Skip to Main Content

insightsarticles

COVID's impact on behavioral health: Solutions for state agencies

By:

Danielle is a Senior Consultant in the State Government Practice Group. Based in Washington, her expertise includes a variety of aspects of behavioral health, project management, policy analysis, policy development, and stakeholder engagement. Danielle has experience in healthcare and public health, program development, program management, strategic planning, and Medicaid, including the Section 1115 Waiver. In her work with state agencies, she builds collaborative relationships and serves as a trusted partner.

Danielle Stumpf
01.04.22

Read this if you are a behavioral health agency leader looking for solutions to manage mental health, substance misuse, and overdose crises.

As state health departments across the country continue to grapple with rising COVID-19 cases, stalling vaccination rates, and public heath workforce burnout, other crises in behavioral health may be looming. Diverted resources, disruption in treatment, and the mental stress of the COVID-19 pandemic have exacerbated mental health disorders, substance use, and drug overdoses.

State agencies need behavioral health solutions perhaps now more than ever. BerryDunn works with state agencies to mitigate the challenges of managing behavioral health and implement innovative strategies and solutions to better serve beneficiaries. Read on to understand how conducting a needs assessment, redesigning processes, and/or establishing a strategic plan can amplify the impact of your programs. 

Behavioral health in crisis

The prevalence of mental illness and substance use disorders has steadily increased over the past decade, and the pandemic has exacerbated these trends. A number of recently released studies show increases in symptoms of anxiety, depression, and suicidal ideation. One CDC study indicates that in June 2020 over 40% of adults reported an adverse mental or behavioral health condition, which includes about 13% who have started or increased substance use to cope with stress or emotions related to COVID-19.1 

The toll on behavioral health outcomes is compounded by the pandemic’s disruption to behavioral health services. According to the National Council for Behavioral Health, 65% of behavioral health organizations have had to cancel, reschedule, or turn away patients, even as organizations see a dramatic increase in the demand for services.2,3 Moreover, treatment facilities and harm reduction programs across the country have scaled back services or closed entirely due to social distancing requirements, insufficient personal protective equipment, budget shortfalls, and other challenges.4 These disruptions in access to care and service delivery are having a severe impact.

Several studies indicate that patients report new barriers to care or changes in treatment and support services after the onset of the pandemic.5, 6 Barriers to care are particularly disruptive for people with substance use disorders. Social isolation and mental illness, coupled with limited treatment options and harm reduction services, creates a higher risk of suicide ideation, substance misuse, and overdose deaths.

For example, the opioid epidemic was still surging when the pandemic began, and rates of overdose have since spiked or elevated in every state across the country.7 After a decline of overdose deaths in 2018 for the first time in two decades, the CDC reported 81,230 overdose deaths from June 2019 to May 2020, the highest number of overdose deaths ever recorded in a 12-month period.8 

These trends do not appear to be improving. On October 3, the CDC reported that from March 2020 to March 2021, overdose deaths have increased 29.6% compared to the previous year, and that number will only continue to climb as more data comes in.9  

As the country continues to experience an increase in mental illness, suicide, and substance use disorders, states are in need of capacity and support to identify and/or implement strategies to mitigate these challenges. 

Solutions for state agencies

Behavioral health has been recognized as a priority issue and service area that will require significant resources and innovation. In May, the US Department of Health and Human Services' (HHS) Secretary Xavier Becerra reestablished the Behavioral Health Coordinating Council to facilitate collaborative, innovative, transparent, equitable, and action-oriented approaches to address the HHS behavioral health agenda. The 2022 budget allocates $1.6 billion to the Community Mental Health Services Block Grant, which is more than double the Fiscal Year (FY) 2021 funding and $3.9 billion more than in FY 2020, to address the opioid epidemic in addition to other substance use disorders.10 

As COVID-19 continues to exacerbate behavioral health issues, states need innovative solutions to take on these challenges and leverage additional federal funding. COVID-19 is still consuming the time of many state leaders and staff, so states have a limited capacity to plan, implement, and manage the new initiatives to adequately address these issues. Here are three ways health departments can capitalize on the additional funding.

Conduct a needs assessment to identify opportunities to improve use of data and program outcomes

Despite meeting baseline reporting requirements, state agencies often lack sufficient quality data to assess program outcomes, identify underserved populations, and obtain a holistic view of the comprehensive system of care for behavioral health services. Although state agencies may be able to recognize challenges in the delivery or administration of behavioral health services, it can be difficult to identify solutions that result in sustained improvements.

By performing a structured needs assessment, health departments can evaluate their processes, systems, and resources to better understand how they are using data, and how to optimize programs to tailor behavioral health services and promote better health outcomes and a more equitable distribution of care. This analysis provides the insight for agencies to understand not only the strengths and challenges of the current environment, but also the desires and opportunities for a future solution that takes into account stakeholder needs, best practice, and emerging technologies. 

Some of the benefits we have seen our clients enjoy as a result of performing a needs assessment include: 

  • Discovering and validating strengths and challenges of current state operations through independent evaluation
  • Establishing a clear roadmap for future business and technological improvements
  • Determining costs and benefits of new, alternative, or enhanced systems and/or processes
  • Identifying the specific business and technical requirements to achieve and improve performance outcomes 

Timely, accurate, and comprehensive data is critical to improving behavioral health outcomes, and the information gathered during a needs assessment can inform further activities that support programmatic improvements. Further activities might include conducting a fit-gap analysis, performing business process redesign, establishing a prioritization matrix, and more. By identifying the greatest needs and implementing plans to address them, state agencies can better handle the impact on behavioral health services resulting from the COVID-19 pandemic and serve individuals with mental health or substance use disorders more efficiently and effectively.

