Lance Mann

Article Dean Dorton

JPMorgan’s Global Manufacturing Purchasing Managers’ Index (PMI) is a measurement of economic health in the manufacturing sector that is produced through surveying private producers in several countries worldwide. An index figure of 50.0 indicates that the economy has remained unchanged. For April 2016, this rate was 50.1, indicating that the global manufacturing sector was nearly stagnant and new order levels were low.

In general, prices were higher in April 2016 than in previous months, which is a contributing factor to the stalling of growth in the manufacturing economy. The survey also noted a sharp decline in the PMI finished goods inventory index. Once inventory levels are more in line with sales levels, the index should begin to see an increase.
For more information on the survey results, see the internet links below.

Contact Lance Mann at lmann@deandorton.com for more information.

View Lance Mann’s Bio

Article Dean Dorton

ISO (International Organization for Standardization), the international standard for environmental management, released ISO 14001 in 1996. This set of standards has provided guidance to help keep products safe, stable, and in the best condition they can be all around the world for 20 years and counting. In September of 2015, the organization released ISO 14001:2015, the third version of these standards. Companies with ISO 14001 accredited certification have a three-year period to transition to the new guidance. Some of the main changes are as follows, per the ISO website:

  • Strategic environmental management – ISO 14001:2015 placed increased importance on environmental standards with the ever-changing regulatory environment and circumstances that affect companies.
  • Leadership – New language has been added that specifically designates environmental responsibility to be part of the duties of leadership in an organization.
  • Protecting the environment/environmental performance – Companies using ISO must adopt proactive policies to protect the environment from harm while still striving for continuous improvement in processes.
  • Lifestyle perspective – ISO has included language on the importance of environmental consciousness throughout the entire life cycle of a product from design, procuring materials, production, and selling.
  • Outsourced processes – Increased importance is placed on having control over outsourced processes.
  • Communication – ISO 14001:2015 added language on developing a company communication strategy, encompassing both internal and external communications.
  • Documentation – ISO 14001:2015 updated language to accommodate the increasing use of cloud-based systems and computers to house extensive amounts of company data.
  • High Level Structure (HLS) for Management System Standards (MSS) – This is a new common framework to help entities that implement multiple ISO management system standards.

Read further guidance and information for assistance on transitioning to ISO 14001:2015.   Contact your Dean Dorton advisor or Bryan Bulkley at bbulkley@deandorton.com for more information.

Article Dean Dorton

The healthcare industry continues to experience the push toward shorter hospital length of stays, increased outpatient services, and ongoing staffing challenges. Centers for Medicare & Medicaid Services (CMS) surveyors are taking note. Recent CMS surveyor activity in the state of Kentucky has focused on staffing levels in various departments of the hospital.

Based on Kentucky data from CMS for 2015, the highest volume of citations fell into three main categories:

  • Patient rights (14)
  • Nursing services (13)
  • Emergency Medical Treatment & Active Labor Act (EMTALA) compliance (10)

Many of these citations included a component relative to staffing levels and/or use of contracted employees which contributed to the incidents that resulted in the citations. Healthcare providers should consider the areas below as you monitor compliance with CMS guidelines and as you develop your annual risk assessment. When hospitals begin a risk assessment for the targeted areas, the staffing levels and methodology should be included.

The risk assessment process for each of these items will differ slightly, due to differing requirements. The items that are consistent for each area include:

  • Policies and Procedures
    • When was the last time the policies and procedures were matched up with the conditions of participation and CMS and The Joint Commission (TJC) guidelines?
    • Do the policies and procedures align with actual day-to-day operational functions?
    • Are the policies and procedures reviewed at least annually?
  • Training and Education
    • When did formal training on policies and procedures last occur?
    • Who was included in the training program? Did it include contracted staff?
    • How frequently is the training updated? When policies and procedures are updated, are staff educated on what changed and how it impacts their jobs (tailored to the audience)?
  • Monitoring
    • Have procedures for monitoring performance relative to policies and procedures been developed?
    • If developed, what types of issues has the monitoring uncovered?
    • How were deficiencies handled? Were action plans implemented?
    • Are deficiencies identified in the monitoring being reported to the appropriate levels of management?

