1 entire universe binder 01 02.5.14

7/21/2019 1 Entire Universe Binder 01 02.5.14

1/74

5 Steps to

COSO Transition Success

1.

Transition TimelinePREPARE a project plan and timeline for transitioning to the new COSO

Framework. On December 15, 2014, COSO92 will be superseded by COSO2013.

Businesses should estimate between three to nine months in order to appropriately plan

and implement the transition.

2.

StakeholdersIDENTIFY the stakeholders in your organization that should be aware of the COSO

Framework updates.The Board of Directors, management, personnel, and internal and

external auditors are stakeholders that utilize the COSO Framework.

3. Current FrameworkEVALUATE whether the current COSO Framework is applied effectively

throughout the organization today. The way businesses operate today has drastically

changed since the original COSO Framework was published in 1992. New business models,

evolving technology, changing regulatory requirements and other challenges require a

system of internal control that can quickly adapt to changes in business, operating and

regulatory environments. How has your business changed and what are the implications on

your internal control program?

4. Internal Control Education

EDUCATE the various departments and key stakeholders on their ownership andresponsibilities and the importance and relevance of internal controls. Internal

controls are important to all areas of your business. As an example, fraud risks exist in all

aspects of an organization, not just in financial reporting. So its important that each

department understands the five integrated components that comprise internal control

control environment, risk assessment, control activities, information and communication,

and monitoring activitiesand how these address objectives within their specific area of

responsibility.

5. Well-Planned TransitionDETERMINE the internal budget and expertise needed and available to support

the transition from COSO92 to COSO2013.To schedule a complimentary consultation,contact Amy Ribick, CFE, CRMA, at 314.983.1347 [email protected].

Amy Ribick, CFE, CRMA

Manager, Risk Advisory Services

314.983.1347 | [email protected]
mailto:[email protected]:[email protected]:[email protected]:[email protected]


2/74

It is not uncommon for companies to make duplicate payments to vendors. While companies can try toreduce this risk through system controls, it is still prevalent and often more difficult to detect.

Vendors are often set up with more than one vendor number, making it easy for the same invoiceto get paid more than once.

Statements and invoices can look remarkably similar, causing the same amount to be entered morethan once.

Disparate accounts payable processing locations often allows a vendor to be paid for the sameinvoice from two different locations.

If the system doesnt allow a duplicate invoice number, employees may alter the invoice numberby adding a -1 or an A, allowing it to be entered again.

Automated duplicate payment controls typically look for the same invoice number from a vendoroccurring in the same year. Transactions around the end of the year can be more susceptible toduplicate payment.

SCOPE OF SERVICES

We help you identify potential duplicate payments. We do this by getting an understanding of thecontrols in your systems and processes. We then combine that understanding with our knowledge of themany ways duplicate payments can occur. Data analysis software, such as ACL, allows us to sift throughthe large quantities of data and develop customized tests to run against your data to detect potentialduplicate payments in your system. The time period is up to you, though we have seen the best resultsfrom at least 12 months of data.

We can provide you with the information necessary to contact vendors to reclaim your paymentsalong with suggestions for how to improve your controls to prevent or detect duplicate payments inthe future. We can also help you develop continuous monitoring procedures to search for potentialduplicate payments on regular basis.

These are just a few examples of the assistance we can provide. Contact one of us to discuss otherpossibilities to analyze your data and improve your business. At Brown Smith Wallace, we makeA Measurable DifferenceTM.

Duplicate PaymentReview

Contact Jan Beckmann, CPA, at 314.983.1254, [email protected] orTed Flom, CPA, CISA, CIA, at 314.983.1294, [email protected].

ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM


3/74

Approach toProcess Improvement

We are happy to meet with you to discuss our approach and help you identify the benefits to your organization.To learn how our risk advisory services can make A Measurable Differencefor your organization,

please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1238 or [email protected]

mprehensive Accounting & Tax Consulting | Audit & Risk Management Services | Management Consulting | Financial Advisory S

ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 | WWW.BSWLLC.COM

At Brown Smith Wallace we view process improvement as a systematic approach to improving the performance

of our clients. Our approach doesnt entail fighting fires or placing blame. It involves identifying andunderstanding the causes of performance issues, making recommendations and developing policies and

procedures to help our clients reap the rewards of better performance. Our 15 step approach is outlined below.

Plan

Document

Finalize

Revise

Evaluate

Select process Establish improvement

objective

Organize the team -

Internal and BSW

Review current policies and

proceduresWalk through the process

Develop a flow chart for

the process

Review process for

adequacy of controlsReview process for efficiency

and effectiveness

Discuss improvements with

client team

Revise process flow chart for

agreed-to improvementsTest the revised process and

update for lessons learned

Present revised process to

client management

Update policies and

procedures

Train client resources on

processFinalize process


4/74

You never know when disaster will strike. Business continuity planning minimizes the possibility ofinterruptions and develops your ability to continue business operations during an unexpected natural disasteror malicious activity, and throughout the recovery process.

What Is the Process?

Your business continuity plan assesses the current risk and impact a disaster will have on your business. Itidentifies critical business processes and determines requirements necessary to recover. You receive feasible,cost effective options that are current, viable and complete. Documentation is developed and updated toensure you are in a constant ready-state for execution.

A holistic and logical approach is followed to ensure critical business practices have been identified and al-ternate procedures are documented. This would include, but not limited to, human resources, facilities man-agement, communication systems, Information Technology infrastructure resources, and media relations.

Who Needs Business Continuity Planning?

Any company requiring a high degree of confidence in their ability to continue business operations regard-less of internal or external threats or activities.

Why Engage Brown Smith Wallace?

Our service professionals have wide industry experience in reviewing existing plans and providing businesscontinuity consulting services to a broad spectrum of service organizations including clients in the insurance,marketing, and manufacturing industries. We ensure all sectors of the business from the enterprise downto business unit levels are in place necessary to steer the business through both catastrophic disasters anddisruptive fluctuations in the business environment.

Business Continuity

Contact Tony Munns, CISA, FBCS, CITP, at 314.983.1297, [email protected] orLarry Newell, CISA, CBRM, at 314.983.1218, [email protected].

ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100

[email protected] | 888.279.2792 |WWW.BSWLLC.COM


5/74

Feasibility

Close out

Design

Substantialcompletion

Planning & research

Constructionin progress

Proposeddevelopment project

Constructionstart

Bidding

Ongoing support

Contractnegotiation

Budgeting


6/74

These are the 3 tangible benefits our construction audit experts can bring to project

owners. We can help you achieve them by making sure you properly assess change orders andother issues generated by the contractors specialists who are dedicated to maximizing the contract.

CONSTRUCTION AUDIT

Our typical/average ROI on a construction audit is 1-2% of the projects costs. We can provide a numberof tangible benefits, including:

Cost recovery of overcharges

Lower capital costs

Reduced project risks Fewer open issues and disputes

Stronger financial controls and reporting

Enhanced communication and project delivery

Tighter policies and procedures

Improved contract language Better regulatory compliance

COST SEGREGATION STUDY

As part of our construction audit, we can also provide a cost segregation study that will identify taxsavings you can recover on your construction project. This integrated approach typically increases theoverall ROI we can provide on a project to 3% or more. (Please see the description of our cost segregationservices on the other side.)

