Limited Return Increased Return

Non-OperatingDeposits

OperatingDeposits

HQLA Loans/ Securities

Liabilities

Assets

HQLA (e.g. U.S. Treasuries) provide liquidity and reliability but offer reduced return when compared with the return opportunity for reliable funding deployed against a traditional bank loan.

Restrictions on the use of non-operating balances limit the opportunity for return

Bank funding sources: usability and return

7RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Liquidity linked to operating services

Non-operating / Wholesale liquidity

For every $100MM in wholesale (“corporate”) deposits: 30 day run-off during a market event 25%Required bank liquidity $25MM

For every $100MM in deposits: Corporates, Sovereigns, Central Banks and Public Sector Entities (PSE):

– 30 day run-off during a market event 40%– Required bank liquidity $40MMFinancial institution (FI) and correspondent banking balances:

– 30 day run-off during a market event 100%– Required bank liquidity $100MM

What Are the Key Impacts of the Basel III Framework on Deposits?

8RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Key TakeawaysKey Takeaways

What Are the Key Impacts of the Basel III Framework on Deposits?

There will be more demand for HQLA under the new regulations potentially impacting the supply available to serve as collateral for Public Sector deposits

Banks will carry significantly higher costs on public sector and non-operating balances vs. Corporate operating balances which may impact available yields

There could be a disparity between how clients define operating balances and what the regulators will permit banks to classify as operating balances

Banks will likely channel certain non-operating funding to appropriate off–balance sheet vehicles such as Money Market Mutual Funds

9RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

SEC money market fund reforms – 2014

New amendments to Rule 2a-7 further strengthen this short-term investment vehicle

SEC MONEY MARKET FUND REFORMS

A floating net asset value (NAV) is now required of certain types of funds

Fund Boards may use liquidity fees and redemption gates

Additional reforms enhance disclosure and reporting

Greater diversification and stress testing required

10

RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Floating NAV

Certain money market funds can no longer transact at a stable $1.00 NAV and face potential tax complications

Institutional prime/municipal money market funds (not government money market funds) Required to value portfolio securities based on current market value and must round their NAV to four decimal places, rather than rounding to the nearest penny

Floating NAV money market funds may face potential tax complications. These are mitigated by regulations issued by the U.S. Department of Treasury and the IRS that offer a simplified tax accounting method to track gains and losses.

Government money market funds Must invest at least 99.5% of total assets in cash/government securities and/or qualified repurchase agreements

Retail money market fundsMust comply with “natural persons” test

Must now useFLOATING

NAV

May continueto use a

STABLENAV

11

RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Liquidity fees and redemption gates for institutional prime/municipal and retail money market funds

Fund Boards now have new ways to directly address a run on a fund. Government money market funds are not required to be subject to the provisions, but may opt into them if properly disclosed.

Fees and gates must be removed when a fund passes above 30% weekly liquid assets and can be removed in a Board’s discretion.

$FUND BOARDS MAY IMPOSE FEES UP TO 2% ON ALL REDEMPTIONS IF:

The fund’s level of weekly liquid assets falls below 30% of its total assets and the fund’s Board determines that such a fee is in the best interest of the fund

FUND BOARDS MUST IMPOSE A 1% FEE ON ALL REDEMPTIONS IF:

The fund’s weekly liquid assets fall below 10% of its total assetsException: The fee does not have to be implemented if the fund’s Board determines that such a fee is not in the best interest of the fund or that a lower or higher (up to 2%) liquidity fee is more appropriate

FUND BOARDS MAY IMPOSE FEES UP TO 2% ON ALL REDEMPTIONS IF:

The fund’s level of weekly liquid assets falls below 30% of its total assets and the fund’s Board determines that such a fee is in the best interest of the fund

FUND BOARDS MUST IMPOSE A 1% FEE ON ALL REDEMPTIONS IF:

The fund’s weekly liquid assets fall below 10% of its total assetsException: The fee does not have to be implemented if the fund’s Board determines that such a fee is not in the best interest of the fund or that a lower or higher (up to 2%) liquidity fee is more appropriate

FUND BOARDS MAY SUSPEND WITHDRAWALS FROM THE FUND IF:

The fund’s level of weekly liquid assets falls below 30%

The fund’s Board determines that imposing such a gate is in the fund’s best interest

GATES ARE LIMITED TO NO MORE THAN 10 BUSINESS DAYS IN ANY CONSECUTIVE 90-DAY PERIOD

FUND BOARDS MAY SUSPEND WITHDRAWALS FROM THE FUND IF:

The fund’s level of weekly liquid assets falls below 30%

The fund’s Board determines that imposing such a gate is in the fund’s best interest

GATES ARE LIMITED TO NO MORE THAN 10 BUSINESS DAYS IN ANY CONSECUTIVE 90-DAY PERIOD

LIQUIDITY FEES REDEMPTION GATES

12

Required compliance with the final, most significant amendments of the 2014 reforms took place on October 14, 2016.

RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

$0

$500

$1,000

$1,500

$2,000

$2,500

0.00

0.10

0.20

0.30

0.40

0.50

0.60

0.70

0.80

0.90

1.00

2010 2011 2012 2013 2014 2015 2016

$ Bi

llions%

3 month LIBOR Prime Fund Assets Government Fund Assets

Money Fund Reform Impact on Money Market Fund Flows & Interest Rates

13

Money Market Fund balances

3 month LIBOR

Government fund balances surpassed Prime fund balances in early 2016 with the differential widening YTDPrime fund balances down $820B YTD & ~$460B since Aug 1st. Nearly 1:1 increase in Government fund balances YTD Prime fund outflows expected to stabilize as yield differential vs. Government funds eventually widen, likely 1Q17

As Prime funds position for outflows, there is less demand for bank commercial paper issuances with maturities past Oct 14th which has caused a spike in 3 month LIBOR despite a stable Target Fed Funds rate

Source: iMoneyNet, JPMorgan Markets

Overview: U.S. interest rates are expected to rise but global economic conditions & regulatory changes have a significant impact on the banking industry and liquidity management strategies.

RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

Deposits are viewed differently in the new regulatory environmentCertain deposit types will be more valuable than others to banksClients may need to revisit their liquidity strategy and investment policies

Deposits are viewed differently in the new regulatory environmentCertain deposit types will be more valuable than others to banksClients may need to revisit their liquidity strategy and investment policies

Basel III highlightsImpact Public Sector depositsMoney Market Fund Reform

Basel III highlightsImpact Public Sector depositsMoney Market Fund Reform

Potentialimpacts and ways to adapt

Potentialimpacts and ways to adapt

RegulatoryChangesRegulatoryChanges

Market Rate HistoryDrivers of U.S. Interest Rate PolicyInterest Rate Outlook

Market Rate HistoryDrivers of U.S. Interest Rate PolicyInterest Rate Outlook

Interest Rate OverviewInterest Rate Overview

Interest Rate History & Outlook

Breakdown of Key Regulatory Changes

What it Could Mean For You

14

Market Interest Rate History

Historical Perspective: Rates are still near all time lowsR

EG

UL

AT

ION

, R

AT

ES

AN

D O

PP

OR

TU

NIT

Y

Source: Federal Reserve Bank of St. Louis

15

What factors does the Fed consider when deciding to adjust interest rates?R

EG

UL

AT

ION

, R

AT

ES

AN

D O

PP

OR

TU

NIT

Y

The Federal Open Market Committee’s stated objectives when setting target interest rates are:Full employment with a stable unemployment rate between 4%-6% Stable Inflation levels with a core inflation target of 2%

16

Sept Unemployment rate: 5.0%

Aug. Inflation (Core PCE): 1.69%

2% Inflation target

Additional factors impacting U.S. monetary policyR

EG

UL

AT

ION

, R

AT

ES

AN

D O

PP

OR

TU

NIT

Y

Unemployment Rate

U.S.& Global GDP growth

Wage Growth & Labor Market

Slack

Strength of US Dollar vs. global currencies

Inflation Levels

In addition, many other factors are considered:

Foreign Central Bank policiesEnergy PricesHousing market conditions, etc.

While U.S. unemployment & inflation rates are two primary drivers of Fed policy, the U.S. economy is intertwined with global economic conditions which requires the Fed to consider many factors when setting rate policy including:

Despite improvements in the overall labor market, inflation has remained below the Federal Open Market Committee’s 2% target which, combined with global economic growth concerns, has allowed the FOMC to remain patient with regard to increasing interest rates.

17

0

0.5

1

1.5

2

2.5

3

3.5

%

Projected Fed Funds rate as of Dec. 2015 Projected Fed Funds rate as of Sept. 2016

Median FOMC forecast: Sept Median FOMC forecast: June 2016

Rates are expected to rise eventually but the timing & pace is still uncertainR

EG

UL

AT

ION

, R

AT

ES

AN

D O

PP

OR

TU

NIT

Y

The Fed Funds futures market has been volatile but predicts a slow pace of rate increases in 2016-17

There continues to be a divergence in FOMC published target fed funds rate estimates and “market” expectations

Source: U.S. Federal Open Market Committee, Bloomberg

18

Source: Bloomberg

Long run “normalized” TFF rate forecast at 2.9%

0%10%20%30%40%50%60%70%80%90%

100%

Jan. 2016 Feb:post stock

market decline

May:pre jobs report

June:post

disappointingMay jobs

report

June:pre-Brexit

June:post-Brexit

August:post-July jobs

report

August:post softer

inflation report

August:post-Fed

Jackson Holecomments

Sept:Post-Aug jobs

report

Sept: PostFed Meeting

Probability of a Sept. 2016 rate increase Probability of a Dec. 2016 rate increase

Rate Outlook takeaways:R

EG

UL

AT

ION

, R

AT

ES

AN

D O

PP

OR

TU

NIT

Y

Despite the 0.25% increase in the Target Fed Funds rate in December 2015, US interest rates remain near historic lows

With the FOMC’s dual mandate of stable inflation (2%) and full employment within sight, the FOMC has signaled that a rate increase could occur in 2016

The pace of future rate increases is expected to be gradual and data dependent particularly given global economic uncertainty and continued accommodative monetary policies worldwide

19

Impact to Banks How it may impact you

Higher capital reserve requirements for all deposit types particularly collateralized public sector funds and non-operating balances

Banks are impacted by enhanced capital requirements and higher regulatory compliance costs

Some types of deposits may no longer be attractive to some banks

Holistic banking relationships will be critical; operational accounts are keyBanks may look to channel excess non-operating liquidity into off balance sheet alternatives

Lower yields for excess liquidity is likely the new normal

Strategies for managing liquidity in the new environment

Consider collateral alternatives for public deposits including: Federal Home Loan Bank Standby Letters of CreditExpanded collateral types such as local municipal securitiesReduced or no collateral requirements for certain balances

Focus on forecasting and segmenting liquidity to maximize the value of cash throughout the cycles of receipts and payments

Optimizes operating cash, intermediate reserve cash as well as longer term strategic investment funds

Utilize direct investment in U.S. Treasury & Agency securities for excess non-operating liquidity

Improved Financial Regulation: What it could mean for you

20RE

GU

LA

TIO

N,

RA

TE

S A

ND

OP

PO

RT

UN

ITY

GASB 68, Revisited

presented by

Piotr Krekora,Moises D. Ariza, & Geovanne Neste

Objectives for The Session

GASB 68/71Overview of requirementsInvolvement of the ActuaryIssues and Struggles

Issues encountered and challengesBest PracticesYear 2 – What can we expect?

