1 Entire Universe Binder 01 02.5.14

5 Steps to
COSO Transition Success

1. Transition Timeline
PREPARE a project plan and timeline for transitioning to the new COSO
Framework. On December 15, 2014, COSO92 will be superseded by COSO2013.
Businesses should estimate between three to nine months in order to appropriately plan
and implement the transition.
2. Stakeholders
IDENTIFY the stakeholders in your organization that should be aware of the COSO
Framework updates. The Board of Directors, management, personnel, and internal and
external auditors are stakeholders that utilize the COSO Framework.
3. Current Framework
EVALUATE whether the current COSO Framework is applied effectively
throughout the organization today. The way businesses operate today has drastically
changed since the original COSO Framework was published in 1992. New business models,
evolving technology, changing regulatory requirements and other challenges require a
system of internal control that can quickly adapt to changes in business, operating and
regulatory environments. How has your business changed and what are the implications on
your internal control program?
4. Internal Control Education

EDUCATE the various departments and key stakeholders on their ownership and
responsibilities and the importance and relevance of internal controls. Internal
controls are important to all areas of your business. As an example, fraud risks exist in all
aspects of an organization, not just in financial reporting. So its important that each
department understands the five integrated components that comprise internal control
control environment, risk assessment, control activities, information and communication,
and monitoring activities and how these address objectives within their specific area of
responsibility.
5. Well-Planned Transition
DETERMINE the internal budget and expertise needed and available to support
the transition from COSO92 to COSO2013. To schedule a complimentary consultation,
contact Amy Ribick, CFE, CRMA, at 314.983.1347 or aribick@bswllc.com.
Amy Ribick, CFE, CRMA

Manager, Risk Advisory Services
314.983.1347 | aribick@bswllc.com
Duplicate Payment
Review
It is not uncommon for companies to make duplicate payments to vendors. While companies can try to
reduce this risk through system controls, it is still prevalent and often more difficult to detect.
Vendors are often set up with more than one vendor number, making it easy for the same invoice
to get paid more than once.
Statements and invoices can look remarkably similar, causing the same amount to be entered more
than once.
Disparate accounts payable processing locations often allows a vendor to be paid for the same
invoice from two different locations.
If the system doesnt allow a duplicate invoice number, employees may alter the invoice number
by adding a -1 or an A, allowing it to be entered again.
Automated duplicate payment controls typically look for the same invoice number from a vendor
occurring in the same year. Transactions around the end of the year can be more susceptible to
duplicate payment.
SCOPE OF SERVICES
We help you identify potential duplicate payments. We do this by getting an understanding of the
controls in your systems and processes. We then combine that understanding with our knowledge of the
many ways duplicate payments can occur. Data analysis software, such as ACL, allows us to sift through
the large quantities of data and develop customized tests to run against your data to detect potential
duplicate payments in your system. The time period is up to you, though we have seen the best results
from at least 12 months of data.
We can provide you with the information necessary to contact vendors to reclaim your payments
along with suggestions for how to improve your controls to prevent or detect duplicate payments in
the future. We can also help you develop continuous monitoring procedures to search for potential
duplicate payments on regular basis.
These are just a few examples of the assistance we can provide. Contact one of us to discuss other
possibilities to analyze your data and improve your business. At Brown Smith Wallace, we make
A Measurable DifferenceTM.
Contact Jan Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com or

Ted Flom, CPA, CISA, CIA, at 314.983.1294, tflom@bswllc.com.
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | 618.654.3100
INFO@BSWLLC.COM | 888.279.2792 |WWW.BSWLLC.COM
Approach to
Process Improvement
At Brown Smith Wallace we view process improvement as a systematic approach to improving the performance
of our clients. Our approach doesnt entail fighting fires or placing blame. It involves identifying and
understanding the causes of performance issues, making recommendations and developing policies and
procedures to help our clients reap the rewards of better performance. Our 15 step approach is outlined below.
Plan
Establish improvement
objective
Select process
Organize the team Internal and BSW
Document
Review current policies and
procedures
Walk through the process
Develop a flow chart for

the process
Evaluate
Review process for
adequacy of controls
Review process for efficiency

and effectiveness
Discuss improvements with

client team
Revise
Revise process flow chart for
agreed-to improvements
Test the revised process and

update for lessons learned
Present revised process to

client management
Finalize
Finalize process
Update policies and

procedures
Train client resources on

process
We are happy to meet with you to discuss our approach and help you identify the benefits to your organization.
To learn how our risk advisory services can make A Measurable Difference for your organization,
please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1238 or rsteinkamp@bswllc.com
Comprehensive Accounting & Tax Consulting | Audit & Risk Management Services | Management Consulting | Financial Advisory Services
314.983.1200 | 636.255.3000 | 618.654.3100
INFO@BSWLLC.COM | 888.279.2792 | WWW.BSWLLC.COM
Business Continuity
You never know when disaster will strike. Business continuity planning minimizes the possibility of
interruptions and develops your ability to continue business operations during an unexpected natural disaster
or malicious activity, and throughout the recovery process.
What Is the Process?
Your business continuity plan assesses the current risk and impact a disaster will have on your business. It
identifies critical business processes and determines requirements necessary to recover. You receive feasible,
cost effective options that are current, viable and complete. Documentation is developed and updated to
ensure you are in a constant ready-state for execution.
A holistic and logical approach is followed to ensure critical business practices have been identified and alternate procedures are documented. This would include, but not limited to, human resources, facilities management, communication systems, Information Technology infrastructure resources, and media relations.
Who Needs Business Continuity Planning?
Any company requiring a high degree of confidence in their ability to continue business operations regardless of internal or external threats or activities.
Why Engage Brown Smith Wallace?
Our service professionals have wide industry experience in reviewing existing plans and providing business
continuity consulting services to a broad spectrum of service organizations including clients in the insurance,
marketing, and manufacturing industries. We ensure all sectors of the business from the enterprise down
to business unit levels are in place necessary to steer the business through both catastrophic disasters and
disruptive fluctuations in the business environment.
Contact Tony Munns, CISA, FBCS, CITP, at 314.983.1297, amunns@bswllc.com or

Larry Newell, CISA, CBRM, at 314.983.1218, lnewell@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Proposed
development project
Planning & research
Design
Feasibility
Bidding
Contract
negotiation
Budgeting
Construction
start
Construction
in progress
Substantial
completion
Close out
Ongoing support
Construction Audit
1. ROI 2. Savings 3. Lower risk
These are the 3 tangible benefits our construction audit experts can bring to project
owners. We can help you achieve them by making sure you properly assess change orders and
other issues generated by the contractors specialists who are dedicated to maximizing the contract.
CONSTRUCTION AUDIT
Our typical/average ROI on a construction audit is 1-2% of the projects costs. We can provide a number
of tangible benefits, including:
Cost recovery of overcharges
Lower capital costs
Reduced project risks
Fewer open issues and disputes
Stronger financial controls and reporting
Enhanced communication and project delivery

Tighter policies and procedures
Improved contract language
Better regulatory compliance
COST SEGREGATION STUDY

As part of our construction audit, we can also provide a cost segregation study that will identify tax
savings you can recover on your construction project. This integrated approach typically increases the
overall ROI we can provide on a project to 3% or more. (Please see the description of our cost segregation
services on the other side.)
OPPORTUNITY ASSESSMENT
If you are interested in saving from 1-3% or more on your construction project, please contact us to
schedule an Opportunity Assessment. With less than 30 minutes of your time, we can estimate the
ROI we can provide.
Contact Dale Helle at 314.983.1338, dhelle@bswllc.com or

Bill Willbrand, CPA at 636.754.0200, bwillbrand@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Cost Recovery Services

Construction and Lease Audits
With the pressures in todays economy, construction and lease audits help reduce costs. Provider
agreements are large and complex, yet these audits are of low risk. The expertise of our Risk Services
practice provides an added value service on construction and lease audits with an ROI up to 15%.
CONSTRUCTION AUDIT
Owners who make a significant investment in capital for design and construction are open to many risks.
A planned, risk-based, targeted compliance program helps mitigate project risks and offer a number of
tangible benefits throughout the programs duration. Such benefits include:
Improved financial controls and reporting
Improved communication and project delivery
process
Increased awareness of vendors through
oversight
Reduced capital costs
Cost recovery due to unallowable charges
Reduced project risks, open issues and
Sound policies and procedures
disputes
Focus on development and execution plan
LEASE AUDIT
When performing audits of common area maintenance charges (CAM), we focus on identifying and
quantifying invoiced cost exceptions that will result in savings. Our audits are successful because we have
the experience of analyzing the language in agreements and amendments. This experience along with a
consistent ROI are another way we make A Measurable Difference.
Our extensive review of common area maintenance audits includes:
Determination of audit/dispute time of CAM
Re-calculation of original vendor invoices
charges
Re-calculation of utility charges
Verification to source documents
Detailed itemization
Provisions of insurance coverage
Verification of allowed and disallowed charges
Contact Ted Flom, CPA, CISA, CIA at 314.983.1294, tflom@bswllc.com | Tony Munns, CISA, CIRM, CPIM at 314.983.1297,
tmunns@bswllc.com | Chris Menz, CPA at 314.983.1227, cmenz@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Continuous Controls
Monitoring
Continuous controls monitoring (CCM) has been on the radar for many companies for several years. Recently,
however, more organizations are pushing towards meeting this best practice. Why initiate a CCM system now?
Your organization may have experienced loss or fraud and want to make sure it never happens again. You may be
automating time-intensive processes to increase efficiency. Or, you may have a security concern in a certain area,
such as payroll or accounts payable.
CCM is a systemic way of verifying transactions and reducing operational, compliance and financial risks. A key
goal is to catch control failures quickly, before they cause too much damage. Brown Smith Wallace builds CCM
systems that combine process and technology to identify potential errors, fraud, inefficient operations and audit
targets.
VALUE-ADDED APPROACH
Our CCM systems are custom-developed based on your systems, controls and specific requirements. The cost is
dramatically less than off the shelf systems. and focuses on your core needs. Our systems are designed to monitor
and validate controls to reduce risk, maintain compliance, manage costs and minimize losses.
BROWN SMITH WALLACES DIFFERENTIATORS

Our CCM process and tool provide real differences to you, including:
Risk-based designs
Definable schedules
Customized thresholds
Simple and powerful reporting
Confident security
Accessible partnership
Our team will make A Measurable Difference with our holistic appraoch to continuous monitoring. We
look at your challenges strategically, operationally and financially to provide the best recommendations
in support of your goals. Our CCM ToolkitTM helps you determine the risks your organization needs to
monitor, the best approach to accomplish your goals and a timeline for implementation. Contact Jan Beckmann
to receive a complimentary CCM Toolkit for your organization.
Contact Janet Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com or

Ted Flom CPA, CISA, CIA, at 314.983.1294, tflom@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Cost Recovery Plus

Recover, Retain, Restructure
You may be giving money away without realizing it. Our Cost Recovery Plus program helps recover cash
owed to you, retain the cash you have and restructure your processes and controls to prevent future problems.
Our local data analysis experts hold CPA, CIA, CISA and ACL certifications and have years of experience,
providing added value to our clients. This program is reasonably priced to help us partner with you to grow
your business.
RECOVER: Well help recover funds youre owed by identifying potential items for you to investigate.
+ Duplicate payments
+ Inappropriate corporate credit card transactions
+ Missed vendor discounts
+ Invalid employee benefits
+ Unused vendor credits
+ Customer short paid invoices
+ Invalid charges on construction projects
+ Duplicate freight charges
+ Duplicate employee reimbursements
+ Revenue leakage
Plus: We can address organizational or industry specific concerns such as royalties or long-term
contracts.
Plus: Once transactions are identified, we can provide investigative assistance.
RETAIN: Well identify opportunities to help you save money in the future.
+ Revising vendor and customer terms
+ Staffing review to reduce overtime
+ Customer credit review
+ Improved pricing through strategic sourcing
+ Changes in employee benefits and hours
+ Purchase order review procurement cards
Plus: Our information security experts can perform system penetration and vulnerability tests to verify
your data is safe from attack.
Plus: Our certified fraud examiners can perform specialized fraud risk assessments which highlight
specific areas of concern.
RESTRUCTURE: We will help you improve your processes and controls to prevent future problems.
+ Partner with management to identify
+ Provide a formal report of observations and
realistic changes
+ Develop changes that are sustainable and
recommendations
benefit the company for the long-term
Plus: We can develop customized continuous monitoring systems at your request.
For more information or to schedule your Cost Recovery Plus consultation, contact
Jan Beckmann at 314.983.1254, jbeckmann@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Cost Recovery Plus

Recover, Retain, Restructure
Unfortunately organizations give away money as a part of their contracted obligations without realizing it.
Brown Smith Wallaces Best Practice Cost Recovery Plus program helps organizations recover cash owed to
you, retain the cash you have and restructure your contract processes and controls to prevent future problems.
Our local data analysis experts hold CPA, CIA, CISA and ACL certifications and have years of experience,
providing added value to our clients. Our contract compliance auditing experts oversee contract auditing for
some the largest organizations in the world such as Wal-Mart Stores, Inc. and Siemens.
RECOVER: Well help recover funds youre owed by identifying potential items for you to investigate.
+ Duplicate payments
+ Inappropriate corporate credit card transactions
+ Missed vendor discounts
+ Invalid employee benefits
+ Unused vendor credits
+ Customer short paid invoices
+ Invalid charges on construction projects
+ Duplicate freight charges
+ Duplicate employee reimbursements
+ Revenue leakage
Plus: We can address organizational or industry specific concerns such as royalties or long-term
contracts.
Plus: Once transactions are identified, we can provide investigative assistance.
RETAIN: Well identify opportunities to help you save money in the future.
+ Revising vendor and customer terms
+ Staffing review to reduce overtime
+ Customer credit review
+ Improved pricing through strategic sourcing
+ Changes in employee benefits and hours
+ Purchase order review procurement cards
Plus: Our information security experts can perform system penetration and vulnerability tests to verify
your data is safe from attack.
Plus: Our certified fraud examiners can perform specialized fraud risk assessments which highlight
specific areas of concern.
RESTRUCTURE: We will help you improve your processes and controls to prevent future problems.
+ Partner with management to identify
+ Provide a formal report of observations and
realistic changes
+ Develop changes that are sustainable and
recommendations
benefit the company for the long-term
Plus: We can develop customized continuous monitoring systems at your request.

