1 entire universe binder 01 02.5.14
TRANSCRIPT
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
1/74
5 Steps to
COSO Transition Success
1.
Transition TimelinePREPARE a project plan and timeline for transitioning to the new COSO
Framework. On December 15, 2014, COSO92 will be superseded by COSO2013.
Businesses should estimate between three to nine months in order to appropriately plan
and implement the transition.
2.
StakeholdersIDENTIFY the stakeholders in your organization that should be aware of the COSO
Framework updates.The Board of Directors, management, personnel, and internal and
external auditors are stakeholders that utilize the COSO Framework.
3. Current FrameworkEVALUATE whether the current COSO Framework is applied effectively
throughout the organization today. The way businesses operate today has drastically
changed since the original COSO Framework was published in 1992. New business models,
evolving technology, changing regulatory requirements and other challenges require a
system of internal control that can quickly adapt to changes in business, operating and
regulatory environments. How has your business changed and what are the implications on
your internal control program?
4. Internal Control Education
EDUCATE the various departments and key stakeholders on their ownership andresponsibilities and the importance and relevance of internal controls. Internal
controls are important to all areas of your business. As an example, fraud risks exist in all
aspects of an organization, not just in financial reporting. So its important that each
department understands the five integrated components that comprise internal control
control environment, risk assessment, control activities, information and communication,
and monitoring activitiesand how these address objectives within their specific area of
responsibility.
5. Well-Planned TransitionDETERMINE the internal budget and expertise needed and available to support
the transition from COSO92 to COSO2013.To schedule a complimentary consultation,contact Amy Ribick, CFE, CRMA, at 314.983.1347 [email protected].
Amy Ribick, CFE, CRMA
Manager, Risk Advisory Services
314.983.1347 | [email protected]
mailto:[email protected]:[email protected]:[email protected]:[email protected] -
7/21/2019 1 Entire Universe Binder 01 02.5.14
2/74
It is not uncommon for companies to make duplicate payments to vendors. While companies can try toreduce this risk through system controls, it is still prevalent and often more difficult to detect.
Vendors are often set up with more than one vendor number, making it easy for the same invoiceto get paid more than once.
Statements and invoices can look remarkably similar, causing the same amount to be entered morethan once.
Disparate accounts payable processing locations often allows a vendor to be paid for the sameinvoice from two different locations.
If the system doesnt allow a duplicate invoice number, employees may alter the invoice numberby adding a -1 or an A, allowing it to be entered again.
Automated duplicate payment controls typically look for the same invoice number from a vendoroccurring in the same year. Transactions around the end of the year can be more susceptible toduplicate payment.
SCOPE OF SERVICES
We help you identify potential duplicate payments. We do this by getting an understanding of thecontrols in your systems and processes. We then combine that understanding with our knowledge of themany ways duplicate payments can occur. Data analysis software, such as ACL, allows us to sift throughthe large quantities of data and develop customized tests to run against your data to detect potentialduplicate payments in your system. The time period is up to you, though we have seen the best resultsfrom at least 12 months of data.
We can provide you with the information necessary to contact vendors to reclaim your paymentsalong with suggestions for how to improve your controls to prevent or detect duplicate payments inthe future. We can also help you develop continuous monitoring procedures to search for potentialduplicate payments on regular basis.
These are just a few examples of the assistance we can provide. Contact one of us to discuss otherpossibilities to analyze your data and improve your business. At Brown Smith Wallace, we makeA Measurable DifferenceTM.
Duplicate PaymentReview
Contact Jan Beckmann, CPA, at 314.983.1254, [email protected] orTed Flom, CPA, CISA, CIA, at 314.983.1294, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
3/74
Approach toProcess Improvement
We are happy to meet with you to discuss our approach and help you identify the benefits to your organization.To learn how our risk advisory services can make A Measurable Differencefor your organization,
please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1238 or [email protected]
mprehensive Accounting & Tax Consulting | Audit & Risk Management Services | Management Consulting | Financial Advisory S
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 | WWW.BSWLLC.COM
At Brown Smith Wallace we view process improvement as a systematic approach to improving the performance
of our clients. Our approach doesnt entail fighting fires or placing blame. It involves identifying andunderstanding the causes of performance issues, making recommendations and developing policies and
procedures to help our clients reap the rewards of better performance. Our 15 step approach is outlined below.
Plan
Document
Finalize
Revise
Evaluate
Select process Establish improvement
objective
Organize the team -
Internal and BSW
Review current policies and
proceduresWalk through the process
Develop a flow chart for
the process
Review process for
adequacy of controlsReview process for efficiency
and effectiveness
Discuss improvements with
client team
Revise process flow chart for
agreed-to improvementsTest the revised process and
update for lessons learned
Present revised process to
client management
Update policies and
procedures
Train client resources on
processFinalize process
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
4/74
You never know when disaster will strike. Business continuity planning minimizes the possibility ofinterruptions and develops your ability to continue business operations during an unexpected natural disasteror malicious activity, and throughout the recovery process.
What Is the Process?
Your business continuity plan assesses the current risk and impact a disaster will have on your business. Itidentifies critical business processes and determines requirements necessary to recover. You receive feasible,cost effective options that are current, viable and complete. Documentation is developed and updated toensure you are in a constant ready-state for execution.
A holistic and logical approach is followed to ensure critical business practices have been identified and al-ternate procedures are documented. This would include, but not limited to, human resources, facilities man-agement, communication systems, Information Technology infrastructure resources, and media relations.
Who Needs Business Continuity Planning?
Any company requiring a high degree of confidence in their ability to continue business operations regard-less of internal or external threats or activities.
Why Engage Brown Smith Wallace?
Our service professionals have wide industry experience in reviewing existing plans and providing businesscontinuity consulting services to a broad spectrum of service organizations including clients in the insurance,marketing, and manufacturing industries. We ensure all sectors of the business from the enterprise downto business unit levels are in place necessary to steer the business through both catastrophic disasters anddisruptive fluctuations in the business environment.
Business Continuity
Contact Tony Munns, CISA, FBCS, CITP, at 314.983.1297, [email protected] orLarry Newell, CISA, CBRM, at 314.983.1218, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
5/74
Feasibility
Close out
Design
Substantialcompletion
Planning & research
Constructionin progress
Proposeddevelopment project
Constructionstart
Bidding
Ongoing support
Contractnegotiation
Budgeting
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
6/74
These are the 3 tangible benefits our construction audit experts can bring to project
owners. We can help you achieve them by making sure you properly assess change orders andother issues generated by the contractors specialists who are dedicated to maximizing the contract.
CONSTRUCTION AUDIT
Our typical/average ROI on a construction audit is 1-2% of the projects costs. We can provide a numberof tangible benefits, including:
Cost recovery of overcharges
Lower capital costs
Reduced project risks Fewer open issues and disputes
Stronger financial controls and reporting
Enhanced communication and project delivery
Tighter policies and procedures
Improved contract language Better regulatory compliance
COST SEGREGATION STUDY
As part of our construction audit, we can also provide a cost segregation study that will identify taxsavings you can recover on your construction project. This integrated approach typically increases theoverall ROI we can provide on a project to 3% or more. (Please see the description of our cost segregationservices on the other side.)
OPPORTUNITY ASSESSMENT
If you are interested in saving from 1-3% or more on your construction project, please contact us toschedule an Opportunity Assessment. With less than 30 minutes of your time, we can estimate theROI we can provide.
Construction Audit1. ROI 2. Savings 3. Lower risk
Contact Dale Helle at 314.983.1338, [email protected] orBill Willbrand, CPA at 636.754.0200, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
7/74
With the pressures in todays economy, construction and lease audits help reduce costs. Provideragreements are large and complex, yet these audits are of low risk. The expertise of our Risk Services
practice provides an added value service on construction and lease audits with an ROI up to 15%.