OPPORTUNITY ASSESSMENT

If you are interested in saving from 1-3% or more on your construction project, please contact us toschedule an Opportunity Assessment. With less than 30 minutes of your time, we can estimate theROI we can provide.

Construction Audit1. ROI 2. Savings 3. Lower risk

Contact Dale Helle at 314.983.1338, [email protected] orBill Willbrand, CPA at 636.754.0200, [email protected].




7/74

With the pressures in todays economy, construction and lease audits help reduce costs. Provideragreements are large and complex, yet these audits are of low risk. The expertise of our Risk Services

practice provides an added value service on construction and lease audits with an ROI up to 15%.

CONSTRUCTION AUDIT

Owners who make a significant investment in capital for design and construction are open to many risks.A planned, risk-based, targeted compliance program helps mitigate project risks and offer a number oftangible benefits throughout the programs duration. Such benefits include:

Improved financial controls and reporting

Increased awareness of vendors throughoversight

Cost recovery due to unallowable charges

Reduced project risks, open issues anddisputes

Improved communication and project deliveryprocess

Reduced capital costs

Improved contract language

Sound policies and procedures Focus on development and execution plan

LEASE AUDIT

When performing audits of common area maintenance charges (CAM), we focus on identifying andquantifying invoiced cost exceptions that will result in savings. Our audits are successful because we havethe experience of analyzing the language in agreements and amendments. This experience along with aconsistent ROI are another way we make A Measurable Difference.

Our extensive review of common area maintenance audits includes:

Determination of audit/dispute time of CAMcharges

Verification to source documents

Provisions of insurance coverage

Re-calculation of original vendor invoices Re-calculation of utility charges

Detailed itemization

Verification of allowed and disallowed charges

Cost Recovery ServicesConstruction and Lease Audits

Contact Ted Flom, CPA, CISA, CIA at 314.983.1294, [email protected] | Tony Munns, CISA, CIRM, CPIM at [email protected] | Chris Menz, CPA at 314.983.1227, [email protected].

ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL

314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM


8/74

Continuous ControlsMonitoring

Contact Janet Beckmann, CPA, at 314.983.1254, [email protected] orTed Flom CPA, CISA, CIA, at 314.983.1294, [email protected].



Continuous controls monitoring (CCM) has been on the radar for many companies for several years. Recently,

however, more organizations are pushing towards meeting this best practice. Why initiate a CCM system now?

Your organization may have experienced loss or fraud and want to make sure it never happens again. You may be

automating time-intensive processes to increase efficiency. Or, you may have a security concern in a certain area,

such as payroll or accounts payable.

CCM is a systemic way of verifying transactions and reducing operational, compliance and financial risks. A key

goal is to catch control failures quickly, before they cause too much damage. Brown Smith Wallace builds CCM

systems that combine process and technology to identify potential errors, fraud, inefficient operations and audit

targets.

VALUE-ADDED APPROACH

Our CCM systems are custom-developed based on your systems, controls and specific requirements. The cost is

dramatically less than off the shelf systems. and focuses on your core needs. Our systems are designed to monitor

and validate controls to reduce risk, maintain compliance, manage costs and minimize losses.

BROWN SMITH WALLACES DIFFERENTIATORS

Our CCM process and tool provide real differences to you, including:

Risk-based designs

Definable schedules

Customized thresholds

Simple and powerful reporting

Confident security

Accessible partnership

Our team will make A Measurable Difference with our holistic appraoch to continuous monitoring. Welook at your challenges strategically, operationally and financially to provide the best recommendationsin support of your goals. Our CCM ToolkitTMhelps you determine the risks your organization needs tomonitor, the best approach to accomplish your goals and a timeline for implementation. Contact Jan Beckmannto receive a complimentary CCM Toolkit for your organization.


9/74

For more information or to schedule your Cost Recovery Plus consultation, contactJan Beckmann at 314.983.1254, [email protected].

You may be giving money away without realizing it. Our Cost Recovery Plus program helps recover cashowed to you, retain the cash you have and restructure your processes and controls to prevent future problems.Our local data analysis experts hold CPA, CIA, CISA and ACL certifications and have years of experience,providing added value to our clients. This program is reasonably priced to help us partner with you to growyour business.

RECOVER: Well help recover funds youre owed by identifying potential items for you to investigate.

+Duplicate payments+Missed vendor discounts+Unused vendor credits+Invalid charges on construction projects+Duplicate employee reimbursements

+Inappropriate corporate credit card transactions+Invalid employee benefits+Customer short paid invoices+Duplicate freight charges+Revenue leakage

Plus:We can address organizational or industry specific concerns such as royalties or long-termcontracts.

Plus:Once transactions are identified, we can provide investigative assistance.

RETAIN: Well identify opportunities to help you save money in the future.

+Revising vendor and customer terms+Customer credit review+Changes in employee benefits and hours

+Staffing review to reduce overtime+Improved pricing through strategic sourcing+Purchase order review procurement cards

Plus:Our information security experts can perform system penetration and vulnerability tests to verify

your data is safe from attack.Plus:Our certified fraud examiners can perform specialized fraud risk assessments which highlight

specific areas of concern.

RESTRUCTURE: We will help you improve your processes and controls to prevent future problems.

+Partner with management to identifyrealistic changes

+Develop changes that are sustainable andbenefit the company for the long-term

+Provide a formal report of observations andrecommendations

Plus:We can develop customized continuous monitoring systems at your request.

Cost Recovery PlusRecover, Retain, Restructure




10/74

Unfortunately organizations give away money as a part of their contracted obligations without realizing it.Brown Smith Wallaces Best Practice Cost Recovery Plus program helps organizations recover cash owed toyou, retain the cash you have and restructure your contract processes and controls to prevent future problems.Our local data analysis experts hold CPA, CIA, CISA and ACL certifications and have years of experience,providing added value to our clients. Our contract compliance auditing experts oversee contract auditing forsome the largest organizations in the world such as Wal-Mart Stores, Inc. and Siemens.

RECOVER: Well help recover funds youre owed by identifying potential items for you to investigate.

+Duplicate payments+Missed vendor discounts+Unused vendor credits+Invalid charges on construction projects

+Duplicate employee reimbursements

+Inappropriate corporate credit card transactions+Invalid employee benefits+Customer short paid invoices+Duplicate freight charges

+Revenue leakagePlus:We can address organizational or industry specific concerns such as royalties or long-term

contracts.

Plus:Once transactions are identified, we can provide investigative assistance.

RETAIN: Well identify opportunities to help you save money in the future.

+Revising vendor and customer terms+Customer credit review+Changes in employee benefits and hours

+Staffing review to reduce overtime+Improved pricing through strategic sourcing+Purchase order review procurement cards

Plus:Our information security experts can perform system penetration and vulnerability tests to verifyyour data is safe from attack.

Plus:Our certified fraud examiners can perform specialized fraud risk assessments which highlightspecific areas of concern.

RESTRUCTURE: We will help you improve your processes and controls to prevent future problems.

+Partner with management to identifyrealistic changes

+Develop changes that are sustainable andbenefit the company for the long-term

+Provide a formal report of observations andrecommendations

Plus:We can develop customized continuous monitoring systems at your request.