314.983.1200 | 636.255.3000 | 618.654.3100
Cost Segregation
Our cost segregation studies identify assets buried in building costs and assign the
shortest possible depreciation life to them, resulting in maximum tax deferrals on the
facility. For instance, if you are constructing a new building or undergoing major remodeling, we
allocate short life property to the correct life depreciation class. If we didnt, these assets would
come under the longer 39-year depreciation schedule that encompasses the building.
A thorough investigation is necessary to assign proper asset life classifications, which ultimately
saves you tax dollars. We follow a step-by-step IRS approved process that allows us to efficiently
determine short life property. While each project is different, our cost segregation studies
typically involve:
Reviewing architectural drawings
Conducting on-site facility inspections
Isolating shorter class life depreciation
Preparing detailed asset descriptions
Documenting assets qualifying for 3, 5, 7, 10, 15, 20 or 27.5 year life depreciation
Reviewing findings with management and preparing final reports
Careful segregation of personal and real property costs results in substantial tax savings. Better yet,
these tax savings come when you need them most -- the first few years after occupying a new or
remodeled facility.
By following a proven process, and applying our years of tax and cost segregation experience,
you will receive value and savings well in excess of our fees. Having worked with a wide variety
of clients including hospitals, universities, utilities, retailers, manufacturers, distributors, restaurants
and automobile dealerships, we will work hand-in-hand with you to achieve your goals
effectively and efficiently. Contact us to schedule an opportunity assessment.
CONSTRUCTION AUDIT
Our typical ROI on a construction audit is 1-2% of the projects cost. We can integrate a cost
segregation review with the audit, which typically increases the overall ROI we can provide on a
project to 3% or more. (Please see description of our construction audit services on the other side.)
Contact Robin Bell, CPA at 314.983.1217, rbell@bswllc.com or
Cathy Goldsticker, CPA at 314.983.1274, cgoldsticker@bswllc.com.

1050 N. Lindbergh Blvd. | St. Louis, MO 63132
PH 314.983.1200 | FX 314.983.1300
www.bswllc.com
888.279.2792
1551 Wall St., Ste. 280 | St. Charles, MO 63303

PH 636.255.3000 | FX 636.947.6128
Construction Audit
1. ROI 2. Savings 3. Lower risk
These are the 3 tangible benefits our construction audit experts can bring to project
owners. We can help you achieve them by making sure you properly assess change orders and
other issues generated by the contractors specialists who are dedicated to maximizing the contract.
CONSTRUCTION AUDIT
Our typical/average ROI on a construction audit is 1-2% of the projects costs. We can provide a number
of tangible benefits, including:
Cost recovery of overcharges
Lower capital costs
Reduced project risks
Fewer open issues and disputes
Stronger financial controls and reporting
Enhanced communication and project delivery

Tighter policies and procedures
Better regulatory compliance

As part of our construction audit, we can also provide a cost segregation study that will identify tax
savings you can recover on your construction project. This integrated approach typically increases the
overall ROI we can provide on a project to 3% or more. (Please see the description of our cost segregation
services on the other side.)
OPPORTUNITY ASSESSMENT
If you are interested in saving from 1-3% or more on your construction project, please contact us to
schedule an Opportunity Assessment. With less than 30 minutes of your time, we can estimate the
ROI we can provide.
Contact Dale Helle at 314.983.1338, dhelle@bswllc.com or

Bill Willbrand, CPA at 636.754.0200, bwillbrand@bswllc.com.
1050 N. Lindbergh Blvd. | St. Louis, MO 63132
PH 314.983.1200 | FX 314.983.1300
www.bswllc.com
888.279.2792
1551 Wall St., Ste. 280 | St. Charles, MO 63303

PH 636.255.3000 | FX 636.947.6128
Cost Segregation
typically involve:
remodeled facility.
CONSTRUCTION AUDIT
Contact Robin Bell, CPA at 314.983.1217, rbell@bswllc.com or
Cathy Goldsticker, CPA at 314.983.1274, cgoldsticker@bswllc.com.

ST. LOUIS, MO | ST. CHARLES, MO | HIGHLAND, IL
314.983.1200 | 636.255.3000 | 888.279.2792
INFO@BSWLLC.COM | WWW.BSWLLC.COM
Cost Segregation
typically involve:
remodeled facility.
CONSTRUCTION AUDIT
Contact Robin Bell, CPA at 314.983.1217, rbell@bswllc.com ,
Cathy Goldsticker, CPA at 314.983.1274, cgoldsticker@bswllc.com or

Rob Haggerty, CPA at 314.983.1311, rhaggerty@bswllc.com
314.983.1200 | 636.255.3000 | 618.654.3100
Data Analysis Services

Data is everywhere. More and more of it is constantly captured in systems where controls are implemented
to ensure its accurate. But, what do you do with all of that data? Are you getting the information you need to
make the decisions?
OUR TOOLS
Our data analysis experts use ACL software to pull the information you need out of your data. ACL software
has some great benefits.
No limit to the amount of data that can be analyzed
Flexibility allows access to any type of data from mainframes to pdf
Fast results
Strong continuous monitoring capabilities
We also optical character recognition (OCR) software, SQL, MS Access and MS Excel when the situation
calls for it. Our secure FTP site allows us to transfer data without concern to security or file size.
OUR MISSION
Help you answer the questions you cant answer otherwise using your data.
We are experienced in searching for trends and understanding what data is telling you about operations,
controls and financial results. For instance, medical claim data can identify physicians with unusually frequent
billings to identify potentially fraudulent billings. We could use that same data to compare to an eligibility
database to verify that all claims are for eligible participants. The list of possible analyses is endless and should
be specific to your areas of highest risk and concern.
OUR TEAM
Our team is led by Jan Beckmann, CPA, ACL Certified Trainer. She combines her audit, accounting, and
consulting background with years of data analysis experience to help determine where and how data analysis
can be most beneficial. Keeping our mission in mind allows Jan and her team to slice and dice the data and
identify trends that tell the story.
Contact Jan Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com

or Ted Flom, CPA, CIA, CISA at 314.983.1294, tflom@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
System Conversion
Testing & Data Cleansing
Just imagine...The system conversion on which youve worked so diligently bombs on the go-live. Bad data is
brought over to the new system. Some data never shows up at all. Testing both the data that will populate the
new system and the mapping of the data to the new system can prevent this nightmare.
Data analysis software (e.g., ACL) enables us to test 100% of your data, regardless of the size of the file, so
we can provide you with a heat map that profiles and prioritizes all specific data and mapping issues.
CONVERSION TESTING
We only need three files for us to test the conversion efficiently (1) a dump of the data from the old
system, (2) the map to the new system, and (3) a dump of the resulting data after the test conversion in the
new system. Just 1, 2, 3 and we can quickly verify whether the conversion is working effectively.
DATA CLEANSING
Of course, a new system wont make bad data good. Well test the data to verify your new system is populated
with good data. Following are a sampling of the tests we can perform based on payroll data.
Corruption corrupt packets of data
Invalid data technically invalid dates and numbers
Missing data blanks in key fields such as social security number, name, and address
Duplicates the same employee with two employee numbers
Incorrect calculations verify the gross to net pay calculation
Illogical relationships data in two fields that doesnt make sense together such as birth date after
hire date
Outside bounds anything outside specified boundaries, e.g.,:
Employees younger than 16 or older than 70
Invalid codes in the employee status
Locations that dont exist
Payment to terminated employees
Employees with no tax withholdings or deductions

or Ted Flom, CPA, CIA, CISA at 314.983.1294, tflom@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Dependent Eligibility
Verification Audits
The Brown Smith Wallace Process
Effective communication with employees is essential for a dependent eligibility verification audit. Since the
employee population varies at each company, our approach varies depending on what works best for each
organization. Engagements begin with a kick off meeting with management to discuss the scope, objectives
and approach. At this meeting, we discuss the various options available for conducting the dependent
eligibility verification audit and will agree upon the approach that makes sense for your organization.
Customized Questionnaires
We use technology as much as possible to customize the questionnaire and limit the amount of time
required by the employee to complete the process. Rather than sending out a lengthy questionnaire, we can
customize the request to the employee. For instance, if an employee is shown in the system to have a spouse
and no other dependents, there is no need for them to read through the information required for other
dependents. In these instances, we would only request a marriage certificate, prior years tax return showing
their status as married, and their acceptance of that statement that they are currently married to the person
shown as their spouse.
Web-Based Capabilities
For some companies, a web interface is the easiest and least expensive way for employees to complete their
requirements. Employers sometimes make a computer and scanner available at work for employee use if they
are concerned that these tools may not be available at home.
Email and Postal Service
If a web interface does not make sense for your company, requests for verification and documentation can be
sent to employees via company email or through the US Postal Service. The US Postal Service is more costly
than the other methods, but for certain employee populations, it may be the best method for completing the
audit.
Follow Up
We often employ multiple communication methods when follow up is required. For instance, if there was not
a good response rate through the web interface, we may follow up through email or the USPS.
Employee Communication
A BSW team member is always available during business hours to answer questions via phone. We make
sure that we treat employee questions with respect and assure them that their personal information is being
handled securely.

or Larry Pevnick, CPA, at 314.983.1247, lpevnick@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Dependent Eligibility
Verification
The rising cost of health care and health care reform is making news on a daily basis. You can share costs with
employees by increasing co-payments and premiums, you can help defray future costs by implementing a wellness
program, but how can you decrease your overall insurance costs now? You can realize a substantial savings when
you remove ineligible dependents from your insurance plan.
A dependent eligibility verification audit reduces insurance costs immediately by removing dependents ineligible
for insurance benefits and eliminating their future claims. On average, companies find 3% to 8% of their plans
dependents are not eligible, which can add up to substantial savings. Frequently, relatives such as ex-spouses,
grandchildren, nieces, or nephews are included as dependents, but are not eligible based upon the plan design.
Thorough and Value-Added Approach

Our document-based audit approach requires verification of 100% of the individuals named as dependents. A birth
certificate, marriage license, and/or tax form is acceptable documentation. Any additional information you would
like to gather may be included at that time (e.g. dependent social security numbers). The audit is completed by
using your email system and/or postal service, whichever you prefer. We clearly state that this audit includes 100%
of all dependents and is completed by an independent party to provide a sense of fairness to employees.
In addition to the dependents, we can also verify that employees meet the required criteria for participation in your
insurance plan based on data in the employee master file. Specific tests can be performed for verifying the
employees have met the employment status and work hour requirements.
From planning your audit to the final report, we search for methods to improve your processes. Our team is
comprised of experts in insurance, process improvement and internal controls, which means we continuously look
for value-added solutions. Our focus is not just on finding the problems, but also in helping you understand and
address the root cause. We provide recommendations for related items we identify and processes can be
implemented to maintain your results post-completion.
Essential Communication
Communication is essential for the success of any project. You will find an engagement team member available by
phone for any questions plan participants may have throughout the audit. Calls are logged and made available to you.
We will also provide weekly status updates to you on the audits progress and results. To help you determine the success of the audit, we can identify and quantify claims paid for ineligible dependents. This is just one more
way Brown Smith Wallace makes A Measurable Difference.
Contact Janet Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com or

Larry Pevnick, CPA, at 314.983.1247, lpevnick@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Disaster Preparedness
Business Continuity Planning
Checklist and Scorecard (continued)
CRISIS MANAGEMENT AND COMMUNICATION PLAN (continued)

6. Do you have a documented communication policy that defines who has the authority to
communicate to external parties (e.g. the press)?
7. Does your plan identify the communication tools that will be used for internal collaboration?
8. Does your plan identify the communication tools that will be used to notify your customers or
clients?
9. Does your plan identify how coordination and communications will be controlled as recovery
efforts take place?
10. Has your plan undergone a test within the last 12 months?
DISASTER RECOVERY - IT CENTRIC
1. Has the backup frequency been approved by the business data owners?
2. Has a system or data recovery time objective (this is the time to restore or recover data to
operational capacity prior to the disruption) been defined?
3. Have the backups been tested to validate that data is readable and recoverable?
4. Does the recovery method meet the recovery time objective requirements set by the business?
5. Has the plan been tested to ensure necessary resources and actions work in concert with one
another to meet the Recovery Time Objective established by the business?
6. Does the plan identify critical applications or systems that are necessary to keep the business
operational)?
7. Is it possible to continue delivering essential services during a disruption of IT Services?
8. Do you have an inventory listing of your IT infrastructure assets so that in the event systems are
destroyed they can be recreated at an alternate site?
9. Does your existing infrastructure design (e.g. power network, systems, etc.) address resiliency by
mitigating single points of failure?
Brown Smith Wallaces risk management team can assess your current processes and develop a plan to sustain
mission-critical operation in case disaster strikes. To arrange for a high-level plan review and receive the results
of the checklist, please contact Larry Newell. (See below).
Contact Tony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297, tmunns@bswllc.com or

314.983.1200 | 636.255.3000 | 618.654.3100
Disaster Recovery
Disasters affecting business operations, such as tornadoes, earthquakes, floods, fires or malicious acts, are
unpredictable and can be devastating. They happen at any time with varying degrees of magnitude.
A disaster recovery plan documents procedures necessary to restore business resources prior to the disaster.
It provides you the opportunity to take positive action before the disaster occurs.
Companies of all sizes who need complete assurance they are sufficiently prepared to fully restore essential
IT infrastructures critical to supporting their business processes.
SCOPE OF SERVICES
The Disaster Recovery Team at Brown Smith Wallace meets with your appropriate business unit
leaders to review, evaluate and assist them in developing, constructing and testing a customized Information
Technology (IT) Disaster Recovery Plan. Whether reviewing an existing plan or establishing a new one, a
grass-root logical approach is applied. The recovery plan takes a holistic approach to business operations
while identifying the restoration objectives.
We identify critical business systems and applications, then develop and document associated recovery
procedures. Resources and action plans reside in a documented procedure with critical timelines established.
The areas we asses include, but are not limited to, human resources, facilities management, communication
systems, information technology, infrastructure resources and media relations.
Brown Smith Wallace has developed and performed hundreds of disaster recovery plans and reviews of
service organizations. We serve clients in a variety of industries, some of which include insurance,
manufacturing and marketing. Our service professionals restore confidence by assuring an effective disaster
recovery plan is in effect and disaster preparation is under control.

