You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Government Finance Officers Association | OCTOBER <strong>2022</strong><br />
Government Finance Review<br />
A Beginner’s Guide<br />
to Internal Controls<br />
Segmented Pricing<br />
for Fines and Fees<br />
Financial Ratio<br />
Analysis, Simplified<br />
Cyber Risk<br />
With more and more getting connected to<br />
the cloud, how can governments manage<br />
risk and protect critical services?
contents OCTOBER<br />
<strong>2022</strong> | VOLUME 38, NUMBER 5<br />
16<br />
4 Steps to Becoming<br />
Cyber Risk Savvy<br />
How to be a smart customer<br />
of cyber insurance<br />
By Shayne Kavanagh,<br />
Rob Roque and Teri Takai<br />
30<br />
A Beginner's Guide<br />
to Internal Controls<br />
Simple but effective tips to<br />
keep your organization safe<br />
from fraud<br />
By James Seaman<br />
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
34<br />
Segmented Pricing<br />
for Fines and Fees<br />
Increasing revenues and<br />
fairness at the same time<br />
By Jean-Pierre Dubé, Bryan<br />
Glenn and Shayne Kavanagh<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 1
contents<br />
65<br />
44 By<br />
When Growth Fuels Change<br />
Transformation in the Town of Nolensville, Tennessee<br />
Christina Merle and Carey Smith<br />
50<br />
City Budgeting for<br />
Equity and Recovery<br />
Effective change management<br />
in equity implementation<br />
By Joe Buckshon and Matthew Stitt<br />
58<br />
Ratio Analysis,<br />
Simplified<br />
An alternative framework<br />
for analyzing the financial<br />
condition of a government<br />
By Aman Khan and Olga Murova<br />
6 Contributors<br />
8 From the CEO<br />
10 Rewind: A Look Back<br />
at <strong>GFR</strong> in <strong>October</strong> 2003<br />
11 Build Back Better Never<br />
Something<br />
By Galen McDonald<br />
14 GFOA's International<br />
Partnership Program<br />
65 Creating a Collaborative<br />
Budget Process in the City<br />
of College Station, Texas<br />
By Darrell Banks<br />
68 Theory in Practice? GASB's<br />
New Concepts Statement<br />
on Note Disclosures<br />
By Michele Mark Levine<br />
72 The Brave New Frontier of<br />
Public Sector Privacy<br />
By Katherine Barrett &<br />
Richard Greene<br />
74 Recycling the Muni<br />
Exemption Debate<br />
By Justin Marlowe<br />
76 Q&A with Veronica Carrillo,<br />
Fiscal Administrator for the<br />
City of San Antonio, Texas<br />
By Timothy Martin<br />
80 10 Steps to Taming Interruptions<br />
and Preventing Rework<br />
2
900+<br />
CUSTOMERS<br />
$120 billion+<br />
PUBLIC SECTOR BUDGETS MANAGED<br />
$15 billion+
Publisher<br />
Chris Morrill<br />
Editor in Chief<br />
Michael J. Mucha<br />
Managing Editor<br />
Marcy Boggs<br />
GOVERNMENT FINANCE REVIEW<br />
www.gfoa.org/gfr<br />
EDITORIAL<br />
gfr@gfoa.org<br />
ADVERTISING<br />
gfoa.org/gfr-ads<br />
PERMISSION & REPRINTS<br />
gfr@gfoa.org<br />
CHANGE OF ADDRESS<br />
gfoa.org/update-membership<br />
SUBSCRIPTIONS<br />
gfoa.org/gfr<br />
SUBMISSIONS<br />
GFOA encourages finance officers, scholars,<br />
private consultants, and other knowledgeable<br />
individuals to submit manuscripts to <strong>GFR</strong>.<br />
All manuscripts should conform to the Editorial<br />
Policy and Guidelines for Authors, which are<br />
available online at gfoa.org. Manuscripts should<br />
be submitted electronically to gfr@gfoa.org.<br />
CONTACT<br />
Government Finance Review<br />
c/o Government Finance Officers Association<br />
203 N. LaSalle Street, Suite 2700<br />
Chicago, Illinois 60601-1210<br />
Phone: 312-977-9700<br />
Fax: 312-977-4806<br />
GFOA EXECUTIVE BOARD<br />
Terri Velasquez<br />
President<br />
City of Aurora, CO<br />
Michael Bryant<br />
Past President<br />
Mecklenburg County<br />
Government, NC<br />
Laura Allen<br />
President-Elect<br />
Town of Berwyn Heights, MD<br />
Sonya Andrews<br />
City of Scottsdale, AZ<br />
Lunda Asmani<br />
Norwalk Public Schools, CT<br />
Laurie M. Brewer<br />
City of Georgetown, TX<br />
Jennifer Brown<br />
City of Sugar Land, TX<br />
Bruce H. Fisher<br />
Nova Scotia Utility and<br />
Review Board, NS<br />
Tanya Garost<br />
District of Lake Country, BC<br />
Jason Greene<br />
Town of Surfside, FL<br />
Anne P. Harty<br />
City of Rock Hill, SC<br />
Rafiu O. Ighile<br />
Howard County<br />
Government, MD<br />
Sue Iverson<br />
City of Red Wing, MN<br />
Brandon Kauffman<br />
Kansas Turnpike Authority, KS<br />
Grace Martinez<br />
San Mateo County<br />
Transit District, CA<br />
Margaret Moggia<br />
West Basin Municipal<br />
Water District, CA<br />
Kendel Taylor<br />
City of Alexandria, VA<br />
Chris Morrill<br />
GFOA<br />
<strong>GFR</strong> (Government Finance Review) (ISSN 0883-7856) is published bimonthly in February, April, June, August, <strong>October</strong>, and December.<br />
Subscription price is $35 annually. Opinions expressed herein are the viewpoints of the authors. They may differ from the policies and<br />
recommendations of the Government Finance Officers Association, its committees, and staff. Letters to the editor are welcomed.<br />
Copyright <strong>2022</strong> by the GFOA. Published by the Government Finance Officers Association, 203 N. LaSalle Street, Suite 2700, Chicago,<br />
IL 60601-1210. Periodicals postage paid at Chicago, Illinois, and additional mailing office. Postmaster: Please send address changes<br />
to Government Finance Review, 203 N. LaSalle Street, Suite 2700, Chicago, IL 60601-1210.<br />
4
CONTRIBUTORS<br />
Joe Buckshon is a senior analyst in the Management and Budget Consulting practice at PFM. He<br />
is the lead analyst for the nationwide equity project with Bloomberg Philanthropies What Works<br />
Cities, and he has provided quantitative and qualitative analysis and project management support<br />
for client projects with the City of Baltimore, Maryland; the City of New Orleans, Louisiana; and<br />
the City of Vero Beach, Florida. Joe supported marketing, content creation, and thought leadership<br />
efforts for PFM’s Center for Budget Equity and Innovation. Before that, he was a policy and<br />
performance fellow with the City of Philadelphia Commerce Department.<br />
Jean-Pierre Dubé is the James M. Kilts Distinguished Service Professor of Marketing at the<br />
University of Chicago Booth School of Business. He is also director of the Kilts Center for Marketing<br />
at the Booth School, a Research Associate at the National Bureau of Economic Research, and a<br />
faculty fellow at the Marketing Science Institute. From 2008 to 2010, he was a research consultant<br />
for the Yahoo! Microeconomics Research group. He has been working as a research consultant with<br />
Amazon since 2018. Dubé’s research interests lie at the intersection of industrial organization and<br />
quantitative marketing.<br />
Bryan Glenn is the founder and chief executive office of SERVUS, a technology company focused<br />
on segmented pricing. Before that, he was proprietor of Capital Glenn. He’s the author of Life<br />
Adds Up: How Mindsets Determine Outcomes (New Degree Press), which explores transformative<br />
yet straightforward principles to help readers grow personally. Bryan was also a member of the<br />
Chicagoland Chamber of Commerce Greater Chicago Area and the Polsky Center I-Corps Program.<br />
Shayne Kavanagh is the senior manager of research for GFOA’s research and consulting center.<br />
He’s been a leader in developing the practice and technique of long-term financial planning and<br />
policies for local government. Shayne’s financial planning experience also drives his research<br />
at GFOA. He’s written a number of influential publications on financial planning and a number of<br />
articles on long-term financial planning, financial policies, budget reform, using technology to<br />
improve efficiency, and related topics for magazines including Government Finance Review, Public<br />
Management, School Business Affairs, and Public CIO. Before joining GFOA, Shayne was the assistant<br />
village manager for the Village of Palos Park, Illinois.<br />
Aman Khan, Ph.D., is Professor of Political Science and Public Administration at Texas Tech<br />
University. His teaching and research interests are in the areas of public budgeting, financial<br />
management, cost and managerial accounting in government, and quantitative methods. Dr. Khan is<br />
the founder and current director of the Institute of Governmental Finance, which provides professional<br />
training to middle and upper-level managers in government and elected officials. Trained as an<br />
economist and planner, he holds an MS in urban and regional planning, an MA in economics, and a<br />
Ph.D. in public administration from the University of Pittsburgh.<br />
Christina Merle has been the finance director for the Town of Nolensville, Tennessee, since April<br />
2020. Christina received her Bachelor of Science degree in Accounting and her Master of Science<br />
in Accounting and Taxation from St. John’s University in New York. She is a Certified Municipal<br />
Finance Officer (CMFO) in the State of Tennessee.<br />
6
Olga Murova, Ph.D., is an associate professor in the College of Agriculture at Texas Tech<br />
University, Lubbock, Texas. Her research focuses on the areas of efficiency of agricultural<br />
production, sustainable rural development, international development, and agribusiness.<br />
Dr. Murova teaches the classes Computers in Agricultural Sciences and Statistical<br />
Methods in Agricultural Research. She holds a Ph.D. in Agricultural and Applied<br />
Economics from Mississippi State University, an MABM from Mississippi State University,<br />
and a Bachelor of Science and a master’s degree in civil engineering from Ukraine.<br />
Rob Roque is the technology services manager for GFOA’s Research and Consulting<br />
Center. Rob’s primary responsibilities are providing enterprise system implementation<br />
advisory services, enterprise system project management services, and enterprise<br />
selection services, as well as contributing to GFOA technology publications and GFOA<br />
training courses. He also assists with managing internal technology projects for GFOA,<br />
but his primary role is managing GFOA’s larger technology projects. Before joining<br />
GFOA in 1998, Rob was a senior budget analyst with the City of Pittsburgh, Pennsylvania,<br />
where he worked on the city’s PeopleSoft implementation project.<br />
Jim Seaman, Ph.D., CPE, CIA, CFE, is the director of finance/assistant borough manager<br />
for Media Borough in Delaware County, Pennsylvania. Jim has more than 30 years of<br />
well-rounded audit and managerial experience. Before coming to Media Borough, he<br />
was the vice president for internal audit and management consulting services for Drexel<br />
University and Drexel University College of Medicine. Other experiences include vice<br />
president for internal audit services and corporate compliance officer for Mercy Health<br />
System, and associate director of internal audit for the University of Pennsylvania.<br />
Carey Smith, finance technician, started working for the Town of Nolensville, Tennessee,<br />
in July 2020. Carey brings a great deal of knowledge and experience to the team and has<br />
also played an integral role in assisting with all the changes the Finance Department has<br />
undergone. She is a licensed notary public for the State of Tennessee.<br />
Matthew Stitt is a director and national lead for equitable recovery and strategic financial<br />
initiatives in PFM’s Management and Budget Consulting team. He advises public sector<br />
leaders on structural changes, budget reforms and financial planning—with a particular<br />
focus on applying an equity lens to solving governing challenges—especially in relation<br />
to the financial and economic crises caused by COVID-19. Before he joined PFM, Matt was<br />
the chief financial officer for the City Council of Philadelphia, Pennsylvania, leading the<br />
annual review of the city’s operating and capital budgets and strategic plans, as well as<br />
advising on all fiscal matters related to proposed legislation and key initiatives.<br />
Teri Takai is the executive director of the Center for Digital Government, a national<br />
research and advisory institute on information technology policies and best practices<br />
in state and local government. She worked for Ford Motor Company in global application<br />
development and information technology strategic planning and as chief information<br />
officer of the states of Michigan and California before becoming the first woman appointee<br />
as chief information officer of the U.S. Department of Defense. She then served as the CIO<br />
for Meridian Health Plan. She is a member of several industry advisory boards.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 7
FROM THE CEO<br />
Bringing Members Together to<br />
Address the Pressing Challenges<br />
of Today and Tomorrow<br />
Christopher P. Morrill<br />
Executive Director/CEO<br />
GFOA Materials Library<br />
Stay up to date on all GFOA<br />
events and monitor ongoing<br />
research by visiting the<br />
GFOA website events listing<br />
and the materials library.<br />
gfoa.org/events<br />
gfoa.org/materials<br />
As I speak with public<br />
finance officers<br />
throughout the United<br />
States and Canada,<br />
it’s clear that our state,<br />
provincial, and local governments are<br />
facing many challenges. Obstacles<br />
related to balanced budgets, additional<br />
accounting standards, aging<br />
infrastructure, evolving technology,<br />
and ongoing pension shortfalls are<br />
perennial, but organizations are also<br />
grappling with the many issues caused<br />
by the COVID-19 pandemic. Perhaps<br />
the main challenge I’m hearing about<br />
is significantly altered workforce<br />
expectations. This, combined with our<br />
ever-changing political environment<br />
and overall perception of local<br />
government—and its role in shaping<br />
our communities—adds to the stress of<br />
being a finance officer while creating<br />
a unique environment for change.<br />
I believe GFOA plays an important<br />
role in addressing these issues by<br />
bringing members together to share<br />
ideas, provide diverse perspectives,<br />
and ultimately collaborate on<br />
strategies and solutions that<br />
will become the best practices of<br />
tomorrow. At GFOA, we prioritize<br />
member engagement, and we are<br />
implementing new strategies to<br />
connect members and encourage<br />
participation in our programs. We<br />
are also analyzing data and learning<br />
from our past experiences to find<br />
better ways to better serve you.<br />
The annual conference is our<br />
signature event of the year, bringing<br />
together thousands of government<br />
finance professionals for a week of<br />
educational sessions, networking, and<br />
social events, but equally important<br />
ways to engage and participate are still<br />
on the way. This fall, GFOA will host<br />
several major events that will provide<br />
opportunities not only for engagement<br />
but, even more importantly, for<br />
making contributions to the solutions<br />
that will guide the evolution of<br />
the public finance profession.<br />
MiniMuni. GFOA’s virtual event that<br />
highlights debt management best<br />
practices and industry trends is back<br />
on <strong>October</strong> 19 to 21, <strong>2022</strong>, for the<br />
fourth consecutive year. Government<br />
entities have used debt to fund public<br />
infrastructure for more than 200<br />
years, but regulations are constantly<br />
changing. This event provides GFOA<br />
members with firsthand knowledge<br />
from key leaders in Washington, D.C.,<br />
and it allows our members to discuss<br />
the latest trends, best practices, and<br />
what to expect in the future. For more<br />
information, visit gfoa.org/minimuni.<br />
Rethinking Public Engagement<br />
Summit. This virtual summit,<br />
scheduled for November 7 to 10,<br />
<strong>2022</strong>, will bring together academics,<br />
researchers, and other thought<br />
leaders in public administration<br />
and engagement, along with civic<br />
technology experts and local<br />
government practitioners, to rethink<br />
public engagement. The budget is the<br />
most important policy document a<br />
local government produces, but we’ve<br />
known for decades that we need to do<br />
a better job of meaningfully engaging<br />
citizens in the budget process.<br />
In recent years, new forces—distrust<br />
of experts, loss of faith in institutions,<br />
and the politics of cynicism—have<br />
8
made it clearer than ever that local<br />
governments need to consider public<br />
engagement in a new light. The<br />
Rethinking Public Engagement Summit<br />
is connected to broader GFOA efforts to<br />
“rethink budgeting” and to address ways<br />
in which local governments can best<br />
prioritize and allocate limited funding<br />
to get the most for their community.<br />
For more information, visit gfoa.org/<br />
rethinking-public-engagement-summit.<br />
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
Alliance for Excellence in School<br />
Budgeting Fall Meeting. The Alliance<br />
for Excellence in School Budgeting,<br />
which is open to all school districts,<br />
is an early adopter group of 100-plus<br />
organizations that are implementing<br />
GFOA’s Best Practices in School<br />
Budgeting. The alliance—a part of the<br />
Smarter School Spending initiative—<br />
includes a diverse group of districts<br />
from across the United States. Each<br />
year since the group first met in 2015,<br />
finance and academic leaders from<br />
these districts have convened to<br />
discuss topics including academic<br />
return on investment, equity in school<br />
funding, strategic financial plans,<br />
cost-saving strategies, and more.<br />
This year, the alliance will meet in<br />
Chicago on December 1 and 2, <strong>2022</strong>,<br />
to discuss strategies for improving<br />
student achievement and to address<br />
the realities of the new environment<br />
for public education. For more<br />
information and to get involved, visit<br />
gfoa.org/smarterschoolspending.<br />
Local Government 2030—Lessons<br />
for the Future: A Convening of<br />
Practitioners. GFOA is working with<br />
25 professional associations to sponsor<br />
a conference of public administration<br />
practitioners representing cities,<br />
counties, and regional councils<br />
across the United States. Delegates<br />
representing general administration,<br />
finance, public works, utilities,<br />
community services, public safety,<br />
economic development, and more will<br />
come together November 4 to 6, <strong>2022</strong>,<br />
at the University of Nebraska Omaha<br />
to provide leadership in implementing<br />
solutions to what the National Academy<br />
of Public Administration called the<br />
“Grand Challenges” facing our nation.<br />
Work also continues on GFOA’s<br />
Rethinking Revenue and Rethinking<br />
Budgeting initiatives. Both projects<br />
take a fresh look at how public funds are<br />
raised, focusing on innovative ideas<br />
for retooling local systems to align with<br />
modern economic realities and treat<br />
citizens more fairly. We are also looking<br />
at ways in which governments make<br />
decisions about resource allocation,<br />
as well as introducing concepts from<br />
behavioral science to improve key<br />
elements of the traditional budget<br />
process. Information about both<br />
projects is available on GFOA’s website<br />
at gfoa.org/rethinking-revenue and<br />
gfoa.org/rethinking-budgeting.<br />
I’m excited about the future of public<br />
finance. GFOA members are a diverse<br />
group of leaders uniquely qualified to<br />
discuss, debate, and develop solutions<br />
to the many challenges that state,<br />
provincial, and local governments<br />
face. GFOA is committed to providing<br />
forums for discussion and resources<br />
for developing ideas and supporting<br />
their implementation. I look forward<br />
to working with all of you as we<br />
tackle these challenges together.<br />
Sincerely,<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 9
ewind<br />
Rethinking Budgeting<br />
A look back at <strong>GFR</strong> in <strong>October</strong> 2003<br />
In <strong>October</strong> 2003, <strong>GFR</strong> dedicated<br />
an issue to a perennial question:<br />
What’s wrong with budgeting?<br />
Then—much like today, and<br />
several times since—we<br />
noted that state and local<br />
governments were mired in<br />
a challenging fiscal environment,<br />
forcing policymakers and<br />
administrators to make difficult<br />
choices between painful cuts in<br />
services and tax and fee increases.<br />
We concluded that it “may well be<br />
the ideal time to implement muchneeded<br />
improvements to public<br />
budgeting,” noting that “the current<br />
fiscal crisis, however, has exposed<br />
deficiencies in public budgeting<br />
systems and generated some<br />
momentum to correct them.” And this<br />
conclusion could apply to most years<br />
since that magazine was published.<br />
In 2003, we were worried about<br />
many of the features of budgeting—it<br />
was incremental, took months and<br />
thousands of hours of staff time<br />
to implement, was dollar-centric,<br />
ignored performance, and led<br />
employees to focus on the wrong<br />
targets at the expense of customer<br />
service and overall corporate goals,<br />
and restricted managerial flexibility,<br />
which limited innovation. Back<br />
then there were accusations that<br />
budgetary incentives promoted<br />
gaming the system.<br />
Local governments have been<br />
reforming the budget function almost<br />
from the moment it was introduced<br />
in the early 1900s. “Traditional<br />
budgeting” is the result of a long<br />
process of experimentation that has<br />
settled on a number of traditions:<br />
• Annularity—that uncertainty<br />
makes it realistic to plan only one<br />
year at a time.<br />
• Citizen participation—that citizens<br />
should influence priority setting.<br />
• Intergenerational equity—<br />
exemplified by the separation<br />
of current expenditures from<br />
long-term capital programs.<br />
• Executive-driven processes—<br />
pinpointing accountability for<br />
administration.<br />
• Input and control focus—controlling<br />
what public money is spent on and<br />
mitigating the risk of over-spending.<br />
• Incrementalism—where the<br />
previous year’s appropriation is the<br />
starting point for budget formulation,<br />
with negotiations focused on<br />
increments or decrements.<br />
• Balanced budget requirements—<br />
found in most state statutes and<br />
local ordinances.<br />
A number of these traditions are being<br />
challenged, but most remain intact.<br />
Local governments have long relied on<br />
last year’s budget to make incremental,<br />
line-item changes around the margins<br />
to make next year’s budget.<br />
Though this form of budgeting has<br />
advantages and can be useful in<br />
times of stability, it can also make<br />
local governments slow to adapt<br />
in times of rapid change, like the<br />
volatile and uncertain times we live<br />
in today.<br />
In 2003 GFOA provided an<br />
evaluative framework that helped<br />
governments identify, diagnose, and<br />
correct problem areas, explaining<br />
how to conduct operational reviews<br />
and analyze the core factors that<br />
shape and constrain budgeting’s<br />
usefulness as a tool for allocating<br />
resources and reaching goals—but<br />
most of the problems we addressed<br />
20 years ago are still with us.<br />
That’s why GFOA’s new Rethinking<br />
Budgeting Initiative is taking<br />
tangible steps to help make<br />
budgeting better. The incremental<br />
nature of traditional line-item<br />
budgeting can slow down efforts<br />
to adapt to changing conditions,<br />
but the Rethinking Budgeting<br />
initiative—a collaborative effort<br />
between GFOA, the International<br />
City/County Management<br />
Association, and National League<br />
of Cities—considers new ways of<br />
thinking, new technologies, and<br />
updated practices to better meet the<br />
changing needs of communities.<br />
Rethinking budgeting is no small<br />
matter, so we’ve broken it down<br />
into subtopics, which we invite you<br />
to explore at gfoa.org/rethinkingbudgeting.<br />
The initiative is ongoing,<br />
so our content will evolve and grow<br />
as it moves forward.<br />
©<strong>2022</strong> TBD C/O THEISPOT.COM<br />
10
In Brief<br />
FEDERAL UPDATE | INTERNATIONAL PARTNERSHIPS<br />
FEDERAL UPDATE<br />
Build Back Better Never Something BY GALEN MCDONALD<br />
Let’s talk about the Inflation<br />
Reduction Act of <strong>2022</strong><br />
(IRA). It may not be the<br />
original Build Back Better<br />
Act that the current<br />
administration set out to enact, but<br />
it is something. This article explains<br />
what’s in the law and what it means<br />
for your jurisdiction.<br />
What is the IRA?<br />
The IRA was signed into law on August<br />
16, <strong>2022</strong>, and according to the White<br />
House, it “will lower costs for families,<br />
combat the climate crisis, reduce the<br />
deficit, and finally ask the largest<br />
corporations to pay their fair share.”<br />
The IRA is a reduced and revised<br />
version of the Build Back Better<br />
Act, or the climate and health bill.<br />
The IRA focuses on three key areas:<br />
healthcare, clean energy, and taxes.<br />
This article will discuss each<br />
of these areas, touching briefly on<br />
healthcare and taxes before diving<br />
deeper into clean energy. We’ll finish<br />
off by providing some suggestions and<br />
further resources.<br />
Healthcare under the IRA<br />
The act aims to cut prescription drug<br />
costs and lower healthcare costs,<br />
which may in turn lower healthcare<br />
costs for employers. The act allows<br />
Medicare to directly negotiate for<br />
prescription drug prices in 2023. It<br />
creates a cap on Medicare patients’<br />
out-of-pocket costs, provides cost-free<br />
vaccines for seniors, and more.<br />
Taxes under the IRA<br />
Deficit reduction, clean energy,<br />
and climate investments are key<br />
priorities, and the act contains four<br />
primary tax-related instruments for<br />
raising money to meet these priorities.<br />
The act will raise $222 billion<br />
through “a corporate alternative<br />
minimum tax on corporations that<br />
earn more than $1 billion in annual<br />
profit, but do not pay at least a 15<br />
percent tax rate.” Approximately $203<br />
billion will come from “investing $80<br />
billion over the next ten years for tax<br />
enforcement and compliance” under<br />
the IRS. This corporate minimum<br />
tax would have a direct but minimal<br />
impact on the demand for municipal<br />
bonds, as the affected corporations<br />
don’t generally invest in munis.<br />
A 1 percent fee “on stock buybacks by<br />
publicly traded corporations” will raise<br />
$74 billion. Finally, $52 billion will be<br />
raised “by extending the limitation on<br />
excess business losses for two years.”<br />
The act also reinstates the<br />
Superfund tax, which will raise<br />
more than $11 billion for Superfund<br />
cleanups. The act also includes tax<br />
credits to promote clean energy and the<br />
environment. Another tax credit will<br />
“make used clean vehicles affordable”<br />
for those with low and moderate<br />
incomes. The existing Investment<br />
Tax Credit and Production Tax Credits<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 11
IN BRIEF<br />
for renewable energy now include<br />
“bonus 10 percent credits for projects<br />
built within legacy communities”<br />
and an “increase in energy credit for<br />
solar and wind facilities placed in<br />
service in connection with low-income<br />
communities.” The latter involves<br />
either a 10 or 20 percent bonus credit,<br />
depending on where the projects are<br />
installed. Finally, there is an extension<br />
of the $10 billion advanced energy<br />
project credit, which includes $4<br />
billion to build new clean technology<br />
manufacturing facilities in legacy coal<br />
communities.<br />
Clean energy and the<br />
environment under the IRA<br />
The administration has three main<br />
clean energy goals with the act:<br />
lowering energy costs, building a<br />
clean energy economy, and reducing<br />
harmful pollution. The act includes<br />
the following terms.<br />
• Environmental justice. The<br />
Environmental Protection Agency<br />
(EPA) defines environmental<br />
justice as “the fair treatment and<br />
meaningful involvement of all people<br />
regardless of race, color, national<br />
origin, or income with respect to the<br />
development, implementation, and<br />
enforcement of environmental laws,<br />
regulations, and policies.”<br />
• Legacy pollution. According to<br />
the National Park Service, legacy<br />
contaminants are “chemicals once<br />
used in the U.S. but then discontinued<br />
or outright banned,” and they often<br />
“linger in soil and water” while slowly<br />
breaking down.<br />
• Disadvantaged communities.<br />
According to Executive Order 14008:<br />
Tackling the Climate Crisis at<br />
Home and Abroad, disadvantaged<br />
communities are those that “have<br />
been historically marginalized and<br />
overburdened by pollution and underinvestment<br />
in housing, transportation,<br />
water and wastewater infrastructure,<br />
and healthcare.” GFOA’s Federal<br />
Liaison Center will be monitoring this<br />
definition development closely as it<br />
is widely known that disadvantaged<br />
communities may be defined<br />
differently elsewhere (such as in state<br />
or local policies).<br />
• Non-attainment areas. According<br />
to the EPA, a non-attainment area is<br />
“any area that does not meet (or that<br />
contributes to ambient air quality<br />
in a nearby area that does not meet)<br />
the national primary or secondary<br />
ambient air quality standard for a<br />
NAAQS.”<br />
The clean energy and environment<br />
investments promote three main points:<br />
1. Legacy pollution reduction.<br />
2. Affordable and accessible<br />
clean energy for disadvantaged<br />
communities.<br />
3. Better quality of life and good jobs.<br />
Legacy pollution reduction. The act<br />
directs significant funding toward<br />
reducing legacy pollution. Several<br />
programs specifically build on the<br />
environmental justice-related programs<br />
within the Infrastructure Investment<br />
and Jobs Act. Cities and counties will<br />
likely be eligible for these funds, and<br />
special districts or political subdivisions<br />
are expected to be included as eligible<br />
entities as well. This information will<br />
be included in the forthcoming Notice of<br />
Funding Opportunities.<br />
12
The administration has<br />
three main clean energy<br />
goals with the act:<br />
lowering energy costs,<br />
building a clean energy<br />
economy, and reducing<br />
harmful pollution.<br />
One such to be included is<br />
the Neighborhood Access and<br />
Equity Program, which includes<br />
approximately $3 billion in<br />
competitive grants, with priority given<br />
to disadvantaged communities for<br />
projects that improve connectivity/<br />
mobility, reduce urban heat, and<br />
improve safety, among other things.<br />
Another program included is the $2.8<br />
billion for Environmental and Climate<br />
Justice Block Grants, which are<br />
available to local governments that are<br />
partnered with a community nonprofit<br />
to fund community-led efforts in<br />
pollution monitoring, prevention, and<br />
remediation, and more.<br />
Another $3 billion is allocated for<br />
grants to reduce air pollution at ports<br />
through climate action plans and<br />
implementation of zero-emission<br />
technology. A new Clean Heavy-Duty<br />
Vehicles program at the EPA will receive<br />
$1 billion to cover zero-emission buses<br />
including school buses and garbage<br />
trucks. Diesel emission reduction<br />
from goods movement facilities will be<br />
covered by $60 million in grants.<br />
Another $236 million will go toward<br />
air pollution monitoring, with a focus<br />
on disadvantaged communities, and<br />
an additional $50 million will go<br />
specifically toward monitoring and<br />
reducing air pollution in low-income<br />
and disadvantaged community-area<br />
public schools.<br />
A low-emissions electricity<br />
program will provide $87 million in<br />
funding for a technical assistance<br />
program to state and local<br />
governments to help greenhouse gas<br />
emission reduction.<br />
Affordable and accessible<br />
clean energy for disadvantaged<br />
communities. The act includes a<br />
greenhouse gas reduction fund to help<br />
communities deploy or benefit from<br />
clean energy projects and pollutionreducing<br />
technologies. At least 60<br />
percent of the funds will focus on<br />
disadvantaged communities, and<br />
it will be provided to non-federal<br />
governments through one of three<br />
collections:<br />
• $7 billion “for zero-emission<br />
technology deployment…in<br />
low-income and disadvantaged<br />
communities.” The technology<br />
deployment may include rooftop<br />
and community solar.<br />
• $8 billion for low-income and<br />
disadvantaged communities<br />
“for a general fund making<br />
broad investments in reducing<br />
greenhouse gas emissions and<br />
promoting environmental justice.”<br />
• $11.97 billion for another general<br />
fund that isn’t designated for<br />
low-income and disadvantaged<br />
communities.<br />
The IRA also creates a $1 billion<br />
grant program for “improving energy<br />
efficiency or water efficiency or<br />
climate resilience of affordable<br />
housing,” and $9 billion for two home<br />
energy rebate programs specifically<br />
for low- and moderate-income singlefamily<br />
and multifamily households.<br />
Better quality of life and good jobs.<br />
Several grant programs totaling $2<br />
billion are directed at programs that<br />
will improve communities’ quality<br />
of life and provide jobs; $1.5 billion<br />
is going toward planting trees and<br />
establishing community and urban<br />
forests, and an additional $50 million<br />
will be available in competitive grants<br />
to create urban parks. Disadvantaged<br />
communities will receive another<br />
$550 million for planning, designing,<br />
and constructing water supply<br />
projects. Nearly $400 million will go<br />
directly toward building resiliency for<br />
tribal governments and communities.<br />
Obstacles and resources<br />
A few obstacles governments<br />
might face are finding funding<br />
opportunities the community<br />
qualifies for, meeting cost-sharing<br />
requirements and/or meeting<br />
federal data reporting requirements<br />
and locating areas of your<br />
community that meet definitions<br />
of disadvantaged communities.<br />
GFOA will work to help alleviate<br />
any issues that come up.<br />
• The federal update column from<br />
the August <strong>2022</strong> issue of <strong>GFR</strong><br />
(gfoa.org/materials/gfr822-wheremy-money)<br />
goes into detail about<br />
the federal grant process and<br />
suggests ways to overcome some<br />
of the challenges to successfully<br />
accessing government dollars.<br />
• The current administration’s<br />
Climate and Economic Justice<br />
Screening Tool is also a great<br />
resource for identifying<br />
disadvantaged communities<br />
and taking advantage of funding<br />
targeted to those communities.<br />
• GFOA’s IRA Funding Tracker is<br />
another useful resource. Like<br />
our Infrastructure Investment<br />
and Jobs Act Notice of Funding<br />
Opportunities tracker, the<br />
IRA tracker will show notices<br />
of funding opportunities and<br />
relevant information including<br />
submission deadlines and where<br />
to apply. The IRA Funding Tracker<br />
is available at gfoa.org/flc.<br />
Galen McDonald is a policy associate<br />
in GFOA’s Federal Liaison Center.<br />
For further analysis, see Justin<br />
Marlowe’s article on the topic on<br />