Redesign processes to improve how individuals access treatment and services

Despite the availability of behavioral health services, inefficient business and technical processes can delay and frustrate individuals seeking care and in some cases, make them stop seeking care altogether. With limited resources and increasing demands, behavioral health agencies should analyze and redesign work flows to maximize efficiency, security, and efficacy. Here are a few examples of process improvements states can achieve through process redesign:

  • Streamlined data processes to reduce duplicative data entry 
  • Automated and aligned manual data collection processes 
  • Integrated siloed health information systems
  • Focused activities to maximize staff strengths
  • Increased process transparency to improve communication and collaboration 

By placing the consumer experience at the core of all services, state health departments can redesign business and technical processes to optimize the continuum of care. A comprehensive approach takes into account all aspects that contribute to the delivery of behavioral health services, including both administrative and financial processes. This helps ensure interconnected activities continue to be performed efficiently and effectively. Such improvements help consumers with co-occurring disorders (mental illness and substance use disorder) and/or developmental disorders find “no wrong door” when seeking care. 

Establish a strategic plan of action to address the impact of the COVID-19 pandemic

With the influx of available dollars resulting from the American Recovery Plan Act and other state and federal investments, health departments have a unique opportunity to fund specific initiatives to enhance the delivery and administration of behavioral health services. Understanding how to allocate the millions of newly awarded dollars in an impactful and sustainable way can be challenging. Furthermore, the additional reporting and compliance requirements linked to the funding can be difficult to navigate in addition to current monitoring obligations. 

The best way to begin using the available funding is to develop and implement strategic plans that optimize funds for behavioral health programs and services. You can establish priorities and identify sustainable solutions that build capacity, streamline operations, and promote the equitable distribution of care across populations. A few of the activities state health departments have undertaken resulting from the strategic planning initiatives include: 

  • Modernizing IT systems, including data management solutions and Electronic Health Records systems to support inpatient, outpatient, and community mental health and substance use programs 
  • Promoting organizational change management 
  • Establishing grant programs for community-driven solutions to promote health equity for the underserved population
  • Organizing, managing, and/or supporting stakeholder engagement efforts to effectively collaborate with internal and external stakeholders for a strong and comprehensive approach

The prevalence of mental illness and substance use disorder were areas of concern prior to COVID-19, and the pandemic has only made these issues worse, while adding more administrative challenges. State health departments have had to redirect their existing staff to work to address COVID-19, leaving a limited capacity to manage existing state-level programs and little to no capacity to plan and implement new initiatives. 

The federal administration and HHS are working to provide financial support to states to work to address these exacerbated health concerns; however, with the limited state capacity, states need additional support to plan, implement, and/or manage new initiatives. BerryDunn has a wide breadth of knowledge and experience in conducting needs assessments, redesigning processes, and establishing strategic plans that are aimed at amplifying the impact of state programs. Contact our behavioral health consulting team to learn more about how we can help. 

Sources:
Mental Health, Substance Use, and Suicidal Ideation During the COVID-19 Pandemic, CDC.gov
COVID-19 Pandemic Impact on Harm Reduction Services: An Environmental Scan, thenationalcouncil.org
National Council for Behavioral Health Polling Presentation, thenationalcouncil.org
The Impact of COVID-19 on Syringe Services Programs in the United States, nih.gov
COVID-19 Pandemic Impact on Harm Reduction Services: An Environmental Scan, thenationalcouncil.org
COVID-19-Related Treatment Service Disruptions Among People with Single- and Polysubstance Use Concerns, Journal of Substance Abuse Treatment
Issue Brief: Nation’s Drug-Related Overdose and Death Epidemic Continues to Worsen, American Medical Association
Increase in Fatal Drug Overdoses Across the United States Driven by Synthetic Opioids Before and During the COVID-19 Pandemic, CDC.gov
Provisional Drug Overdose Death Counts, CDC.gov
10 Fiscal Year 2022 Budget in Brief: Strengthening Health and Opportunity for All Americans, HHS.gov

Related Professionals

Principals

BerryDunn experts and consultants

We’ve all heard stories about organizations spending thousands on software projects, such as Enterprise Resource Planning (ERP), Electronic Health Record (EHR), or Student Information Systems (SIS) that take longer than expected to implement and exceed original budgets. One of the reasons this occurs is that organizations often don’t realize that purchasing a large, Commercial Off-The-Shelf (COTS) enterprise system is a significant undertaking. If the needs aren’t sufficiently defined, there can be many roadblocks, including implementation delays, increased cost, scope creep, and ultimately, unsatisfactory results (delayed or unfinished projects and cost overruns).

These systems are complex, and implementation efforts impact both internal and external stakeholders. Procurement often requires participation from different departments, each with unique goals and perspectives. Ignore these perspectives at your own peril. Here are key questions to consider for making the best buying decision:

  1. Should we purchase software that similar organizations have purchased?
    As vendor consolidation has diminished the number of distinct COTS systems available, this question is increasingly common. Following this approach is similar to deciding to buy the car that your neighbor did, because they seem satisfied. How can you be sure that the systems purchased by similar organizations will meet your needs, particularly if your needs are undefined? One way to identify your organization’s needs—and to avoid costly mistakes down the road—is to identify requirements during the procurement process.

  2. What are the functional and technical requirements of the system?Requirements are details that help describe a software system. There are two types of requirements and you need to understand and review both:

    Functional requirements. These define specific functions of a system to meet day-to-day needs of an organization or department. They describe the necessary system capabilities that allow users to perform their jobs. For example, “The vendor file must provide a minimum of four (4) remit-to addresses.” Functional requirements may also define the mandated state or federal capabilities required of a system, such as the ability to produce W-2 or 1099 forms.

    Technical requirements. These requirements identify criteria used to judge the operation of a system, rather than specific behaviors. They can be requirements that define what database the system must support. For example, “The system must support use of the client preferred database.” They may also describe security capabilities of the system, the ability to import or export data, or the ease of use and overall end-user interface.