314.983.1200 | 636.255.3000 | 618.654.3100
Disaster Recovery
Top 10 Checklist
Question
Rating
1. Do you have a documented Disaster Recovery Plan?

2. If a disaster should occur, do you know what the financial losses to your business would
be for a day, month, quarter or year? What about operational losses including: image or
reputation, stakeholder confidence, regulatory or legal issues, loss of competitive edge?
3. When was the last time your plan has undergone a current state of assessment? Does the
plan account for hardware, software and vendor changes, including contracts with
external service organizations?
4. Does you plan identify the critical IT applications that are necessary for your business
survival?
5. Has the plan been tested to ensure necessary resources and actions work in concert with
one another to meet the Recovery Time Objective established by the business?
6. Are your data backups tested for readability to ensure data can be recovered?
7. Do you have a documented business continuity plan that identifies and addresses
alternate work locations, processes and resources that could be used to minimize the
possibility of interruption to business operations when unexpected disruptive events occur?
8. Are there crisis management policies or procedures that address what constitutes a disaster
that would invoke a business continuity plan?
9. Does your crisis management plan address the four Cs?
Control
Communication
Collaboration
Coordination
10. Does your existing infrastructure design address resiliency by mitigating single points of
failure?
Contact Larry Newell, CISA, CBRM, at 314.983.1218 or lnewell@bswllc.com.

314.983.1200 | 636.255.3000 | 618.654.3100
Energy Assessment
Services
Organizations of all sizes are challenged with balancing energy costs with productivity, budget limitations
and their strategies for environmental stewardship. Brown Smith Wallace provides energy assessment services
to help organizations save money, make smart energy choices and go green.
Energy Incentives
Your organization could benefit from many of the state, federal and utility incentives that are available.
Our energy services team can determine if your organization qualifies, and can help you develop the
appropriate incentive application documents.
Our licensed professional engineers (PE) can certify the detailed building inspections and energy
studies needed to qualify for federal tax deductions for energy efficiency improvements.
Energy Usage Analysis
Our energy experts can analyze your costs, usage patterns, waste, etc., to determine what cost savings you
may be missing.
Utility bill analysis Review historical utility bills to determine if costs, usage levels or usage patterns
indicate equipment problems, operational problems or unfavorable rate selections.
Building energy assessments Our experts can identify sources of energy waste and recommend
corrective actions by performing certified building inspections. These inspections can focus on your
specific needs ranging from a simple lighting survey to a detailed engineering system analysis.
Cost Comparisons
Provider selection Customers with retail electric or gas competition (e.g., Illinois commercial and
industrial facilities) have a choice of utility providers. Our energy experts can review competitive fee
structures and evaluate them based on your organizations usage patterns to determine which provider
can deliver the most economical services.
Project justification Our experts can provide an independent cost/benefit analysis of vendor
offers for the installation or retrofit of lighting, HVAC, windows or insulation. We can also provide
the documentation that supports your decisions.
Project analysis We provide detailed economic analyses of renewable energy and co-generation
projects to determine cost feasibility. We also identify all monetary incentives.
Our measurable difference is our energy industry expertise. Our team has over 25 years experience
performing energy project development, feasibility studies, cost estimating, project justification, project
auditing, project performance tracking and reporting. We unveil the carbon intensity of your operations and
identify opportunities to reduce your carbon footprint. For additional information, contact our energy
services leader, Nick Lombardi (see below).
Contact Nick Lombardi, PE, MBA, at 314.983.1323, nlombardi@bswllc.com.

314.983.1200 | 636.255.3000 | 618.654.3100
The Methodology of ERM

Phase 1: Planning and Organization
Establish the ERM program and project structure
Phase II: Risk Assessment
Identify and develop risk mitigation strategies
Phase III: Risk Mitigation
Identify and develop risk mitigation strategies
Phase IV: Monitoring
Develop strategies and tools to continuously
monitor risks
Phase V: Knowledge Transfer

Institutionalize the process into the organization
please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1238 or rsteinkamp@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
INFO@BSWLLC.COM | 1.888.279.2792 | WWW.BSWLLC.COM
The ERM Process
Enterprise risk management is a continuous

process that identifies, analyzes, mitigates
and monitors potential events that create
uncertainty in the achievement of a
companys objectives.
The Brown Smith Wallace ERM
Ladder identifies the components of an ERM
strategy based on the establishment of an
ERM structure that is aligned with corporate
governance.
please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1238 or rsteinkamp@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
The Methodology of ERM

Phase 1: Planning and Organization
Establish the ERM program and project structure
Phase II: Risk Assesment
Identify and develop risk mitigation strategis
Phase III: Risk Mitigation
Identify and develop risk mitigation strategis
Phase IV: Monitoring
Develop strategies and tools for the continuous
monitoring of risks
Phase V: Knowledge Transfer
Institutionalize the process into the organization
To learn how our risk advisory services can make A Measurable Difference for yoru organization,
314.983.1200 | 636.255.3000 | 618.654.3100
The ERM Process

Enterprise risk management is a continuous
process that identifies, analyzes, mitigates
and monitors potential events that create
uncertainty in the achievement of a
companys objectives.
The Brown Smith Wallace ERM
Ladder identifies the componets of an ERM
strategy based on the establishment of an
ERM structuve that is aligned with corporate
governance.
To learn how our risk advisory services can make A Measurable Difference for yoru organization,
314.983.1200 | 636.255.3000 | 618.654.3100
Financial Institutions
IT Systems Review
The Federal Financial Institutions Examination Council (FFIEC) requires that financial institutions conduct
an independent review of their inforation technology systems each year. This review was designed to safeguard financial institutions customers and is enforced by regulators through the safety and soundness portion of their annual examinations. Brown Smith Wallace information technology systems review ensures
that your information technology system meets the regulatory requirements before the examiner walks
through the door. Using the FFIECs handbook and maximizing our professionals own experience with the
Federal Reserve, we take a comprehensive look at your key technology systems:
Audit
Management assessment
Develop and acquisition
Support and delivery
PC Security
Networking
LAN/WAN operations
E-banking
ATMs and wire transfer options
Ongoing consultation is provided to your staff in these ares throughout the engagement, culminating in a
final discussion with management. A comprehensive report is sent to the institutions board of directors or
audit committee following the engagement.
Meet the requirements of the regulators before they arrive
Cost-effective assurance on controls and security
Detailed report allows you to fully understand all areas reviewed
Mirros the review done by the regulators
Offers experienced consultants familiar with the guidelines
Provides a full, detailed report to management
Uses an efficient, planned approach
Contact Tony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, tmunns@bswllc.com,

Ted Flom, CPA, CISA, CIA at 314.983.1294, tflom@bswllc.com or Jay Anderson at 314.983.1385, janderson@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Checklist and Scorecard
Scoring -Y/N
Question
BUSINESS CONTINUITY PLANNING
1. Do you have a documented Disaster Preparedness Plan that includes Business Continuity Planning?
2. Has a business impact analysis been performed or documented identifying the financial impact that
would result if a business function was not operational for a day, a week or a month? What about
operational losses including: image or reputation, stakeholder confidence, regulatory or legal issues,
loss of competitive edge?
3. Does your plan identify critical business functions or processes that need to be protected or
recovered timely and are necessary to sustain business operations?
4. Are the business function or process flows documented so that they may be recreated including any
specialized materials (e.g. printed forms, etc.)?
5. Does your plan take into consideration work force (human resource) disruptions (e.g. pandemic)?
6. Do you have a documented evacuation plan in place for all your facilities?
7. Does you plan take into consideration work place disruptions due to natural disruptions
(e.g. tornado or earthquake) or incidents such as fire or utility outages?
8. Does the plan include services provided to the business by external service organizations?
9. Can critical business functions or processes be performed manually?
CRISIS MANAGEMENT AND COMMUNICATION PLAN
1. Do you have a documented plan that defines who has decision making authority when a significant
business disruption occurs?
2. Is there a succession plan in place to transfer decision making power if an appointed team member is
unavailable due to unforseen circumstances?
3. Does the plan address performing an assessment?
4. Does the plan contain graduated guidelines to determine the extent of the business disruption when
performing the assessment and when to invoke business continuity or disaster recovery plans?
5. Does the plan address the type of media (e.g. call tree, e-mail, automated system) that will be used
to communicate with your employees?

314.983.1200 | 636.255.3000 | 618.654.3100
Checklist and Scorecard (continued)
CRISIS MANAGEMENT AND COMMUNICATION PLAN (continued)

6. Do you have a documented communication policy that defines who has the authority to
communicate to external parties (e.g. the press)?
7. Does your plan identify the communication tools that will be used for internal collaboration?
8. Does your plan identify the communication tools that will be used to notify your customers or
clients?
9. Does your plan identify how coordination and communications will be controlled as recovery
efforts take place?
DISASTER RECOVERY - IT CENTRIC
1. Has the backup frequency been approved by the business data owners?
2. Has a system or data recovery time objective (this is the time to restore or recover data to
operational capacity prior to the disruption) been defined?
3. Have the backups been tested to validate that data is readable and recoverable?
4. Does the recovery method meet the recovery time objective requirements set by the business?
5. Has the plan been tested to ensure necessary resources and actions work in concert with one
another to meet the Recovery Time Objective established by the business?
6. Does the plan identify critical applications or systems that are necessary to keep the business
operational)?
7. Is it possible to continue delivering essential services during a disruption of IT Services?
8. Do you have an inventory listing of your IT infrastructure assets so that in the event systems are
destroyed they can be recreated at an alternate site?
9. Does your existing infrastructure design (e.g. power network, systems, etc.) address resiliency by
mitigating single points of failure?
Brown Smith Wallaces risk management team can assess your current processes and develop a plan to sustain
mission-critical operation in case disaster strikes. To arrange for a high-level plan review and receive the results
of the checklist, please contact Larry Newell. (See below).

314.983.1200 | 636.255.3000 | 618.654.3100
Disaster Recovery
Top 10 Checklist
Question
Rating
1. Do you have a documented Disaster Recovery Plan?

2. If a disaster should occur, do you know what the financial losses to your business would
be for a day, month, quarter or year? What about operational losses including: image or
reputation, stakeholder confidence, regulatory or legal issues, loss of competitive edge?
3. When was the last time your plan has undergone a current state of assessment? Does the
plan account for hardware, software and vendor changes, including contracts with
external service organizations?
4. Does you plan identify the critical IT applications that are necessary for your business
survival?
5. Has the plan been tested to ensure necessary resources and actions work in concert with
one another to meet the Recovery Time Objective established by the business?
6. Are your data backups tested for readability to ensure data can be recovered?
7. Do you have a documented business continuity plan that identifies and addresses
alternate work locations, processes and resources that could be used to minimize the
possibility of interruption to business operations when unexpected disruptive events occur?
8. Are there crisis management policies or procedures that address what constitutes a disaster
that would invoke a business continuity plan?
9. Does your crisis management plan address the four Cs?
Control
Communication
Collaboration
Coordination
10. Does your existing infrastructure design address resiliency by mitigating single points of
failure?
Contact Larry Newell, CISA, CBRM, at 314.983.1218 or lnewell@bswllc.com.