CONSTRUCTION AUDIT
Owners who make a significant investment in capital for design and construction are open to many risks.A planned, risk-based, targeted compliance program helps mitigate project risks and offer a number oftangible benefits throughout the programs duration. Such benefits include:
Improved financial controls and reporting
Increased awareness of vendors throughoversight
Cost recovery due to unallowable charges
Reduced project risks, open issues anddisputes
Improved communication and project deliveryprocess
Reduced capital costs
Improved contract language
Sound policies and procedures Focus on development and execution plan
LEASE AUDIT
When performing audits of common area maintenance charges (CAM), we focus on identifying andquantifying invoiced cost exceptions that will result in savings. Our audits are successful because we havethe experience of analyzing the language in agreements and amendments. This experience along with aconsistent ROI are another way we make A Measurable Difference.
Our extensive review of common area maintenance audits includes:
Determination of audit/dispute time of CAMcharges
Verification to source documents
Provisions of insurance coverage
Re-calculation of original vendor invoices Re-calculation of utility charges
Detailed itemization
Verification of allowed and disallowed charges
Cost Recovery ServicesConstruction and Lease Audits
Contact Ted Flom, CPA, CISA, CIA at 314.983.1294, [email protected] | Tony Munns, CISA, CIRM, CPIM at [email protected] | Chris Menz, CPA at 314.983.1227, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
8/74
Continuous ControlsMonitoring
Contact Janet Beckmann, CPA, at 314.983.1254, [email protected] orTed Flom CPA, CISA, CIA, at 314.983.1294, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
Continuous controls monitoring (CCM) has been on the radar for many companies for several years. Recently,
however, more organizations are pushing towards meeting this best practice. Why initiate a CCM system now?
Your organization may have experienced loss or fraud and want to make sure it never happens again. You may be
automating time-intensive processes to increase efficiency. Or, you may have a security concern in a certain area,
such as payroll or accounts payable.
CCM is a systemic way of verifying transactions and reducing operational, compliance and financial risks. A key
goal is to catch control failures quickly, before they cause too much damage. Brown Smith Wallace builds CCM
systems that combine process and technology to identify potential errors, fraud, inefficient operations and audit
targets.
VALUE-ADDED APPROACH
Our CCM systems are custom-developed based on your systems, controls and specific requirements. The cost is
dramatically less than off the shelf systems. and focuses on your core needs. Our systems are designed to monitor
and validate controls to reduce risk, maintain compliance, manage costs and minimize losses.
BROWN SMITH WALLACES DIFFERENTIATORS
Our CCM process and tool provide real differences to you, including:
Risk-based designs
Definable schedules
Customized thresholds
Simple and powerful reporting
Confident security
Accessible partnership
Our team will make A Measurable Difference with our holistic appraoch to continuous monitoring. Welook at your challenges strategically, operationally and financially to provide the best recommendationsin support of your goals. Our CCM ToolkitTMhelps you determine the risks your organization needs tomonitor, the best approach to accomplish your goals and a timeline for implementation. Contact Jan Beckmannto receive a complimentary CCM Toolkit for your organization.
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
9/74
For more information or to schedule your Cost Recovery Plus consultation, contactJan Beckmann at 314.983.1254, [email protected].
You may be giving money away without realizing it. Our Cost Recovery Plus program helps recover cashowed to you, retain the cash you have and restructure your processes and controls to prevent future problems.Our local data analysis experts hold CPA, CIA, CISA and ACL certifications and have years of experience,providing added value to our clients. This program is reasonably priced to help us partner with you to growyour business.
RECOVER: Well help recover funds youre owed by identifying potential items for you to investigate.
+Duplicate payments+Missed vendor discounts+Unused vendor credits+Invalid charges on construction projects+Duplicate employee reimbursements
+Inappropriate corporate credit card transactions+Invalid employee benefits+Customer short paid invoices+Duplicate freight charges+Revenue leakage
Plus:We can address organizational or industry specific concerns such as royalties or long-termcontracts.
Plus:Once transactions are identified, we can provide investigative assistance.
RETAIN: Well identify opportunities to help you save money in the future.
+Revising vendor and customer terms+Customer credit review+Changes in employee benefits and hours
+Staffing review to reduce overtime+Improved pricing through strategic sourcing+Purchase order review procurement cards
Plus:Our information security experts can perform system penetration and vulnerability tests to verify
your data is safe from attack.Plus:Our certified fraud examiners can perform specialized fraud risk assessments which highlight
specific areas of concern.
RESTRUCTURE: We will help you improve your processes and controls to prevent future problems.
+Partner with management to identifyrealistic changes
+Develop changes that are sustainable andbenefit the company for the long-term
+Provide a formal report of observations andrecommendations
Plus:We can develop customized continuous monitoring systems at your request.
Cost Recovery PlusRecover, Retain, Restructure
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
10/74
Unfortunately organizations give away money as a part of their contracted obligations without realizing it.Brown Smith Wallaces Best Practice Cost Recovery Plus program helps organizations recover cash owed toyou, retain the cash you have and restructure your contract processes and controls to prevent future problems.Our local data analysis experts hold CPA, CIA, CISA and ACL certifications and have years of experience,providing added value to our clients. Our contract compliance auditing experts oversee contract auditing forsome the largest organizations in the world such as Wal-Mart Stores, Inc. and Siemens.
RECOVER: Well help recover funds youre owed by identifying potential items for you to investigate.
+Duplicate payments+Missed vendor discounts+Unused vendor credits+Invalid charges on construction projects
+Duplicate employee reimbursements
+Inappropriate corporate credit card transactions+Invalid employee benefits+Customer short paid invoices+Duplicate freight charges
+Revenue leakagePlus:We can address organizational or industry specific concerns such as royalties or long-term
contracts.
Plus:Once transactions are identified, we can provide investigative assistance.
RETAIN: Well identify opportunities to help you save money in the future.
+Revising vendor and customer terms+Customer credit review+Changes in employee benefits and hours
+Staffing review to reduce overtime+Improved pricing through strategic sourcing+Purchase order review procurement cards
Plus:Our information security experts can perform system penetration and vulnerability tests to verifyyour data is safe from attack.
Plus:Our certified fraud examiners can perform specialized fraud risk assessments which highlightspecific areas of concern.
RESTRUCTURE: We will help you improve your processes and controls to prevent future problems.
+Partner with management to identifyrealistic changes
+Develop changes that are sustainable andbenefit the company for the long-term
+Provide a formal report of observations andrecommendations
Plus:We can develop customized continuous monitoring systems at your request.
Cost Recovery PlusRecover, Retain, Restructure
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
11/74
Our cost segregation studies identify assets buried in building costs and assign theshortest possible depreciation life to them, resulting in maximum tax deferrals on thefacility. For instance, if you are constructing a new building or undergoing major remodeling, we
allocate short life property to the correct life depreciation class. If we didnt, these assets wouldcome under the longer 39-year depreciation schedule that encompasses the building.
COST SEGREGATION STUDY
A thorough investigation is necessary to assign proper asset life classifications, which ultimatelysaves you tax dollars. We follow a step-by-step IRS approved process that allows us to efficientlydetermine short life property. While each project is different, our cost segregation studiestypically involve:
Reviewing architectural drawings
Conducting on-site facility inspections
Isolating shorter class life depreciation
Preparing detailed asset descriptions
Documenting assets qualifying for 3, 5, 7, 10, 15, 20 or 27.5 year life depreciation
Reviewing findings with management and preparing final reports
Careful segregation of personal and real property costs results in substantial tax savings. Better yet,these tax savings come when you need them most -- the first few years after occupying a new or
remodeled facility.
By following a proven process, and applying our years of tax and cost segregation experience,
you will receive value and savings well in excess of our fees. Having worked with a wide varietyof clients including hospitals, universities, utilities, retailers, manufacturers, distributors, restaurantsand automobile dealerships, we will work hand-in-hand with you to achieve your goalseffectively and efficiently. Contact us to schedule an opportunity assessment.
CONSTRUCTION AUDIT
Our typical ROI on a construction audit is 1-2% of the projects cost. We can integrate a costsegregation review with the audit, which typically increases the overall ROI we can provide on aproject to 3% or more. (Please see description of our construction audit services on the other side.)
www.bswllc.com888.279.2792
1050 N. Lindbergh Blvd. | St. Louis, MO 63132PH 314.983.1200 | FX 314.983.1300
1551 Wall St., Ste. 280 | St. Charles, MO 63303PH 636.255.3000 | FX 636.947.6128
Cost Segregation
Contact Robin Bell, CPA at 314.983.1217, [email protected] orCathy Goldsticker, CPA at 314.983.1274, [email protected].
