From a compliance perspective, the new U.S. health care law raises a number of issues for corporate America.
First and foremost, companies will have to weigh the issue of employee health care coverage. One of the law's most far-reaching changes requires most Americans to carry health insurance through an employer, a government program or their own purchase - or pay a fine for failing to do so.
What does this mean in terms of compliance? More reporting. At a minimum, companies can expect to report on their number of employees, the total number of hours for employees covered by health care, and the total number of hours for employees not covered by health care.
Overall, health care-related items are going to become reportable within one or more financial categories. And that means companies will need to have controls and policies in place around that health care data. Whether companies store it in a human resources application or in a financials package, they need to consolidate that information and put the controls in place to ensure its integrity.
Of course, companies are also going to face a number of regulatory compliance issues associated with their health care-related reporting. For instance, they'll have to determine which controls need to be established, the minimum requirements, the employees who do and do not meet the minimum requirements, etc. All of that reporting is going to be in addition to a company's current reporting practices, and all of the controls will have to be monitored.
No matter which business system stores the data, the responsibility for the health care audit reporting will fall within the purview of the chief financial officer. Even if there is a chief governance officer within the company, the CFO and the chief executive officer are the ones who must always sign off on the quarterly reporting. So the CFO is going to be dealing with the costs of coverage, as well as the costs of demonstrating compliance with the regulations.
The financial impact of compliance reporting has already been well-documented in other areas. In a survey of 217 public companies, the Financial Executives Research Foundation discovered that companies' total costs for first-year Sarbanes-Oxley Section 404 compliance averaged $4.36 million. And the Securities and Exchange Commission found in its September 2009 report, "Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting Requirements," the costs of complying with Section 404 were "unexpectedly high." Those costs include internal labor costs, external audit fees, consultant costs, and non-labor or software costs.
For the CFO, health care may well be the new SOX. And like SOX, CFOs will find relief in knowing that automated reporting will drive down their risk and their costs of compliance.
From a purely economic standpoint, CFOs will have to weigh the costs of providing health care coverage against the costs of fines imposed for not providing coverage. It may be cheaper to pay the fines; however, that may not be the best business position to take. If companies don't offer health care, they have to consider how that decision will affect them. Will they be able to attract new employees? Will they be able to retain current employees? Will their overall reputation suffer as a result?
The health care law has been passed. Many of its provisions - such as the requirement to carry insurance - won't kick in until 2014.
But companies need to start thinking about the issues now.
John H. Capobianco is president and CEO of Lumigent Technologies Inc., a governance, risk and compliance business applications company. Reach him at john.capobianco@lumigent.com.