314.983.1200 | 636.255.3000 | 888.279.2792
Health Care Services

Testimonials
GARY WHITE, THE GROVES
Ron Present was an asset to our management team. He conducted strategic planning sessions with the
team and helped craft our strategy regarding our services including hospice and therapy. He also worked
with us to create a new brand for the delivery of our therapy services throughout our campus and the
community. He truly understands the senior housing and post acute market and knows how to craft
relevant and practical solutions.
MARY RIGGS, BJC HEALTH CARE

I worked with Brown Smith Wallace on several internal audit projects. I found them to be very
knowledgeable of health care operations and understood how the work they completed was integrated into
and enhanced our internal controls. One internal audit area of great help was the analysis and development
of controls related to data access and its meaningful use implications.
TARIQ MALAK, CENTREPOINTE HOSPITAL

The team at Brown Smith Wallace truly understands customer service and the ever changing health care
landscape. Their knowledge, expertise and advice have proven a key ingredient in the successful provision
of services for the hospital. I highly recommend them.
JIM CALI, BI-STATE DEVELOPMENT AGENCY

Brown Smith Wallace understands what it means to work with their clients to achieve their goals. They
understand risk management and have the experience to see the big picture without losing sight of the
details. I found the professionals at Brown Smith Wallace to be very knowledgeable and very easy to work
with. They took the time to truly understand our organizational framework and corporate goals. They
completed the engagement on time and within the budget. Working with Brown Smith Wallace was a
pleasure.
JAY KIRSCHBAUM, WILLIS GROUP

Brown Smith Wallace has provided a complete suite of HIPAA security and privacy services to many of
our clients on a national basis. Over the years we have developed a relationship with Brown Smith Wallace
as a trusted HIPAA resource service provider and expert. If our clients request or require HIPAA support,
we refer them to Brown Smith Wallace as an option for service. We have always had positive feedback
from those referrals and look forward to having Brown Smith Wallace continue to be our HIPAA resource
partner.
Contact Ron Present, CALA, CNHA at 314.983.1358, rpresent@bswllc.com.

314.983.1200 | 636.255.3000 | 618.654.3100
HIPAA - HITECH
Questionnaire
Key Questions to Determine if You are a Business Associate or
Covered Entity as Defined by HIPAA - HITECH Legislation
Recent additions to HIPAA regulations as a result of the HITECH legislation passed this year require that
Business Associates be compliant with the rules previously reserved for covered entities. The questions
below will help you determine if your company is a covered entity or business associate and therefore
needs to be HIPAA compliant.
DO I NEED TO BE HIPAA-HITECH COMPLIANT?

Are you a health care provider? This includes:
o Doctors
o Dentists
o Pharmacies
o Durable medical equipment suppliers
o Opticians
Are you a clearinghouse?
o Defined as an entity that processes health information received from another entity in
non-standard format into standard EDI X12 format, or vice versa.
Does your company have self-insured health benefit plans that have 50 participants or more, or
more than $5 million in annual premiums?
Are you a Business Associate?
o Has one of my customers sent me a Business Associate Agreement?
o In the course of providing service to your clients or customers, do you come into
contact with Protected Health Information (PHI), that is: individually identifiable
health information that is maintained or transmitted in any form or medium?
If you answered yes to any of the above questions, you most likely fall under HIPAA guidelines as a
covered entity or business associate.
Contact Anthony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297 or amunns@bswllc.com.

314.983.1200 | 636.255.3000 | 888.279.2792
Pre-SAS 70 Questionnaire
Key Questions to Answer Before Undergoing a SAS 70
There are many good reasons for a service organization to have a SAS 70 audit or review conducted.
Compliance, of course, is a major driver, but organizations that undertake a quality SAS 70 process can
use the report as a selling point to potential customers that they can trust your organization with their
information. You can also obtain valuable information that will enable you to improve your processes.
Before starting, however, it will make the process much more efficient and effective if you can answer these
key questions:
What type of audit do you want?

Does the engagement need to be a SAS 70?
Have you considered other types of audits and opinions that can be issued to satisfy the needs of
the user organizations, e.g., an Agreed Upon Procedures Audit?
Is there anything you could issue consistent with your auditing standards? E.g., Sarbanes-Oxley
allows for other types of reports similar to a SAS 70 report if they meet certain requirements.
Has any testing been performed of controls today or in the past? If so, what have the results been?
Are there any significant internal control issues?
Have you considered a pre-assessment to determine how ready you are for the actual SAS 70?
Have you considered the impact of the new SSAE 16 on the engagement?
SSAE 16 replaces the SAS 70 standards for reports issued after June 30, 2011.
Which category of audit will you need: SOC 1, SOC 2 or SOC 3?
Will this be a Type 1 or Type 2 audit?
Would you like to add other relevant compliance areas, such as Disaster Recovery, HIPAA,
GLBA, or PCI compliance, etc., to the scope of the SSAE16 engagement? There may be
advantages.
Contact Anthony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297 or amunns@bswllc.com.

314.983.1200 | 636.255.3000 | 618.654.3100
Fraud & Forensics

Industries Served
At Brown Smith Wallace, we provide fraud and forensic services for a variety of industries. For example,
our team has significant experience working in organizations of all sizes ($10 million annual revenue to
multi-billion dollar Fortune 500) within industries such as, but not limited to, the following:
Aerospace
Agriculture
Automotive
Banking
Beverages
Business Services
Charitable Organizations
Chemicals
Computer Hardware
Construction
Consumer Products
Cultural Institutions
Defense
Education
Electronics
Energy & Utilities
Environmental Services
Financial Services
Food
Foundations
Government
Health Care
Industrial Manufacturing
Insurance Leisure
Media
Membership Organizations
Metals & Mining
Pharmaceuticals
Real Estate
Retail
Security Products & Services
Telecommunications
Transportation
Certifications
Our team of experienced professionals has a diverse range of experience backed by some of the most wellknown credentials in the fraud and forensic, accounting, and consulting industries:
Certified Public Accountant (CPA)
Certified Fraud Examiner (CFE)
Certified in Financial Forensics (CFF)
Certified Forensic Accountant, Diplomate Status
(DABFA)
Certified Ethical Hacker (CEH)
ACL Certified Data Analyst (ACDA)
Certification in Risk Management Assurance
(CRMA)
Certified Assisted Living Administrator (CALA)

Certified Construction Auditor (CCA)
Certified Information Systems Auditor (CISA)
Certified Internal Auditor (CIA)
Certified Nursing Home Administrator (CNHA)
Chartered Global Management Acountant (CGMA)
GIAC Certified Penetration Tester (GPEN)
Qualified Security Assessor (QSA)
Contact Ted Flom CPA, CISA, CIA, at 314.983.1294, tflom@bswllc.com or

Tony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, tmunns@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Fraud & IT Forensics

The pervasiveness and cost of corporate fraud, employee misappropriation of assets and financial statement
abuse is a huge problem in American business today. Because of the nature of corporate fraud, companies
need an expert specifically trained with experience in investigation, detection, quantification and
prevention techniques to thwart fraud.
Our team of experienced and credentialed forensic accountants have a proven track record and can help
you prevent and investigate fraudulent activity.
DETECTION AND PREVENTION
Fraud prevention processes, policies and controls are designed to stop fraud before it occurs. Our fraud
team can design a fraud detection and prevention plan that will help you:
Perform an independent audit
Segregate duties
Perform an overall weakness assessment
Create a process of checks & balances
Develop a conflict of interest policy
Develop a procedure manual
Here are some of the services and tools you have access to with the Brown Smith Wallace fraud team.
Fraud Diagnostic Tools
Fraud Risk Assessments
- Anti-Corruption Fraud Prevention Toolkit
Fraud Investigations
- Fraud Detection & Prevention Toolkit
Fraud Prevention Review
- Fraud Prevention Checkup
Continuous Monitoring Programs
DATA ANALYSIS
If suspicious activity is occurring in your business, call on the Brown Smith Wallace data analysis team.
We utilize powerful data analysis tools such as ACL, Microsoft Access and optical character recognition
software, etc., to help gather data and perform detailed analysis. Our data analysis professionals will
enable you to see who is accessing files, how the information is being manipulated, what information is
being recorded, etc.
As an example: Our team was able to detect a fraud in which engineering managers were booking costs to
closed projects while receiving bonuses for bringing current projects in under budget. Analyzing the data
provided the proof that the suspicions were correct and the disclosure put a stop to the activity.
Contact Don Mitchell, CPA, CFE at 314.983.1248, dmitchell@bswllc.com | Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Cr.FA.
at 314.983.1259, dsmith@bswllc.com | Ron Schmittling, CPA, CITP, CISA, CIA at 314.983.1398, rschmittling@bswllc.com.
314.983.1200 | 636.255.3000 | 888.279.2792
COMPUTER FORENSICS
The extent of our digital society is requiring you to have the ability to investigate suspicious activity found
on computers. IT risks range from financial fraud to hackers gaining access to your data.
IT forensics is the process of recovering and analyzing deleted, cached and hidden data from IT equipment. Our professional IT forensics team has the ability to analyze a wide range of devices from laptops to
mainframes. Our services include:
Forensic Incident Response
Forensic Litigation Support
Incident Report Process Improvement
When you engage Brown Smith Wallace to investigate suspicious computer activity, our computer
forensics investigation follows a very specific eight step process:
FRAUD & FORENSIC EIGHT STEP PROCESS
1) Determine what your management knows and what they have uncovered
2) Quarantine the equipment
3) Engage an attorney and put the suspect(s) on leave of absence
4) Determine the nature of the fraud
5) Determine how much historical investigation is required
6) Investigate receipts, payroll, inventory, vendors and anything suspicious
7) Prepare a report to be presented to your management team
8) Implement the recommendations
314.983.1200 | 636.255.3000 | 888.279.2792

Segregate duties
DATA ANALYSIS
314.983.1200 | 636.255.3000 | 618.654.3100

Segregate duties
DATA ANALYSIS

314.983.1200 | 636.255.3000 | 618.654.3100
Fraud Investigation & Quantification

Whether you are taking preventative measures or not, there is always the possibility that fraud may occur.
Because many fraudsters take extreme precautions to cover their tracks, and their actions are sometimes
more widespread than anticipated, it is often difficult to determine the nature of the fraud, the parties
involved, and the estimate of how much was taken from your organization. Therefore, once fraud has
occurred, a thorough investigation is critical to determine exactly what happened, the parties involved and
how much was taken.
Our Fraud Investigation and Quantification team has the tools and the experience necessary for
conducting a fraud investigation and quantifying losses so you can take appropriate steps to make your
organization whole again.
Computer Forensics
Quantification of Damages
Forensic Accounting & Investigation
Insurance Claims Assistance
Fraud Data Analysis
Expert Testimony
Our computer forensic team is a dedicated team

of specialists who collect, analyze and interpret
information
relevant
to
an
investigation.
A critical component in virtually every internal
investigation or litigation matter is electronic
financial data.
Our team is composed of experts in forensic accounting

and investigation. We are capable and experienced at
working with company management, attorneys and law
enforcementtoinvestigatepotentialfraud.Ourtechniques
include analyzing, reviewing, and testing accounting
records and controls as well as interviewing employees.
Our trained and certified professionals search

for and identify patterns or irregularities
indicative of fraud, which are beneficial as part of a
larger fraud investigation or as a stand-alone
engagement.
Besides determining how fraud was perpetrated, it is

equally important to determine how much was taken.
To recover lost funds, each company must be able
to prove to the trier of fact how much was taken.
Our team provides assistance to the vitim company by performing an analysis of the activities and
quantification of the fraudsters illicit acts. The findings
of our team are then documented in a report specialized
to meet your insurance and companys specifications.
Our professionals frequently assist legal counsel in

internal investigations and litigation/prosecution
involving complex financial transactions. We are hired not
only for our analytical knowledge and skill, but our ability
to credibly testify and defend our opinions and findings.

314.983.1200 | 636.255.3000 | 618.654.3100
Fraud Prevention & Detection

Fraud is pervasive in the world today and every industry is affected. It is critical that organizations establish
an anti-fraud culture that emphasizes fraud prevention and detection through executive leadership, policy,
training, understanding fraud risks and monitoring/auditing for fraud. Any organization that does not properly implement fraud prevention and detection controls places itself at great risk.
Our Fraud Prevention & Detection solutions focus on preventing fraud before it occurs and detecting
fraud in its early stages. We offer several solutions which can be tailored to fit any organizations particular
needs.
Anti-Corruption Programs
Fraud Data Monitoring
Audits & Internal Control Assessments
Fraud Prevention Check-up
Code of Conduct/Anti-Fraud Policy
Fraud Risk Assessment
Ethics Hotline/Training
Policy and Procedure Assistance
A proven methodology designed to provide a logical

approach to ensure appropriate controls are in place
to prevent, detect and respond to corruption activity.
It is essential that duties are segregated and that

controls are in place within your processes so
that opportunities to commit fraud are limited.
A key to effective fraud prevention is a code of

conduct and/or anti-fraudpolicy that lays out clear
guidances as to permitted/prohibited behavior
and actions.
Providing
individuals
a
means
to
report
suspicious activity and conducting targeted fraud
awareness training for employees and managers.
An approach used by leading companies to

highlight exceptions and anomalies to help
prevent or detect fraudulent activity through
the continuous or periodic analysis of data.
Fraud prevention check-ups can be a quick and

cost-effective way for you to evaluate whether your
company is properly addressing fraud prevention.
Taking a proactive approach to understanding and

systematically identifying where and how fraud may
occur and who may be in a position to commit fraud.
Policies and procedures are an important

way to ensure an organization has the right
practices in place to prevent fraud. Management must
clearly communicate such practices to employees.