Cost Recovery PlusRecover, Retain, Restructure




11/74

Our cost segregation studies identify assets buried in building costs and assign theshortest possible depreciation life to them, resulting in maximum tax deferrals on thefacility. For instance, if you are constructing a new building or undergoing major remodeling, we

allocate short life property to the correct life depreciation class. If we didnt, these assets wouldcome under the longer 39-year depreciation schedule that encompasses the building.


A thorough investigation is necessary to assign proper asset life classifications, which ultimatelysaves you tax dollars. We follow a step-by-step IRS approved process that allows us to efficientlydetermine short life property. While each project is different, our cost segregation studiestypically involve:

Reviewing architectural drawings

Conducting on-site facility inspections

Isolating shorter class life depreciation

Preparing detailed asset descriptions

Documenting assets qualifying for 3, 5, 7, 10, 15, 20 or 27.5 year life depreciation

Reviewing findings with management and preparing final reports

Careful segregation of personal and real property costs results in substantial tax savings. Better yet,these tax savings come when you need them most -- the first few years after occupying a new or

remodeled facility.

By following a proven process, and applying our years of tax and cost segregation experience,

you will receive value and savings well in excess of our fees. Having worked with a wide varietyof clients including hospitals, universities, utilities, retailers, manufacturers, distributors, restaurantsand automobile dealerships, we will work hand-in-hand with you to achieve your goalseffectively and efficiently. Contact us to schedule an opportunity assessment.

CONSTRUCTION AUDIT

Our typical ROI on a construction audit is 1-2% of the projects cost. We can integrate a costsegregation review with the audit, which typically increases the overall ROI we can provide on aproject to 3% or more. (Please see description of our construction audit services on the other side.)

www.bswllc.com888.279.2792

1050 N. Lindbergh Blvd. | St. Louis, MO 63132PH 314.983.1200 | FX 314.983.1300

1551 Wall St., Ste. 280 | St. Charles, MO 63303PH 636.255.3000 | FX 636.947.6128

Cost Segregation

Contact Robin Bell, CPA at 314.983.1217, [email protected] orCathy Goldsticker, CPA at 314.983.1274, [email protected].


12/74

These are the 3 tangible benefits our construction audit experts can bring to project

owners. We can help you achieve them by making sure you properly assess change orders andother issues generated by the contractors specialists who are dedicated to maximizing the contract.

CONSTRUCTION AUDIT

Our typical/average ROI on a construction audit is 1-2% of the projects costs. We can provide a numberof tangible benefits, including:

Cost recovery of overcharges

Lower capital costs

Reduced project risks Fewer open issues and disputes

Stronger financial controls and reporting

Enhanced communication and project delivery

Tighter policies and procedures

Improved contract language Better regulatory compliance


As part of our construction audit, we can also provide a cost segregation study that will identify taxsavings you can recover on your construction project. This integrated approach typically increases theoverall ROI we can provide on a project to 3% or more. (Please see the description of our cost segregationservices on the other side.)

OPPORTUNITY ASSESSMENT

If you are interested in saving from 1-3% or more on your construction project, please contact us toschedule an Opportunity Assessment. With less than 30 minutes of your time, we can estimate theROI we can provide.

Construction Audit1. ROI 2. Savings 3. Lower risk

www.bswllc.com

888.279.2792

1050 N. Lindbergh Blvd. | St. Louis, MO 63132

PH 314.983.1200 | FX 314.983.1300

Contact Dale Helle at 314.983.1338, [email protected] orBill Willbrand, CPA at 636.754.0200, [email protected].

1551 Wall St., Ste. 280 | St. Charles, MO 63303

PH 636.255.3000 | FX 636.947.6128


13/74


allocate short life property to the correct life depreciation class. If we didnt, these assets would

come under the longer 39-year depreciation schedule that encompasses the building.










remodeled facility.

By following a proven process, and applying our years of tax and cost segregation experience,you will receive value and savings well in excess of our fees. Having worked with a wide varietyof clients including hospitals, universities, utilities, retailers, manufacturers, distributors, restaurantsand automobile dealerships, we will work hand-in-hand with you to achieve your goalseffectively and efficiently. Contact us to schedule an opportunity assessment.

CONSTRUCTION AUDIT


Cost Segregation

Contact Robin Bell, CPA at 314.983.1217, [email protected] orCathy Goldsticker, CPA at 314.983.1274, [email protected].

ST. LOUIS, MO | ST. CHARLES, MO | HIGHLAND, IL314.983.1200 | 636.255.3000 | 888.279.2792

[email protected] | WWW.BSWLLC.COM


14/74


allocate short life property to the correct life depreciation class. If we didnt, these assets wouldcome under the longer 39-year depreciation schedule that encompasses the building.










remodeled facility.

By following a proven process, and applying our years of tax and cost segregation experience,

you will receive value and savings well in excess of our fees. Having worked with a wide varietyof clients including hospitals, universities, utilities, retailers, manufacturers, distributors, restaurantsand automobile dealerships, we will work hand-in-hand with you to achieve your goalseffectively and efficiently. Contact us to schedule an opportunity assessment.

CONSTRUCTION AUDIT


Cost Segregation

Contact Robin Bell, CPA at 314.983.1217, [email protected] ,Cathy Goldsticker, CPA at 314.983.1274, [email protected]

Rob Haggerty, CPA at 314.983.1311, [email protected]




15/74

Contact Jan Beckmann, CPA, at 314.983.1254, [email protected] Ted Flom, CPA, CIA, CISA at 314.983.1294, [email protected].

Data is everywhere. More and more of it is constantly captured in systems where controls are implementedto ensure its accurate. But, what do you do with all of that data? Are you getting the information you need tomake the decisions?

OUR TOOLS

Our data analysis experts use ACL software to pull the information you need out of your data. ACL softwarehas some great benefits.

No limit to the amount of data that can be analyzed

Flexibility allows access to any type of data from mainframes to pdf

Fast results

Strong continuous monitoring capabilities

We also optical character recognition (OCR) software, SQL, MS Access and MS Excel when the situationcalls for it. Our secure FTP site allows us to transfer data without concern to security or file size.

OUR MISSION

Help you answer the questions you cant answer otherwise using your data.

We are experienced in searching for trends and understanding what data is telling you about operations,controls and financial results. For instance, medical claim data can identify physicians with unusually frequentbillings to identify potentially fraudulent billings. We could use that same data to compare to an eligibilitydatabase to verify that all claims are for eligible participants. The list of possible analyses is endless and shouldbe specific to your areas of highest risk and concern.

OUR TEAM

Our team is led by Jan Beckmann, CPA, ACL Certified Trainer. She combines her audit, accounting, andconsulting background with years of data analysis experience to help determine where and how data analysiscan be most beneficial. Keeping our mission in mind allows Jan and her team to slice and dice the data andidentify trends that tell the story.

Data Analysis Services




16/74

Contact Jan Beckmann, CPA, at 314.983.1254, [email protected] Ted Flom, CPA, CIA, CISA at 314.983.1294, [email protected].

Just imagine...The system conversion on which youve worked so diligently bombs on the go-live. Bad data isbrought over to the new system. Some data never shows up at all. Testing both the data that will populate thenew system and the mapping of the data to the new system can prevent this nightmare.