page 74 of this issue.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 13
IN BRIEF<br />
PROGRAMS<br />
How GFOA’s International Partnerships Came About<br />
GFOA’s annual conference<br />
welcomes attendees<br />
from across North<br />
America, including<br />
almost all states,<br />
provinces, and U.S. territories. GFOA<br />
also hosts delegations from several<br />
other countries, who bring unique<br />
perspectives but common values<br />
and experiences as leaders in public<br />
finance from across the world.<br />
GFOA’s international program<br />
started in 1988, when former GFOA<br />
CEO Jeff Esser met Amir Bartov at a<br />
Sister Cities conference in Jerusalem.<br />
Amir was in charge of the Municipal<br />
Finance Directors Association<br />
(MDFA) of Israel, and Jeff invited him<br />
to attend a GFOA conference. Amir<br />
attended that year, and thereafter,<br />
GFOA started sending delegations<br />
to the MFDA’s annual conference. In<br />
turn, MFDA also started sending a<br />
delegation to the GFOA conference.<br />
Amir’s vision of bringing countries<br />
together to share information was the<br />
impetus of the international program.<br />
In Israel, municipal finance officers<br />
were just starting to get organized<br />
and provide training, and they were<br />
eager to work with their counterparts<br />
in the United States and Canada.<br />
Many international local<br />
governments are controlled by their<br />
federal government and did not<br />
share best practices the way GFOA<br />
members do. Program participants<br />
signed agreements to formalize<br />
their role in sharing information<br />
and learning from each other.<br />
GFOA’s first agreement was with the<br />
MDFA in Israel. Using that relationship<br />
as a model, GFOA went on to develop<br />
formal relationships with others<br />
including the Swedish Association of<br />
Local Government Finance Officers,<br />
the Association of the Financiers<br />
of the Local Self-Governing Units<br />
of Georgia, the Chartered Institute of<br />
Government Finance Audit and Risk<br />
Officers of South Africa the German<br />
Association of Treasurers, the Institute<br />
of Chartered Accountants of India,<br />
and the Brazilian Navy Office of the<br />
Budget, and the Institute of Public<br />
Works and Engineering Australasia.<br />
For many of these organizations,<br />
Amir was influential in helping GFOA<br />
establish the initial connection.<br />
Over the years, GFOA’s executive<br />
leadership has represented GFOA at<br />
numerous conferences hosted by our<br />
partner organizations. Recently, GFOA<br />
President Terri Velasquez attended<br />
a conference in Sweden, and this<br />
year GFOA will send delegations to<br />
Israel, South Africa, and Georgia.<br />
With the news of Amir Bartov’s<br />
passing on August 7, <strong>2022</strong>, at age 73,<br />
GFOA recognizes his contributions<br />
to the association and the many<br />
friendships that developed through<br />
these international partnerships.<br />
14
Our Common Goal<br />
GFOA is fortunate to have invaluable<br />
partnerships with several foreign<br />
countries. In March <strong>2022</strong>, I had an<br />
opportunity to travel to Israel to attend<br />
the Municipal Finance Directors of<br />
Israel Conference in the beautiful<br />
city of Eilat. We were also joined by a<br />
German delegation, which afforded us<br />
an opportunity to exchange ideas and<br />
learn about our cultures.<br />
Remembering Amir Bartov<br />
Amir Bartov will be missed by his family, friends, and the many finance<br />
officers he worked with over the years. Amir was passionate about<br />
advancing the work of government finance, and his vision was global. He<br />
also informed finance directors around the world about the work being<br />
done by GFOA and the international program.<br />
Jeff Esser became close friends with Amir, fondly remembering him<br />
as a brilliant man who had an amazing memory, an impressive grasp of<br />
languages, and a drive for bringing people together.<br />
“Amir was an incredible person,” Jeff said. “He could converse with<br />
just about anyone, from any country or any culture, and learn about them<br />
and establish a friendship almost immediately. He was very outgoing,<br />
gregarious, and inquisitive. He became instant friends with whomever<br />
he interacted with. And he was incredibly hard-working.”<br />
Jeff noted that Amir led an organization that did youth exchanges<br />
between Israel and Germany, in part to establish relations between the<br />
two countries in light of the Holocaust. He also included Israeli Arabs and<br />
Christians in the Israeli group, an important gesture, given the political<br />
situation in the Middle East. “He made sure to include them in everything<br />
they did and ensured that they had representation on committees and on<br />
their executive board,” Jeff explained. “That was part of who he was. And<br />
the atmosphere was always welcoming and friendly. “<br />
Amir also translated classic works like the Odyssey and other English<br />
texts into Hebrew and put them online as part of a free literacy project<br />
called the Hebrew Literature Computing Association. Amir was a member<br />
of the managing committee and treasurer of the association, and he<br />
contributed to the organization by giving lectures and raising funds.<br />
GFOA remembers and recognizes the significant ways Amir advanced<br />
the work of government finance and his role in the inception of GFOA's<br />
international outreach program.<br />
GFOA’s international<br />
partnerships provide<br />
an opportunity to<br />
advance excellence in<br />
public finance globally.<br />
GFOA’s international partnerships<br />
provide an opportunity to advance<br />
excellence in public finance globally.<br />
Our international partners hold GFOA in<br />
high regard and look to our organization<br />
to assist them with promoting sound<br />
financial practices. One of the<br />
experiences I will value most from my<br />
trip to Israel is having an opportunity<br />
to discuss fiscal policy with Israeli<br />
leaders from across their country in<br />
an intimate setting. In moments such<br />
as these, you realize that people are<br />
more alike than different. We discussed<br />
policies such as aging infrastructure,<br />
intergovernmental relations, and of<br />
course responding to a pandemic.<br />
However, regardless of the challenge,<br />
we all share a common goal—to improve<br />
the quality of life for the residents in our<br />
communities that we serve.<br />
—GFOA Past President Michael Bryant<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 15
4 STEPS TO BECOMING<br />
Cyber Risk<br />
Savvy<br />
How To Be a<br />
Smart Customer of<br />
Cyber Insurance<br />
BY SHAYNE KAVANAGH,<br />
ROB ROQUE AND TERI TAKAI<br />
16
BECOMING CYBER RISK SAVVY<br />
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
Cyberattacks are a clear<br />
and present danger for<br />
all organizations, but<br />
local governments are<br />
particularly vulnerable.<br />
A 2020 study showed<br />
that local governments<br />
are more likely to<br />
be the targets of a<br />
ransomware attack than any other<br />
kind of organization and that 44% of<br />
ransomware attacks targeted local<br />
governments in 2020, a portion similar<br />
to 2019. 1 The trend does not seem to be<br />
abating: 2021 saw a nine-fold increase<br />
in ransomware attacks on government<br />
organizations between 2020 and 2021. 2<br />
Local governments are attractive<br />
targets for cybercriminals for a few<br />
reasons. 3 First, local governments are<br />
“soft targets.” This means that networks<br />
WHAT IS RANSOMWARE?<br />
are typically not very secure. For<br />
example, smaller local governments<br />
may not have dedicated IT staff, much<br />
less dedicated cybersecurity staff. On<br />
top of that, local governments often<br />
operate many disparate services,<br />
which creates a lot of “surface area”<br />
for an attack. In other words, an<br />
attacker could gain access to a city<br />
government’s network through<br />
information systems in public<br />
works, community development,<br />
or any other department. Second,<br />
local governments maintain<br />
sensitive data like tax records, voter<br />
information, citizen and employee<br />
health-related data, and employee<br />
social security information. They<br />
also provide essential services that<br />
can’t be interrupted. A soft target with<br />
sensitive information and essential<br />
Local governments are more likely to<br />
be the targets of a ransomware attack<br />
than any other kind of organization.<br />
Ransomware is “a type of malicious attack where attackers encrypt an organization’s data and<br />
demand payment to restore access.” 4 Organizations fall prey to these types of cyberattacks by<br />
clicking on a malicious web link in an unsuspecting email (phishing) or visiting an unprotected<br />
website and unknowingly downloading and activating malware.<br />
services is the proverbial “lowhanging<br />
fruit” for the cybercriminal.<br />
A third and, perhaps, surprising<br />
reason is the public profile of local<br />
governments, which refers to<br />
transparency requirements, open<br />
data sets, public-facing internetenabled<br />
transactions, and more.<br />
This public profile means hackers<br />
have an advantage in calculating<br />
an effective strategy to penetrate a<br />
local government’s defenses. This<br />
compares to private firms that<br />
have a greater ability to conceal<br />
their activities from the public and,<br />
therefore, cybercriminals.<br />
Cyberattacks are expensive. Cities<br />
like Atlanta and Baltimore have made<br />
headlines with the extreme cost of a<br />
cyberattack. These cities are reported<br />
to have incurred over $15 million<br />
each, including data recovery costs<br />
and the cost of downtime and lost<br />
revenue. 5 The risks are not limited<br />
to large governments. In 2019, the<br />
City of Stuart, Florida, (population<br />
16,000) was hit with a ransomware<br />
attack and a demand for $300,000.<br />
The city elected not to pay and had to<br />
incur about 2,000 hours of staff time<br />
to manage the recovery and workarounds<br />
and spent a significant sum<br />
on replacing/upgrading hardware<br />
and software. 6 Further, a study of the<br />
costs of cybercrime across industries<br />
showed that there was barely any<br />
relationship between the size of the<br />
victim organization and the size<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 17
BECOMING CYBER RISK SAVVY<br />
of the loss. 8 In other words, a smaller<br />
organization does not necessarily<br />
translate into lower potential losses<br />
from cybercrime.<br />
The potential extreme consequences<br />
of a cyberattack have caused many<br />
local governments to turn to cyber<br />
insurance. Given the potential losses<br />
from an attack, transferring the risk of<br />
an attack to the insurance market could<br />
be an attractive proposition. However,<br />
cyber insurance is a relatively new type<br />
of insurance instrument compared to<br />
traditional insurances, like property<br />
and liability insurance. Also, the cost of<br />
a policy or the availability can change<br />
dramatically in a short time. In fact,<br />
as of this writing, many governments<br />
have experienced rapidly increasing<br />
premium costs. This article will help<br />
local governments approach cyber<br />
insurance in a risk-savvy manner and<br />
make smart decisions about how to<br />
invest in protection against cybercrime.<br />
As a first step, let’s understand<br />
three fundamental issues with cyber<br />
insurance that an informed consumer<br />
must be aware of.<br />
First, insurance is remedial, whereas<br />
controls (cybersecurity measures) can<br />
be preventative. For example, training<br />
on safe computing practices can make<br />
it less likely that an employee clicks<br />
on a malicious web link in an email,<br />
thereby avoiding an attack that could<br />
have otherwise succeeded.<br />
Prevention is generally preferable<br />
to remediation. Cyberattacks can have<br />
consequences beyond what insurance<br />
can cover. For example, the City of<br />
Stuart found that even if it had been<br />
able to use insurance to pay the ransom,<br />
the files that would be “restored” by<br />
the cybercriminal would go to one<br />
folder, with all new names and no file<br />
extensions! Insurance is not an “undo<br />
button” for a cyberattack. There are<br />
also indirect effects of a cyberattack<br />
that are best avoided, such as the hit to<br />
the reputation of a local government.<br />
Reputation is not an inconsequential<br />
intangible. A loss of public faith in<br />
government has consequences. A<br />
perceived vulnerability to cybercrime<br />
also could have consequences for<br />
bond ratings. 8 This means that local<br />
governments must be savvy in choosing<br />
when to invest limited resources in better<br />
cybersecurity controls versus investing in<br />
cyber insurance.<br />
Second, commercial insurance, by<br />
design, is a “bad bet” for the insured,<br />
on average. If it weren’t, insurance<br />
companies would go broke. This is why<br />
governments can sometimes reduce<br />
costs by self-insuring. This does not<br />
mean local governments should never<br />
buy commercial insurance. Commercial<br />
insurance is great for protecting against<br />
catastrophic losses that government<br />
isn’t capable of absorbing. This means<br />
local governments must be savvy in<br />
determining when to accept the risk<br />
(self-insure) and when to transfer risk to<br />
commercial insurers.<br />
Third, the market for cyber insurance<br />
continues to change and evolve with<br />
the level of threat posed to governments<br />
by cybercrime. The cyber insurance<br />
market is relatively underdeveloped, and<br />
fewer actuarial models exist compared<br />
to other kinds of insurance markets—<br />
which have been around for decades<br />
and maybe centuries. Hence, the market<br />
A 2018 ransomware attack cost the City of<br />
Atlanta over $15 million to restore systems<br />
and make up for lost or delayed revenue.<br />
18
for cyber insurance is evolving rapidly<br />
as insurance sellers and buyers come<br />
to understand the nature of the peril<br />
better and the financial implications of<br />
insuring it. As of this writing, the market<br />
for cyber insurance is tightening up,<br />
with policies becoming unaffordable<br />
or unavailable for local governments<br />
that don’t have adequate controls to<br />
prevent cyberattacks. This means<br />
local governments must be savvy about<br />
recognizing the evolving nature of the<br />
cyber insurance market and not assume<br />
that today’s coverages will be available at<br />
comparable prices in the future.<br />
With these issues in mind, how<br />
should a local government approach<br />
cyber insurance? The rest of this article<br />
will take you through a step-by-step<br />
procedure for considering the costs<br />
versus the benefits of cyber insurance.<br />
Risk Mitigation vs. Risk<br />
Transfer, or Cybersecurity<br />
Controls vs. Cyber Insurance<br />
We will start from the premise<br />
that local government has limited<br />
resources, so a dollar invested in cyber<br />
insurance is a dollar not invested in<br />
controls. The advantage of controls<br />
is that they can be preventative; they<br />
can stop the attack from doing damage<br />
in the first place. A software patching<br />
strategy leaves fewer vulnerabilities<br />
for cybercriminals to exploit. Controls<br />
can also reduce the potential damage<br />
from an attack if an attack succeeds.<br />
For example, high-quality data backups<br />
make it easier to recover lost data.<br />
Insurance is always remedial; it cleans<br />
up the damage after it has happened.<br />
The advantage of insurance is that it can<br />
provide some relief from catastrophic<br />
losses, where it is impractical to<br />
develop sufficient controls. Hence,<br />
there is a trade-off to consider. How<br />
can this trade-off be analyzed? We will<br />
present a four-step process:*<br />
Step 1—Know the basics of your<br />
cybersecurity situation<br />
Step 2—Quantify your risk<br />
Step 3—Examine the potential<br />
of insurance<br />
Step 4—Periodically reassess<br />
STEP 1<br />
Know the basics of your<br />
cybersecurity situation<br />
Some local governments will have<br />
a good handle on their existing<br />
cybersecurity situation, but others<br />
may not. There are three questions<br />
to ask as part of Step 1:<br />
What are the most important assets<br />
you need to protect? Technology<br />
assets with sensitive data or that<br />
administer mission-critical functions<br />
are the most important. These may<br />
include social security numbers,<br />
credit card information, bank account<br />
information, any kind of health data<br />
that might be protected by law (e.g.,<br />
the U.S. Health Insurance Portability<br />
and Accountability Act), and criminal<br />
justice data. Examples of critical<br />
systems might include enterprise<br />
resource planning (ERP), tax revenue<br />
systems, or public health or public<br />
safety systems.<br />
What threats are most important?<br />
Today, ransomware attacks are the<br />
most prevalent threat. Other possible<br />
threats include denial of service<br />
attacks, leaks of sensitive data, or cyber<br />
CAN YOU ELIMINATE RISKS?<br />
sabotage of various forms. Ransomware<br />
attacks will likely continue to be the top<br />
threat because there is a clear financial<br />
incentive for the perpetrator. It is worth<br />
noting that these threats can combine.<br />
For example, a ransomware attack could<br />
lead to data leaks.<br />
What is the state of your controls?<br />
State and local governments have been<br />
challenged with finding resources to keep<br />
up with cyber threats. Important controls<br />
include multifactor authentication,<br />
firewalls, encrypted data storage,<br />
encrypted data backups, incident<br />
response planning, training staff to avoid<br />
phishing attacks, software patching,<br />
and endpoint detection response.** In a<br />
2021 survey, 9 respondents indicated that<br />
spending on cybersecurity focused on<br />
software, hardware, backup, monitoring,<br />
and training. Incident response was listed<br />
as a lower priority. Only 57% of responses<br />
indicated that cybersecurity training<br />
was done annually for all employees.<br />
The focus areas for business continuity<br />
in the face of a cybersecurity attack were<br />
data backups and recovery, operational<br />
business plans, and ensuring manual<br />
work-arounds in case of an outage.<br />
There are comprehensive frameworks<br />
for addressing cybersecurity risks, like<br />
CIS Top 18 (perhaps the most accessible<br />
for local government), COBIT, NIST, and<br />
ISO. These are valuable for organizations<br />
with the sophistication to use them.<br />
However, even a basic assessment<br />
of whether you have the controls we<br />
described here, or not, can be useful for<br />
Step 1. At the end of Step 1, many local<br />
governments will find that they have<br />
One strategy in risk management is to eliminate risks by eliminating risky activities. In the world of<br />
cyber insurance, an opportunity might be to reduce the amount of sensitive data that government<br />
collects and stores. You might ask if collecting and storing certain types of sensitive data is<br />
necessary and worth the exposure it brings.<br />
* The four steps of this process are based on the “Cyber Loop” method described in: “Protecting Today. Safeguarding Tomorrow. The Cyber Loop: Managing Cyber Risk Requires a<br />
Circular Strategy,” published by Aon in 2019. https://www.aon.com/cyber-solutions/wp-content/uploads/Aons-Cyber-Solutions_The_Cyber_Loop.pdf.<br />
** If you are not familiar with the controls in this sentence, please see the Appendix.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 19
BECOMING CYBER RISK SAVVY<br />
opportunities to invest more in cyber<br />
controls. In particular, multifactor<br />
authentication, firewalls, patching,<br />
and training employees on safe<br />
computing practices are potentially<br />
valuable controls and may represent<br />
a wise investment in cyber risk<br />
prevention.<br />
STEP 2<br />
Quantify your risk<br />
It will be difficult, if not impossible,<br />
to make a savvy decision about the<br />
trade-offs between investing in<br />
controls and purchasing insurance<br />
without quantifying the risks. “Risk”<br />
can be defined as the chance of the<br />
occurrence of a loss, disaster, or other<br />
undesirable event multiplied by the<br />
magnitude of the loss. This definition<br />
implies that risk is a quantifiable<br />
property.*<br />
People have attempted qualitative<br />
risk analyses in the form of a “risk<br />
matrix” or “heat maps,” where risks<br />
are classified along a scale such as<br />
“low,” “medium,” and “high,” and<br />
color coded according to severity.<br />
However, research has shown that<br />
this kind of analysis can lead to worse<br />
Likelihood<br />
decisions! 10 A reason for this is an<br />
“illusion of communication,” where<br />
decision-makers falsely believe that<br />
everyone who is part of the decision<br />
has a similar understanding of the<br />
risk. 11 The problem is that categories<br />
like “low,” “medium,” and “high”<br />
are vague and invite different<br />
interpretations by different people.<br />
Imagine one of your colleagues<br />
is an inveterate sports gambler<br />
and another has never so much as<br />
purchased a lottery ticket. These<br />
two people probably have very<br />
different definitions of “low” risk.<br />
However, if risk is quantified, like<br />
“we believe there is a 10% chance of a<br />
ransomware attack costing us more<br />
than $100,000 in the next year,”<br />
there is less room for interpretation.<br />
Another reason that risk matrices<br />
can be counterproductive is they<br />
act as an “analysis placebo,” 12<br />
where decision-makers think they<br />
understand the risk because they<br />
have subjectively characterized the<br />
risk as “high,” “low,” etc. But, because<br />
the risk matrix is not based on hard<br />
data about the chance of loss and the<br />
potential magnitude of loss, decisionmakers<br />
are overconfident about how<br />
well they understand the risk.<br />
Typical Risk Matrix Often Leads to Worse Decisions About Risk<br />
Impact<br />
Negligible Minor Moderate Significant Severe<br />
Very Likely Low Med Medium Med Hi High High<br />
Likely Low Low Med Medium Med Hi High<br />
Possible Low Low Med Medium Med Hi Med Hi<br />
Unlikely Low Low Med Low Med Medium Med Hi<br />
Very Unlikely Low Low Low Med Medium Medium<br />
Though risk matrices are easy<br />
to create, easy to understand, and<br />
inexpensive, if they lead to lower<br />
quality decisions, they aren’t a good<br />
deal. The alternative to a subjective<br />
risk matrix is to quantify risks.<br />
In this article, we will not get deep<br />
into the details of how to quantify risk.<br />
The details of quantifying risk are<br />
best left to professional risk analysts.<br />
Instead, we will show concepts that<br />
will help you think about cyber risks<br />
in a way that is consistent with a<br />
quantified approach and that will<br />
help you ask the right questions of the<br />
risk professionals who are versed in<br />
the details of risk quantification. If<br />
you would like to dig deeper into risk<br />
quantification, here are three sources<br />
for further detail:<br />
GFOA has built a sample Excel<br />
ransomware risk model that uses<br />
the same methods to quantify risks<br />
that insurance companies use but<br />
is built using the open Probability<br />
Management standard. 13 This model<br />
is not a substitute for professional<br />
risk analysis and is intended only as<br />
an educational tool for ransomware<br />
risk. It will provide you with a basic<br />
understanding of how the risks of<br />
a cyberattack could be quantified.<br />
It is not intended to provide a<br />
comprehensive analysis of your<br />
cybersecurity risk. The content of<br />
Step 2 in this article will be largely<br />
based on the sample model but will<br />
not cover all of the details in the<br />
model. You can get access to the<br />
model at gfoa.org/cyber-insurance.<br />
Finally, GFOA has found that some<br />
insurance companies are taking<br />
steps to provide clients with richer<br />
quantification of risk. They believe<br />
that more informed customers will<br />
be better long-term customers.<br />
Understanding the concepts in this<br />
article will help you ask insurance<br />
providers for the right information<br />
and make the best use of the<br />
information.<br />
* Loss also includes things that are sometimes thought of as “intangible,” like community trust, reputation, etc. These losses are also measurable, though not as easily as some other losses.<br />
For more on this subject, see: Hubbard, D. (2014). How to measure anything: Finding the value of intangibles in business. Wiley.<br />
20
Before we start our discussion of<br />
quantifying risks, we’d first like to<br />
acknowledge that quantifying risks<br />
is often not the normal course of<br />
business for local governments. As<br />
such, it is natural that there might be<br />
some skepticism about the potential<br />
for quantifying risks. We’d like to<br />
present three common objections to<br />
quantification posed by the skeptic<br />
and our response: 14<br />
Objection 1: Quantifying risk is more<br />
appropriate for insurance industry<br />
analysis and is unlikely to be<br />
appreciated by local governments<br />
looking for practical advice.<br />
Answer: It is common for us to<br />
underestimate the capabilities of<br />
other people relative to our own. 15<br />
GFOA has presented quantified risk<br />
information to many elected officials<br />
and government staff and has yet to<br />
find one who could not at least grasp<br />
the essential point. As for practicality,<br />
given that subjective methods (like<br />
a risk matrix) often lead to worse<br />
decisions, we would suggest that it<br />
is the subjective methods that don’t<br />
work in practice.<br />
Objection 2: The cyber insurance<br />
market is volatile, so decisions based<br />
on a quantitative model will be wrong.<br />
Answer: Insurance companies have<br />
been making decisions based on<br />
quantitative methods as early as the<br />
17th century. This does not mean<br />
that every decision an insurance<br />
company has ever made is perfect.<br />
But it is understood within the<br />
insurance industry that it would be<br />
foolish to attempt to compete without<br />
quantitative methods. 16 The next<br />
objection is also relevant to this issue.<br />
Objection 3: Within cybersecurity,<br />
there are too many complexities<br />
changing too quickly to make a<br />
reasonably accurate assessment.<br />
Answer: One way or the other, a<br />
government has to decide on how<br />
to invest in commercial insurance,<br />
self-insurance, and controls for<br />
cybersecurity. A government can either<br />
take a wild guess and hope for the best<br />
or take a more rigorous approach. No<br />
quantitative model will be perfect,<br />
but a model can still be useful. To be<br />
useful, a model does not have to be<br />
perfect; it just needs to outperform<br />
the alternative, which is a subjective<br />
judgment. Because a quantitative<br />
model forces rigor and transparency in<br />
how you think about a question, there is<br />
a chance that even an imperfect model<br />
will outperform subjective judgment. 17<br />
With the common objections to<br />
quantifying risk addressed, the first<br />
step in quantifying your risk is to<br />
get data on how likely a loss from<br />
cybercrime is and how big that loss<br />
might be. First, we must recognize<br />
that definitive data is going to be very<br />
difficult, if not impossible, to come by.<br />
But remember, a model does not have to<br />
be perfect; it just needs to outperform<br />
the alternative (e.g., guesswork).<br />
That said, let’s start with the chance<br />
of a successful ransomware attack,<br />
defined as multiple computers infected<br />
and files are successfully encrypted.<br />
This means the local government is<br />
not able to stop the attack once the<br />
computers were infected. Our offthe-record<br />
conversation with a local<br />
government risk pool found that their<br />
pool members experienced roughly<br />
a 5% to 10% chance of a successful<br />
ransomware attack for a pool member<br />
in a given year. Moving on to damages<br />
from a successful attack, according to<br />
the NetDiligence Cyber Claims Study:<br />
2021 Report, the five-year average total<br />
incident cost averaged $267,000, but<br />
with a median of $98,000. 18 This tells<br />
us that average is pulled upwards by a<br />
small number of catastrophic losses.<br />
The data showed 10% of incidents<br />
cost more than $638,000, and some<br />
cost much more: millions of dollars.<br />
Total incident response includes costs<br />
like forensics, business interruption,<br />
recovery, and paying the ransom (if<br />
one is paid). Finally, we should recall<br />
that cyberrisk is an evolving threat,<br />
so these figures could change year to<br />
year, perhaps significantly.<br />
Next is to visualize this data to<br />
understand the implications of<br />
your baseline level of risk. There are<br />
many ways data could be visualized,<br />
but we’ll use what is known as a<br />
“loss exceedance curve” (LEC). An<br />
LEC presents risk in the way that<br />
REAL-LIFE EXPERIENCES | RENEWING CYBER INSURANCE IN <strong>2022</strong> FOR LOCAL GOVERNMENTS<br />
On the GFOA member forum, we asked people to share their experiences with renewing cyber insurance for <strong>2022</strong>. The two quotes below capture<br />
the experience of people who replied.<br />
“ The renewal quote has nearly doubled, and the retention amounts, particularly for ransomware incidents, have increased substantially, to the<br />
point where an individual government would face significant (think potentially seven figure) out-of-pocket exposure to a cyber event before<br />
any insurance coverage would kick in.”<br />
“ We had cyber insurance until this past year. Upon renewal, the insurance provider needed a brand new questionnaire with far more significant<br />
requirements, multifactor authentication, as well as a proven and regular phishing training program and other quite significant requirements.<br />
As a result, we have been declined for this year and are working to see if we can get back onside with the requirement.”<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 21
BECOMING CYBER RISK SAVVY<br />
insurance companies think about it<br />
and is commonly used in different<br />
industries to depict risk. An LEC<br />
can be constructed for specific<br />
applications (e.g., ERP), departments<br />
(e.g., police), risks (e.g., ransomware),<br />
or any other relevant perspective.<br />
Exhibit 1 shows an LEC for a<br />
successful ransomware attack. The<br />
vertical axis shows the chance of a<br />
given loss (or greater) occurring, and<br />
the horizontal axis shows the loss. For<br />
instance, there is about a 40% chance<br />
of losing at least $160,000 because an<br />
attack was successful. This is because<br />
the blue line passed through the 40%<br />
mark at about $160,000. The blue line<br />
skims along the bottom of the graph<br />
for some distance, which indicates a<br />
small chance of catastrophic losses.<br />
However, the damages from a<br />
successful attack must be considered<br />
against the chance an attack will<br />
succeed in the first place. Exhibit 2<br />
shows an LEC with the chance that a<br />
successful attack will occur factored<br />
in. You can see that the blue line that<br />
intersects the vertical axis has a<br />
much lower chance in Exhibit 2. This<br />
is because a successful attack is not a<br />
high-probability event.<br />
The blue lines in Exhibits 1 and<br />
2 show what is known as “inherent<br />
risk.” This is your baseline level of<br />
risk, reflecting the controls you have<br />
in place now. The analysis can show<br />
how the curve would change if you<br />
invested in additional controls. For<br />
example, perhaps you could invest<br />
in better data backup to reduce the<br />
damage from a successful attack—and<br />
in better training for employees to<br />
guard against phishing attacks to<br />
reduce the chance of a successful<br />
attack. Exhibit 3 shows what a 10%<br />
reduction in the chance of a successful<br />
attack and a 30% reduction in potential<br />
damages would look like via the orange<br />
line. You can see that the orange line<br />
intersects the vertical axis at a lower<br />
point, which means you’ve lowered<br />
your chance of experiencing damages.<br />
There is also a substantial gap between<br />
the orange and blue lines all along<br />
the curves. This gap represents the<br />
lower potential damages from the<br />
mitigations.<br />
The orange line in Exhibit 3 is also<br />
known as “residual risk.” This is the<br />
remaining exposure that would be left<br />
after making optional investments<br />
in additional controls. In the sample<br />
risk model, you determine the size and<br />
type of the investment, and you could<br />
explore different options for investing<br />
in controls. Making additional<br />
investments in controls shifts the<br />
curve downward, which means the<br />
risk profile becomes more favorable.<br />
There are two caveats to consider<br />
here, though. First, controls can fail,<br />
be poorly implemented, or otherwise<br />
not live up to expectations. Hence, a<br />
good control strategy is diversified<br />
so that you are not dependent on any<br />
single control. Second, residual risk<br />
can’t reach zero. Not only is this a<br />
theoretical impossibility, as long as<br />
the government uses information<br />
technology, but it is also a practical<br />
EXHIBIT 1 | LOSS EXCEEDANCE CURVE FOR A SUCCESSFUL RANSOMWARE ATTACK<br />
Chance that<br />
damages will<br />
be at least what<br />
is shown on the<br />
horizontal axis<br />
100%<br />
80%<br />
60%<br />
40%<br />
20%<br />
0%<br />
$0.0 $2.0 $4.0 $6.0 $8.0 $10.0<br />
Millions<br />
impossibility, given the limited<br />
resources available for cybersecurity.<br />
Hence, risk savvy is a matter of<br />
identifying the point where you are<br />
willing to make additional security<br />
investments, where you will rely<br />
on insurance, and where you will<br />
absorb risk.<br />
The quantification of your baseline<br />
(or inherent risk) and of the potential<br />
to invest in controls (or residual risk)<br />
accomplishes two goals:<br />
First, it helps you evaluate the value<br />
of investing in additional controls.<br />
For example, local governments may<br />
find there is a strong case to invest<br />
in new controls such as training<br />
on safe computing practices for<br />
staff, multifactor authentication,<br />
virtual private networks, and data<br />
encryption and backup services. In<br />
particular, this kind of analysis can<br />
show the value of training. Decisionmakers<br />
can see the reduction in risk<br />
that training provides. Research<br />
suggests that local governments have<br />
substantial opportunities to improve<br />
their controls. One study showed that<br />
local government was among the<br />
least effective sectors in stopping<br />
a ransomware attack before data<br />
could be encrypted. This same study<br />
showed two sectors most successful<br />
in stopping attacks (media, leisure,<br />
entertainment, and distribution/<br />
transport) were about 60% more<br />
successful than local government. 19<br />
If your controls are already<br />
strong, the analysis might highlight<br />
the limited benefit available from<br />
additional investment. For example,<br />
if you had to spend $1 million on new<br />
controls for an average reduction in<br />
your damages of $100,000, you might<br />