GASB Statement No. 73 and 82

2

GASB StatementsGASB Statement No. 68, Accounting and Financial Reporting for Pensions, Effective 6/30/15 [EMPLOYER]

This Statement replaces the requirements of Statement No. 27, Accounting for Pensions by State and Local Governmental Employers, as well as the requirements of Statement No. 50, Pension Disclosures, as they relate to pensions that are provided through pension plans administered as trusts or equivalent arrangements.

GASB Statement No. 71, Pension Transition for Contributions Made Subsequent to the Measurement Date (amendment of GASB Statement No. 68), Effective 6/30/15

3

Actuarial Valuations

4

Two Actuarial Valuation Reports Are NeededAV for Funding

AV for Accounting

Required to be performed at least every two years.If the date of the valuation report is not the measurement date the “Total Pension Liability (TPL)” needs to be rolled forward. (Note: Valuation report has to be performed as of a date no more than 30 months and 1 day prior to the employer's most recent year-end in order to be rolled forward). Entry age actuarial cost method ONLY is to be used for the actuarial present value of projected benefit payments

Measurement Date

5

ReportingDate (RD)9/30/16

Employer FYE

Measurement Date (MD)(Generally 9/30/15)

MD Must Be Within One Year of RD

Contributions Made - DeferredOutflow

Measurement Date (MD for FRS)

(Generally 6/30/16)

Remember .. GASB 67 does not use the term Measurement Date onlybecause, for plan reporting, all liabilities and assets are measured as of the plan’s Reporting Date; a plan’s Measurement Date = its Reporting Date. This is not necessarily true for the employer.

6

Impact on Employer Financial StatementsNet Pension Liability (“NPL”) is recorded on the employer’s statements prepared using the economic resources measurement focus and accrual basis of accounting (Government Wide for governmental funds and both fund level and government wide for enterprise funds.)

Changes in the components of the net pension liability will provide the pension expense, deferred inflows and deferred outflows that also need to be recorded

Recording Pension Expense: includes/considers: (a)changes in the total pension liability resulting from current-period service cost, (b) interest on the prior year total pension liability, (c)changes of benefit terms, (d) Projected earnings on the pension plan's investments and (e)Current period amortization of the deferred outflows and deferred inflows.

7

Impact on Employer Financial Statements (continued)

Deferred Outflows/Inflows of resources include:changes of economic and demographic assumptions or of other inputs.differences between expected and actual experience.Amortized over the average of the expected remaining service lives of all employees (active and inactive) that are provided with benefits through the pension plan.differences between the projected earnings on pension plan investments and actual experience. (Amortized over a closed period of five years)Employer contributions subsequent to the measurement date (deferred outflow).

8

Impact on Employer Financial Statements (continued)Notes to the financials should include:

Current year sources of changes in the NPL.Significant assumptions and other inputs used to calculate the TPL.The date of the actuarial valuation used to determine the TPLCurrent year sources of changes in the NPL.Significant assumptions and other inputs used to calculate the TPL.The date of the actuarial valuation used to determine the TPL

New Required Supplementary Information (RSI): 10 most recent fiscal years of:Sources of changes in the net pension liabilityThe components of the net pension liability and related ratios including the pension plan’s fiduciary net position as a percentage of the TPL, and the NPL as a percentage of covered-employee payroll.Notes to the RSI should include:

Significant methods and assumptions used in calculating the actuarially determined contributions.Factors that significantly affect trends in the amounts reported in the schedules (changes of benefit terms, change in size or composition of the population covered, etc.)

9

Impact on Cost-Sharing Employer Financial Statements

For FRS and HIS plans:Proportionate share of the NPL will be recorded on the employer’s statements prepared using the economic resources measurement focus and accrual basis of accounting. The amount is determined in a manner consistent with the method in which contributions to the pension plan are determined (i.e. covered payroll).A cost-sharing employer is required to recognize pension expense and report deferred outflows and deferred inflows related to pensions for its proportionate shares of collective pension expense and collective deferred outflows and deferred inflows related to pensions. A cost-sharing employer also has employer specific pension expense related to their change in proportion of contributions as of the measurement date.

10

FRS Investment Plan

For disclosure purposes, the FRS website provides the cost-sharing employer with a generic defined contribution disclosure related to the Plan. This information can be obtained at: http://www.dms.myflorida.com/workforce_operations/retirement/publications/annual_reports

The employer is responsible for determining the employer contribution amount related to the Investment Plan.

The employer contribution reported should be for the year presented in the cost-sharing employer’s financial statements.

Target Asset Allocation and Assumed Real Returns

11

Asset Class Target Allocation

Long-Term Expected Real Rate of Return

Allocation-Weighted Long-Term Expected Real Rate of

Return

Fixed Income 40% 2.25% 0.900%

Domestic Equity 40 5.95 2.380

International Equity 0 6.20 0.00

Private Equity 5 7.65 0.383

Real Estate 10 4.35 0.435

Commodities 0 2.10 0.000

Cash 5 0.05 0.003

Total 100% 4.10%

Expected Inflation 2.25%

Total Return 6.35%

Real rate is the rate above inflation.

Target Asset Allocation and Assumed Real Returns –Where do they come from?

12

Past vs. Forward-looking perspectives

Seek experts in forecasting

Turn to more than just one expert source

Rely more on mid-term forecasts than long-term

There is safety in consensus

Target Asset Allocation and Assumed Real Returns -Safety in Consensus

13

Sample Plan

These are arithmetic meansBased on a GRS library of 8 major investment consultants: Aon Hewitt*, BNY/Mellon, J.P. Morgan, Mercer*, NEPC, Pension Consulting Alliance, R.V. Kuhns & Associates, Willis Towers Watson*

Investment Consultant

Investment Consultant Expected

Nominal Return

Investment Consultant Inflation

AssumptionExpected Real Return (2)–(3)

Actuary Inflation Assumption

Expected Nominal Return

(4)+(5)

Passive Investment Expenses

ExpectedNominal Return Net of Expenses

(6)-(7)(1) (2) (3) (4) (5) (6) (7) (8)

1 4.93% 2.12% 2.81% 2.25% 5.06% 0.25% 4.81%2 5.61% 2.50% 3.11% 2.25% 5.36% 0.25% 5.11%3 5.71% 2.50% 3.21% 2.25% 5.46% 0.25% 5.21%4 5.52% 2.25% 3.27% 2.25% 5.52% 0.25% 5.27%5 5.70% 2.11% 3.60% 2.25% 5.85% 0.25% 5.60%6 6.03% 2.20% 3.83% 2.25% 6.08% 0.25% 5.83%7 6.34% 2.26% 4.08% 2.25% 6.33% 0.25% 6.08%8 6.55% 2.20% 4.35% 2.25% 6.60% 0.25% 6.35%

Average of 8 5.80% 2.27% 3.53% 2.25% 5.78% 0.25% 5.53%

Target Asset Allocation and Assumed Real Returns -No End Justifies the Means

14

Don’t be influenced by the answer you wantBe objective and detached when you adopt a forecast assumption for future investment returns.We cannot just wish or hope our way toward a given returnReturn assumption:

Is not a simple lever to tweak so as to obtain an affordable contributionIs our defensible and mainstream expected future net compound-average return of the portfolio over time useable in an actuarial valuation.

Sensitivity Exhibits – Return on Investments not Guaranteed

15

NPL Sensitivity to changes in the discount rate.

Problem: We don’t get to pick how much our investments earn

Current Single Rate

1% Decrease Assumption 1% Increase

6.00% 7.00% 8.00%

$ 33,000,000 $ 16,000,000 $ (1,000,000)

Sensitivity Exhibits – Return on Investments not Guaranteed

16

Arithmetic or Geometric

Stochastic returns, Volatility Drag.

Investment Consultant

ExpectedNominal Return Net of Expenses

Distribution of 15-Year Average Geometric Net Nominal Return

Probability of exceeding

40th 50th 60th 7.00%1 4.81% 3.84% 4.42% 5.00% 13.4%2 5.11% 4.08% 4.69% 5.30% 17.1%3 5.21% 4.21% 4.81% 5.41% 17.9%4 5.27% 4.08% 4.76% 5.43% 20.2%5 5.60% 4.56% 5.17% 5.78% 22.6%6 5.83% 4.86% 5.44% 6.03% 25.1%7 6.08% 5.06% 5.67% 6.27% 28.9%8 6.35% 5.15% 5.83% 6.51% 33.2%

Average of 8 5.53% 4.48% 5.10% 5.72% 22.3%

Sensitivity Exhibits – Return on Investments not Guaranteed

17

A different way to look at UAAL under uncertain returns.