  3. Who should help define and document requirements for the new enterprise system?

    When it comes to documenting and revising requirements, work with your IT staff; incorporating technology standards into a set of requirements is a best practice. Yet it is also necessary to seek input from non-IT individuals, or business process owners from multiple departments, those who will use and/or be affected by the new software system.

    Help these individuals or groups understand the capabilities of modern software systems by having them visit the sites of other organizations, or attend software industry conferences. You should also have them document the current system’s deficiencies. As for those in your organization who want to keep the current system, encourage their buy-in by asking them to highlight the system’s most valuable capabilities. Perspectives from both new system supporters and those not so eager to change will help build the best system.
     
  4. When do you revise enterprise system requirements?
    It is always important to begin the software procurement process with a documented set of requirements; you need them to identify the best solution. The same goes for the implementation process where vendors use the requirements to guide the setup and configuration of the new system. But be prepared to revise and enhance requirements when a vendor solution offers an improved capability or a better method to achieve the results. The best way to approach it is to plan to revise requirements constantly. This enables the software to better meet current needs, and often delivers enhanced capabilities.

Be sure to document system requirements for an efficient process

There may be thousands of requirements for an enterprise system. To make the procurement process as efficient as possible, continually define and refine requirements. While this takes time and resources, there are clear benefits:

  • Having requirements defined in an RFP helps vendors match the capabilities of their software systems to your organization’s needs and functional expectations. Without requirements, the software procurement and selection process has little framework, and from a vendor perspective becomes a subjective process — making it hard to get consistent information from all vendors.
  • Requirements help determine specific tasks and activities to address during the implementation process. While applications can’t always meet 100% of the requested functionalities, it’s important to emphasize the requirements that are most important to users, to help find the system that best meets the needs of your organization.
  • Requirements prove valuable even after implementation has begun, as they can help you test your system to make sure the software meets your organization’s particular needs before production use of the new system.

Our experienced consultants have led many software procurement projects and have firsthand knowledge about the challenges and opportunities associated with purchasing and implementing systems large and small. BerryDunn maintains an active database of requirements that we continually enhance, based on work performed for various clients and on technological advancements in the marketplace. Please contact us and we can help you define your requirements for large software system purchases.

Article
Four questions to ask before purchasing an enterprise software system

There’s a good chance that your organization is in the position of needing to do more with less under the strain of staffing constraints and competing initiatives. With fewer resources to work with, you’ll need to be persuasive to get the green light on new enterprise technology initiatives. To do that, you need to present decision makers with well-thought-out and targeted business cases that show your initiative will have impact and will be successful. Yet developing such a business case is no walk in the park. Perhaps because our firm has its roots in New England, we sometimes compare this process to leading a hiking trip into the woods—into the wild. 

Just as in hiking, success in developing a business case for a new initiative boils down to planning, preparation, and applying a few key concepts we’ve learned from our travels. 

Consensus is critical when planning new technology initiatives

Before you can start the hike, everyone has to agree on some fundamentals: 

Who's going? 

Where are we going? 

When do we go and for how long? 

Getting everyone to agree requires clear communication and, yes, even a little salesmanship: “Trust me. The bears aren’t bad this time of year.” The same principle applies in proposing new technology initiatives; making sure everyone has bought into the basic framework of the initiative is critical to success.

Although many hiking trips involve groups of people similar in age, ability, and whereabouts, for your business initiative you need to communicate with diverse groups of colleagues at every level of the organization. Gaining consensus among people who bring a wide variety of skills and perspectives to the project can be complex.

To gain consensus, consider the intended audiences of your message and target the content to what will work for them. It should provide enough information for executive-level stakeholders to quickly understand the initiative and the path forward. It should give people responsible for implementation or who will provide specific skills substantive information to implement the plan. And remember: one of the most common reasons projects struggle to meet their stated objectives (and why some projects never materialize to begin with), is a lack of sponsorship and buy-in. The goal of a business case is to gain buy-in before project initiation, so your sponsors will actively support the project during implementation. 

Set clear goals for your enterprise technology project 

It’s refreshing to take the first steps, to feel that initial sense of freedom as you set off down the trail. Yet few people truly enjoy wandering around aimlessly in the wilderness for an extended period of time. Hikers need goals, like reaching a mountain peak or seeing famous landmarks, or hiking a predetermined number of miles per day. And having a trail guide is key in meeting those goals. 

For a new initiative, clearly define goals and objectives, as well as pain points your organization wishes to address. This is critical to ensuring that the project’s sponsors and implementation team are all on the same page. Identifying specific benefits of completing your initiative can help people keep their “eyes on the prize” when the project feels like an uphill climb.

Timelines provide additional detail and direction—and demonstrate to decision makers that you have considered multiple facets of the project, including any constraints, resource limitations, or scheduling conflicts. Identifying best practices to incorporate throughout the initiative enhances the value of a business case proposition, and positions the organization for success. By leveraging lessons learned on previous projects, and planning for and mitigating risk, the organization will begin to clear the path for a successful endeavor. 

Don’t compromise on the right equipment

Hiking can be an expensive, time-consuming hobby. While the quality of your equipment and the accuracy of your maps are crucial, you can do things with limited resources if you’re careful. Taking the time to research and purchase the right equipment, (like the right hiking boots), keeps your fun expedition from becoming a tortuous slog. 

Similarly, in developing a business case for a new initiative, you need to make sure that you identify the right resources in the right areas. We all live with resource constraints of one sort or another. The process of identifying resources, particularly for funding and staffing the project, will lead to fewer surprises down the path. As many government employees know all too well, it is better to be thorough in the budget planning process than to return to authorizing sources for additional funding while midstream in a project. 