Data analysis software (e.g., ACL) enables us to test 100% of your data, regardless of the size of the file, sowe can provide you with a heat map that profiles and prioritizes all specific data and mapping issues.

CONVERSION TESTING

We only need three files for us to test the conversion efficiently (1) a dump of the data from the oldsystem, (2) the map to the new system, and (3) a dump of the resulting data after the test conversion in the

new system. Just 1, 2, 3 and we can quickly verify whether the conversion is working effectively.DATA CLEANSING

Of course, a new system wont make bad data good. Well test the data to verify your new system is populatedwith good data. Following are a sampling of the tests we can perform based on payroll data.

Corruption corrupt packets of data

Invalid data technically invalid dates and numbers

Missing data blanks in key fields such as social security number, name, and address

Duplicates the same employee with two employee numbers

Incorrect calculations verify the gross to net pay calculation

Illogical relationships data in two fields that doesnt make sense together such as birth date afterhire date

Outside bounds anything outside specified boundaries, e.g.,:

Employees younger than 16 or older than 70

Invalid codes in the employee status

Locations that dont exist

Payment to terminated employees

Employees with no tax withholdings or deductions

System ConversionTesting & Data Cleansing




17/74

Contact Jan Beckmann, CPA, at 314.983.1254, [email protected] Larry Pevnick, CPA, at 314.983.1247, [email protected].

Effective communication with employees is essential for a dependent eligibility verification audit. Since theemployee population varies at each company, our approach varies depending on what works best for eachorganization. Engagements begin with a kick off meeting with management to discuss the scope, objectivesand approach. At this meeting, we discuss the various options available for conducting the dependenteligibility verification audit and will agree upon the approach that makes sense for your organization.

Customized QuestionnairesWe use technology as much as possible to customize the questionnaire and limit the amount of timerequired by the employee to complete the process. Rather than sending out a lengthy questionnaire, we cancustomize the request to the employee. For instance, if an employee is shown in the system to have a spouse

and no other dependents, there is no need for them to read through the information required for otherdependents. In these instances, we would only request a marriage certificate, prior years tax return showingtheir status as married, and their acceptance of that statement that they are currently married to the personshown as their spouse.

Web-Based CapabilitiesFor some companies, a web interface is the easiest and least expensive way for employees to complete theirrequirements. Employers sometimes make a computer and scanner available at work for employee use if theyare concerned that these tools may not be available at home.

Email and Postal ServiceIf a web interface does not make sense for your company, requests for verification and documentation can besent to employees via company email or through the US Postal Service. The US Postal Service is more costlythan the other methods, but for certain employee populations, it may be the best method for completing theaudit.

Follow UpWe often employ multiple communication methods when follow up is required. For instance, if there was nota good response rate through the web interface, we may follow up through email or the USPS.

Employee CommunicationA BSW team member is always available during business hours to answer questions via phone. We makesure that we treat employee questions with respect and assure them that their personal information is beinghandled securely.

Dependent EligibilityVerification Audits

The Brown Smith Wallace Process




18/74

Dependent EligibilityVerification

Contact Janet Beckmann, CPA, at 314.983.1254, [email protected] orLarry Pevnick, CPA, at 314.983.1247, [email protected].



The rising cost of health care and health care reform is making news on a daily basis. You can share costs with

employees by increasing co-payments and premiums, you can help defray future costs by implementing a wellness

program, but how can you decrease your overall insurance costs now? You can realize a substantial savings when

you remove ineligible dependents from your insurance plan.

A dependent eligibility verification audit reduces insurance costs immediately by removing dependents ineligible

for insurance benefits and eliminating their future claims. On average, companies find 3% to 8% of their plans

dependents are not eligible, which can add up to substantial savings. Frequently, relatives such as ex-spouses,

grandchildren, nieces, or nephews are included as dependents, but are not eligible based upon the plan design.

Thorough and Value-Added ApproachOur document-based audit approach requires verification of 100% of the individuals named as dependents. A birth

certificate, marriage license, and/or tax form is acceptable documentation. Any additional information you would

like to gather may be included at that time (e.g. dependent social security numbers). The audit is completed by

using your email system and/or postal service, whichever you prefer. We clearly state that this audit includes 100%

of all dependents and is completed by an independent party to provide a sense of fairness to employees.

In addition to the dependents, we can also verify that employees meet the required criteria for participation in your

insurance plan based on data in the employee master file. Specific tests can be performed for verifying the

employees have met the employment status and work hour requirements.

From planning your audit to the final report, we search for methods to improve your processes. Our team is

comprised of experts in insurance, process improvement and internal controls, which means we continuously look

for value-added solutions. Our focus is not just on finding the problems, but also in helping you understand and

address the root cause. We provide recommendations for related items we identify and processes can be

implemented to maintain your results post-completion.

Essential Communication

Communication is essential for the success of any project. You will find an engagement team member available by

phone for any questions plan participants may have throughout the audit. Calls are logged and made available to you.

We will also provide weekly status updates to you on the audits progress and results. To help you determine the suc-

cess of the audit, we can identify and quantify claims paid for ineligible dependents. This is just one more

way Brown Smith Wallace makes A Measurable Difference.


19/74

6. Do you have a documented communication policy that defines who has the authority tocommunicate to external parties (e.g. the press)?

7. Does your plan identify the communication tools that will be used for internal collaboration?

8. Does your plan identify the communication tools that will be used to notify your customers orclients?

9. Does your plan identify how coordination and communications will be controlled as recoveryefforts take place?

10. Has your plan undergone a test within the last 12 months?

DISASTER RECOVERY - IT CENTRIC

1. Has the backup frequency been approved by the business data owners?

2. Has a system or data recovery time objective (this is the time to restore or recover data tooperational capacity prior to the disruption) been defined?

3. Have the backups been tested to validate that data is readable and recoverable?

4. Does the recovery method meet the recovery time objective requirements set by the business?

5. Has the plan been tested to ensure necessary resources and actions work in concert with oneanother to meet the Recovery Time Objective established by the business?

6. Does the plan identify critical applications or systems that are necessary to keep the businessoperational)?

7. Is it possible to continue delivering essential services during a disruption of IT Services?

8. Do you have an inventory listing of your IT infrastructure assets so that in the event systems aredestroyed they can be recreated at an alternate site?

9. Does your existing infrastructure design (e.g. power network, systems, etc.) address resiliency bymitigating single points of failure?


Disaster PreparednessBusiness Continuity Planning

Checklist and Scorecard (continued)

Contact Tony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297, [email protected] orLarry Newell, CISA, CBRM, at 314.983.1218, [email protected].



CRISIS MANAGEMENT AND COMMUNICATION PLAN (continued)

Brown Smith Wallaces risk management team can assess your current processes and develop a plan to sustain

mission-critical operation in case disaster strikes. To arrange for a high-level plan review and receive the resultsof the checklist, please contact Larry Newell. (See below).


20/74

Disasters affecting business operations, such as tornadoes, earthquakes, floods, fires or malicious acts, areunpredictable and can be devastating. They happen at any time with varying degrees of magnitude.

A disaster recovery plan documents procedures necessary to restore business resources prior to the disaster.It provides you the opportunity to take positive action before the disaster occurs.