Risk specific considerations may include the following:

  • Patient Rights
    • Are nursing staff fully aware of all the elements within the patient rights?
    • Have nursing staff been trained on how to communicate the rights to the patients they are working with?
    • Have staff been trained on what constitutes a violation of a patient right and to whom and when those violations must be reported?
    • If a patient or family member reports a concern to staff, do staff understand when to consider the concern a grievance? Do they know the process for providing feedback to the patient’s family member?
  • Nursing Services
    • Are staffing levels being maintained at an appropriate level based on the census?
    • Does the staffing level include the appropriate mix of RNs, LPNS, and CNAs?
    • Do RNs have the appropriate balance between direct patient care and supervision of the LPNs and CNAs as required?
    • How is compliance with the patient nursing care plan monitored, with deviations reported to the attending physician?
    • Have evidence-based practices been implemented to address key patient safety areas such as CAUTI, CLABSI, falls, restraints/seclusions, pressure ulcers, etc.?
    • If evidence based practices have not been implemented, has the facility looked at consistency of practices between units?
  • Emergency Medical Treatment & Active Labor Act (EMTALA)
    • Has all staff, including contracted staff, been educated on requirements under EMTALA?
    • Has the education been tailored to the roles of the individuals?
    • When are all patients logged into the central log? Is the process designed to log them upon presentation to the ED, even if the patient has not been triaged or received an MSE?
    • Has required signage been posted in all locations where patients may access emergency services (including ambulance bays)?
    • When does the hospital ask for insurance information from patients presenting to the ED? Note that it should not occur until after the patient has received a medical screening exam and stabilizing treatment.
    • What specialties does the hospital advertise? For those advertised, is there a specialist on-call to the emergency department at all times?
    • Has the hospital documented their transfer policy?
    • Does the hospital conduct monitoring of transfer documentation to verify it aligns to the policy and CMS requirements specific to EMTALA?

The above list is not intended to be all-inclusive. Each facility may have additional risks that are unique to their location and size. Management should customize the risk assessment to meet their needs based on past surveyor reviews, existing practices and results of internal audits. Consider including Quality Managers and Compliance in risk assessments to obtain best results.

Contact your Dean Dorton advisor or a member of our Healthcare Industry Team for more information.

View Adam Shewmaker’s BioView Lance Mann’s Bio

Article Dean Dorton

The U.S. and international economies are becoming more competitive every day. Many of us are competing for the same workforce; for others it may be the same customer, but we have to ensure that we continue to respond to the rapidly changing environment in which we operate. Ten years ago, did you ever worry about cybersecurity?

These are a few of the reasons – it is critical to analyze your business risks at least annually. We recommend formally documenting your key risks along with how you are responding to those risks. This can be a very helpful exercise when strategizing how you should be spending your most valuable resources (your people). Below are a few of the key risks that you may want to monitor in 2016.

5 Key Risks Companies Should Monitor in 2016
Plan now to address employment, inflation, currency, cybersecurity and vendor risks

By: Joe Brusuelas and Rob Kastenschmidt of RSM US LLP

The U.S. economy continues its slow but steady improvement. While growth slowed to 0.6 percent in the first quarter of 2015, it rebounded to 3.9 percent in the second quarter, and we expect growth for the year of about 2.2 percent. Unemployment dropped to 5.4 percent by the second quarter and was down to 5 percent by November. Consumer demand, especially for services and autos, is strong; the housing market continues to improve; and energy and commodity costs remain low.

But the international picture is less sunny. While we expect global growth of about 3 percent in 2015, with a slight uptick next year, a variety of issues are affecting international economies. Growth in China continues to slow as it seeks to rebalance its economy from an export-oriented model to a growth model driven by internal consumption. While the long-term outlook for China is positive, its current slowing growth and the related reduction in demand for resources is adversely affecting many emerging economies. The already uncertain economic picture in Europe is being further stressed by the massive influx of refugees from the Middle East. All of this means lower international demand for U.S. goods and services. It also is leading to a divergence in monetary policy between the U.S. and other economies. In the U.S., the Federal Reserve will likely increase the federal funds rate by 25 basis points in December 2015 followed by another 50 to 70 basis points by mid-2016, while central banks in Europe, Japan and possibly even China are pushing rates toward zero.

What does all this mean for U.S. companies? For 2016, this means you should monitor and be prepared to respond to three key economic risks: a tightening domestic labor market, inflation and the challenges presented by a strengthening dollar. In addition, cybersecurity risks continue to increase and diversify, requiring heightened attention, and the increasing reliance of many companies on third parties raises new risk management issues.