Consider your possible outcomes

You cannot be too singularly focused in the wild; weather conditions change quickly, unexpected opportunities reveal themselves, and being able to adapt quickly is absolutely necessary in order for everyone to come home safely. Sometimes, you should take the trail less traveled, rest in the random lean-to that you and your group stumble upon, or go for a refreshing dip in a lake. By focusing on more than just one single objective, it often leads to more enjoyable, safe, and successful excursions.

This type of outlook is necessary to build a business case for a new initiative. You may need to step back during your initial planning and consider the full impact of the process, including on those outside your organization. For example, you may begin to identify ways in which the initiative could benefit both internal and external stakeholders, and plan to move forward in a slightly new direction. Let’s say you’re building a business case for a new land management and permitting software system. Take time to consider that this system may benefit citizens, contractors, and other organizations that interact with your department. This new perspective can help you strengthen your business case. 

Expect teamwork

A group that doesn’t practice teamwork won’t last long in the wild. In order to facilitate and promote teamwork, it’s important to recognize the skills and contributions of each and every person. Some have a better sense of direction, while some can more easily start campfires. And if you find yourself fortunate enough to be joined by a truly experienced hiker, make sure that you listen to what they have to say.

Doing the hard work to present a business case for a new initiative may feel like a solitary action at times, but it’s not. Most likely, there are other people in your organization who see the value in the initiative. Recognize and utilize their skills in your planning. We also suggest working with an experienced advisor who can leverage best practices and lessons learned from similar projects. Their experience will help you anticipate potential resistance and develop and articulate the mitigation strategies necessary to gain support for your initiative.

If you have thoughts, concerns, or questions, contact our team. We love to discuss the potential and pitfalls of new initiatives, and can help prepare you to head out into the wild. We’d love to hear any parallels with hiking and wilderness adventuring that you have as well. Let us know! 

BerryDunn’s local government consulting team has the experience to lead technology planning initiatives and develop actionable plans that help you think strategically and improve service delivery. We partner with you, maintaining flexibility and open lines of communication to help ensure that your team has the resources it needs.

Our team has broad and deep experience partnering with local government clients across the country to modernize technology-based business transformation projects and the decision-making and planning efforts. Our expertise includes software system assessments/planning/procurement and implementation project management; operational, management, and staffing assessments; information security; cost allocation studies; and data management.  

Article
Into the wild: Building a business case for a new enterprise technology project

Read this if your organization is planning on upgrading or replacing an enterprise technology system.

It can be challenging and stressful to plan for technology initiatives, especially those that involve and impact every area of your organization. Common initiatives include software upgrades or replacements for:

  • Financial management, such as Enterprise Resource Planning (ERP) systems
  • Asset management systems
  • Electronic health records (EHR) systems
  • Permitting and inspections systems

Though the number of considerations when planning enterprise technology projects can be daunting, the greatest mistake you can make is not planning at all. By addressing just a few key areas, you can avoid some of the most common pitfalls, such as exceeding budget and schedule targets, experiencing scope creep, and losing buy-in among stakeholders. Here are some tips to help you navigate your next project:

Identify your IT project roles and resources

While most organizations understand the importance of identifying project stakeholder groups, it is often an afterthought. Defining these roles at the outset of your project helps you accurately estimate the work effort.

Your stakeholder groups may include:

  • An executive sponsor
  • A steering committee
  • A project manager
  • Functional leads
  • A technical team

Once you’ve established the necessary roles, you can begin reviewing your organization’s resources to determine the people who will be available to fill them. Planning for resource availability will help you avoid delays, minimize impact to regular business processes, and reduce the likelihood of burnout. But this plan won’t remain static—you can expect to make updates throughout the project.

Establish clear goals and objectives to keep your technology project on track

It’s important that an enterprise technology project has established goals and objectives statements. These statements will help inform decision-making, provide benchmarks for progress, and measure your project’s success. They can then be referenced when key stakeholders have differing perspectives on the direction to take with a pending decision. For example, if the objective of your project is to reduce paper-based processes, you may plan for additional computer workstations and focus technical resources on provisioning them. You’ll also be able to measure your success in the reduction of paper-based tasks.

Estimate your IT project budget accurately

Project funding is hardly ever overlooked, but can be complex with project budgets that are either underestimated or estimated without sufficient rationale to withstand approval processes and subsequent budget analysis. You may find that breaking down estimates to a lower level of detail helps address these challenges. Most technology projects incur costs in three key areas:

  • Vendor cost: This could include both one-time software implementation costs as well as recurring costs for maintenance and ongoing support.
  • Infrastructure cost: Consider the cost of any investments needed to support your project, such as data center hardware, networking components, or computing devices.
  • Supplemental resource cost: Don’t forget to include the cost of any additional resources needed for their specialized knowledge or to simply backfill project staff. This could include contracted resources or the additional cost of existing resources (i.e., overtime).

A good technology project budget also includes a contingency amount. This amount will depend on your organization’s standards, the relative level of confidence in your estimates, and the relative risk.

Anticipate the need for change management

Depending on the project, staff in many areas of your organization will be impacted by some level of change during a technology implementation. External stakeholders, such as vendors and the public, may also be affected. You can effectively manage this change by proactively identifying areas of likely change resistance and creating strategies to address them.

In any technology implementation, you will encounter change resistance you did not predict. Having strategies in place will help you react quickly and effectively. Some proven change management strategies include communicating throughout your project, involving stakeholders to get their buy-in, and helping ensure management has the right amount of information to share with their employees.

Maintain focus and stay flexible as you manage your IT project

Even with the most thought-out planning, unforeseen events and external factors may impact your technology project. Establish mechanisms to regularly and proactively monitor project status so that you can address material risks and issues before their impact to the project grows. Reacting to these items as they arise requires key project stakeholders to be flexible. Key stakeholders must recognize that new information does not necessarily mean previous decisions were made in error, and that it is better to adapt than to stick to the initial direction.