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
12/74
These are the 3 tangible benefits our construction audit experts can bring to project
owners. We can help you achieve them by making sure you properly assess change orders andother issues generated by the contractors specialists who are dedicated to maximizing the contract.
CONSTRUCTION AUDIT
Our typical/average ROI on a construction audit is 1-2% of the projects costs. We can provide a numberof tangible benefits, including:
Cost recovery of overcharges
Lower capital costs
Reduced project risks Fewer open issues and disputes
Stronger financial controls and reporting
Enhanced communication and project delivery
Tighter policies and procedures
Improved contract language Better regulatory compliance
COST SEGREGATION STUDY
As part of our construction audit, we can also provide a cost segregation study that will identify taxsavings you can recover on your construction project. This integrated approach typically increases theoverall ROI we can provide on a project to 3% or more. (Please see the description of our cost segregationservices on the other side.)
OPPORTUNITY ASSESSMENT
If you are interested in saving from 1-3% or more on your construction project, please contact us toschedule an Opportunity Assessment. With less than 30 minutes of your time, we can estimate theROI we can provide.
Construction Audit1. ROI 2. Savings 3. Lower risk
www.bswllc.com
888.279.2792
1050 N. Lindbergh Blvd. | St. Louis, MO 63132
PH 314.983.1200 | FX 314.983.1300
Contact Dale Helle at 314.983.1338, [email protected] orBill Willbrand, CPA at 636.754.0200, [email protected].
1551 Wall St., Ste. 280 | St. Charles, MO 63303
PH 636.255.3000 | FX 636.947.6128
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
13/74
Our cost segregation studies identify assets buried in building costs and assign theshortest possible depreciation life to them, resulting in maximum tax deferrals on thefacility. For instance, if you are constructing a new building or undergoing major remodeling, we
allocate short life property to the correct life depreciation class. If we didnt, these assets would
come under the longer 39-year depreciation schedule that encompasses the building.
COST SEGREGATION STUDY
A thorough investigation is necessary to assign proper asset life classifications, which ultimatelysaves you tax dollars. We follow a step-by-step IRS approved process that allows us to efficientlydetermine short life property. While each project is different, our cost segregation studiestypically involve:
Reviewing architectural drawings
Conducting on-site facility inspections
Isolating shorter class life depreciation
Preparing detailed asset descriptions
Documenting assets qualifying for 3, 5, 7, 10, 15, 20 or 27.5 year life depreciation
Reviewing findings with management and preparing final reports
Careful segregation of personal and real property costs results in substantial tax savings. Better yet,these tax savings come when you need them most -- the first few years after occupying a new or
remodeled facility.
By following a proven process, and applying our years of tax and cost segregation experience,you will receive value and savings well in excess of our fees. Having worked with a wide varietyof clients including hospitals, universities, utilities, retailers, manufacturers, distributors, restaurantsand automobile dealerships, we will work hand-in-hand with you to achieve your goalseffectively and efficiently. Contact us to schedule an opportunity assessment.
CONSTRUCTION AUDIT
Our typical ROI on a construction audit is 1-2% of the projects cost. We can integrate a costsegregation review with the audit, which typically increases the overall ROI we can provide on aproject to 3% or more. (Please see description of our construction audit services on the other side.)
Cost Segregation
Contact Robin Bell, CPA at 314.983.1217, [email protected] orCathy Goldsticker, CPA at 314.983.1274, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | HIGHLAND, IL314.983.1200 | 636.255.3000 | 888.279.2792
[email protected] | WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
14/74
Our cost segregation studies identify assets buried in building costs and assign theshortest possible depreciation life to them, resulting in maximum tax deferrals on thefacility. For instance, if you are constructing a new building or undergoing major remodeling, we
allocate short life property to the correct life depreciation class. If we didnt, these assets wouldcome under the longer 39-year depreciation schedule that encompasses the building.
COST SEGREGATION STUDY
A thorough investigation is necessary to assign proper asset life classifications, which ultimatelysaves you tax dollars. We follow a step-by-step IRS approved process that allows us to efficientlydetermine short life property. While each project is different, our cost segregation studiestypically involve:
Reviewing architectural drawings
Conducting on-site facility inspections
Isolating shorter class life depreciation
Preparing detailed asset descriptions
Documenting assets qualifying for 3, 5, 7, 10, 15, 20 or 27.5 year life depreciation
Reviewing findings with management and preparing final reports
Careful segregation of personal and real property costs results in substantial tax savings. Better yet,these tax savings come when you need them most -- the first few years after occupying a new or
remodeled facility.
By following a proven process, and applying our years of tax and cost segregation experience,
you will receive value and savings well in excess of our fees. Having worked with a wide varietyof clients including hospitals, universities, utilities, retailers, manufacturers, distributors, restaurantsand automobile dealerships, we will work hand-in-hand with you to achieve your goalseffectively and efficiently. Contact us to schedule an opportunity assessment.
CONSTRUCTION AUDIT
Our typical ROI on a construction audit is 1-2% of the projects cost. We can integrate a costsegregation review with the audit, which typically increases the overall ROI we can provide on aproject to 3% or more. (Please see description of our construction audit services on the other side.)
Cost Segregation
Contact Robin Bell, CPA at 314.983.1217, [email protected] ,Cathy Goldsticker, CPA at 314.983.1274, [email protected]
Rob Haggerty, CPA at 314.983.1311, [email protected]
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
15/74
Contact Jan Beckmann, CPA, at 314.983.1254, [email protected] Ted Flom, CPA, CIA, CISA at 314.983.1294, [email protected].
Data is everywhere. More and more of it is constantly captured in systems where controls are implementedto ensure its accurate. But, what do you do with all of that data? Are you getting the information you need tomake the decisions?
OUR TOOLS
Our data analysis experts use ACL software to pull the information you need out of your data. ACL softwarehas some great benefits.
No limit to the amount of data that can be analyzed
Flexibility allows access to any type of data from mainframes to pdf
Fast results
Strong continuous monitoring capabilities
We also optical character recognition (OCR) software, SQL, MS Access and MS Excel when the situationcalls for it. Our secure FTP site allows us to transfer data without concern to security or file size.
OUR MISSION
Help you answer the questions you cant answer otherwise using your data.
We are experienced in searching for trends and understanding what data is telling you about operations,controls and financial results. For instance, medical claim data can identify physicians with unusually frequentbillings to identify potentially fraudulent billings. We could use that same data to compare to an eligibilitydatabase to verify that all claims are for eligible participants. The list of possible analyses is endless and shouldbe specific to your areas of highest risk and concern.
OUR TEAM
Our team is led by Jan Beckmann, CPA, ACL Certified Trainer. She combines her audit, accounting, andconsulting background with years of data analysis experience to help determine where and how data analysiscan be most beneficial. Keeping our mission in mind allows Jan and her team to slice and dice the data andidentify trends that tell the story.
Data Analysis Services
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
16/74
Contact Jan Beckmann, CPA, at 314.983.1254, [email protected] Ted Flom, CPA, CIA, CISA at 314.983.1294, [email protected].
Just imagine...The system conversion on which youve worked so diligently bombs on the go-live. Bad data isbrought over to the new system. Some data never shows up at all. Testing both the data that will populate thenew system and the mapping of the data to the new system can prevent this nightmare.
Data analysis software (e.g., ACL) enables us to test 100% of your data, regardless of the size of the file, sowe can provide you with a heat map that profiles and prioritizes all specific data and mapping issues.
CONVERSION TESTING
We only need three files for us to test the conversion efficiently (1) a dump of the data from the oldsystem, (2) the map to the new system, and (3) a dump of the resulting data after the test conversion in the
new system. Just 1, 2, 3 and we can quickly verify whether the conversion is working effectively.DATA CLEANSING
Of course, a new system wont make bad data good. Well test the data to verify your new system is populatedwith good data. Following are a sampling of the tests we can perform based on payroll data.