18

Issues and ChallengesAvailability of GASB 68 Report (Timing):

Remember actuary needs a fully adjusted trail balance from the Plan to produce their valuation.

• Does this mean the actuary needs to wait until the plans financials are drafted?

• If the final audit net position of the Plan changes as compared to the unaudited figures, what impact will that have on the valuation timing?

A “stale” roll-forward valuation is provided but significant changes have occurred:

• Benefit provisions• Long term assumed rate of return• Changes in membership (retirement, layoffs, etc.)

19

Issues and ChallengesLong-term expected rate of return:

The long-term expected rate of return should be based on the nature and mix of current and expected pension plan investments over a period representative of the expected length of time between (a) the point at which an employee begins to provide service to the employer and (b) the point at which all benefits to the employee have been paid.The long-term expected rate of return should be determined net of pension plan investment expense but without reduction for pension plan administrative expense.Inconsistencies between amounts reported/confirmed by the Plans investment advisor and the amounts presented in the employers financial statements (based on Plans stand-alone).

20

Year 2 – What can we expect?Continued amortization of prior year recognized deferred inflows and outflowsRecording of newly established deferred inflows and outflowsExpensing of prior year deferred outflows related to contributions and recording of current year deferred outflows for contributions made after the MD.

FRS Schedules:To be available January 11, 2017Changes in Proportionate ShareDon’t forget Short-Term Liability Portion

21

Year 2 – What can we expect?Deferred Inflows and Outflows:

Continue to amortize the deferred inflows and deferred outflows from year 1

Same Amortization Period from YR-1

Add another “layer” in your deferral tracking sheet for YR-2

New amounts to amortize

Different amortization periods

22

Year 2 – What can we expect? – EXAMPLENet Pension Liability as of MD

9/30/2014 $10,000,000

9/30/2015 $11,500,000

Contributions Made Subsequent to MD

9/30/2014 $900,000

9/30/2015 $1,200,000

The Average of the expected remaining service lives of all employees :

9/30/2014 5 years

9/30/2015 6 years

23

Year 2 – What can we expect? – ExampleTHE EMPLOYERS REPORTING DATE IS 09/30/2016

Net Pension Liability as of MD Contributions Made Subsequent to MD9/30/2014 10,000,000$ 9/30/2014 900,000$ 9/30/2015 11,500,000$ 9/30/2015 1,200,000$

Deferred outlfows of resources: Life Amount Remaining 9/30/2016 9/30/2017 9/30/2018 9/30/2019 9/30/2020 9/30/2021Changes in assumptions:

9/30/2014 5 12,000 3,000 3,000 3,000 3,000 - - 9/30/2015 6 90,000 15,000 15,000 15,000 15,000 15,000 15,000

Difference between projected andactual earnings on investments

9/30/2014 5 - - - - - - 9/30/2015 5 125,000.00 25,000 25,000 25,000 25,000 25,000

Total Amortization - Deferred Ouflow 43,000 43,000 43,000 43,000 40,000 15,000

Deferred inflows of resources:Difference between expected and actual experience on the TPL

9/30/2014 5 - - - - - - - 9/30/2015 6 (30,000) (5,000) (5,000) (5,000) (5,000) (5,000) (5,000)

Difference between projected andactual earnings on investments

9/30/2014 5 (75,000.00) (18,750) (18,750) (18,750) (18,750) 9/30/2015 5 - - - - -

Total Amortization - Deferred Inflow (23,750) (23,750) (23,750) (23,750) (5,000) (5,000)

Net Amortization (PENSION EXPENSE) 19,250 19,250 19,250 19,250 35,000 10,000

Amortization Year = REPORT DATE

24

Year 2 – What can we expect? – Journal Entry

Entry # 1 Account Dr CrTo record the beginning Net Pension Liability and Deferred Outflow at MD 9/30/14, per GASB 68

Net Position 10,000,000 -Net Pension Liability - 10,000,000

Deferred Outflow 900,000 -Net Position - 900,000

Entry # 2 Account Dr CrTo record current year deferred outflow for employer contribution and change in NPL

Pension Expense 1,500,000 Net Pension Liability 1,500,000

Deferred Outflow 300,000 Pension Expense 300,000

25

Year 2 – What can we expect? – Journal EntryEntry # 3 Account Dr CrTo record opening D/O and D/I from Prior Year and Record CY D/O and D/I

Deferred Outflow - Changes in assumptions: 12,000 Deferred Inflow - Diffbetween projected and actual earnings on investments 75,000

Net Position 63,000 75,000 75,000

Deferred Outflow - Changes in assumptions: 90,000 Deferred Outflow - Diff. between projected and actual earnings on investments 125,000

Deferred Inflow - Diff.between expected and actual experience on the TPL 30,000 Pension Expense 185,000

215,000 215,000

Entry # 4 Account Dr CrTo record amortization of D/O and D/I

Amortization - Deferred Outflow 3,000 Amortization - Deferred Outflow 15,000 Amortization - Deferred Outflow 25,000

Amortization - Deferred Inflow 5,000 Amortization - Deferred Inflow 18,750

Pension Expense 19,250 43,000 43,000

26

NPL – Due within one year?GASB – Implementation Guide (2015-1)

7.22.6. Q – If a government reports a liability for pensions or OPEB in its government-wide statement of net positon, how is the “amount due within one year” determined?

A – If the employer reports a net pension liability under Statement 68, the amount of the net pension liability that is “due” within one year is the amount of benefit payments expected to be paid within one year, net of the pension plan's fiduciary net position available to pay that amount. Therefore, there would be no amount that is “due” within one year unless the pension plan's fiduciary net position is less than the amount of benefit payments expected to be paid within one year.

27

NPL – Due within one year? (continued)

28

NPL related to HIS should include a portion classified as “to be paid in one year” for the City’s proportionate share of the approximate $389.226 million ($440m less $50.774m)

NPL – Due within one year? (continued)

Implementation StoriesTalk to your providers before you revise entries

What happened to our Net Pension Asset?

One plan, or two (or three)?

Valuation Date vs. Measurement Date vs. Reporting Date.

29

30

Issues and Challenges – FRS SpecificConfusion as to what figures to use for the RSI schedules as they relate to covered employee payroll for September 30, 2016 year-end cost-sharing employers:

The cost-sharing employer’s covered payroll for purposes of the Schedule of Employer Contributions should be for the year ended September 30, 2016.The cost-sharing employer’s contractually required contributions for purposes of the Schedule of Employer Contributions should be for the year ended September 30, 2016.

Confusion as to what figures to use for the RSI schedules as they relate to covered employee payroll for September 30, 2016 year-end cost-sharing employers (continued):

Reporting these amounts as of June 30th is a common mistake made by employers. Check the prior year amounts reported.

For purposes of reporting covered employee payroll for the HIS Plan, cost-sharing employers may mistakenly omit Investment Plan payroll amounts which contributed to the HIS Plan.

31

32

GASB 73 OverviewThis statement sets the standards for the following:

Financial reporting for pension assets that are not within the scope of GASB Statement No. 68.Clarifying amendments to GASB Statements 67 and 68Accounting and Financial Reporting by Employers for pensions that are not within the scope of GASB Statement No. 68. This will require:

The Employer to provide financial note disclosures similar to those required by GASB Statement No. 68.Any assets related to the pension plan should be considered assets of the employer.A single employer will recognize the TPL as its pension liability.

33

Financial reporting for pension assets that are not within the scope of GASB Statement No. 68

Where are assets reported for pensions not administered through a trust?

As provided by GASB Statement No. 73, any assets accumulated for pension purposes not within the scope of GASB Statement No. 68 should be reported as assets of the employer.If the government holds the assets in a fiduciary capacity, these assets should be reported as an Agency Fund.

This requirement is effective for fiscal years beginning after June 15, 2015.

34

Clarifying amendments to GASB Statements 67 and 68

The following clarify amendments to GASB Statements 67 and 68, effective June 15, 2015:

Information in the Notes to the 10-year Schedules of Required Supplementary Information related to investment-related factors that significantly affect trends should be limited to factors over which the pension plan or employers have influence. External factors should not be presented.Other clarifying amendments include:

Accounting and financial reporting for separately finance specific liabilities.Revenue recognition for support of non-employer contributing entities that are not in a special funding situation.

35

Accounting and Financial Reporting by Employers for pensions that are not within the scope of GASB Statement No. 68

This statement is for accounting and financial reporting for pensions that are not within the scope of GASB Statement 68.Defined benefit and define contribution pensions are not within the scope of Statement No. 68 if they are not administered through trusts. The criteria of a pension administered trough a trust as defined by GASB are:

Contributions from employers to the pension plan are irrevocable, including investment earnings; Plan assets are dedicated to providing pensions to plan members in accordance with benefit terms; andPlan assets are legally protected from the creditors of the employers and plan administrator. For a DB pension plan, plan assets must also be legally protected from the creditors of plan members

36

Accounting and Financial Reporting by Employers for pensions that are not within the scope of GASB Statement No. 68 (Continued)

Employers will be reporting pension plans similar to reporting under GASB 68 with the following differences:

Since the assets accumulated for the pension plan are reported as assets of the employer, pension expense for the period will be the changes in the TPL during the current period with the exception of:

Differences between expected and actual economic/demographic experienceChanges in assumptions about future economic and demographic factors or other inputs

The above factors should be recognized over a closed period equal to the average of the expected remaining service lives of all employees.Amounts paid by the employer for pension benefits should not be recognized in pension expense.

37

Accounting and Financial Reporting by Employers for pensions that are not within the scope of GASB Statement No. 68 (Continued)

Employers will be reporting pension plans similar to reporting under GASB 68 with the following differences (continued):

The description of the plan should include the fact that there are no assets accumulated in the plan that meet the criteria of a plan being administered through a trust.The discount rate is based solely on municipal bond yields.Required Supplementary Information will include:

10-year schedule of changes in the TPL10-year schedule of TPL as a percentage of covered-employee payroll

Requirements that address accounting and financial reporting by employers for pensions that are not within the scope of GASB Statement No. 68 are effective for fiscal years beginning after June 15, 2016.