Whether you’re implementing an ERP, an EHR, or enterprise human resources or asset management systems, any enterprise technology project is a massive undertaking, involving significant investment and a coordinated effort with individuals across multiple areas of an organization. Common mistakes can be costly, but having a structured approach to your planning can help avoid pitfalls. Our experienced, objective advisors have worked with public and private organizations across the country to oversee large enterprise projects from inception to successful completion.

Contact our software consulting team with any questions.

Article
Planning for a successful enterprise technology project

Read this if your company is considering outsourced information technology services.

For management, it’s the perennial question: Keep things in-house or outsource?

For management, it’s the perennial question: Keep things in-house or outsource? Most companies or organizations have outsourcing opportunities, from revenue cycle to payment processing to IT security. When deciding whether to outsource, you weigh the trade-offs and benefits by considering variables such as cost, internal expertise, cross coverage, and organizational risk.

In IT services, outsourcing may win out as technology becomes more complex. Maintaining expertise and depth for all the IT components in an environment can be resource-intensive.

Outsourced solutions allow IT teams to shift some of their focus from maintaining infrastructure to getting more value out of existing systems, increasing data analytics, and better linking technology to business objectives. The same can be applied to revenue cycle outsourcing, shifting the focus from getting clean bills out and cash coming in, to looking at the financial health of the organization, analyzing service lines, patient experience, or advancing projects.  

Once you’ve decided, there’s another question you need to ask
Lost sometimes in the discussion of whether to use outsourced services is how. Even after you’ve done your due diligence and chosen a great vendor, you need to stay involved. It can be easy to think, “Vendor XYZ is monitoring our servers or our days in AR, so we should be all set. I can stop worrying at night about our system reliability or our cash flow.” Not true.

You may be outsourcing a component of your technology environment or collections, but you are not outsourcing the accountability for it—from an internal administrative standpoint or (in many cases) from a legal standpoint.

Beware of a false state of confidence
No matter how clear the expectations and rules of engagement with your vendor at the onset of a partnership, circumstances can change—regulatory updates, technology advancements, and old-fashioned vendor neglect. In hiring the vendor, you are accountable for oversight of the partnership. Be actively engaged in the ongoing execution of the services. Also, periodically revisit the contract, make sure the vendor is following all terms, and confirm (with an outside audit, when appropriate) that you are getting the services you need.

Take, for example, server monitoring, which applies to every organization or company, large or small, with data on a server. When a managed service vendor wants to contract with you to provide monitoring services, the vendor’s salesperson will likely assure you that you need not worry about the stability of your server infrastructure, that the monitoring will catch issues before they occur, and that any issues that do arise will be resolved before the end user is impacted. Ideally, this is true, but you need to confirm.

Here’s how to stay involved with your vendor
Ask lots of questions. There’s never a question too small. Here are samples of how precisely you should drill down:

  • What metrics will be monitored, specifically?
  • Why do the metrics being monitored matter to our own business objectives?
  • What thresholds must be met to notify us or produce an alert?
  • What does exceeding a threshold mean to our business?
  • Who on our team will be notified if an alert is warranted?
  • What corrective action will be taken?

Ask uncomfortable questions
Being willing to ask challenging questions of your vendors, even when you are not an expert, is critical. You may feel uncomfortable but asking vendors to explain something to you in terms you understand is very reasonable. They’re the experts; you’re not expected to already understand every detail or you wouldn’t have needed to hire them. It’s their job to explain it to you. Without asking these questions, you may end up with a fairly generic solution that does produce a service or monitor something, but not necessarily all the things you need.

Ask obvious questions
You don’t want anything to slip by simply because you or the vendor took it for granted. It is common to assume that more is being done by a vendor than actually is. By asking even obvious questions, you can avoid this trap. All too often we conduct an IT assessment and are told that a vendor is providing a service, only to discover that the tasks are not happening as expected.

You are accountable for your whole team—in-house and outsourced members
An outsourced solution is an extension of your team. Taking an active and engaged role in an outsourcing partnership remains consistent with your management responsibilities. At the end of the day, management is responsible for achieving business objectives and mission. Regularly check in to make sure that the vendor stays focused on that same mission.

Article
Oxymoron of the month: Outsourced accountability

Good Practices Are Not Enough

When it comes to IT security, more than one CEO running a small organization has told me they have really good people taking care of “all that.” These CEOs choose to believe their people perform good practices. That may be true, but who defines good practices and how they administer them? And when? If “security is everyone’s job,” then nobody is responsible for getting specific things done. Good practices require consistency, and consistency requires structure.

From an audit perspective, a control not written down does not exist. Why? Because it can’t be tested, measured, or validated. An IT Auditor can’t assess controls if they were never defined. Verbal instruction carries by far the most risk. “I told him to do that,” doesn’t pass the smell test in court.

Why Does it Matter?

Because it’s not IT’s job to write policies. Their job is to implement IT decisions made by management. They’re not at the right level to make decisions that impact the entire organization. Why should small organizations concern themselves with developing policies and procedures? Here are two very good reasons:

1. Regulatory Requirements
2. Lawsuits

No matter how small your organization, if you have a corporate network (even cloud-based) and you store credit card transactions, personal health information, client financial information or valuable intellectual property, being aware of state and federal regulatory requirements for protecting that information is vital. It is the responsibility of management to research and develop a management framework for addressing risk.

Lawsuits happen when information is stolen and/or employees are terminated for inappropriate activities. If you have no policies that mandate what is and isn’t acceptable, and what the penalties are for violations, your terminated employee has grounds for a wrongful termination lawsuit: policy should not be written by the IT Department.

If confidential data you are responsible for is stolen and clients sue you, standing up in court and saying “We don’t have any written policies or procedures,” is a sure way to have both significant financial losses and a negative impact on your reputation. For a small organization, that could mean going out of business.