314.983.1200 | 636.255.3000 | 618.654.3100
Fraud Services
Segregate duties
DATA ANALYSIS
Contact Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Cr.FA. at 314.983.1259, dsmith@bswllc.com or
Ryan Hauber, MBA, CFE at 314.983.1317, rhauber@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Governmental
Risk-Based Advisory Services
Governments face many of the same risks as for-profit organizations, including fraud, inefficient use of
resources and inaccurate financial statements. It is important for management of these entities to have
a good understanding of the organizations risks in order to be able to effectively prioritize and manage
them. Brown Smith Wallaces Government Industry practice provides assurance and advisory services to
help government entities cost effectively address these risks. Our team has helped organizations of all
sizes manage risk and improve processes and internal controls.
SCOPE OF GOVERNMENTAL SERVICES
Our government-focused, risk-based assurance and advisory services team consists of a strong internal and
IT audit core that is supported by value-oriented capabilities in areas such as applications, process
improvement, construction audit, data analysis (ACL), disaster recovery and business continuity planning,
fraud prevention and detection, and information security and privacy. We use a flexible approach that is
scalable and supports federal, state and local governments. Below is a sampling of services we provide to
government organizations:
Internal Audit/
IT Audit
Fraud and Forensics
Process Improvement
Internal audit- co-sourcing
IT infrastructure assessments
Fraud prevention and
and outsourcing
detection programs
IT security- penetration and
Audit plan development and
vulnerability assessments
Fraud risk assessments
execution
Payment card industry data
Fraud checkup
Construction audit
security standard (PCI)
IT forensics
Data analysis
HIPAA assessment
Fraud investigations
Quality assurance reviews
Implementation risk
(QAR)
management
Internal control assessments
Application security and
controls
Continuous auditing
Business
continuity and
Process improvement and
disaster
recovery
design
Our Government Industry team is lead by Ron Steinkamp, CPA, CIA, CFE. With over 18 years of
experience, Ron has worked extensively with federal, state and local government agencies to develop,
enhance and direct internal audit functions, implement process improvement initiatives, conduct
compliance reviews, and lead and perform operational audits, construction audits, and fraud investigations.
Ron is supported by additional subject matter experts, making Brown Smith Wallace the largest and most
experienced firm to serve the risk management needs of governments throughout the Midwest.
To see how Brown Smith Wallace makes A Measurable Difference, please contact us to schedule an
initial risk assessment. In less than 30 minutes, we can identify your areas of greatest risk and begin
developing solutions.
Contact Ron Steinkamp, CPA, CIA, CFE, at 314.983.1238, rsteinkamp@bswllc.com | Ted Flom, CPA, CISA, CIA, at 314.983.1294,
tflom@bswllc.com | Tony Munns, CISA, FBCS, CIRM, CITP, at 314.983.1297, tmunns@bswllc.com.
314.983.1200 | 636.255.3000 | 888.279.2792
Health Care Expertise

Ron
Present
Bill
Willbrand
Ted
Flom
Tony
Munns
Frank
Megargel
Cathy
Goldsticker
Larry
Pevnick
Rob
Haggerty
Jan
Beckmann
Financial Compliance
Tax Consulting
Audit and Assurance
Value Network
Network Analysis
ACO Analysis
Payment System Models
Member Vetting
Medical Home Creation
HIPAA and IT
Security
Privacy
Disaster Recovery
PCI Compliance
Infrastructure Assessment
Financial Advisory
Valuation
Litigation Support
Expert Testimony
Business Advisory
Interim Management
Strategic Planning
Data & Cost Analysis
Governance
Revenue Cycle
Operational Improvement
Managed Care Contracts
Insurance Reviews
Enterprise Risk
Internal Audit
Cost Segregation/Energy
Controls Review
Construction Audit
2012 All Rights Reserved

Brown Smith Wallace LLC
Ron Present, LNHA, CALA, CNHA

rpresent@bswllc.com | 314.983.1358
314.983.1200 | 636.255.3000 | 618.654.3100
Health Care Industry Expertise

Ron
Present
Bill
Willbrand
Ted
Flom
Cathy
Goldsticker
Frank
Megargel
Tony
Munns
Larry
Pevnick
Rob
Haggerty
Jan
Beckmann
Tax Consulting
Audit and Assurance
Value Network
Network Analysis
ACO Analysis
Member Vetting
Medical Home Development
HIPAA and IT
Security Analysis
Privacy Review
Disaster Recovery
PCI Compliance
Financial Advisory
Valuation
Litigation Support
Expert Testimony
Mergers & Acquisitions
Business Advisory
Interim Management
Strategic Planning
Revenue Cycle Enhancement
Insurance Reviews
Enterprise Risk
Internal Audit
Controls Review
Governance
Construction Audit
Fraud Prevention
Fraud Investigation

Ron Present, CALA, CNHA, LNHA

314.983.1200 | 636.255.3000 | 618.654.3100
INFO@BSWLLC.COM | 1.888.279.2792 |WWW.BSWLLC.COM
Health Care Industry Expertise

Ron
Present
Bill
Willbrand
Ted
Flom
Cathy
Goldsticker
Frank
Megargel
Tony
Munns
Larry
Pevnick
Rob
Haggerty
Jan
Beckmann
Tax Consulting
Audit and Assurance
Value Network
Network Analysis
ACO Analysis
Member Vetting
Medical Home Development
HIPAA and IT
Security Analysis
Privacy Review
Disaster Recovery
PCI Compliance
Financial Advisory
Valuation
Litigation Support
Expert Testimony
Mergers & Acquisitions
Business Advisory
Interim Management
Strategic Planning
Revenue Cycle Enhancement
Insurance Reviews
Enterprise Risk
Internal Audit
Controls Review
Governance
Construction Audit
Fraud Prevention
Fraud Investigation

Ron Present, CALA, CNHA, LNHA

314.983.1200 | 636.255.3000 | 618.654.3100
Health Care Expertise

Ron
Present
Bill
Willbrand
Ted
Flom
Tony
Munns
Frank
Megargel
Cathy
Goldsticker
Larry
Pevnick
Rob
Haggerty
Jan
Beckmann
Tax Consulting
Audit and Assurance
Value Network
Network Analysis
ACO Analysis
Member Identification
Member Vetting
Medical Home Creation
HIPAA and IT
Security
Privacy
Disaster Recovery
PCI Compliance
Financial Advisory
Valuation
Litigation Support
Expert Testimony
Business Advisory
Interim Management
Strategic Planning
Governance
Back Office Outsourcing
Revenue Cycle
Insurance Reviews
Enterprise Risk
Internal Audit
Controls Review
Construction Audit
Ron Present, LNHA, CALA, CNHA
rpresent@bswllc.com 314.983.1358
314.983.1200 | 636.255.3000 | 618.654.3100

Testimonials
HENRY W. CLEVER III, M.D., FIRST CAPITOL DERMATOLOGY L.L.C.
Brown Smith Wallace has been helping my dermatology practice for over 10 years, and my fathers
pediatric practice before that. I couldnt imagine doing business without them.
They maintain our personal and business records with ease and expertise. They are extremely knowledgeable in the complexities and nuances of physician practices which have helped me keep my medical practice thriving when others are struggling. I refer colleagues to them because Im confident they will find no
better firm. They are truly experts.
MIKE NAYAK, M.D., NAYAK PLASTIC SURGERY P.C.

I began working with Brown Smith Wallace seven years ago when I was organizing my corporation and
opening my practice. Since then they have been instrumental in every aspect of my business growth.
Their familiarity and expertise with medical practices has made them an invaluable asset. They are reliable,
personable and professional, I strongly recommend them.
GARY WHITE, CHIEF EXECUTIVE OFFICER, THE GROVES

Brown Smith Wallace was an asset to our management team. They conducted strategic planning sessions
with the team and helped craft our strategy regarding our hospice and therapy services. They also worked
with us to create a new brand for the delivery of our therapy services throughout our campus and the community. Brown Smith Wallace truly understands the senior housing and post acute market and knows how
to craft relevant and practical solutions.
MARY RIGGS, AUDIT MANAGER, BJC HEALTH CARE

knowledgeable of health care operations, and they understood how the work they completed was integrated into and enhanced our internal controls. One internal audit area of great help was the analysis and
development of controls related to data access and its meaningful use implications.
(Please see additional testimonials on the other side.)
Contact Ron Present, CALA, CNHA, LNHA, at 314.983.1358, rpresent@bswllc.com.

314.983.1200 | 636.255.3000 | 618.654.3100

Testimonials
TARIQ MALAK, CHIEF FINANCIAL OFFICER, CENTERPOINTE HOSPITAL
The team at Brown Smith Wallace truly understands customer service and the ever-changing health care
JIM CALI, DIRECTOR, BI-STATE DEVELOPMENT AGENCY

pleasure.
JAY KIRSCHBAUM, SENIOR VICE PRESIDENT & NATIONAL PRACTICE LEADER, WILLIS GROUP
partner.
(Please see additional testimonials on the other side.)

314.983.1200 | 636.255.3000 | 618.654.3100

Brown Smith Wallace has been serving the essential accounting, tax and advisory needs of the health care industry
for the past 40 years. Recently, the firm has enhanced its capabilities for providers, suppliers and medical
practitioners with specialized, value-added services such as health reform assistance, construction audits for
building owners, IT security and HIPAA services as well as merger and acquisition assistance.
Our highly experienced health care professionals work closely with our clients to reduce their risks and improve
performance by applying leading industry knowledge to each situation. We provide a broad range of support to
pre-acute, acute, and post-acute service providers. Our primary areas of expertise include hospitals and health care
systems, senior housing and home health services as well as physician and doctor practices.
In particular, we focus on helping providers better coordinate services by leveraging strong IT infrastructures and
embracing new methodologies of governmental and commercial payments to improve patient care and achieve
financial sustainability and growth.
Without proper systems in place to maximize patient care revenue and efficiency, as well as ensure compliance
with government regulations, health care organizations are extremely vulnerable in this era of health care reform.
Brown Smith Wallace has a national reputation and credentials in the HIPAA and IT security space as well as in
construction auditing and other specialized areas such as risk, insurance, litigation support, taxes and valuations.
Our robust team of more than 25 talented professionals have expertise in the following services:
Value NetworksSM
HIPAA & IT
Financial Advisory
Enterprise Risk
Business Advisory
Our team is led by Ron Present, CALA, CNHA, LNHA. Ron has more than 25 years of health care consulting and
operations experience. His expertise with hospitals, nursing homes, physicians practices and health care reform
enhances the expansion of our health care industry services. For more information on how we can make
A Measurable Difference for your organization, please contact us for more information.

314.983.1200 | 636.255.3000 | 618.654.3100
Health Insurance
& TPA Services
When employee health benefits are well designed and well controlled, organizations can realize significant
cost savings. However, this is also an area where costs can escalate quickly and the cause can be difficult
to identify. At Brown Smith Wallace, we combine our expertise in insurance, data analysis, information
technology, consulting, and audit to provide a full-line of services related to health insurance and third
party administrator (TPA) performance evaluations. We can help you identify the problems and when
applicable, help you negotiate reimbursements. Our experts will help you devise a plan to achieve future
cost savings.
Medical Claim Audits
Verify your claims are processed as designated by your Plan by detailed claim re-adjudication performed
by claim experts with RN/BSN credentials and expertise. These audits identify invalid, duplicate, and
improperly processed claims and negotiate refunds where appropriate.
Prescription Drug Claim Audits
Identify inaccurate prescription drug costs and methods to reduce costs by 100% testing of pricing,
co-pays, discounts, rebates and fees using the data files provided by the TPA. We will negotiate refunds
where it is applicable.
Dependent Eligibility Verification Audits
Ensure you are paying only for eligible participants by 100% document-based verification of dependent
eligibility. Typically, 3% - 8% of dependents are ineligible some organizations have seen much higher
numbers.
Medicare Coordination of Benefits Reviews
Keep your retiree health benefits intact, but reduce your costs. Based on your current plan design, we will
put all the moving parts into one easy to read analysis. Considerations include: claim experience, moving
Medicare eligible participants to Medicare as the primary insurer, the cost of purchasing Medicare
supplements, and increasing premiums.
(Please see continued description of our health insurance and TPA services on the other side.)
Contact Jan Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com | Larry Pevnick, CPA at 314.983.1247,lpevnick@bswllc.com
Bill Goddard, CPCU at 314.983.1253, bgoddard@bswllc.com.
314.983.1200 | 636.255.3000 | 888.279.2792
Health Insurance
& TPA Services
Process, Procedure and Internal Control Evaluations
Identify process and control improvements for both you and your TPA. We assess and document
operations to identify potential reallocation of duties, continuous monitoring needs, duplication of effort,
and methods to streamline the processes.
SAS 70 Reviews
Assure your customers if you are the service provider. We assess a TPAs processes and internal controls to
produce a through and value-added SAS70 report for use by the TPAs customers.
Stop-Loss Evaluation of Limits and Experience
Reduce over and under insurance risk. We will analyze your claim experience, financial situation, and risk
tolerance to provide solid data behind our recommendation on stop-loss insurance deductibles and
whether it is necessary for your company.
HIPAA Gap Assessment and Remediation Planning
Verify compliance with HIPAA regulations or identify reasonable methods to bring your company into
compliance. We review your systems, processes, and procedures to identify gaps in HIPAA compliance
and develop recommendations for remediation.
Contact us to find out how our experts can make A Measurable DifferenceTM in your organization.
Contact Jan Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com | Larry Pevnick, CPA at 314.983.1247,lpevnick@bswllc.com
Bill Goddard, CPCU at 314.983.1253, bgoddard@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100

Testimonials
GARY WHITE, CHIEF EXECUTIVE OFFICER, THE GROVES
Brown Smith Wallace was an asset to our management team. They conducted strategic planning sessions
with the team and helped craft our strategy regarding our services including hospice and therapy. They
also worked with us to create a new brand for the delivery of our therapy services throughout our campus
and the community. Brown Smith Wallace truly understands the senior housing and post acute market and
knows how to craft relevant and practical solutions.
MARY RIGGS, AUDIT MANAGER, BJC HEALTH CARE

knowledgeable of health care operations and understood how the work they completed was integrated into
and enhanced our internal controls. One internal audit area of great help was the analysis and development
of controls related to data access and its meaningful use implications.
TARIQ MALAK, CHIEF FINANCIAL OFFICER, CENTREPOINTE HOSPITAL

The team at Brown Smith Wallace truly understands customer service and the ever changing health care
JIM CALI, DIRECTOR, BI-STATE DEVELOPMENT AGENCY

pleasure.
JAY KIRSCHBAUM, SENIOR VICE PRESIDENT & NATIONAL PRACITCE LEADER, WILLIS GROUP
partner.