reasonably question if that is a good<br />
investment! The GFOA sample risk<br />
model for ransomware walks you<br />
through some return on investment<br />
calculations for controls.<br />
The second goal that quantification<br />
accomplishes is to set the stage for<br />
making a wise decision about investing<br />
in controls versus insurance. We’ll take<br />
this up in more detail in Step 3.<br />
22
STEP 3<br />
Examine the potential of insurance<br />
First, “self-insurance” should not be<br />
overlooked. Local governments often<br />
set up self-insurance for all types of<br />
risks. There is no reason that selfinsurance<br />
couldn’t work for cyber<br />
risk as well. Self-insurance might be<br />
especially important in a tight market<br />
for commercial insurance for two<br />
reasons: First, to reduce the cost of a<br />
commercial policy to an affordable<br />
amount, governments might be forced<br />
to accept a higher retention amount*<br />
on the policy. A retention amount is<br />
a form of self-insurance. Second, if a<br />
policy is unobtainable, self-insurance<br />
might be the only option left past the<br />
point where investment in additional<br />
controls ceases to be practical.<br />
EXHIBIT 2 | LOSS EXCEEDANCE CURVE, GIVEN THE CHANCE OF ONE OR MORE<br />
SUCCESSFUL ATTACKS IN A YEAR<br />
Chance that<br />
damages will<br />
be at least what<br />
is shown on the<br />
horizontal axis<br />
6%<br />
5%<br />
4%<br />
3%<br />
2%<br />
1%<br />
0%<br />
$–<br />
$0.5 $1.0 $1.5 $2.0 $2.5<br />
Millions<br />
EXHIBIT 3 | LOSS EXCEEDANCE CURVE WITH THE IMPACT OF NEW CONTROLS ADDED<br />
Chance that<br />
damages will<br />
be at least what<br />
is shown on the<br />
horizontal axis<br />
EXHIBIT 4 | LOSS EXCEEDANCE CURVE WITH AN AMOUNT AVAILABLE FOR SELF-INSURANCE<br />
Chance that<br />
damages will<br />
be at least what<br />
is shown on the<br />
horizontal axis<br />
6%<br />
5%<br />
4%<br />
3%<br />
2%<br />
1%<br />
0%<br />
$–<br />
6%<br />
5%<br />
4%<br />
3%<br />
2%<br />
1%<br />
0%<br />
$–<br />
$0.5 $1.0 $1.5 $2.0 $2.5<br />
Millions<br />
Damages without new controls<br />
$0.5 $1.0 $1.5 $2.0 $2.5<br />
Millions<br />
Damages without new controls<br />
Damages with new controls<br />
Damages with new controls<br />
Self-insurance limit<br />
For these reasons, Step 3<br />
should include an analysis of selfinsurance<br />
capacity. This is a matter<br />
of determining the amount of risk<br />
you are willing to absorb via selfinsurance.<br />
Exhibit 4 adds to our LECs<br />
from Step 2 by including the amount a<br />
government is willing to put aside for<br />
self-insurance—$700,000 in this case.<br />
This could be derived from the number<br />
of liquid resources a government has<br />
available to respond to unplanned<br />
emergencies (e.g., reserves). You could<br />
then determine the chance that you<br />
will exceed this amount and compare<br />
that chance to your appetite for risk. We<br />
have indicated the chances in Exhibit<br />
4, and the GFOA sample model shows<br />
the chances for any self-insurance<br />
amount you enter. Would you be<br />
comfortable with an 8% chance (or one<br />
in twelve years) that self-insurance<br />
would be inadequate for the losses you<br />
experience in a year or, put another<br />
way, a 92% chance that self-insurance<br />
would be adequate? If not, you might<br />
need to consider commercial insurance<br />
if further self-insurance is impractical.<br />
Self-insurance is often most valuable<br />
at a point where: A) investing in more<br />
controls loses cost-effectiveness,<br />
and B) commercial insurance can be<br />
made more affordable by accepting a<br />
higher retention. Knowing the amount<br />
available for self-insurance is a good<br />
place to start in considering the role<br />
of commercial insurance.<br />
Commercial insurance is most<br />
useful at the far end of the loss<br />
exceedance curve. There is some<br />
unavoidable risk in operating a modern<br />
local government. For example, a<br />
local government could reduce a lot<br />
of cybercrime risk by severing all of<br />
its connections to the internet, but<br />
that would present an unacceptable<br />
cost in lost operational efficiency.<br />
This means that the risk of extreme<br />
losses is unavoidable. The far end of<br />
the loss exceedance curve is where the<br />
potential losses are too high to absorb<br />
via self-insurance.<br />
* Retention is the total amount of a loss the insurance policyholder must pay out of pocket. It includes the deductible but is not limited to the deductible. For example, insurance policies<br />
have limits on how much will be paid out. The government is retaining the risk that the cost of a cyber incident could be more than the policy limit.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 23
BECOMING CYBER RISK SAVVY<br />
Commercial cyber insurance can,<br />
theoretically, cover a variety of different<br />
losses. Exhibit 5 provides an overview<br />
of the different coverages that could<br />
be available. 20 Make note of our use<br />
of conditionals like “theoretically”<br />
and “could.” Market conditions will<br />
determine if an insurance company<br />
is willing to sell you any of these<br />
policies. In fact, GFOA spoke with one<br />
large reinsurer that was refusing to<br />
underwrite cyber policies.<br />
That said, as of this writing, many<br />
insurance providers are willing to<br />
sell policies. Even so, they may place<br />
limits on the policy (i.e., boundaries on<br />
what is covered and what is not). Smart<br />
customers will understand these limits<br />
and their implications. Let’s examine<br />
the limitations that appear in cyber<br />
insurance policies in the next sections.<br />
Underwriting<br />
Underwriting is the process insurers<br />
use to determine the risks of insuring<br />
your government. The underwriting<br />
process has intensified in recent years.<br />
Many insurance companies are using<br />
specialized cyber risk consultants to<br />
help them assess risk more accurately.<br />
Underwriters are increasingly<br />
looking for the insured to have key<br />
security features as a prerequisite for<br />
a policy. Such features might include<br />
multifactor authentication, incident<br />
response planning, encrypted data<br />
storage, patching cadence, and endpoint<br />
detection response.* Governments<br />
with inadequate internal security<br />
might have trouble getting a policy or<br />
might face increased costs. Earlier in<br />
the article, we quoted a GFOA member<br />
who could not secure a policy due to<br />
more intensive underwriting. Another<br />
member reported facing a doubling of<br />
premiums unless they implemented<br />
multifactor identification.<br />
Key questions to ask: How can you<br />
make the best impression on your<br />
underwriters to convince them you<br />
are a good risk? Do you have costeffective<br />
opportunities to improve<br />
your security controls?<br />
* See the Appendix for definitions of these controls.<br />
EXHIBIT 5 | CYBER COVERAGE OVERVIEW<br />
Operational Risks<br />
Network Business Interruption—Covers lost net income caused by a network security failure, as<br />
well as an associated extra expense.<br />
System Failure—Expands coverage trigger for business interruption beyond computer network<br />
security failure to include system failure.<br />
Dependent Business Interruption/Dependent System Failure—Coverage for lost income caused<br />
by a network security failure of a business on which the insured is dependent, as well as an<br />
associated extra expense.<br />
Cyber Extortion—Coverage for expenses incurred in the investigation of a threat and any extortion<br />
payments made to prevent or resolve the threat.<br />
Digital Asset Restoration—Coverage for costs incurred to restore, recollect, or recreate intangible,<br />
nonphysical assets (software or data) that are corrupted, destroyed, or deleted due to a network<br />
security failure.<br />
Privacy and Network Security Risk<br />
Privacy Liability—Coverage for defense costs and damages suffered by others for failure to protect<br />
personally identifiable or confidential third-party information.<br />
Security Liability—Coverage for defense costs and damages suffered by others resulting from<br />
a failure of computer security, including liability caused by theft or disclosure of confidential<br />
information, unauthorized access, unauthorized use, denial of service attack, or transmission of a<br />
computer virus.<br />
Privacy Regulatory Fines and Penalties—Liability coverage for defense costs for proceedings<br />
brought by a governmental agency in connection with a failure to protect private information and/or<br />
a failure of network security pursuant to applicable laws or regulations.<br />
Media Liability—Coverage for defense costs and damages suffered by others for content-based<br />
injuries such as libel, slander, defamation, copyright infringement, trademark infringement, or<br />
invasion of privacy.<br />
PCI Fines and Penalties—Coverage for a monetary assessment from a payment card association<br />
(e.g., MasterCard, Visa, American Express) or bank processing payment card transactions (i.e., an<br />
“acquiring bank”) in connection with an insured’s noncompliance with PCI Security Standards.<br />
Breach Event Expenses—Reimbursement coverage costs to respond to a data privacy or security<br />
incident. Covered expenses include certain computer forensic expenses, legal expenses, costs for a<br />
public relations firm and related advertising to restore your reputation, consumer notification, call<br />
centers, and consumer credit monitoring services.<br />
Cybercrime Insurance Coverage<br />
Social Engineering Coverage—Coverage for direct financial loss as a result of fraudulent<br />
instructions provided by a third party that is intended to mislead an insured through the<br />
misrepresentation of a material fact.<br />
Funds Transfer Fraud—Coverage for direct financial loss as a result of fraudulent instructions<br />
provided to a financial institution that authorize the transfer of the insured’s funds by a third party<br />
impersonating an insured.<br />
Computer Fraud—Coverage for direct financial loss sustained resulting from the unauthorized<br />
seizure of funds from their computer network by a rogue employee or malicious third party.<br />
Miscellaneous Cyber Insurance Coverages<br />
Reputational Income Loss—Coverage for lost net income caused by bad publicity resulting from a<br />
security event.<br />
Bricking Coverage—Coverage to replace hardware rendered inoperable due to a security breach.<br />
Claims Avoidance Coverage—Coverage for expenses incurred as a result of the insured’s<br />
reasonable investigation of a potentially covered claim.<br />
Reward Payment Coverage—Coverage of payment for information that leads to the conviction of<br />
any individual committing or attempting to commit an illegal act relating to a security event.<br />
Betterment Coverage—Coverage for expenses incurred to update, restore, or improve computer<br />
systems to a level beyond that which existed before a security event.<br />
Overview of Coverages Provided Courtesy of Aon<br />
24
Payout Limits and Sublimits<br />
A policy limit is a maximum amount<br />
a policy will pay out. Sublimits<br />
are a traditional part of insurance<br />
policies. Sublimits are a limit on the<br />
reimbursable loss for a particular type<br />
of risk that is less than the total limit on<br />
the entire policy. The savvy customer<br />
will review all policy language and<br />
make note of any sublimits. Sometimes<br />
sublimits are clear on the declarations<br />
page of the policy; but other times<br />
you will need to review the policy<br />
definitions and endorsements to find<br />
sublimits. Sublimits are important<br />
because you may find that you have<br />
less coverage for a particular type of<br />
risk than the limit on the entire policy<br />
might have led you to believe.<br />
Common sublimits include:<br />
Ransomware—Limiting the<br />
total coverage available for a<br />
ransomware attack versus the total<br />
limit for all cybercrimes.<br />
System failure—Limiting the<br />
coverage for a cascading system<br />
failure, where a failure in one<br />
system leads to failures in other<br />
integrated systems. For example,<br />
staff may not be reimbursed<br />
for personal devices that were<br />
damaged as a result of connecting<br />
to an infected network at work.<br />
Bricking—Limiting the<br />
reimbursement for replacing<br />
hardware that is rendered unusable<br />
by a cyberattack. For example,<br />
the company may cover “hard<br />
bricks,” where the device is made<br />
inoperable, but not a “soft” bricked<br />
device, where part of the device<br />
may be operable or repaired.<br />
Retentions<br />
Retentions are another traditional part<br />
of an insurance policy. Retention is<br />
the risk that is retained by the insured<br />
or, put another way, the amount of<br />
damages the insured will have to pay<br />
out of pocket outside of what is covered<br />
by insurance. Lower retentions are<br />
not necessarily better because a<br />
policy with lower retention will cost<br />
more. Higher retention could be a way<br />
to reduce the cost of the policy if the<br />
government can self-insure for the<br />
larger retention. Note that “retention”<br />
commonly refers to policy deductibles<br />
but does encompass other retailed<br />
risks. For example, if a policy has a low<br />
limit, then the risk that an incident<br />
will cost more than the limit would<br />
also be retained by the government.*<br />
Another issue is “single highest<br />
retention.” Exhibit 6 shows a<br />
hypothetical cyber insurance plan<br />
with five policies. An attack happens<br />
and triggers three of the policies. The<br />
EXHIBIT 6 | SINGLE RETENTION VS. MULTIPLE RETENTIONS<br />
single highest retention looks across all<br />
three policies and selects the highest<br />
retention (deductible) as the amount<br />
the insured pays. The multiple retention<br />
policy sums up all of the retentions.<br />
Though a multiple retention policy<br />
would likely be less expensive, a single<br />
retention policy might be preferable<br />
because it will be easier for the insured<br />
to estimate the retention cost of a given<br />
attack. In Exhibit 6, the insured need<br />
only look across the retentions of all<br />
five policies, find the minimum and<br />
the maximum, and that is the range of<br />
possible retentions for a given attack<br />
under a single retention policy. For a<br />
multiple retention policy, the range is<br />
the smallest single retention to the sum<br />
of all the retentions in the policy. The<br />
latter would be more difficult to plan for.<br />
Key questions to ask: What balance<br />
between retention (self-insurance) and<br />
policy price (commercial insurance)<br />
is best for you? Is your policy single<br />
highest retention?<br />
Retention<br />
Security liability $500,000<br />
Regulatory liability $500,000<br />
PCI (payment card industry) $500,000<br />
Breach response $750,000<br />
Business interruption $500,000<br />
Attack happens and triggers these policies:<br />
PCI (payment card industry)<br />
Breach response<br />
Business interruption<br />
Key questions to ask: What are the<br />
sublimits in your policy? Do these<br />
sublimits change your understanding<br />
of the level of coverage you have?<br />
What implications does that have for<br />
your investment in cyber insurance<br />
(commercial or self-insurance) versus<br />
cyber controls?<br />
If you had Single Highest Retention:<br />
PCI (payment card industry) $500,000<br />
Breach response $750,000<br />
Business interruption $500,000<br />
You pay max of the<br />
group above<br />
$750,000<br />
If you had Multiple Retentions:<br />
PCI (payment card industry) $500,000<br />
Breach response $750,000<br />
Business interruption $500,000<br />
You pay sum of the<br />
group above<br />
$1,750,000<br />
* Other examples of retained risk include 100% self-insurance strategies that are apart from a commercial policy or risks that a government chooses not to insure at all (self or commercial).<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 25
BECOMING CYBER RISK SAVVY<br />
Panel Requirements<br />
Next, it is critically important to know<br />
the requirements to secure assistance<br />
from a preapproved cybersecurity<br />
contractor in the event of a breach.<br />
The list of preapproved contractors is<br />
known as a “panel” and may include<br />
all aspects of support for a breach (e.g.,<br />
legal counsel, technology support,<br />
etc.). This is similar to personal<br />
automobile insurance, where, in<br />
the event of an accident, the insurer<br />
requires the insured to use an<br />
approved auto repair shop. With cyber<br />
insurance, if you use a cybersecurity<br />
contractor that is not on the insurer’s<br />
list of approved providers (known as<br />
going “off panel”), then you may lose<br />
all coverage for a breach response.<br />
Some insurers provide options on<br />
which contractors you may use (or may<br />
require you to use a single contractor),<br />
but it is important to know the<br />
requirements and your options at the<br />
start of the policy period. Finally, we<br />
should note that panel requirements<br />
are not necessarily a bad thing. For<br />
example, paying a ransom might<br />
require paying in cryptocurrency. An<br />
experienced consultant, like would be<br />
found “on panel,” will be able to secure<br />
the right kind of cryptocurrency faster<br />
than a government.<br />
Key questions to ask: What obligations<br />
do you have to use a specified security<br />
contractor to help respond to a breach?<br />
What options do you have to select<br />
between contractors?<br />
Exclusions<br />
Insurance exclusions are policy<br />
provisions that waive coverage for<br />
certain risks or loss events. Smart<br />
customers understand the exclusions;<br />
otherwise, their policy may not<br />
provide coverage for risks that the<br />
customer assumed would be covered.<br />
According to one cybersecurity expert<br />
we spoke with, in almost every cyber<br />
insurance event they’ve been involved<br />
with, the insured did not take the<br />
time to understand the exclusions, to<br />
their great detriment. An example of a<br />
common exclusion for cyber policies is<br />
civil and legal liabilities for breach of<br />
personal data.<br />
Ransomware is the leading type of<br />
cyber threat for local governments,<br />
so let’s examine some of the germane<br />
exclusions to that type of policy. In the<br />
previous section, we discussed what<br />
are known as “panel requirements,”<br />
or the requirement that the insured<br />
use only preapproved cybersecurity<br />
contractors to respond to a breach.<br />
Going “off panel” is a form of exclusion,<br />
where using an unapproved contractor<br />
could result in an exclusion from<br />
coverage.<br />
An evolving issue is federal<br />
government policy on responding<br />
to ransomware attacks.* From<br />
the perspective of an individual<br />
organization that is the victim of an<br />
attack, the logical response is for the<br />
insurer and the customer to figure<br />
out if it is better to pay the ransom or<br />
pay the cost to recover the affected<br />
systems without access to the<br />
ransomed data. However, this presents<br />
a collective action problem: When<br />
any single victim pays a ransom, it<br />
encourages cybercriminals to launch<br />
more attacks. Therefore, federal law<br />
enforcement officially discourages<br />
ransom payments and has outlawed<br />
payments in some cases. 21 An<br />
insurance policy would exclude<br />
coverage for ransom payments when<br />
making the payment would violate<br />
federal policy. State governments<br />
could join the federal government in<br />
creating an exclusion. In April <strong>2022</strong>,<br />
North Carolina became the first state<br />
in the U.S. to prohibit state agencies<br />
and local governments from paying<br />
ransoms. 22 Another sticky area is<br />
exclusions of “acts of war.” Damages<br />
from acts of war are excluded from<br />
many types of insurance policies,<br />
not just cyber. The reason is that an<br />
act of war would presumably result<br />
in widespread destruction, and an<br />
insurance company could not afford to<br />
cover large losses occurring to many<br />
customers simultaneously. In some<br />
cases, cyberattacks are perpetrated<br />
by common cybercriminals, but<br />
many cybersecurity experts consider<br />
state-sponsored cyberattacks to be<br />
a significant risk. For example, it is<br />
thought that North Korea sponsors<br />
ransomware attacks to raise money<br />
for the North Korean regime. As of<br />
this writing, Russian cyberattacks<br />
are thought to be a risk from the<br />
war in Ukraine. If a state-sponsored<br />
cyberattack is considered to be an<br />
“act of war,” it might be excluded. That<br />
said, it is often difficult to attribute a<br />
cyberattack to a particular attacker,<br />
much less to determine if the attacker<br />
is state sponsored. Nevertheless, a<br />
customer should recognize that statesponsored<br />
cyberattacks are a real<br />
threat and policy exclusions could<br />
complicate receiving coverage from<br />
state-sponsored attacks.<br />
Lastly, an exclusion with broader<br />
implications than just ransomware is<br />
if the insurance policy lists specific<br />
types of hardware, data, or other IT<br />
assets that are excluded from the<br />
policy. For example, the cost to replace<br />
“bricked” computers (i.e., computers<br />
that are rendered useless by a<br />
cyberattack) may be excluded from<br />
a policy. Similarly, cyber insurance<br />
policies generally don’t cover<br />
bodily injury and property damage.<br />
Examples might include modems and<br />
connectivity devices for internetenabled<br />
physical assets or damage to<br />
water or sewer control systems from a<br />
cyber sabotage attack. Also note that<br />
property damage insurance policies<br />
may have broad cyber exclusions,<br />
thus leaving the insured with no<br />
coverage under any policy.<br />
Key questions to ask: What exclusions<br />
does the policy contain? What are the<br />
exclusions specific to ransomware<br />
attacks? What are the exclusions<br />
for particular types of IT assets you<br />
might own?<br />
Definitions<br />
The customer should be familiar<br />
with key provisions within the<br />
definitions of the policy. First,<br />
we’ll reiterate the importance of<br />
understanding the requirements to<br />
26
Insurance is not intended to protect<br />
against “average” conditions; it is<br />
intended to protect against extreme<br />
conditions. Therefore, the cost-benefit<br />
analysis must examine the value of<br />
insurance at the extremes.<br />
use certain preapproved cybersecurity<br />
contractors in the event of a breach<br />
(the panel requirements).<br />
Next, be aware of provisions on<br />
when the insurance provider must<br />
be notified of claims and how that<br />
relates to your knowledge of when<br />
an insurable event has happened.<br />
For example, if malicious software<br />
infiltrated your network two months<br />
ago but you just find out about it today,<br />
then you can only report it today.<br />
Know how your policy would cover<br />
that situation. If your policy went into<br />
effect last week, would you be covered?<br />
Be aware of definitions around<br />
internal security control standards<br />
that you are required to maintain<br />
as a condition of the policy. Earlier,<br />
we described how the underwriting<br />
process has intensified. Insurance<br />
companies are expecting customers<br />
to have more robust internal security<br />
in place as a prerequisite for the<br />
policy. Unsurprisingly, the insurance<br />
company will also expect the insured<br />
to maintain those standards over<br />
the life of the policy. The definitions<br />
are important for making sure the<br />
customer understands and can meet<br />
the requirements. For example, does<br />
the policy require that the customer<br />
remain current with software<br />
updates? Many local governments<br />
are not in the habit of applying new<br />
patches immediately because of the<br />
risk that a patch breaks important<br />
operational functions of the software—<br />
or because an update might disrupt<br />
the integration of software that needs<br />
to remain compatible. Hence, it would<br />
be important to know what “remain<br />
current with updates” means. Gaps in<br />
maintaining the standards also arise<br />
from renegotiating software contracts,<br />
changes in key personnel, and broken<br />
equipment.<br />
Key questions to ask: Do you<br />
understand important definitions in<br />
your policy, such as requirements<br />
to use specified cybersecurity<br />
contractors when responding to a<br />
breach, notice of claims, and<br />
security standards?<br />
The bottom line from the limits we<br />
just reviewed is that if there is a<br />
cyberattack that your policy addresses,<br />
there is a nontrivial chance that you<br />
might not recover as much from your<br />
insurance policy as you might have<br />
expected if you didn’t understand<br />
the limits. The savvy customer<br />
understands this risk and weighs it<br />
when deciding where and when to<br />
invest in insurance versus controls.<br />
We’ll cover one other potential<br />
pitfall of insurance purchasing that is<br />
primarily a function of the customer’s<br />
psychology and purchasing behavior.<br />
That pitfall is buying a policy that is<br />
overly focused on a narrowly defined<br />
risk. Generally, the more focused a<br />
policy is on a specific risk, the less<br />
beneficial it is for the insured. This<br />
is because the insured is insuring<br />
against a lower probability event (the<br />
narrowly defined risk) rather than the<br />
higher probability event (the broadly<br />
defined risk).<br />
Insurance customers can fall<br />
into this trap due to what is called<br />
“recency bias.” This means that recent<br />
events cause us to overestimate how<br />
likely a similar event is to happen in<br />
the future. A good example is flood<br />
insurance. Right after a flood happens,<br />
more people obtain flood insurance.<br />
Years later, many of those people have<br />
let the coverage lapse, though the<br />
underlying risk of flooding is the same.<br />
In the cyber world, a local government<br />
might experience a certain kind of<br />
cyberattack and then buy a policy to<br />
cover similar types of attacks in the<br />
future. The government would realize<br />
lower premiums by buying a specific<br />
policy. However, the likelihood that<br />
the local government will experience<br />
some kind of cyberattack in the future<br />
is greater than the likelihood that the<br />
government will experience an attack<br />
similar to the one it experienced in<br />
the past. Also, in a rapidly changing<br />
market, a narrow breadth of coverage<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 27
BECOMING CYBER RISK SAVVY<br />
could be dangerous because the nature<br />
of the threats is rapidly evolving. This<br />
means local governments should make<br />
sure that past first-hand experiences<br />
with cyberattacks or stories from peer<br />
governments aren’t being overweighted<br />
in the design and selection of insurance<br />
policies to protect against future and<br />
evolving risks. If the cost of a broader<br />
policy is prohibitive, it might be wise<br />
to consider if the money is better<br />
spent on preventative controls.<br />
Key questions to ask: Are past (and<br />
painful) experiences with cyberattacks<br />
clouding your judgment in preparing<br />
for future risks? Is your cyber insurance<br />
policy too narrow and not providing<br />
adequate coverage for evolving threats?<br />
If a broader policy is cost-prohibitive,<br />
might you be better off investing in<br />
preventative cybersecurity?<br />
The end of Step 3 is to ask: What<br />
prices/offers can you get from<br />
different providers? The market is<br />
rapidly changing. Working with a<br />
good insurance broker is important.<br />
Be sure to compare providers on:<br />
Claims payment history: Do<br />
customers get the coverage they<br />
thought they were buying? As<br />
we saw, limitations can cause<br />
customers to recover less than<br />
they thought they bargained for.<br />
Pre-breach offerings: Can the<br />
insurer offer useful advice for<br />
strengthening your preventative<br />
posture?<br />
Flexibility on vendor utilization:<br />
Does the insurer offer a reasonable<br />
number of options on contractors to<br />
support you in the event of a breach?<br />
Experience in the public sector:<br />
Does the insurer understand the<br />
risks that characterize the public<br />
sector?<br />
Also, as with most if not all forms of<br />
insurance, there may be significant<br />
benefits available from pooling risk<br />
with other local governments, either<br />
as part of self-insurance pools or joint<br />
purchasing of commercial insurance.<br />
For example, the Municipal Excess<br />
Liability (MEL) Joint Insurance<br />
Fund of New Jersey has provided<br />
its members with cyber insurance<br />
coverage since 2013. 23<br />
The quantification of risk we<br />
discussed earlier can be extended to<br />
include commercial insurance policies.<br />
The cost-benefit of the policy could be<br />
weighed based on the retention and<br />
the limit of the policy. An important<br />
nuance, though, is that “on average,”<br />
an insurance policy will be a financial<br />
loser for the insured; otherwise,<br />
insurance companies would go out of<br />
business. However, insurance is not<br />
intended to protect against “average”<br />
conditions; it is intended to protect<br />
against extreme conditions. Therefore,<br />
the cost-benefit analysis must examine<br />
the value of insurance at the extremes.<br />
The GFOA sample ransomware risk<br />
model walks you through how you<br />
could quantitatively analyze the value<br />
of insurance under extreme conditions.<br />
STEP 4<br />
Periodically reassess<br />
Because cybersecurity threats are<br />
constantly evolving, a government’s<br />
posture toward those threats must evolve<br />
as well. A reassessment is critical after a<br />
cybersecurity event but should be done<br />
regularly even if no events have occurred to<br />
give you a better chance of your good fortune<br />
continuing. The Step 4 reassessment can<br />
ask many of the same questions we asked<br />
in Step 1. The objective is to find out if there<br />
are new vulnerabilities perhaps due to:<br />
Evolving methods of attack used by<br />
cybercriminals.<br />
Changed or new technologies,<br />
operations, etc., that increase or change<br />
the attack “surface area” presented by<br />
the local government to cybercriminals.<br />
The reassessment can also look for<br />
opportunities to improve controls as<br />
new technologies and methods become<br />
available. There may be an opportunity<br />
to improve the local government’s<br />
preventative security posture and reduce<br />
reliance on insurance.<br />
Conclusion<br />
Cybercrime is an evolving threat to local<br />
government. Savvy risk management<br />
requires making smart use of strategies to<br />
manage that risk, including reducing risk<br />
by implementing cybersecurity controls,<br />
absorbing risk with self-insurance, and<br />
transferring risk to the insurance market by<br />
purchasing a commercial insurance policy.<br />
Local governments can accomplish this by:<br />
ADDITIONAL CYBERSECURITY RESOURCES<br />
CIS 18 Critical Security controls: cisecurity.org/controls<br />
Cyber Resilience and Financial Organizations: A Capacity-building Tool Box:<br />
carnegieendowment.org/specialprojects/fincyber/guides<br />
FS-ISAC Cybersecurity Resources: fsisac.com/resources<br />
CIS Critical Security Controls: cisecurity.org/controls/v8<br />
1. Knowing the basics of your<br />
cybersecurity situation.<br />
2. Quantifying your risk.<br />
3. Examining the potential for insurance.<br />
4. Periodically reassessing your situation<br />
Shayne Kavanagh is the senior manager of<br />
research for GFOA’s Research and Consulting<br />
Center. Rob Roque is the technology services<br />
manager in GFOA’s Research and Consulting<br />
Center. Teri Takai is the executive director of<br />
the Center for Digital Government.<br />
28
Appendix | Definitions of Key Cybersecurity Controls<br />
1<br />
Coker, J. (2020). Local government organizations most<br />
frequently targeted by ransomware. Info Security Magazine.<br />
The article cites a study by Barracuda Networks. https://www.<br />
infosecurity-magazine.com/news/local-government-targeted<br />
2<br />
<strong>2022</strong> SonicWall cyber threat report. SonicWall.<br />
https://www.sonicwall.com/<strong>2022</strong>-cyber-threat-report<br />
3<br />
Information in this paragraph is based on an article written by:<br />
Dr. Oren Eytan, CEO of Odi-x. Eytan, O. (June 22, 2021) Municipal<br />
cyberattacks: A new threat or persistent risk? Forbes.com.<br />
Information is also from personal correspondence between Dr.<br />
Eytan and the author of this article. https://www.forbes.com/<br />
sites/forbestechcouncil/2021/06/22/municipal-cyberattacksa-new-threat-or-persistent-risk/?sh=673e79ee3ffb<br />
4<br />
Definition from the National Institute of Standards and<br />
Technology (NIST).<br />
5<br />
Duncan, I. (2019). Baltimore estimates cost of ransomware<br />
attack at $18.2 million as government begins to restore email<br />
accounts. The Baltimore Sun. https://www.baltimoresun.<br />
com/maryland/baltimore-city/bs-md-ci-ransomware-email-<br />
20190529-story.html<br />
Deere, S. (2018). Confidential report: Atlanta’s cyber attack could<br />
cost taxpayers $17 million. The Atlanta Journal-Constitution.<br />
https://www.ajc.com/news/confidential-report-atlanta-cyberattack-could-hit-million/GAljmndAF3EQdVWlMcXS0K<br />
6<br />
Information shared with GFOA directly by the City of Stuart.<br />
7<br />
NetDiligence Cyber Claims Study: 2021 Report. (2021).<br />
NetDiligence.<br />
8<br />
Rising insurance costs add to US public finance cyber pressures<br />
(2021). Fitch Wire.<br />
9<br />
Survey conducted by Center for Digital Government (2021).<br />
10<br />
Hubbard, D. W. (2020). The failure of risk management: Why it’s<br />
broken and how to fix it (2nd ed.). Wiley.<br />
11<br />
Budescu, D. V., Broomell, S. & Por, H. (2009). Improving<br />
communication of uncertainty in the reports of the<br />
intergovernmental panel on climate change. Psychological<br />
Science, 20(3): 299–308.<br />
12<br />
Hubbard, D. W. & Seiersen, R. (2016). How to measure anything<br />
in cybersecurity risk. Wiley.<br />
13<br />
The methods we are referring to are Monte Carlo analysis and<br />
computer simulation. Insurance companies will<br />
vary in the specifics of how these methods are applied.<br />
https://www.probabilitymanagement.org<br />
14<br />
The authors would like to acknowledge the assistance of the<br />
attendees of the ProbabilityManagement.org March <strong>2022</strong><br />
conference for their assistance with these answers.<br />
15<br />
This is known as “overplacement bias,” which is a subset<br />
of the well-documented psychological phenomenon of<br />
“overconfidence bias.”<br />
16<br />
Discussion of insurance industry taken from: Hubbard, D. W.<br />
(2009). The failure of risk management: Why it’s broken and<br />
how to fix it. John Wiley and Sons.<br />
17<br />
There is no shortage of research that shows quantitative<br />
models regularly outperform human judgment. In the context<br />
of government finance, see: Kavanagh, S. & Williams, D. (2017).<br />
Informed decision-making through forecasting. Government<br />
Finance Officers Association. This book also discussed relevant<br />
research from other fields.<br />
18<br />
Note that the average figures we cite were compiled by<br />
NetDiligence from observations that provided them with more<br />
complete data, so it is slightly higher than the overall average<br />