Even if data is stolen from a third-party vendor who stores your data, your organization owns the data and is responsible for ensuring the data is secure with the vendor and meets organizational requirements. Do you have a vendor management policy? If you work with vendors, you need one.

Consider, too, that every organization expects to grow its business. The longer management doesn’t pay attention to policies and procedures, the more difficult it becomes to develop and implement them.

Medium and Large Organizations Need to Pay Attention, too

A policy document provides a framework for defining activities and decision-making by everyone in the organization. A policy contains standards for the organization, and outlines penalties for non-performance. The organization’s management team or board of directors must drive their creation.
Policies also maintain accountability in the eyes of internal and external stakeholders. Even the smallest organization wants their customers and employees to have confidence the organization is protecting important information. By defining the necessary controls for running business operations that address risk and compliance requirements (and reviewing them annually), your management team demonstrates a commitment to good practices.

Procedures are the “How”

Procedures don’t belong in a policy. Departments need to be able to design their own procedures to meet policy requirements and definitions. HR will have procedures for employee privacy and financial information, finance must manage credit card, student, banking or client financial documentation, and IT will need to develop specific technical procedures to document their compliance with policy.

If all those procedures are in a policy, it makes for unwieldy policy documents that management must review and approve. Departments need to change and update their procedures quickly in order to remain effective. For example, a policy may mandate the minimum number of characters in a password, but IT needs to develop the procedures to implement that requirement on many platforms and devices.

What is a “Plan” Used For?

Consider that organizations commonly have a Business Continuity Plan as well as an Incident Response Plan. How is a “plan” different from a policy or procedure?

A plan (for example, an Information Security Plan, or Privacy Plan, etc.) is a collection of related procedures with a specific focus. I have seen these collections called “programs,” but most organizations use “plan” (plus, the Federal government uses that term). The term “program” implies a beginning and an end, as well as tending to be a little too generic (think “School Lunch Program”).

Three Ways Not to Develop Policies, Procedures and Plans

1.

Getting templates from the Internet. Doing a Google search delivers an overwhelming number of approaches, examples and material. Policy templates found online may not be applicable to your organization’s purpose, or require so much editing they defeat the template’s purpose. 

2.

Alternatively, going to organizational peers can endlessly replicate one poorly developed approach to documentation.

3.

Writing policies and procedures totally focused on meeting one regulatory requirement frequently necessitates a total re-write as soon as the next regulation comes along.

Consider the Unique Aspects of Your Organization

What electronic information does your organization consider valuable? During an assessment with a state university, we discovered that the farm research the agriculture school was performing was extremely valuable. While we started out with questions about student health and financial information, the university realized the research data was equally critical. The information might not have federal or state regulations attached to it, but if it is valuable to your organization, you need to protect it. By not taking a one-size fits all approach to our assessment, we were able to meet their specific needs.

Multiple Departments or Locations? Standardize.

Whether your organization is a university, non-profit organization, government agency, medical center or business, you frequently have sub-entities. Each sub-entity or location may have different terms for different functions. For example, at a recent engagement for another university, Information Security “Programs,” “Plans” and “Policies” meant different things on different campuses. This caused confusion on the part of all stakeholders. It also showed a lack of cohesion in the approach to security of the university as a whole. Standardizing language is one of the best ways to have everyone in the organization on the same page, even if the documents are unique to a location, agency or site. This makes planning, implementation, and system upgrade projects run more effectively.

Demonstrate Competence

No matter what terms your organization chooses, using consistent terms is a good way to demonstrate a thoughtful approach. Everyone needs to be talking the same language. Having documents that specify management decisions provides assurance to internal and external stakeholders. Good policies, procedures and plans can mean the difference between a manageable crisis and a business failure.

To receive IT security updates, please sign up here.

Article
Policies, procedures, and plans—defining the language of your organization

Most of us have been (or should have been) instructed to avoid using clichés in our writing. These overstated phrases and expressions add little value, and often only increase sentence length. We should also avoid clichés in our thinking, for what we think can often influence how we act.

Consider, for example, “death by committee.” This cliché has greatly — and negatively — skewed views on the benefits of committees in managing projects. Sure, sometimes committee members have difficulty agreeing with one another, which can lead to delays and other issues. In most cases, though, an individual can’t possibly oversee all aspects of a project, or represent all interests in an organization. Committees are vital for project success — and arguably the most important project committee is the steering committee.

What Exactly is a Steering Committee?
It is a group of high-level stakeholders that provides strategic direction for a project, and supports the project manager. Ideally, the group increases the chances for project success by closely aligning project goals to organizational goals. However, it is important to point out that the group’s top priority is project success.

The committee should represent the different departments and agencies affected by the project, but remain relatively small in size, chaired by someone who is not an executive sponsor of the project (in order to avoid conflicts of interest). While the project manager should serve on the steering committee, they should not participate in decision-making; the project manager’s role is to update members on the project’s progress, areas of concern, current issues, and options for addressing these issues.

Overall, the main responsibilities of a steering committee include:

  1. Approving the Project Charter
  2. Resolving conflicts between stakeholder groups
  3. Monitoring project progress against the project management plan
  4. Fostering positive communicating about the project within the organization
  5. Addressing external threats and issues emerging outside of the project that could impact it
  6. Reviewing and approving changes made to the project resource plan, scope, schedules, cost estimates, etc.

What Are the Pros and Cons of Utilizing a Steering Committee?
A group of executive stakeholders providing strategic direction should benefit any project. Because steering committee members are organizational decision-makers, they have the access and credibility to address tough issues that can put the project at a risk, and have the best opportunities to negotiate positive outcomes. In addition, steering committees can engage executive management, and make sure the project meshes with executive management’s vision, mission, and long-range strategic plan. Steering committees can empower project managers, and ensure that all departments and agencies are on the same page in regards to project status, goals, and expectations. In a 2009 article in Project Management Journal, authors Thomas G. Lechler and Martin Cohen concluded that steering committees are important to implementing and maintaining project management standards on an operational level — not only do steering committees directly support project success, they are instrumental in deriving value from an organization's investments in its project management system.