Corruption corrupt packets of data
Invalid data technically invalid dates and numbers
Missing data blanks in key fields such as social security number, name, and address
Duplicates the same employee with two employee numbers
Incorrect calculations verify the gross to net pay calculation
Illogical relationships data in two fields that doesnt make sense together such as birth date afterhire date
Outside bounds anything outside specified boundaries, e.g.,:
Employees younger than 16 or older than 70
Invalid codes in the employee status
Locations that dont exist
Payment to terminated employees
Employees with no tax withholdings or deductions
System ConversionTesting & Data Cleansing
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
17/74
Contact Jan Beckmann, CPA, at 314.983.1254, [email protected] Larry Pevnick, CPA, at 314.983.1247, [email protected].
Effective communication with employees is essential for a dependent eligibility verification audit. Since theemployee population varies at each company, our approach varies depending on what works best for eachorganization. Engagements begin with a kick off meeting with management to discuss the scope, objectivesand approach. At this meeting, we discuss the various options available for conducting the dependenteligibility verification audit and will agree upon the approach that makes sense for your organization.
Customized QuestionnairesWe use technology as much as possible to customize the questionnaire and limit the amount of timerequired by the employee to complete the process. Rather than sending out a lengthy questionnaire, we cancustomize the request to the employee. For instance, if an employee is shown in the system to have a spouse
and no other dependents, there is no need for them to read through the information required for otherdependents. In these instances, we would only request a marriage certificate, prior years tax return showingtheir status as married, and their acceptance of that statement that they are currently married to the personshown as their spouse.
Web-Based CapabilitiesFor some companies, a web interface is the easiest and least expensive way for employees to complete theirrequirements. Employers sometimes make a computer and scanner available at work for employee use if theyare concerned that these tools may not be available at home.
Email and Postal ServiceIf a web interface does not make sense for your company, requests for verification and documentation can besent to employees via company email or through the US Postal Service. The US Postal Service is more costlythan the other methods, but for certain employee populations, it may be the best method for completing theaudit.
Follow UpWe often employ multiple communication methods when follow up is required. For instance, if there was nota good response rate through the web interface, we may follow up through email or the USPS.
Employee CommunicationA BSW team member is always available during business hours to answer questions via phone. We makesure that we treat employee questions with respect and assure them that their personal information is beinghandled securely.
Dependent EligibilityVerification Audits
The Brown Smith Wallace Process
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
18/74
Dependent EligibilityVerification
Contact Janet Beckmann, CPA, at 314.983.1254, [email protected] orLarry Pevnick, CPA, at 314.983.1247, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
The rising cost of health care and health care reform is making news on a daily basis. You can share costs with
employees by increasing co-payments and premiums, you can help defray future costs by implementing a wellness
program, but how can you decrease your overall insurance costs now? You can realize a substantial savings when
you remove ineligible dependents from your insurance plan.
A dependent eligibility verification audit reduces insurance costs immediately by removing dependents ineligible
for insurance benefits and eliminating their future claims. On average, companies find 3% to 8% of their plans
dependents are not eligible, which can add up to substantial savings. Frequently, relatives such as ex-spouses,
grandchildren, nieces, or nephews are included as dependents, but are not eligible based upon the plan design.
Thorough and Value-Added ApproachOur document-based audit approach requires verification of 100% of the individuals named as dependents. A birth
certificate, marriage license, and/or tax form is acceptable documentation. Any additional information you would
like to gather may be included at that time (e.g. dependent social security numbers). The audit is completed by
using your email system and/or postal service, whichever you prefer. We clearly state that this audit includes 100%
of all dependents and is completed by an independent party to provide a sense of fairness to employees.
In addition to the dependents, we can also verify that employees meet the required criteria for participation in your
insurance plan based on data in the employee master file. Specific tests can be performed for verifying the
employees have met the employment status and work hour requirements.
From planning your audit to the final report, we search for methods to improve your processes. Our team is
comprised of experts in insurance, process improvement and internal controls, which means we continuously look
for value-added solutions. Our focus is not just on finding the problems, but also in helping you understand and
address the root cause. We provide recommendations for related items we identify and processes can be
implemented to maintain your results post-completion.
Essential Communication
Communication is essential for the success of any project. You will find an engagement team member available by
phone for any questions plan participants may have throughout the audit. Calls are logged and made available to you.
We will also provide weekly status updates to you on the audits progress and results. To help you determine the suc-
cess of the audit, we can identify and quantify claims paid for ineligible dependents. This is just one more
way Brown Smith Wallace makes A Measurable Difference.
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
19/74
6. Do you have a documented communication policy that defines who has the authority tocommunicate to external parties (e.g. the press)?
7. Does your plan identify the communication tools that will be used for internal collaboration?
8. Does your plan identify the communication tools that will be used to notify your customers orclients?
9. Does your plan identify how coordination and communications will be controlled as recoveryefforts take place?
10. Has your plan undergone a test within the last 12 months?
DISASTER RECOVERY - IT CENTRIC
1. Has the backup frequency been approved by the business data owners?
2. Has a system or data recovery time objective (this is the time to restore or recover data tooperational capacity prior to the disruption) been defined?
3. Have the backups been tested to validate that data is readable and recoverable?
4. Does the recovery method meet the recovery time objective requirements set by the business?
5. Has the plan been tested to ensure necessary resources and actions work in concert with oneanother to meet the Recovery Time Objective established by the business?
6. Does the plan identify critical applications or systems that are necessary to keep the businessoperational)?
7. Is it possible to continue delivering essential services during a disruption of IT Services?
8. Do you have an inventory listing of your IT infrastructure assets so that in the event systems aredestroyed they can be recreated at an alternate site?
9. Does your existing infrastructure design (e.g. power network, systems, etc.) address resiliency bymitigating single points of failure?
10. Has your plan undergone a test within the last 12 months?
Disaster PreparednessBusiness Continuity Planning
Checklist and Scorecard (continued)
Contact Tony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297, [email protected] orLarry Newell, CISA, CBRM, at 314.983.1218, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
CRISIS MANAGEMENT AND COMMUNICATION PLAN (continued)
Brown Smith Wallaces risk management team can assess your current processes and develop a plan to sustain
mission-critical operation in case disaster strikes. To arrange for a high-level plan review and receive the resultsof the checklist, please contact Larry Newell. (See below).
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
20/74
Disasters affecting business operations, such as tornadoes, earthquakes, floods, fires or malicious acts, areunpredictable and can be devastating. They happen at any time with varying degrees of magnitude.
A disaster recovery plan documents procedures necessary to restore business resources prior to the disaster.It provides you the opportunity to take positive action before the disaster occurs.
Companies of all sizes who need complete assurance they are sufficiently prepared to fully restore essentialIT infrastructures critical to supporting their business processes.
SCOPE OF SERVICES
The Disaster Recovery Team at Brown Smith Wallace meets with your appropriate business unitleaders to review, evaluate and assist them in developing, constructing and testing a customized InformationTechnology (IT) Disaster Recovery Plan. Whether reviewing an existing plan or establishing a new one, a
grass-root logical approach is applied. The recovery plan takes a holistic approach to business operationswhile identifying the restoration objectives.
We identify critical business systems and applications, then develop and document associated recoveryprocedures. Resources and action plans reside in a documented procedure with critical timelines established.The areas we asses include, but are not limited to, human resources, facilities management, communicationsystems, information technology, infrastructure resources and media relations.
Brown Smith Wallace has developed and performed hundreds of disaster recovery plans and reviews ofservice organizations. We serve clients in a variety of industries, some of which include insurance,manufacturing and marketing. Our service professionals restore confidence by assuring an effective disasterrecovery plan is in effect and disaster preparation is under control.
Disaster Recovery
Contact Tony Munns, CISA, FBCS, CITP, at 314.983.1297, [email protected] orLarry Newell, CISA, CBRM, at 314.983.1218, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
21/74
1. Do you have a documented Disaster Recovery Plan?
2. If a disaster should occur, do you know what the financial losses to your business wouldbe for a day, month, quarter or year? What about operational losses including: image orreputation, stakeholder confidence, regulatory or legal issues, loss of competitive edge?