across all of their observations. See: NetDiligence Cyber Claims<br />
Study: 2021 Report (2021). NetDiligence.<br />
19<br />
“The State of Ransomware 2021.” A white paper published by<br />
Sophos (April 2021).<br />
20<br />
Definitions of coverages provided by Aon.<br />
21<br />
“Updated advisory on potential sanctions risks for facilitating<br />
ransomware payments.” An advisory letter from the U.S.<br />
Department of the Treasury (September 21, 2021). The letter<br />
was associated with the U.S. Department of the Treasury’s<br />
Office of Foreign Assets Control’s Sanctions Compliance and<br />
Evaluation Division.<br />
22<br />
North Carolina becomes first state to prohibit public entities<br />
from paying ransoms (May 2, <strong>2022</strong>). National<br />
Law Review.<br />
23<br />
MEL Cyber Risk Management Program (2nd ed.) (March 8,<br />
2021). https://njmel.org/wp-content/uploads/2021/03/MEL-<br />
Cyber-Risk-Management-Program-v2.pdf<br />
Multifactor Authentication (MFA)—A<br />
multilayered approach to security where a<br />
second step of authentication is required to<br />
complete a transaction. An example of MFA<br />
is entering a username and password to<br />
log into email as a first step. But a second<br />
step of receiving a code to your registered<br />
cell phone is required and entered to<br />
access the email. The user must enter the<br />
code; otherwise, the user cannot access<br />
email even if the user entered the correct<br />
username and password. MFA is used to<br />
prove the user is legitimate.<br />
Incident Response Planning—<br />
Development of a plan based on a risk<br />
portfolio of potential cyber events. Each type<br />
of risk is typically assigned a priority, and<br />
a mitigation strategy is developed for each<br />
incident. Service level agreements may be<br />
applied to outsourced technology services<br />
as part of the incident response plan.<br />
Patching Cadence—An established<br />
frequency for applying patches or fixes to<br />
software and other applicable technologies.<br />
The cadence should be considered from<br />
two perspectives. A vendor may establish<br />
a cadence for normal fixes and bugs. In<br />
these cases, the customer (the second<br />
perspective) takes into consideration the<br />
cadence to apply the fixes. For example, the<br />
vendor may release a patch each month.<br />
The customer may choose to apply the<br />
patches each quarter to ease testing efforts.<br />
The strategy should be defined and included<br />
in a risk mitigation strategy.<br />
Endpoint Detection and Response<br />
(EDR)—A process of monitoring endpoints<br />
of technologies (e.g., devices, nodes) for<br />
suspicious activities and, in most cases,<br />
removing the risk automatically. Antivirus<br />
software can be considered a simple EDR<br />
tool since it is designed to actively monitor<br />
a device and remove issues that fit within<br />
certain risk categories. Advanced EDRs<br />
are constantly learning, analyzing, and<br />
communicating to develop mitigation<br />
strategies to respond to evolving cyber<br />
threats.<br />
Firewall—A combination of devices and<br />
software that separate internal networks<br />
from external networks (i.e., the internet).<br />
Firewalls are configured to guard against<br />
intrusions and other unauthorized network<br />
traffic via device ports and other hardware,<br />
software, or telecommunication means.<br />
Training—Almost all cyber incidents start<br />
at a system’s weakest link—the user.<br />
Users should be trained on how to identify<br />
suspicious emails, conduct good password<br />
practices, use multifactor authentication,<br />
and other general safe computing<br />
practices.<br />
Data Backups—This is the practice<br />
of backing up enterprise data in a<br />
safe means according to a backup<br />
methodology. The approach is typically<br />
based on a risk mitigation strategy that<br />
defines the type of data to be protected,<br />
the frequency of the backups, the physical<br />
requirements to back up the data, and the<br />
disaster recovery response requirements.<br />
Encrypted Storage—Storing data in a<br />
format that cannot be read without a key<br />
and code interpreter. If this data is stolen,<br />
it cannot be read by the criminal and is<br />
useless—unless the criminal has access<br />
to the key and code interpreter. Encrypted<br />
storage is not commonly used since it can<br />
slow down computing resources during<br />
the encryption and reading process. It can<br />
also be expensive to encrypt the data and<br />
store it. Some organizations will select<br />
the type of data that is encrypted to avoid<br />
latency and minimize costs.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 29
30
INTERNAL CONTROLS<br />
A BEGINNER’S GUIDE TO<br />
Internal<br />
Controls<br />
BY JAMES SEAMAN<br />
Proper internal controls keep your organization and its employees safe from fraud and its repercussions.<br />
Often, the key to success is prevention. This article looks at the different types of internal controls and<br />
why they are important—and provides simple but effective tips to establish them.<br />
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
We have all<br />
heard about the<br />
fraud triangle:<br />
rationalization,<br />
opportunity,<br />
and incentives/<br />
pressures. But what we don’t always<br />
do is to consider what that means<br />
in our organizations. In many fraud<br />
cases we read about, basic preventive<br />
controls were found to have been<br />
ignored, or were often completely<br />
missing from the organization. At<br />
the most basic level, these included<br />
access to banking information, cash,<br />
or other assets that an employee didn’t<br />
need access to. Quite often, detective<br />
controls including traditional<br />
supervisory review activities are not<br />
being performed. But these controls<br />
can provide an additional level of<br />
assurance beyond front-end and often<br />
daily transactional controls.<br />
Why controls are so important<br />
Examples abound of what can happen<br />
when proper internal controls aren’t<br />
implemented. In one recent case,<br />
a school district employee gained<br />
access to cash deposits and skimmed<br />
thousands of dollars from the district<br />
before the scheme was finally<br />
identified. At another municipality,<br />
the council was hesitant to spend<br />
American Rescue Plan Act (ARPA)<br />
funds because they were concerned<br />
about millions of dollars that<br />
might have gone missing. In other<br />
organizations, inappropriate credit<br />
card activity and checks written to<br />
ghost companies went undetected for<br />
months before coming to light.<br />
In many of these situations, a<br />
simple supervisory review would<br />
catch these schemes. However, one<br />
key control for all organizations—<br />
particularly smaller offices, where<br />
segregation of duties can be a<br />
challenge—is the completion and<br />
review of bank reconciliations.<br />
This is a fundamental step, but it<br />
obviously isn’t being performed<br />
as well as it should be. Of further<br />
concern, many bank reconciliations<br />
are superficial in nature and aren’t<br />
performed to the degree required to<br />
achieve effective cash control. It’s<br />
been proven that timely completion<br />
of bank reconciliations can help<br />
mitigate instances of fraud or detect<br />
it more quickly.<br />
Segregation of duties is a key<br />
internal control that should be<br />
implemented wherever possible.<br />
For example, once accounts payable<br />
cuts a check, someone other than<br />
accounts payable should mail it.<br />
Bank deposits should be made by<br />
someone other than the person who<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 31
INTERNAL CONTROLS<br />
In many fraud cases<br />
we read about, basic<br />
preventive controls<br />
were found to have been<br />
ignored, or were often<br />
completely missing<br />
from the organization.<br />
records the deposits. The person who<br />
deposits funds or writes checks should<br />
not be the person who completes the<br />
bank reconciliation or posts to the<br />
general ledger. Segregation of duties<br />
holds individuals accountable. Bank<br />
reconciliations should be completed<br />
in a timely manner, and any<br />
differences should be investigated<br />
and resolved right away.<br />
Another example of fraud occurred<br />
because the business manager<br />
had total control over the checking<br />
account. The business manager’s<br />
supervisors relied on the business<br />
manager and trusted his work. There<br />
was no supervisory review. It was not<br />
until the business manager resigned<br />
and a new manager was hired that<br />
the fraud was discovered. The bank<br />
had implemented a new process of<br />
including check numbers on the bank<br />
statements, so the new business<br />
manager wondered why there were<br />
two checks issued with the same<br />
check number. The investigation<br />
revealed that the previous business<br />
manager had obtained two check<br />
books—one for the business, and one<br />
he used to supplement his lifestyle.<br />
An additional best practice<br />
is to periodically review your<br />
organization’s vendor listing. Any<br />
vendor that has been added to the<br />
list, or a vendor that isn’t on the<br />
government’s approved list, is a red<br />
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
32
flag. Vendors should be reviewed and<br />
approved before any payments are<br />
made to them.<br />
To share another story, a trusted<br />
business manager was able to<br />
set up her husband as a fictitious<br />
consultant, whom she paid a monthly<br />
fee. This went on for some time until<br />
a whistleblower complained, and an<br />
investigation uncovered the scheme.<br />
Governments need proper system<br />
access controls. Be sure that only<br />
individuals who are granted access are<br />
those who require it to do their jobs.<br />
This includes access to bank accounts,<br />
the general ledger, inventory, payroll,<br />
and other such assets. Proper access<br />
controls protect the individual as well<br />
as the organization. If an individual<br />
does not have access, then they won’t<br />
be suspected if an issue arises.<br />
4 simple tips<br />
to effective internal controls<br />
1 Make sure management sets the tone with sound ethical practices<br />
2 Establish communication, transparency and openness about public<br />
funds from the top down<br />
3 Engage in cross-functional dialogue about the organization's strategic,<br />
operational, financial, compliance and reputational risks<br />
4 Conduct a supervisory review on the accounts payable disbursements,<br />
deposit register and bank reconciliations<br />
Tips to protect your organization<br />
So, what can we do to help mitigate the<br />
risk of fraud? Here are a few tips.<br />
First and foremost, make sure<br />
that management sets the tone<br />
at the top and implements sound<br />
ethical practices. Management<br />
must communicate that controls<br />
are important, and they must hold<br />
all employees accountable for<br />
their actions. Management must<br />
be transparent and communicate<br />
frequently. Management must also act<br />
as an example for others to follow.<br />
Management controls are also<br />
key internal controls. These include<br />
communication and transparency—<br />
because, to reiterate, transparency,<br />
communication, and openness<br />
about public funds act as a control.<br />
The acts of management will trickle<br />
down to staff, and when management<br />
overrides internal controls, the<br />
possibility of fraud increases. Sound,<br />
ethical procedures from management<br />
are a critical success factor to sound<br />
internal controls overall.<br />
Evaluate the risk and control<br />
culture and engage in cross-functional<br />
dialogue about the strategic,<br />
operational, financial, compliance,<br />
and reputational risks that exist<br />
within the organization. Identify highpriority<br />
risk exposures that should be<br />
highlighted for focused management<br />
attention and action. Develop policies<br />
and implement internal controls that<br />
help mitigate the risk of fraud.<br />
A supervisory review should be<br />
completed on the accounts payable<br />
disbursements, deposit register, and<br />
bank reconciliations. All journal entries<br />
should be reviewed and approved by<br />
management. Your external auditors<br />
may require you to sign off on all these<br />
reviews.<br />
These are just a few examples of the<br />
many internal controls that can be<br />
implemented, quite a few of which are<br />
unobtrusive and can be baked into the<br />
process. If you have only a few staff<br />
members, compensating controls can<br />
be implemented. Employees can cross<br />
check each other’s work, and supervisory<br />
reviews should always be completed.<br />
If you have a weakness and no control,<br />
you have a problem. However, if you<br />
have a control and no weakness, you also<br />
have a problem—an efficiency problem.<br />
We do not want to implement controls<br />
for the sake of implementing controls;<br />
this is not a “feel safe” process. Too many<br />
controls will hinder the process and cut<br />
down on efficiency. Controls need to<br />
be focused for a specific process, and<br />
reviewed, and then tested periodically.<br />
When a process changes, it is a good<br />
practice to review the controls in place<br />
to ensure that they are still necessary<br />
and effective.<br />
Conclusion<br />
The controls discussed in this article<br />
are just a few examples of where<br />
simple internal controls could save an<br />
organization from loss of funds and the<br />
reputational cloud that is associated<br />
with fraud once it is publicized. Check<br />
out the best practices of Sarbanes<br />
Oxley and Internal Controls over<br />
Financial Reporting for a more<br />
comprehensive listing. Sarbanes<br />
Oxley isn’t required for government<br />
entities, but it is considered good<br />
guidance and can be adapted to fit<br />
your municipality, regardless of size.<br />
There are also many organizations<br />
that can help in determining what<br />
controls are best for your organization.<br />
Check with your external auditors if<br />
you are not sure where to turn.<br />
Jim Seaman is the director of finance/<br />
assistant borough manager for<br />
Media Borough in Delaware County,<br />
Pennsylvania.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 33
34
RETHINKING REVENUE | SEGMENTED PRICING<br />
Segmented Pricing for<br />
Fines and Fees<br />
Increasing Revenues and Fairness at the Same Time<br />
BY JEAN-PIERRE DUBÉ, BRYAN GLENN AND SHAYNE KAVANAGH<br />
©<strong>2022</strong> DAN PAGE COLLECTION C/O THEISPOT.COM<br />
Cities and counties across<br />
the U.S. increasingly<br />
rely on fines and fees to<br />
balance their budgets.<br />
For example, an indepth<br />
study of the 39<br />
largest cities in the U.S. showed that<br />
charges grew so much from 2003 to<br />
2018 as to equal tax revenue for half<br />
the cities. 1 However, fines and fees<br />
disproportionally fall on low-income<br />
residents who often are strained to<br />
pay. 2 This has many ill effects: from<br />
causing harm to the most vulnerable<br />
communities that government serves<br />
to reducing the revenues raised by<br />
local government.<br />
For these reasons, local governments<br />
must become savvier about how they<br />
manage fines and fees. A good start<br />
would be to define fines and fees and<br />
the purpose they serve. A user fee<br />
attaches a price to a public service.<br />
This raises revenue by allocating<br />
part of the cost of the service to the<br />
person who receives the service. User<br />
fees also limit demand for a service. A<br />
fine is meant to punish transgressors<br />
of regulations and deter potential<br />
transgressors. The contention of<br />
this article is that a pricing strategy<br />
called “segmented pricing” can serve<br />
these purposes while reducing the<br />
hardships that fines and fees can place<br />
on low-income citizens. The essence<br />
of segmented pricing is to charge the<br />
citizen the price they can afford—no<br />
more, no less.<br />
Most fee and fine structures are flat,<br />
with little or no differentiation in the<br />
price for people of different abilities to<br />
pay. Citizens pay fines and fees from<br />
their discretionary income, which is<br />
the income remaining after essentials<br />
are paid for, like housing and food.<br />
Customer segmentation recognizes that<br />
different people have different abilities<br />
to pay, and people are, therefore, treated<br />
differently based on their ability to pay.<br />
Segmentation is common in the private<br />
sector. Any time a sales representative<br />
is authorized to provide a discount to<br />
convince you to buy, the company<br />
is engaging in segmented pricing.<br />
Insurance companies segment by the<br />
risk posed by the insured. Airlines<br />
provide seating options at different<br />
price points. Universities segment by<br />
offering scholarships to low-income<br />
students.<br />
Local governments commonly<br />
engage in segmentation too, perhaps<br />
without realizing it. The best example<br />
can be found in the most important<br />
local tax: the property tax. Senior<br />
citizen tax exemptions assume that<br />
seniors are on a fixed income and<br />
have less ability to pay the tax, so<br />
the exemption reduces the tax owed.<br />
This is not so different from senior<br />
citizen discounts provided by private<br />
firms. In the public and private<br />
sector, segmentation of seniors<br />
makes it more likely that seniors<br />
will pay because the price does not<br />
exceed their willingness or ability to<br />
pay. A more widespread example is<br />
segmentation by wealth. Property tax<br />
The Rethinking Revenue initiative is a joint project of many organizations that have an enduring interest in creating thriving local communities<br />
and making sure that those communities are served by capable and ethical local governments. Rethinking Revenue is about providing local<br />
governments with the ability to raise enough revenues for the services their communities need—and to raise those revenues fairly and in a way<br />
that is consistent with community values.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 35
RETHINKING REVENUE | SEGMENTED PRICING<br />
rates mean that taxpayers are charged<br />
according to property wealth—a proxy<br />
for their ability to pay. Income taxes also<br />
segment by the ability to pay, and the<br />
segmentation is even more obvious.<br />
Segmentation can be applied to fines<br />
and fees. But, before we go further, it is<br />
important to address a question that<br />
some readers may have: If fines or fees<br />
are lowered for some people, might<br />
that encourage overconsumption of<br />
services or even scofflaws? This is a<br />
valid concern. For example, one study of<br />
day care services showed that charging<br />
parents a small fine for picking up<br />
their children late came to be seen by<br />
parents as a fee they could pay for the<br />
privilege of picking up their children<br />
later. 3 In another example, anyone<br />
who lives in a big city has heard stories<br />
of well-off people who park their cars<br />
when and where they please and regard<br />
parking tickets as a cost worth paying.<br />
These examples show that fines can<br />
be ineffective deterrents if set too low.<br />
However, the approach we advocate<br />
for in this article is not to undercharge<br />
anyone but rather to find the right<br />
charge for everyone—a charge that fits<br />
people’s financial circumstances more<br />
precisely so that they will be able to pay<br />
the charge and the charge still fulfills its<br />
function for limiting demand or creating<br />
deterrence. Even in the case of a user<br />
fee that is intended to generate revenue,<br />
we will show that a segmented pricing<br />
strategy has the potential to increase<br />
total revenue, even if applied only to<br />
low-income individuals.<br />
In addition to creating financial<br />
benefits for governments, segmented<br />
pricing can support more ethical<br />
government. The ethics of public<br />
service commits public officials to treat<br />
people fairly and produce good results<br />
for the community. 4 For example, the<br />
typical one-size-fits-all structure of<br />
fines means that low-income people<br />
pay proportionately more. That<br />
means the punishment is greater for<br />
low-income people. This is not fair. 5<br />
Furthermore, excessive fines and fees<br />
can further imperil the financial health<br />
of vulnerable citizens. For example,<br />
most low-income people don’t have<br />
In addition to creating<br />
financial benefits<br />
for governments,<br />
segmented pricing<br />
can support more<br />
ethical government.<br />
much, if any, discretionary income. 6<br />
A financial shock, in the form of an<br />
excessive fine, makes it harder for<br />
these people to afford essentials. This<br />
might cause them to accumulate debt<br />
with the local government. Aggressive<br />
collection practices could worsen the<br />
situation. 7 For example, suspending<br />
a driver’s license makes it harder to<br />
get a job, or a collection agency might<br />
damage a person’s credit score. These<br />
situations can lead to a poverty trap. 8<br />
Further, people struggling to pay<br />
their other bills tend to become less<br />
compliant with other regulations, like<br />
laws, building safety, etc. 9 None of this<br />
is a good result for the community.<br />
EXHIBIT 1 | DEMAND CURVE<br />
Price<br />
Customer segmentation:<br />
the key to a better approach<br />
In economics, a person’s willingness/<br />
ability to pay is represented by a<br />
demand curve, which we depict in<br />
Exhibit 1. It shows that different<br />
quantities of any good or service will<br />
be purchased at different prices. Local<br />
governments typically set a single,<br />
one-size-fits-all price for everyone<br />
(e.g., a water rate, a set fine for a given<br />
infraction). At the given price, a given<br />
quantity will be purchased. 10 This is<br />
where the two dotted red lines intersect<br />
the blue demand curve in Exhibit 1.<br />
A greater quantity will be purchased<br />
as the price decreases. However, it<br />
could be financially unsound for local<br />
government to simply lower its onesize-fits-all<br />
price because the new price<br />
multiplied by the new quantity might be<br />
less than the old price multiplied by the<br />
old quantity.<br />
This is where segmentation comes<br />
in. Every person’s willingness/ability<br />
to pay can be understood to fall along<br />
some point on the demand curve.<br />
To illustrate, the “X” on Exhibit 1<br />
represents a hypothetical willingness/<br />
One-size-fits-all<br />
price set by local<br />
government<br />
Quantity<br />
Demand from a<br />
low-income person<br />
As the price goes<br />
down, more<br />
people will pay<br />
36
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
ability to pay for a low-income person.<br />
Because the set price is above their<br />
willingness/ability to pay, they will<br />
likely not pay, either because they<br />
don’t have the money or because<br />
they are likely to spend the money<br />
on other things (e.g., food, housing,<br />
etc.). Hence, the local government can<br />
realize greater revenue by charging<br />
our hypothetical low-income person<br />
the price that person is willing/able<br />
to pay. The math is simple. If the<br />
government maintains the price<br />
for the low-income person at 100%<br />
of its one-size-fits-all price, then<br />
the government will get $0. One<br />
hundred percent of zero is still zero.<br />
If the government adjusts the price<br />
to 80% or 70% of the one-size-fits-all<br />
price or whatever meets the demand<br />
of the low-income person, then the<br />
government will get 100% of that<br />
amount—an amount greater than<br />
zero. This also speaks to why it would<br />
not be financially savvy to reduce<br />
the one-size-fits-all price. Everyone<br />
who was willing/able to pay at a price<br />
above the new, lower, one-size-fitsall<br />
price is now being undercharged<br />
(and perhaps undeterred from<br />
undesirable behavior or encouraged<br />
to overuse public services). It is<br />
important that people who are not<br />
financially challenged continue to<br />
pay the original rate to avoid revenue<br />
cannibalization with a lower price.<br />
Exhibit 2 elaborates on Exhibit 1<br />
by making the general demand curve<br />
directly applicable to fines. Point<br />
“F1” is the standard fine amount.<br />
The green shaded area is the revenue<br />
raised from price multiplied by<br />
quantity at F1. The purple shaded<br />
area is revenue not collected when the<br />
price is set at F1. Segmented pricing<br />
would offer lower, but different,<br />
prices to different people in order to<br />
collect the amounts represented by<br />
the purple area. F2 represents one<br />
such hypothetical price, and FN is<br />
the lowest price that would need to be<br />
offered to anyone. Recall that FN is<br />
not the price that would be offered to<br />
everyone unable to pay F1. It would<br />
just be offered to people who were<br />
EXHIBIT 2 | DEMAND CURVE FOR FINES AND SEGMENTED PRICING<br />
Keep<br />
charging<br />
these<br />
people F 1<br />
Incremental<br />
Fine Revenues<br />
from Targeting<br />
Fine<br />
($)<br />
Fine<br />
Revenues<br />
Payment<br />
Rate<br />
Total Delinquent Payments<br />
Delinquency<br />
Rate<br />
PRICING AT BOTH ENDS OF THE INCOME SCALE?<br />
100%<br />
In this paper, we will only consider the potential effects on low-income<br />
individuals. However, segmentation can be applied to the other end of<br />
the income scale. For example, some countries, like Switzerland, have<br />
begun to charge fines based on income, resulting in higher fines for<br />
higher-income people. 11<br />
F 1<br />
F 2<br />
F N<br />
Based<br />
on income<br />
& SES<br />
Share of<br />
Payers (%)<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 37
RETHINKING REVENUE | SEGMENTED PRICING<br />
COULD SEGMENTATION BE<br />
APPLIED TO TAXES?<br />
As discussed, local<br />
governments already apply<br />
segmentation to the property<br />
tax. It might also be possible<br />
to segment other types of<br />
taxes, but we are focusing on<br />
fines and fees. Fines and fees<br />
have become more important<br />
in recent years and are ripe<br />
for savvier pricing strategies.<br />
Debt from unpaid fines and<br />
fees can be harmful to<br />
low-income individuals.<br />
Also, in the case of fines, the<br />
financial shock of a fine can<br />
be particularly damaging to<br />
low-income individuals.<br />
unable to afford any other price (like F2,<br />
for example). Thus, more total revenue<br />
would be generated because compliance<br />
with the charge would improve at the<br />
lower price points.<br />
It is worth noting that Exhibit 2 does<br />
not contemplate charging anyone a<br />
price higher than F1. This leaves the<br />
white area under the demand curve<br />
as unrealized revenue. Theoretically,<br />
people with greater ability to pay could<br />
be charged an amount higher than F1 to<br />
capture the white area as well. However,<br />
in this article, we will focus on the lower<br />
end of the demand curve because we<br />
believe this is a more pressing concern<br />
for most local governments.<br />
The potential available from savvier<br />
pricing is a conclusion reached not<br />
just by our hypothetical demand<br />
curves. The White House Council<br />
of Economic Advisors determined<br />
that the low compliance from lowerincome<br />
groups can sometimes cause<br />
cities to lose more revenue than<br />
they would otherwise collect due to<br />
the high direct costs of collecting<br />
debt and the low rate of collection. 12<br />
Direct costs of administering<br />
delinquent payment collections can<br />
be substantial, including staffing<br />
collectors, locating offenders, and<br />
administrating collections. The<br />
persistent low collection rates<br />
among local governments have led to<br />
reliance on third-party debt collection<br />
agencies. However, these agencies<br />
might use harsh methods that might<br />
not represent the government well to<br />
its citizens (thus, reducing trust) and<br />
harm citizens’ ability to thrive (by<br />
harming credit scores).<br />
Exhibits 1 and 2 also address the<br />
ethical and compliance concerns we<br />
raised in the introduction. With respect<br />
to ethics, because the price does not<br />
exceed the willingness/ability to pay,<br />
it is fair and will not drive the lowincome<br />
person further into poverty.<br />
Also, because the price is not less than<br />
the low-income person’s willingness/<br />
ability to pay, the price would still be<br />
an effective deterrent or limit on that<br />
person’s demand.<br />
Advantages of<br />
Segmented Pricing<br />
One-size-fits-all pricing will<br />
predictably generate unpaid<br />
accounts because the price<br />
will exceed many people’s<br />
willingness/ability to pay.<br />
More aggressive collection<br />
of unpaid accounts has<br />
disadvantages. It can further<br />
imperil the financial health<br />
of vulnerable citizens. It also<br />
requires the government to incur<br />
collection costs. In extreme<br />
cases, these costs might even<br />
exceed the revenues collected. 13<br />
Local governments can realize<br />
more revenue and have more<br />
ethical outcomes with segmented<br />
pricing. Segmented pricing does<br />
not let low-income people “off the<br />
hook” for fines or fees. They are<br />
still paying an amount that<br />
causes them a proportional<br />
burden to the average citizen.<br />
©<strong>2022</strong> DAN PAGE COLLECTION C/O THEISPOT.COM<br />
38
Charging people<br />
what they can afford—<br />
no more, no less<br />
Segmented pricing for fines and<br />
fees is not a wholly unprecedented<br />
approach for local governments.<br />
In this section, we will review<br />
practices related to segmented<br />
pricing (payment plans and amnesty<br />
periods) that local governments<br />
commonly use. We’ll also discuss<br />
the National League of Cities “LIFT-<br />
UP” program—a framework used by a<br />
small number of local governments<br />
that is related to segmented pricing.<br />
This will help ground us in: what local<br />
government has done before; how<br />
segmented pricing builds on what<br />
local governments already know; and<br />
where segmented pricing introduces<br />
something new and different. We will<br />
then go into how a government might<br />
pursue a segmented pricing system.<br />
Two local government practices<br />
related to segmented pricing are<br />
payment plans and amnesty periods.<br />
Some governments offer payment<br />
plans or other accommodations for<br />
people who experience financial<br />
difficulty. This approach is limited,<br />
and citizens often fall behind in their<br />
payments before assistance becomes<br />
available. Segmented pricing aims to<br />
prevent citizens from falling behind<br />
in the first place. Payment plans and<br />
similar mechanisms often rely on staff<br />
discretion to administer them (e.g.,<br />
determine the length of the plan, size of<br />
payments). This limits how widely the<br />
approach can be scaled. Even the most<br />
well-meaning staff will likely produce<br />
inconsistency in how discretion is<br />
applied across citizens in similar<br />
circumstances. To illustrate, research<br />
demonstrates that even judges show<br />
remarkable inconsistency in how they<br />
apply the law, 14 so it is reasonable to<br />
expect that payment discounts based<br />
on staff discretion are likely to be<br />
applied inconsistently. Segmented<br />
pricing aims to create a systematic<br />
approach that can be widely and<br />
consistently applied.<br />
Amnesty programs are where<br />
late fees or penalties are waived for<br />
a certain period with the hope that<br />
people with outstanding debts will<br />
take advantage of the waiver to pay off<br />
the charges they originally incurred.<br />
Though avoiding the problems of<br />
inconsistent treatment of citizens<br />
previously described, amnesty<br />
programs still only do good after<br />
citizens have gotten into financial<br />
difficulty. Also, “best practices” for<br />
HOW IMPORTANT IS THE STICK RELATIVE TO THE CARROT?<br />
Not as important as we might think. In 2015, the San Francisco<br />
Superior Court stopped suspending people’s driver’s licenses<br />
when they could not pay their traffic tickets. Did this inhibit the<br />
court’s ability to collect the debt? An analysis conducted by the<br />
San Francisco Treasurer’s office showed no negative impact on<br />
revenue collection. In fact, collections on delinquent debt per<br />
filing have increased since eliminating the penalty. And across<br />
California, on-time collections went up in the year following the<br />
end of driver’s license suspensions statewide. The increase<br />
in collections, without the use of driver’s license suspensions,<br />
suggests that suspending driver’s licenses was not necessary to<br />
ensure on-time payments.<br />
amnesty programs call for offering<br />
amnesties infrequently so that<br />
people don’t deliberately incur debt<br />
in anticipation of a later amnesty.<br />
Similarly, untargeted debt reduction<br />
plans may lead to some people only<br />
paying their bills when there is a shutoff<br />
notice or termination of services.<br />
Segmented pricing is meant to be a<br />
permanent, not intermittent, solution<br />
to unaffordable fines and fees.<br />
Let’s move on to a program that<br />
gets closer to segmented pricing: the<br />
Local Interventions for Financial<br />
Empowerment through Utility<br />
Payments (LIFT-UP) program,<br />
developed by the National League of<br />
Cities (NLC). 15 LIFT-UP has five core<br />
components:<br />
Identify and refer. Utility data is<br />
used to identify customers who<br />
are struggling financially and<br />
contact them for intervention.<br />
Examples of data used include a<br />
history of service terminations,<br />
high delinquent balances, or<br />
prior receipt of assistance with<br />
delinquent balances. Segmented<br />
pricing works best when informed<br />
by data about the customer’s<br />
ability to pay.<br />
Restructured utility debt. Longterm<br />
and more lenient repayment<br />
arrangements are made available.<br />
Individualized financial counseling.<br />
This includes a personal budget<br />
review, a plan to address financial<br />
needs, and referrals to appropriate<br />
support services.<br />
Financial incentives. Customers<br />
are given incentives to complete<br />
tasks, like attending a financial<br />
counseling session or consistently<br />
making payments on time. This is<br />
somewhat like moving the price<br />
point on the demand curve closer<br />
to the customer’s ability to pay, like<br />
segmented pricing.<br />
Ongoing participant contact.<br />
Participants are reminded to<br />
maintain their commitment to the<br />
program through various mediums<br />
(text messages, phone calls, etc.).<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 39
RETHINKING REVENUE | SEGMENTED PRICING<br />
In 2016, NLC evaluated the<br />
implementation of LIFT-UP in five<br />
cities, ranging in size from 465,000<br />
residential accounts (Houston)<br />
to 281,052 residential accounts<br />
(Newark). The evaluation found<br />
“evidence of a positive impact of<br />
LIFT-UP on the outcomes that are<br />
most relevant to the city and customer<br />
behaviors within that city” for three<br />
of the four cities examined. 16 For<br />
example, in two cities, the relevant<br />
metric was whether customers<br />
avoided water shutoffs. In St.<br />
Petersburg, LIFT-UP participants were<br />