314.983.1200 | 636.255.3000 | 618.654.3100
HIPAA Compliance Services

Security Focus
The Health Insurance Portability and Accountability Act (HIPAA) legislation imposes strict requirements
related to the protection of personal health information handled by any organization. Medical practices,
hospitals, long-term care facilities, pharmacies, as well as employers who sponsor health insurance plans are
subject to HIPAAs requirements.
Our gap identification process reviews key elements related to security portion of HIPAA.
Process and
documentation, policy
and procedures, other
security administration
requirements
Establishment
of enforcable
programs and
systems
Proper access
procedures, locks and
other physical barriers
After our review of your existing security procedures and systems, we can provide you with customized
policies and procedures, including:
HIPAA Security Risk Analysis, tailored for your organization
Health Information Technology for Economic and Clinical Health Act (HITECH) and the Red Flag
Rules compliance
Required overall security processes (administrative, technical, and physical)
Information security policies
Disaster recovery procedures
Customized security technology
At Brown Smith Wallace, we make A Measurable Difference. Your complete HIPAA security risk
analysis, policies, and procedures will be based on answers to the gap analysis and are fully customized to
your organization. This custom approach, combined with our highly experienced HIPAA team members,
ensures the right compliance solution for you and your organization.
Contact Ted Flom, CPA, CISA, CIA at 314.983.1294, tflom@bswllc.com | Tony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297,
314.983.1200 | 636.255.3000 | 618.654.3100
IT Advisory Services
For those companies that need a strategic IT thinker as an advisor to their management team to ensure
their strategy is right, their problems are resolved, and their solutions systems are cost effective, IT
Advisory is the smart way to add that resource to your team. Our IT advisory services team has the
expertise and knowledge to help your company link your technology to business goals while making your
strategic investments count.
For those companies that do not have the time or the funds to add a full-time IT Strategic thinker to their
executive team, or need help doing so, Brown Smith Wallace provides you with a mentor to management
to help ensure that you are making the right decisions and getting the best value. We provide strategic and
objective input and direction, evaluations of technology, cost and business fit so that you obtain a good
ROI on your IT investment. Our IT advisory services team provides professional, independent advice on
critical IT areas that affect business performance, such as:
Strategic Planning
We work with you to develop a proactive IT strategy that integrates with your specific business
goals.
Applications Planning
We help you develop an applications approach that supports your business strategy focusing on
those areas that give you competitive advantage.
Infrastructure Management
We help you redesign the infrastructure of your systems to improve security, functionality and
reliability and where possible, reduce cost.
Systems Integration
By focusing on effective processes we can help remove redundant processes and improve
efficiency, timeliness, accuracy and integrity of processes.
Asset Management
From shared services to hardware, services and software licensing, we can drive cost reduction
while driving service improvement.
Data Management
Whether for compliance needs or for effective decision making, data management is critical. We
assist you in capitalizing on the data you already have.
Security
We can help you identify and address potential security exposures, such as loss of customer data,
loss of revenue and reputation damage, before they become problems.
Our IT advisory services team possesses a depth and breadth of expertise unmatched by any other firm in the
St. Louis area. Team members are senior-level professional staff with backgrounds in business consulting, IT
and accounting. Our team includes CPAs, CISAs, CIAs, CITPs, CPIMs, CIRMs and CFEs.
Contact Ted Flom, CPA, CISA, CIA, at 314.983.1294, tflom@bswllc.com or

Tony Munns, FBCS, CISA, CIRM, CPIM AT 314.983.1297, amunns@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
IT Forensics
COMPUTER FORENSICS
The extent of our digital society is requiring you to have the ability to investigate suspicious activity found
on computers. IT risks range from financial fraud to hackers gaining access to your data.
IT forensics is the process of recovering and analyzing deleted, cached and hidden data from IT equipment. Our professional IT forensics team has the ability to analyze a wide range of devices from laptops to
mainframes. Our services include:
Forensic Incident Response
Forensic Litigation Support
Incident Report Process Improvement
When you engage Brown Smith Wallace to investigate suspicious computer activity, our computer
forensics investigation follows a very specific eight step process:
FRAUD & FORENSIC EIGHT STEP PROCESS
1) Determine what your management knows and what they have uncovered
2) Quarantine the equipment
3) Engage an attorney and put the suspect(s) on leave of absence
4) Determine the nature of the fraud
5) Determine how much historical investigation is required
6) Investigate receipts, payroll, inventory, vendors and anything suspicious
7) Prepare a report to be presented to your management team
8) Implement the recommendations
Contact Ron Schmittling, CPA, CITP, CISA, CIA at 314.983.1398, rschmittling@bswllc.com.

314.983.1200 | 636.255.3000 | 618.654.3100
IT Security & Privacy

Keeping data secure is more of a challenge than ever before. Most information is stored digitally today,
and this electronic warehouse is regularly under attack from hackers, viruses and even employees.
The experienced IT Security & Privacy professionals at Brown Smith Wallace can evaluate the security of
your current systems so you can rest easier.
Security affects businesses in surprising ways. Operations can be disrupted, privacy can be violated and
reputations can be damaged.
SERVICE DESCRIPTIONS
Our IT security and privacy reviews address confidentiality, integrity and availability of information.
We examine potential threats, identifying who is attempting to gain access to your critical information
and how often they look. Then we design a plan to shut out prying eyes.
Our globally skilled team provides value to clients through high quality, cost-effective IT security services.
We bring extensive consulting, testing and hands-on IT security experience to your technology
challenges. Our team develops practical, effective solutions to meet your security and privacy needs. Our
solutions will protect your critical proprietary information within all areas of your organizations, including
growth management, operations and IT.
IT SECURITY SERVICES
Information Security
Payment Card Risk
Cybercrime & Incident Response
Information Privacy & Data Protection
Information Security Compliance
Penetration Testing
Contact us today to schedule an IT risk analysis. In less than an hour, you will gain key insights into the
IT risks that will cause your organization future concerns and challenges.
Contact Ted Flom, CPA, CISA, CIA, at 314.983.1294, tflom@bswllc.com.

314.983.1200 | 636.255.3000 | 618.654.3100
Network Penetration &

Vulnerability Assessment
A penetration and vulnerability assessment entails a comprehensive analysis of computer systems and
networks to determine weak points in your infrastructure. The assessment is targeted toward network
connected devices and covers network level vulnerabilities.
Any company, whether a small local company with less than ten employees, or a large multi-thousand
employee nationwide enterprise, may have the need for our services. If your company has trade secret
information, confidential client information, or simply contains information that is best not made public, you
should consider an assessment.
COMMON NETWORK TARGETS
FTP servers
Firewalls
Web servers
Internal file servers
E-mail servers
Network-level devices
VPN systems
A penetration and vulnerability assessment is typically aimed externally; however, many companies are
realizing that there can often be greater risk from inside the network due to disgruntled employees or
malicious visitors. We will custom tailor our assessment for your specific needs.
Each assessment is custom designed for your application. We provide an organized report of our findings
to management personnel, along with suggestions for improvement, prioritized by urgency. Should we be
retained for additional consulting, we can implement our recommendations.
We Make a Measurable DifferenceTM. We have experience in dozens of operating systems, hundreds of
network protocols, and enterprise level, national-spanning network architecture. We have worked with
businesses as small as a local credit union to as large as a big-10 brokerage house. We are courteous,
professional, and value your privacy and confidentiality. Our staff stays current on Information Security
trends and exploits making sure you are getting up-to-date security consultation.

Ted Flom, CPA, CISA, CIA, at 314.983.1294, tflom@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
PCI Compliance
The Payment Card Industry (PCI) Security Standards Council requires any company accepting,
processing or storing credit card information to comply with PCI security standards. PCI data security
standards protect customers from identity theft and security breaches.
PCI STANDARDS
Building and maintaining a secure network to protect cardholder data
Maintaining a vulnerability management program
Implementing strong access control measures
Regularly monitoring and testing networks
Maintaining an information security policy
A PCI Approved Scanning Vendor (ASV), like Brown Smith Wallace, must execute network vulnerability
scans to ensure that companies comply with PCI data security standards. Scans are performed over all
externally facing IP addresses that touch the credit card acceptance, transmission and storage process.
Failure to comply with the PCI security standards requirements may result in heavy fines, restrictions or
permanent expulsion from card acceptance programs.
The service team at Brown Smith Wallace provides the following services to ensure that our clients are
compliant with the standards set by the PCI Security Standards Council:
PCI compliance gap assessments
PCI merchant compliance scans and reviews
PCI card processor compliance reviews
PCI data hosting provider compliance reviews
The experienced staff at Brown Smith Wallace is uniquely qualified to perform PCI compliance reviews for
a broad spectrum of organizations in any industry.

Ron Schmittling, CPA, CITP, CISA, CIA, at 314.983.1398, rschmittling@bswllc.com.
314.983.1200 | 636.255.3000 | 888.279.2792
PCI Compliance
The Payment Card Industry (PCI) Security Standards Council requires any company accepting,
processing or storing credit card information to comply with PCI security standards. PCI data security
standards protect customers from identity theft and security breaches.
PCI STANDARDS
Building and maintaining a secure network to protect cardholder data
Maintaining a vulnerability management program
Implementing strong access control measures
Regularly monitoring and testing networks
Maintaining an information security policy
A PCI Approved Scanning Vendor (ASV), like Brown Smith Wallace, must execute network vulnerability
scans to ensure that companies comply with PCI data security standards. Scans are performed over all
externally facing IP addresses that touch the credit card acceptance, transmission and storage process.
Failure to comply with the PCI security standards requirements may result in heavy fines, restrictions or
permanent expulsion from card acceptance programs.
The service team at Brown Smith Wallace provides the following services to ensure that our clients are
compliant with the standards set by the PCI Security Standards Council:
PCI compliance gap assessments
PCI merchant compliance scans and reviews
PCI card processor compliance reviews
PCI data hosting provider compliance reviews
The experienced staff at Brown Smith Wallace is uniquely qualified to perform PCI compliance reviews for
a broad spectrum of organizations in any industry.
Contact Ted Flom, CPA, CISA, CIA, at 314.983.1294, tflom@bswllc.com or

Tony Munns, CISA, FBCS, CITP, at 314.983.1297, amunns@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Retail Industry Advisory Services

Brown Smith Wallaces Retail Industry Services group offers a wide variety of services that help retailers
manage operations more efficiently, assess and control risks and comply with audit and tax regulations.
Our experienced team has hands-on executive and Big Four and other consulting experience with
prominent retailers such as Build-A-Bear Workshops, Lord & Taylor, Macys, The May Department Stores
Company, Panera, Schnucks, Shopko and Walmart as well as a number of smaller retailers such as EJ Shoes
and Sweet Traditions. We have experience at the local, regional, national and international levels. Our
team members have presented at national and regional conferences and are regularly published in trade
publications.
SCOPE OF SERVICES
Our services include:
Auditing
Benefit plan audits
CAM expense reviews
Captive insurance companies
Construction audits
Cost segregation studies
Fraud prevention & detection
Insurance reviews
Internal auditing
IRS matters
IT infrastructure
IT security & privacy

Litigation support
PCI compliance
Personal property tax reviews
Real estate advisory
Retail LIFO
Risk assessments
SAS 70 reviews
State & local taxes
SOX compliance
Valuations
We make a Measurable DifferenceTM. We bring big firm expertise and a small firms high touch service
approach at reasonable fees. We use a flexible approach and have scalable resources to support both
private and public companies ranging in size from startup to billion dollar multinational operations.

Please turn this page over for brief profiles of our retail services team leaders.
Contact Marty Doerr, CPA, at 314.983.1350, mdoerr@bswllc.com or

Ryan Hauber, MBA, CFE, at 314.983.1317, rhauber@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
Retail Team Leaders

Tax Risk & Fraud Services
Marty Doerr, CPA Ryan Hauber, MBA, CFE
30+ years retailing industry
10+ years retail consulting experience
Accounting methods
CAM expense reviews
IRS matters
Fraud prevention, detection and investigation
Retail LIFO
Risk assessments
Tax benefits & risk
Strategic initiative implementation
State & Local Taxes Insurance

Pam Huelsman Bill Goddard, CPCU, MBA
Multi-state tax planning
Captives
Experience with 50 states
Insurance reviews
Nexus issues
Property, fiduciary liability
Sales & use tax
Casualty, general liability, D&O
Medical benefits, claims processing
Safety programs and self-insurance

314.983.1200 | 636.255.3000 | 618.654.3100
Retail Industry Advisory Services

Brown Smith Wallaces Retail Industry Services group offers a wide variety of services that help retailers
manage operations more efficiently, assess and control risks and comply with audit and tax regulations.
Our experienced team has hands-on executive and Big Four and other consulting experience with
prominent retailers such as Build-A-Bear Workshops, Lord & Taylor, Macys, The May Department Stores
Company, Panera, Schnucks, Shopko and Walmart as well as a number of smaller retailers such as EJ Shoes
and Sweet Traditions. We have experience at the local, regional, national and international levels. Our
team members have presented at national and regional conferences and are regularly published in trade
publications.
SCOPE OF SERVICES
Our services include:
Auditing
Benefit plan audits
CAM expense reviews
Captive insurance companies
Construction audits
Cost segregation studies
Fraud prevention & detection
Insurance reviews
Internal auditing
IRS matters
IT infrastructure
IT security & privacy

Litigation support
PCI compliance
Personal property tax reviews
Real estate advisory
Retail LIFO
Risk assessments
SAS 70 reviews
State & local taxes
SOX compliance
Valuations
We make a Measurable DifferenceTM. We bring big firm expertise and a small firms high touch service
approach at reasonable fees. We use a flexible approach and have scalable resources to support both
private and public companies ranging in size from startup to billion dollar multinational operations.