Companies of all sizes who need complete assurance they are sufficiently prepared to fully restore essentialIT infrastructures critical to supporting their business processes.

SCOPE OF SERVICES

The Disaster Recovery Team at Brown Smith Wallace meets with your appropriate business unitleaders to review, evaluate and assist them in developing, constructing and testing a customized InformationTechnology (IT) Disaster Recovery Plan. Whether reviewing an existing plan or establishing a new one, a

grass-root logical approach is applied. The recovery plan takes a holistic approach to business operationswhile identifying the restoration objectives.

We identify critical business systems and applications, then develop and document associated recoveryprocedures. Resources and action plans reside in a documented procedure with critical timelines established.The areas we asses include, but are not limited to, human resources, facilities management, communicationsystems, information technology, infrastructure resources and media relations.

Brown Smith Wallace has developed and performed hundreds of disaster recovery plans and reviews ofservice organizations. We serve clients in a variety of industries, some of which include insurance,manufacturing and marketing. Our service professionals restore confidence by assuring an effective disasterrecovery plan is in effect and disaster preparation is under control.

Disaster Recovery

Contact Tony Munns, CISA, FBCS, CITP, at 314.983.1297, [email protected] orLarry Newell, CISA, CBRM, at 314.983.1218, [email protected].

ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM


21/74

1. Do you have a documented Disaster Recovery Plan?

2. If a disaster should occur, do you know what the financial losses to your business wouldbe for a day, month, quarter or year? What about operational losses including: image orreputation, stakeholder confidence, regulatory or legal issues, loss of competitive edge?

3. When was the last time your plan has undergone a current state of assessment? Does theplan account for hardware, software and vendor changes, including contracts with

external service organizations?

4. Does you plan identify the critical IT applications that are necessary for your businesssurvival?

5. Has the plan been tested to ensure necessary resources and actions work in concert withone another to meet the Recovery Time Objective established by the business?

6. Are your data backups tested for readability to ensure data can be recovered?

7. Do you have a documented business continuity plan that identifies and addressesalternate work locations, processes and resources that could be used to minimize thepossibility of interruption to business operations when unexpected disruptive events occur?

8. Are there crisis management policies or procedures that address what constitutes a disasterthat would invoke a business continuity plan?

9. Does your crisis management plan address the four Cs? Control Communication Collaboration Coordination

10. Does your existing infrastructure design address resiliency by mitigating single points offailure?

Disaster RecoveryBusiness Continuity Planning

Top 10 Checklist

Contact Larry Newell, CISA, CBRM, at 314.983.1218 or [email protected].



Question Rating


22/74

Contact Nick Lombardi, PE, MBA, at 314.983.1323, [email protected].

Organizations of all sizes are challenged with balancing energy costs with productivity, budget limitationsand their strategies for environmental stewardship. Brown Smith Wallace provides energy assessment servicesto help organizations save money, make smart energy choices and go green.

Energy Incentives

Your organization could benefit from many of the state, federal and utility incentives that are available.Our energy services team can determine if your organization qualifies, and can help you develop theappropriate incentive application documents.

Our licensed professional engineers (PE) can certify the detailed building inspections and energystudies needed to qualify for federal tax deductions for energy efficiency improvements.

Energy Usage AnalysisOur energy experts can analyze your costs, usage patterns, waste, etc., to determine what cost savings youmay be missing.

Utility bill analysis Review historical utility bills to determine if costs, usage levels or usage patternsindicate equipment problems, operational problems or unfavorable rate selections.

Building energy assessments Our experts can identify sources of energy waste and recommendcorrective actions by performing certified building inspections. These inspections can focus on yourspecific needs ranging from a simple lighting survey to a detailed engineering system analysis.

Cost Comparisons

Provider selection Customers with retail electric or gas competition (e.g., Illinois commercial andindustrial facilities) have a choice of utility providers. Our energy experts can review competitive fee

structures and evaluate them based on your organizations usage patterns to determine which providercan deliver the most economical services.

Project justification Our experts can provide an independent cost/benefit analysis of vendoroffers for the installation or retrofit of lighting, HVAC, windows or insulation. We can also providethe documentation that supports your decisions.

Project analysis We provide detailed economic analyses of renewable energy and co-generationprojects to determine cost feasibility. We also identify all monetary incentives.

Our measurable difference is our energy industry expertise. Our team has over 25 years experienceperforming energy project development, feasibility studies, cost estimating, project justification, projectauditing, project performance tracking and reporting. We unveil the carbon intensity of your operations andidentify opportunities to reduce your carbon footprint. For additional information, contact our energy

services leader, Nick Lombardi (see below).

Energy AssessmentServices




23/74

Phase 1: Planning and OrganizationEstablish the ERM program and project struc

Phase II: Risk AssessmentIdentify and develop risk mitigation strategie

Phase III: Risk Mitigation

Identify and develop risk mitigation strategie

Phase IV: Monitoring

Develop strategies and tools to continuouslymonitor risks

Phase V: Knowledge Transfer

Institutionalize the process into the organizat

The Methodology of ERM

To learn how our risk advisory services can make A Measurable Differencefor your organization,please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1238 or [email protected].


ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | [email protected] | 1.888.279.2792 | WWW.BSWLLC.COM


24/74

Enterprise risk management is a continuouprocess that identifies, analyzes, mitigatesand monitors potential events that createuncertainty in the achievement of a

companys objectives.

The Brown Smith Wallace ERMLadder identifies the components of an ERstrategy based on the establishment of anERM structure that is aligned with corporgovernance.

ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | 618.654.3100

[email protected] | 1.888.279.2792 | WWW.BSWLLC.COM

The ERM Process

To learn how our risk advisory services can make A Measurable Differencefor your organization,please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1238 or [email protected].



25/74

Phase 1: Planning and OrganizationEstablish the ERM program and project stru

Phase II: Risk AssesmentIdentify and develop risk mitigation strategi

Phase III: Risk Mitigation

Identify and develop risk mitigation strategi

Phase IV: Monitoring

Develop strategies and tools for the continumonitoring of risks

Phase V: Knowledge Transfer

Institutionalize the process into the organiza

The Methodology of ERM

To learn how our risk advisory services can make A Measurable Difference for yoru organization,please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1328 or [email protected]


ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | [email protected] | 1.888.279.2792 | WWW.BSWLLC.COM


26/74

Enterprise risk management is a continuoprocess that identifies, analyzes, mitigateand monitors potential events that createuncertainty in the achievement of a

companys objectives.

The Brown Smith Wallace ERMLadder identifies the componets of an ERstrategy based on the establishment of anERM structuve that is aligned with corpogovernance.

ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | 618.654.3100

[email protected] | 1.888.279.2792 | WWW.BSWLLC.COM

The ERM Process

To learn how our risk advisory services can make A Measurable Difference for yoru organization,please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1328 or [email protected]

omprehensive Accounting & Tax Consulting | Audit & Risk Management Services | Management Consulting | Financial Advisory


27/74

The Federal Financial Institutions Examination Council (FFIEC) requires that financial institutions conductan independent review of their inforation technology systems each year. This review was designed to safe-

guard financial institutions customers and is enforced by regulators through the safety and soundness por-tion of their annual examinations. Brown Smith Wallace information technology systems review ensuresthat your information technology system meets the regulatory requirements before the examiner walksthrough the door. Using the FFIECs handbook and maximizing our professionals own experience with theFederal Reserve, we take a comprehensive look at your key technology systems:

Audit

Management assessment

Develop and acquisition

Support and delivery

PC Security

Networking

LAN/WAN operations

E-banking

ATMs and wire transfer options

Ongoing consultation is provided to your staff in these ares throughout the engagement, culminating in afinal discussion with management. A comprehensive report is sent to the institutions board of directors oraudit committee following the engagement.