A steering committee is only as effective as it’s allowed to be. A poorly structured steering committee that lacks formal authority, clear roles, and clear responsibilities can impede the success of a project by being slow to respond to project issues. A proactive project manager can help the organization avoid this major pitfall by helping develop project documents, such as the governance document or project plan that clearly define the steering committee structure, roles, responsibilities and authority.

Steer Toward Success!
Steering committees can benefit your organization and its major projects. Yet understanding the roles and responsibilities — and pros and cons — is only a preliminary step in creating a steering committee. Need some advice on how to organize a steering committee? Want to learn more about steering committee best practices? Together, we can steer your project toward success.

Article
Success by steering committee

A year ago, CMS released the Medicaid Enterprise Certification Toolkit (MECT) 2.1: a new Medicaid Management Information Systems (MMIS) Certification approach that aligns milestone reviews with the systems development life cycle (SDLC) to provide feedback at key points throughout design, development, and implementation (DDI).

The MECT (recently updated to version 2.2) incorporates lessons learned from pilot certifications in several states, including the successful West Virginia pilot that BerryDunn supported. MECT updates have a direct impact on E&E systems—an impact that may increase in the near future. Here is what you need to know:         

Then: Initial Release

In February 2017, CMS introduced six Eligibility & Enrollment (E&E) checklists. Five were leveraged from the MECT, while the sixth checklist contained unique E&E system functionality criteria and provided a new E&E SDLC that—like the MECT—depicted three milestone reviews and increased the Independent Verification and Validation (IV&V) vendor’s involvement in the checklists completion process.

Now: Getting Started

Completing the E&E checklists will help states ensure the integrity of their E&E systems and help CMS guide future funding. This exercise is no easy task, particularly when a project is already in progress. Completion of the E&E checklists involves many stakeholders, including:

  • The state (likely more than one agency)
  • CMS
  • IV&V
  • Project Management Office (PMO)
  • System vendor(s)

As with any new processes, there are challenges with E&E checklists completion. Some early challenges include:

  • Completing the E&E checklists with limited state project resources
  • Determining applicable criteria for E&E systems, especially for checklists shared with the MMIS
  • Identifying and collecting evidence for iterative projects where criteria may not fall cleanly into one milestone review phase
  • Completing the E&E checklists with limited state project resources
  • Working with the system vendor(s) to produce evidence

What’s Next?

Additionally, working with system vendors may prove tricky for projects that already have contracts with E&E vendors, as E&E systems are not currently subject to certification (unlike the MMIS). This may lead to instances where E&E vendors are not contractually obligated to provide the evidence that would best satisfy CMS criteria. To handle this and other challenges, states should communicate risks and issues to CMS and work together to resolve or mitigate them.

As CMS partners with states to implement the E&E checklists, some questions are expected to be asked. For example, how much information can be leveraged from the MECT, and how much of the checklists completion process must be E&E-specific? Might certification be required in the near future for E&E systems?

While there will be more to learn and challenges to overcome, the first states completing the E&E checklists have an opportunity to lead the way on working with CMS to successfully build and implement E&E systems that benefit all stakeholders.

On July 31, 2017, CMS released the MECT 2.2 as an update to the MECT 2.1.1. As the recent changes continue to be analyzed, what will the impact be to current and future MMIS and E&E projects?

Check back here at BerryDunn Briefings in the coming weeks and we will help you sort it out.

Article
Check this: CMS checklists aren't just for MMIS anymore.

We all know them. In fact, you might be one of them — people who worry the words “go live” will lead to job loss (theirs). This feeling is not entirely irrational. When an organization is ready to go live from an existing legacy system to a new enterprise system, stress levels rise and doubts emerge: What can go wrong? How much time will be lost? Are we really ready for this?

We’re here to help. Here is a list of go-live essentials to help you mitigate stress and assess your readiness. While not all-encompassing, it’s a good place to start. Here’s what you need:

  1. A detailed project plan which specifies all of the implementation tasks
    A project plan is one of the most important parts of an implementation. A detailed plan that identifies all of the implementation tasks along with an assigned resource for each task is critical to success. The implementation vendor and the organization should develop this plan together to get buy-in from both teams.
  1. A completed system configuration
    New system configuration is one of the most time-consuming aspects of a technology implementation. If you don’t complete the implementation in a timely manner, it will impact your go-live date. Configure the new system based upon the best practices of the system — not how the existing system was — for timely implementation.
  1. External system interface identification
    While replacement of some external systems may be a goal of an implementation, there may be situations where external systems are not replaced or the organization has to send and/or receive data from external organizations. And while new systems have advanced interface technology capabilities, the external systems may not share these capabilities. Therefore it is imperative that you identify external system interfaces to avoid gaps in functionality.
  1. Testing, testing, testing
    End-to-end testing or User Acceptance Testing (UAT) is often overlooked. It involves completing testing scenarios for each module to ensure appropriate system configuration. While the timing of UAT may vary, allow adequate time to identify solutions to issues that may result from UAT.
  1. Data conversion validation
    When you begin using a new system, it’s best to ensure you’re working with clean, up-to-date data. Identify data conversion tasks in the project plan and include multiple data conversion passes. You must also determine if the existing data is actually worth converting. When you complete the data conversion, check for accuracy.
  1. End user training
    You must train all end users to ensure proper utilization across the organization. Don’t underestimate the amount of time needed for end user training. It is also important to provide a feedback mechanism for end users to determine if the training was successful.
  1. A go-live cutover plan
    The overall project plan may indicate go-live as an activity. List specific activities to complete as part of go-live. You can build these tasks into the project plan or maintain them as a separate checklist to promote a smooth transition.
  1. Support structure
    Establish an internal support structure when preparing for go-live to help address issues that may arise. Most organizations take time to configure and test the system and provide training to end users prior to go-live. Questions will arise as part of this process — establish a process to track and address these questions.