3. When was the last time your plan has undergone a current state of assessment? Does theplan account for hardware, software and vendor changes, including contracts with
external service organizations?
4. Does you plan identify the critical IT applications that are necessary for your businesssurvival?
5. Has the plan been tested to ensure necessary resources and actions work in concert withone another to meet the Recovery Time Objective established by the business?
6. Are your data backups tested for readability to ensure data can be recovered?
7. Do you have a documented business continuity plan that identifies and addressesalternate work locations, processes and resources that could be used to minimize thepossibility of interruption to business operations when unexpected disruptive events occur?
8. Are there crisis management policies or procedures that address what constitutes a disasterthat would invoke a business continuity plan?
9. Does your crisis management plan address the four Cs? Control Communication Collaboration Coordination
10. Does your existing infrastructure design address resiliency by mitigating single points offailure?
Disaster RecoveryBusiness Continuity Planning
Top 10 Checklist
Contact Larry Newell, CISA, CBRM, at 314.983.1218 or [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
Question Rating
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
22/74
Contact Nick Lombardi, PE, MBA, at 314.983.1323, [email protected].
Organizations of all sizes are challenged with balancing energy costs with productivity, budget limitationsand their strategies for environmental stewardship. Brown Smith Wallace provides energy assessment servicesto help organizations save money, make smart energy choices and go green.
Energy Incentives
Your organization could benefit from many of the state, federal and utility incentives that are available.Our energy services team can determine if your organization qualifies, and can help you develop theappropriate incentive application documents.
Our licensed professional engineers (PE) can certify the detailed building inspections and energystudies needed to qualify for federal tax deductions for energy efficiency improvements.
Energy Usage AnalysisOur energy experts can analyze your costs, usage patterns, waste, etc., to determine what cost savings youmay be missing.
Utility bill analysis Review historical utility bills to determine if costs, usage levels or usage patternsindicate equipment problems, operational problems or unfavorable rate selections.
Building energy assessments Our experts can identify sources of energy waste and recommendcorrective actions by performing certified building inspections. These inspections can focus on yourspecific needs ranging from a simple lighting survey to a detailed engineering system analysis.
Cost Comparisons
Provider selection Customers with retail electric or gas competition (e.g., Illinois commercial andindustrial facilities) have a choice of utility providers. Our energy experts can review competitive fee
structures and evaluate them based on your organizations usage patterns to determine which providercan deliver the most economical services.
Project justification Our experts can provide an independent cost/benefit analysis of vendoroffers for the installation or retrofit of lighting, HVAC, windows or insulation. We can also providethe documentation that supports your decisions.
Project analysis We provide detailed economic analyses of renewable energy and co-generationprojects to determine cost feasibility. We also identify all monetary incentives.
Our measurable difference is our energy industry expertise. Our team has over 25 years experienceperforming energy project development, feasibility studies, cost estimating, project justification, projectauditing, project performance tracking and reporting. We unveil the carbon intensity of your operations andidentify opportunities to reduce your carbon footprint. For additional information, contact our energy
services leader, Nick Lombardi (see below).
Energy AssessmentServices
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
23/74
Phase 1: Planning and OrganizationEstablish the ERM program and project struc
Phase II: Risk AssessmentIdentify and develop risk mitigation strategie
Phase III: Risk Mitigation
Identify and develop risk mitigation strategie
Phase IV: Monitoring
Develop strategies and tools to continuouslymonitor risks
Phase V: Knowledge Transfer
Institutionalize the process into the organizat
The Methodology of ERM
To learn how our risk advisory services can make A Measurable Differencefor your organization,please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1238 or [email protected].
mprehensive Accounting & Tax Consulting | Audit & Risk Management Services | Management Consulting | Financial Advisory S
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | [email protected] | 1.888.279.2792 | WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
24/74
Enterprise risk management is a continuouprocess that identifies, analyzes, mitigatesand monitors potential events that createuncertainty in the achievement of a
companys objectives.
The Brown Smith Wallace ERMLadder identifies the components of an ERstrategy based on the establishment of anERM structure that is aligned with corporgovernance.
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 1.888.279.2792 | WWW.BSWLLC.COM
The ERM Process
To learn how our risk advisory services can make A Measurable Differencefor your organization,please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1238 or [email protected].
mprehensive Accounting & Tax Consulting | Audit & Risk Management Services | Management Consulting | Financial Advisory S
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
25/74
Phase 1: Planning and OrganizationEstablish the ERM program and project stru
Phase II: Risk AssesmentIdentify and develop risk mitigation strategi
Phase III: Risk Mitigation
Identify and develop risk mitigation strategi
Phase IV: Monitoring
Develop strategies and tools for the continumonitoring of risks
Phase V: Knowledge Transfer
Institutionalize the process into the organiza
The Methodology of ERM
To learn how our risk advisory services can make A Measurable Difference for yoru organization,please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1328 or [email protected]
mprehensive Accounting & Tax Consulting | Audit & Risk Management Services | Management Consulting | Financial Advisory S
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | [email protected] | 1.888.279.2792 | WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
26/74
Enterprise risk management is a continuoprocess that identifies, analyzes, mitigateand monitors potential events that createuncertainty in the achievement of a
companys objectives.
The Brown Smith Wallace ERMLadder identifies the componets of an ERstrategy based on the establishment of anERM structuve that is aligned with corpogovernance.
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 1.888.279.2792 | WWW.BSWLLC.COM
The ERM Process
To learn how our risk advisory services can make A Measurable Difference for yoru organization,please contact Ron Steinkamp, CPA, CIA, CFE at 314.983.1328 or [email protected]
omprehensive Accounting & Tax Consulting | Audit & Risk Management Services | Management Consulting | Financial Advisory
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
27/74
The Federal Financial Institutions Examination Council (FFIEC) requires that financial institutions conductan independent review of their inforation technology systems each year. This review was designed to safe-
guard financial institutions customers and is enforced by regulators through the safety and soundness por-tion of their annual examinations. Brown Smith Wallace information technology systems review ensuresthat your information technology system meets the regulatory requirements before the examiner walksthrough the door. Using the FFIECs handbook and maximizing our professionals own experience with theFederal Reserve, we take a comprehensive look at your key technology systems:
Audit
Management assessment
Develop and acquisition
Support and delivery
PC Security
Networking
LAN/WAN operations
E-banking
ATMs and wire transfer options
Ongoing consultation is provided to your staff in these ares throughout the engagement, culminating in afinal discussion with management. A comprehensive report is sent to the institutions board of directors oraudit committee following the engagement.
Meet the requirements of the regulators before they arrive
Cost-effective assurance on controls and security
Detailed report allows you to fully understand all areas reviewed
Mirros the review done by the regulators
Offers experienced consultants familiar with the guidelines
Provides a full, detailed report to management
Uses an efficient, planned approach
Financial InstitutionsIT Systems Review
Contact Tony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, [email protected],Ted Flom, CPA, CISA, CIA at 314.983.1294, [email protected] or Jay Andersonat 314.983.1385, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
28/74
1. Do you have a documented Disaster Preparedness Plan that includes Business Continuity Planning?
2. Has a business impact analysis been performed or documented identifying the financial impact thatwould result if a business function was not operational for a day, a week or a month? What aboutoperational losses including: image or reputation, stakeholder confidence, regulatory or legal issues,loss of competitive edge?
3. Does your plan identify critical business functions or processes that need to be protected orrecovered timely and are necessary to sustain business operations?
4. Are the business function or process flows documented so that they may be recreated including anyspecialized materials (e.g. printed forms, etc.)?
5. Does your plan take into consideration work force (human resource) disruptions (e.g. pandemic)?
6. Do you have a documented evacuation plan in place for all your facilities?
7. Does you plan take into consideration work place disruptions due to natural disruptions(e.g. tornado or earthquake) or incidents such as fire or utility outages?
8. Does the plan include services provided to the business by external service organizations?
9. Can critical business functions or processes be performed manually?
10. Has your plan undergone a test within the last 12 months?
CRISIS MANAGEMENT AND COMMUNICATION PLAN
1. Do you have a documented plan that defines who has decision making authority when a significantbusiness disruption occurs?