about 50% less likely to experience<br />
a shutoff after enrolling, though in<br />
Savannah, there was no significant<br />
improvement. In two other cities,<br />
reducing outstanding balances was<br />
the most relevant. 17 In Houston and<br />
FEES AND FINANCIAL<br />
FOUNDATIONS FOR THRIVING<br />
COMMUNITIES<br />
GFOA has published the paper<br />
“Financial Policies for Imposed<br />
Fees, Fines, and Asset Forfeitures,”<br />
which shows how you can create a<br />
policy for these revenue sources.<br />
The paper provides the rationale<br />
for a policy and the elements of<br />
such a policy. It complements the<br />
information provided in this paper<br />
by helping to define when fines and<br />
fees are appropriate, acceptable<br />
collection practices, and limitations<br />
on how revenues should be used.<br />
Find the report at gfoa.org/<br />
materials/fees-fines-forfeitures.<br />
Newark, outstanding balances were<br />
reduced by about 25%. The evaluation<br />
also examined the cost-effectiveness<br />
of the program for a single city (St.<br />
Petersburg) and found that the program<br />
was highly cost-effective for that city.<br />
We’ve seen that a program like LIFT-<br />
UP has potential, but could segmented<br />
pricing offer further opportunities?<br />
Segmented pricing is a preventative<br />
strategy, where the goal is to<br />
avoid delinquency and encourage<br />
payment from the beginning. Thus,<br />
we might think of segmented pricing<br />
like credit scoring. Credit scoring<br />
uses data about the borrower to<br />
prevent the lender from making a<br />
loan that the borrower is unlikely<br />
to repay. Segmented pricing is used<br />
to avoid charging customers a price<br />
they are unable to pay.<br />
Under segmented pricing, 100% of<br />
eligible people could participate<br />
automatically. It can be a formidable<br />
challenge and cost to recruit people<br />
into special programs for delinquent<br />
accounts. Segmented pricing can<br />
use data to determine who is eligible,<br />
and they automatically get a price<br />
that is better aligned with their<br />
ability to pay. Automatic or default<br />
enrollment has proven a powerful<br />
tool for achieving public policy<br />
goals in many applications, not<br />
just pricing. 18<br />
Segmented pricing provides a direct<br />
reduction in the rate charged to<br />
financially struggling customers.<br />
Thus, the price of the basic water<br />
charge is brought down to a level<br />
of what the customer can afford.<br />
Without a rate reduction, there might<br />
be continuing struggles to avoid<br />
shutoffs, reduce balances, etc.<br />
The successes of LIFT-UP show that<br />
the concepts underlying segmented<br />
pricing have potential, like using data<br />
to determine who participates and<br />
giving people financial incentives.<br />
We saw that a true segmented pricing<br />
system may present new opportunities<br />
for local governments to better serve<br />
low-income individuals.<br />
What are the next steps<br />
to bringing a segmented<br />
pricing system to local<br />
government?<br />
First, the local government must reach<br />
an agreement among its decisionmakers<br />
to pursue segmented pricing<br />
and/or payment plan restructuring.<br />
Some or all of the following could be<br />
important for reaching an agreement:<br />
Understanding the seeming<br />
paradox at the heart of segmented<br />
pricing: Lowering the price for<br />
some customers could result in<br />
higher total revenues and greater<br />
compliance with regulations.<br />
Recognition that local government<br />
can and should help low-income<br />
citizens thrive by easing the burden<br />
imposed by fines and fees (while<br />
also recognizing that segmented<br />
pricing still results in low-income<br />
citizens “paying their fair share”).<br />
A related point to recognize is that<br />
most low-income citizens want<br />
to pay their fair share to support<br />
public services* but simply may<br />
not have enough money to pay the<br />
standard one-size-fits-all price and<br />
also pay for other important things<br />
in their life.<br />
A willingness to try new ideas and<br />
experiment. Though segmented<br />
pricing is in use in the private<br />
sector, it is still an advanced<br />
pricing strategy and one that has<br />
not been widely used by local<br />
governments for most revenue<br />
sources. This means that it will<br />
probably be necessary to work<br />
with outside experts on segmented<br />
pricing to get the best results.<br />
*For example, according to Vanessa Williamson of Brookings in her book “Read My Lips: Why Americans are Proud to Pay Taxes,” surveys have consistently found that “over 90 percent of<br />
Americans agree with the statement, ‘It is every American’s civic duty to pay their fair share of taxes.’”<br />
40
After an internal agreement has<br />
been reached to try segmented<br />
pricing, pick a revenue stream to<br />
start with. The best candidates will<br />
be large collection streams, where<br />
there is considerable uncollected<br />
debt and where low-income people<br />
are especially burdened by the<br />
charge. This might be a revenue<br />
stream where the local government<br />
is losing money on collections, on<br />
net. Revenues that often meet these<br />
criteria are utility bills, parking<br />
citations, and court fines.<br />
Next, determine the data that<br />
can be used to identify eligibility<br />
for segmented pricing. The goal is to<br />
identify eligibility automatically,<br />
without any input required by<br />
citizens. Also, it is best to use<br />
publicly available data so that the<br />
government does not have to collect<br />
additional personal information<br />
about its ratepayers, which could<br />
create new cybersecurity risks.<br />
Examples of data that could be used<br />
for segmented pricing include:<br />
The person’s existing debt with<br />
the local government.<br />
The median income of the<br />
neighborhood in which they live.<br />
Their participation in other<br />
government assistance<br />
programs, like WIC, Medicaid,<br />
or unemployment.<br />
Using this data, a “pricing experiment”<br />
is conducted. The accounts are<br />
divided into segments using data<br />
like that shown above. Then people<br />
within those segments are offered<br />
a discount (10%, 30%, 50% off, etc.).<br />
Different people are offered different<br />
discounts (e.g., one might be offered<br />
10% and another 15%). You can then<br />
count how often a given discount led<br />
to a payment. For a given segment,<br />
let’s imagine that 0% of customers paid<br />
with a 10% discount, 75% of customers<br />
paid with a 15% discount, and 80% of<br />
customers paid with a 25% discount.<br />
We might then conclude that a 15%<br />
discount is the right amount. Ten<br />
percent made no difference at all, and<br />
the difference in uptake between 15%<br />
and 25% might not be large enough<br />
to justify the additional discount.<br />
Artificial intelligence and machine<br />
learning techniques can be used to run<br />
the experiment on a large scale and<br />
use the results to develop an algorithm<br />
that categorizes individual customers<br />
into segments accurately and<br />
consistently. It should be noted that an<br />
algorithm that uses publicly available<br />
data for large groups of people will<br />
not perfectly segment all individual<br />
ratepayers into “just right” prices.<br />
Some people might be undercharged<br />
compared to their true willingness/<br />
ability to pay, while others might be<br />
overcharged. Still, the price should be<br />
closer to the true willingness/ability<br />
to pay of most people and generate the<br />
benefits of segmented pricing that we<br />
have described in this article.<br />
After the results of the experiment<br />
are in, prices can be adjusted<br />
accordingly for people in each segment.<br />
As with the LIFT-UP program, you<br />
will need to determine how to handle<br />
existing debt. A new, lower price going<br />
forward may not do much to resolve<br />
a large accumulated debt. A payment<br />
plan that restructures or amortizes<br />
the debt over a series of affordable<br />
monthly payments (that includes<br />
current charges) could be a solution<br />
to this problem. Similar to the logic<br />
of segmented pricing more generally,<br />
the longer time period it would take to<br />
recoup the debt (and the associated<br />
costs of capital) may be preferable<br />
to not collecting the debt at all.<br />
©<strong>2022</strong> JAMES FRYER C/O THEISPOT.COM<br />
SEGMENTED PRICING IS NOT<br />
A SILVER BULLET SOLUTION<br />
Segmented pricing will not<br />
solve every problem related<br />
to fines, fees, and low-income<br />
individuals. For example, it will<br />
not do much to resolve existing<br />
debts. Some people may face<br />
greater financial hardships than<br />
the information available to a<br />
local government might suggest.<br />
Hence, there will still be a need<br />
for payment plans or other ways<br />
to address accumulated debt.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 41
RETHINKING REVENUE | SEGMENTED PRICING<br />
Where to next?<br />
Readers who want to put the ideas in<br />
this article into practice have options<br />
for what to do next.<br />
First, you can visit the NLC to learn<br />
more about municipal financial<br />
empowerment strategies,<br />
like LIFT-UP, to increase the financial<br />
stability of low-income families.<br />
These strategies link vulnerable<br />
households to financial services and<br />
public benefits, and they provide<br />
them with tools to build assets and<br />
manage money more effectively. The<br />
NLC provides a guide to LIFT-UP as<br />
a strategy to reduce utility debt and<br />
resident financial insecurity. The<br />
LIFT-UP program includes many<br />
of the basic concepts of segmented<br />
pricing, and there have been several<br />
successful applications of LIFT-UP.<br />
Second, the Government Finance<br />
Officers Association (GFOA), NLC, and<br />
the University of Chicago are working<br />
on feasibility studies for segmented<br />
pricing relating to different revenue<br />
streams. We will publish the results,<br />
and if you have an interest in getting<br />
involved, email research@gfoa.org.<br />
Characteristics of organizations<br />
that would be a good fit for a feasibility<br />
study include: 19<br />
Possess a large revenue stream<br />
with significant problems with<br />
delinquency/nonpayment.<br />
At least 5,000 active accounts for<br />
the fine/fee that will be segmented.<br />
A willingness to waive or at least<br />
restructure debts. This is part of<br />
moving the price on the demand<br />
curve to a point where people are<br />
able to pay. Of course, you must also<br />
be willing to offer different price<br />
reductions to people.<br />
An ability to pass historical account<br />
data via an API or a downloaded<br />
CSV file; and an ability to add a<br />
hyperlink to your current website or<br />
configure your DNS (Domain Name<br />
Server) management.<br />
Conclusion<br />
Price is inextricably linked to<br />
affordability. And affordability<br />
fluctuates by the socioeconomic status<br />
of the customer. Local governments<br />
may have an important opportunity to:<br />
Raise more revenue through<br />
some fines and fees while at<br />
the same time…<br />
Administering those fees more<br />
ethically…<br />
All while not compromising<br />
the ability of the fine/fee to<br />
deter unwanted behaviors or<br />
limit demand.<br />
This opportunity is segmented pricing.<br />
Segmented pricing accomplishes all<br />
of this by finding the price point that<br />
is closest to people’s true willingness/<br />
ability to pay. When offered this price,<br />
more people will agree to pay, bringing<br />
more revenue to the government,<br />
reducing the need for costly (and<br />
possibly harsh) collection practices, and<br />
reducing the risk that local government<br />
fines and fees will exacerbate an atrisk<br />
individual’s precarious financial<br />
position into crisis.<br />
Jean-Pierre Dubé is the James M. Kilts<br />
Distinguished Service Professor of<br />
Marketing, University of Chicago, Booth<br />
School of Business, Director of Kilts<br />
Center for Marketing. Bryan Glenn is<br />
the chief executive officer of SERVUS.<br />
Shayne Kavanagh is the senior manager<br />
of research for GFOA’s Research and<br />
Consulting Center.<br />
1<br />
Ahern, Kenneth R. (May 2021). The business of city hall.<br />
Working Paper 28805. National Bureau of Economic<br />
Research.<br />
2<br />
Financial health can be ascertained by signs of increased<br />
vulnerability, poverty indicators, or delinquent bills.<br />
Brockland, Beth; Garon, Thea; Dunn, Andrew; Wilson,<br />
Eric; Celik, Necati (2019). Financial Health Network:<br />
U.S. Financial Health Pulse. 2019 Trends Report.<br />
https://s3.amazonaws.com/cfsi-innovation-files-2018/<br />
wp-content/uploads/2019/11/13204428/US-Financial-<br />
Health-Pulse-2019.pdf<br />
3<br />
Gneezy, Uri; Rustichini, Aldo (January 2000). A fine is a<br />
price. Journal of Legal Studies, 29(1). SSRN: https://ssrn.<br />
com/abstract=180117<br />
4<br />
See the GFOA Code of Ethics at https://www.gfoa.org/<br />
ethics.<br />
5<br />
The principle of fairness at work here is called<br />
“proportionality.” Psychological research shows<br />
it to be one of the most important ways that people<br />
judge fairness. See: Harward, Brian; Taylor, Alison;<br />
Kavanagh, Shayne (August 2021). What’s fair?<br />
Equity, equality, and fairness. Government Finance<br />
Officers Association. https://www.gfoa.org/materials/<br />
whats-fair-3<br />
6<br />
The Pew Charitable Trusts (March 30, 2016).<br />
Household expenditures and income. https://www.<br />
pewtrusts.org/en/research-and-analysis/issuebriefs/2016/03/household-expenditures-and-income<br />
7<br />
Cite NLC’s CAFFE project Why Cities Should Find<br />
Equitable Ways to Impose and Collect Fines and<br />
Fees—CitiesSpeak, Helping Cities Find Equitable Ways<br />
to Assess and Reform Fines and Fees, How Cities are<br />
Transforming Fines and Fees to Advance Equity and<br />
Financial Security – National League of Cities<br />
8<br />
Mello, Steven (November 14, 2018). Speed trap or<br />
poverty trap? Fines, fees, and financial wellbeing.<br />
https://mello.github.io/files/jmp.pdf; Kessler, Ryan<br />
E. (May 1, 2020). Do fines cause financial distress?<br />
Evidence from Chicago. SSRN: https://ssrn.com/<br />
abstract=3592985 or http://dx.doi.org/10.2139/<br />
ssrn.3592985<br />
9<br />
Chambers, Dustin; Thomas, Diana; McLaughlin, Patrick<br />
A.; Waldron, Kathryn (January 2019). The effect of<br />
regulation on low-income households. https://www.<br />
mercatus.org/system/files/mclaughlin_thomas_<br />
chambers_and_waldron_-_policy_brief_-_the_<br />
regressive_effects_of_regulation_a_primer_-_v1.pdf<br />
10<br />
Though it may be unconventional to think of a fine as<br />
a “purchase,” when an individual pays a fine, they are<br />
essentially purchasing a form of forgiveness for their<br />
transgression.<br />
11<br />
BBC (August 12, 2010). Swede faces world-record $1m<br />
speeding penalty. https://www.bbc.com/news/worldeurope-10960230<br />
12<br />
Council of Economic Advisors (December 2015). Fines,<br />
fees, and bail: Payments in the criminal justice system<br />
that disproportionately impact the poor. Executive<br />
Office of the President of the United States, Council<br />
of Economic Advisors. Washington, D.C. https://<br />
obamawhitehouse.archives.gov/sites/default/files/<br />
page/files/1215_cea_fine_fee_bail_issue_brief.pdf<br />
13<br />
CEA. loc. cit.<br />
14<br />
Kahneman, Daniel; Sibony, Olivier; Sunstein,<br />
Cass R. (May 18, 2021). Noise: A flaw in human<br />
judgment. Daniel Kahneman, et al reviews a large<br />
body of research demonstrating the considerable<br />
inconsistency in judgments made in the court system.<br />
It is unlikely that payment plans would be much<br />
different. Publisher: Random House Audio. Narrator:<br />
Jonathan Todd Ross.<br />
15<br />
Collins, J. Michael; Moulton, Stephanie (May 2016).<br />
Implementation and impact evaluation of local<br />
interventions for financial empowerment through<br />
utility payments (LIFT-UP). University of Wisconsin-<br />
Madison Center for Financial Security.<br />
https://cfs.wisc.edu/2016/09/08/study-showsnational-league-of-cities-lift-up-program-helps-citiesrecoup-lost-revenue-families-build-financial-security/<br />
16<br />
The fifth city could not provide the necessary data<br />
due to a utility billing system conversion.<br />
17<br />
Cities with more aggressive shutoff policies did<br />
not have customers with larger balances but did<br />
experience a cycle wherein customers would not pay<br />
until shutoff, pay to have the water turned on, and<br />
then not pay again until the next shutoff. Clearly, not<br />
an ideal situation.<br />
18<br />
Halpern, David; Sanders, Michael (2016). Nudging<br />
by government: Progress, impact and lessons<br />
learned. Behavioral Science & Policy, 2(2): 53–65.<br />
https://behavioralpolicy.org/wp-content/<br />
uploads/2017/06/Sanders-web.pdf<br />
19<br />
In addition, reaching agreement among relevant<br />
decision-makers that segmented pricing and<br />
new payment plan guidance is something worth<br />
implementing.<br />
42
<strong>2022</strong> COACHING PROGRAM<br />
THRIVE IN LOCAL GOVERNMENT<br />
UPCOMING FREE WEBINARS – Register at icma.org/coachingwebinars<br />
WEDNESDAY, OCTOBER 20<br />
Alternatives to Silos – Leadership at<br />
Every Level<br />
THURSDAY, NOVEMBER 17<br />
Everyone Has Personal Challenges:<br />
How to Balance Personal Requirements<br />
and Organizational Demands<br />
All Webinars start at 1:30pm Eastern time.<br />
Can’t make it to the live webinar? Register and get an automatic email notice when the<br />
recording is available. icma.org/coachingwebinars<br />
SAVE TIME! SIGN UP FOR BOTH <strong>2022</strong> WEBINARS AT ONCE!<br />
bit.ly/3r5k4nm<br />
Additional free coaching resources at ICMA’s Career Center<br />
(icma.org/careers):<br />
• Digital archives<br />
• Career Compass monthly advice column<br />
• CoachConnect for one-to-one coach matching<br />
• Live speed coaching events, talent development resources, and more.<br />
Join our list for coaching program updates and more: email coaching@icma.org.<br />
Learn more at icma.org/coaching
When Growth<br />
Fuels Change<br />
The Finance Department initiates transformation<br />
in the Town of Nolensville, Tennessee<br />
BY CHRISTINA MERLE AND CAREY SMITH<br />
44
WHEN GROWTH FUELS CHANGE<br />
©<strong>2022</strong> JAMES STEINBERG C/O THEISPOT.COM<br />
The Finance Department<br />
for the Town of Nolensville,<br />
Tennessee, was under<br />
significant public scrutiny<br />
for not providing sufficient<br />
information to residents.<br />
To address this concern,<br />
the department committed<br />
to implementing new<br />
financial practices that<br />
provided transparency and<br />
accountability, along with a<br />
focus on overall excellence.<br />
MAKING CHANGES<br />
The town’s finance team, which started<br />
out as part of a combined finance<br />
and human resources department,<br />
recognized the limitations of this<br />
organizational structure, in which<br />
the staff was continuously juggling<br />
too many priorities with too few staff<br />
members—with only two employees<br />
to manage all the functions of both<br />
disciplines. This structure also limited<br />
the segregation of duties and the need<br />
and ability to satisfy internal control<br />
procedures. It was clear that the town<br />
was experiencing significant growth<br />
and the finance department needed to<br />
implement long-term changes to keep up<br />
with ever-expanding service demands.<br />
As a result, the finance and human<br />
resources functions were separated into<br />
distinct municipal departments.<br />
The new organizational structure<br />
for the Finance Department put in<br />
place in FY2021 included the hiring<br />
of a finance director and finance<br />
assistant, initially a part-time position<br />
that would later evolve into a full-time<br />
position supporting departmental<br />
functions, while also providing<br />
necessary segregation of duties. The<br />
following fiscal year, the town created<br />
a human resources department that<br />
included the hiring of a full-time<br />
human resources director to manage<br />
personnel matters.<br />
The new organizational structure<br />
has proven more responsive and<br />
sustainable for the town’s continued<br />
growth and ongoing needs, and<br />
citizens have provided support and<br />
positive feedback. For example,<br />
when the town's first budget book<br />
was produced, one resident wrote:<br />
“Breaking news! I have never been<br />
more proud of my government than I<br />
am right now. I got involved in town<br />
government because of financial<br />
transparency issues I saw when I first<br />
moved here. … Municipal government<br />
starts and ends with budgets. We<br />
barely notice it when we argue about<br />
density and visions, but it’s by far<br />
the most important process. And we<br />
finally have a strong foundation.”<br />
Recognizing the need for human<br />
resource functions to keep up with the<br />
employee growth in the organization,<br />
a standalone human resources<br />
department was created. Public<br />
safety is the town’s biggest focus<br />
area for recruiting and retaining, so<br />
it’s important to have a competitive<br />
benefits package to keep up with<br />
neighboring municipalities. HR<br />
undertook several initiatives to<br />
improve employee recruitment and<br />
retention, including hiring a benefits<br />
broker to change the town’s healthcare<br />
plans and providers to improve the<br />
level of service and coverage for<br />
employees. The town was now able<br />
to offer full family coverage and to<br />
provide contributions toward health<br />
savings accounts, while also saving<br />
almost $90,000 a year in premium<br />
expenses. A consultant also reviewed<br />
compensation, allowing the town to<br />
adopt a new pay scale in FY 2023 that<br />
will keep Nolensville aligned with<br />
market rates.<br />
Located in Williamson County, Tennessee, the Town of Nolensville<br />
is approximately 22 miles southeast of Nashville. According to the<br />
United States Census Bureau, the town has a total area of 10.44<br />
square miles, all land. The population was 15,487 at the 2020 census.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 45
WHEN GROWTH FUELS CHANGE<br />
The new organizational structure<br />
also complements the new councilmanager<br />
form of government that was<br />
recently enacted, following a citywide<br />
referendum on changing the form of<br />
government. Department heads serve<br />
often in multiple roles in Nolensville,<br />
which is a common situation in<br />
smaller municipalities. Citizens<br />
viewed the town’s previous form of<br />
government (mayor-aldermanic) as<br />
inadequate to keep up with the many<br />
challenges of a growing municipality.<br />
Citizens voted for a structure that<br />
divided control equally across<br />
multiple board members, solving<br />
the problems of limited segregation<br />
of duties and insufficient staff to<br />
handle the amount of work that was<br />
needed to bring the departments up<br />
to date on policies. The town is also<br />
experiencing significant growth, and<br />
the new structure satisfies the need<br />
to keep up with future growth.<br />
THAT’S A LOT OF RESERVES<br />
Nolensville also has a healthy<br />
general fund reserve balance, so<br />
one of the first initial projects for the<br />
Finance Department was to establish<br />
and implement a fund balance<br />
policy. While no municipality is<br />
going to complain about having a<br />
good amount of money in reserve,<br />
the town had accumulated nearly<br />
200 percent of its annual operating<br />
budget in reserves. The savings grew<br />
significantly because of one-time<br />
monies collected on development; the<br />
town was experiencing significant<br />
growth and had no prior policy in<br />
place for what to do with revenues<br />
associated with development.<br />
The amount of reserve—nearly<br />
200 percent of annual operating<br />
budget—was significantly more<br />
than guidelines recommended by<br />
the Municipal Technical Advisory<br />
Service in Tennessee, and more than<br />
other municipalities consider as<br />
best practice. There were concerns<br />
that because of the excess savings,<br />
the town would be perceived as not<br />
using the money to fund necessary<br />
infrastructure and roadway<br />
improvements, along with other<br />
important capital projects.<br />
BUILDING A FIRE DEPARTMENT<br />
Given the growth the town was<br />
experiencing and the amount of<br />
money it had available, officials<br />
decided the town would be best<br />
served by using some of its<br />
reserves to help create its first fire<br />
department. Nolensville originally<br />
contracted with a 501(c)(3) volunteer<br />
fire organization, providing funds<br />
each budget year to cover the costs<br />
of providing fire protection and<br />
emergency response to the town.<br />
Fire protection became a major focus<br />
through the FY 2021 budget process.<br />
SKYE MARTHALER, WIKIPEDIA COMMONS<br />
46
The town explored the strategy of<br />
creating a combination department<br />
by hiring a minimum number of fulltime<br />
staff members and maintaining<br />
the current volunteers. The change<br />
would be funded through a tax<br />
increase to cover the operational<br />
costs of the additional staff. The<br />
town’s growth was resulting in more<br />
calls to the volunteer organization<br />
(and therefore additional expense),<br />
making it clear that some full-time<br />
staff would be necessary for the town<br />
to ensure that a sufficient level of fire<br />
protection and emergency response<br />
was being provided.<br />
A budget amendment proposed<br />
shortly after the FY 2021 budget was<br />
approved provided funds for nine<br />
full-time firefighters and a fire chief<br />
to address the immediate need for<br />
full-time fire suppression coverage,<br />
while starting the town down the<br />
path of establishing the first town<br />
combination department. Hiring an<br />
experienced and professional fulltime<br />
fire chief was the first objective.<br />
The fire chief was tasked with<br />
initiating the plan and implementing<br />
the combination department, which<br />
would provide the foundation of<br />
a full fire department that would<br />
still be supported by the amazing<br />
volunteers who had been servicing<br />
the town for years.<br />
A FUND BALANCE POLICY<br />
The fund balance was being<br />
discussed at the same time, and it<br />
was recognized that implementing<br />
the fund balance policy would<br />
likely open up a significant amount<br />
for spending on capital needs for<br />
projects such as land acquisition and<br />
construction of a new fire station.<br />
Town leadership realized there<br />
would be significant capital project<br />
requirements, including building<br />
construction and the acquisition of<br />
fire apparatus. Since the town was<br />
starting from scratch, this was going<br />
to be a significant undertaking.<br />
The fund balance policy was<br />
adopted and implemented in August<br />
2020 to mitigate current and future<br />
risks, plan for future capital projects<br />
and equipment needs, and ensure<br />
stable tax rates. The fund balance<br />
will be limited to unanticipated<br />
expenditures; specific and reasonable<br />
cash flow purposes; grant anticipation<br />
reimbursement; new public health and<br />
safety needs; service enhancements;<br />
early retirement of debt; and one-time<br />
capital expenditures that align with<br />
essential services. The objectives of<br />
the policy will maintain reservations<br />
of fund balance in accordance with<br />
GASB statement No. 54, Fund Balance<br />
Reporting and Governmental Fund Type<br />
Definitions. The policy establishes:<br />
• Fund balance policy for the<br />
general fund.<br />
• Reservations of fund balances<br />
for the general fund.<br />
• The method of budgeting in<br />
the general fund, the amount<br />
of estimated unrestricted fund<br />
balance available for appropriation<br />
during the annual budget adoption<br />
process, and the actions that<br />
may be needed if the actual fund<br />
balance is significantly different<br />
than the budgeted fund balance.<br />
• The spending order of the<br />
general fund's fund balance.<br />
CAPITAL IMPROVEMENT<br />
AND DEBT<br />
Adopting a fund balance policy was a<br />
catalyst to many other opportunities<br />
for developing and implementing best<br />
practices and updates that the town<br />
needed. One of these was making<br />
funding available for appropriation to<br />
create a capital improvements fund,<br />
which led to the creation of a capital<br />
improvements advisory committee.<br />
This committee is made up of both<br />
town staff and five local citizens<br />
who represent town residents. The<br />
committee is responsible for making<br />
recommendations to the Board of<br />
Commissioners on the selection and<br />
prioritization of capital projects.<br />
The advisory committee provides<br />
both added transparency into the<br />
capital improvement plan (CIP)<br />
process as well as an opportunity to<br />
engage citizens in the process. The<br />
committee’s monthly meetings are<br />
open to the public.<br />
With a multi-year CIP comes<br />
the possibility of incurring debt,<br />
depending on the sufficiency of other<br />
funding sources to cover the town’s<br />
many capital project needs. These<br />
include road infrastructure (such as<br />
road widening, a major thoroughfare<br />
plan, turn lanes, flashing beacons,<br />
traffic lights, crosswalks, bike<br />
lanes, sidewalks) and facilities<br />
expansion (for instance, fire station,<br />
police headquarters, public works<br />
maintenance building expansion,<br />
land, and opportunities for town<br />
parks). Currently, all town staff,<br />
including the Police Department,<br />
are in the Town Hall, but as the<br />
town continues to hire additional<br />
staff, facility expansions and new<br />
facilities will be necessary. The Fire<br />
Department is currently using the<br />
county-owned volunteer fire station,<br />
but the town has plans underway<br />
that include land acquisition and<br />
the design and construction of a new<br />
fire station to support its growing fire<br />
suppression needs.<br />
The Finance Department<br />
began rewriting the outdated debt<br />
management policy, adopted 10<br />
years ago, to reflect contemporary<br />
best practices for debt management,<br />
ensuring that fiscally sound<br />
debt management practices will<br />
be followed. The previous debt<br />
policy had vague limitations and<br />
guidelines. For example, there was no<br />
set limit on the total outstanding debt<br />
obligations—it was just indicated that<br />
the total amount of debt obligations<br />
would be determined by the board.<br />
The new policy bases the town’s<br />
debt limit on a percentage of annual<br />
revenues, along other factors. It<br />
also includes a bundle of financial<br />
policies, including the fund balance<br />
policy, an operating budget policy, a<br />
capital improvements plan policy,<br />
investment policies, and a cash<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 47
WHEN GROWTH FUELS CHANGE<br />
management policy, along with more<br />
specific and formalized guidelines.<br />
The update was presented to the<br />
Board of Commissioners in July<br />
2021, and the finance director and<br />
town manager also recommended<br />
engaging a financial advisor to advise<br />
town leaders about debt and fiscal<br />
practices, and to help the town secure<br />
the best solutions for financing<br />
capital investment needs. This<br />
includes providing suitability and<br />
needs analysis, developing a plan for<br />
financing or refinancing, preparing,<br />
and reviewing material for bond<br />
rating interviews, and other services<br />
related to issuing debt obligations.<br />
Through all of this, the town has<br />
become proactive in establishing<br />
strategic and long-term planning<br />
in a fiscally responsible manner.<br />
The town manager and finance<br />
director created a five-year operating<br />
budget and 10-year CIP, as well as<br />
fiscal analysis that helps the board<br />
understand the long-term impacts<br />
of potential developments as far as<br />
the revenue to be received and the<br />
expected operating costs.<br />
A NEW REPORTING PLATFORM<br />
The Finance Department remains<br />
committed to seeking opportunities to<br />
improve performance and efficiencies.<br />
In November 2021, Finance achieved<br />
its goal of implementing new software,<br />
updating a dated and limited onsite<br />
reporting platform to a cloud-based<br />
platform that provides efficiencies,<br />
eliminates redundancies, and<br />
streamlines manual processes across<br />
departments.<br />
Before the upgrade, when another<br />
department would submit a request<br />
for purchasing, that request was<br />
submitted by paper to the Finance<br />
Department. Finance was then<br />
responsible for entering the request<br />
into the system for processing<br />
payment, a time-consuming manual<br />
process. The new system allows<br />
every department to submit their<br />
own requests via the software, which<br />
channels through an integrated<br />
approval process based on available<br />
department fiscal resources and<br />
in accordance with the purchasing<br />
policy. The software provides instant<br />
and simultaneous updates, including<br />
a department dashboard to track and<br />
monitor fiscal performance.<br />
Since all the historical data had<br />
to be loaded into the town’s new<br />
software, the Finance team also<br />
capitalized on the timing of this<br />
upgrade to change over the town’s<br />
old chart of accounts format to the<br />
state’s standard chart of accounts.<br />
This was done manually by mapping<br />
each account under the old chart<br />
of accounts. This allowed for better<br />
account options that helped make the<br />
town’s budgeting more transparent<br />
and consistent with those of other<br />
municipalities as well as the state.<br />
NOLENSVILLETN.CLEARGOV.COM<br />
As part of the effort to increase transparency, the Town of<br />
Nolensville launched an innovative module that provides an<br />
easy-to-understand, interactive view of the town budget by<br />
fund, department, source, debt, demographics and more.<br />
48
“I have never<br />
been more<br />
proud of my<br />
government<br />
than I am<br />
right now.”<br />
Nolensville resident,<br />
after receiving the town's<br />
first budget publication<br />
The Finance team, working with<br />
the town manager, conducted a<br />
very transparent budget process,<br />
providing information to the board<br />
of commissioners and the public in<br />
graphical and tabular form for the<br />
first time ever. The budget process<br />
included launching an innovative<br />
Finance transparency module that<br />
provides web-based data using<br />
dynamic infographics that tell the<br />
town’s financial story. The module<br />
is hosted on the town’s Finance page<br />
(at nolensvilletn.cleargov.com),<br />
where it’s available to the public. The<br />
information presented in the module<br />
provides an easy-to-understand,<br />
interactive view of the town budget<br />
(expenditures and revenues) by<br />
fund, department, source, debt,<br />
demographics, and more. The next<br />
step is to walk viewers through the<br />
CIP, showing the status of each<br />
project, amount of funding expended<br />
to date, total budget per project,<br />
project overview, and location.<br />
THE TOWN’S FIRST<br />
BUDGET BOOK<br />
Following the annual fiscal budget<br />
approval, the Finance Department<br />