1. Plan for a tighter labor market

An unemployment rate of 5 percent doesn’t tell the whole story. The number of unemployed persons per job opening is down to 1.44 from a peak of almost 7 in 2010. Not only is the overall unemployment rate down, we are also finally seeing stronger growth in higher-wage jobs. Since January 2014, the U.S. has added 2.4 million high-wage jobs compared to 2.3 million lower-wage jobs. While this is helping boost consumer confidence and demand, it also means U.S. employers need to plan for a tighter labor market. The risks of a tighter labor market? Increased labor costs, higher attrition and stronger competition for top talent. To offset these risks, employers should consider the following strategies:

  • Explore automation strategies. Now may be the time to investigate whether the expense of improved automation might be offset by savings in labor costs.
  • Consider offshoring, outsourcing and contractor services. With the U.S. economy outperforming its global peers, offshoring certain functions may offer improved returns given continued low labor costs overseas. Outsourcing non-core functions or increasing reliance on contractors is another way to manage labor costs and can have the added benefit of reducing administrative demands and benefit expenses.
  • Re-evaluate compensation programs. Competition for top performers is heating up. Take a look at your compensation practices to ensure that you are effectively rewarding and motivating your best people. This will also make you more attractive to the candidates you wish to hire.
  • Improve your recruiting practices. LinkedIn and other social media platforms are far more important now than they were prior to the economic crisis, but can’t be relied upon as the sole way of identifying potential candidates. Are your talent identification and recruiting practices keeping up?

2. Manage inflation

  • Inflation is still near historic lows and deflation continues for energy and commodities. But energy and commodity costs are likely at or near their floors, and the Fed is almost certain to start raising rates soon. According to RSM’s Middle Market Leadership Council survey, 67 percent of executives expect increases in their costs over the next six months, compared to just 54 percent in the second quarter. What to do?
  • Focus on efficiency and cost-cutting programs. Decreased costs during the crisis and recession diverted attention from these efforts at many companies. Now is the time to increase discipline.
  • Explore hedging strategies.
  • Shift your purchasing patterns and explore supply chain changes. Global economic conditions are uneven. Weaker economic conditions in other markets may present purchasing opportunities.
  • Audit vendors and monitor margin compression at key customers. Now is the time to reevaluate your vendor relationships to ensure they are delivering real value. And keep an eye on how inflation is affecting margins with your key customers so you can make appropriate pricing and relationship management decisions.

3. Minimize the risks and maximize the benefits of a stronger dollar

  • The U.S. economy is outperforming its global peers. Higher U.S. Treasury rates are spurring an influx of foreign capital and strengthening the dollar. For middle-market companies, this is a double-edged sword. It makes U.S. exports more expensive and diminishes the value of foreign earnings denominated in U.S. dollars. But it also drives down the cost of off-shore sourcing options and can create international acquisition opportunities.
  • Look for global supply chain opportunities. Take advantage of the strong dollar by finding offshore sourcing options.
  • Consider global hedging options to control risks and costs.
  • Consider international expansion opportunities. If expanding through acquisition in new global markets is part of your corporate strategy, the strong dollar could mean a better deal.

4. Increase attention to cybersecurity

No organization can afford lax cybersecurity controls. Many companies think they aren’t large enough to attract the attention of cyber criminals, but the NetDiligence® 2015 Cyber Claims Study shows nano organizations and small organizations actually experienced the most incidents, with 29 percent coming from each of those groups. Your best defense? Make sure you have three layers of cybersecurity controls—preventative controls that make you a hard target, detective controls to timely identify any breach and corrective controls that let you respond quickly and appropriately to intrusions.

  • Preventative controls. Your preventative controls should include a vulnerability assessment, patch management, strong access and authentication controls, a solid intrusion prevention system (IPS), configuration management, and up-to-date anti-virus protection.
  • Detective controls. Most companies choose either to outsource detection controls to a Managed Security Service Provider (MSSP) or to purchase a Security Information and Event Management (SIEM) product. Weigh that choice carefully and be sure the solution you choose is appropriate to your threat environment and internal capabilities. A strong intrusion detection system is also vital, along with compliance and operational monitoring, and anti-virus and network alerts.
  • Corrective controls. Effective corrective controls start with a robust incident response plan. You will also want strong forensic capabilities; anti-virus quarantine and isolation protocols; disaster recovery and business continuity plans; and administrative, legal and insurance protections.

5. Control your third-party risks

Corporate boundaries are getting fuzzier as businesses of all kinds explore a wide range of third-party relationships that allow them to focus on their core business while leveraging outside expertise in areas like logistics, technology and a variety of other specialized functions. That creates efficiencies that drive growth, but it also gives rise to a wide range of new risk issues. Your ability to execute your strategy now hinges partly on the performance of third parties. You could face liabilities stemming from non-performance by your vendors. Connections between your systems and those of your vendors create new security risks. And the web of social media and other connections between you and your vendors can expose your organization to reputational risk due to the failings of third parties. Here are six third-party risk questions to consider in 2016:

  • Do you know where all your contracts are located? Are they stored electronically?
  • Do you understand and are you fulfilling all of your contractual responsibilities?
  • Have your contracts been updated to reflect new regulations for privacy and data security?
  • Are you adequately monitoring the IT risks associated with your third parties?
  • Is the insurance coverage maintained by your third parties sufficient to cover losses in the event of a data breach?
  • Are your audits of the contract performance and related invoices sufficient to ensure alignment with acceptable risk levels directed by your senior management and board of directors?