Meet the requirements of the regulators before they arrive

Cost-effective assurance on controls and security

Detailed report allows you to fully understand all areas reviewed

Mirros the review done by the regulators

Offers experienced consultants familiar with the guidelines

Provides a full, detailed report to management

Uses an efficient, planned approach

Financial InstitutionsIT Systems Review

Contact Tony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, [email protected],Ted Flom, CPA, CISA, CIA at 314.983.1294, [email protected] or Jay Andersonat 314.983.1385, [email protected].




28/74

1. Do you have a documented Disaster Preparedness Plan that includes Business Continuity Planning?

2. Has a business impact analysis been performed or documented identifying the financial impact thatwould result if a business function was not operational for a day, a week or a month? What aboutoperational losses including: image or reputation, stakeholder confidence, regulatory or legal issues,loss of competitive edge?

3. Does your plan identify critical business functions or processes that need to be protected orrecovered timely and are necessary to sustain business operations?

4. Are the business function or process flows documented so that they may be recreated including anyspecialized materials (e.g. printed forms, etc.)?

5. Does your plan take into consideration work force (human resource) disruptions (e.g. pandemic)?

6. Do you have a documented evacuation plan in place for all your facilities?

7. Does you plan take into consideration work place disruptions due to natural disruptions(e.g. tornado or earthquake) or incidents such as fire or utility outages?

8. Does the plan include services provided to the business by external service organizations?

9. Can critical business functions or processes be performed manually?


CRISIS MANAGEMENT AND COMMUNICATION PLAN

1. Do you have a documented plan that defines who has decision making authority when a significantbusiness disruption occurs?

2. Is there a succession plan in place to transfer decision making power if an appointed team member isunavailable due to unforseen circumstances?

3. Does the plan address performing an assessment?

4. Does the plan contain graduated guidelines to determine the extent of the business disruption whenperforming the assessment and when to invoke business continuity or disaster recovery plans?

5. Does the plan address the type of media (e.g. call tree, e-mail, automated system) that will be usedto communicate with your employees?


Checklist and Scorecard




Question Scoring -Y

BUSINESS CONTINUITY PLANNING


29/74

6. Do you have a documented communication policy that defines who has the authority tocommunicate to external parties (e.g. the press)?

7. Does your plan identify the communication tools that will be used for internal collaboration?

8. Does your plan identify the communication tools that will be used to notify your customers orclients?

9. Does your plan identify how coordination and communications will be controlled as recoveryefforts take place?


DISASTER RECOVERY - IT CENTRIC

1. Has the backup frequency been approved by the business data owners?

2. Has a system or data recovery time objective (this is the time to restore or recover data tooperational capacity prior to the disruption) been defined?

3. Have the backups been tested to validate that data is readable and recoverable?

4. Does the recovery method meet the recovery time objective requirements set by the business?

5. Has the plan been tested to ensure necessary resources and actions work in concert with oneanother to meet the Recovery Time Objective established by the business?

6. Does the plan identify critical applications or systems that are necessary to keep the businessoperational)?

7. Is it possible to continue delivering essential services during a disruption of IT Services?

8. Do you have an inventory listing of your IT infrastructure assets so that in the event systems aredestroyed they can be recreated at an alternate site?

9. Does your existing infrastructure design (e.g. power network, systems, etc.) address resiliency bymitigating single points of failure?



Checklist and Scorecard (continued)




CRISIS MANAGEMENT AND COMMUNICATION PLAN (continued)

Brown Smith Wallaces risk management team can assess your current processes and develop a plan to sustain

mission-critical operation in case disaster strikes. To arrange for a high-level plan review and receive the resultsof the checklist, please contact Larry Newell. (See below).


30/74

1. Do you have a documented Disaster Recovery Plan?

2. If a disaster should occur, do you know what the financial losses to your business wouldbe for a day, month, quarter or year? What about operational losses including: image orreputation, stakeholder confidence, regulatory or legal issues, loss of competitive edge?

3. When was the last time your plan has undergone a current state of assessment? Does the

plan account for hardware, software and vendor changes, including contracts withexternal service organizations?

4. Does you plan identify the critical IT applications that are necessary for your businesssurvival?

5. Has the plan been tested to ensure necessary resources and actions work in concert withone another to meet the Recovery Time Objective established by the business?

6. Are your data backups tested for readability to ensure data can be recovered?

7. Do you have a documented business continuity plan that identifies and addressesalternate work locations, processes and resources that could be used to minimize the

possibility of interruption to business operations when unexpected disruptive events occur?

8. Are there crisis management policies or procedures that address what constitutes a disasterthat would invoke a business continuity plan?

9. Does your crisis management plan address the four Cs? Control Communication Collaboration Coordination

10. Does your existing infrastructure design address resiliency by mitigating single points of

failure?

Disaster RecoveryBusiness Continuity Planning

Top 10 Checklist

Contact Larry Newell, CISA, CBRM, at 314.983.1218 or [email protected].


314.983.1200 | 636.255.3000 | [email protected] | WWW.BSWLLC.COM

Question Rating


31/74

GARYWHITE, THEGROVESRon Present was an asset to our management team. He conducted strategic planning sessions with theteam and helped craft our strategy regarding our services including hospice and therapy. He also workedwith us to create a new brand for the delivery of our therapy services throughout our campus and thecommunity. He truly understands the senior housing and post acute market and knows how to craftrelevant and practical solutions.

MARYRIGGS, BJC HEALTHCARE

I worked with Brown Smith Wallace on several internal audit projects. I found them to be veryknowledgeable of health care operations and understood how the work they completed was integrated into

and enhanced our internal controls. One internal audit area of great help was the analysis and developmentof controls related to data access and its meaningful use implications.

TARIQMALAK, CENTREPOINTEHOSPITAL

The team at Brown Smith Wallace truly understands customer service and the ever changing health carelandscape. Their knowledge, expertise and advice have proven a key ingredient in the successful provisionof services for the hospital. I highly recommend them.

JIMCALI, BI-STATEDEVELOPMENTAGENCY

Brown Smith Wallace understands what it means to work with their clients to achieve their goals. They

understand risk management and have the experience to see the big picture without losing sight of thedetails. I found the professionals at Brown Smith Wallace to be very knowledgeable and very easy to workwith. They took the time to truly understand our organizational framework and corporate goals. Theycompleted the engagement on time and within the budget. Working with Brown Smith Wallace was apleasure.

JAYKIRSCHBAUM, WILLISGROUP

Brown Smith Wallace has provided a complete suite of HIPAA security and privacy services to many ofour clients on a national basis. Over the years we have developed a relationship with Brown Smith Wallaceas a trusted HIPAA resource service provider and expert. If our clients request or require HIPAA support,we refer them to Brown Smith Wallace as an option for service. We have always had positive feedback

from those referrals and look forward to having Brown Smith Wallace continue to be our HIPAA resourcepartner.