38

39

OverviewThe objective of this Statement is to improve consistency in the application of pension accounting and financial reporting requirements by addressing certain issues that have been raised with respect to Statements No. 67, No. 68 and No. 73. This includes:

Presentation of payroll related measures in RSISelection of assumptionsClassification of Employer paid member contributions

These requirements are effective for reporting period beginning after June 15, 2016. Earlier application is encouraged.

40

Presentation of payroll related measures in RSIFor single-employer and cost-sharing pension plans administered through a trust (GASB 67) and employers that provide pensions through such plans (GASB 68):

The measure of payroll to be presented in the RSI schedules should be covered payroll.

Covered payroll has been clarified to payroll on which contributions to a pension plan are based.

This may exclude overtime, paid time off, or any other excluded payroll as per the plan document

41

Classification of Employer-Paid Member Contributions

Payments made by an employer to satisfy contribution requirements that are identified by the pension plan terms as plan member contribution requirements should be classified as plan member contributions. For purposes of applying GASB Statement No. 68, including for purposes of determining a cost-sharing employer’s proportion, those amounts should be classified as employee contributions. An employer’s expense and expenditures for those amounts should be recognized in the period for which he contribution is assessed and classified in the same manner as the employer classifies similar compensation other than pensions (for example, as salaries and wages or as fringe benefits).

Questions?

42

Single Audit Updatepresented by Beila Sherman

Effective Date Reminders and ImplementationKey Audit Areas with Changes or Transitional Issues

Uniform Guidance OverviewAuditee RequirementsEvaluating and Reporting Findings under Uniform Guidance

Helpful Websites

Objectives for The Session

2

3

December 2013 —Final Uniform GuidanceDecember 2014 —Joint Interim Final Rule

Accomplished agency adoption of Uniform GuidanceNot totally uniformTechnical corrections (some UG shoulds changed to must)

Non federal entities implement the new administrative requirements and cost principles for all new federal awards made on or after December 26, 2014 and to incremental fundingAudit requirements effective for audits after December 26, 2015

Key Dates – Uniform Guidance

4

Auditee needs to determine federal agency differences first since it relates to their complianceA few examples of differences:

Department of Defense did not apply the Uniform Guidance requirements to incremental fundingDepartment of Housing and Urban Development does not permit certain costs that would otherwise be allowable under the UG

Understand Agency Differences

5

6

7

Audit threshold (200.501)Low risk auditee determination (200.520)Auditor prepares SEFA (200.510)Major program determination based on risk (200.518)Compliance supplement overall format (Appendix XI)Testing internal control and compliance (200.511)Report (200.515)Submitting to Federal Audit Clearinghouse (FAC) (200.512)Audit follow-up and corrective action (200.511)

Audit Requirements – Key Sections with Changes

Uniform Guidance revised the threshold for a single audit upwardWhen a non-federal entity expends federal awards (either direct or indirect awards) in excess of $750,000 in their fiscal year, a single audit is requiredWhen a non-state entity expands State awards (either direct or indirect) Sections 215.97(2)(a) and 215.97 (8)(a) Florida Statutes states threshold equal to or in excess of $750,000 in a fiscal year.

Single Audit Threshold Revised

8

Must meet all of the following for each of the two preceding years:

Annual single audits, including timely filing with Federal Audit Clearinghouse (FAC)Unmodified opinions on financial statements in accordance with a generally accented accounting principles (GAAP) Unmodified in-relation-to opinion on the SEFANo material weaknesses in internal control over financial reportingNo auditor reporting of going concern

Low-Risk Auditee Status

9

Program-Level CriteriaNo program had any the following in either of the two preceding years in which they were Type A programs:

material weaknesses in internal control over compliancemodified opinion on a major programknown or likely questioned costs > 5% of expenditures for a Type A program

Low-Risk Auditee Status

10

11

Face of SEFA must include all federal awards expended including:Noncash AssistanceLoan programs (beginning balance of outstanding loans plus loans disbursed during period plus interest subsidy, cash, or administrative cost allowance)Loan guarantee programsAmounts passed through to sub-recipients for each program

Schedule of Expenditures of Federal Awards (SEFA)

12

Footnotes to SEFA must include:Significant accounting policiesOutstanding loan balances at end of audit periodWhether or not entity used 10% de minimus cost rate

Schedule of Expenditures of Federal Awards (SEFA)

13

AuditeesAreas Highlighted:

Review of Risk (2CFR section 200.331(b))Pass-through entities required to evaluate risk associated with a recipient Sub-recipients prior experience with these types of awardsResults of prior auditsNew personnel or new systemsAnd agency monitoring of sub-recipient

Procurement Standards (2 CFR section 200.318(b))Maintaining “oversight”

Areas Highlighted (continued):Procurement Standards (continued)

Addressing conflicts of interest – requires nonfederal entity to have “strong policies preventing organizational conflicts of interest” and must disclose any such conflicts to the awarding agency

Mandatory DisclosuresIn a timely manner (“timely” is not specifically identified) nonfederal award entities must disclose in writing any violations of federal criminal law involving fraud, bribery, or gratuity violations affecting the award; failure to disclose could result in suspension or debarment

Auditees

Internal ControlsEntities must establish and maintain effective internal control over federal awards that provides reasonable assurance that the non-federal entity is managing its federal award in compliance with federal statutes, regulations, and the award terms and conditionsInternal control should (as in a best practice) be in compliance with the Green Book (COSO)Must take reasonable measures to safeguard protected personally identifiable information

Auditees

Here are the titles of the internal control principles by internal control component as presented in COSO’s 2013 Framework:

Control EnvironmentDemonstrates commitment to integrity and ethical valuesExercises oversight responsibilityEstablishes structure, authority, and responsibilityDemonstrates commitment to competenceEnforces accountability

Internal Control Framework

Risk AssessmentSpecifies suitable objectivesIdentifies and analyzes riskAssesses Fraud RiskIdentifies and analyzes significant change

Control ActivitiesSelects and develops control activitiesSelects and develops general control over technologyDeploys through policies and procedures

Internal Control Framework

Information & CommunicationUses relevant informationCommunicates InternallyCommunicates eternally

MonitoringConducts ongoing and/or separate evaluationsEvaluates and Communicates deficiencies

Internal Control Framework

CertificationsAnnual and final fiscal reports, or vouchers requesting payments, must include a certification signed by an official who is authorized to legally bind the nonfederal entity Certification attests among other things that document is true, complete, and accurate to best of knowledge and belief; Possible civil, criminal, or administrative penalties for fraud, false statements, false claims, or otherwise.

Auditees

Written PoliciesIncreased scrutiny and oversight can be expected from federal agencies and other fundersAuditees should create, or update, their policies and procedures

Do not rely on verbal communications as to how to perform tasksIf there are written policies when were they last updated

Written policies provide reasonable assurance that the organization can safeguard federal funds

Auditees

Written Policies (continued)Improve internal control in an organization by creating enforceable rules that can reduce the instances of fraud, waste, and abuseGive a viable defense (as long as the policies are followed) in case of a governmental audit providing reasonable assurance to an auditor that the organization is making a good faith attempt to comply with grant requirements

Auditees

Areas within the Uniform Guidance Sections referencing written policies:

Financial management (Subpart D, section 200.302)Payment (Subpart D, section 200.305)Procurement (Subpart D, sections 200.318-320)Compensation (Subpart E, sections 200.430-431)Relocation costs (Subpart E, sections 200.464)Travel costs (Subpart E, section 200.474)

Written Policies

Preparation of the SEFA is the responsibility of the auditeeSEFA based on when amounts expended (includes accruals)Cash management compliance requirement based on when paidMajor program determination is the auditor responsibility (based on SEFA provided by auditee)

Auditees and Auditor Responsibilities

Failure to combine same CFDA#s as one program for major program determination and testingClusters not treated as one program for major program determination and testingFailure to consider clusters from different agenciesFailure to identify federal expenditures when passed through a non federal entityData Collected Form (DCF) not filed or filed late

Common Deficiencies

Award Type

Amounts passed through to subrecipientsDonated propertyEndowmentsFood commoditiesGrants, cost reimbursement contractsInsuranceInterest subsidiesLoan and loan guaranteesProgram income

Basis for determining when expended

When disbursed to subrecipientWhen property is receivedWhen federally restricted amounts are heldWhen food commodities are distributed or consumedWhen expenditure transaction occursWhen insurance is in forceWhen amounts are disbursed entitling entity to subsidyWhen loan proceeds are usedWhen received or used

When is a Federal Award Expended?

26

Types of Noncash Awards

EndowmentsFood stamps, food commodities, donated property (including donated surplus property)Free rentInsurance

Basis Used to Determine Value

Value equals the cumulative balances of federally restricted amounts.Value equals the fair value at the time of receipt or the assessed value provided by the federal agency.Value equals fair value at the time of receipt or the assessed value provided by the federal agency. Free rent is not considered an award expended unless it is received as part of an award to carry out a federal program.Value equals the fair value of the insurance contract at the time of receipt, or the assessed value provided by the federal agency.

Determining Value of Noncash Awards Expended

27

Types of Noncash Awards

• Loans and loan guarantees (loans), including interest subsidies

• Loans at institutions of higher learning

Basis Used to Determine Value

• Value equals amount of new loans made or received during the fiscal year plus the balance of loans from previous years for which the federal government imposes continuing compliance requirements, plus any interest subsidy, cash, or administrative cost allowance received. The proceeds of loans that were received and expended when the laws, regulations, and the provisions of contracts or grant agreements pertaining to such loans impose no continuing compliance requirement other than to repay the loans.

• Value the same as for loans and loan guarantees (loans), including interest subsidies, except that when loans are made to students, but the institution of higher education does not make the loans, the value equals only the amount of new loans made during the year. The balance of loans for previous years is not considered federal awards expended because the lender accounts for the prior balances.