produced its first-ever budget<br />
publication, for which the town<br />
received the GFOA Distinguished<br />
Budget Presentation Award. Before<br />
this, the budget was prepared in<br />
Excel and only provided to the<br />
public in the form of the ordinance<br />
that was required by the state. This<br />
meant the public was receiving very<br />
limited information about revenues<br />
and expenditures with little to no<br />
details. There were no visuals or<br />
explanations, making it very difficult<br />
for citizens to understand the scope<br />
and breadth of the town’s budget. The<br />
new budget document format and<br />
content, which provide significant<br />
detail on revenues and expenditures,<br />
have been well received by elected<br />
officials as well as citizens.<br />
PURCHASING AND<br />
PROCUREMENT PRACTICES<br />
The Finance Department has<br />
continued to reevaluate and improve<br />
on processes and practices. For<br />
example, the department created<br />
the town’s first purchasing policy<br />
that provides a formalized process<br />
for all types of procurement of goods<br />
and services. As a result, the bidding<br />
process has been formalized and<br />
aligned with best practices.<br />
The Finance Department also<br />
issued a request for proposals for new<br />
municipal auditing services and a<br />
request for proposals for purchasing<br />
cards to provide more control over<br />
spending while enabling purchases<br />
from vendors that don't accept checks.<br />
CONCLUSION<br />
The Finance Department’s ongoing<br />
goal and commitment is to shape a<br />
culture of efficiency while continuing<br />
to evaluate current systems,<br />
policies, and processes. This will<br />
help us identify opportunities to best<br />
optimize resources by eliminating<br />
redundancies and increasing<br />
automation, while also promoting<br />
the development of new policies and<br />
guidelines for consistent and efficient<br />
improvements. The focus of these<br />
efforts is to provide transparency to<br />
our citizens, and to provide excellence<br />
in finance.<br />
Christina Merle, CMFO, is the finance<br />
director for the Town of Nolensville,<br />
Tennessee. Carey Smith is a finance<br />
technician for the Town of Nolensville.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 49
CITY BUDGETING<br />
FOR EQUITY<br />
AND RECOVERY<br />
EFFECTIVE CHANGE<br />
MANAGEMENT IN EQUITY<br />
IMPLEMENTATION<br />
BY JOE BUCKSHON AND MATTHEW STITT<br />
50
CITY BUDGETING FOR EQUITY AND RECOVERY<br />
Changing practices to drive<br />
greater equity can be<br />
extremely intimidating<br />
for cities that aren’t yet<br />
substantively educated<br />
or exposed to the relevant<br />
concepts, and for those within cities who perceive<br />
their status or authority as being threatened by<br />
the adoption of new principles. This is especially<br />
the case given today’s turbulent environment.<br />
Creating a sense of urgency about change<br />
can be relatively easy as an executive, but<br />
significantly less so as a subordinate. Finding<br />
champions may seem impossible if cities<br />
are struggling to get stakeholders to even<br />
entertain a particular topic. Both proven and<br />
emerging change management practices can<br />
be simultaneously deployed to help overcome<br />
these challenges and dramatically improve<br />
the probability of success. If an individual who<br />
is seeking to make change lacks a traditional<br />
leadership position, or active supporters for their<br />
cause, or simply does not know where to begin,<br />
this article can help them model an approach<br />
to lead from their current position and effect<br />
sustainable, enduring organizational change.<br />
As part of our ongoing work with the cohort of<br />
cities looking to make transformative change<br />
through the Bloomberg Philanthropies/What<br />
Works Cities/Results for America City Budgeting<br />
for Equity and Recovery (CBER) Initiative, this<br />
article represents a combination of lessons<br />
learned and promising change management<br />
practices that have emerged over the duration of<br />
the initiative.<br />
What is change management?<br />
Fundamentally, change management speaks<br />
to the process that ultimately drives a city’s<br />
culture (and, to quote the renowned Peter<br />
Drucker, “culture eats strategy for breakfast”).<br />
We are more specifically speaking to the process<br />
that drives a city’s new program, initiative, or<br />
strategic focus to gain additional, necessary<br />
buy-in from stakeholders across the entire<br />
government. This can take place at any level<br />
within the organization—from one’s mind to<br />
one’s team—and from one-on-one relationships<br />
with global institutions. Many of the critical<br />
factors will remain very similar across the board.<br />
Some of the standard best practices include: 1<br />
• Creating a sense of urgency; action must be<br />
taken quickly.<br />
• Finding champions to help spread the word,<br />
implement changes, and eliminate barriers.<br />
• Establishing working groups, committees, or<br />
taskforce teams (composed of champions and<br />
subject matter experts) to lead change efforts<br />
across government.<br />
• Focusing on short-term wins to build<br />
momentum on the way to long-term success.<br />
• Reinforcing the established change at a<br />
systems level.<br />
• Creating continual evaluation and feedback<br />
loops to better inform future refinements.<br />
While these are tried-and-true tactics that can<br />
support your city’s leading efforts to improve on<br />
the existing culture, and to achieve the brighter<br />
This article was adapted from a What Works Cities Budgeting for<br />
Equity and Recovery resource, “Effective Change Management<br />
in Equity Implementation.”<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 51
EXHIBIT 1 | CHANGE MANAGEMENT PRACTICES FOR EQUITABLE PRINCIPLES<br />
CONDUCT A<br />
BRIEF, INFORMAL<br />
ENVIRONMENTAL<br />
SCAN<br />
WHEN DEFINING<br />
EQUITY IN YOUR<br />
JURISDICTION,<br />
FOCUS ON METRICS<br />
IDENTIFY THE KEY<br />
PLAYERS, BOTH<br />
CHAMPIONS AND<br />
DETRACTORS<br />
BE AWARE OF EXISTING<br />
LEADERSHIP PRIORITIES,<br />
AS WELL AS TIMING OF<br />
ELECTORAL CYCLES<br />
PROMISING<br />
PRACTICES<br />
IN CHANGE<br />
MANAGEMENT<br />
FOR EQUITABLE<br />
PRINCIPLES<br />
ESTABLISH<br />
WORKING GROUPS,<br />
COMMITTEES, OR<br />
TASK FORCES<br />
UNDERSTAND<br />
THE PERSPECTIVE<br />
OF YOUR KEY<br />
DETRACTOR(S)<br />
WHERE POSSIBLE,<br />
USE THESE<br />
CONVERSATIONS TO<br />
CREATE CHAMPIONS<br />
IN ALL CASES,<br />
ADVOCATE FOR LOW-<br />
EFFORT REPORTING AND<br />
TRANSPARENCY INITIATIVES<br />
52
CITY BUDGETING FOR EQUITY AND RECOVERY<br />
future your city envisions, it must be<br />
acknowledged that aligning a large<br />
organization can be challenging<br />
(particularly in the public sector).<br />
To tackle this specific type of change<br />
management challenge as it relates<br />
to equity, PFM has curated a series<br />
of promising practices from across<br />
the United States that can be applied<br />
to your unique opportunity to refine<br />
your department’s operations,<br />
municipal operating budget, or capital<br />
improvement plan.<br />
Promising practices in<br />
change management for<br />
equitable principles<br />
Traditional change management<br />
best practices assume: a certain<br />
level of power for decision-making<br />
and political capital committed by<br />
the initiative’s champion, a certain<br />
level of responsibility vested in the<br />
person or team charged with leading<br />
the change, and a general level of<br />
awareness that the existing culture<br />
must be altered or disrupted to achieve<br />
desired outcomes. (See Exhibit 1.)<br />
The goal for this review is to make<br />
sure you have a general understanding<br />
of how equity work has been conducted<br />
in the past and to what extent it<br />
was successful. This can include a<br />
consideration of peer organizations—<br />
however, their relative success or lack<br />
thereof is not necessarily predictive of<br />
your own experience. Keep cultural,<br />
political, and demographic realities<br />
in mind when making comparisons,<br />
and avoid digging too deeply into<br />
quantitative data at this stage.<br />
In a recent project with the City of<br />
Chula Vista, California, the project<br />
team spoke with several departments<br />
that had previously published equitycentric<br />
documentation to ask about<br />
their process and goals. The team was<br />
able to collect equity definitions and<br />
other data points to bolster their own<br />
work. This also led them to uncover<br />
additional equity champions that<br />
could be aligned to their specific<br />
project goals.<br />
Identify the key players, both<br />
champions and detractors<br />
If you can’t make the final decision—<br />
who can? Who else has influence<br />
over the decision, or the ultimate<br />
implementation of the decision? Is<br />
there a way to turn our detractors<br />
into champions? If so, how should we<br />
pursue the best path to securing that<br />
buy-in?<br />
Start by creating a rough power<br />
map as it relates to your city’s goal.<br />
A simple format to consider is an<br />
X and Y axis showing more or less<br />
influence in one dimension and more<br />
or less support for your position in the<br />
other. 2 Understanding these change<br />
management power dynamics and how<br />
they impact decision-making authority<br />
and workflows will help you plot the<br />
most efficient course of action.<br />
Establish a working group, steering<br />
committee, or task force made up<br />
of champions to lead change<br />
Establishing working groups,<br />
committees, or task forces can further<br />
support communication, coordination,<br />
and collaboration efforts across the<br />
government. If existing, effective<br />
groups are already up and running for<br />
cross-cutting initiatives or priorities,<br />
joining those committees might be<br />
an effective way to make progress<br />
and find others who support your<br />
cause. The larger and more complex<br />
the government entity, the greater<br />
the need to join or establish a formal<br />
working group or committee to lead<br />
these efforts. These teams should also<br />
include “A-Team” members to ensure<br />
that the change remains a substantive<br />
and visible priority. Diversity of<br />
department and positions is crucial,<br />
as was outlined in a recent ICMA study<br />
of the City of Evanston, Illinois. 3 In<br />
this example, Evanston intentionally<br />
built its equity committees through<br />
diversity of positions, departments,<br />
and supervisory responsibilities.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 53
CITY BUDGETING FOR EQUITY AND RECOVERY<br />
When defining equity in your<br />
jurisdiction, focus on metrics,<br />
not just language<br />
While a baseline understanding of<br />
the definition of equity (for example,<br />
how it is different from equality) is<br />
typically helpful in getting your team<br />
thinking similarly, the conversation<br />
will inevitably move to “how do we<br />
measure this abstract concept?”<br />
In many places, governments are<br />
adopting place-based, third-party<br />
definitions that are often set by and<br />
monitored through federal agencies,<br />
such as the Center for Disease Control<br />
(CDC) Social Vulnerability Index,<br />
or HUD’s Qualified Census Tracts.<br />
Focusing on these types of metrics<br />
initially helps to alleviate pressure<br />
on any individual who may be seen<br />
as “defining equity” for an entire<br />
community (that person should be but<br />
may not be engaged in this process). It<br />
also generally aligns with federal and<br />
state funding streams, which can be a<br />
useful leverage point when discussing<br />
the fiscal implications of this type of<br />
focus (for example, if we use HUD’s<br />
definition, it is highly likely we can<br />
apply for grants that support impactful<br />
programming on this metric).<br />
In Harris County, Texas, city<br />
officials have started to use the<br />
CDC Social Vulnerability Index<br />
more consistently across multiple<br />
areas of their operating and capital<br />
budget processes, including flood<br />
plain project prioritization 4 and<br />
small business relief. 5 Using the<br />
same metric across both programs<br />
allows for a comparison of outcomes<br />
and consistent reporting across<br />
departments.<br />
Be aware of existing leadership<br />
priorities as well as timing of<br />
electoral cycles<br />
When pursuing equitable change,<br />
it is critical to understand where<br />
leadership stands in relation to your<br />
own vision of equity. If appropriate,<br />
consider ways to elevate this work<br />
to the executive themselves, or,<br />
more likely to their deputies and key<br />
support staff. If the elected official<br />
can take things a step further by<br />
issuing a jurisdiction-wide mandate,<br />
or even an executive order, it will<br />
likely set the tone for equity work<br />
across the organization. It can also<br />
further the push for more alignment<br />
with larger organizational goals.<br />
When pursuing<br />
equitable change,<br />
it is critical to<br />
understand<br />
where leadership<br />
stands in relation<br />
to your own<br />
vision of equity.<br />
54
For example, one city in the City<br />
Budgeting for Equity and Recovery<br />
cohort (that is working to increase<br />
equity in its capital budget)<br />
discovered that a key driver to<br />
completing more equitable work is<br />
the amount of available discretionary<br />
capital funding each year. If the<br />
mayor, city manager, and other city<br />
leadership can articulate the need and<br />
scale of deferred maintenance and<br />
can make a collective, unified push for<br />
additional funding from other entities<br />
(including philanthropic, state, and<br />
federal government), it would be a<br />
more powerful push than one coming<br />
from the budget office alone, and<br />
it should increase the chances of<br />
securing additional available funding<br />
for all proposed capital projects.<br />
If your city’s administration and<br />
leadership are coming up on the end<br />
of their terms, consider how this kind<br />
of work may be affected (positively or<br />
negatively) by the result of a primary<br />
or general election. While there should<br />
be urgency around equity in all cases,<br />
the timing of when to pursue certain<br />
conversations, policy or process<br />
changes—and potential presentations<br />
or reports—must follow a logical cadence<br />
that considers the practical and feasible<br />
focus of the administration at any given<br />
moment.<br />
Understand the perspective<br />
of your key detractors<br />
If your internal detractors substantively<br />
rely on key data for their work, this factor<br />
should inform the way you formulate a<br />
persuasive argument and strategically<br />
approach the conversation or meeting<br />
with these stakeholders. For example, if<br />
your city’s team is attempting to change<br />
public works’ policies, your team may<br />
need to dive deeper as to where the more<br />
granular data stems from, how often<br />
projects are similarly (or identically)<br />
rated, and what level of subjective<br />
prioritization comes into play at more<br />
senior levels of the organization—in<br />
order to offer a more relevant context<br />
or perspective.<br />
In the City of San Diego, California,<br />
street projects are prioritized based<br />
on street condition, proximity to<br />
one another, and so on. 6 This can be<br />
considered an asset quality-centric<br />
approach to budget allocation. In the<br />
City of Oakland, California, a similar<br />
process is used, although Oakland<br />
also incorporates equitable factors<br />
in their prioritization criteria. For<br />
instance, individual complaints are<br />
not included as rationale for paving<br />
a particular street, and geographies<br />
considered “underserved” by the<br />
city’s definition receive preference<br />
in project funding. 7 This additional<br />
layer of consideration can potentially<br />
counteract persistent underfunding<br />
of some community priorities.<br />
The Three Cs of Change Management<br />
When in doubt, focus on the three Cs: coordination, communication, and collaboration.<br />
COORDINATION COMMUNICATION COLLABORATION<br />
AS THE COVID-19 PANDEMIC demonstrated, an increasingly<br />
unpredictable future requires new ways of thinking about<br />
government operations. When the critical moment is upon<br />
you, it is too late to plan for what you might do. Preparing<br />
for these scenarios is ideal—however, if your organization is<br />
facing a new challenge, the three c’s should be your default<br />
methodology for quickly establishing alignment, effectively<br />
sharing information, and working across silos to deliver<br />
critical services and save precious time and resources along<br />
the way.<br />
• Racial equity and reconciliation initiative team, City of<br />
Long Beach – In June 2020, city council members in the<br />
City of Long Beach, California, unanimously approved a<br />
resolution to review historical inequities related to race<br />
and other demographic factors. This cross-departmental<br />
team was responsible for engaging residents on how<br />
best to eliminate systemic racism. Ultimately, this team<br />
delivered a comprehensive report and recommendations<br />
for enhancing racial equity in the city. 1<br />
• Stimulus task force, City of New Orleans, Louisiana –<br />
Following the announcement of $375 million in federal<br />
funding, the mayor of New Orleans, Louisiana, convened<br />
a 28-member task force with five sub-committees<br />
representing the city’s priorities. This group is tasked with<br />
identifying the best opportunities for spending, and with<br />
exploring potential funding through subsequent rounds<br />
of ARPA guidance. 2 The city adopted this strategy based<br />
on multiple prior experiences with federal relief funding<br />
following hurricanes and associated flooding.<br />
1<br />
Dr. Anissa Davis, Initial report, Racial Equity and Reconciliation Initiative, City of Long Beach, California.<br />
2<br />
Jessica Williams, “How will $375M in coronavirus aid get spent in New Orleans? This stimulus task force will decide,” April 15, 2021, NOLA.com. This initiative includes real-time public<br />
dashboards that show spending trends for the city and its agencies.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 55
CITY BUDGETING FOR EQUITY AND RECOVERY<br />
While there is<br />
still significant<br />
resistance to equity<br />
in many places,<br />
incremental change<br />
is always possible,<br />
and transformative<br />
change can follow.<br />
...And, where possible, use<br />
these conversations to create<br />
champions<br />
To further the capital budget example,<br />
perhaps your equity team meetings<br />
with this department team reveal<br />
a lack of sustainable, discretionary<br />
funding for projects that are not tied<br />
to grants or state or federal aid. One<br />
potential solution is to use your team’s<br />
equitable push as a starting point<br />
to request increased funding for all<br />
capital projects, in particular, those<br />
aligned with equitable principles.<br />
When Oakland was revamping its<br />
capital improvement plan, working<br />
groups focused on getting feedback<br />
and input at multiple points along the<br />
way to ensure buy-in, and to create<br />
champions for the plan. 8 This type of<br />
broad engagement approach allows<br />
you to aggregate feedback and frame<br />
your goals in a shared, inclusive<br />
context that can be supported by all<br />
involved.<br />
In all cases, advocate for loweffort<br />
reporting and transparency<br />
initiatives<br />
For example, if your team would like to<br />
change the decision-making process<br />
for funding new programs in the local<br />
government’s jurisdiction, that may<br />
take significant staff time and effort<br />
to design ahead of upcoming budget<br />
cycles. But if your internal team<br />
could introduce a new variable in a<br />
shorter timeframe for reporting on<br />
budget figures, it may be possible to<br />
clearly demonstrate a need for new<br />
decision-making criteria when faced<br />
with data on the growing disparities<br />
among various communities.<br />
The City of Baltimore, Maryland,<br />
has made a significant push toward<br />
transparency and open data on many<br />
city services, including those related<br />
to COVID-19 recovery. This includes<br />
real-time, public dashboards that<br />
show spending trends for the city<br />
and its agencies. 9<br />
Conclusion<br />
With increased federal funding<br />
to support economic recovery in<br />
the wake of COVID-19, cities are<br />
being handed the keys to allocate<br />
Coronavirus Aid, Relief, and<br />
Economic Security Act (CARES),<br />
American Rescue Plan Act (ARPA),<br />
and any future federal dollars<br />
toward more equitable programs<br />
and services. Resistance to equity<br />
may show up in an organization<br />
as skepticism around these funds<br />
and their purposes—however,<br />
the guidance for CARES Act, ARP<br />
Act, and, likely, any eventual<br />
infrastructure bill creates incentives<br />
for investment in previously<br />
neglected communities. Sharing<br />
plans for this spending alongside the<br />
annual operating budget can further<br />
demonstrate a comprehensive<br />
response to constituent needs and<br />
goals, regardless of the funding<br />
source. As these federal programs<br />
pave the way, one’s change<br />
management muscles must be<br />
well-developed to take on budgeting<br />
for equity, and other equitable<br />
initiatives in additional contexts.<br />
Ultimately, change management is<br />
about shifting the existing culture—<br />
preserving the great things about<br />
an organization while restructuring<br />
and updating its activities and<br />
service delivery to better align<br />
with its core values and priorities<br />
moving forward. In an ideal world,<br />
this might happen with the flip of a<br />
switch—however, even the best plans<br />
cannot be developed or successfully<br />
implemented in the real world without<br />
a receptive and supportive culture.<br />
The tactics laid out in this resource<br />
can be catalysts for positive,<br />
incremental change to create that<br />
future culture—and to shape it with<br />
a focus on more equitable policies,<br />
investments, and outcomes.<br />
Joe Buckshon is a senior analyst in the<br />
Management and Budget Consulting<br />
practice at PFM. Matthew Stitt is a<br />
director in the Management and Budget<br />
Consulting practice and co-director<br />
of the Center for Budget Equity and<br />
Innovation at PFM. He is also the former<br />
chief financial officer for City Council,<br />
City of Philadelphia, Pennsylvania.<br />
PFM is a technical assistance provider<br />
for the City Budgeting for Equity and<br />
Recovery program.<br />
1<br />
Adapted from Kotter’s Model for Change<br />
Management, Kotter Inc., kotterinc.com/<br />
methodology/8-steps/.<br />
2<br />
The Power Mapping Template, the Change Agency,<br />
thechangeagency.org/power-mapping-template/.<br />
3<br />
Kathleen Yang-Clayton and Kimberly Richardson,<br />
“Operationalizing Racial Equity: Beginning from within<br />
Your Organization,” September 2021, PM Magazine.<br />
4<br />
Christopher Flavell, “A Climate Plan in Texas Focuses<br />
on Minorities. Not Everyone Likes It,” July 24, 2020,<br />
New York Times.<br />
5<br />
Danica Lloyd, “Harris County to launch $30M<br />
small-business relief fund Sept. 20, August 10, 2021,<br />
Community Impact.<br />
6<br />
Lisa Halverstadt, “Why Some Streets Get Repaired<br />
Over Others, January 25, 2019, Voice of San Diego.<br />
7<br />
City of Oakland, 2019 3-Year Paving Plan<br />
Development Process, oaklandca.gov/projects/2019-<br />
paving-plan-development-process.<br />
8<br />
Elliot Karl, “Prioritizing Community Values in Capital<br />
Budgeting.” Government Finance Review, June 2021.<br />
9<br />
Recall the prior recommendation on initially using<br />
metrics as definitions of equity—by simply including a<br />
report of spending by the CDC or HUD geographical<br />
variable, any city could display potential opportunities<br />
to increase equitable spending.<br />
56
RETHINKING<br />
PUBLIC<br />
PUBLIC<br />
ENGAGEMENT<br />
ENGAGEMENT<br />
SUMMIT<br />
SUMMIT<br />
This summit will bring together academics, researchers,<br />
This summit will bring together academics, researchers,<br />
civic technology experts, local government praccconers,<br />
civic technology experts, local government praccconers,<br />
and other thought leaders to rethink public engagement.<br />
and other thought leaders to rethink public engagement.<br />
Explore “design principles” for improving public engagement<br />
Explore<br />
on local government<br />
“design principles”<br />
budget<br />
for<br />
discussions.<br />
improving public engagement<br />
on local government budget discussions.<br />
Foster an exchange of ideas around providing new outlets<br />
for<br />
Foster<br />
public<br />
an<br />
engagement<br />
exchange of<br />
to<br />
ideas<br />
flourish.<br />
around providing new outlets<br />
for public engagement to flourish.<br />
VIRTUAL EVENT<br />
VIRTUAL EVENT<br />
November 7-10<br />
10+ Sessions<br />
REGISTRATION<br />
REGISTRATION<br />
gfoa.org/rpe<br />
Rethinking Public Engagement is part of GFOA’s Rethinking<br />
Rethinking Budgeeng Public iniiaave Engagement which seeks is part out and of GFOA’s shares Rethinking unconvennonal<br />
Budgeeng but promising iniiaave methods which for seeks local governments out and shares to unconvennonal<br />
improve how<br />
but they promising budget, and methods how they for local embrace governments the defining to improve issues of how our me.<br />
they budget, and how they embrace the defining issues of our me.
58
RATIO ANALYSIS, SIMPLIFIED<br />
Ratio Analysis,<br />
Simplified<br />
An Alternative Framework for Analyzing<br />
the Financial Condition of a Government<br />
Using Mead’s 10-Point Ratios<br />
BY AMAN KHAN AND OLGA MUROVA<br />
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
Financial ratios are a<br />
valuable tool for analyzing<br />
an organization’s<br />
financial condition. While<br />
the 10-point ratios and<br />
their extensions continue<br />
to provide the foundation for much<br />
of the discussion on the subject, the<br />
methodology underlying the approach<br />
has an important weakness: it is<br />
heavy on data requirement, which<br />
could be extremely time-consuming.<br />
Also, the choice of the scale—as used<br />
by Ken Brown and subsequently by<br />
Dean Mead—to determine the overall<br />
financial condition of a government<br />
needs further refinement. In this<br />
article, we develop a composite<br />
measure, an index, based primarily on<br />
Mead’s ratios, that is simple and easy<br />
to analyze and interpret. 1<br />
Methodological overview<br />
Several important characteristics<br />
of both Brown and Mead’s ratios are<br />
worth noting. 2<br />
• Like Brown, Mead uses 10 ratios<br />
but refines them considerably in<br />
light of the changes in the reporting<br />
procedures introduced in 1999,<br />
under the Governmental Accounting<br />
Standards Board (GASB) Statement<br />
34, Basic Financial Statements<br />
– and Management’s Discussion<br />
and Analysis for State and Local<br />
Governments.<br />
• The refined ratios are inherently<br />
financial in character, which better<br />
reflects the financial conditions of a<br />
government, for example, financial<br />
position, financial performance,<br />
liquidity, solvency, revenues, debt<br />
burden, debt coverage, and longterm<br />
fixed (capital) assets.<br />
• The use of purely financial ratios<br />
makes it possible to collect the<br />
relevant data directly from the<br />
annual financial reports.<br />
• Both Brown and Mead use a large<br />
number of similar-size governments<br />
as a benchmark against which the<br />
ratios of a government are compared<br />
to determine its overall financial<br />
condition, as noted previously. For<br />
instance, Brown uses 750 small<br />
cities of similar size and Mead also<br />
uses a large number of cities. It can<br />
require an enormous amount of time<br />
to gather the relevant data, analyze<br />
it, and compare the results.<br />
From a methodological perspective,<br />
both Brown and Mead use quartile<br />
analysis, an ordered statistic that<br />
divides data into four quarters, with<br />
each quarter containing 25 percent<br />
of the data (Q1 = lowest 25 percent;<br />
Q2 = between 25 and 50 percent; Q3 =<br />
between 50 and 75 percent; and Q4 =<br />
the highest 25 percent) to determine<br />
where the ratios of a city in question<br />
would fall on a particular quartile.<br />
Both authors also use a four-point<br />
Likert-type scale that ranges between<br />
-1 and +2. For example, if the ratio of a<br />
city falls on Q1 it will receive a value<br />
of -1; if it falls on Q2 it will receive 0; if<br />
it falls on Q3 it will receive +1; and if it<br />
falls on Q4 it will receive +2. Finally,<br />
to determine the overall ranking of<br />
a city relative to the database cities,<br />
both authors use a scoring system that<br />
ranges between -10 and +20, where<br />
10 or more is considered among the<br />
best, 5 to 9 is better than most, 1 to<br />
4 is about average, 0 to -4 is worse<br />
than most, and -5 or less is among the<br />
worst. It is unclear why this particular<br />
scoring system was used, along with,<br />
more importantly, the cut-off points<br />
for determining the overall financial<br />
condition. Brown recognizes this<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 59
RATIO ANALYSIS, SIMPLIFIED<br />
apparent weakness, however, and<br />
suggests that individual researchers<br />
could modify the scoring technique<br />
if necessary.<br />
The approach suggested here<br />
is based on Mead’s ratios, rather<br />
than Brown’s, because they are<br />
predominantly financial in<br />
character. Also, the information<br />
can be easily obtained from a<br />
government’s annual financial<br />
report, which makes the data<br />
collection considerably easy. In fact,<br />
Mead does a great job of indicating<br />
the specific statement in the report,<br />
which contains the information<br />
one would need to construct a<br />
particular ratio. On the other hand,<br />
our approach does not require a<br />
large number of governments of<br />
comparable size to determine the<br />
overall financial condition of a<br />
government. Additionally, it avoids<br />
the ranking system both Brown<br />
and Mead use, which is somewhat<br />
inconsistent as to the arithmetic<br />
distance between the ranks, with a<br />
scale that is consistent. The product<br />
of this approach is an index, a single<br />
measure, based on the same 10<br />
ratios Mead uses. 3 Operationally,<br />
a single measure such as an index<br />
is more efficient than a measure<br />
that compares each individual ratio<br />
against a benchmark based on many<br />
similar governments. The process,<br />
as we noted, can be extremely timeconsuming.<br />
Constructing the index<br />
The index suggested here has several<br />
important characteristics:<br />
• It ranges between 0 and 1 (for<br />
instance, between 0 and 100<br />
percent), which is important for<br />
maintaining the consistency of<br />
the ratios.<br />
• It ensures that the ratios fall<br />
within this range. To achieve<br />
this, the original ratios were<br />
algebraically reformulated<br />
without changing any of the<br />
variables in a ratio, except for a<br />
minor change in one-R7.<br />
EXHIBIT 1 | COMPARISON OF BROWN-MEAD AND THE ALTERNATIVE FRAMEWORK<br />
BROWN-MEAD<br />
SCORE<br />
BROWN-MEAD<br />
RATING<br />
• The individual ratios (scores)<br />
are then averaged to produce a<br />
composite score (for example,<br />
an index).<br />
• The index is compared against<br />
a five-point Likert-type scale<br />
(5 = excellent, 4 = very good, 3 =<br />
good, 2 = poor, and 1 = very poor)<br />
to determine a government’s overall<br />
financial condition.<br />
Since the composite score can fall<br />
anywhere between 0 and 1 (as in,<br />
between 0 and 100), we use quintiles<br />
instead of quartile range to make the<br />
final ranking consistent with the<br />
rating structure Brown and Mead use.<br />
Exhibit 1 shows the comparison of the<br />
two rating systems.<br />
According to Exhibit 1, for instance,<br />
a composite score of 0.25, under our<br />
alternative framework, would fall<br />
between 0.2 and 0.4, and will be rated<br />
as poor—which would be worse than<br />
most under the Brown-Mead system.<br />
Similarly, a composite score of 0.75<br />
ALTERNATIVE<br />
FRAMEWORK SCORE (%)<br />
ALTERNATIVE RATING<br />
(AND SCALE)<br />
-5 or less among the worst 0.0-0.2 (0-20) very poor (1)<br />
0 - (-4) worse than most 0.2-0.4 (20-40) poor (2)<br />
1 - 4 about average 0.4-0.6 (40-60) good (3)<br />
5 - 9 better than most 0.6-0.8 (60-80) very good (4)<br />
10 or more among the best 0.8-1.0 (80-100) excellent (5)<br />
A single measure<br />
such as an index is<br />
more efficient than a<br />
measure that compares<br />
each individual ratio<br />
against a benchmark<br />
based on many similar<br />
governments.<br />
under our system would fall between<br />
0.6 and 0.8 and will be rated as very<br />
good; under the Brown-Mead system,<br />
it would be better than most. Another<br />
significant difference between the two<br />
systems is that, while we use the same<br />
10 ratios as Mead, we use a slightly<br />
different algebraic formulation for<br />
each ratio to ensure that our scores fall<br />
within the specified range between 0<br />
(low) and 1 (high). This is necessary<br />
to make sure that all the ratios have a<br />
positive constant within the defined<br />
range, making the index construction<br />
simple and also easy to interpret.<br />
Exhibit 2 shows the comparison of our<br />
ratios with those of Mead, and their<br />
corresponding algebraic formulations.<br />
Two things are worth noting in our<br />
formulation of the ratios. One, all but<br />
three of the ratios (R1, R3, and R10)<br />
were algebraically reformulated to<br />
ensure that, when converted, our<br />
ratios would produce a value between<br />
0 and 1 to help us construct the index. 4<br />
Two, the debt burden ratio (R7), which<br />
is per capita debt, was refined to better<br />
reflect the extent of debt burden.<br />
While per capita debt is frequently<br />
used as a measure of debt burden, it<br />
has an inherent weakness in that it<br />
doesn’t provide a precise measure<br />
of the severity of debt, especially<br />
considering a government’s ability to<br />
meet its debt obligations. For instance,<br />
two governments with identical debt<br />
but different population size will<br />
produce different ratios—providing<br />
different pictures of the burden, which<br />
may not reflect the actual severity of<br />
60
EXHIBIT 2 | ALGEBRAIC FORMULATION OF MEAD’S RATIOS: ORIGINAL AND ALTERNATIVE FORMULATION<br />
MEAD’S RATIOS<br />
ALGEBRAIC<br />
FORMULATION<br />
(A= numerator and<br />
B= denominator)<br />
ALTERNATIVE<br />
FORMULATION OF<br />
MEAD’S RATIOS<br />
MEAD’S RANKING<br />
INTERPRETATION<br />
RANKING UNDER<br />
ALTERNATIVE<br />
FORMULATION<br />
R1: Short-run financial position: Unreserved<br />
general fund balance ∕ General fund revenues<br />
R2: Liquidity: General fund cash and investments ∕<br />
(General fund liabilities − General fund deferred<br />
revenues)<br />
R3: Financial performance: Change in governmental<br />
activities net assets ∕ Total governmental activities<br />
net assets<br />
R4: Solvency: (Primary government liabilities −<br />
Deferred revenues) ∕ Primary government revenues<br />
R5: Revenues, A: (Primary government operating<br />
grants + Unrestricted aid) ∕ Total primary<br />
