Security & Privacy Services
Capabilities Overview
December 19, 2008
Ron Schmittling, CPA.CITP, CISA, CIA
314.983.1398 | rschmittling@bswllc.com
1050 N. Lindbergh Blvd | St. Louis, Missouri 63132 | 314.983.1200 | www.bswllc.com
© 2008 Brown Smith Wallace All Rights Reserved

Introduction to Brown Smith Wallace
Celebrating our 36th year
6th largest p o ess o a se v ces firm in St. Louis
a ges professional services S . ou s
2nd largest locally based firm in Missouri
Fastest growing firm in the Midwest per Practical Accountant magazine
41% in 2005
16% in 2006
11% in 2007
200+ professionals and growing
Risk Services (Internal Audit) practice has 31 professionals and is
growing
Independent firm associated with Moore Stephens International
Top 10 of all professional services firms
$600 Million i R
Milli in Revenue, 34 d domestic fi
i firms
$1.35 Billion in Revenue, 540 offices, 93 countries
Diverse service mix and expanding
Energized firm with a focus on quality and client service
1 © 2008 Brown Smith Wallace All Rights Reserved

Why Clients Ch
Wh Cli t Choose U
Us
Our Experience in Providing Internal Audit Services: Our firm and the Risk Services team has
substantial experience providing internal audit and Sarbanes-Oxley services. Our practice leadership
has the technical
h th t h i l competencies, experience and client service attitude necessary t b successful i
t i i d li t i ttit d to be f l in
today’s professional services market. Each leads a team of professionals that focuses their efforts on
the operational/financial and technology risk of a business. The experience of our professionals is a
true differentiating factor for our firm and a refreshing change from the traditional public accounting
delivery model. Our clients appreciate this distinction. We do not believe our clients should pay to train
our senior and staff auditors.
Unequalled Technology Risk Resources: At Brown Smith Wallace, we have a full spectrum
technology audit team with specialist capabilities in all technical competencies. An effective technology
audit team is a function of leadership, experience, expertise and depth. In our experience, no other firm
(Big Four and non-Big Four) in St. Louis has a comparable level of these attributes. This is why Brown
Smith Wallace is the recognized leader in providing technology audit and Sarbanes-Oxley services to
St. Louis-based companies.
Integrated Approach - Our Risk Services practice takes an integrated (financial, operational and
technology) approach to helping clients evaluate and manage business risk, improve processes and
internal controls and comply with the provisions of Sarbanes-Oxley. Most of our competitors approach
financial/operational and technology audits as separate efforts. This is primarily because they do not
have the depth of technical resources nor do they recognize the significant dependencies between
people, process and technology. We believe our integrated approach provides the appropriate
perspective and adds value t th audits we conduct f our clients.
ti d dd l to the dit d t for li t
2 © 2008 Brown Smith Wallace All Rights Reserved

Why Clients Ch
Wh Cli t Choose U
Us
Ability to Provide Resources When Needed - Brown Smith Wallace has the depth and breadth of
resources and the project management expertise to effectively scale to meet your needs. Our team of
30 professionals, and growing, will b made available t support th engagement needs. W utilize our
f i l d i ill be d il bl to t the t d We tili
own professional staff to support the needs of the engagement as contractors can dilute the quality of
services provided and often times contribute to project management difficulties.
International Affiliation and Network – To serve our clients with a broad range of services in a wider
geographical area, the firm is a member of Moore Stephens International Limited, a global network of
independently owned accounting and business advisory firms The network is now one of the leading
firms.
international accounting and consulting groups outside the Big Four, comprising approximately 600
offices in 93 countries worldwide and more than 17,000 professionals. We frequently work with clients
with international operations and often serve these clients through a teaming approach with our local
Moore Stephens affiliates. We’ve conducted projects in over 15 countries over the last two years.
High Quality Deliverables, O Ti
Hi h Q lit D li bl On-Time and Withi B d t A i t
d Within Budget: An internal audit relationship requires
l dit l ti hi i
strong project management and effective communication, given the magnitude of the effort, complexity
and the need to manage costs. The active involvement of our senior team is key to being able to
deliver on that objective. Our approach to continuous client communication includes frequent status
updates, validation of results and consultation regarding decisions that need to be made. We are well
known for our project management discipline, which enables us to complete projects within budget
while meeting client expectations.
g p
3 © 2008 Brown Smith Wallace All Rights Reserved

Why Clients Ch
Wh Cli t Choose U
Us
Professional Service Firm Grounded in Client Satisfaction: Brown Smith Wallace has a long
standing reputation for providing exceptional client service. Our Risk Services practice has been built
with ex Big Four management (Arthur Andersen and KPMG) and experienced professional staff We
ex-Big staff.
recognize the need for a professional service firm focused on providing clients with the service-level
and value they deserve. We do this by recognizing what is important to a client: meeting deadlines;
timely communication; responsiveness to requests; not over committing resources or capabilities; and
over delivering. Client satisfaction is our history and it is our foundation.
A Focus on Adding Value - It is our responsibility to maximize the value you receive when you hire
Brown S ith W ll
B Smith Wallace. S Some view i t
i internal audit as a compliance f
l dit li function. W recognize th need f
ti We i the d for
compliance, but we also understand the positive impact our role can have on the organization. This
experience further enables us to help clients reduce hours by focusing efforts on areas of greatest risk
and opportunity…we focus on “what is important.” In addition, our involvement of subject matter
experts where appropriate, and a methodology focused on efficiency and process improvement, allows
us to deliver our services efficiently while helping you realize value from the effort.
Big Four Quality and Experience For Non-Big Four Fees: Several Brown Smith Wallace
professionals have joined our firm during the past two years from the Big Four or as key leaders of their
internal audit group and Sarbanes-Oxley projects. This experience enables us to help clients reduce
hours by focusing efforts on areas of greatest risk and opportunity. Our ability to bring resources and a
methodology focused on efficiency and process improvement allows us to deliver our services
efficiently while helping you realize value from the effort.
100% Client Retention: We are very proud of our record of 100% client retention of internal audit co-
sourcing and outsourcing relationships. We believe that the attributes listed above are key ingredients
to our strong service provider/client relationships. And we are constantly striving to maintain this
unblemished record.
4 © 2008 Brown Smith Wallace All Rights Reserved