2. Is there a succession plan in place to transfer decision making power if an appointed team member isunavailable due to unforseen circumstances?
3. Does the plan address performing an assessment?
4. Does the plan contain graduated guidelines to determine the extent of the business disruption whenperforming the assessment and when to invoke business continuity or disaster recovery plans?
5. Does the plan address the type of media (e.g. call tree, e-mail, automated system) that will be usedto communicate with your employees?
Disaster PreparednessBusiness Continuity Planning
Checklist and Scorecard
Contact Tony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297, [email protected] orLarry Newell, CISA, CBRM, at 314.983.1218, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
Question Scoring -Y
BUSINESS CONTINUITY PLANNING
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
29/74
6. Do you have a documented communication policy that defines who has the authority tocommunicate to external parties (e.g. the press)?
7. Does your plan identify the communication tools that will be used for internal collaboration?
8. Does your plan identify the communication tools that will be used to notify your customers orclients?
9. Does your plan identify how coordination and communications will be controlled as recoveryefforts take place?
10. Has your plan undergone a test within the last 12 months?
DISASTER RECOVERY - IT CENTRIC
1. Has the backup frequency been approved by the business data owners?
2. Has a system or data recovery time objective (this is the time to restore or recover data tooperational capacity prior to the disruption) been defined?
3. Have the backups been tested to validate that data is readable and recoverable?
4. Does the recovery method meet the recovery time objective requirements set by the business?
5. Has the plan been tested to ensure necessary resources and actions work in concert with oneanother to meet the Recovery Time Objective established by the business?
6. Does the plan identify critical applications or systems that are necessary to keep the businessoperational)?
7. Is it possible to continue delivering essential services during a disruption of IT Services?
8. Do you have an inventory listing of your IT infrastructure assets so that in the event systems aredestroyed they can be recreated at an alternate site?
9. Does your existing infrastructure design (e.g. power network, systems, etc.) address resiliency bymitigating single points of failure?
10. Has your plan undergone a test within the last 12 months?
Disaster PreparednessBusiness Continuity Planning
Checklist and Scorecard (continued)
Contact Tony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297, [email protected] orLarry Newell, CISA, CBRM, at 314.983.1218, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
CRISIS MANAGEMENT AND COMMUNICATION PLAN (continued)
Brown Smith Wallaces risk management team can assess your current processes and develop a plan to sustain
mission-critical operation in case disaster strikes. To arrange for a high-level plan review and receive the resultsof the checklist, please contact Larry Newell. (See below).
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
30/74
1. Do you have a documented Disaster Recovery Plan?
2. If a disaster should occur, do you know what the financial losses to your business wouldbe for a day, month, quarter or year? What about operational losses including: image orreputation, stakeholder confidence, regulatory or legal issues, loss of competitive edge?
3. When was the last time your plan has undergone a current state of assessment? Does the
plan account for hardware, software and vendor changes, including contracts withexternal service organizations?
4. Does you plan identify the critical IT applications that are necessary for your businesssurvival?
5. Has the plan been tested to ensure necessary resources and actions work in concert withone another to meet the Recovery Time Objective established by the business?
6. Are your data backups tested for readability to ensure data can be recovered?
7. Do you have a documented business continuity plan that identifies and addressesalternate work locations, processes and resources that could be used to minimize the
possibility of interruption to business operations when unexpected disruptive events occur?
8. Are there crisis management policies or procedures that address what constitutes a disasterthat would invoke a business continuity plan?
9. Does your crisis management plan address the four Cs? Control Communication Collaboration Coordination
10. Does your existing infrastructure design address resiliency by mitigating single points of
failure?
Disaster RecoveryBusiness Continuity Planning
Top 10 Checklist
Contact Larry Newell, CISA, CBRM, at 314.983.1218 or [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | WWW.BSWLLC.COM
Question Rating
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
31/74
GARYWHITE, THEGROVESRon Present was an asset to our management team. He conducted strategic planning sessions with theteam and helped craft our strategy regarding our services including hospice and therapy. He also workedwith us to create a new brand for the delivery of our therapy services throughout our campus and thecommunity. He truly understands the senior housing and post acute market and knows how to craftrelevant and practical solutions.
MARYRIGGS, BJC HEALTHCARE
I worked with Brown Smith Wallace on several internal audit projects. I found them to be veryknowledgeable of health care operations and understood how the work they completed was integrated into
and enhanced our internal controls. One internal audit area of great help was the analysis and developmentof controls related to data access and its meaningful use implications.
TARIQMALAK, CENTREPOINTEHOSPITAL
The team at Brown Smith Wallace truly understands customer service and the ever changing health carelandscape. Their knowledge, expertise and advice have proven a key ingredient in the successful provisionof services for the hospital. I highly recommend them.
JIMCALI, BI-STATEDEVELOPMENTAGENCY
Brown Smith Wallace understands what it means to work with their clients to achieve their goals. They
understand risk management and have the experience to see the big picture without losing sight of thedetails. I found the professionals at Brown Smith Wallace to be very knowledgeable and very easy to workwith. They took the time to truly understand our organizational framework and corporate goals. Theycompleted the engagement on time and within the budget. Working with Brown Smith Wallace was apleasure.
JAYKIRSCHBAUM, WILLISGROUP
Brown Smith Wallace has provided a complete suite of HIPAA security and privacy services to many ofour clients on a national basis. Over the years we have developed a relationship with Brown Smith Wallaceas a trusted HIPAA resource service provider and expert. If our clients request or require HIPAA support,we refer them to Brown Smith Wallace as an option for service. We have always had positive feedback
from those referrals and look forward to having Brown Smith Wallace continue to be our HIPAA resourcepartner.
Health Care Services
Testimonials
Contact Ron Present, CALA, CNHA at 314.983.1358, [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
32/74
Recent additions to HIPAA regulations as a result of the HITECH legislation passed this year require thatBusiness Associates be compliant with the rules previously reserved for covered entities. The questionsbelow will help you determine if your company is a covered entity or business associate and thereforeneeds to be HIPAA compliant.
DOINEEDTOBEHIPAA HITECH COMPLIANT?
DOINEEDTOBEHIPAA-HITECH COMPLIANT?
Are you a health care provider? This includes:
o Doctors
o Dentists
o Pharmacies
o Durable medical equipment suppliers
o Opticians
Are you a clearinghouse?
o Defined as an entity that processes health information received from another entity innon-standard format into standard EDI X12 format, or vice versa.
Does your company have self-insured health benefit plans that have 50 participants or more, ormore than $5 million in annual premiums?
Are you a Business Associate?
o Has one of my customers sent me a Business Associate Agreement?
o In the course of providing service to your clients or customers, do you come intocontact with Protected Health Information (PHI), that is: individually identifiablehealth information that is maintained or transmitted in any form or medium?
If you answered yes to any of the above questions, you most likely fall under HIPAA guidelines as acovered entity or business associate.
HIPAA - HITECHQuestionnaire
Key Questions to Determine if You are a Business Associate orCovered Entity as Defined by HIPAA - HITECH Legislation
Contact Anthony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297 or [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | HIGHLAND, IL314.983.1200 | 636.255.3000 | [email protected] | WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
33/74
There are many good reasons for a service organization to have a SAS 70 audit or review conducted.Compliance, of course, is a major driver, but organizations that undertake a quality SAS 70 process canuse the report as a selling point to potential customers that they can trust your organization with theirinformation. You can also obtain valuable information that will enable you to improve your processes.
Before starting, however, it will make the process much more efficient and effective if you can answer thesekey questions:
WHATTYPEOFAUDITDOYOUWANT?
Does the engagement need to be a SAS 70?
Have you considered other types of audits and opinions that can be issued to satisfy the needs of
the user organizations, e.g., an Agreed Upon Procedures Audit? Is there anything you could issue consistent with your auditing standards? E.g., Sarbanes-Oxley
allows for other types of reports similar to a SAS 70 report if they meet certain requirements.
Has any testing been performed of controls today or in the past? If so, what have the results been?Are there any significant internal control issues?