Please turn this page over for brief profiles of our retail services team leaders.

1050 N. Lindbergh Boulevard | St. Louis, MO 63132
PH 314.983.1200 | FX 314.983.1300
www.bswllc.com
888.279.2792
1551 Wall Street | St. Charles, MO 63303

PH 636.255.3000 | FX 636.947.6128
Retail Team Leaders

Tax
Risk & Fraud Services
Marty Doerr, CPA

Accounting methods
IRS matters
Retail LIFO
Tax benefits & risk
Ryan Hauber, MBA, CFE

10+ years retail consulting experience
CAM expense reviews
Fraud prevention, detection and investigation
Risk assessments
Strategic initiative implementation
State & Local Taxes
Insurance
Pam Huelsman
Multi-state tax planning
Experience with 50 states
Nexus issues
Sales & use tax
Bill Goddard, CPCU, MBA

Captives
Insurance reviews
Property, fiduciary liability
Casualty, general liability, D&O
Medical benefits, claims processing
Safety programs and self-insurance

1050 N. Lindbergh Boulevard | St. Louis, MO 63132
PH 314.983.1200 | FX 314.983.1300
www.bswllc.com
888.279.2792
1551 Wall Street | St. Charles, MO 63303

PH 636.255.3000 | FX 636.947.6128

Every organization has risks. The key to a successful operation is understanding and managing these risks
by prioritizing and controlling them appropriately. The Risk Services practice provides services, on an
outsourcing and co-sourcing basis, that help clients manage business risk, improve processes and internal
controls, and comply with the provisions of Sarbanes-Oxley.
Our team, which is one of the largest and most diverse risk groups in the midwest, consists of
professionals dedicated to providing risk-based advisory services. Our Risk Services practice works with
public and private organizations of all industries and sizes to make sure they are effectively managing risks
inherent to their organizations. Our services range from cutting edge data analysis and information security
to fraud prevention and Sarbanes-Oxley consulting.
SCOPE OF SERVICES
Our core approach is strengthened by our strong internal and IT auditing competencies, cutting-edge IT
security capabilities, data analysis (ACL) expertise and a team of approximately 30 financial, operational
and IT auditors.
We use a flexible approach that is scalable and supports private and public companies ranging in size from
startups to billion dollar multinationals in a wide range of industries. Our services include:
Audit plan development
IT security penetration & vulnerability
Construction auditing
assessments
Cost reduction and recovery services
Process improvement evaluations and consulting
Data analysis
Quality Assurance Reviews (QAR)
Fraud prevention and investigation
Risk assessments
HIPAA reviews
Sarbanes-Oxley (SOX) compliance
Internal auditing
SAS 70 audits or agreed upon procedure
IT auditing
engagements
Our risk-based advisory services can fulfill a wide range of needs, from specialty audit or risk reviews to
comprehensive enterprise-wide risk management.
If you would like to sleep a little easier or prepare for an upcoming regulatory or external accountants
review, the risk services team at Brown Smith Wallace can develop a scalable solution to fit your needs.
Contact Ted Flom, CPA, CISA, CIA, at 314.983.1294, tflom@bswllc.com | Tony Munns, CISA, FBCS, CIRM, CITP, at 314.983.1297,
tmunns@bswllc.com | Chris Menz, CPA, at 314.983.1227, cmenz@bswllc.com.
314.983.1200 | 636.255.3000 | 888.279.2792

Every organization has risks. The key to a successful operation is understanding and managing these risks
by prioritizing and controlling them appropriately. The Risk Services practice provides services, on an
outsourcing and co-sourcing basis, that help clients manage business risk, improve processes and internal
controls, and comply with the provisions of Sarbanes-Oxley.
Our team, which is one of the largest and most diverse risk groups in the Midwest, consists of
professionals dedicated to providing risk-based advisory services. Our Risk Services practice works with
public and private organizations of all industries and sizes to make sure they are effectively managing risks
inherent to their organizations. Our services range from cutting edge data analysis and information security
to fraud prevention and Sarbanes-Oxley consulting.
SCOPE OF SERVICES
Our core approach is strengthened by our strong internal and IT auditing competencies, cutting-edge IT
security capabilities, data analysis (ACL) expertise and a team of approximately 30 financial, operational
and IT auditors.
We use a flexible approach that is scalable and supports private and public companies ranging in size from
startups to billion dollar multinationals in a wide range of industries. Our services include:
Audit plan development
Construction auditing
IT security penetration & vulnerability
assessments
Cost reduction and recovery services
Process
improvement evaluations and consulting
Data analysis
Quality Assurance Reviews (QAR)
Fraud prevention and investigation
Risk assessments
HIPAA reviews
Sarbanes-Oxley (SOX) compliance
Internal auditing
SSAE 16 audits or agreed upon procedure
IT auditing
engagements
Our risk-based advisory services can fulfill a wide range of needs, from specialty audit or risk reviews to
comprehensive enterprise-wide risk management.
If you would like to sleep a little easier or prepare for an upcoming regulatory or external accountants
review, the risk services team at Brown Smith Wallace can develop a scalable solution to fit your needs.
314.983.1200 | 636.255.3000 | 618.654.3100
INFO@BSWLLC.COM | 1.888.279.2792 |WWW.BSWLLC.COM
Risk Management Services

Companies and their boards are devoting significant resources to ensure risks are understood and
appropriately managed. The Brown Smith Wallace Risk Services practice works with organizations of all
sizes to make sure they are effectively managing risks inherent to their organization. Through
comprehensive management and assessment of risks, our clients are well prepared to achieve their goals
and objectives.
Because the application of risk management is broad, clients range in size from family-owned companies to
large, international public companies. Further, governmental entities and not-for-profit organizations are
good candidates for risk management services.
Risk management services include the following:
Enterprise Risk &
Internal Audit
Audit planning and
risk assessment
Business process
assessment and
design
Business risk
assessment
Corporate
governance
Data Analysis
Enterprise Risk
Management
Fraud detection and
prevention
Outsourcing and
co-sourcing
Policy, process and
procedure design
and implementation
Technology Risk
Business application
security and
controls
Disaster recovery
and business
continuation
IT audit
IT forensics
Infrastructure risk
Payment card
industry
compliance
Penetration studies
Security and
privacy
Vulnerability
assessment
Website security
Wireless security
review
Sarbanes-Oxley
Assistance
Audit planning and
risk assessment
Documentation
Planning and
organization
Program
development
Project
management
Remediation
Segregation of
duties analysis and
consulting
Testing
SAS 70/Third Party

Assurance
Attestation/Agreed
upon procedures
Construction audits
Fiduciary audits
HIPAA privacy and
security
SAS 70 Type 1
and 2
Self-insured
health plan/TPA
audits
Specialty risk:
Construction,
Technology and
TPA
Third party service
provider/
Outsourcing risk
management
Risk Management is not an area of your business to be taken lightly. You need experienced and qualified
consultants working with you to understand and put in place a program that is appropriate to your
environment. Our group is led by highly experienced risk management professionals, providing you with
A Measurable Difference by ensuring you get the leadership and perspective you need.
314.983.1200 | 636.255.3000 | 618.654.3100
Risk Management Services

Companies and their boards are devoting significant resources to ensure risks are understood and
appropriately managed. The Brown Smith Wallace Risk Services practice works with organizations of all
sizes to make sure they are effectively managing risks inherent to their organization. Through
comprehensive management and assessment of risks, our clients are well prepared to achieve their goals
and objectives.
Because the application of risk management is broad, clients range in size from family-owned companies to
large, international public companies. Further, governmental entities and not-for-profit organizations are
good candidates for risk management services.
Risk management services include the following:
Enterprise Risk &

Internal Audit
Audit planning and
risk assessment
Business process
assessment and
design
Business risk
assessment
Corporate
governance
Data Analysis
Enterprise Risk
Management
Fraud detection and
prevention
Outsourcing and
co-sourcing
Policy, process and
procedure design
and implementation
Technology Risk
Business application
security and
controls
Disaster recovery
and business
continuation
IT audit
IT forensics
Infrastructure risk
Payment card
industry
compliance
Penetration studies
Security and
privacy
Vulnerability
assessment
Website security
Wireless security
review
Sarbanes-Oxley
Assistance
Audit planning and
risk assessment
Documentation
Planning and
organization
Program
development
Project
management
Remediation
Segregation of
duties analysis and
consulting
Testing
SAS 70/Third Party

Assurance
Attestation/Agreed
upon procedures
Construction audits
Fiduciary audits
HIPAA privacy and
security
SAS 70 Type 1
and 2
Self-insured
health plan/TPA
audits
Specialty risk:
Construction,
Technology and
TPA
Third party service
provider/
Outsourcing risk
management
Risk Management is not an area of your business to be taken lightly. You need experienced and qualified
consultants working with you to understand and put in place a program that is appropriate to your
environment. Our group is led by highly experienced risk management professionals, providing you with
A Measurable Difference by ensuring you get the leadership and perspective you need.
314.983.1200 | 636.255.3000 | 888.279.2792
SAS 70 Review Services

Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized
auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS
70 audit or examination is widely recognized because it represents that a service organization has been
through an in-depth audit of their control activities. This generally includes controls over transaction
processing, systems and related processes. A SAS 70 is the authoritative guidance that allows service
organizations to disclose their control activities and processes to their customers and their customers
auditors in a uniform reporting format.
SAS 70 reviews are applicable to any organization that provides services for other organizations. These
services include processing transactions related to the financial statements; and encompass application
service providers, third party administrators (TPAs), bank trust departments, claims processing centers,
Internet data centers or other data processing service centers and outsourcers. Interested parties of the SAS
70 review include:
Customers of a service organization gain an assurance of a system of internal controls protecting
the companys data.
The customers auditors gain an assurance of the controls in place to protect the customers data.
The service organization has an independent audit of the controls it has in place to provide
assurance to customers and potential customers of the integrity of their processes.
The service organization auditors have a detailed independent audit of the companys system of
internal controls.
A formal report including the auditors opinion is issued to the service organization at the conclusion of a
SAS 70 examination. SAS 70 allows for two different types of reports:
Type I reports on the presence of certain controls at a point in time.
Type II reports on the presence of certain controls at a point in time as well as the effectiveness of
the operation of those controls over a period of time.
We make A Measurable Difference. Brown Smith Wallace has performed many SAS 70 Reviews for a
broad spectrum of service organizations in the insurance, benefits, healthcare claims and information
systems industries. Further, we have an experienced staff of control-oriented and certified professionals
who are uniquely qualified to perform SAS 70 Reviews, a skill set rare for a firm of our size.
Contact Ted Flom, CPA, CISA, CIA at 314.983.1294, tflom@bswllc.com | Tony Munns, CISA, CIRM, CPIM at 314.983.1297,
314.983.1200 | 636.255.3000 | 618.654.3100
Financial Institutions
The Federal Financial Institutions Examination Council (FFIEC) requires that financial institutions conduct
an independent review of their inforation technology systems each year. This review was designed to safeguard financial institutions customers and is enforced by regulators through the safety and soundness portion of their annual examinations. Brown Smith Wallace information technology systems review ensures
that your information technology system meets the regulatory requirements before the examiner walks
through the door. Using the FFIECs handbook and maximizing our professionals own experience with the
Federal Reserve, we take a comprehensive look at your key technology systems:
Audit
Management assessment
Develop and acquisition
Support and delivery
PC Security
Networking
LAN/WAN operations
E-banking
ATMs and wire transfer options
Ongoing consultation is provided

Meet the requirements of the regulators before they arrive
Cost-effective assurance on controls and security
Detailed report allows you to fully understand all areas reviewed
Mirros the review done by the regulators
Offers experienced consultants familiar with the guidelines
Provides a full, detailed report to management
Uses an efficient, planned approach
Contact us today to schedule an IT risk analysis. In less than an hour, you will gain key insights into the IT
risks that will cause your organization future concerns and challenges.
Contact Ron Schmittling, CPA, CITP, CISA, CIA at 314.983.1398, rschmittling@bswllc.com or

Mike Collins at 314.983.1352, mcollins@bswllc.com.
314.983.1200 | 636.255.3000 | 888.279.2792
Top 5 PPACA Issues Employers

Need to Understand
On June 28, 2012, the United States Supreme Court issued its ruling on the constitutionality of the Patient Protection
and Affordable Care Act (PPACA). The nations highest court upheld the law with the exception of certain Medicaid
provisions that are non-binding on states. The five to four decision upholds the complex and oftentimes unclear tax
provisions and health insurance reforms.
With this much awaited ruling, organizations are looking for answers. Those that have maintained an understanding
of the act throughout the ruling process are now seeking clarification. Providers and employers that were sitting on
the sidelines in hopes the law would be struck down are now scrambling to understand the implications. Although
some are still hopeful the law will be repealed through the impending results of the national and state elections, the
need to take action is imperative.
To assist in this process, we have addressed here the five most frequent questions we have been asked by our clients.
1. What is my responsibility under PPACA as an employer?
The answer to this question is far reaching and has too many scenario related answers to provide detailed
information in one place.
The courts decision means that several business and tax provisions that were part of PPACA will remain in place.
These include the codification of the economic substance doctrine, an annual assessment on pharmaceutical
manufacturers, as well as the new Medicare Hospital Insurance tax and net investment income on higher income
taxpayers, which will take effect in 2013. The PPACA also imposes a $500,000 deduction limit on executive
compensation paid by health insurance providers.
The most general concern is that the PPACA imposes a penalty on applicable employers (employers with more than
50 full-time employees) that do not provide affordable health coverage to their employees. The penalty is scheduled
to take effect starting January 2014.
Companies will need to heighten their monitoring of hourly employees because those who work 130 or more
hours per month will be automatically eligible for company health care benefits. If employers do not abide by this
and exclude those employees, they will pay a steep penalty. This becomes particularly complicated with part-time
and shift workers and in situations in which workers are picking up additional shifts, which may push them over
130 hours in a given month. Employers will need to carefully monitor employees time on a real-time basis and
manage employees in terms of their monthly/hourly workloads. The legislation identifies a look back period and
going forward stabilization period to be used in determining common company staffing and eligibility requirements.
Companies will need to ensure they have systems in place to be able to track hours on a monthly basis.
Employers need to review their coverage to determine if it satisfies the minimum essential coverage and affordability
requirements under the PPACA. Employers also should review their benefits packages for compliance with the
PPACA.
For more information, contact Ron Present, CALA, CNHA, LNHA, at 314.983.1358, rpresent@bswllc.com.
314.983.1200 | 636.255.3000 | 618.654.3100
2. Who is covered under PPACA?