Determining Value of Noncash Awards Expended

28

29

Step 1Identify Type A programs

Step 2Identify low-risk Type A programs

Step 3Identify high-risk Type B programs

Step 4 Determine major programs to audit

Major Program Determination and Risk Assessment

30

Consolidated 8 circulars into one documentAdministrative Requirement Circulars

A-89 Program InformationA-102 States and Local GovernmentsA-110 Not For Profit OrganizationsA-50 Audit Follow-Up

Cost PrinciplesA-21 Educational InstitutionsA-87 State and Local GovernmentsA-122 Not For Profit Organizations

Audit RequirementsA-133 Single Audit

Uniform Guidance

31

Subpart A - Acronyms and DefinitionsSubpart B - General ProvisionsSubpart C - Pre-Federal Award Requirements and Contents of Federal AwardSubpart D - Post Federal Award RequirementsSubpart E - Cost PrinciplesSubpart F Audit Requirements Appendix I - Notice of Funding OpportunityAppendix II - Contract provisions for non-Federal entity contracts under Federal awardsAppendix III - Indirect (F&A) costs identification and assignment, and rate determination for Institutions of Higher Education (IHEs)

Uniform Guidance Contents

32

Appendix IV - Indirect (F&A) costs identification and assignment, and rate determination for nonprofit organizationsAppendix V - State/local government and Indian tribe-wide central service cost allocation plansAppendix VI -Public assistance cost allocation plansAppendix VII - State and local government and Indian tribe indirect cost proposalsAppendix VIII - Nonprofit organizations exempt from Cost PrinciplesAppendix IX Hospital Cost PrinciplesAppendix X Data Collection FormAppendix XI Compliance Supplement

Uniform Guidance Contents

33

No changes in the Yellow Book reportNo significant changes to Single Audit reporting

References to "OMB Circular A-133" in report changed to "Uniform Guidance“Need to watch for notes to the SEFA (can have old and new cost principles)If a finding is repeated it is given a current year number such as 2016-001 and stated that previously reported as 2015-001

Reporting Items

34

35

UG Finding Elements

2

3

4

56

7

8

9

101

[ENTITY'S LETTERHEAD]

CORRECTIVE ACTION PLAN

[Date]

Cognizant or Oversight Agency for Audit

[Name of Entity] respectfully submits the following corrective action plan for the year ended [Date] .

Name and address of independent public accounting firm:

Audit period:

Corrective Action Plan Example

36

FINDINGS—FINANCIAL STATEMENT AUDIT

SIGNIFICANT DEFICIENCY

20X2-Payroll001

Recommendation: Procedures should be implemented requiring the completion of an application form and the written approval of a senior officer prior to adding new employees to the payroll.

Action Taken: We concur with the recommendation, and it was implemented effective [Date].

MATERIAL WEAKNESS

Corrective Action Plan Example (continued)

37

FINDINGS—FEDERAL AWARD PROGRAMS AUDITS

DEPARTMENT OF ENERGY

20X2- Weatherization Assistance of Low-Income Persons—CFDA No. 003 XX.XXX.

Significant Deficiency: See Finding 20X2-001.

20X2- Weatherization Assistance of Low-Income Persons—CFDA No. 004 XX.XXX.

Recommendation: ABC Organization should again verify the eligibility of the recipients whose documentation could not be located. Procedures for approval and storage of verification documents should be reviewed.

Action Taken: Since the date of the exit conference, we have located documentation of low income status for two of the three grants referred to in this finding. The low income status has been re-verified for the third grant. Copies of the documentation are attached.

We have met with the officials and employees responsible for completion and the filing of the low income status documentation and believe the third instance was completed and has been misfiled. We discussed with the officials and employees the importance of not only completing the documentation, but also the importance of its proper filing.

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Corrective Action Plan Example (continued)

38

Amounts in data collection form (DCF) should be the same as SEFAAuditee authorizes FAC to make reporting package publicly availableAuditees and auditors must ensure their respective parts do not include protected personally identifiable information (PPll)Auditee must do final submission

Federal Audit Clearinghouse (FAC)

39

40

No universal rule for classifying certain costs as either direct or indirect, However, each item of cost incurred for the same purpose should be treated consistently

Direct costs are those which can be specifically identified with a particular federal award – i.e. salaries and benefits of employees who work on the program, costs of materials, etcAdmin and clerical salaries are normally indirect costs

Examples of other indirect costs – depreciation (if allowed by the federal program), facility maintenance costs, personnel administration, accounting;

Cost Principles - Highlights

41

Compensation – Personal Services

Allowable cost requirements have changes

More emphasis on IC over these costs and less prescriptive regarding documentation

Allows a non-federal entity to replace detailed time and effort reports and supervisor certifications (signoffs) with performance-based reporting, based on milestones

Cost Principles - Highlights

42

Compensation – Personal Services (continued)Standards for Documentation of Personnel Expenses – charges for payroll must be based on records that accurately reflect work performed. These records must:

Be supported by a system of internal control which provides reasonable assurance that the charges are accurate, allowable and properly allocatedBe incorporated into the official records of the entity (payroll policy)Reasonably reflect the total activity for which the employee is compensated by the entityComply with established accounting policies and practices of the entityMust support the distribution of the employee’s salary among specific or cost activities if the person works on more than one awardBudget estimates determined before the services are performed alone do not qualify as support for fed award charges

Cost Principles - Highlights

43

44

Useful Websites

45

Online Resources for Uniform Guidance

www.cfda.gov Catalog of Federal Domestic Assistance

http://harvester.census.gov/sac Federal Audit Clearinghouse

www.USASpending.gov ARRA reporting website

www.whitehouse.gov/omb/grants OMB Compliance Supplements and Circulars

https://cfo.gov/cofar Council on Financial Assistance Reform

Questions?

46

Common Reporting Deficienciespresented by Jim Wilkinson

Where is Providence?

2

Where is Providence?

3

Where is Providence?

4

MD&AGovernment-wide statementsGovernmental fundsProprietary fundsNote disclosuresRSIIntroductory sectionStatistical section

Our Agenda

5

6

The “A” means “Analysis”Quantifying $ and % changes is not enoughProvide reader with the whyGive them reasons, details and provide contextStick to the facts, don’t get into opinions

Keep it clear, but conciseRefer readers to the notes, instead of repeating informationBe sure to update for final figures in the notes & statements

Expectations for comparative informationStick to required elements

use transmittal letter and supplemental information for going “out-of-bounds”

MD&A

7

8

GASB #65 – Deferred Inflows and OutflowsDeferred Outflows (follows Assets)

Debit balance, positive effect on Net PositionConsumption of net assets applicable to future period

Deferred amounts from refundingPension-related items

Deferred Inflows (follows Liabilities)Credit balance, negative effect on Net PositionAcquisition of net assets applicable to future period

Grant received in advance of time requirementPension-related items

Deferrals have strict definition per GASB

Government-wide statements

9

TerminologyNet Position

Formerly, Net AssetsNet Investment in Capital Assets

Formerly, Invested in Capital Assets, net of related debtAvoid term “Fixed Assets” (many not fixed)

ExpensesExpenditures are only applicable to governmental funds

If there is no debt related to capital items should not say “net”

Search for keywords: “net assets”, “net of related debt”, “general fixed asset account group”, etc. (still see issues here)

Government-wide statements

10

11

GASB #54 Fund Balance DisclosuresDisclose by specific purpose, not by function

For example:City Hall Renovation, not General GovernmentHealth Center Operations, not Social ServicesSnow Removal, not Roads and Bridges

Order for categorization:Non-SpendableRestrictedCommittedAssignedUnassigned

Can’t create assigned if unassigned is negative

Governmental funds

12

Special Revenue FundsShould have significant external revenue source dedicated to purpose of fund (20% rule)Should not have significant capital outlays

Utilize Capital Project FundDon’t ignore recording of capital lease as Other Financing Source and Capital Outlay upon execution of transaction

Major Fund DeterminationRe-check determination often

Initial closing, after audit AJEs (watch for updates to MD&A and notes)Option to always treat a fund as major, if desired

Governmental funds

13

14

When to report debtWhen proceeds are used by proprietary fund, orWhen debt is to be repaid by proprietary fund

even when debt is general obligation of governmentBe sure to report revenues by major source on face of statement of revenues, expenses and changes in net positonRevenues should be reported net of all discounts and allowances, so avoid reporting bad debt expense (contra revenue item)Avoid reporting designations of net position on face of statement of fund net position – disclose in notes

Proprietary funds

15

16

Will we ever get a new GASB Statement that doesn’t add new pages of notes? Avoid adding boiler-plate or generic notes that don’t apply to, and remove notes that no longer apply Be sure to check the cross-referencing of amounts from financials to notes (one minor last-minute changes can effect range of related notes, RSI, statistical tables, etc.)Long-term debt roll-forward

Needs to be presentedNeeds to include all long-term liabilities including

Compensated absencesClaims and judgementsPension and OPEB liabilities

Note disclosures

17

Disclose purpose of each fund and which revenues are being reported

For example - The Substance Abuse Fund is used to account for grant revenues received from the federal and state governments that are restricted to spending on drug abuse prevention services.

Fund balance disclosuresEncumbrances are not a purpose – reclass to applicable category of restricted, committed or assigned balancesFund balance spending policy – in which order do “buckets” get expendedDescribe process to make assignments, and who holds powers

If referring to website, provide specific URL and not simply address of homepage

“just to Google it”

Note disclosures

18

For advance refundings of debt – must disclose funds held in trust for making future debt service payments until maturity or callFor all refundings, payments made with new debt are “other financing uses”For all refundings, receipts of new debt “other financing source”For Revenue Bonds

Disclose specific revenues pledged and approximate amountsTerms of the commitment (until maturity, number of years, etc.)Effect of the pledge on operations (what will fund what that revenue was being used for)

Note disclosures

19

On the horizon-GASB #68 and other pension changes will be getting some feedback for common items that can be done betterGASB # 72 – Fair ValueGASB # 77 – Tax Abatements

Note disclosures (continued)

20

21

Budgetary schedules for general and special revenue funds withlegally adopted budgets; others can be presented assupplementary information (SI) ( SI not required if notpresenting at CAFR)Avoid duplication of information already presented in notes

Decide on best position for presentationNotes to RSI or Notes to financial statementsBudget information generally presented as Notes to RSIPension and OPEB information is needed in both areas, so have rationale for which is presented where

Watch for presenting required number of years of information,disclosing to reader if presentation is “being built” on aprospective basis, or is unavailable if historical

RSI

22

23

Transmittal letter can’t be dated earlier than auditor’s opinion(FS must be audited before CAFR can be transmitted)All the information you want to put in the MD&A but couldn’tbecause of GASB #34 limitations “could” be included intransmittal letter

Be judicious – is it really relevant to readerAvoid opinions and political positions

“While the net position of our governmental activities is negative $1.3 billion and our general fund is insolvent, the mayor has been doing a great job and deserves another term at the helm.”