government revenues<br />
R6: Revenues, B: (Net expense, or revenue, for<br />
governmental activities ∕ Total governmental<br />
activities expenses) x -1<br />
A∕B A ∕B (Unchanged) High Good High<br />
A∕B A ∕(A+B) High Good High<br />
A∕B A ∕B (Unchanged) High Good High<br />
A∕B B∕(A+B) Low Good High<br />
A∕B B∕(A+B) Low Good High<br />
(A ∕B) x (-1) 1-((A+B)∕B) Low Good High<br />
R7: Debt burden: Total outstanding debt of the<br />
primary government ∕ Population<br />
A∕B<br />
1−(Total Debt∕ Total<br />
Assets (Changed)<br />
Low Good High<br />
R8: Coverage, A: Debt service ∕ Non-capital<br />
governmental funds expenditures<br />
R9: Coverage, B: (Enterprise funds operating<br />
revenue + Interest expense) ∕ Interest expense<br />
R10: Capital assets: (Ending net value of primary<br />
government capital assets − Beginning net<br />
value) ∕ Beginning net value<br />
A∕B (B-A)∕B Low Good High<br />
A∕B (A ∕B)/((A ∕B)+1) High Good High<br />
A∕B A ∕B (Unchanged) High Good High<br />
the debt. A better alternative would<br />
be to use total assets rather than<br />
population because it is the size of<br />
the asset that, in the final analysis,<br />
determines the ability of a government<br />
to incur debt (for instance, its ability<br />
to borrow). 5 Additionally, obtaining<br />
the information should not be difficult<br />
since it is easily available from the<br />
annual financial reports.<br />
Another point worth noting in our<br />
approach is that all the ratios we use<br />
have the same weight. Both Brown<br />
and Mead assume that the ratios are<br />
of equal importance and therefore<br />
have the same weight, although Brown<br />
leaves the option to future users to<br />
make any changes. Our index also<br />
doesn’t make changes in the weight<br />
structure, keeping it the same as<br />
Brown and Mead—but, like Brown, it<br />
leaves the door open.<br />
EXHIBIT 3 | APPLICATION OF THE METHOD<br />
MEAD’S RATIOS<br />
ALGEBRAIC<br />
EXPRESSION<br />
APPLIED TO<br />
MEAD’S STUDY<br />
R1: Short-run financial position A∕B 0.37 0.33<br />
R2: Liquidity A ∕(A+B) 0.90 0.86<br />
R3: Financial performance A∕B 0.07 0.47<br />
R4: Solvency B∕(A+B) 0.47 0.29<br />
R5: Revenues−A B∕(A+B) 0.90 0.96<br />
R6: Revenues−B 1−((A+B)∕B) 0.72 0.72<br />
R7: Debt burden 1−(A ∕ B) 0.77 0.99<br />
R8: Coverage−A (B−A)∕ B 0.84 0.76<br />
R9: Coverage−B (A ∕B)∕((A ∕B)+1) 0.98 1.00<br />
R10: Capital assets A∕B 0.05 0.11<br />
APPLIED TO<br />
LUBBOCK (2020)<br />
Index = (R1:R10)∕10 Arithmetic average 6.07∕10 = 0.607 6.49∕10 = 0.65<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 61
RATIO ANALYSIS, SIMPLIFIED<br />
EXHIBIT 4 | FINANCIAL INDEX FOR LUBBOCK<br />
AVERAGE INDEX<br />
RATIO CALCULATIONS (as applied to Mead’s study)<br />
R1 = A/B (Stays the same)<br />
= 0.37 or 37%<br />
R2 = A/(A+B)<br />
= 4,377,368/(4,377,368 + (796,058-306,473)) = 4,377,368 / 4,866,953 = 0.899 or 89.9%<br />
R3 = A/B (Stays the same)<br />
= 0.07 or 7%<br />
R4 = B/(A+B)<br />
= (15,877,339+1,425,380 + 627,815+19,928,578)/((43,441,261-179,857)<br />
+ (15,877,339+1,425,380 + 627,815+19,928,578))= 37,859,112/(43,261,404 + 37,859,112)<br />
= 37,859,112/81,120,576 = 0.47 or 47%<br />
R5 = B/(A+B)<br />
= (15,877,339+1,425,380+627,815+19,928,578)/((1,425,380+2,666,347)+37,859,112)<br />
= 37,859,112/(4,091,727+37,859,112) = 37,859,112/41,950,839 = 0.90 or 90%<br />
R6 = 1-((A+B)/B))<br />
= 1-(-15,921,202+22,228,063)/22,228,063) = 1-(6,306,861/22,228,063) = 1-0.28 = 0.72 or 72%<br />
R7 = 1-(A’/B’)<br />
= 1-(22,981,400+11,603,300)/151,642,682 = 1-(34,584,700/151,642,682) = 1-0.23 = 0.77 or 77%<br />
R8 = (B-A)/B<br />
= ((26,518,698-4,601,515)-3,500,823)/(26,518,698-4,601,515) = 18,416,360/21,917,183<br />
= 0.84 or 84%<br />
R9 = ((A/B)/((A/B)+1)<br />
= (11,257,893/232,908)/((11,257,893/232,908)+1) = 48.3362/49.3362 = 0.98 or 98%<br />
R10 = A/B (Stays the same)<br />
= 0.05 or 5%<br />
0.800<br />
0.700<br />
0.600<br />
0.500<br />
0.400<br />
0.300<br />
0.200<br />
0.100<br />
0.000<br />
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020<br />
Application of the index<br />
To determine the soundness of our<br />
index—in other words, how well it<br />
compares with Mead’s ratios—we apply<br />
it in two stages: first, to the study Mead<br />
uses, and, next, to a mid-size city in<br />
the State of Texas. For the latter, we use<br />
ratios for several years to provide an<br />
assessment of the financial condition<br />
of the city over time, although it is not<br />
necessary to use multiple years. A single<br />
year to determine the current financial<br />
condition should suffice. Exhibit 3<br />
shows the results of our approach, when<br />
applied to Mead’s study, as well as to the<br />
sample city.<br />
As shown in Exhibit 3, when applied<br />
to Mead’s study, our approach produces<br />
a composite score (arithmetic average)<br />
of 0.607, or 60.7 percent, which puts the<br />
city’s financial condition as very good<br />
(better than most) and compares well<br />
with Mead’s own ratio. The score<br />
Mead’s analysis produced was 5, which<br />
means the financial condition of the<br />
city, according to Mead, was better than<br />
most (very good). Interestingly, the<br />
scores produced by both approaches<br />
place the city at the lower end of the<br />
scale—the lower end of better than most<br />
and very good.<br />
Next, we apply the index to the<br />
City of Lubbock, Texas, a mid-size<br />
city that has been growing slowly but<br />
consistently over the years. It has a good<br />
economic base that is relatively stable<br />
and healthy, with a strong foundation<br />
in agriculture, followed by advanced<br />
technology, energy, financial services,<br />
healthcare and bioscience, education,<br />
and hospitality. Lubbock is also the<br />
central hub of the South Plains region,<br />
one of the largest cotton-producing<br />
regions in the world 6 —which, along<br />
with energy, healthcare services, and<br />
education provides a financial safety<br />
net against the economic ups and downs<br />
that often affect larger communities.<br />
This is evident in the overall financial<br />
condition of the city. For instance, the<br />
composite score for Lubbock for 2020<br />
was 0.65, or 65 percent (see Exhibit 3),<br />
which rates the city’s overall financial<br />
condition as very good (better than<br />
62
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
most). Exhibit 4 shows the composite<br />
scores for the city over a 19-year<br />
period, from 2002 to 2020.<br />
As Exhibit 4 shows, the scores<br />
range between 0.5 and 0.7, indicating<br />
that the financial condition of the<br />
city has been consistently between<br />
good and very good. Looking at the<br />
trend and, more importantly, the<br />
growth in population—which has<br />
been increasing steadily—it seems<br />
unlikely that the trend will change<br />
anytime soon. In fact, we can use<br />
this information to forecast the<br />
future financial condition of the<br />
city. This is an important advantage<br />
of ratio analysis: If one has data on<br />
past financial ratios, they can be<br />
easily used to forecast the financial<br />
condition of a government for any<br />
number of years.<br />
Conclusion<br />
While ratio analysis has its strengths<br />
and limitations, Mead’s 10-point<br />
ratios will continue to be used as<br />
firsthand approximation of the<br />
financial condition of a government.<br />
Also, as the financial conditions of a<br />
government change, or as changes are<br />
made in the reporting requirements<br />
by GASB, the ratios will need to be<br />
updated to reflect the change. The real<br />
challenge, though, is to find a suitable<br />
approach for analyzing the ratios<br />
without placing a heavy demand on<br />
time or data requirements—but the<br />
approach must be methodologically<br />
sound, and, more importantly, appeal<br />
to an organization that is interested in<br />
using the ratios. The advantage of the<br />
approach suggested here is that it is<br />
simple and can be applied to any level<br />
of government, as well as to business<br />
enterprises, which have a long history<br />
of using ratio analysis. Furthermore,<br />
the suggested methodology can be<br />
expanded to include any number of<br />
ratios, not just 10.<br />
Aman Khan is a professor at Texas<br />
Tech University, Lubbock, Texas.<br />
Olga Murova is an associate professor at<br />
Texas Tech University, Lubbock, Texas.<br />
THE HISTORY OF FINANCIAL RATIOS<br />
Financial ratios have been extensively used in the private sector since the 1920s,<br />
following the development of the income tax code in 1913 and the establishment<br />
of the Federal Reserve System in 1914. In government, they drew considerable<br />
attention, first with the publication of ICMA’s Financial Trend Monitoring System,<br />
followed by two major developments—the publication of Ken Brown’s 10-Point<br />
Ratios and the subsequent refinement by Dean Mead. Since then, there have been<br />
numerous studies suggesting ways to improve the ratios, along with an extensive<br />
array of applications of these ratios in government.<br />
For more information:<br />
• Performance Audit of City’s Financial Condition, Office of the Auditor, City of<br />
San Diego, California, 2015.<br />
• Measuring San Jose’s Financial Condition, Office of the Auditor, City of San Jose,<br />
California, 2016.<br />
• Indicators of Financial Condition: A Comparison of Chicago to 12 other Cities,<br />
The Civic Federation, 2013.<br />
• William C. Rivenbark and Dale J. Roenigk, “Implementation of Financial Condition<br />
Analysis in Local Government,” Public Administration Quarterly, Summer 2011.<br />
1<br />
Dean Michael Mead, “The New Financial Statements:<br />
Reconnecting with Basics of Financial Management”<br />
Journal of Public Affairs Education, April 2001.<br />
2<br />
Kenneth W. Brown,” The 10-Point Test of Financial<br />
Condition: Toward an Easy-to-Use Assessment Tool for<br />
Smaller Cities,” Government Finance Review, December<br />
1993; ibid.<br />
3<br />
An important contribution of the approach suggested<br />
here is that it does not have to be restricted to 10 ratios<br />
both Brown and Mead use; it can be applied to any<br />
number of ratios, such as those suggested by ICMA<br />
(1980), and for any level of government or type of<br />
organization—public, private, and quasi-public. The<br />
only requirement is that the algebraic formulations<br />
will be different in each situation, depending on the<br />
type of ratio, but the overall framework for analysis will<br />
remain the same. See: J. Griesel and J. Leatherman,<br />
Evaluating Financial Condition, A Handbook for Local<br />
Government, ICMA Fiscal Indicators Resource Guide,<br />
Kansas State University, Office of Local Government,<br />
2005.<br />
4<br />
Interestingly, under our system, as shown in Exhibit 3, the<br />
algebraic formulation of R6 produces exactly the same<br />
result as Mead’s but has the advantage of not needing to<br />
be multiplied by -1 to avoid a negative value, which could<br />
not be explained otherwise.<br />
5<br />
We assume here that total debt will not exceed total<br />
assets, which is, by and large, the case with state and<br />
local governments because of the restrictions on these<br />
governments regarding how much they can borrow,<br />
given their overall financial condition, in particular the size of<br />
their assets. The logic of the argument is simple: It is the size<br />
of the asset that determines the ability of a government to<br />
borrow. There is a parallel here with firms and businesses<br />
in that when a firm defaults, it sells off its assets to meet<br />
its debt obligations—first to the debt holders, and then to<br />
the stockholders. Likewise, if a government defaults, it may<br />
be required to do the same. For instance, when the City of<br />
Cleveland, Ohio, defaulted in 1978 for failing to repay $14<br />
million in loans it owed to six local banks and subsequently<br />
was unable to market its bonds for almost two years, it was<br />
on the verge of selling off some of its assets to meet its<br />
debt obligations to the debt holders until the state came to<br />
its rescue, according to Case Western Reserve University,<br />
Encyclopedia of Cleveland History.<br />
This does not, however, apply to U.S. government debt<br />
because it does not have the same restrictions for<br />
borrowing as the state and local governments do. For<br />
instance, the total assets of the government were $4.9<br />
trillion in FY 2021, compared to its debt for the year of $34.8<br />
trillion, which includes $22.3 trillion in actual debt, $10.2<br />
trillion in federal employee and veterans benefits payable,<br />
and the rest on interest payable (see: Bureau of the<br />
Fiscal Service, Financial Report of the United States). The<br />
government is able to borrow more than its assets because<br />
it has a variety of instruments that it can use without<br />
necessarily requiring it to sell off its assets to meet its debt<br />
obligations.<br />
6<br />
Cotton Production Regions of Texas, Texas A&M AgriLife<br />
Extension<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 63
Building up your infrastructure?<br />
Start by Building knocking Building up down your up infrastructure?<br />
your your financing infrastructure?<br />
costs.<br />
Start by knocking by knocking down your down financing your costs.<br />
financin<br />
More than 15,000 issuers have saved money by insuring their bonds<br />
with us. Their interest rates are lower because of our financial strength,<br />
More than than 15,000 15,000 issuers issuers have saved have money saved by insuring money their by bonds insuring their bonds<br />
unconditional More than guaranty 15,000 of issuers timely principal have and saved interest money payments, by and insuring their bonds<br />
with us. us. Their Their interest interest rates are rates lower because are lower of our because financial strength, of our financial strength,<br />
disciplined with us. credit Their selection interest and rates surveillance. are lower To learn because how to issue of more our financial strength,<br />
unconditional guaranty guaranty of timely of principal timely and principal interest payments, and interest and payments, and<br />
cost-efficient unconditional municipal guaranty bonds, visit of AssuredGuaranty.com.<br />
timely principal and interest payments, and<br />
disciplined credit credit selection selection and surveillance. and surveillance. To learn how to To issue learn more how to issue more<br />
disciplined credit selection and surveillance. To learn how to issue more<br />
ASSURED cost-efficient GUARANTY municipal MUNICIPAL municipal bonds, CORP. — ASSURED visit bonds, AssuredGuaranty.com.<br />
GUARANTY visit CORP. AssuredGuaranty.com.<br />
— NEW YORK, NY<br />
cost-efficient municipal bonds, visit AssuredGuaranty.com.<br />
64<br />
ASSURED GUARANTY MUNICIPAL MUNICIPAL CORP. — ASSURED CORP. GUARANTY — ASSURED CORP. — GUARANTY NEW YORK, NYCORP. — NEW YORK, NY<br />
ASSURED GUARANTY MUNICIPAL CORP. — ASSURED GUARANTY CORP. — NEW YORK, NY
In Practice<br />
FINANCE | ACCOUNTING | PERSPECTIVES | INTERVIEW<br />
FINANCE<br />
THE CITY OF COLLEGE STATION, TEXAS<br />
Creating a Collaborative Budget Process<br />
BY DARRELL BANKS<br />
Not long ago, the budget<br />
process for the City of<br />
College Station, Texas,<br />
was what Director<br />
of Fiscal Services<br />
Mary Ellen Leonard describes as a<br />
“kind of cloak-and-dagger” affair.<br />
Departments would receive their<br />
projected budgets and then turn in<br />
sheets with their budget requests to<br />
the budget team. A group consisting<br />
of the city manager, the assistant<br />
city manager, the director of fiscal<br />
services, and the budget manager<br />
would then sift through and prioritize<br />
the requests in a closed-door meeting.<br />
The group would leave the meeting<br />
with the completed budget that<br />
had been divined by what people<br />
thought was “some kind of magic<br />
behind the scenes,” Leonard said.<br />
As a result, some departments<br />
would go directly to the city council<br />
with budget requests that had not<br />
been granted, causing unexpected<br />
changes to the budget.<br />
“It was uncomfortable for me.<br />
It went against how I was taught in<br />
the private sector about how things<br />
needed to happen,” Leonard explained.<br />
“It was really kind of odd to me that<br />
we would just go into a room, and I<br />
would come out saying, ‘Go do this.’”<br />
When a newly appointed city<br />
manager tasked Leonard with<br />
improving the city’s FY 2020 budget<br />
process, these frustrations were top of<br />
mind for Leonard and her team.<br />
he request was simple. “He<br />
basically said he wanted me to<br />
figure out how to make the process<br />
collaborative, Leonard said.<br />
Leonard, in partnership with<br />
Erik Walker, city budget manager, took<br />
this directive and developed a process<br />
that Walker describes as “breaking the<br />
mold of what they've done before.”<br />
They call their new process<br />
the Budget Congress.<br />
“We would take a little bit of what had<br />
been done, but then make that secret<br />
room meeting wide open,” Leonard<br />
said. “And that secret room meeting is<br />
what became the Budget Congress.”<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 65
IN PRACTICE | FINANCE<br />
Leonard explained how the new<br />
process works. The directors submit<br />
their priorities, and then the budget<br />
team sets aside some days for each<br />
department to explain their requests in<br />
greater detail and why they matter to the<br />
city manager group. At that point, the<br />
other directors can listen. “They don't<br />
have to be there, but all do show up now,<br />
and they listen to what has happened<br />
with the other departments and what<br />
their needs are,” she said. After that<br />
meeting, the group puts together a<br />
survey form listing the departmental<br />
requests and asks the directors to rank<br />
the requests and tell the group what<br />
they think the city needs.<br />
At this point, some of the directors<br />
take what they’ve learned in the<br />
meetings and confer with their<br />
departmental leadership to reprioritize<br />
their needs before submitting their<br />
survey responses.<br />
“Once I heard the requests of the other<br />
departments, I took that information<br />
back to leaders in my department,<br />
and we looked at those requests and<br />
weighed them against our own needs.<br />
We prioritized what we thought would<br />
be best for the city overall,” Director of<br />
Public Works Emily Fisher said.<br />
The budget team takes those<br />
rankings into the Budget Congress,<br />
attended only by the directors, Leonard<br />
said. The directors look at what<br />
everybody thought their priorities were<br />
and decide if the group agrees. Not only<br />
has this process led to departments<br />
being willing to accept receiving less<br />
than 100 percent of their requests but<br />
being actively involved in advocating<br />
for the needs of other departments<br />
over their own in the interest of the<br />
community.<br />
For example, Police Chief Billy<br />
Couch came to the Budget Congress<br />
this year with a request for a “Canine<br />
Sustainability Plan” (or as Leonard<br />
lovingly calls it, the “Paw Patrol”).<br />
The canine unit received the highest<br />
ranking from all the departments<br />
going into the Budget Congress, but<br />
during further discussions, Couch<br />
changed his mind, realizing that<br />
there was a problem area that needed<br />
to take precedence. At this point, the<br />
directors packaged all the numerous<br />
requests for that area. “Everyone came<br />
to realize that this issue was more<br />
important than they’d realized, and<br />
the budget requests were reprioritized<br />
accordingly,” she explained.<br />
“The Budget Congress gives me an<br />
opportunity to hear other departments’<br />
needs that I wouldn't have been<br />
familiar with at all,” Couch shared.<br />
“Having them come forward and talk<br />
through their priorities and what<br />
they are encountering that they need<br />
budgetary help with is important<br />
because I wouldn't get that information<br />
any other way. It's important for me<br />
not just to be able to sell my needs to<br />
others, but to also sell others’ needs to<br />
my department. My team has buy-in<br />
with the requests that go forward,<br />
knowing that we didn't get our canine<br />
sustainability plan this year because<br />
it was too expensive, and it offset the<br />
important needs of other departments.”<br />
In addition to being a tool to cultivate<br />
buy-in, the open communication the<br />
Budget Congress has fostered has also<br />
opened the door for other creative<br />
solutions.<br />
“The fleet is a commodity we rely<br />
on heavily, and nowadays, everything<br />
with the cars is so technical that the<br />
IT departments are pretty integral into<br />
the field, to make sure those things<br />
stay up and running,” Couch said “It’s<br />
not mechanical anymore. It’s more<br />
technology.”<br />
Couch detailed some of the struggles<br />
his department has had with a<br />
backlog of tickets for fleet service.<br />
“This year, we created a position for a<br />
field tech who would serve the Police<br />
Department in addressing these issues<br />
in our fleet. The IT Department would<br />
need to credential [the position] the<br />
way that they do their employees—but<br />
they’re going to be assigned to the<br />
Police Department to address the<br />
demands of the fleet, so the sense<br />
of urgency needed for public safety<br />
concerns doesn’t interfere with all the<br />
other city’s IT emergencies. They will<br />
just focus on keeping these cars up and<br />
66
unning. And without this meeting,<br />
we wouldn't have had the level of<br />
collaboration needed to talk through<br />
this solution.”<br />
After three years of operations, the<br />
results are easy to see, although the<br />
team admits that success did not come<br />
overnight. It took time.<br />
“I would say it's definitely evolved<br />
over time,” Walker shared. “The<br />
departments hesitated at first just<br />
because it was new, and they weren't<br />
quite sure how this information was<br />
being used.” Some wondered how<br />
honest they should be in an open forum.<br />
Walker vividly remembers the<br />
struggles the first Budget Congress<br />
meeting faced because “there wasn't<br />
necessarily an inflection point, where<br />
a decision would be made on how<br />
to proceed.” He recalled that after a<br />
long period of discussion, one of the<br />
department directors stood up and<br />
moved the conversation along.<br />
“The first year was really painful,”<br />
Leonard agreed, adding that “we in<br />
Fiscal Services didn't want to be the<br />
ones stepping out there, trying to get<br />
people to talk. We didn’t have the clout.<br />
Then the second year was COVID,<br />
and it was all via Zoom. That was also<br />
interesting, because some people<br />
had their cameras on, some people<br />
didn't, and you couldn't get a lot of the<br />
I would say to a budget<br />
director of another city<br />
that didn't have this<br />
that transparency can<br />
be scary, but you're<br />
going to be better off if<br />
you take that leap.”<br />
MARY ELLEN LEONARD<br />
DIRECTOR OF FISCAL SERVICES,<br />
COLLEGE STATION, TEXAS<br />
nonverbal communication feedback.<br />
It has taken some time to be able to<br />
overcome communication challenges<br />
and build the necessary trust.” “True<br />
trust doesn't happen overnight.”<br />
With that in mind, the team shared<br />
their advice for other governments that<br />
want to try implementing a similar<br />
budgeting process.<br />
“It's important to really get down into<br />
the weeds of understanding the other<br />
departments. It starts with just trust<br />
in the directors, and when they make<br />
the presentations, take good notes,<br />
listen, and bring that back home to my<br />
department,” Couch said.<br />
“You can't just drop a new process<br />
on a team and say, ‘This is what<br />
we're going to do now,’” Fisher added.<br />
“Change management, explaining the<br />
process, and cultivating buy-in are all<br />
very important.”<br />
Walker agreed. “No department is<br />
an island,” he said. “Even if you don't<br />
see the immediate impact of what<br />
another department is requesting,<br />
there’s going to be second, third,<br />
fourth order effects down the line.<br />
We might not see it in year one or year<br />
two, but an improvement that another<br />
department is asking for will have an<br />
impact on the city at-large, and it will<br />
affect how your department operates.”<br />
“I would say to a budget director of<br />
another city that didn't have this that<br />
transparency can be scary, but you're<br />
going to be better off if you take that<br />
leap,” Leonard concluded. “You can<br />
lead your city to a more open place<br />
if you do it by example. The most<br />
critical process is the development<br />
of the budget, and if you want a more<br />
transparent, open, and collaborative<br />
city, take that first step.”<br />
Darrell Banks is an intern in GFOA’s<br />
Research and Consulting Center.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 67
IN PRACTICE | ACCOUNTING<br />
ACCOUNTING<br />
Theory in Practice?<br />
GASB’s New Concepts Statement on Note Disclosures and … a Proposal for More Notes!<br />
BY MICHELE MARK LEVINE<br />
In June <strong>2022</strong>, the Governmental<br />
Accounting Standards Board<br />
(GASB) issued its latest expansion<br />
of the conceptual framework for<br />
governmental generally accepted<br />
accounting principles (GAAP), Concepts<br />
Statement No. 7, Communication Methods<br />
in General Purpose External Financial<br />
Reports That Contain Basic Financial<br />
Statements: Notes to Financial Statements<br />
(CS7). Concepts statements are not<br />
themselves GAAP standards, of course;<br />
instead, they provide current and future<br />
board members with a framework that<br />
should help to set standards that are<br />
consistent with each other and logically<br />
function together. Also in June, GASB<br />
issued an exposure draft of a statement,<br />
Certain Risk Disclosures (ED), that, if<br />
adopted in final form, would require<br />
new note disclosures. Let’s look at both<br />
and then consider how closely the ED<br />
seems to follow CS7.<br />
What’s in the Concepts Statement?<br />
Much of CS7 carries forward the<br />
preexisting concepts on note disclosures<br />
from GASB Concepts Statement No. 3,<br />
Communication Methods in General<br />
Purpose External Financial Reports That<br />
Contain Basic Financial Statements<br />
(CS3), with few substantial changes.<br />
As part of basic financial statements,<br />
note disclosures remain limited to<br />
information that explains, describes,<br />
or supplements the financial<br />
statements, including:<br />
1. Descriptions of accounting<br />
and finance-related policies<br />
underlying the amounts in the<br />
financial statements.<br />
2. Details and explanations of those<br />
amounts.<br />
3. Information about the financial<br />
position or results of operations<br />
that do not meet the criteria for<br />
recognition (e.g., because they are<br />
not reasonably estimable). 1<br />
CS7 added “other finance-related<br />
information associated with the<br />
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
68
accountability of the government” to<br />
this list. 2 While this is a change from<br />
CS3, it is drawn from existing language<br />
in GASB Concepts Statement No. 1,<br />
Objectives of Financial Reporting, so<br />
it is not a substantive addition to the<br />
objectives of note disclosures so much<br />
as a way of tying them more explicitly<br />
to the overall objectives of financial<br />
reporting.<br />
To the prohibitions against including<br />
“Subjective assessments of the<br />
effects of reported information on<br />
the government’s future financial<br />
position” and “predictions about the<br />
effects of future events on future<br />
financial position” (more on this<br />
shortly), CS7 added a carve-out<br />
explicitly permitting disclosure of<br />
“expectations and assumptions about<br />
the future that are inputs to current<br />
measures in the financial statements<br />
or notes to financial statements.” This<br />
simply acknowledges the extensive<br />
use of estimates throughout financial<br />
statements and the information about<br />
those estimates required under current<br />
GAAP. Additionally, CS7 specifies that<br />
“general or educational information<br />
that is not specific to the government”<br />
is not appropriate for notes. 3<br />
CS7 states that users “are responsible<br />
for (a) obtaining a reasonable<br />
understanding of government and<br />
public finance activities and of the<br />
fundamentals of governmental<br />
financial reporting, (b) studying the<br />
information with reasonable diligence,<br />
and (c) applying relevant analytical<br />
skill.” 4 The same level of user<br />
sophistication was referenced in CS3,<br />
in a slightly different context.<br />
What is new and notable in CS7<br />
is that characteristics of essential<br />
information are included. Like beauty,<br />
GASB’s initial research demonstrated<br />
that essentiality is in the eye of the<br />
beholder. While there is much general<br />
agreement across constituencies that<br />
note disclosures are too voluminous,<br />
seemingly every existing disclosure<br />
has its own cadre of supporters. CS7<br />
tells us that the determination of<br />
essentiality should be based on the<br />
degree to which information (1) has, or<br />
While there is much<br />
general agreement<br />
across constituencies<br />
that note disclosures<br />
are too voluminous,<br />
seemingly every existing<br />
disclosure has its own<br />
cadre of supporters.<br />
is expected to have if it were available,<br />
a meaningful effect on users’ analyses<br />
for making decisions or assessing<br />
accountability, and (2) the breadth<br />
or depth of users expected to use the<br />
information for such analyses. 5<br />
What’s in the Exposure Draft?<br />
The premise of the ED is that<br />
governments should be required to<br />
disclose situations where certain<br />
concentrations or constraints limit<br />
financial flexibility such that the<br />
occurrence of an event may have a<br />
substantial negative effect on the<br />
government’s ability to continue<br />
to provide services and meet its<br />
obligations as they come due. 6 The<br />
ED specifies that the level of services<br />
that were provided in the financial<br />
reporting period is the benchmark<br />
that should be used when determining<br />
if a reduction will be substantial; it<br />
provided no guidance for situations<br />
where the types or levels of services<br />
in the period were unusual (e.g.,<br />
nonrecurring pandemic services and<br />
dedicated funding for them).<br />
Concentrations. Governments are<br />
exposed to risks based on a lack of<br />
diversity in significant revenue<br />
sources or expenses, which may limit<br />
their ability to acquire resources or<br />
control spending. The listed examples<br />
include concentrations of principal<br />
employers, industries, and other<br />
resource providers (taxpayers,<br />
grantors, suppliers), and a workforce<br />
covered by a collective bargaining<br />
agreement. 7 This is analogous to<br />
investment concentration risk in that<br />
the financial health of a government is<br />
highly dependent on a single provider of<br />
funds, labor, or materials.<br />
Constraints. Similarly, governments<br />
are exposed to risks based on<br />
limitations on raising revenue<br />
(property tax caps), spending, and<br />
incurring debt, as well as mandated<br />
spending. As with concentrations, the<br />
ED points out that such constraints<br />
may limit a government’s ability to<br />
acquire resources or control spending<br />
and ultimately its ability to continue to<br />
provide services or meet obligations as<br />
they come due.<br />
Presumably, requiring disclosure of<br />
all such concentrations and constraints<br />
would become “boilerplate,” increasing<br />
the volume of note disclosures without<br />
having “a meaningful effect on users’<br />
analyses.” 9 So the ED proposes to require<br />
disclosure only in situations in which<br />
some specific event that is related to the<br />
concentration or constraint may have a<br />
substantial effect on the government’s<br />
ability to provide services or meet its<br />
financial obligations.<br />
Criteria for disclosure. The ED proposes<br />
to mandate disclosure (discussed<br />
below) when:<br />
• A concentration or constraint is<br />
known to a government prior to the<br />
issuance of the financial statements;<br />
• An event associated with the<br />
concentration or constraint has<br />
occurred or is more likely than not to<br />
begin to occur within 12 months of the<br />
financial statement date, or shortly<br />
thereafter (for which the ED gives the<br />
example of three months); 10 and<br />
• It is at least reasonably possible (the<br />
chance is greater than remote) that<br />
within three years of the financial<br />
statement date, the event will cause<br />
there to be a substantial effect on the<br />
government’s ability to either:<br />
– Continue to provide services at<br />
the level provided in the current<br />
reporting period, or<br />
– Meet obligations as they come due. 11<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 69
IN PRACTICE | ACCOUNTING<br />
The issuance of both a concepts statement on note disclosures<br />
and a proposal for additional disclosures in the same month<br />
seems to beg stakeholders to judge how closely the proposed<br />
standard tracks the concepts statements.<br />
Disclosure requirements. When the<br />
above criteria are met, the ED proposes<br />
to require:<br />
• A description of the concentration or<br />
constraint;<br />
• A description of each associated<br />
event, including:<br />
– That the event has occurred or<br />
is more likely than not to begin<br />
to occur within 12 months of<br />
the financial statement date or<br />
shortly thereafter;<br />
– That it is at least reasonably<br />
possible that within three years of<br />
the financial statement date there<br />
will be a substantial effect on the<br />
government’s ability to either<br />
• Continue to provide services<br />
at the level provided in the<br />
current reporting period, or<br />
• Meet its obligations as they<br />
come due; and<br />
• A description of actions taken<br />
by the government prior to<br />
the issuance of the financial<br />
statements to mitigate the<br />
substantial effect.<br />
Of course, if mitigation actions taken<br />
result in the criteria for disclosure no<br />
longer be met, none of the disclosures<br />
are required. 12 The ED would not<br />
require governments to repeat a prior<br />
period’s disclosure in comparative<br />
financial statements; however, if<br />
the criteria are still met for an event<br />
associated with a concentration or<br />
constraint, that should be included in<br />
the current year disclosures. 13<br />
Use CS7 concepts in developing<br />
ED proposal<br />
The issuance of both a concepts<br />
statement on note disclosures and a<br />
proposal for additional disclosures<br />
in the same month seems to beg<br />
stakeholders to judge how closely the<br />
proposed standard tracks the concepts<br />
statements.<br />
Characteristics of essentiality.<br />
Preliminary to issuing any exposure<br />
drafts, GASB staff members conduct<br />
research on the issue, often including<br />
discussions with relevant parties.<br />
As part of the project that led to the<br />
ED, staff members interviewed<br />
representatives of various user groups.<br />
In addition to the concentration<br />
and constraint disclosures in the<br />
ED, GASB staff had sought feedback<br />
on additional categories of risk<br />