Have you considered a pre-assessment to determine how ready you are for the actual SAS 70?
HAVEYOUCONSIDEREDTHEIMPACTOFTHENEWSSAE 16 ONTHEENGAGEMENT?
SSAE 16 replaces the SAS 70 standards for reports issued after June 30, 2011.
Which category of audit will you need: SOC 1, SOC 2 or SOC 3?
Will this be a Type 1 or Type 2 audit?
Would you like to add other relevant compliance areas, such as Disaster Recovery, HIPAA,GLBA, or PCI compliance, etc., to the scope of the SSAE16 engagement? There may beadvantages.
Pre-SAS 70 QuestionnaireKey Questions to Answer Before Undergoing a SAS 70
Contact Anthony Munns, FBCS, CITP, CIRM, CISA, at 314.983.1297 or [email protected].
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
34/74
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
Industries Served
At Brown Smith Wallace, we provide fraud and forensic services for a variety of industries. For example,
our team has significant experience working in organizations of all sizes ($10 million annual revenue tomulti-billion dollar Fortune 500) within industries such as, but not limited to, the following:
Certifications
Our team of experienced professionals has a diverse range of experience backed by some of the most well-known credentials in the fraud and forensic, accounting, and consulting industries:
Fraud & Forensics
Contact Ted Flom CPA, CISA, CIA, at 314.983.1294, [email protected] orTony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, [email protected].
AerospaceAgricultureAutomotiveBankingBeveragesBusiness ServicesCharitable OrganizationsChemicalsComputer HardwareConstructionConsumer Products
Cultural InstitutionsDefenseEducationElectronicsEnergy & UtilitiesEnvironmental ServicesFinancial ServicesFoodFoundationsGovernmentHealth Care
Industrial ManufacturingInsurance LeisureMediaMembership OrganizationsMetals & MiningPharmaceuticalsReal EstateRetailSecurity Products & ServicesTelecommunicationsTransportation
Certified Public Accountant (CPA)Certified Fraud Examiner (CFE)Certified in Financial Forensics (CFF)Certified Forensic Accountant, Diplomate Status(DABFA)Certified Ethical Hacker (CEH)ACL Certified Data Analyst (ACDA)Certification in Risk Management Assurance(CRMA)
Certified Assisted Living Administrator (CALA)Certified Construction Auditor (CCA)Certified Information Systems Auditor (CISA)Certified Internal Auditor (CIA)Certified Nursing Home Administrator (CNHA)Chartered Global Management Acountant (CGMA)GIAC Certified Penetration Tester (GPEN)Qualified Security Assessor (QSA)
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
35/74
ST. LOUIS, MO | ST. CHARLES, MO | HIGHLAND, IL314.983.1200 | 636.255.3000 | [email protected] | WWW.BSWLLC.COM
Contact Don Mitchell, CPA, CFE at 314.983.1248, [email protected] | Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Crat 314.983.1259, [email protected] | Ron Schmittling, CPA, CITP, CISA, CIA at 314.983.1398, [email protected]
The pervasiveness and cost of corporate fraud, employee misappropriation of assets and financial statementabuse is a huge problem in American business today. Because of the nature of corporate fraud, companiesneed an expert specifically trained with experience in investigation, detection, quantification andprevention techniques to thwart fraud.
Our team of experienced and credentialed forensic accountants have a proven track record and can helpyou prevent and investigate fraudulent activity.
DETECTION AND PREVENTION
Fraud prevention processes, policies and controls are designed to stop fraud before it occurs. Our fraudteam can design a fraud detection and prevention plan that will help you:
Segregate duties
Create a process of checks & balances
Develop a procedure manual
Perform an independent audit
Perform an overall weakness assessment
Develop a conflict of interest policy
Here are some of the services and tools you have access to with the Brown Smith Wallace fraud team.
Fraud Risk Assessments
Fraud Investigations
Fraud Prevention Review
Continuous Monitoring Programs
Fraud Diagnostic Tools
- Anti-Corruption Fraud Prevention Toolkit
- Fraud Detection & Prevention Toolkit
- Fraud Prevention Checkup
DATA ANALYSIS
If suspicious activity is occurring in your business, call on the Brown Smith Wallace data analysis team.We utilize powerful data analysis tools such as ACL, Microsoft Access and optical character recognitionsoftware, etc., to help gather data and perform detailed analysis. Our data analysis professionals willenable you to see who is accessing files, how the information is being manipulated, what information isbeing recorded, etc.
As an exampleAs an example: Our team was able to detect a fraud in which engineering managers were booking costs toclosed projects while receiving bonuses for bringing current projects in under budget. Analyzing the dataprovided the proof that the suspicions were correct and the disclosure put a stop to the activity.
Fraud & IT Forensics
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
36/74
ST. LOUIS, MO | ST. CHARLES, MO | HIGHLAND, IL314.983.1200 | 636.255.3000 | [email protected] | WWW.BSWLLC.COM
Contact Don Mitchell, CPA, CFE at 314.983.1248, [email protected] | Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Crat 314.983.1259, [email protected] | Ron Schmittling, CPA, CITP, CISA, CIA at 314.983.1398, [email protected]
COMPUTER FORENSICS
The extent of our digital society is requiring you to have the ability to investigate suspicious activity found
on computers. IT risks range from financial fraud to hackers gaining access to your data.
IT forensics is the process of recovering and analyzing deleted, cached and hidden data from IT equip-ment. Our professional IT forensics team has the ability to analyze a wide range of devices from laptops tomainframes. Our services include:
Forensic Incident Response
Forensic Litigation Support
Incident Report Process Improvement
When you engage Brown Smith Wallace to investigate suspicious computer activity, our computer
forensics investigation follows a very specific eight step process:
FRAUD & FORENSIC EIGHT STEP PROCESS
1) Determine what your management knows and what they have uncovered
2) Quarantine the equipment
3) Engage an attorney and put the suspect(s) on leave of absence
4) Determine the nature of the fraud
5) Determine how much historical investigation is required
6) Investigate receipts, payroll, inventory, vendors and anything suspicious
7) Prepare a report to be presented to your management team
8) Implement the recommendations
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
37/74
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
Contact Don Mitchell, CPA, CFE at 314.983.1248, [email protected] | Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Cr.Fat 314.983.1259, [email protected] | Ron Schmittling, CPA, CITP, CISA, CIA at 314.983.1398, [email protected]
The pervasiveness and cost of corporate fraud, employee misappropriation of assets and financial statementabuse is a huge problem in American business today. Because of the nature of corporate fraud, companiesneed an expert specifically trained with experience in investigation, detection, quantification and
prevention techniques to thwart fraud.
Our team of experienced and credentialed forensic accountants have a proven track record and can helpyou prevent and investigate fraudulent activity.
DETECTION AND PREVENTION
Fraud prevention processes, policies and controls are designed to stop fraud before it occurs. Our fraudteam can design a fraud detection and prevention plan that will help you:
Segregate duties
Create a process of checks & balances
Develop a procedure manual
Perform an independent audit
Perform an overall weakness assessment
Develop a conflict of interest policyHere are some of the services and tools you have access to with the Brown Smith Wallace fraud team.
Fraud Risk Assessments
Fraud Investigations
Fraud Prevention Review
Continuous Monitoring Programs
Fraud Diagnostic Tools
- Anti-Corruption Fraud Prevention Toolkit
- Fraud Detection & Prevention Toolkit
- Fraud Prevention Checkup
DATA ANALYSIS
If suspicious activity is occurring in your business, call on the Brown Smith Wallace data analysis team.We utilize powerful data analysis tools such as ACL, Microsoft Access and optical character recognitionsoftware, etc., to help gather data and perform detailed analysis. Our data analysis professionals willenable you to see who is accessing files, how the information is being manipulated, what information isbeing recorded, etc.
As an example: Our team was able to detect a fraud in which engineering managers were booking costs toclosed projects while receiving bonuses for bringing current projects in under budget. Analyzing the dataprovided the proof that the suspicions were correct and the disclosure put a stop to the activity.