Security & Privacy Services
Information Information
Cybercrime & Incident Privacy & Data Security
Information Security Payment Card Risk Response Protection Compliance
Security Risk PCI Compliance Digital Forensics –Non- Data Privacy Attestation/Agreed
Assessments GAP Assessments Litigation Services Services (AICPA Upon Procedures
Certification)
External Network PCI Merchant Digital Forensics – HIPAA Privacy and
Penetration Studies Compliance Litigation Support Data Privacy Security
Services Services Compliance
Internal Network ISO 17799, 27001,
(Industry, Federal
Vulnerability PCI Card Processor Electronic Data 27002
& State)
Assessments Compliance Discovery Planning, Assessments
Reviews Analysis, Timeline ID Theft
Network Security FFIEC Security
Construction, and Prevention and
Controls Reviews PCI Data Hosting
g Assessments and
Damage Assessment Response
Provider Compliance Compliance
Wireless Security
Email Extraction and Data Protection
ATM Network SOX Security
Web Application Reconstruction GAP Assessments
Compliance Readiness and
Security & Pen Tests
Data Recovery Data Protection Testing
TG-3 Network
CISO as you Grow Strategy, Design
gy, g
Security Reviews for Expert Testimony FDIC Reviews
Social Engineering and
STAR, NYCE and Incident Response GLBA Assessments
Implementation
SMB Security Pulse ATM networks GAP Assessment ITIL Standard
Reviews
Incident Response Reviews
VOIP Assessments Strategy, Design & Web Trust & Sys
Implementation
Il t ti Trust Certifications
Emergency Incident
Response Team
5 © 2008 Brown Smith Wallace All Rights Reserved

Security & Privacy Methodology
The External Penetration Test and Internal Vulnerability Assessment should be kept in perspective; security is a process and cannot
be achieved through a single risk assessment. Security must be designed, implemented, and managed seamlessly from a full
enterprise perspective to ensure the continued success of your organization’s business operations. The biggest issue for most
organizations is the absence of a comprehensive enterprise security strategy to provide the level of protection required for diverse
information systems and networks.
To the right is the Brown Smith Wallace Information Security Methodology. The
methodology provides a thorough framework that enables organizations to
effectively assess, design, implement and maintain comprehensive, effective,
y g p p
enterprise-wide information security programs. Strong security policies,
standards, procedures and metrics are incorporated; security management is
enhanced by the framework and measurement criteria it provides.
An information security assessment will provide a targeted and focused analysis
of the overall systems environment. The purpose of this assessment is to inform
of any potential vulnerability and recommend appropriate safeguards within the
external network security architecture. Additionally, the results can be used to
provide a baseline of information systems security for ongoing security
monitoring.
Our engagement Partners and Principals are heavily involved in the project management and quality assurance
gg p y pj g q y
reviews of our engagements. We employ strict project management discipline through the use of project plans,
budget to actual analyses, and on-going status reporting. This discipline is critical to ensuring the timely and
cost-effective completion of a project of this size and complexity. We take great pride in the fact that our
engagements typically come in under budget and our deliverables are of very high quality. This is the result of:
• Project management discipline;
• The on-going and active involvement of our Partners/Principals in the review of project deliverables and the
management of the project; and
• Experience and quality of our staff.
6 © 2008 Brown Smith Wallace All Rights Reserved

Risk Services – Our People
The table below summarizes the background/experience of the Brown Smith Wallace Risk Services team members.
Our team consists of professionals 100% dedicated to the Risk Services practice.
Discipline/Professional Industry Public Both Total
Financial/Operational
Partner 1 1
Principal/Manager 3 3
Supervisor/Senior 4 3 7
Staff 3 3
Total Financial/Operational 4 4 6 14
Technology
hl
Partner 1 1
Principal/Manager 2 1 2 5
Supervisor/Senior 2 1 4 7
Staff
ff 3 1 4
Total Technology 4 5 8 17
Total Risk Services Professionals 8 9 14 31
7 © 2008 Brown Smith Wallace All Rights Reserved

Clients Across the U S A
U.S.A.
8 © 2008 Brown Smith Wallace All Rights Reserved

Risk Services – Cli t
Ri k S i Clients
At Brown Smith Wallace we have built an impressive list of St. Louis-based publicly-traded and large privately held
clients, including this partial list. While our client information is strictly confidential, these current clients have given us
p
permission to use them as references.
9 © 2008 Brown Smith Wallace All Rights Reserved

Risk Services – Clients Cont.
Lutheran Church Extension Fund
10 © 2008 Brown Smith Wallace All Rights Reserved