disclosures, risks, and uncertainties<br />
pertaining to significant estimates<br />
and those unique to the government<br />
environment. Feedback showed that<br />
neither a broad range of users across<br />
all user groups (“a breadth of users”)<br />
nor a large proportion of users in a<br />
specific group (“a depth of users”)<br />
said that they expected to use, and<br />
could articulate how they would use,<br />
the information if it were available,<br />
so GASB removed those from further<br />
consideration. 14 Therefore, regarding<br />
the only significant change made by<br />
CS7, the ED proposal can be seen as an<br />
appropriate application of<br />
the new concepts statement.<br />
Predictions. As mentioned above,<br />
CS7 retained and reiterated the<br />
conceptual framework’s warning<br />
against including “predictions about<br />
the effects of future events on future<br />
financial position” in note disclosures.<br />
Nonetheless, that the ED proposes to<br />
require governments to predict both<br />
the likelihood and the magnitude<br />
of future events, 15 which GFOA and<br />
others observe seems like GASB is not<br />
putting their theory into practice.<br />
Michele Mark Levine is the director of<br />
GFOA’s Technical Services Center.<br />
1<br />
GASB Concepts Statement No. 7, Communication<br />
Methods in General Purpose External Financial<br />
Reports That Contain Basic Financial Statements:<br />
Notes to Financial Statements (CS7), paragraph 9.<br />
2<br />
CS7, paragraph 9.<br />
3<br />
CS7, paragraph 10.<br />
4<br />
CS7, paragraph 8.<br />
5<br />
CS7, paragraph 11. The meaning of depth and breadth<br />
of users may be clearer when the terms are used in<br />
context, below.<br />
6<br />
Substantial is not defined in the ED or elsewhere,<br />
but is used in other GASB standards and is intended<br />
to refer to amounts quantitatively greater than the<br />
minimums that would be considered material or<br />
significant; which are themselves equivalent terms<br />
(CS7 nonauthoritative basis for conclusion, paragraph<br />
B31).<br />
7<br />
GASB Exposure Draft Certain Risk Disclosures (ED),<br />
paragraph 4.<br />
8<br />
ED, paragraph 5.<br />
9<br />
See note 5, above.<br />
10<br />
“Event” is not defined (or even explained) in the ED,<br />
although it includes a nonauthoritative appendix with<br />
illustrations where examples of events include (1) a<br />
government’s awareness that a primary taxpayer (the<br />
concentration) was “experiencing significant financial<br />
difficulties” and subsequently filed for bankruptcy (the<br />
event) and (2) the expiration of a labor agreement<br />
covering nearly all firefighters (the concentration) that<br />
could lead to labor disruption (the event).<br />
11<br />
ED, paragraph 6.<br />
12<br />
ED, paragraph 7.<br />
13<br />
ED, nonauthoritative basis for conclusion, paragraph<br />
B11.<br />
14<br />
Based on the writer’s observation, review of<br />
discussion papers, and review of minutes of GASB’s<br />
deliberations at its June-July 2021 meetings.<br />
15<br />
[GFOA’s comment letter has been drafted based on a<br />
AAFRC taskforce discussion of the ED. As soon as it is<br />
approved by the full committee it will be sent to GASB<br />
and posted on our website. A link to that letter should<br />
be included in this note.]<br />
©<strong>2022</strong> MICHAEL AUSTIN C/O THEISPOT.COM<br />
70
Helping public finance leaders of of tomorrow through<br />
Helping public finance leaders of of tomorrow through<br />
Academic Scholarships<br />
GFOA provides several scholarship opportuniies for for students interested in in pursuing<br />
GFOA provides a a several career in in scholarship state/provincial opportuniies or or local for government for students finance. interested in in pursuing<br />
a a career in in state/provincial or or local government finance.<br />
“I “I am am incredibly thankful for for GFOA’s generous scholarship for for allowing me me to to<br />
“I “I am am accomplish incredibly my my thankful educaaonal for for GFOA’s goals while generous decreasing scholarship the the for financial for allowing burden me me to to<br />
accomplish of of earning my my the educaaonal the graduate goals degree while required decreasing to to further my financial my career.”<br />
burden<br />
of of earning the the graduate degree required to to further my my career.”<br />
Ashley McGowen, 2020 scholarship recipient<br />
Ashley McGowen, 2020 scholarship recipient<br />
$100,000+<br />
in in scholarships awarded annually.<br />
in in scholarships awarded annually.<br />
Applicaaons open<br />
Applicaaons open<br />
November 1, 1, <strong>2022</strong><br />
November 1, 1, <strong>2022</strong><br />
Apply online<br />
Apply online<br />
gfoa.org/scholarships<br />
gfoa.org/scholarships<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 71
IN PRACTICE | PERSPECTIVE<br />
PERSPECTIVE<br />
The Brave New Frontier of Public Sector Privacy<br />
BY KATHERINE BARRETT AND RICHARD GREENE<br />
Cybersecurity efforts<br />
have been the main<br />
way state and local<br />
governments have tried<br />
to secure data from the<br />
prying eyes of potential malefactors.<br />
But breaches are inevitable—the bad<br />
guys frequently seem to be at least a<br />
little step ahead of the good guys in<br />
that domain. As a result, privacy is the<br />
key for entities that are interested in<br />
taking a prophylactic approach toward<br />
securing confidential records.<br />
It’s no surprise then that a recent<br />
study by the National Association<br />
of State Chief Information Officers<br />
(NASCIO) reported that: “In the last<br />
decade there has been immense<br />
growth in the state chief privacy<br />
officer (CPO) role. As demand<br />
increases for online services and<br />
states capture more personally<br />
identifiable information from citizens,<br />
more states are emphasizing the<br />
importance of privacy.”<br />
The speed with which that title is<br />
gaining currency, at least at the state<br />
level, is impressive, with 21 states<br />
reporting that they had a chief privacy<br />
officer role in May <strong>2022</strong>, up from 12 in<br />
2019, according to NASCIO.<br />
At the local level, the chief privacy<br />
officer position is somewhat less<br />
widespread, but that doesn’t mean<br />
cities and counties aren’t carefully<br />
focusing on privacy issues as well—<br />
often through staffers within their<br />
chief information officer’s shop.<br />
“I think the issue of privacy has burst<br />
onto the scene nationally,” said Katy<br />
Ruckle, chief privacy officer for the<br />
State of Washington.<br />
With faith in government at a<br />
historic low, there’s probably been no<br />
better time to reassure people that<br />
governments are being careful with<br />
the reams of data they collect from<br />
them. “Privacy can help build better<br />
trust with the public,” said Daren<br />
Arnold, chief privacy officer for the<br />
State of Ohio. “I think people have this<br />
feeling that they have to turn over<br />
information to whatever government<br />
agency requests it, but they have no<br />
say as to how it’s going to be used. But<br />
if there are proper rules around that<br />
information and if it’s used for the<br />
purpose for which it’s provided, that<br />
will build trust.”<br />
Naturally, finance offices need<br />
to be abundantly careful about<br />
maintaining privacy of the data they<br />
receive directly through one means<br />
or another, from tax returns to bids<br />
for procurements to internal records<br />
©<strong>2022</strong> ALEX NABAUM C/O THEISPOT.COM<br />
72
of the finance offices themselves,<br />
such as the social security numbers of<br />
employees.<br />
And that’s just the beginning.<br />
Because finance offices are often<br />
sharing data with other agencies,<br />
they carry the heavy burden of<br />
helping to ensure that information<br />
isn’t revealed to prying eyes. “They<br />
need to have safeguards, to make sure<br />
that information isn’t leaked out,”<br />
explained Amy Glasscock, program<br />
director for innovation and emerging<br />
issues for NASCIO.<br />
“Finance professionals are handling<br />
large amounts of financial information<br />
for individuals,” Ruckle said, “and I’ve<br />
seen cases where large spreadsheets<br />
full of private information have been<br />
generated and sent to the wrong email<br />
address, with the potential that it will<br />
go out to large numbers of people.”<br />
Ginger Armbruster has been chief<br />
privacy officer for the City of Seattle,<br />
Washington, since 2017. Her job is<br />
particularly complicated because<br />
Seattle, like other cities, operates<br />
under the strictures of the state’s open<br />
information laws. That means that if<br />
a city agency gathers information of<br />
any kind, it doesn’t require a hacker to<br />
get to it—it’s open to the eyes of anyone<br />
who requests it. “I have to make<br />
nearly anything that the city creates<br />
available to the public.”<br />
Armbruster provided a particularly<br />
powerful example. The Department<br />
of Transportation in Seattle wanted to<br />
make it easier and safer for children to<br />
walk to school—an estimable goal. As<br />
part of that effort, it issued a survey<br />
that included questions like, “How<br />
do you walk to school?” “What’s your<br />
gender?” “How old are you?” “At what<br />
time do you travel?”<br />
“So, we worked with the department<br />
of transportation, which was very<br />
open to our counsel, and said, you<br />
don’t need to know the exact route any<br />
individual child travels or exactly<br />
when they’re taking that walk. That’s<br />
way too intrusive,” Armbruster said.<br />
“They hadn’t thought about how that<br />
information could be used in bad ways.<br />
They were just trying to protect the<br />
kids, not put them at risk.’”<br />
Privacy shops need to<br />
concern themselves<br />
with two primary<br />
questions: Do we really<br />
need the data in the first<br />
place? and Who should<br />
have access to the data<br />
that’s being collected?<br />
Privacy shops need to concern<br />
themselves with two primary questions.<br />
The first is, “Do we really need the data<br />
in the first place?” With the capacity<br />
of technology to store endless troves<br />
of data, there’s a distinct tendency<br />
toward getting every bit of information<br />
available from anyone interacting<br />
with a state or local government. But<br />
if personal identification data isn’t<br />
necessary for the purpose for which<br />
it’s being collected, then gathering it<br />
in the first place isn’t wise.<br />
Arnold provided another example.<br />
“In the finance space, you don’t need<br />
people to put their social security<br />
numbers on their invoices. There’s<br />
rarely a reason to put that on there.”<br />
The second big question is who should<br />
have access to the data that’s being<br />
collected. Fewer eyes on privileged<br />
data mean it’s less likely to leak out. As<br />
a result, states and local governments<br />
that are concerned with privacy are<br />
careful to make certain that data is<br />
shared only on a need-to-know basis.<br />
“Because privacy is a relatively new<br />
area of focus, people don’t necessarily<br />
realize they shouldn’t provide that<br />
broad access to data,” said Cherie<br />
Givens, chief privacy officer for the<br />
State of North Carolina.<br />
Efforts to maintain privacy have<br />
gotten trickier than ever because the<br />
pandemic led to many public-sector<br />
employees working from their homes.<br />
North Carolina state employees receive<br />
guidance on how to protect state data<br />
when working remotely, Givens said.<br />
“Personal information or personally<br />
identifiable information held by<br />
the state needs to be protected from<br />
unauthorized access by others,<br />
including people in your home.<br />
Your spouse or your children are not<br />
authorized to see state-held personally<br />
identifiable information.”<br />
What are the risks if someone’s<br />
teenage child gets a glimpse of a<br />
spreadsheet? The answer becomes<br />
clear if you think like a chief privacy<br />
officer. “Think about the selfie<br />
generation,” Givens said. “Someone<br />
could take a picture with a laptop in<br />
the background and post it on social<br />
media.” If the laptop hasn’t been<br />
locked, then the information on the<br />
screen could be seen by potential<br />
identity thieves or others who view<br />
this kind of social media post as if it<br />
were a pile of gold dumped in their lap.<br />
Although privacy is clearly an<br />
important goal for a growing number<br />
of state and local governments, like<br />
other government efforts, one major<br />
challenge to progress is the lack of<br />
money necessary to do the work.<br />
Consider the City of Oakland,<br />
California. The city’s Privacy Advisory<br />
Commission has taken important steps<br />
to protect its citizens from the abuse of<br />
data gathered through technology like<br />
automatic license plate readers.<br />
But Joe DeVries, deputy city<br />
administrator and chief privacy<br />
officer, said he’d like cities like<br />
Oakland do more, and he explains<br />
why that hasn’t come to pass yet. “Like<br />
many cities, we’re under-resourced. We<br />
struggle with huge swaths of poverty,<br />
and we have a large vulnerable<br />
population with a lot of needs. What<br />
I’ve observed in my work on privacy<br />
is that it’s hard for people who are<br />
housing the insecure or victims of<br />
violent crime to think of privacy as a<br />
hot topic.”<br />
Katherine Barrett and Richard Greene<br />
are principals of Barrett and Greene,<br />
Inc (greenebarrett.com). and are coauthors<br />
of the recently released Making<br />
Government Work: The Promises and<br />
Pitfalls of Performance-Informed<br />
Management.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 73
IN PRACTICE | PERSPECTIVE<br />
PERSPECTIVE<br />
Recycling the Muni Exemption Debate<br />
BY JUSTIN MARLOWE<br />
With a bit of late<br />
summer, premidterm<br />
election<br />
legislative<br />
maneuvering,<br />
Congress passed the Inflation<br />
Reduction Act of <strong>2022</strong> (IRA). Critics<br />
and defenders of the law both seem to<br />
agree that its name doesn’t describe<br />
its main objective. In fact, the IRA is<br />
really a climate bill. It calls for $737<br />
billion in new spending over the next<br />
decade, most of it for climate-focused<br />
investments like energy security,<br />
climate adaptation, and drought<br />
resiliency.<br />
As is often the case with major pieces<br />
of federal legislation, IRA’s unintended<br />
consequences could far outweigh<br />
its intentions. That’s especially true<br />
for state and local finance. If IRA<br />
works as intended, we’ll see a lot more<br />
wind farms, solar panels, recycling<br />
facilities, and electric vehicles. But this<br />
legislation might also inadvertently<br />
reopen a longstanding and acrimonious<br />
debate about the federal government’s<br />
role in the municipal bond market.<br />
IRA doubles down on many of the<br />
Biden Administration’s core principles<br />
around climate adaptation. One of<br />
those principles is “carrots before<br />
sticks.” President Biden and many<br />
Congressional leaders have said<br />
they’d much prefer to encourage<br />
businesses and individuals to invest<br />
in clean energy than to discourage<br />
fossil fuel use through a carbon tax<br />
or other “sticks.” The challenge with<br />
this approach is that the federal<br />
government’s main tool—in many ways<br />
its only tool—to that end is tax subsidies<br />
©<strong>2022</strong> DANIEL HERTZBERG C/O THEISPOT.COM<br />
74
that encourage investment by reducing<br />
an individual’s or business’s federal<br />
tax liability. We know from decades of<br />
research that tax preferences of that<br />
sort are a decidedly imperfect way to<br />
encourage investment. But despite<br />
those imperfections, IRA includes more<br />
than $200 billion for energy-related tax<br />
subsidies over the next decade.<br />
Tucked into IRA’s arcane details are<br />
two subtle but enormous shifts that<br />
chart a new course for these types<br />
of energy tax subsidies. One is that<br />
IRA allows a business that’s received<br />
many of these credits to sell or transfer<br />
those credits to “unrelated parties.”<br />
This is similar to affordable housing<br />
tax credits, where developers that<br />
seek to build or rehabilitate affordable<br />
housing receive the credits and sell<br />
them to investors. That upfront capital<br />
from investors is often what makes<br />
a project profitable. Before IRA, most<br />
energy-related tax credits were not<br />
transferable. Now they are.<br />
But IRA doesn’t stop there on<br />
transferability. It goes a monumental<br />
extra step by defining “unrelated<br />
parties” for some credits to include<br />
tax-exempt organizations. Broadly<br />
speaking; that could include state and<br />
local governments, public pension<br />
funds, nonprofits, and philanthropies,<br />
among others.<br />
That begs an obvious question: Why<br />
would a local government that doesn’t<br />
pay federal income taxes buy federal<br />
income tax credits?<br />
The answer is IRA’s other big change.<br />
It allows tax-exempt entities to convert<br />
certain climate-focused subsidies<br />
into “direct pay” credits. A direct pay<br />
tax credit allows the holder to redeem<br />
that credit for a direct payment from<br />
the federal government. No need to<br />
file income taxes. Just request a check<br />
directly from Uncle Sam.<br />
Direct pay is not new to municipal<br />
finance generally, and definitely not<br />
to the municipal bond market. Muni<br />
veterans will remember Build America<br />
Bonds, a brief experiment with direct<br />
pay brought about by President Obama’s<br />
2009 stimulus. In that program, states<br />
and localities issued taxable bonds,<br />
This legislation might<br />
also inadvertently<br />
reopen a longstanding<br />
and acrimonious debate<br />
about the federal<br />
government's role in the<br />
municipal bond market.<br />
and then received a payment from the<br />
federal government roughly equivalent<br />
to the foregone income taxes that would<br />
have been claimed by investors if the<br />
bonds had been tax-exempt. Federal<br />
law has also allowed forms of tax credit<br />
bonds where investors in taxable<br />
munis receive a tax credit rather than<br />
tax-exempt interest. Programs like<br />
the Qualified Zone Activity Bonds<br />
for schools and the Qualified Energy<br />
Conservation Bonds for economic<br />
development projects made use of this<br />
tax credit structure.<br />
If we take this combination of<br />
transferability and direct pay to its<br />
logical end, we can concoct a few<br />
hypothetical—but likely—scenarios.<br />
Imagine, for instance, that a developer<br />
receives tax credits to build a solar<br />
farm. It builds that farm and then sells<br />
it to a public employee pension fund.<br />
That pension fund converts those<br />
credits to direct pay credits, and in turn<br />
leases the farm back to the developer.<br />
The developer then sells the power<br />
generated by that farm to a utility and<br />
realizes additional credits for power<br />
production. The pension fund converts<br />
a small financial investment into a<br />
reliable revenue stream and new clean<br />
energy. The developer makes money on<br />
an otherwise risky project.<br />
One can imagine similar scenarios<br />
with wind farms, electric vehicle<br />
charging stations, and other<br />
infrastructure investments, with<br />
many types of tax-exempt entities as<br />
the counterparty. Imagine a wind farm<br />
owned by a rural county government<br />
and used to power an Amazon data<br />
center. Or high-capacity battery<br />
production in a rehabilitated factory,<br />
heavily subsidized by a major local<br />
foundation, in a city in the old industrial<br />
Midwest. And so forth.<br />
Whether governments and<br />
nonprofits ought to make these types<br />
of investments is an important policy<br />
question. State and local policymakers<br />
around the country will now inevitably<br />
take up that debate.<br />
The more immediate question for<br />
municipal finance is what will happen<br />
if IRA normalizes the large-scale state/<br />
local government use of direct pay<br />
credits? Critics of traditional taxexempt<br />
municipal bonds have hoped for<br />
precisely that for decades. They’ve long<br />
argued that we ought to replace most<br />
municipal bonds with a taxable, direct<br />
subsidy structure, which they consider<br />
much more efficient than the status quo.<br />
Proponents of traditional tax-exempt<br />
munis have pushed back, pointing out<br />
that many small and infrequent muni<br />
issuers would flounder in a taxable<br />
bond-direct pay market. They also point<br />
out that uncertainty about the federal<br />
government’s long-term commitment to<br />
making those direct payments is a major<br />
deterrent for many government issuers.<br />
The BABs experience, where the federal<br />
subsidy payments routinely become<br />
ensnared in federal deficit reduction<br />
plans, only underscores that concern.<br />
So, the stage is set. State and local<br />
governments have new tools that will<br />
allow them to play a much greater role<br />
in clean energy production. That’s a top<br />
priority for many governors, mayors,<br />
and other state/local policymakers, so<br />
it seems inevitable that many will use<br />
those tools to the greatest extent possible.<br />
But using those tools could upend<br />
municipal finance as we know it.<br />
For details about the IRS, see<br />
Galen McDonald’s article on page 11<br />
of this issue.<br />
Justin Marlowe is a research professor at<br />
the University of Chicago, Harris School of<br />
Public Policy, and a fellow of the National<br />
Academy of Public Administration.<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 75
IN PRACTICE | INTERVIEW<br />
with Veronica Carrillo, Fiscal Administrator<br />
for the City of San Antonio, Texas<br />
Veronica Carrillo grew up surrounded by family in a<br />
Hispanic neighborhood on the west side of San Antonio.<br />
Her home was on a block where many aunts, uncles,<br />
cousins, and grandparents lived just a yard over or down<br />
the block. GFOA’s Timothy Martin spoke with Veronica<br />
as part of GFOA’s FINE(ance) Fridays podcast series<br />
about how her tight-knit family kept her centered and<br />
grounded, how her father worked multiple jobs to ensure<br />
his children would have opportunities for a better life, and<br />
how his advice led her into a long, varied, and satisfying<br />
career with the City of San Antonio, Texas.<br />
Let’s start out by talking about<br />
a conversation you had with<br />
your dad.<br />
I have shared this story with leaders<br />
and people I mentor because I think it’s<br />
important. As leaders, we should make<br />
an effort to understand people’s perspective “windows”<br />
and then look for ways to help open those windows to new<br />
opportunities.<br />
I remember cleaning offices with my father and one night<br />
when we were emptying trash, he told me I should study<br />
accounting. When I asked why, he said he’d noticed a few<br />
things. We were working in the accounting area, and he<br />
had noticed that a lot of ladies worked there, they seemed<br />
to have reasonable hours, and they wore suits. I don't know<br />
if I would tell a young woman that today, but my father<br />
envisioned a better life for his daughter that included a<br />
better work environment and a position of respect. That<br />
was my dad’s perspective window.<br />
So, with my first job at the City of San Antonio, as a fiscal<br />
officer in the Finance Department, I thought that I had<br />
made it. My father’s guidance got me there, but it could<br />
only take me so far. Thankfully, I have been fortunate to<br />
also have other mentors that have shared other “windows”<br />
that have helped guide me and further my career.<br />
76
When you were in college, what<br />
were you thinking about the<br />
future? A lot of college students<br />
don't know what they want to do<br />
with their lives.<br />
In my junior year of college, my father<br />
sat me down and told me his insurance<br />
would only cover me until I turned<br />
21. He made sure I understood that I<br />
needed to find a job with insurance.<br />
That’s a real “dad” piece of advice!<br />
I remember realizing that I needed to<br />
stay on task and on schedule, and that's<br />
what I did. When I graduated, I set out<br />
to find a job with good benefits and the<br />
opportunity for growth.<br />
After college, you spent six years<br />
at Kroger. Were you in a corporate<br />
office or in a store?<br />
At the time, I worked in-store<br />
operations, where I managed people<br />
on the front lines. I had just turned<br />
21 and was responsible for about<br />
$15 million in inventory, much of<br />
which was perishable. As part of a<br />
six-month training program, I learned<br />
about customer service, inventory<br />
management, cash controls, and how<br />
to manage and lead a team. At any<br />
given time, I had between 150 and 200<br />
employees and between six and eight<br />
division managers.<br />
What did you learn from that<br />
experience?<br />
One of the most valuable lessons<br />
I learned during my experience at<br />
Kroger was the power of my words.<br />
My first year on the job was not my<br />
shining moment. As a young manager,<br />
I said things then that I would not say<br />
today. I was fortunate that I learned<br />
early in my career that the choice and<br />
tone of my words can impact, inspire,<br />
and influence others.<br />
It seems like your experience<br />
at Kroger was a good setup for<br />
where your career ultimately led.<br />
Definitely. Eventually, we returned<br />
to San Antonio. It was important<br />
to me that our son experience the<br />
kind of family environment that<br />
I had experienced growing up,<br />
surrounded by cousins, aunts, and<br />
uncles. I will always be grateful to<br />
the Kroger Company for providing<br />
a solid foundation for my career. I<br />
carried over my skills in customer<br />
service, inventory management, cash<br />
controls, and employee management<br />
to my positions here at the City of San<br />
Antonio. These are foundational skills<br />
for any organization, including local<br />
government.<br />
What did your parents think about<br />
your career?<br />
My parents are very proud of my career<br />
and service to the city. And my dad is<br />
aware that I still wear suits some days!<br />
They have also been very supportive<br />
and respectful of my decision to be a<br />
working mother.<br />
You've talked about the importance<br />
of getting to know people and<br />
expanding that network. How<br />
important has that been for you?<br />
It has been key. One of the first<br />
organizations I was introduced to<br />
when I began working for the City of<br />
San Antonio was GFOA. GFOA was<br />
introduced to me by our finance<br />
director, who was working on a bid<br />
for the 2005 annual conference. In<br />
the past, I have often said that I have<br />
grown up not only with the City of San<br />
Antonio, but also with my colleagues<br />
at GFOA. My involvement at GFOA has<br />
been gradual, starting with assisting<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 77
IN PRACTICE | INTERVIEW<br />
with the host committee, then serving<br />
on the budget committee, followed<br />
by serving on the nominating<br />
committee, and then serving on the<br />
executive board. Being part of GFOA<br />
has been a real honor.<br />
As you climbed the ladder in San<br />
Antonio, you also climbed the<br />
ladder as a member of GFOA.<br />
It's great to see that you looked<br />
at and took advantage of the<br />
opportunities that members<br />
have with GFOA. Members can<br />
network as well as do more<br />
advanced things within the<br />
organization—and you’re such a<br />
great example of how a member<br />
can start at the beginning and<br />
work their way up to even joining<br />
the board.<br />
Thank you for saying that. I believe<br />
that success anywhere starts with<br />
getting involved and engaged. This<br />
has been a process over the last<br />
20-plus years. My career has been<br />
more rewarding because I had the<br />
opportunity to work with incredibly<br />
bright individuals and provide service<br />
to our communities. These things give<br />
purpose to the work we do.<br />
Looking at your 24-year career<br />
so far at San Antonio, you've had<br />
several positions: fiscal officer,<br />
public utilities manager, fiscal<br />
administrator, assistant director<br />
of the city center development<br />
operations, all the way up to<br />
managing grant money for the<br />
city’s COVID-19 Executive Office.<br />
You’ve had a lot of responsibilities<br />
and opportunities along the<br />
way. What are some of the most<br />
rewarding moments for you?<br />
Throughout my 24-year career<br />
with the City of San Antonio, there<br />
have been a lot of career highlights.<br />
Implementing our city's fiscal shared<br />
services program is definitely at<br />
the top of the list. For this project,<br />
we had implemented SAP and were<br />
struggling with departments operating<br />
in silos. We implemented a shared<br />
services program to standardize our<br />
fiscal business processes across our<br />
organization. We also standardized<br />
positions and finance processes for<br />
functions including accounts payable<br />
and accounts receivables across the<br />
organization.<br />
We have seen significant results with<br />
improved audits. I spent 10 years<br />
leading the fiscal shared services<br />
program, and it is a great honor to<br />
now see our fiscal administrators do<br />
so well. I find working with people<br />
and watching them develop and<br />
succeed incredibly rewarding. This<br />
program has provided a career path for<br />
individuals in fiscal operations, and it’s<br />
great for our team members and the<br />
City of San Antonio.<br />
Did you experience any pushback?<br />
It is not always fun reapplying for new<br />
positions at work. There is always a lot of<br />
anxiety surrounding this, but we always<br />
try to take measures to mitigate stress.<br />
We kept a bigger picture in mind, and<br />
the success of shared services depended<br />
on collaboration, communication,<br />
and demonstrating the benefits of the<br />
program. Fiscal staff were able to see a<br />
career path and realized that everyone<br />
would be treated equitably across the<br />
organization. Many people ended up<br />
with opportunities for promotions. It<br />
took a little while, but after a year or two,<br />
team members and departments started<br />
getting excited about the program and the<br />
opportunities that were available to them.<br />
To touch on another subject: You<br />
got your master’s degree relatively<br />
recently, which had to be a challenge.<br />
Why did you decide to do it?<br />
When I became a GFOA executive board<br />
member, I felt that my education credits<br />
needed to be better aligned with my<br />
professional career accomplishments.<br />
This was something I had always wanted<br />
to do, so I returned to the University of<br />
Texas in San Antonio and completed the<br />
Executive MBA program. As with most<br />
things in life, the second time around<br />
benefitted from my life experience and<br />
the perspective that comes with that<br />
experience.<br />
Timothy Martin is GFOA’s senior<br />
manager for member engagement.<br />
FINE(ance) Fridays<br />
This interview was adapted and condensed from an episode of<br />
GFOA’s FINE(ance) Fridays. Keep a look out for our new season,<br />
starting soon and available wherever you listen to podcasts.<br />
gfoa.org/fineance-fridays<br />
78
Welcome to New Orleans!<br />
GFOA is excited to bring in-person training to The Big Easy,<br />
December 12-15. The following courses will be offered:<br />
Accounnng for Capital<br />
Assets<br />
December 12<br />
Revenue Policies<br />
December 12-13<br />
Advanced Governmental<br />
Accounnng<br />
December 13-15<br />
Role of the Finance Officer<br />
in the Budget Process<br />
December 14-15<br />
Register at<br />
gfoa.org/events<br />
OCTOBER <strong>2022</strong> | GOVERNMENT FINANCE REVIEW 79
10 STEPS<br />
to Taming Interruptions<br />
and Preventing Rework<br />
Behind meetings, interruptions<br />
and rework are the leading<br />
causes of wasted time for<br />
many GFOA members. Our<br />
poll showed that more than<br />
a quarter of respondents<br />
rated interruptions as the<br />
most annoying source of lost<br />
time at work—again, right<br />
behind meetings. Rework—<br />
when you have to do a task<br />
over again because it wasn’t<br />
done right the first time—is<br />
pretty annoying as well and<br />
is a frequent consequence of<br />
interruptions.<br />
Here is a checklist with<br />
5 recommendations to<br />
minimize interruptions<br />
and 5 recommendations<br />
to avoid rework.<br />
1<br />
Designate physical<br />
no-interruption zones in<br />
your office. This could be dedicated<br />
physical space or an agreement to<br />
respect time blocked out on calendars<br />
as “no interruption.”<br />
2<br />
Create checklists that<br />
describe critical but easily<br />
overlooked tasks for work processes<br />
that are interruption prone.<br />
3<br />
Adjust the settings on<br />
your electronic devices<br />
and apps to eliminate cues (beeps,<br />
lights, icons) to engage in low- or<br />
no-value activities.<br />
4<br />
Find ways to make using<br />
your devices and/or apps<br />
slightly more unreachable—<br />
just enough that checking them is no<br />
longer habitual but now takes<br />
conscious effort.<br />
5<br />
Create opportunities for<br />
the necessary occasional<br />
diversions from work that<br />
have less potential to degenerate into<br />
long periods spent on unproductive<br />
apps. Examples might be keeping an<br />
enjoyable book or magazine nearby<br />
for a planned break.<br />
6<br />
Collect data on work<br />
defects, including where in<br />
the process the defect is discovered,<br />
where the error that creates the defect<br />
occurs, and how common it is.<br />
7<br />
Strive to understand what<br />
truly caused the defect.<br />
Conduct a simple root<br />
cause analysis by using “the 5 Why’s”<br />
or similar approach.<br />
8<br />
Establish written standard<br />
operating procedures that<br />
describe clear standards for<br />
how processes should be performed.<br />
9<br />
Use visual controls such<br />
as conditional formatting<br />
and check cells in Excel, and<br />
visual warnings for values for out-ofparameter<br />
values in the ERP system.<br />
10<br />
Employ mistakeproofing<br />
strategies to<br />
avoid rework, including<br />
using data validation rules and locking<br />
cells in Excel, as appropriate, and using<br />
automated entry of fields to eliminate<br />
human intervention.<br />
For more information on how to<br />
reclaim wasted time at work, visit<br />
gfoa.org/timebackchallenge.<br />
©<strong>2022</strong> CHRIS GASH C/O THEISPOT.COM<br />
80
November 14-15, <strong>2022</strong> | Washington D.C.<br />
A stronger nation starts<br />
with a stronger infrastructure<br />
State and local governments are armed with a $550 billion influx of federal infrastructure<br />
funds at a time when getting the country’s infrastructure into proper shape is just the<br />
start to meeting future challenges. For the first time ever, The Bond Buyer will convene<br />
key experts and industry innovators to dive deep into all the complexities of these<br />
endeavors at its exclusive INFRASTRUCTURE conference.<br />
Use promo code: GFOAVIP<br />
Register and join hundreds of muni leaders<br />
https://conference.bondbuyer.com/infrastructure<br />
Questions about the event? Contact Ryan Fallon at(212)-803-8817 | Ryan.fallon@arizent.com