According to the Congressional Research Service, all US citizens and aliens who are lawfully present in the United
States are subject to the health insurance mandate and are eligible, if otherwise qualified, to participate in the highrisk pools and the exchanges, and they are eligible for premium credits and cost-sharing subsidies. PPACA expressly
exempts unauthorized (illegal) aliens from the mandate to have health coverage and bars them from a health
insurance exchange. Unauthorized aliens are not eligible for the federal premium credits or cost-sharing subsidies.
Unauthorized aliens are also barred from participating in the temporary high-risk pools. However, an issue that may
arise during discussions to amend PPACA is the eligibility of aliens (noncitizens) for some of the key provisions of the
act.
To enforce the alien eligibility requirements under PPACA, the act requires the Secretary of Health and Human
Services to establish a program to determine whether an individual who is to be covered in the individual market by
a qualified health plan offered through an exchange, or who is claiming a premium tax credit or reduced cost-sharing,
is a citizen or national of the United States or an alien lawfully present in the United States.
3. What is the individual mandate?
The individual mandate portion of the PPACA is technically a shared responsibility requirement for individuals. The
provision requires individuals (regardless of employer availability or lack of coverage) to obtain minimum essential
health coverage or pay an individual penalty starting in 2014. Many individuals, however, are exempt from the
penalty. These include individuals covered by Medicare and Medicaid, individuals with coverage under military
health plans, undocumented individuals, and others. A unique aspect of the mandate allows more individuals
coverage under expanded Medicaid guidelines should the states agree to the Medicaid provisions of the PPACA.
Additionally, individuals with employer-provided coverage generally are considered as having minimum essential
coverage and are exempt from the penalty unless the cost of coverage is unreasonable.
4. Why did I receive a rebate from my insurance company?
The rebate amount is a direct result of the PPACA and what is commonly referred to as the medical loss ratio (MLR)
rule. Insurance companies must spend at least 85% of premiums in the large group market and 80% of premiums
in the small group or individual market on direct health care. If they spend less, the differential is refunded to the
employers and employees that contributed premiums. All participants of the plan (defined as those paying some
portion of the premium) will be notified of the rebates (including former employees who participated).

314.983.1200 | 636.255.3000 | 618.654.3100
4A. What do I do with the rebate amount?

There are several options for the distribution of the rebate amount. Generally, employers that receive the
rebate will have 90 days from receipt to adjudicate the funds. The overall guideline is to be fair and reasonable
to participants. The following are suggested examples of disbursement:
1. Employer paid 100% of premium the employer is allowed to retain 100% of the rebate amount. However,
the employer must look at the taxable implications of the premium amount and (working with your tax advisor)
2. Employee paid 100% of premium it is recommended the employer distribute the rebate on a pro-rata basis
to the employees. Again, the tax treatment of the rebate must be determined.
3. Employer and employee shared premiums - Generally, the rebate amount is again split between the employer
and employees on a pro-rata basis. If the premium for the year to which the rebate applies was paid with pretax dollars through a cafeteria plan, as is most typically the case for employer plans, the rebate, generally, is
taxable. However, if the rebate is used to provide a premium holiday, the tax consequence is benign in that it is
simply handled by the increased salary that the individual receives by virtue of not having to pay a premium. If
the rebate is paid in cash, it is taxable cash. For ERISA plans utilizing the rebate to provide benefit enhancements,
if the benefits constitute health benefits, then the enhancements should be excludible from the employees
income.
4. Former employees rebates - The Department of Labor has provided that if an employer finds the cost of
distributing rebates to former employees approximates the amount of the proceeds, the employer may properly
decide to allocate the proceeds to current employees based upon a reasonable, fair and objective allocation
method.
5. Next steps - The plan document is the first place to look to determine how a rebate can be used. According to
the Department of Labor Technical Release No. 2011-04, Any portion of a rebate constituting plan assets must
be handled in accordance with the fiduciary responsibility provisions of Title I of ERISA. Some plan documents
include specific guidance. In the absence of specific guidance, and given the administrative and tax issues that
can arise, it may be most efficient to provide a premium holiday. If this is going to be done, it is very important to
review any applicable cafeteria plan to ensure it allows election adjustments due to a change in cost of coverage.
Most cafeteria plans do include a provision that allows salary reduction elections to be automatically increased
or decreased due to a change in cost. If the change of cost is significant, many cafeteria plans allow a revocation
of existing election and a new election to be made. If the plan does not specifically identify such provisions,
the employer with that plan should consult with his tax and/or benefits advisor to make the appropriate plan
adjustments for future years.

314.983.1200 | 636.255.3000 | 618.654.3100
5. What is a health insurance exchange?

Exchanges will be the mechanism through which millions of low and moderate-income individuals receive
premium and cost-sharing government subsidies to make private health coverage more affordable and where
employees of small businesses will be able to purchase coverage. Exchanges will support individuals buying
insurance on their own and small businesses with up to 100 employees, but states can allow larger employers
in the future. States can elect: 1) to build a fully state-based exchange, 2) enter into a state-federal partnership
exchange, or 3) default into a federally-facilitated exchange.
According to the Kaiser Family Foundation website, to date, 15 states plus the District of Columbia have
established state-based exchanges. Of those, three have done so via executive order: Rhode Island, New York,
and Kentucky.
As of July 30, 2012, three states, Arkansas, Delaware, and Illinois, are planning to pursue a state-federal
partnership exchange. A state opting for a partnership exchange can choose to operate plan management
functions, consumer assistance functions, or both, leaving the federal government to assume responsibility for
all other exchange components in the state.
To date, seven states have declared that they will not create a state-based exchange. Louisianas Governor made
the announcement over a year ago. In April 2012, Maines Governor made clear the state would not pursue a
state-based exchange in a letter to HHS. In June 2012, New Hampshires Governor signed a law prohibiting the
state from participating in or enabling a state-based exchange. The Governors of Texas, Florida, South Carolina,
and Alaska made their decisions public soon after the Supreme Courts ruling on the ACA. For the most part,
these states had not invested in the exchange planning process prior to the announcement.
Another 16 states have not yet committed to a health insurance exchange strategy, but are continuing planning
efforts. Some state officials continue to evaluate the policy options related to a state-based exchange in the
absence of legislation. For example, in Minnesota, where there are numerous working groups and an exchange
task force investigating key decisions, the Governor submitted a letter to HHS in July 2012, declaring the states
intent to continue the planning and development of a state-based exchange. Other states, such as Alabama
and Arizona have considered the use of an executive order or other non-legislative strategies to establish an
exchange.
Additionally, two states have taken steps to implement a state-based exchange using an existing government
entity as an anchor. Specifically, Mississippi is utilizing an existing non-profit high risk pool association created in
1991, while New Mexico began building a state-based exchange using the New Mexico Health Insurance Alliance
authorized by the legislature in 1994.

314.983.1200 | 636.255.3000 | 618.654.3100
Nine states have not shown significant exchange planning activity. Some of these states made progress in
2011, but ended their exchange planning efforts in the face of increasing political pressure. Planning initiatives
in Kansas, Oklahoma, and Wisconsin were halted earlier this year to await the outcomes of the Supreme Court
ruling and the November elections. Given the federal timetable for implementation, states with little planning
activity to date face an increasing likelihood of defaulting to a federally facilitated exchange.
In May 2012, the Missouri Legislature approved a ballot measure seeking voters input on whether the state
can create a state-based health insurance exchange without approval from the Legislature; such a measure could
prevent Governor Jay Nixon (D) from establishing an exchange via Executive Order. Legislation establishing a
state-based health insurance exchange failed in both the 2012 and 2011 legislative sessions. In June 2011, the
Senate had created the Senate Interim Committee on Health Insurance Exchanges to explore Missouris options
to establish a state-based exchange.
___________________________________________________________________________________________
About Ron Present
Ron Present, CALA, CNHA, is the healthcare services practice leader for Brown Smith Wallace
LLC. With over 25 years of healthcare industry experience, he has in-depth knowledge of the
operational structure of pre-acute, acute and post-acute healthcare environments. Ron
brings clients hands-on experience as both an industry executive and consultant. His
healthcare expertise includes strategic and operational consulting, revenue enhancement
and strategy implementation, reimbursement optimization strategies, turnaround
management, debt restructuring, HIPAA compliance, financial modeling, feasibility studies,
managed care contracting, certificate of need applications, valuations and expert witness
services. Contact Ron at 314.983.1358 or rpresent@bswllc.com.
About Brown Smith Wallace LLC
Brown Smith Wallace LLC is one of the Midwest regions most prominent locally owned public accounting
firms, serving clients with the traditional audit, accounting and tax services as well as a wide variety of business
consulting services. INSIDE Public Accounting has recognized Brown Smith Wallace nationally as a Top Five
Fastest Growing Firm in the $20 $30 million net revenue category. For more information on Brown Smith
Wallace, visit www.bswllc.com.

314.983.1200 | 636.255.3000 | 618.654.3100

1 Entire Universe Binder 01 02.5.14

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

1 Entire Universe Binder 01 02.5.14

Transféré par

Droits d'auteur :

Formats disponibles

5 Steps to

COSO Transition Success

4. Internal Control Education

Amy Ribick, CFE, CRMA

Contact Jan Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com or

Organize the team Internal and BSW

Walk through the process

Develop a flow chart for

Review process for efficiency

Discuss improvements with

Test the revised process and

Present revised process to

Update policies and

Train client resources on

Contact Tony Munns, CISA, FBCS, CITP, at 314.983.1297, amunns@bswllc.com or

Enhanced communication and project delivery

COST SEGREGATION STUDY

Contact Dale Helle at 314.983.1338, dhelle@bswllc.com or

Cost Recovery Services

BROWN SMITH WALLACES DIFFERENTIATORS

Contact Janet Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com or

Cost Recovery Plus

+ Develop changes that are sustainable and

benefit the company for the long-term

Plus: We can develop customized continuous monitoring systems at your request.

Cost Recovery Plus

+ Develop changes that are sustainable and

benefit the company for the long-term

Plus: We can develop customized continuous monitoring systems at your request.

ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL

Contact Robin Bell, CPA at 314.983.1217, rbell@bswllc.com or

Cathy Goldsticker, CPA at 314.983.1274, cgoldsticker@bswllc.com.

1551 Wall St., Ste. 280 | St. Charles, MO 63303

Enhanced communication and project delivery

COST SEGREGATION STUDY

Contact Dale Helle at 314.983.1338, dhelle@bswllc.com or

1551 Wall St., Ste. 280 | St. Charles, MO 63303

Contact Robin Bell, CPA at 314.983.1217, rbell@bswllc.com or

Cathy Goldsticker, CPA at 314.983.1274, cgoldsticker@bswllc.com.

Contact Robin Bell, CPA at 314.983.1217, rbell@bswllc.com ,

Cathy Goldsticker, CPA at 314.983.1274, cgoldsticker@bswllc.com or

Data Analysis Services

Contact Jan Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com

Contact Jan Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com

Contact Jan Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com

Thorough and Value-Added Approach

way Brown Smith Wallace makes A Measurable Difference.

Contact Janet Beckmann, CPA, at 314.983.1254, jbeckmann@bswllc.com or

CRISIS MANAGEMENT AND COMMUNICATION PLAN (continued)

Contact Tony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297, tmunns@bswllc.com or

Contact Tony Munns, CISA, FBCS, CITP, at 314.983.1297, amunns@bswllc.com or

1. Do you have a documented Disaster Recovery Plan?

Contact Larry Newell, CISA, CBRM, at 314.983.1218 or lnewell@bswllc.com.

Contact Nick Lombardi, PE, MBA, at 314.983.1323, nlombardi@bswllc.com.

The Methodology of ERM

Phase V: Knowledge Transfer

The ERM Process

Enterprise risk management is a continuous

The Methodology of ERM

The ERM Process

Contact Tony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, tmunns@bswllc.com,

Contact Tony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297, tmunns@bswllc.com or

CRISIS MANAGEMENT AND COMMUNICATION PLAN (continued)