Technology implementations can significantly impact your organization, and it’s common for stress levels to rise during the go-live process. But with the right assessment and preparation, you can lessen their impact and reduce staff stress. Our experienced, objective advisors work with public and private sector organizations across the country to oversee large enterprise projects from inception to successful completion. Please reach out to us to learn more about preparing for your next big project.

Article
Don't worry, just assess: Eight tips for reducing go-live stress

We humans have a complex attitude toward change. In one sense, we like finding it. For instance: “Now I can buy something from the vending machine!” In reality, we try to avoid change as much as possible. Why? Because it’s frightening. Consider this quote from Mary Shelley’s Frankenstein: “Nothing is so painful to the human mind as a great and sudden change.”

The key word in that quote is “sudden.” Because the more we prepare for change, the less painful it becomes. One crucial way to prepare for change is to assess how ready we are for something new.

Which brings us to you. The fact you are reading a blog post with the words “Readiness for Enterprise Systems” in its title suggests that you have considered, or are considering, changing your institution’s Enterprise Resource Planning (ERP) system or other enterprise software, such as LMS, SIS, CRM, etc. This change is no minor adjustment.

Enterprise systems are complex, impacting institutional activities at many levels, from managing student records, finances, and human resources, to enabling student enrollment and registration. Is your institution prepared for transformation across the organization? To find out, assess your institution’s readiness for change. To help illustrate what an assessment might entail, I’ll outline BerryDunn’s method.

Step #1: Understanding Key Indicators for Readiness
When assisting a client to determine readiness, BerryDunn begins engaging stakeholders from across the institution (e.g., staff, faculty, and students) to understand the current environment. This allows us to address seven key indicators for change readiness:

  1. Stakeholder Buy-In. The key to success in changing an ERP platform is for users to understand the value that the change will bring. “Do stakeholders know how the new system will benefit them? Or, from their perspective, ‘What’s in it for me (aka, WIIFM)?’”
  2. Executive Sponsorship. In order to obtain stakeholder buy-in, leaders have to communicate effectively with various parties about change. They will be required to display strong and consistent leadership when stakeholders are faced with challenges with vendors, timing, scope creep, or other issues. “Are leaders prepared to lead the charge? Are they committed to change?”
     
  3. Vendor Ability. Each institution has specific operational needs and programmatic objectives. ERP vendors will highlight their strengths and may de-emphasize weaknesses that may exist in their products. “Are vendors actually able to meet the institution’s functional needs and align their software with strategic objectives?”
     
  4. Business Process Redesign. As mentioned above, it can be a struggle to align operational needs and programmatic objectives with vendor software. It’s even harder to achieve this while ensuring that, in implementing a new ERP system, an institution won’t lose valuable functionality that had been provided by the previous ERP. “Does the client fully understand the impact of a new ERP system on their processes?”
     
  5. Project Management. Proactive project management is critical when changing an ERP system. Project managers need to engage institutional stakeholders, project sponsors, and vendors to keep them apprised of progress. “Are project managers empowered to maintain strong communication with all stakeholders?”
     
  6. Data Governance. Another key indicator of ERP readiness is how well-defined data management is before implementation. ERP replacement projects are jeopardized when institutions don’t understand their data assets, or don’t know what level of data migration is necessary. “Is the institution prepared for data migration?”
     
  7. Software Change Management. As ERP vendors move their products to the cloud, the software they sell will become less customizable, but more configurable. In other words, customers won’t necessarily be able to modify the base software code, but they will have more options in regards to defined fields, workflow, and user interface. Although this sounds limiting, it is actually an opportunity to streamline operations, add discipline to software update timelines, and require organizations to consider how to best complete their administrative functions. It is critical that an institution adapt its software change management practices to meet this reality. “Do the institution’s software change management practices reflect how software is delivered by vendors today?”

Step #2: Establish Agreed-Upon Metrics
Based on our analysis from Step #1, we then score these indicators of readiness based on a maturity scale from 0 – 5, using the following parameters:

0  Non-existent
1  Aware, but not ready to change
2  Aware and open to change, but lack understanding of path forward
3  Accept that change is needed, but clear action plan is not in place
4  Accept that change is imminent and is being planned for
5  Readiness for change has broad understanding, is accepted, and is being executed 

Step #3: Score the Readiness of Your Organization
When you work with a consulting firm to assess your institution’s readiness for change, you should expect tangible takeaways that will inform stakeholders and provide a baseline metric. For example, we prepare a brief report that outlines a score for each of the seven maturity indicators of ERP readiness and provides supporting information for the basis of each score.

Here is an example of a Software Change Management section from a hypothetical ERP Readiness Report:

READINESS INDICATORS

BASIS FOR SCORE

SCORE (0 – 5)

Software Change Management

The University does have an effective software change management methodology, and a standard process for prioritizing requests to its current ERP system. This model may change significantly if a cloud system is chosen, and will require a new approach to configuration and asset management.

3


Finally, based on the weighted aggregate score of the report, BerryDunn determines the institution’s readiness for change, and provides recommendations on how to remediate low scores, and sustain higher scores.

Now for the good news. By setting a baseline early in your readiness planning, the scoring can be revisited over time to measure progress and provide project leadership with a simple, but effective, approach to tracking change management within the organization.

Next Steps
As you can see, implementing a new ERP doesn’t have to be a monstrous experience. You simply need to determine your ERP readiness, and follow a common-sense plan for change management. If you’d like to talk more about this process, send me an email: dhoule@berrydunn.com. I look forward to learning about the great changes your institution has planned.

Article
Assessing organizational readiness for enterprise systems