If you have any questions about the key risks above or how to perform your own formal risk assessment, please contact:
Lance Mann: lmann@deandorton.com or 502.566.1005
Jim Tencza: jtencza@deandorton.com or 502.5661071

View Lance Mann’s Bio

View Jim Tencza’s Bio

Article Dean Dorton

Cyber criminals have been around for quite some time and continue to make our lives challenging. As you continually see in the news headlines, there are many forms of criminal activity occurring through the use of Internet technology. We have typically been hearing about user names and passwords being stolen. However, manufacturers have very valuable information and data that is being targeted as well.

Here are five tips for manufacturers to protect against data theft:

  1. Executives must put priority on data and trade secret information
    This seems obvious, but many organizations do not have the right protection plans in place and in many cases rely on dated equipment, software and procedures to keep their data and trade information safe.If key executives put a priority on increased security measures for confidential data and make it a continued company initiative then the necessary resources and support will be given to better protect this crucial information and data security can continue to be evaluated and updated as necessary.
  2. Identify what your most valuable data assets are and where they are stored
    Identifying the most important data and where it is stored may feel daunting with the amount and type of data that manufacturers have these days, but a good starting point is engineering and R&D type design files. Obviously, this type of data is confidential and very important to manufacturers.
  3. Label critical data assets
    Make sure that digital and paper documents are clearly marked with “Confidential” or “Internal Use Only”.This provides a visual alert to all employees who have access to these documents that anything marked with this designation should be treated with extra care and protection.
  4. Think Like a Cyber Criminal
    Make it a practice to step back and take an outsider’s point of view and look at all your business processes and practices to identify where data theft could occur.
  5. Improve Employee Awareness
    Put detailed company theft and confidential protection instruction and documentation in all manuals and employee agreements.   In addition, include this type of employee security awareness in your training programs at all levels of the organization.

It is easy to become complacent with the valuable information that we handle on a daily basis and it is very important to be on constant alert for criminal activity. It is crucial to have an evolving security plan for protection.  In addition, an effective security plan would include a response plan to guide reaction in the event of a breach threat or incident.

For more information on protecting your company against data theft contact Lance Mann at 502-566-1005 or lmann@deandorton.com or Jason Miller at 859-425-7626 or jmiller@ddaftech.com.


View Lance Mann’s Bio


View Jason Miller’s Bio

Article Dean Dorton

According to the 2014 Report to the Nations on Occupational Fraud and Abuse, a study by the Association of Certified Fraud Examiners, the typical organization loses 5% of revenues to fraud each year and the median fraud loss in the manufacturing industry is $250,000. Billing schemes, corruption (kickbacks/conflicts of interest) and theft of non-cash assets are the most prevalent types of fraud in the manufacturing industry. Companies must be proactive in identifying and managing fraud risks that can be an expensive and potentially devastating drain on a company’s financial resources. A strong internal control environment will help you safeguard your assets and attract and retain capital by increasing the confidence investors, regulators, audit committee members and the general public have in the integrity of your organization’s financial reports.   We recommend that companies periodically consider having a fraud prevention checkup.

To determine the health of your internal control environment and the need for a fraud prevention checkup, answer the following questions:

  • Has your company ever performed a fraud risk assessment?
  • Are you setting a strong ethical tone in your organization that starts at the top?
  • Are you managing fraud risk through management review and monitoring of key metrics?
  • Do your employees know what to do if they observe unethical behavior (fraud, theft, safety concerns) and is there a mechanism in place to report concerns anonymously?
  • Do you have proper segregation of duties surrounding your cash disbursement and receipt processes?
  • Do you have proper controls in place to prevent and deter the misappropriation of inventory and fixed assets?
  • Do you have proper controls surrounding vendor management?
  • Do your employees have unusually close relationships with vendors or customers?
  • Do you have policies in place to restrict or require disclosure of related party relationships?
  • Do your employees understand what represents a conflict of interest?

Is it time for a fraud prevention checkup at your company? We have a team of Certified Fraud Examiners that can help. For more information on protecting your company’s assets, contact Nick Lynch at 859-425-7635 or nlynch@deandorton.com or Lance Mann at 502-566-1005 or lmann@deandorton.com.

View Lance Mann’s Bio