Focus on highlights and significant matters – does 25 cent bounty on woodchuck noses really need to be discussed in detail with historical background?

Don’t repeat info included elsewhere in the CAFR

Introductory section

24

25

Net General Obligation Debt should be net of:DiscountsPremiumsOther related amounts (deferrals from refundings, etc.)

Debt Service Ratio – P+I should not be deducted from non-capital expenditures when calculating ratio

(Debt Service Principal +Interest) / (Total Expenditures – Capital Outlay Expenditures)Don’t also reduce Total Expenditures by P+I

There is flexibility for adding relevant multi-year info to Stat Section, but ensure relevant

For example, are 20 pages of financials and notes enhanced by 165 pages of statistical section material?

Statistical section

26

Questions?

27

Cyber Breach ResponseJulie F. KlahrGoren, Cherof, Doody & Ezrol, P.A.jklahr@cityatty.com

Now what?!?

Hollywood Presbyterian Medical Center in L.A.

HACKED FOR RANSOM FEBRUARY 2016“Patient care has not been compromised in any way,”

“Further, we have no evidence at this time that any patient or employee information was subject to unauthorized access.”(Excerpt from Article by Justin Wm. Moyer, Washington Post, February 18, 2016)

City of Sarasota2014

Audit of IT Dept revealed vulnerabilitiesWhistleblower turned over information & evidence of breaches & unreported vulnerabilitiesJobs were lostLaw enforcement involvedFixes put in placeVulnerabilities addressed

No good deed goes unpunished…

BREACH RESPONSE PLAN

What type of information?Fire\EMS – medical records\PHIHR – personally identifying information

Name, addressDate of BirthDriver’s License NumberSocial Security Number

Building Dept.Electronic building recordsSecurity Systems

MallsHospitalsTheatersStadiums

UtilitiesWater, gas, electric

Security of Confidential Personal Information -§501.171, Fla. Stat.

REQUIREMENTS FOR DATA SECURITY.—Each covered entity, governmental entity, or third-party agent shall take reasonable measures to protect and secure data in electronic form containing personal information.

§501.171, Fla. Stat., cont.“Covered Entity”

means a sole proprietorship, partnership, corporation, trust, estate, cooperative, association, or other commercial entity that acquires, maintains, stores, or uses personal information. For purposes of the notice requirements in subsections (3)-(6),the term includes a governmental entity.

§501.171, Fla. Stat., cont.“Governmental Entity”

means any department, division, bureau, commission, regional planning agency, board, district, authority, agency, or other instrumentality of this state that acquires, maintains, stores, or uses data in electronic form containing personal information.

§501.171, Fla. Stat., cont.“Data in Electronic Form”

means any data stored electronically or digitally on any computer system or other database and includes recordable tapes and other mass storage devices.

§501.171, Fla. Stat. -“Personal Information”

means either of the following:

a. An individual's first name or first initial andlast name in combination with any one or more of the following data elements for that individual:

(I) A social security number;(II) A driver license or identification card number, passport number, military identification number, or other similar number issued on a government document used to verify identity;

§501.171, Fla. Stat. -“Personal Information”

(III) A financial account number or credit or debit card number, in combination with any required security code, access code, or password that is necessary to permit access to an individual's financial account;(IV) Any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; or

§501.171, Fla. Stat. -“Personal Information”

(V) An individual's health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual.

b. A user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account.

§501.171, Fla. Stat. -“Personal Information”

The term does not include information about an individual that has been made publicly available by a federal, state, or local governmental entity. The term also does not include information that is encrypted, secured, or modified by any other method or technology that removes elements that personally identify an individual or that otherwise renders the information unusable.

§501.171, Fla. Stat. –Requirements For Data Security

Each covered entity, governmental entity, or third-party agent shall take reasonable measures to protect and secure data in electronic form containing personal information.

§501.171, Fla. Stat. –“Breach of Security” or “Breach”

means unauthorized access of data in electronic form containing personal information. Good faith access of personal information by an employee or agent of the covered entity does not constitute a breach of security, provided that the information is not used for a purpose unrelated to the business or subject to further unauthorized use.

§501.171, Fla. Stat. –In the Event of a Breach

Notice is required to be provided to:FL Dept of Legal Affairs

a/k/a Attorney General’s OfficeIndividualsCredit Reporting AgenciesNotice by Third PartiesAnnual Reports

§501.171, Fla. Stat. –Notice to Dept/AGO

When?Any breach of security affecting 500 or more individuals in this stateMust be provided as expeditiously as practicableBut no later than 30 days after the determination of the breach or reason to believe a breach occurred.

§501.171, Fla. Stat. –Notice to Dept/AGO

What?1. A synopsis of the events surrounding thebreach at the time notice is provided.2. The number of individuals in this state whowere or potentially have been affected by thebreach.3. Any services related to the breach beingoffered or scheduled to be offered, withoutcharge, by the covered entity to individuals,and instructions as to how to use such services.

§501.171, Fla. Stat. –Notice to Dept/AGO

4. A copy of the notice required under subsection (4) or an explanation of the other actions taken pursuant to subsection (4).5. The name, address, telephone number, and e-mail address of the employee or agent of the covered entity from whom additional information may be obtained about the breach.

§501.171, Fla. Stat. –Notice to Dept/AGO

If requested by the DeptA police report, incident report, or computer forensics report.A copy of the policies in place regarding breaches.Steps that have been taken to rectify the breach.

May provide supplemental information at any time.

§501.171, Fla. Stat. –Notice to Individuals

To Whom?

To each individual in this state whose personal information was, or it is reasonably believed to have been, accessed as a result of the breach.

§501.171, Fla. Stat. –Notice to Individuals

TimingAs expeditiously as practicableWithout unreasonable delay, taking into account the time necessary

to determine the scope of the breach of securityto identify individuals affected, andto restore the reasonable integrity of the data system that was breached,

No later than 30 days following breach

§501.171, Fla. Stat. –Notice to Individuals

Extension15 additional days if good cause for delay is provided in writing to the department within 30 days after determination of the breach or reason to believe a breach occurred.

§501.171, Fla. Stat. –Notice to Individuals

DelayIf law enforcement agency determines that notice would interfere with a criminal investigationUpon the written request of the law enforcement agencyFor a specified period determined reasonably necessary by law enforcement.Subsequent written request

Revoke, orExtend delay to a specified date if necessary.

§501.171, Fla. Stat. –Notice to Individuals

WaiverDetermined that the breach has not and will not likely result in identity theft or any other financial harm to the individuals whose personal information has been accessed.Determination must be made in consultation with law enforcement.

§501.171, Fla. Stat. –Notice to Individuals

Waiver must be documented in writing Maintained for at least 5 years. Provided to the Dept/AGO within 30 days after the determination.

§501.171, Fla. Stat. –Notice to Individuals

ContentsAt a minimum, shall include:

The date, estimated date, or estimated date range of the breach of security.A description of the personal information that was accessed or reasonably believed to have been accessed as a part of the breach of security.Information that the individual can use to contact the covered entity to inquire about the breach of security and the personal information that the covered entity maintained about the individual.

§501.171, Fla. Stat. –Notice to Individuals

Method

Written notice sent to the mailing address of the individual in the records of the covered entity; orE-mail notice sent to the e-mail address of the individual in the records of the covered entity.

§501.171, Fla. Stat. –Notice to Individuals

Substitute Noticeif such direct notice is not feasible because the cost of providing notice would exceed $250,000, because the affected individuals exceed 500,000 persons, or because the covered entity does not have an e-mail address or mailing address for the affected individuals. Such substitute notice shall include the following:1. A conspicuous notice on the Internet website of the covered entity if the covered entity maintains a website; and2. Notice in print and to broadcast media, including major media in urban and rural areas where the affected individuals reside.

§501.171, Fla. Stat. –Notice to Individuals

Substitute notice shall include the following:A conspicuous notice on the Internet website of the covered entity if the covered entity maintains a website; andNotice in print and to broadcast media, including major media in urban and rural areas where the affected individuals reside.

§501.171, Fla. Stat. –Notice to Credit Reporting Agencies

Affects more than 1,000 individuals at a single timeNotice to ALL consumer reporting agenciesNotice of the timing, distribution, and content of the notices being sent to the individuals

§501.171, Fla. Stat –Third-Party Agents (3P)

Definition: An entity that has been contracted to maintain, store, or process personal information on behalf of a covered entity or governmental entity.Who would that be in your agency?

Billing agent (Fire\EMS, utilities)Cloud storagePrivate operator of city facility – theater, pool, golf course

§501.171, Fla. Stat. –Third Party Agents (3P)

3P notifies covered entity (YOU) of a breachExpeditiously as practicable, but no later than 10 days following breachIT IS THE COVERED ENTITIES’ RESPONSIBILITY TO NOTIFY THE DEPT/AGO & INDIVIDUALS

May contract with 3P to provide notice, but covered entity remains liable

§501.171, Fla. Stat. –Annual Report

By February 1st each yearDept\AGO reports the nature of any reported breaches of security by governmental entities or their 3P agents in the preceding year

President of FL SenateSpeaker of FL House of RepsIncludes recommendations for security improvementsIncludes the identity of gov. entities that violated these notice requirements

§501.171, Fla. Stat –Enforcement

Violation treated as unfair or deceptive trade practiceCivil penalties up to $500,000.00

$1,000 for each day up to 1st 30 days for which notice violations occur$50,000 for each subsequent 30-day period or portion thereof up to 180 daysIf violation continues > 180 days, up to $500.000

Other lawsHealth Insurance Portability and Accountability Act (HIPAA)

Fair Debt Collection Practices Act

Federal Trade Commission Health Breach Notification Rule

Other ConcernsDuty to Mitigate

Credit Monitoring ServicesCredit Repair Services

Disposal of Data

ResourcesFederal Trade Commission

Data Breach Response: A Guide for Businesshttps://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business

Office of Civil Rightshttp://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html

QUESTIONS?