Health Care Services

Testimonials

Contact Ron Present, CALA, CNHA at 314.983.1358, [email protected].




32/74

Recent additions to HIPAA regulations as a result of the HITECH legislation passed this year require thatBusiness Associates be compliant with the rules previously reserved for covered entities. The questionsbelow will help you determine if your company is a covered entity or business associate and thereforeneeds to be HIPAA compliant.

DOINEEDTOBEHIPAA HITECH COMPLIANT?

DOINEEDTOBEHIPAA-HITECH COMPLIANT?

Are you a health care provider? This includes:

o Doctors

o Dentists

o Pharmacies

o Durable medical equipment suppliers

o Opticians

Are you a clearinghouse?

o Defined as an entity that processes health information received from another entity innon-standard format into standard EDI X12 format, or vice versa.

Does your company have self-insured health benefit plans that have 50 participants or more, ormore than $5 million in annual premiums?

Are you a Business Associate?

o Has one of my customers sent me a Business Associate Agreement?

o In the course of providing service to your clients or customers, do you come intocontact with Protected Health Information (PHI), that is: individually identifiablehealth information that is maintained or transmitted in any form or medium?

If you answered yes to any of the above questions, you most likely fall under HIPAA guidelines as acovered entity or business associate.

HIPAA - HITECHQuestionnaire

Key Questions to Determine if You are a Business Associate orCovered Entity as Defined by HIPAA - HITECH Legislation

Contact Anthony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297 or [email protected].

ST. LOUIS, MO | ST. CHARLES, MO | HIGHLAND, IL314.983.1200 | 636.255.3000 | [email protected] | WWW.BSWLLC.COM


33/74

There are many good reasons for a service organization to have a SAS 70 audit or review conducted.Compliance, of course, is a major driver, but organizations that undertake a quality SAS 70 process canuse the report as a selling point to potential customers that they can trust your organization with theirinformation. You can also obtain valuable information that will enable you to improve your processes.

Before starting, however, it will make the process much more efficient and effective if you can answer thesekey questions:

WHATTYPEOFAUDITDOYOUWANT?

Does the engagement need to be a SAS 70?

Have you considered other types of audits and opinions that can be issued to satisfy the needs of

the user organizations, e.g., an Agreed Upon Procedures Audit? Is there anything you could issue consistent with your auditing standards? E.g., Sarbanes-Oxley

allows for other types of reports similar to a SAS 70 report if they meet certain requirements.

Has any testing been performed of controls today or in the past? If so, what have the results been?Are there any significant internal control issues?

Have you considered a pre-assessment to determine how ready you are for the actual SAS 70?

HAVEYOUCONSIDEREDTHEIMPACTOFTHENEWSSAE 16 ONTHEENGAGEMENT?

SSAE 16 replaces the SAS 70 standards for reports issued after June 30, 2011.

Which category of audit will you need: SOC 1, SOC 2 or SOC 3?

Will this be a Type 1 or Type 2 audit?

Would you like to add other relevant compliance areas, such as Disaster Recovery, HIPAA,GLBA, or PCI compliance, etc., to the scope of the SSAE16 engagement? There may beadvantages.

Pre-SAS 70 QuestionnaireKey Questions to Answer Before Undergoing a SAS 70

Contact Anthony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297 or [email protected].




34/74



Industries Served

At Brown Smith Wallace, we provide fraud and forensic services for a variety of industries. For example,

our team has significant experience working in organizations of all sizes ($10 million annual revenue tomulti-billion dollar Fortune 500) within industries such as, but not limited to, the following:

Certifications

Our team of experienced professionals has a diverse range of experience backed by some of the most well-known credentials in the fraud and forensic, accounting, and consulting industries:

Fraud & Forensics

Contact Ted Flom CPA, CISA, CIA, at 314.983.1294, [email protected] orTony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, [email protected].

AerospaceAgricultureAutomotiveBankingBeveragesBusiness ServicesCharitable OrganizationsChemicalsComputer HardwareConstructionConsumer Products

Cultural InstitutionsDefenseEducationElectronicsEnergy & UtilitiesEnvironmental ServicesFinancial ServicesFoodFoundationsGovernmentHealth Care

Industrial ManufacturingInsurance LeisureMediaMembership OrganizationsMetals & MiningPharmaceuticalsReal EstateRetailSecurity Products & ServicesTelecommunicationsTransportation

Certified Public Accountant (CPA)Certified Fraud Examiner (CFE)Certified in Financial Forensics (CFF)Certified Forensic Accountant, Diplomate Status(DABFA)Certified Ethical Hacker (CEH)ACL Certified Data Analyst (ACDA)Certification in Risk Management Assurance(CRMA)

Certified Assisted Living Administrator (CALA)Certified Construction Auditor (CCA)Certified Information Systems Auditor (CISA)Certified Internal Auditor (CIA)Certified Nursing Home Administrator (CNHA)Chartered Global Management Acountant (CGMA)GIAC Certified Penetration Tester (GPEN)Qualified Security Assessor (QSA)


35/74


Contact Don Mitchell, CPA, CFE at 314.983.1248, [email protected] | Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Crat 314.983.1259, [email protected] | Ron Schmittling, CPA, CITP, CISA, CIA at 314.983.1398, [email protected]

The pervasiveness and cost of corporate fraud, employee misappropriation of assets and financial statementabuse is a huge problem in American business today. Because of the nature of corporate fraud, companiesneed an expert specifically trained with experience in investigation, detection, quantification andprevention techniques to thwart fraud.

Our team of experienced and credentialed forensic accountants have a proven track record and can helpyou prevent and investigate fraudulent activity.

DETECTION AND PREVENTION

Fraud prevention processes, policies and controls are designed to stop fraud before it occurs. Our fraudteam can design a fraud detection and prevention plan that will help you:

Segregate duties

Create a process of checks & balances

Develop a procedure manual

Perform an independent audit

Perform an overall weakness assessment

Develop a conflict of interest policy

Here are some of the services and tools you have access to with the Brown Smith Wallace fraud team.

Fraud Risk Assessments

Fraud Investigations

Fraud Prevention Review

Continuous Monitoring Programs

Fraud Diagnostic Tools

- Anti-Corruption Fraud Prevention Toolkit

- Fraud Detection & Prevention Toolkit

- Fraud Prevention Checkup

DATA ANALYSIS

If suspicious activity is occurring in your business, call on the Brown Smith Wallace data analysis team.We utilize powerful data analysis tools such as ACL, Microsoft Access and optical character recognitionsoftware, etc., to help gather data and perform detailed analysis. Our data analysis professionals willenable you to see who is accessing files, how the information is being manipulated, what information isbeing recorded, etc.

As an exampleAs an example: Our team was able to detect a fraud in which engineering managers were booking costs toclosed projects while receiving bonuses for bringing current projects in under budget. Analyzing the dataprovided the proof that the suspicions were correct and the disclosure put a stop to the activity.