Fraud & IT Forensics
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
38/74
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL 314.983.1200 | 636.255.3000 | 618.654.3100
[email protected] | 888.279.2792 |WWW.BSWLLC.COM
The pervasiveness and cost of corporate fraud, employee misappropriation of assets and financial statementabuse is a huge problem in American business today. Because of the nature of corporate fraud, companiesneed an expert specifically trained with experience in investigation, detection, quantification andprevention techniques to thwart fraud.
Our team of experienced and credentialed forensic accountants have a proven track record and can helpyou prevent and investigate fraudulent activity.
DETECTION AND PREVENTION
Fraud prevention processes, policies and controls are designed to stop fraud before it occurs. Our fraudteam can design a fraud detection and prevention plan that will help you:
Segregate duties
Create a process of checks & balances
Develop a procedure manual
Perform an independent audit
Perform an overall weakness assessment
Develop a conflict of interest policy
Here are some of the services and tools you have access to with the Brown Smith Wallace fraud team.
Fraud Risk Assessments
Fraud Investigations
Fraud Prevention Review
Continuous Monitoring Programs
Fraud Diagnostic Tools
- Anti-Corruption Fraud Prevention Toolkit
- Fraud Detection & Prevention Toolkit
- Fraud Prevention Checkup
DATA ANALYSIS
If suspicious activity is occurring in your business, call on the Brown Smith Wallace data analysis team.We utilize powerful data analysis tools such as ACL, Microsoft Access and optical character recognitionsoftware, etc., to help gather data and perform detailed analysis. Our data analysis professionals willenable you to see who is accessing files, how the information is being manipulated, what information isbeing recorded, etc.
As an exampleAs an example: Our team was able to detect a fraud in which engineering managers were booking costs toclosed projects while receiving bonuses for bringing current projects in under budget. Analyzing the dataprovided the proof that the suspicions were correct and the disclosure put a stop to the activity.
Fraud & IT Forensics
Contact Ted Flom CPA, CISA, CIA, at 314.983.1294, [email protected] orTony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, [email protected].
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
39/74
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
Whether you are taking preventative measures or not, there is always the possibility that fraud may occur.Because many fraudsters take extreme precautions to cover their tracks, and their actions are sometimesmore widespread than anticipated, it is often difficult to determine the nature of the fraud, the parties
involved, and the estimate of how much was taken from your organization. Therefore, once fraud hasoccurred, a thorough investigation is critical to determine exactly what happened, the parties involved andhow much was taken.
Our Fraud Investigation and Quantification team has the tools and the experience necessary forconducting a fraud investigation and quantifying losses so you can take appropriate steps to make yourorganization whole again.
Fraud Investigation & Quantificatio
Contact Ted Flom CPA, CISA, CIA, at 314.983.1294, [email protected] orTony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, [email protected].
Computer ForensicsOur computer forensic team is a dedicated team
of specialists who collect, analyze and interpret
information relevant to an investigation.
A critical component in virtually every internalinvestigation or litigation matter is electronic
financial data.
Forensic Accounting & InvestigationOur team is composed of experts in forensic accounting
and investigation. We are capable and experienced at
working with company management, attorneys and law
enforcement to investigate potential fraud. Our techniques
include analyzing, reviewing, and testing accounting
records and controls as well as interviewing employees.
Fraud Data AnalysisOur trained and certified professionals search
for and identify patterns or irregularities
indicative of fraud, which are beneficial as part of a
larger fraud investigation or as a stand-alone
engagement.
Quantification of DamagesBesides determining how fraud was perpetrated, it is
equally important to determine how much was taken.
To recover lost funds, each company must be able
to prove to the trier of fact how much was taken.
Insurance Claims AssistanceOur team provides assistance to the vitim compa-
ny by performing an analysis of the activities and
quantification of the fraudsters illicit acts. The findings
of our team are then documented in a report specialized
to meet your insurance and companys specifications.
Expert TestimonyOur professionals frequently assist legal counsel in
internal investigations and litigation/prosecution
involving complex financial transactions. We are hired not
only for our analytical knowledge and skill, but our ability
to credibly testify and defend our opinions and findings.
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
40/74
ST. LOUIS, MO | ST. CHARLES, MO | GLEN CARBON, IL
314.983.1200 | 636.255.3000 | [email protected] | 888.279.2792 |WWW.BSWLLC.COM
Fraud is pervasive in the world today and every industry is affected. It is critical that organizations establishan anti-fraud culture that emphasizes fraud prevention and detection through executive leadership, policy,training, understanding fraud risks and monitoring/auditing for fraud. Any organization that does not prop-
erly implement fraud prevention and detection controls places itself at great risk.
Our Fraud Prevention & Detection solutions focus on preventing fraud before it occurs and detectingfraud in its early stages. We offer several solutions which can be tailored to fit any organizations particularneeds.
Fraud Prevention & Detection
Contact Ted Flom CPA, CISA, CIA, at 314.983.1294, [email protected] orTony Munns, FBCS, CITP, CIRM, CISA at 314.983.1297, [email protected].
Anti-Corruption ProgramsA proven methodology designed to provide a logical
approach to ensure appropriate controls are in place
to prevent, detect and respond to corruption activity.
Audits & Internal Control AssessmentsIt is essential that duties are segregated and that
controls are in place within your processes so
that opportunities to commit fraud are limited.
Code of Conduct/Anti-Fraud PolicyA key to effective fraud prevention is a code of
conduct and/or anti-fraudpolicy that lays out clear
guidances as to permitted/prohibited behavior
and actions.
Ethics Hotline/TrainingProviding individuals a means to reportsuspicious activity and conducting targeted fraud
awareness training for employees and managers.
Fraud Data MonitoringAn approach used by leading companies to
highlight exceptions and anomalies to help
prevent or detect fraudulent activity through
the continuous or periodic analysis of data.
Fraud Prevention Check-upFraud prevention check-ups can be a quick and
cost-effective way for you to evaluate whether your
company is properly addressing fraud prevention.
Fraud Risk AssessmentTaking a proactive approach to understanding and
systematically identifying where and how fraud may
occur and who may be in a position to commit fraud.
Policy and Procedure AssistancePolicies and procedures are an importantway to ensure an organization has the right
practices in place to prevent fraud. Management must
clearly communicate such practices to employees.
-
7/21/2019 1 Entire Universe Binder 01 02.5.14
41/74
Contact Donna Beck Smith, CPA/ABV/CFF, CVA, ASA, Cr.FA. at 314.983.1259, [email protected] orRyan Hauber, MBA, CFE at 314.983.1317, [email protected].
The pervasiveness and cost of corporate fraud, employee misappropriation of assets and financial statementabuse is a huge problem in American business today. Because of the nature of corporate fraud, companiesneed an expert specifically trained with experience in investigation, detection, quantification and
prevention techniques to thwart fraud.
Our team of experienced and credentialed forensic accountants have a proven track record and can helpyou prevent and investigate fraudulent activity.
DETECTION AND PREVENTION
Fraud prevention processes, policies and controls are designed to stop fraud before it occurs. Our fraudteam can design a fraud detection and prevention plan that will help you:
Segregate duties
Create a process of checks & balances
Develop a procedure manual
Perform an independent audit
Perform an overall weakness assessment
Develop a conflict of interest policyHere are some of the services and tools you have access to with the Brown Smith Wallace fraud team.
Fraud Risk Assessments
Fraud Investigations
Fraud Prevention Review
Continuous Monitoring Programs
Fraud Diagnostic Tools
- Anti-Corruption Fraud Prevention Toolkit
- Fraud Detection & Prevention Toolkit
- Fraud Prevention Checkup
DATA ANALYSIS
If suspicious activity is occurring in your business, call on the Brown Smith Wallace data analysis team.We utilize powerful data analysis tools such as ACL, Microsoft Access and optical character recognitionsoftware, etc., to help gather data and perform detailed analysis. Our data analysis professionals willenable you to see who is accessing files, how the information is being manipulated, what information isbeing recorded, etc.
As an example: Our team was able to detect a fraud in which engineering managers were booking costs toclosed projects while receiving bonuses for bringing current projects in under budget. Analyzing the dataprovided the proof that the suspicions were correct and the disclosure put a stop to the acti