The Legal Side of New Impact Fee Regulations

Chad S. Friedman, Esq.Weiss Serota Helfman Cole & Bierman, P.L..

Impact Fee Definition

An impact fee is a charge on new development to pay for the construction or expansion of off-site capital improvements that are necessitated by and benefit the new development.Paid at the time of building permit application.

Creation of Impact Fees

Need to have a study supporting the adoption of the feeRational Nexus

Rational Nexus

The local government must demonstrate areasonable connection, or rational nexus, betweenthe need for additional capital facilities and thegrowth generated by the development beingcharged the impact fees; and

The government must specifically earmark thefunds collected for use in acquiring capital facilitiesto benefit the development charged the impact fees.

Types of Impact Fees

Florida Impact Fee Act (Fla. Stat., Sec. 163.31801)

Ordinance required for local governmentsResolution for special districtsMost recent and localized dataSeparate accountsAdministrative charges = costs90 days notice before adoption or increase Affidavit

Florida Impact Fee Act (Fla. Stat., Sec. 163.31801)

uditor General Requirementsor local governmental entities that adopted an impact fee byrdinance or resolution during the fiscal year, an “affidavit” signednd sworn to by the Chief Financial Officer before an officeruthorized to administer oaths (e.g., notary public), stating thathe entity complied with the requirements of Section63.31801(4), Florida Statutes. Auditor General Rulesor entities that had an impact fee adopted by ordinance on theirehalf, an affidavit signed and sworn to by the Chief Financialfficer before an officer authorized to administer oaths (e.g.,otary public) stating that the ordinance complied with theestrictions of Section 163.31801, Florida Statutes. Auditor Generalhecklist

Eligible Expenses

Capital improvements onlyExpansion or creation of facilities Cannot be used for repair/maintenance Need to be used for the purpose collected Typically must by used within 6 years

Examples

Acquire Park LandBuy Playground EquipmentExpansion of RoadNew Fire TruckSplit Improvements

Examples

QUESTIONS?

By Jose Antigua, CISA, ACDA, COBIT April 2016

From sm

all disruptions caused by unsophisticated attackers (Script Kiddies) tolarge Advanced Persistent Threats (APTs), cyber threats have been am

ong the topthree concerns

[i]that “keep the executives awake at night.” Perpetrators have

different motivations that include intellectual property theft, organized crim

e,terrorism

, espionage, revenge and money. Regardless the m

otivation, cyber-attacksare a fact, and anyone could be exposed; no industry or com

pany is imm

une.

This article provides information about the im

pact related to cyber-attacks andthe com

monly used attack techniques and proposes an integral approach to

cybersecurity. The purpose is to provide executives and managem

ent dealingw

ith information security or related areas, w

ith key recomm

endations designedto confront this grow

ing problem.

CYBER-ATTACKS IMPACT

The impact related to the global problem

of cyber-security can be put into perspective by using thefour categories of objectives from

the COSO

-ERM[ii]fram

ework: strategic, reporting (including

financial), operation and compliance.The organization’s overall strategy, including goals, initiatives

in relation to new technologies, products and services, and investm

ents, as well as client inform

ation,can be exposed, resulting in significant dam

age to a reputation that may have taken years to build.

In 2012, the National Cyber Security Alliance (N

CSA) presented a report whose key finding has been

of concern (consciously or not) to thousands of organizations in regards to their reputation: 60% of

small com

panies go out of business six months after a data breach

i.

CYBERSECURITY: An Integral Approach

As for financial effects,nowadays it has becom

e comm

on for small to m

id-size organizations toreceive suspicious em

ails requesting payment to a “vendor” overseas, resulting in average losses of

$25,000 to $75,000 US dollars per case. This scam

has been investigated by the FBI, which reports

more than 17, 000 victim

s in 79 countries. Losses rose to $2.3 billion from 2013 to 2016

[iii]. Beyondthose num

bers, financial losses additionally include hidden costs that surround the breach.

Although cyber-attacks can im

pact an organization in many different w

ays, the financial consequences tend to be the hardest to face, especially w

hen the attacker hijacks key assets in orderto extort m

oney. Anger, desperation and frustration follow these events in every case.

Availabilityis an im

portant concept for any type of business. No m

atter whether it refers to the

continuity of a data center, a customer service line, an online service or a m

obile device, a businessinterruption is an event that should raise concern. The m

ore the “Internet of Things” (IoT) conceptevolves, the m

ore dependent businesses (and individuals) become on netw

ork connectivity. Itappears that at som

e point in time, the w

ell-known “M

aslow’s hierarchy of needs”

[iv]pyramid w

illneed to m

ake room for internet connectivity. The California M

edical Center, which spent m

ore thana w

eek without netw

ork and had to pay 40 Bitcoins[v]to attackers in exchange for decryption of their

data in February 2016, and Sony pictures, whose em

ployees were locked out of the com

pany’s com

puter network as part of an attack against the com

edy “The Interview” in N

ovember 2014

[vi], aretw

o significant cases of operations interrupted by cyber-attacks.

Cybersecurity is also a compliance concern.Several regulations, standards and their representing

agencies require some level of protection from

cyber threats. Agencies such as the SecuritiesExchange Com

mission (SEC) [vii]

for public companies or the Federal Financial Institutions

Examination Council (FFIEC) [viii]include specific cybersecurity requirem

ents that should be met by

some or all of their related organizations. O

n the other hand, regulations and standards may include

HIPAA, FISM

A, GLBA, PCI, H

ITRUST and others.

CYBERSECURITY: An Integral Approach

NOTE ABOUT THE COMM

ONLY USED TECHNIQUES Attacks usually occur w

ith a combination of techniques and m

ight have different levels of sophisticationdepending on the attacker and the target. Verizon, in its D

ata Breach Report of 2015[IX], presented a list

of the four threat actions that hackers had been using for the previous four years; Credentials, Phishing,RAM

Scraper and Spyware/Keylogger (in order of frequency).

Credentials is one of the most com

mon threat actions because of its effectiveness, given the great

number of vulnerabilities related to system

s, applications and devices access. Phishing, usually com

bined with Social Engineering, takes advantage of the w

eakest link in the chain: the human factor.

RAM Scraper has been the favorite technique to attack Points of Sale (PoS) in retail, grow

ing significantlyin the last three years.

ww

w.m

arcumllp.com

AssetsVulnerabilities

Threats

CYBERSECURITY: An Integral Approach

AN INTEGRAL APPROACH TO CYBERSECURITYRegardless of the fact that reducing risk is not an easy task and that there is no risk-free environm

ent,the right approach to cybersecurity w

ill take the residual risk to a comfortable level. W

hichever the approach, it should include a com

bination of efforts and techniques to cover the areas with

greatest risks.

An integral approach arises from the follow

ing fact: vulnerabilities come from

different sourcesand consequently, all those sources should be addressed in light of the risk assessm

ent.

PART I: Risk Assessment

Going back to risk assessm

ent basics, an integral approach starts with the identification of risks

related to the achievement of the organization’s objectives. Considering that resources are lim

itedand not every system

component has the sam

e contribution to the objectives, it is necessary toprioritize. Trying to cover all aspects of all system

s can result in frustration.

It is of fundamental im

portance to understand the relationship among the assets (both physical

and logical), people, processes and technology, and their contributions to the objectives. Figure 1presents an overview

of the elements to consider in an inform

ation security risk assessment, w

hichserves as the starting point to address specific cybersecurity risks. O

ne of the “questions the boardneeds to ask” is: W

hat are the top five risks the organization has related to cybersecurity?[x].

Figure 1. Elements to consider in an Inform

ation Security Risk Assessment

Errors, Accidents,Ignorance

Poor design and/oroperations

Configuration, Unm

onitored,O

bsolescence, Location,Flaw

Natural Disasters

Unethical employees or

vendors

Hacktivism

andCybercrim

e

Corporate Espionage

People

Process

Technology

ww

w.m

arcumllp.com

PART II: Address vulnerability sourcesRisks occur w

hen threats exploit vulnerabilities. The following recom

mendations w

ill help reducethe risk level by addressing the sources of vulnerabilities:

A. PEOPLE

Consider initiatives for three different audiences: top level executives (including board),Inform

ation Technology team, and the overall group of em

ployees.

For top level executives, higher level training and risk assessment should be facilitated. To

mention a few

examples, articles such as “CO

SO in the cyber age” [xi]or “Cybersecurity: w

hat theboard of directors need to ask” [xii]have the language and proper level of detail to m

ake themfeel inform

ed enough to ask questions and provide direction.

For the Information Technology team

,a variety of technical and soft skills, as well as know

ledgeand experience are necessary (across different m

anagerial and operational positions) to prevent,detect and counteract. Know

ledge includes (but is not limited to) inform

ation security framew

orks,security standards, security architecture, vendor specific certifications, security law

s and regulations, and log m

anagement. Skills include understanding of security practices, strong

knowledge of operating system

s (such as Window

s and UN

IX), web services, netw

ork devicesand overall com

puter operations, accompanied w

ith analytical thinking, problem solving,

orientation to detail, comm

unication skills, leadership and process orientation. These skills andknow

ledge, accompanied by the respective experience, could be m

apped to qualificationsfound in available certifications and accreditations in order to have a baseline. H

ere are some

examples of w

hat is available in the market:

Do you need them

all? No. In these designations, som

e of the practice areas, domains,

requirements and know

ledge overlap. Depending on the size of the organization, its risk profile

and the availability of resources, the key is to have the right balance. Since it might not be

feasible to have an extensive security team, outsourcing is a good alternative. H

ighly specializedskills or skills not required on a regular basis could be outsourced. W

ith the right service agreem

ent, it should have the same (or even better) im

pact than having a full-time em

ployee.