Fraud & IT Forensics


36/74


Contact Don Mitchell, CPA, CFE at 314.983.1248, [email protected] | Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Crat 314.983.1259, [email protected] | Ron Schmittling, CPA, CITP, CISA, CIA at 314.983.1398, [email protected]

COMPUTER FORENSICS

The extent of our digital society is requiring you to have the ability to investigate suspicious activity found

on computers. IT risks range from financial fraud to hackers gaining access to your data.

IT forensics is the process of recovering and analyzing deleted, cached and hidden data from IT equip-ment. Our professional IT forensics team has the ability to analyze a wide range of devices from laptops tomainframes. Our services include:

Forensic Incident Response

Forensic Litigation Support

Incident Report Process Improvement

When you engage Brown Smith Wallace to investigate suspicious computer activity, our computer

forensics investigation follows a very specific eight step process:

FRAUD & FORENSIC EIGHT STEP PROCESS

1) Determine what your management knows and what they have uncovered

2) Quarantine the equipment

3) Engage an attorney and put the suspect(s) on leave of absence

4) Determine the nature of the fraud

5) Determine how much historical investigation is required

6) Investigate receipts, payroll, inventory, vendors and anything suspicious

7) Prepare a report to be presented to your management team

8) Implement the recommendations


37/74



Contact Don Mitchell, CPA, CFE at 314.983.1248, [email protected] | Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Cr.Fat 314.983.1259, [email protected] | Ron Schmittling, CPA, CITP, CISA, CIA at 314.983.1398, [email protected]

The pervasiveness and cost of corporate fraud, employee misappropriation of assets and financial statementabuse is a huge problem in American business today. Because of the nature of corporate fraud, companiesneed an expert specifically trained with experience in investigation, detection, quantification and

prevention techniques to thwart fraud.




Segregate duties





Develop a conflict of interest policyHere are some of the services and tools you have access to with the Brown Smith Wallace fraud team.









DATA ANALYSIS


As an example: Our team was able to detect a fraud in which engineering managers were booking costs toclosed projects while receiving bonuses for bringing current projects in under budget. Analyzing the dataprovided the proof that the suspicions were correct and the disclosure put a stop to the activity.



38/74



The pervasiveness and cost of corporate fraud, employee misappropriation of assets and financial statementabuse is a huge problem in American business today. Because of the nature of corporate fraud, companiesneed an expert specifically trained with experience in investigation, detection, quantification andprevention techniques to thwart fraud.




Segregate duties





Develop a conflict of interest policy

Here are some of the services and tools you have access to with the Brown Smith Wallace fraud team.









DATA ANALYSIS


As an exampleAs an example: Our team was able to detect a fraud in which engineering managers were booking costs toclosed projects while receiving bonuses for bringing current projects in under budget. Analyzing the dataprovided the proof that the suspicions were correct and the disclosure put a stop to the activity.




39/74



Whether you are taking preventative measures or not, there is always the possibility that fraud may occur.Because many fraudsters take extreme precautions to cover their tracks, and their actions are sometimesmore widespread than anticipated, it is often difficult to determine the nature of the fraud, the parties

involved, and the estimate of how much was taken from your organization. Therefore, once fraud hasoccurred, a thorough investigation is critical to determine exactly what happened, the parties involved andhow much was taken.

Our Fraud Investigation and Quantification team has the tools and the experience necessary forconducting a fraud investigation and quantifying losses so you can take appropriate steps to make yourorganization whole again.

Fraud Investigation & Quantificatio


Computer ForensicsOur computer forensic team is a dedicated team

of specialists who collect, analyze and interpret

information relevant to an investigation.

A critical component in virtually every internalinvestigation or litigation matter is electronic

financial data.

Forensic Accounting & InvestigationOur team is composed of experts in forensic accounting

and investigation. We are capable and experienced at

working with company management, attorneys and law

enforcement to investigate potential fraud. Our techniques

include analyzing, reviewing, and testing accounting

records and controls as well as interviewing employees.

Fraud Data AnalysisOur trained and certified professionals search

for and identify patterns or irregularities

indicative of fraud, which are beneficial as part of a

larger fraud investigation or as a stand-alone

engagement.

Quantification of DamagesBesides determining how fraud was perpetrated, it is

equally important to determine how much was taken.

To recover lost funds, each company must be able

to prove to the trier of fact how much was taken.

Insurance Claims AssistanceOur team provides assistance to the vitim compa-

ny by performing an analysis of the activities and

quantification of the fraudsters illicit acts. The findings

of our team are then documented in a report specialized

to meet your insurance and companys specifications.

Expert TestimonyOur professionals frequently assist legal counsel in

internal investigations and litigation/prosecution

involving complex financial transactions. We are hired not

only for our analytical knowledge and skill, but our ability

to credibly testify and defend our opinions and findings.


40/74



Fraud is pervasive in the world today and every industry is affected. It is critical that organizations establishan anti-fraud culture that emphasizes fraud prevention and detection through executive leadership, policy,training, understanding fraud risks and monitoring/auditing for fraud. Any organization that does not prop-

erly implement fraud prevention and detection controls places itself at great risk.

Our Fraud Prevention & Detection solutions focus on preventing fraud before it occurs and detectingfraud in its early stages. We offer several solutions which can be tailored to fit any organizations particularneeds.

Fraud Prevention & Detection


Anti-Corruption ProgramsA proven methodology designed to provide a logical

approach to ensure appropriate controls are in place

to prevent, detect and respond to corruption activity.

Audits & Internal Control AssessmentsIt is essential that duties are segregated and that

controls are in place within your processes so

that opportunities to commit fraud are limited.

Code of Conduct/Anti-Fraud PolicyA key to effective fraud prevention is a code of

conduct and/or anti-fraudpolicy that lays out clear

guidances as to permitted/prohibited behavior

and actions.

Ethics Hotline/TrainingProviding individuals a means to reportsuspicious activity and conducting targeted fraud

awareness training for employees and managers.

Fraud Data MonitoringAn approach used by leading companies to

highlight exceptions and anomalies to help

prevent or detect fraudulent activity through

the continuous or periodic analysis of data.

Fraud Prevention Check-upFraud prevention check-ups can be a quick and

cost-effective way for you to evaluate whether your

company is properly addressing fraud prevention.

Fraud Risk AssessmentTaking a proactive approach to understanding and

systematically identifying where and how fraud may

occur and who may be in a position to commit fraud.

Policy and Procedure AssistancePolicies and procedures are an importantway to ensure an organization has the right

practices in place to prevent fraud. Management must

clearly communicate such practices to employees.


41/74

Contact Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Cr.FA. at 314.983.1259, [email protected] orRyan Hauber, MBA, CFE at 314.983.1317, [email protected].

The pervasiveness and cost of corporate fraud, employee misappropriation of assets and financial statementabuse is a huge problem in American business today. Because of the nature of corporate fraud, companiesneed an expert specifically trained with experience in investigation, detection, quantification and

prevention techniques to thwart fraud.




Segregate duties





Develop a conflict of interest policyHere are some of the services and tools you have access to with the Brown Smith Wallace fraud team.









DATA ANALYSIS


As an example: Our team was able to detect a fraud in which engineering managers were booking costs toclosed projects while receiving bonuses for bringing current projects in under budget. Analyzing the dataprovided the proof that the suspicions were correct and the disclosure put a stop to the acti

1 entire universe binder 01 02.5.14

Documents