Finally, for all employees,aw

areness is imperative. N

ow, being in front of such a big concern, it

is necessary to take this “awareness” to the next level, turning it into action. Tim

e and dedicationare required to obtain results from

“the weakest link in the chain.” In his article “H

ow to m

ove

CYBERSECURITY: An Integral Approach

-Certified Inform

ation Security Manager (CISM

)-

Certified Information Security Auditor (CISA)

-Cyber Security Practitioner (CSXP)

-Cyber Security Specialist (CSXS)

-Cyber Security Expert (CSXE)

-Certified Inform

ation Systems Security Professional (CISSP)

-Certified Ethical H

acker (CEH)

-Com

pTIA Security+-

COBIT 5 (IT G

overnance and Managem

ent)-

GIAC Security Essentials (G

SEC)-

Cisco Certified Netw

ork Associate/Professional (CCNA/CCN

P)-

Certified in Risk and Information System

s Control (CRISC)

ww

w.m

arcumllp.com

CYBERSECURITY: An Integral Approach

employees from

awareness to action,” J. Sherw

ood[xiii]presents four levels of engagem

ent. That process can be applied to m

otivate personnel to take action for cybersecurity: awareness

(which stim

ulates the audience’s eyes and ears), understanding(w

hich aims to reach the brain),

comm

itment(w

hich engages them, touching the heart) and action

(moving em

ployee to dosom

ething, to use their feet).

B. PROCESSES

Some vulnerabilities expose the organization to a cyberattack because of a process that is

poorly designed or not in place, such as log or access monitoring. O

n the other hand, therem

ay be processes that are not operating effectively (such as an incident response plan that w

as documented, but never tested).

When considering processes, the integral approach goes one step further and integrates other

enablers around the processes: policies, principles and framew

orks[xiv].H

ere are the key areas ofaction:

�U

se the risk assessmentas a starting point. This dynam

ic tool, as mentioned before, w

illhelp prioritize.

�Ensure that you have in place (and know

n by relevant personnel) policies and procedures.These should include activities for prevention

(such as enforcement of a cybersecurity

training class for key employees and an Intrusion Prevention System

),detection(including

a mandatory review

of all access logs)and correction(e.g., a cyber recovery plan tested

periodically).�

Consider the organization’s existing compliance requirem

ents,to reduce overlappingefforts. If you already have to com

ply with H

IPAA or PCI, as an example, m

ap your cybersecurity-related activities to the initiatives required by those regulations or standards.You w

ill probably save time and other resources.

�Finally, but m

ost importantly, use available fram

eworks and standards

to articulateprocesses, policies and principles; this w

ill promote consistency, scalability and

measurability. H

ere are a few exam

ples that include one or more areas for Inform

ationSecurity (IS) and can be used for cybersecurity:

�CO

BIT 5,information technology governance and m

anagement fram

ework

from ISACA. It includes IS processes and a specific publication “CO

BIT 5 forInform

ation Security.”�

NIST,a cybersecurity standard from

the National Institute of Standards and

Technology and includes the core functions: identify, protect, detect, respond and recover

[xv].�

ISO 27001:2013,w

hich is the best known standard in the fam

ily providing requirem

ents for an Information Security M

anagement System

(ISMS) [xvi].

�O

WASP,a non-profit project dedicated to w

eb applications security. The acronymstands for O

pen Web Application Security Project

[xvii].

ww

w.m

arcumllp.com

ww

w.m

arcumllp.com

CYBERSECURITY: An Integral Approach

C. TECHN

OLO

GYTechnology is the portion of cybersecurity that usually takes all the attention. In the integratedapproach, it is just another key com

ponent of the overall solution. Technology encompasses

the information m

anagement (from

a technical perspective), infrastructure and applications.Although the policies and processes drive the use of technology, here are a few

areas of actionto consider:

�Identify and track

all classified and Personal Identifiable Information (PII), and pay special

attention at the configuration of the tools and devices that store, process and transfer anddispose of it. D

ifferent levels of encryption might be required at each stage of use.

�If third parties

have access to classified information or PPI, such as an outsourced

datacenter or hosted application provider, considering requesting independent reports of their control environm

ent, such as a SOC 2.

�As part of the security risk assessm

ent, vulnerability assessments and penetration testing

should be performed periodically to determ

ine the actual risk coverage.

�Ensure configuration m

anagementof devices and system

s. This includes making sure that

default passwords have been changed.

�If there is internal softw

are development,prom

ote secure development practices w

ithin a consistent m

ethodology.

�G

iven the frequent use of credentials-related attacks, access managem

ent(includingauthorizations) should be constant.

�U

sing the layers of the Open System

s Interconnection (OSI) m

odel, review the architecture

components

(from application through the physical layer) and ensure all higher risk assets

have the appropriate level of protection.

�For hosts and devices that apply, ensure antivirus protection, w

ith a regular update ofvirus signature definitions.

�U

se monitoring system

sthat can alert in the event of a suspicious activity or deviation

from an expected behavior.

In alignment w

ith information security m

anagement, Cybersecurity is achieved through a

combination of efforts and techniques; it is a process that involves different levels of personnel

and skills. An integral approach will m

ake sure that all relevant aspects of this challenge areaddressed, including people, processes and technology. This approach, as any other, should be im

plemented and im

proved by using the well-know

n Dem

ing cycle: planningthe strategy

according to the organization profile, doingall that applies to your risk profile in regards to the

three aspects, checkingthe effectiveness of the initiative and acting w

hen an opportunity forim

provement has been identified.

ww

w.m

arcumllp.com

CYBERSECURITY: An Integral Approach

This publication contains general information only and none of M

arcum LLP, any of its related organizations or

any of the authors of this publication is, by means of this publication, rendering accounting, business, financial,

investment, legal, tax or other professional advice or services. Inform

ation contained herein is not a substitute forsuch professional advice or services, nor should it be used as a basis for any decision or action that m

ay affect your business.

Evaluation of the information contained herein is the sole responsibility of the user. Before m

aking any decisionor taking any action that m

ay affect your business with respect to the m

atters described herein, you should consult w

ith relevant qualified professional advisors. Marcum

LLP, its related organizations and the authorsexpressly disclaim

any liability for any error, omission or inaccuracy contained herein or any loss sustained by any

person who relies on this publication.

ENDNOTES[i] ISACA; “2015 G

lobal Cybersecurity Status Report”, ISACA, 2015, http://ww

w.isaca.org/cyber/D

ocuments/2015-G

lobal-Cybersecurity-Status-Report-D

ata-Sheet_mkt_Eng_0115.pdf

[ii] COSO

. (2004). ERM. Retrieved from

Comm

ittee of Sponsoring Organizations of the Treadw

ay Comm

ission: http://ww

w.coso.org/-erm

.htm

i Strohmeyer, R.; PCW

orld, 2013 citing the National Cyber Security Alliance (N

CSA). Retrieved from: http://w

ww

.pcworld.com

/article/2046300/hackers-put-a-bulls-eye-on-sm

all-business.html

[iii] McCabe, J.; “FBI W

arns of Dram

atic Increase in Business E-Mail Scam

s”, April 4, 2016. Retrieved from: https://w

ww

.fbi.gov/phoenix/press-releases/2016/fbi-w

arns-of-dramatic-increase-in-business-e-m

ail-scams

[iv] Maslow

, A. (2013). A Theory of Hum

an Motivation (Paperback). W

atchmaker Publishing.

[v] Ragan, S.; “Ransomw

are takes Hollyw

ood hospital offline, $3.4 million dem

anded by attackers”, CSO O

nline, February 14, 2016. Retrieved from:

http://ww

w.csoonline.com

/article/3033160/security/ransomw

are-takes-hollywood-hospital-offline-36m

-demanded-by-attackers.htm

l

[vi] Grisham

, L.; “Timeline: N

orth Korea and the Sony Pictures Hack”, U

SA Today Netw

ork, January 5, 2015. Retrieved from:

http://ww

w.usatoday.com

/story/news/nation-now

/2014/12/18/sony-hack-timeline-interview

-north-korea/20601645/

[vii] OCIE; “O

CIE’s 2015 Cybersecurity Examination Initiative”, Risk Alert Septem

ber 15, 2015. Available at:https://w

ww

.sec.gov/ocie/announcement/ocie-2015-cybersecurity-exam

ination-initiative.pdf

[viii] FFIEC; “Information Security: IT Exam

ination Handbook”, 2006

[ix] Verizon; “Data Breach Investigations Report”, 2015.

[x] The Institute of Internal Auditors (IIA) et al; “Cybersecurity: what the board of directors needs to ask”, 2014.

[xi] Galligan et al; “CO

SO in the cyber age”, 2015.

[xii] See endnote x

[xiii] Sherwood, J.; “H

ow to m

ove employees from

awareness to action”, 2014. Retrieved from

: http://ww

w.engagingleader.com

/whe13-m

ove-em

ployees-awareness-action-podcast/

[xiv] ISACA; “Transforming Cybersecurity”. 2013.

[xv] NIST, Fram

ework for Im

proving Critical Infrastructure Cybersecurity. 2014. Retrieved from: http://nist.gov/cyberfram

ework/

[xvi] International Standardization Organization (ISO

); 2016. Retrieved from: http://w

ww

.iso.org/iso/home/standards/m

anagement-

standards/iso27001.htm

[xvii] Open W

eb Application Security Project (OW

ASP); 2016. Retrieved from: https://w

ww

.owasp.org/index.php/M

ain_Page

Mark Agulnik, CPA, CISA

Partner in Charge ‒ IT Practicem

ark.agulnik@m

arcumllp.com

Jose L. Antigua, CISA, ACDA, COBIT

Senior Manager ‒ IT Risk & Assurance

jose.antigua@m

arcumllp.com

ww

w.m

arcumllp.com